diff --git a/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md b/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md index acd129b3..70b6aeee 100644 --- a/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md +++ b/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md @@ -25,14 +25,24 @@ API Resources ### Identity Providers: `/OS-FEDERATION/identity_providers` An Identity Provider is a third party service that is trusted by the Identity -Service to authenticate identities. For OpenStack, the ID of the identity -provider is the key. +Service to authenticate identities. -Attributes: +Optional attributes: - `description` (string) + + Describes the identity provider. + + If a value is not specified by the client, the service may default this value + to either an empty string or `null`. + - `enabled` (boolean) -- `name` (string) + + Indicates whether this identity provider should accept federated + authentication requests. + + If a value is not specified by the client, the service may default this to + either `true` or `false`. ### Protocols: `/OS-FEDERATION/identity_providers/{idp_id}/protocols` @@ -40,10 +50,13 @@ A protocol entry contains information that dictates which mapping rules to use for a given incoming request. An IdP may have multiple supported protocols. -Attributes: +Required attributes: - `mapping_id` (string) + Indicates which mapping should be used to process federated authentication + requests. + ### Mappings: `/OS-FEDERATION/mappings` A `mapping` is a set of rules to map federation protocol attributes to Identity @@ -51,11 +64,7 @@ API objects. An Identity Provider can have a single `mapping` specified. A mapping has a `name` and a list of `rules`. The only Identity API objects that will support mapping are: `group`. -Attributes: - -- `name` (string) - - User-specified name for the mapping. +Required attributes:: - `rules` (list of objects) @@ -128,19 +137,17 @@ Attributes: Identity Provider API --------------------- -### Register an Identity Provider: `POST /OS-FEDERATION/identity_providers` +### Register an Identity Provider: `PUT /OS-FEDERATION/identity_providers/{idp_id}` Request: { "identity_provider": { "description": "Stores ACME identities.", - "enabled": true, - "name": "acme_idp" + "enabled": true } } - Response: Status: 201 Created @@ -149,12 +156,11 @@ Response: "identity_provider": { "description": "Stores ACME identities", "enabled": true, - "id": "7fea2d", + "id": "ACME", "links": { - "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d" - }, - "name": "acme_idp" + "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME" + } } } @@ -169,22 +175,20 @@ Response: { "description": "Stores ACME identities", "enabled": true, - "id": "0c2a74", + "id": "ACME", "links": { - "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/0c2a74/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/0c2a74" - }, - "name": "acme_idp" + "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME" + } }, { "description": "Stores contractor identities", "enabled": false, - "id": "7fea2d", + "id": "ACME-contractors", "links": { - "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d" - }, - "name": "beta_idp" + "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors/protocols", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors" + } } ], "links": { @@ -204,12 +208,11 @@ Response: "identity_provider": { "description": "Stores ACME identities", "enabled": false, - "id": "7fea2d", + "id": "ACME", "links": { - "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d" - }, - "name": "beta_idp" + "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME" + } } } @@ -240,12 +243,11 @@ Response: "identity_provider": { "description": "Beta dev idp", "enabled": true, - "id": "7fea2d", + "id": "ACME", "links": { - "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d" - }, - "name": "beta_idp" + "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME" + } } } @@ -271,8 +273,8 @@ Response: "id": "saml2", "mapping_id": "xyz234", "links": { - "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2" + "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2" } } } @@ -287,14 +289,14 @@ Response: "links": { "next": null, "previous": null, - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols" + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols" }, "protocols": [ { "id": "saml2", "links": { - "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2" + "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2" }, "mapping_id": "xyz234" } @@ -312,8 +314,8 @@ Response: "id": "saml2", "mapping_id": "xyz234", "links": { - "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2" + "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2" } } } @@ -337,8 +339,8 @@ Response: "id": "saml2", "mapping_id": "xyz234", "links": { - "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2" + "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME", + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2" } } } @@ -352,13 +354,12 @@ Response: Mapping API ----------- -### Create a mapping: `POST /OS-FEDERATION/mappings` +### Create a mapping: `PUT /OS-FEDERATION/mappings/{mapping_id}` Request: { "mapping": { - "name": "ACME's SAML v2 mapping", "rules": [ { "local": { @@ -386,11 +387,10 @@ Response: { "links": { - "self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d" + "self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME" }, "mapping": { - "id": "7fea2d", - "name": "ACME's SAML v2 mapping", + "id": "ACME", "rules": [ { "local": { @@ -420,11 +420,10 @@ Response: { "links": { - "self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d" + "self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME" }, "mapping": { - "id": "7fea2d", - "name": "ACME's SAML v2 mapping", + "id": "ACME", "rules": [ { "local": { @@ -452,7 +451,7 @@ Request: { "mapping": { - "name": "ACME's SAML v2 mapping", + "id": "ACME", "rules": [ { "local": { @@ -480,11 +479,10 @@ Response: { "links": { - "self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d" + "self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME" }, "mapping": { - "id": "7fea2d", - "name": "ACME's SAML v2 mapping", + "id": "ACME", "rules": [ { "local": { @@ -520,8 +518,7 @@ Response: }, "mappings": [ { - "id": "7fea2d", - "name": "ACME's SAML v2 mapping", + "id": "ACME", "rules": [ { "local": {