检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
Huawei Cloud parses the assertion in the SAML response, identifies the IAM user group mapping to the user based on the identity conversion rules, and issues a token to the user. The SSO login is successful. The assertion must carry a signature; otherwise, the login will fail.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
Create an environment variable file in the installation directory of OpenStackClient, and add the username, password, region, SAML protocol version, and IAM address in the file. Table 1 describes the parameters.
For IAM endpoints, see Regions and Endpoints. By default, a login token is valid for 10 minutes. You can set a validity period from 10 minutes to 12 hours. Debugging You can debug this API in API Explorer.
The IAM user does not have the required permissions. Check the permissions of the IAM user. 401 IAM.0065 HUAWEI IDs registered in European countries cannot log in to HUAWEI CLOUD. HUAWEI ID login is not supported in European sites.
IAM is compatible with both versions.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI GET /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config Table 1 URI parameters Parameter Mandatory Type Description idp_id Yes String Identity provider ID.
"evs:*:*", "vpc:*:*", "elb:*:*", "aom:*:*" ] } ] } The following is an example policy that allows only IAM
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI POST /v3.0/OS-AUTH/id-token/tokens Request Parameters Table 1 Parameters in the request header Parameter Mandatory Type Description X-Idp-Id Yes String Identity provider ID.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI PATCH /v3.0/OS-ROLE/roles/{role_id} Table 1 URI parameters Parameter Mandatory Type Description role_id Yes String Custom policy ID.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config Table 1 URI parameters Parameter Mandatory Type Description idp_id Yes String Identity provider ID.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config Table 1 URI parameters Parameter Mandatory Type Description idp_id Yes String Identity provider name.
Client4ShibbolethIdP script: # Set headers headers = {} headers["X-Idp-Id"] = "test_local_idp" # IAM API url: get unscoped token on IDP initiated mode sp_unscoped_token_url = "https://iam.example.com/v3.0/OS-FEDERATION/tokens" # Set form data payload = {} payload["SAMLResponse"]