openstack-attic/identity-api
Code Issues Proposed changes

User-defined identity provider ID's

Browse Source 
This adds user-defined IDs using PUT operations for create instead of
POST, as done for protocol IDs.

Implements: bp identity-providers
Change-Id: Ibabfa529a925522128e650a3041839cb79e281a4
This commit is contained in:
Dolph Mathews 2014-01-17 13:04:27 -06:00
parent 340b2a2ece
commit 2b8d3d1e8d
1 changed files with 59 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md
View File

@ -25,14 +25,24 @@ API Resources
### Identity Providers: `/OS-FEDERATION/identity_providers` ### Identity Providers: `/OS-FEDERATION/identity_providers`
An Identity Provider is a third party service that is trusted by the Identity An Identity Provider is a third party service that is trusted by the Identity
Service to authenticate identities. For OpenStack, the ID of the identity Service to authenticate identities.
provider is the key.
Attributes: Optional attributes:
- `description` (string) - `description` (string)
Describes the identity provider.
If a value is not specified by the client, the service may default this value
to either an empty string or `null`.
- `enabled` (boolean) - `enabled` (boolean)
- `name` (string)
Indicates whether this identity provider should accept federated
authentication requests.
If a value is not specified by the client, the service may default this to
either `true` or `false`.
### Protocols: `/OS-FEDERATION/identity_providers/{idp_id}/protocols` ### Protocols: `/OS-FEDERATION/identity_providers/{idp_id}/protocols`
@ -40,10 +50,13 @@ A protocol entry contains information that dictates which mapping rules
to use for a given incoming request. An IdP may have multiple supported to use for a given incoming request. An IdP may have multiple supported
protocols. protocols.
Attributes: Required attributes:
- `mapping_id` (string) - `mapping_id` (string)
Indicates which mapping should be used to process federated authentication
requests.
### Mappings: `/OS-FEDERATION/mappings` ### Mappings: `/OS-FEDERATION/mappings`
A `mapping` is a set of rules to map federation protocol attributes to Identity A `mapping` is a set of rules to map federation protocol attributes to Identity
@ -51,11 +64,7 @@ API objects. An Identity Provider can have a single `mapping` specified. A
mapping has a `name` and a list of `rules`. The only Identity API objects mapping has a `name` and a list of `rules`. The only Identity API objects
that will support mapping are: `group`. that will support mapping are: `group`.
Attributes: Required attributes::
- `name` (string)
User-specified name for the mapping.
- `rules` (list of objects) - `rules` (list of objects)
@ -128,19 +137,17 @@ Attributes:
Identity Provider API Identity Provider API
--------------------- ---------------------
### Register an Identity Provider: `POST /OS-FEDERATION/identity_providers` ### Register an Identity Provider: `PUT /OS-FEDERATION/identity_providers/{idp_id}`
Request: Request:
{ {
"identity_provider": { "identity_provider": {
"description": "Stores ACME identities.", "description": "Stores ACME identities.",
"enabled": true, "enabled": true
"name": "acme_idp"
} }
} }
Response: Response:
Status: 201 Created Status: 201 Created
@ -149,12 +156,11 @@ Response:
"identity_provider": { "identity_provider": {
"description": "Stores ACME identities", "description": "Stores ACME identities",
"enabled": true, "enabled": true,
"id": "7fea2d", "id": "ACME",
"links": { "links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols", "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}, }
"name": "acme_idp"
} }
} }
@ -169,22 +175,20 @@ Response:
{ {
"description": "Stores ACME identities", "description": "Stores ACME identities",
"enabled": true, "enabled": true,
"id": "0c2a74", "id": "ACME",
"links": { "links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/0c2a74/protocols", "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/0c2a74" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}, }
"name": "acme_idp"
}, },
{ {
"description": "Stores contractor identities", "description": "Stores contractor identities",
"enabled": false, "enabled": false,
"id": "7fea2d", "id": "ACME-contractors",
"links": { "links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols", "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors"
}, }
"name": "beta_idp"
} }
], ],
"links": { "links": {
@ -204,12 +208,11 @@ Response:
"identity_provider": { "identity_provider": {
"description": "Stores ACME identities", "description": "Stores ACME identities",
"enabled": false, "enabled": false,
"id": "7fea2d", "id": "ACME",
"links": { "links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols", "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}, }
"name": "beta_idp"
} }
} }
@ -240,12 +243,11 @@ Response:
"identity_provider": { "identity_provider": {
"description": "Beta dev idp", "description": "Beta dev idp",
"enabled": true, "enabled": true,
"id": "7fea2d", "id": "ACME",
"links": { "links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols", "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}, }
"name": "beta_idp"
} }
} }
@ -271,8 +273,8 @@ Response:
"id": "saml2", "id": "saml2",
"mapping_id": "xyz234", "mapping_id": "xyz234",
"links": { "links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d", "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
} }
} }
} }
@ -287,14 +289,14 @@ Response:
"links": { "links": {
"next": null, "next": null,
"previous": null, "previous": null,
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols"
}, },
"protocols": [ "protocols": [
{ {
"id": "saml2", "id": "saml2",
"links": { "links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d", "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
}, },
"mapping_id": "xyz234" "mapping_id": "xyz234"
} }
@ -312,8 +314,8 @@ Response:
"id": "saml2", "id": "saml2",
"mapping_id": "xyz234", "mapping_id": "xyz234",
"links": { "links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d", "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
} }
} }
} }
@ -337,8 +339,8 @@ Response:
"id": "saml2", "id": "saml2",
"mapping_id": "xyz234", "mapping_id": "xyz234",
"links": { "links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d", "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7fea2d/protocols/saml2" "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2"
} }
} }
} }
@ -352,13 +354,12 @@ Response:
Mapping API Mapping API
----------- -----------
### Create a mapping: `POST /OS-FEDERATION/mappings` ### Create a mapping: `PUT /OS-FEDERATION/mappings/{mapping_id}`
Request: Request:
{ {
"mapping": { "mapping": {
"name": "ACME's SAML v2 mapping",
"rules": [ "rules": [
{ {
"local": { "local": {
@ -386,11 +387,10 @@ Response:
{ {
"links": { "links": {
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d" "self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
}, },
"mapping": { "mapping": {
"id": "7fea2d", "id": "ACME",
"name": "ACME's SAML v2 mapping",
"rules": [ "rules": [
{ {
"local": { "local": {
@ -420,11 +420,10 @@ Response:
{ {
"links": { "links": {
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d" "self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
}, },
"mapping": { "mapping": {
"id": "7fea2d", "id": "ACME",
"name": "ACME's SAML v2 mapping",
"rules": [ "rules": [
{ {
"local": { "local": {
@ -452,7 +451,7 @@ Request:
{ {
"mapping": { "mapping": {
"name": "ACME's SAML v2 mapping", "id": "ACME",
"rules": [ "rules": [
{ {
"local": { "local": {
@ -480,11 +479,10 @@ Response:
{ {
"links": { "links": {
"self": "http://identity:35357/v3/OS-FEDERATION/mappings/7fea2d" "self": "http://identity:35357/v3/OS-FEDERATION/mappings/ACME"
}, },
"mapping": { "mapping": {
"id": "7fea2d", "id": "ACME",
"name": "ACME's SAML v2 mapping",
"rules": [ "rules": [
{ {
"local": { "local": {
@ -520,8 +518,7 @@ Response:
}, },
"mappings": [ "mappings": [
{ {
"id": "7fea2d", "id": "ACME",
"name": "ACME's SAML v2 mapping",
"rules": [ "rules": [
{ {
"local": { "local": {