openstack-attic/identity-api
Code Issues Proposed changes

User-defined identity provider ID's

Browse Source 
This adds user-defined IDs using PUT operations for create instead of
POST, as done for protocol IDs.

Implements: bp identity-providers
Change-Id: Ibabfa529a925522128e650a3041839cb79e281a4
This commit is contained in:
Dolph Mathews 2014-01-17 13:04:27 -06:00
parent 340b2a2ece
commit 2b8d3d1e8d
1 changed files with 59 additions and 62 deletions

121
openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md

@ -25,14 +25,24 @@ API Resources
### Identity Providers: `/OS-FEDERATION/identity_providers`
An Identity Provider is a third party service that is trusted by the Identity
Service to authenticate identities. For OpenStack, the ID of the identity
provider is the key.
Service to authenticate identities.
Attributes:
Optional attributes:
- `description` (string)
Describes the identity provider.
If a value is not specified by the client, the service may default this value
to either an empty string or `null`.
- `enabled` (boolean)
- `name` (string)
Indicates whether this identity provider should accept federated
authentication requests.
If a value is not specified by the client, the service may default this to
either `true` or `false`.
### Protocols: `/OS-FEDERATION/identity_providers/{idp_id}/protocols`
@ -40,10 +50,13 @@ A protocol entry contains information that dictates which mapping rules
to use for a given incoming request. An IdP may have multiple supported
protocols.
Attributes:
Required attributes:
- `mapping_id` (string)
Indicates which mapping should be used to process federated authentication
requests.
### Mappings: `/OS-FEDERATION/mappings`
A `mapping` is a set of rules to map federation protocol attributes to Identity
@ -51,11 +64,7 @@ API objects. An Identity Provider can have a single `mapping` specified. A
mapping has a `name` and a list of `rules`. The only Identity API objects
that will support mapping are: `group`.
Attributes:
- `name` (string)
User-specified name for the mapping.
Required attributes::
- `rules` (list of objects)
@ -128,19 +137,17 @@ Attributes:
Identity Provider API
---------------------
### Register an Identity Provider: `POST /OS-FEDERATION/identity_providers`
### Register an Identity Provider: `PUT /OS-FEDERATION/identity_providers/{idp_id}`
Request:
{
"identity_provider": {
"description": "Stores ACME identities.",
"enabled": true,
"name": "acme_idp"
"enabled": true
}
}
Response:
Status: 201 Created
@ -149,12 +156,11 @@ Response:
"identity_provider": {
"description": "Stores ACME identities",
"enabled": true,
"id": "7fea2d",
"id": "ACME",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d"
},
"name": "acme_idp"
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
@ -169,22 +175,20 @@ Response:
{
"description": "Stores ACME identities",
"enabled": true,
"id": "0c2a74",
"id": "ACME",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/0c2a74/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/0c2a74"
},
"name": "acme_idp"
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}
},
{
"description": "Stores contractor identities",
"enabled": false,
"id": "7fea2d",
"id": "ACME-contractors",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d"
},
"name": "beta_idp"
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors"
}
}
],
"links": {
@ -204,12 +208,11 @@ Response:
"identity_provider": {
"description": "Stores ACME identities",
"enabled": false,
"id": "7fea2d",
"id": "ACME",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d"
},
"name": "beta_idp"
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
@ -240,12 +243,11 @@ Response:
"identity_provider": {
"description": "Beta dev idp",
"enabled": true,
"id": "7fea2d",
"id": "ACME",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d"
},
"name": "beta_idp"
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
@ -271,8 +273,8 @@ Response:
"id": "saml2",
"mapping_id": "xyz234",
"links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2"
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
}
}
}
@ -287,14 +289,14 @@ Response:
"links": {
"next": null,
"previous": null,
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols"
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols"
},
"protocols": [
{
"id": "saml2",
"links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2"
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
},
"mapping_id": "xyz234"
}
@ -312,8 +314,8 @@ Response:
"id": "saml2",
"mapping_id": "xyz234",
"links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2"
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
}
}
}
@ -337,8 +339,8 @@ Response:
"id": "saml2",
"mapping_id": "xyz234",
"links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2"
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
}
}
}
@ -352,13 +354,12 @@ Response:
Mapping API
-----------
### Create a mapping: `POST /OS-FEDERATION/mappings`
### Create a mapping: `PUT /OS-FEDERATION/mappings/{mapping_id}`
Request:
{
"mapping": {
"name": "ACME's SAML v2 mapping",
"rules": [
{
"local": {
@ -386,11 +387,10 @@ Response:
{
"links": {
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d"
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
},
"mapping": {
"id": "7fea2d",
"name": "ACME's SAML v2 mapping",
"id": "ACME",
"rules": [
{
"local": {
@ -420,11 +420,10 @@ Response:
{
"links": {
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d"
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
},
"mapping": {
"id": "7fea2d",
"name": "ACME's SAML v2 mapping",
"id": "ACME",
"rules": [
{
"local": {
@ -452,7 +451,7 @@ Request:
{
"mapping": {
"name": "ACME's SAML v2 mapping",
"id": "ACME",
"rules": [
{
"local": {
@ -480,11 +479,10 @@ Response:
{
"links": {
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d"
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
},
"mapping": {
"id": "7fea2d",
"name": "ACME's SAML v2 mapping",
"id": "ACME",
"rules": [
{
"local": {
@ -520,8 +518,7 @@ Response:
},
"mappings": [
{
"id": "7fea2d",
"name": "ACME's SAML v2 mapping",
"id": "ACME",
"rules": [
{
"local": {