Merge "Improve os-federation docs"
This commit is contained in:
commit
4a8298d5b8
|
@ -65,7 +65,7 @@ Identity Providers
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
/OS-FEDERATION/identity_providers
|
/v3/OS-FEDERATION/identity_providers
|
||||||
|
|
||||||
An Identity Provider (IdP) is a third party service that is trusted by the
|
An Identity Provider (IdP) is a third party service that is trusted by the
|
||||||
Identity API to authenticate identities.
|
Identity API to authenticate identities.
|
||||||
|
@ -97,7 +97,7 @@ Protocols
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
/OS-FEDERATION/identity_providers/{idp_id}/protocols
|
/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols
|
||||||
|
|
||||||
A protocol entry contains information that dictates which mapping rules to use
|
A protocol entry contains information that dictates which mapping rules to use
|
||||||
for a given incoming request. An IdP may have multiple supported protocols.
|
for a given incoming request. An IdP may have multiple supported protocols.
|
||||||
|
@ -114,7 +114,7 @@ Mappings
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
/OS-FEDERATION/mappings
|
/v3/OS-FEDERATION/mappings
|
||||||
|
|
||||||
A ``mapping`` is a set of rules to map federation protocol attributes to
|
A ``mapping`` is a set of rules to map federation protocol attributes to
|
||||||
Identity API objects. An Identity Provider can have a single ``mapping``
|
Identity API objects. An Identity Provider can have a single ``mapping``
|
||||||
|
@ -230,7 +230,7 @@ Required attributes:
|
||||||
<http://docs.python.org/2/library/re.html>`__ search against the remote
|
<http://docs.python.org/2/library/re.html>`__ search against the remote
|
||||||
attribute ``type``.
|
attribute ``type``.
|
||||||
|
|
||||||
The ``blacklist`` and ``whitelist`` rules are always used in conjuction with
|
The ``blacklist`` and ``whitelist`` rules are always used in conjunction with
|
||||||
``type``.
|
``type``.
|
||||||
|
|
||||||
- ``blacklist`` (list of strings)
|
- ``blacklist`` (list of strings)
|
||||||
|
@ -252,7 +252,7 @@ Service Providers
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
/OS-FEDERATION/service_providers
|
/v3/OS-FEDERATION/service_providers
|
||||||
|
|
||||||
A service provider is a third party service that is trusted by the Identity
|
A service provider is a third party service that is trusted by the Identity
|
||||||
Service.
|
Service.
|
||||||
|
@ -299,7 +299,7 @@ to ``ss:mem:``.
|
||||||
Register an Identity Provider
|
Register an Identity Provider
|
||||||
=============================
|
=============================
|
||||||
|
|
||||||
.. rest_method:: PUT /OS-FEDERATION/identity_providers/{idp_id}
|
.. rest_method:: PUT /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||||
|
|
||||||
Normal response codes: 201
|
Normal response codes: 201
|
||||||
Error response codes: 409
|
Error response codes: 409
|
||||||
|
@ -320,7 +320,7 @@ Response Example
|
||||||
List identity providers
|
List identity providers
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/identity_providers
|
.. rest_method:: GET /v3/OS-FEDERATION/identity_providers
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -334,7 +334,7 @@ Response Example
|
||||||
Get Identity provider
|
Get Identity provider
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/identity_providers/{idp_id}
|
.. rest_method:: GET /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -348,7 +348,7 @@ Response Example
|
||||||
Delete identity provider
|
Delete identity provider
|
||||||
========================
|
========================
|
||||||
|
|
||||||
.. rest_method:: DELETE /OS-FEDERATION/identity_providers/{idp_id}
|
.. rest_method:: DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||||
|
|
||||||
When an identity provider is deleted, any tokens generated by that identity
|
When an identity provider is deleted, any tokens generated by that identity
|
||||||
provider will be revoked.
|
provider will be revoked.
|
||||||
|
@ -359,7 +359,7 @@ Normal response codes: 204
|
||||||
Update identity provider
|
Update identity provider
|
||||||
========================
|
========================
|
||||||
|
|
||||||
.. rest_method:: PATCH /OS-FEDERATION/identity_providers/{idp_id}
|
.. rest_method:: PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||||
|
|
||||||
When an identity provider is disabled, any tokens generated by that identity
|
When an identity provider is disabled, any tokens generated by that identity
|
||||||
provider will be revoked.
