检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
X-Auth-Token Yes String IAM user token (no special permission requirements). Response Parameters Table 3 Parameters in the response body Parameter Type Description endpoint Object Endpoint information.
For details about how to obtain a user group ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
For IAM endpoints, see Regions and Endpoints. The API used to list the projects accessible to an IAM user is recommended because it can return the same response.
Table 1 Credential differences Item Temporary Credentials Permanent Credentials Validity period 15 minutes to 24 hours Unlimited validity Number of credentials Unlimited 2 credentials for each IAM user Obtaining method Call the API used to obtain a temporary access key.
In the case of a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"]. Effect String Effect of the permission. The value can be Allow or Deny.
Procedure Log in to the IAM console. In the navigation pane, choose Identity Providers. Click View in the row containing the IdP. Figure 1 Viewing IdP details Copy the login link by clicking in the Login Link row.
Procedure Log in to the IAM console. In the navigation pane, choose Identity Providers. Click View in the row containing the IdP. Figure 1 Viewing IdP details Copy the login link by clicking in the Login Link row.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
X-Auth-Token Yes String IAM user token (no special permission requirements). Response Parameters Table 3 Parameters in the response body Parameter Type Description endpoints Array of objects Resource link. links Object Endpoint information.
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
Huawei Cloud parses the assertion in the SAML response, identifies the IAM user group mapping to the user based on the identity conversion rules, and issues a token to the user. The SSO login is successful. The assertion must carry a signature; otherwise, the login will fail.
Create an environment variable file in the installation directory of OpenStackClient, and add the username, password, region, SAML protocol version, and IAM address in the file. Table 1 describes the parameters.
For IAM endpoints, see Regions and Endpoints. By default, a login token is valid for 10 minutes. You can set a validity period from 10 minutes to 12 hours. Debugging You can debug this API in API Explorer.
The IAM user does not have the required permissions. Check the permissions of the IAM user. 401 IAM.0065 HUAWEI IDs registered in European countries cannot log in to HUAWEI CLOUD. HUAWEI ID login is not supported in European sites.
IAM is compatible with both versions.
For details, see Obtaining Temporary Access Keys and Security Tokens of an IAM User.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI GET /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config Table 1 URI parameters Parameter Mandatory Type Description idp_id Yes String Identity provider ID.
