OpenStack Identity (Keystone)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

134 lines
3.6 KiB

.. -*- rst -*-
*New in version 1.1*
Generate a SAML assertion
=========================
.. rest_method:: POST /v3/auth/OS-FEDERATION/saml2
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/saml2``
A user may generate a SAML assertion document based on the scoped token that is
used in the request.
Request Parameters:
To generate a SAML assertion, a user must provides a scoped token ID and
Service Provider ID in the request body.
Request
-------
.. rest_parameters:: federation/assertion/parameters.yaml
- auth: auth
Request Example
---------------
.. literalinclude:: federation/assertion/samples/saml-assertion-request.json
:language: javascript
The response will be a full SAML assertion. Note that for readability the
certificate has been truncated. Server will also set two HTTP headers:
``X-sp-url`` and ``X-auth-url``. The former is the URL where assertion should
be sent, whereas the latter remote URL where token will be issued once the
client is finally authenticated.
Response
--------
.. rest_parameters:: federation/assertion/parameters.yaml
- Headers: headers
- xml: saml_xml
Response Example
----------------
.. literalinclude:: federation/assertion/samples/saml-assertion-response.xml
:language: xml
For more information about how a SAML assertion is structured, refer to the
`specification <http://saml.xml.org/saml-specifications>`__.
Generate an ECP wrapped SAML assertion
======================================
.. rest_method:: POST /v3/auth/OS-FEDERATION/saml2/ecp
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/saml2/ecp``
A user may generate a SAML assertion document to work with the
*Enhanced Client or Proxy* (ECP) profile based on the scoped token that is
used in the request.
Request Parameters:
To generate an ECP wrapped SAML assertion, a user must provides a scoped token
ID and Service Provider ID in the request body.
Request
-------
.. rest_parameters:: federation/assertion/parameters.yaml
- auth: auth
Request Example
---------------
.. literalinclude:: federation/assertion/samples/ecp-saml-assertion-request.json
:language: javascript
The response will be an ECP wrapped SAML assertion. Note that for readability
the certificate has been truncated. Server will also set two HTTP headers:
``X-sp-url`` and ``X-auth-url``. The former is the URL where assertion should
be sent, whereas the latter remote URL where token will be issued once the
client is finally authenticated.
Response
--------
.. rest_parameters:: federation/assertion/parameters.yaml
- Headers: headers
- xml: saml_xml
Response Example
----------------
.. literalinclude:: federation/assertion/samples/ecp-saml-assertion-response.xml
:language: xml
Retrieve Metadata properties
============================
.. rest_method:: GET /v3/OS-FEDERATION/saml2/metadata
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/metadata``
A user may retrieve Metadata about an Identity Service acting as an Identity
Provider.
The response will be a full document with Metadata properties. Note that for
readability, this example certificate has been truncated.
Response
--------
.. rest_parameters:: federation/assertion/parameters.yaml
- Headers: headers
- xml: metadata_xml
Response Example
----------------
.. literalinclude:: federation/assertion/samples/metadata-response.xml
:language: xml
For more information about how a SAML assertion is structured, refer to the
`specification <http://saml.xml.org/saml-specifications>`__.