|
provider will be revoked.
|
||||||
|
@ -383,7 +383,7 @@ Response Example
|
||||||
Add a protocol and attribute mapping to an identity provider
|
Add a protocol and attribute mapping to an identity provider
|
||||||
============================================================
|
============================================================
|
||||||
|
|
||||||
.. rest_method:: PUT /OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
|
.. rest_method:: PUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
|
||||||
|
|
||||||
Normal response codes: 201
|
Normal response codes: 201
|
||||||
|
|
||||||
|
@ -403,7 +403,7 @@ Response Example
|
||||||
List all protocol and attribute mappings of an identity provider
|
List all protocol and attribute mappings of an identity provider
|
||||||
================================================================
|
================================================================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/identity_providers/{idp_id}/protocols
|
.. rest_method:: GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -417,7 +417,7 @@ Response Example
|
||||||
Get a protocol and attribute mapping for an identity provider
|
Get a protocol and attribute mapping for an identity provider
|
||||||
=============================================================
|
=============================================================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
|
.. rest_method:: GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -431,7 +431,7 @@ Response Example
|
||||||
Update the attribute mapping for an identity provider and protocol
|
Update the attribute mapping for an identity provider and protocol
|
||||||
==================================================================
|
==================================================================
|
||||||
|
|
||||||
.. rest_method:: PATCH /OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
|
.. rest_method:: PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -451,7 +451,7 @@ Response Example
|
||||||
Delete a protocol and attribute mapping from an identity provider
|
Delete a protocol and attribute mapping from an identity provider
|
||||||
=================================================================
|
=================================================================
|
||||||
|
|
||||||
.. rest_method:: DELETE /OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
|
.. rest_method:: DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}
|
||||||
|
|
||||||
Normal response codes: 204
|
Normal response codes: 204
|
||||||
|
|
||||||
|
@ -461,7 +461,7 @@ Normal response codes: 204
|
||||||
Create a mapping
|
Create a mapping
|
||||||
================
|
================
|
||||||
|
|
||||||
.. rest_method:: PUT /OS-FEDERATION/mappings/{mapping_id}
|
.. rest_method:: PUT /v3/OS-FEDERATION/mappings/{mapping_id}
|
||||||
|
|
||||||
Normal response codes: 201
|
Normal response codes: 201
|
||||||
|
|
||||||
|
@ -481,7 +481,7 @@ Response Example
|
||||||
Get a mapping
|
Get a mapping
|
||||||
=============
|
=============
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/mappings/{mapping_id}
|
.. rest_method:: GET /v3/OS-FEDERATION/mappings/{mapping_id}
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -495,7 +495,7 @@ Response Example
|
||||||
Update a mapping
|
Update a mapping
|
||||||
================
|
================
|
||||||
|
|
||||||
.. rest_method:: PATCH /OS-FEDERATION/mappings/{mapping_id}
|
.. rest_method:: PATCH /v3/OS-FEDERATION/mappings/{mapping_id}
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -515,7 +515,7 @@ Response Example
|
||||||
List all mappings
|
List all mappings
|
||||||
=================
|
=================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/mappings
|
.. rest_method:: GET /v3/OS-FEDERATION/mappings
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -529,7 +529,7 @@ Response Example
|
||||||
Delete a mapping
|
Delete a mapping
|
||||||
================
|
================
|
||||||
|
|
||||||
.. rest_method:: DELETE /OS-FEDERATION/mappings/{mapping_id}
|
.. rest_method:: DELETE /v3/OS-FEDERATION/mappings/{mapping_id}
|
||||||
|
|
||||||
Normal response codes: 204
|
Normal response codes: 204
|
||||||
|
|
||||||
|
@ -539,7 +539,7 @@ Normal response codes: 204
|
||||||
Register a Service Provider
|
Register a Service Provider
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
.. rest_method:: PUT /OS-FEDERATION/service_providers/{sp_id}
|
.. rest_method:: PUT /v3/OS-FEDERATION/service_providers/{sp_id}
|
||||||
|
|
||||||
Normal response codes: 201
|
Normal response codes: 201
|
||||||
Error response codes: 400 Bad Request when registering a service provider with
