1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
.. -*- rst -*-
*New in version 1.1*
Generate a SAML assertion
=========================
.. rest_method:: POST /v3/auth/OS-FEDERATION/saml2
A user may generate a SAML assertion document based on the scoped token that is
used in the request.
Request Parameters:
To generate a SAML assertion, a user must provides a scoped token ID and
Service Provider ID in the request body.
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/saml2``
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: federation/assertion/parameters.yaml
- auth: auth
Example
~~~~~~~
.. literalinclude:: federation/assertion/samples/saml-assertion-request.json
:language: javascript
The response will be a full SAML assertion. Note that for readability the
certificate has been truncated. Server will also set two HTTP headers:
``X-sp-url`` and ``X-auth-url``. The former is the URL where assertion should
be sent, whereas the latter remote URL where token will be issued once the
client is finally authenticated.
Response
--------
Parameters
~~~~~~~~~~
.. rest_parameters:: federation/assertion/parameters.yaml
- Headers: headers
- xml: saml_xml
Example
~~~~~~~
.. literalinclude:: federation/assertion/samples/saml-assertion-response.xml
:language: xml
For more information about how a SAML assertion is structured, refer to the
`specification <http://saml.xml.org/saml-specifications>`__.
Generate an ECP wrapped SAML assertion
======================================
.. rest_method:: POST /v3/auth/OS-FEDERATION/saml2/ecp
A user may generate a SAML assertion document to work with the
*Enhanced Client or Proxy* (ECP) profile based on the scoped token that is
used in the request.
Request Parameters:
To generate an ECP wrapped SAML assertion, a user must provides a scoped token
ID and Service Provider ID in the request body.
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/saml2/ecp``
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: federation/assertion/parameters.yaml
- auth: auth
Example
~~~~~~~
.. literalinclude:: federation/assertion/samples/ecp-saml-assertion-request.json
:language: javascript
The response will be an ECP wrapped SAML assertion. Note that for readability
the certificate has been truncated. Server will also set two HTTP headers:
``X-sp-url`` and ``X-auth-url``. The former is the URL where assertion should
be sent, whereas the latter remote URL where token will be issued once the
client is finally authenticated.
Response
--------
Parameters
~~~~~~~~~~
.. rest_parameters:: federation/assertion/parameters.yaml
- Headers: headers
- xml: saml_xml
Example
~~~~~~~
.. literalinclude:: federation/assertion/samples/ecp-saml-assertion-response.xml
:language: xml
Retrieve Metadata properties
============================
.. rest_method:: GET /v3/OS-FEDERATION/saml2/metadata
A user may retrieve Metadata about an Identity Service acting as an Identity
Provider.
The response will be a full document with Metadata properties. Note that for
readability, this example certificate has been truncated.
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/metadata``
Response
--------
Parameters
~~~~~~~~~~
.. rest_parameters:: federation/assertion/parameters.yaml
- Headers: headers
- xml: metadata_xml
Example
~~~~~~~
.. literalinclude:: federation/assertion/samples/metadata-response.xml
:language: xml
For more information about how a SAML assertion is structured, refer to the
`specification <http://saml.xml.org/saml-specifications>`__.
|