|
Error response codes: 400 Bad Request when registering a service provider with
|
||||||
|
@ -561,7 +561,7 @@ Response Example
|
||||||
Listing Service Providers
|
Listing Service Providers
|
||||||
=========================
|
=========================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/service_providers
|
.. rest_method:: GET /v3/OS-FEDERATION/service_providers
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -575,7 +575,7 @@ Response Example
|
||||||
Get Service Provider
|
Get Service Provider
|
||||||
====================
|
====================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/service_providers/{sp_id}
|
.. rest_method:: GET /v3/OS-FEDERATION/service_providers/{sp_id}
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -589,7 +589,7 @@ Response Example
|
||||||
Delete Service Provider
|
Delete Service Provider
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
.. rest_method:: DELETE /OS-FEDERATION/service_providers/{sp_id}
|
.. rest_method:: DELETE /v3/OS-FEDERATION/service_providers/{sp_id}
|
||||||
|
|
||||||
Normal response codes: 204
|
Normal response codes: 204
|
||||||
|
|
||||||
|
@ -597,7 +597,7 @@ Normal response codes: 204
|
||||||
Update Service Provider
|
Update Service Provider
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
.. rest_method:: PATCH /OS-FEDERATION/service_providers/{sp_id}
|
.. rest_method:: PATCH /v3/OS-FEDERATION/service_providers/{sp_id}
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
Error response codes: 400 Bad Request when updating a service provider with
|
Error response codes: 400 Bad Request when updating a service provider with
|
||||||
|
@ -624,7 +624,7 @@ Response Example
|
||||||
List projects a federated user can access
|
List projects a federated user can access
|
||||||
=========================================
|
=========================================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/projects
|
.. rest_method:: GET /v3/OS-FEDERATION/projects
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -646,7 +646,7 @@ Response Example
|
||||||
List domains a federated user can access
|
List domains a federated user can access
|
||||||
========================================
|
========================================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/domains
|
.. rest_method:: GET /v3/OS-FEDERATION/domains
|
||||||
|
|
||||||
Normal response codes: 200
|
Normal response codes: 200
|
||||||
|
|
||||||
|
@ -670,7 +670,7 @@ Response Example
|
||||||
Request an unscoped OS-FEDERATION token
|
Request an unscoped OS-FEDERATION token
|
||||||
=======================================
|
=======================================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/identity_providers/{identity_provider}/protocols/{protocol}/auth
|
.. rest_method:: GET /v3/OS-FEDERATION/identity_providers/{identity_provider}/protocols/{protocol}/auth
|
||||||
|
|
||||||
A federated ephemeral user may request an unscoped token, which can be used to
|
A federated ephemeral user may request an unscoped token, which can be used to
|
||||||
get a scoped token.
|
get a scoped token.
|
||||||
|
@ -702,7 +702,7 @@ Response Example
|
||||||
Request a scoped OS-FEDERATION token
|
Request a scoped OS-FEDERATION token
|
||||||
====================================
|
====================================
|
||||||
|
|
||||||
.. rest_method:: POST /auth/tokens
|
.. rest_method:: POST /v3/auth/tokens
|
||||||
|
|
||||||
A federated user may request a scoped token, by using the unscoped token. A
|
A federated user may request a scoped token, by using the unscoped token. A
|
||||||
project or domain may be specified by either id or name. An id is sufficient to
|
project or domain may be specified by either id or name. An id is sufficient to
|
||||||
|
@ -727,7 +727,7 @@ Response Example
|
||||||
Web Single Sign On authentication (New in version 1.2)
|
Web Single Sign On authentication (New in version 1.2)
|
||||||
======================================================
|
======================================================
|
||||||
|
|
||||||
.. rest_method:: GET /auth/OS-FEDERATION/websso/{protocol}?origin=https%3A//horizon.example.com
|
.. rest_method:: GET /v3/auth/OS-FEDERATION/websso/{protocol}?origin=https%3A//horizon.example.com
|
||||||
|
|
||||||
For Web Single Sign On (WebSSO) authentication, users are expected to enter
|
For Web Single Sign On (WebSSO) authentication, users are expected to enter
|
||||||
another URL endpoint. Upon successful authentication, instead of issuing a
|
another URL endpoint. Upon successful authentication, instead of issuing a
|
||||||
|
@ -739,7 +739,7 @@ be included in the form being sent.
|
||||||
Web Single Sign On authentication (New in version 1.3)
|
Web Single Sign On authentication (New in version 1.3)
|
||||||
======================================================
|
======================================================
|
||||||
|
|
||||||
.. rest_method:: GET /auth/OS-FEDERATION/identity_providers/{idp_id}/protocol/{protocol_id}/websso?origin=https%3A//horizon.example.com
|
.. rest_method:: GET /v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocol/{protocol_id}/websso?origin=https%3A//horizon.example.com
|
||||||
|
|
||||||
In contrast to the above route, this route begins a Web Single Sign On request
|
In contrast to the above route, this route begins a Web Single Sign On request
|
||||||
that is specific to the supplied Identity Provider and Protocol. Keystone will
|
that is specific to the supplied Identity Provider and Protocol. Keystone will
|
||||||
|
@ -754,7 +754,7 @@ An unscoped federated token will be included in the form being sent.
|
||||||
Generate a SAML assertion
|
Generate a SAML assertion
|
||||||
=========================
|
=========================
|
||||||
|
|
||||||
.. rest_method:: POST /auth/OS-FEDERATION/saml2
|
.. rest_method:: POST /v3/auth/OS-FEDERATION/saml2
|
||||||
|
|
||||||
A user may generate a SAML assertion document based on the scoped token that is
|
A user may generate a SAML assertion document based on the scoped token that is
|
||||||
used in the request.
|
used in the request.
|
||||||
|
@ -788,7 +788,7 @@ For more information about how a SAML assertion is structured, refer to the
|
||||||
Generate an ECP wrapped SAML assertion
|
Generate an ECP wrapped SAML assertion
|
||||||
======================================
|
======================================
|
||||||
|
|
||||||
.. rest_method:: POST /auth/OS-FEDERATION/saml2/ecp
|
.. rest_method:: POST /v3/auth/OS-FEDERATION/saml2/ecp
|
||||||
|
|
||||||
A user may generate a SAML assertion document to work with the
|
A user may generate a SAML assertion document to work with the
|
||||||
*Enhanced Client or Proxy* (ECP) profile based on the scoped token that is
|
*Enhanced Client or Proxy* (ECP) profile based on the scoped token that is
|
||||||
|
@ -821,7 +821,7 @@ Response Example
|
||||||
Retrieve Metadata properties
|
Retrieve Metadata properties
|
||||||
============================
|
============================
|
||||||
|
|
||||||
.. rest_method:: GET /OS-FEDERATION/saml2/metadata
|
.. rest_method:: GET /v3/OS-FEDERATION/saml2/metadata
|
||||||
|
|
||||||
A user may retrieve Metadata about an Identity Service acting as an Identity
|
A user may retrieve Metadata about an Identity Service acting as an Identity
|
||||||
Provider.
|
Provider.
|
||||||
|
|
|
@ -5,13 +5,13 @@
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "37ef61",
|
"id": "37ef61",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/domains/37ef61"
|
"self": "http://example.com/identity/v3/domains/37ef61"
|
||||||
},
|
},
|
||||||
"name": "my domain"
|
"name": "my domain"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/domains",
|
"self": "http://example.com/identity/v3/OS-FEDERATION/domains",
|
||||||
"previous": null,
|
"previous": null,
|
||||||
"next": null
|
"next": null
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
Headers:
|
Headers:
|
||||||
Content-Type: text/xml
|
Content-Type: text/xml
|
||||||
X-sp-url: http://beta.example.com/Shibboleth.sso/POST/ECP
|
X-sp-url: http://beta.example.com/Shibboleth.sso/POST/ECP
|
||||||
X-auth-url: http://beta.example.com:5000/v3/OS-FEDERATION/identity_providers/beta/protocols/auth
|
X-auth-url: http://beta.example.com/identity/v3/OS-FEDERATION/identity_providers/beta/protocols/auth
|
||||||
|
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
<ns0:Envelope
|
<ns0:Envelope
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
"protocol": {
|
"protocol": {
|
||||||
"id": "saml2",
|
"id": "saml2",
|
||||||
"links": {
|
"links": {
|
||||||
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
|
"identity_provider": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
|
||||||
},
|
},
|
||||||
"mapping_id": "xyz234"
|
"mapping_id": "xyz234"
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
"protocol": {
|
"protocol": {
|
||||||
"id": "saml2",
|
"id": "saml2",
|
||||||
"links": {
|
"links": {
|
||||||
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
|
"identity_provider": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
|
||||||
},
|
},
|
||||||
"mapping_id": "xyz234"
|
"mapping_id": "xyz234"
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,8 +5,8 @@
|
||||||
"enabled": false,
|
"enabled": false,
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
|
"protocols": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -2,14 +2,14 @@
|
||||||
"links": {
|
"links": {
|
||||||
"next": null,
|
"next": null,
|
||||||
"previous": null,
|
"previous": null,
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols"
|
||||||
},
|
},
|
||||||
"protocols": [
|
"protocols": [
|
||||||
{
|
{
|
||||||
"id": "saml2",
|
"id": "saml2",
|
||||||
"links": {
|
"links": {
|
||||||
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
|
"identity_provider": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
|
||||||
},
|
},
|
||||||
"mapping_id": "xyz234"
|
"mapping_id": "xyz234"
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
|
"protocols": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -16,14 +16,14 @@
|
||||||
"enabled": false,
|
"enabled": false,
|
||||||
"id": "ACME-contractors",
|
"id": "ACME-contractors",
|
||||||
"links": {
|
"links": {
|
||||||
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors/protocols",
|
"protocols": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME-contractors/protocols",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME-contractors"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"links": {
|
"links": {
|
||||||
"next": null,
|
"next": null,
|
||||||
"previous": null,
|
"previous": null,
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -5,8 +5,8 @@
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
|
"protocols": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -2,8 +2,8 @@
|
||||||
"protocol": {
|
"protocol": {
|
||||||
"id": "saml2",
|
"id": "saml2",
|
||||||
"links": {
|
"links": {
|
||||||
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
|
"identity_provider": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
|
||||||
},
|
},
|
||||||
"mapping_id": "xyz234"
|
"mapping_id": "xyz234"
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,8 +5,8 @@
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
|
"protocols": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols",
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -2,7 +2,7 @@
|
||||||
"mapping": {
|
"mapping": {
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/mappings/ACME"
|
||||||
},
|
},
|
||||||
"rules": [
|
"rules": [
|
||||||
{
|
{
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"mapping": {
|
"mapping": {
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/mappings/ACME"
|
||||||
},
|
},
|
||||||
"rules": [
|
"rules": [
|
||||||
{
|
{
|
||||||
|
|
|
@ -2,13 +2,13 @@
|
||||||
"links": {
|
"links": {
|
||||||
"next": null,
|
"next": null,
|
||||||
"previous": null,
|
"previous": null,
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/mappings"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/mappings"
|
||||||
},
|
},
|
||||||
"mappings": [
|
"mappings": [
|
||||||
{
|
{
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/mappings/ACME"
|
||||||
},
|
},
|
||||||
"rules": [
|
"rules": [
|
||||||
{
|
{
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"mapping": {
|
"mapping": {
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/mappings/ACME"
|
||||||
},
|
},
|
||||||
"rules": [
|
"rules": [
|
||||||
{
|
{
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "12d706",
|
"id": "12d706",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/projects/12d706"
|
"self": "http://example.com/identity/v3/projects/12d706"
|
||||||
},
|
},
|
||||||
"name": "a project name"
|
"name": "a project name"
|
||||||
},
|
},
|
||||||
|
@ -14,13 +14,13 @@
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "9ca0eb",
|
"id": "9ca0eb",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/projects/9ca0eb"
|
"self": "http://example.com/identity/v3/projects/9ca0eb"
|
||||||
},
|
},
|
||||||
"name": "another project"
|
"name": "another project"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/projects",
|
"self": "http://example.com/identity/v3/OS-FEDERATION/projects",
|
||||||
"previous": null,
|
"previous": null,
|
||||||
"next": null
|
"next": null
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
Headers:
|
Headers:
|
||||||
Content-Type: text/xml
|
Content-Type: text/xml
|
||||||
X-sp-url: http://beta.example.com/Shibboleth.sso/POST/ECP
|
X-sp-url: http://beta.example.com/Shibboleth.sso/POST/ECP
|
||||||
X-auth-url: http://beta.example.com:5000/v3/OS-FEDERATION/identity_providers/beta/protocols/auth
|
X-auth-url: http://beta.example.com/identity/v3/OS-FEDERATION/identity_providers/beta/protocols/auth
|
||||||
|
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xmldsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="http://beta.example.com/Shibboleth.sso/POST/ECP" ID="818dee98a5d44a238ae3038d26cbebb6" IssueInstant="2015-05-27T13:23:48Z" Version="2.0">
|
<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xmldsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="http://beta.example.com/Shibboleth.sso/POST/ECP" ID="818dee98a5d44a238ae3038d26cbebb6" IssueInstant="2015-05-27T13:23:48Z" Version="2.0">
|
||||||
|
|
|
@ -14,13 +14,13 @@
|
||||||
"domain": {
|
"domain": {
|
||||||
"id": "1789d1",
|
"id": "1789d1",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/domains/1789d1"
|
"self": "http://example.com/identity/v3/domains/1789d1"
|
||||||
},
|
},
|
||||||
"name": "example.com"
|
"name": "example.com"
|
||||||
},
|
},
|
||||||
"id": "263fd9",
|
"id": "263fd9",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/projects/263fd9"
|
"self": "http://example.com/identity/v3/projects/263fd9"
|
||||||
},
|
},
|
||||||
"name": "project-x"
|
"name": "project-x"
|
||||||
},
|
},
|
||||||
|
@ -31,19 +31,19 @@
|
||||||
"id": "39dc322ce86c4111b4f06c2eeae0841b",
|
"id": "39dc322ce86c4111b4f06c2eeae0841b",
|
||||||
"interface": "public",
|
"interface": "public",
|
||||||
"region": "RegionOne",
|
"region": "RegionOne",
|
||||||
"url": "http://localhost:5000"
|
"url": "http://example.com/identity"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "ec642f27474842e78bf059f6c48f4e99",
|
"id": "ec642f27474842e78bf059f6c48f4e99",
|
||||||
"interface": "internal",
|
"interface": "internal",
|
||||||
"region": "RegionOne",
|
"region": "RegionOne",
|
||||||
"url": "http://localhost:5000"
|
"url": "http://example.com/identity"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "c609fc430175452290b62a4242e8a7e8",
|
"id": "c609fc430175452290b62a4242e8a7e8",
|
||||||
"interface": "admin",
|
"interface": "admin",
|
||||||
"region": "RegionOne",
|
"region": "RegionOne",
|
||||||
"url": "http://localhost:35357"
|
"url": "http://example.com/identity"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"id": "266c2aa381ea46df81bb05ddb02bd14a",
|
"id": "266c2aa381ea46df81bb05ddb02bd14a",
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
{
|
{
|
||||||
"service_provider": {
|
"service_provider": {
|
||||||
"auth_url": "https://example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
"auth_url": "https://example.com/identity/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
||||||
"description": "Remote Service Provider",
|
"description": "Remote Service Provider",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "https://identity:35357/v3/OS-FEDERATION/service_providers/ACME"
|
"self": "https://example.com/identity/v3/OS-FEDERATION/service_providers/ACME"
|
||||||
},
|
},
|
||||||
"relay_state_prefix": "ss:mem:",
|
"relay_state_prefix": "ss:mem:",
|
||||||
"sp_url": "https://example.com:5000/Shibboleth.sso/SAML2/ECP"
|
"sp_url": "https://example.com/identity/Shibboleth.sso/SAML2/ECP"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -2,30 +2,30 @@
|
||||||
"links": {
|
"links": {
|
||||||
"next": null,
|
"next": null,
|
||||||
"previous": null,
|
"previous": null,
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/service_providers"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/service_providers"
|
||||||
},
|
},
|
||||||
"service_providers": [
|
"service_providers": [
|
||||||
{
|
{
|
||||||
"auth_url": "https://example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
"auth_url": "https://example.com/identity/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
||||||
"description": "Stores ACME identities",
|
"description": "Stores ACME identities",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/service_providers/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/service_providers/ACME"
|
||||||
},
|
},
|
||||||
"relay_state_prefix": "ss:mem:",
|
"relay_state_prefix": "ss:mem:",
|
||||||
"sp_url": "https://example.com:5000/Shibboleth.sso/SAML2/ECP"
|
"sp_url": "https://example.com/identity/Shibboleth.sso/SAML2/ECP"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"auth_url": "https://other.example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
"auth_url": "https://other.example.com/identity/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
||||||
"description": "Stores contractor identities",
|
"description": "Stores contractor identities",
|
||||||
"enabled": false,
|
"enabled": false,
|
||||||
"id": "ACME-contractors",
|
"id": "ACME-contractors",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "http://identity:35357/v3/OS-FEDERATION/service_providers/ACME-contractors"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/service_providers/ACME-contractors"
|
||||||
},
|
},
|
||||||
"relay_state_prefix": "ss:mem:",
|
"relay_state_prefix": "ss:mem:",
|
||||||
"sp_url": "https://other.example.com:5000/Shibboleth.sso/SAML2/ECP"
|
"sp_url": "https://other.example.com/identity/Shibboleth.sso/SAML2/ECP"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
|
@ -1,8 +1,8 @@
|
||||||
{
|
{
|
||||||
"service_provider": {
|
"service_provider": {
|
||||||
"auth_url": "https://example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
"auth_url": "https://example.com/identity/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
||||||
"description": "Remote Service Provider",
|
"description": "Remote Service Provider",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"sp_url": "https://example.com:5000/Shibboleth.sso/SAML2/ECP"
|
"sp_url": "https://example.com/identity/Shibboleth.sso/SAML2/ECP"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,13 +1,13 @@
|
||||||
{
|
{
|
||||||
"service_provider": {
|
"service_provider": {
|
||||||
"auth_url": "https://example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
"auth_url": "https://example.com/identity/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth",
|
||||||
"description": "Remote Service Provider",
|
"description": "Remote Service Provider",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "https://identity:35357/v3/OS-FEDERATION/service_providers/ACME"
|
"self": "https://example.com/identity/v3/OS-FEDERATION/service_providers/ACME"
|
||||||
},
|
},
|
||||||
"relay_state_prefix": "ss:mem:",
|
"relay_state_prefix": "ss:mem:",
|
||||||
"sp_url": "https://example.com:5000/Shibboleth.sso/SAML2/ECP"
|
"sp_url": "https://example.com/identity/Shibboleth.sso/SAML2/ECP"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,8 +1,8 @@
|
||||||
{
|
{
|
||||||
"service_provider": {
|
"service_provider": {
|
||||||
"auth_url": "https://new.example.com:5000/v3/OS-FEDERATION/identity_providers/protocol/saml2/auth",
|
"auth_url": "https://new.example.com/identity/v3/OS-FEDERATION/identity_providers/protocol/saml2/auth",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"relay_state_prefix": "ss:temp:",
|
"relay_state_prefix": "ss:temp:",
|
||||||
"sp_auth": "https://new.example.com:5000/Shibboleth.sso/SAML2/ECP"
|
"sp_auth": "https://new.example.com/identity/Shibboleth.sso/SAML2/ECP"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -1,13 +1,13 @@
|
||||||
{
|
{
|
||||||
"service_provider": {
|
"service_provider": {
|
||||||
"auth_url": "https://new.example.com:5000/v3/OS-FEDERATION/identity_providers/protocol/saml2/auth",
|
"auth_url": "https://new.example.com/identity/v3/OS-FEDERATION/identity_providers/protocol/saml2/auth",
|
||||||
"description": "Remote Service Provider",
|
"description": "Remote Service Provider",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"id": "ACME",
|
"id": "ACME",
|
||||||
"links": {
|
"links": {
|
||||||
"self": "https://identity:35357/v3/OS-FEDERATION/service_providers/ACME"
|
"self": "https://example.com/identity/v3/OS-FEDERATION/service_providers/ACME"
|
||||||
},
|
},
|
||||||
"relay_state_prefix": "ss:temp:",
|
"relay_state_prefix": "ss:temp:",
|
||||||
"sp_url": "https://new.example.com:5000/Shibboleth.sso/SAML2/ECP"
|
"sp_url": "https://new.example.com/identity/Shibboleth.sso/SAML2/ECP"
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue