Retrieves an identity provider.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| InstanceId |
string |
Yes |
The instance ID. |
idaas_ue2jvisn35ea5lmthk267xxxxx |
| IdentityProviderId |
string |
Yes |
The identity provider ID. |
idp_my664lwkhpicbyzirog3xxxxx |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| IdentityProviderDetail |
object |
The identity provider information. |
|
| AdvancedStatus |
string |
The advanced configuration status. Valid values:
|
disabled |
| AuthnSourceSupplier |
string |
The authentication source product, such as Okta, Google, or Azure AD. Valid values:
|
urn:alibaba:idaas:idp:bytedance:lark |
| AuthnSourceType |
string |
The authentication method type, such as OIDC or SAML. Valid values:
|
urn:alibaba:idaas:authntype:oidc |
| AuthnStatus |
string |
Specifies whether the corresponding IdP supports authentication. Valid values:
|
disabled |
| CreateTime |
integer |
The creation time, in UNIX timestamp format. Unit: milliseconds. |
1726021079000 |
| Description |
string |
The description of the identity provider. |
for poc test |
| DingtalkAppConfig |
object |
The DingTalk basic configuration. |
|
| AppKey |
string |
The AppKey of your first-party application in DingTalk. |
41reopmwoy9s |
| AppSecret |
string |
The AppSecret of your first-party application in DingTalk. |
REOQ6Cl55kriOd8NOBeqWYLKpHR4p6fdZxxxx |
| CorpId |
string |
The corporate ID of your first-party application in DingTalk. |
3756043633237690761 |
| DingtalkVersion |
string |
The DingTalk edition. Valid values:
|
public_dingtalk |
| EncryptKey |
string |
The encryption key for your first-party application in DingTalk. |
29003eb11d0a28b4802a6f02fb8aa25dff730e2ac26ffd200d |
| VerificationToken |
string |
The verification token for your first-party application in DingTalk. |
5ba9c127a7abe029003eb11d0a28b4802a6f02fb8aa25dff730e2ac26ffd200d |
| DingtalkLoginVersion |
string |
The version of DingTalk QR code login. Valid values:
|
old_version |
| DingtalkProvisioningConfig |
object |
The DingTalk synchronization configuration. This value is returned only for DingTalk identity providers. |
|
| AuthedDepartmentIds |
array<object> |
The authorized DingTalk departments. |
|
|
object |
|||
| DeptId |
string |
The department ID in DingTalk. |
123xxx444 |
| DeptName |
string |
The department name in DingTalk. |
test_department |
| AuthedUsers |
array<object> |
The list of authorized DingTalk user accounts. |
|
|
object |
|||
| Name |
string |
The user name in DingTalk. |
zhangsan |
| UserId |
string |
The user ID in DingTalk. |
130308333929200479 |
| CorpId |
string |
The corporate ID in DingTalk. |
ding_xxxxx |
| CorpName |
string |
The corporate name in DingTalk. |
test_enterprise |
| IdentityProviderExternalId |
string |
The external ID of the identity provider. |
idp_xxxx |
| IdentityProviderId |
string |
The identity provider ID. |
idp_mwpcwnhrimlr2horx7xgg7pp7y |
| IdentityProviderName |
string |
The name of the identity provider. |
test |
| IdentityProviderType |
string |
The synchronization type of the identity provider. Valid values:
|
urn:alibaba:idaas:idp:alibaba:dingtalk:push |
| InstanceId |
string |
The instance ID. |
idaas_x2df3bak3uwnapqm6xxxx |
| LarkConfig |
object |
The Lark configuration. |
|
| AppId |
string |
The App ID of your custom application in Lark. |
cli_a7a99f53a317100c |
| AppSecret |
string |
The App Secret of your custom application in Lark. |
*** |
| EnterpriseNumber |
string |
The enterprise code for Lark. |
FX1231xxxx |
| EncryptKey |
string |
The encryption key for your custom application in Lark. |
VkdWw91mdkrjVFr3ObNwefap21dfbZbK |
| VerificationToken |
string |
The Verification Token of your custom application in Lark. |
VkdWw91mdkrjVFr3ObNwefap21dfbZbK |
| LastStatusCheckJobResult |
string |
The result of the last status check. |
success |
| LdapConfig |
object |
The AD/LDAP identity provider configuration. |
|
| AdministratorPassword |
string |
The password of the AD/LDAP administrator. |
XXXX |
| AdministratorUsername |
string |
The username of the AD/LDAP administrator. |
example.com |
| CertificateFingerprintStatus |
string |
Indicates whether to verify the certificate fingerprint. Valid values:
|
enabled |
| CertificateFingerprints |
array |
The list of certificate fingerprints. |
|
|
string |
The SHA-256 fingerprint of the public key certificate. |
asdsadaasd |
|
| LdapProtocol |
string |
The communication protocol for AD/LDAP. |
ldap |
| LdapServerHost |
string |
The address of the AD/LDAP server. |
127.xx.xx.100 |
| LdapServerPort |
integer |
The port of the AD/LDAP server. |
389 |
| StartTlsStatus |
string |
Indicates whether StartTLS is enabled. Valid values:
|
enabled |
| LockReason |
string |
The lock reason. |
financial |
| NetworkAccessEndpointId |
string |
The network endpoint ID. |
nae_mx4vsadfe6govkqkwckxxxx |
| OidcConfig |
object |
The OIDC IdP configuration. |
|
| AuthnParam |
object |
The OIDC client authentication configuration. |
|
| AuthnMethod |
string |
The OIDC authentication method. |
client_secret_post |
| ClientId |
string |
The OIDC client ID. |
mkv7rgt4d7i4u7zqtzev2mxxxx |
| ClientSecret |
string |
The OIDC client secret. |
CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx |
| EndpointConfig |
object |
The OIDC endpoint configuration. |
|
| AuthorizationEndpoint |
string |
The OIDC authorization endpoint. |
https://example.com/oauth/authorize |
| Issuer |
string |
The OIDC issuer. |
https://example.com/oauth |
| JwksUri |
string |
The OIDC JWKS URI. |
https://example.com/oauth/jwks |
| TokenEndpoint |
string |
The OIDC token endpoint. |
https://example.com/oauth/token |
| UserinfoEndpoint |
string |
The OIDC userinfo endpoint. |
https://example.com/oauth/userinfo |
| GrantScopes |
array |
The list of OIDC authorization scopes. |
openid |
|
string |
An OIDC authorization scope. |
ou_asdaq1addsxzdq1xxxx |
|
| GrantType |
string |
The OIDC grant type. |
authorization_code |
| PkceChallengeMethod |
string |
The algorithm for Proof Key for Code Exchange (PKCE). Valid values:
|
S256 |
| PkceRequired |
boolean |
Indicates whether to use PKCE in the authorization code grant type. |
true |
| UdPullConfig |
object |
The inbound synchronization configuration. |
|
| GroupSyncStatus |
string |
Indicates whether group synchronization is enabled. Valid values:
|
disabled |
| IncrementalCallbackStatus |
string |
Indicates whether to process incremental callback data from the identity provider. Valid values:
|
disabled |
| UdSyncScopeConfig |
object |
The synchronization scope configuration. |
|
| SourceScopes |
array |
The list of source nodes for synchronization. |
|
|
string |
The source node for synchronization. |
ou_123xxxx |
|
| TargetScope |
string |
The target node for synchronization. |
ou_123xxxx |
| UdPullStatus |
string |
Specifies whether the inbound synchronization feature is supported. Valid values:
|
disabled |
| UdPushConfig |
object |
The outbound synchronization configuration. |
|
| IncrementalCallbackStatus |
string |
This parameter is reserved for future use. |
disabled |
| UdSyncScopeConfigs |
array<object> |
The list of synchronization scope configurations. |
|
|
object |
A synchronization scope configuration. |
||
| SourceScopes |
array |
The list of source nodes for synchronization. |
|
|
string |
The source node for synchronization, specified by the organization ID. |
ou_123xxxx |
|
| TargetScope |
string |
The target node for synchronization. |
ou_123xxxx |
| UdPushStatus |
string |
Specifies whether the outbound synchronization feature is enabled. Valid values:
|
disabled |
| UpdateTime |
integer |
The update time, in UNIX timestamp format. Unit: milliseconds. |
1726021079000 |
| WeComConfig |
object |
The WeCom configuration. |
|
| AgentId |
string |
The ID of your custom application in WeCom. |
1242350 |
| AuthorizeCallbackDomain |
string |
The authorized callback domain. |
https://example.com/xxxx |
| CorpId |
string |
The corporate ID of your custom application in WeCom. |
3562012953454577801 |
| CorpSecret |
string |
The secret of your custom application in WeCom. |
weaseiszjskejskaj12sjeszojxxxx |
| TrustableDomain |
string |
The trusted domain. |
https://example.com |
| LogoUrl |
string |
The custom logo URL of the identity provider. |
https://img.alicdn.com/imgextra/i4/O1CN01lvYwpv1aGowQXDML9_!!6000000003303-0-tps-580-580.jpg |
| SamlConfig |
object |
The SAML IdP configuration. |
|
| IdPEntityId |
string |
The entity ID of the SAML identity provider. |
http://dc.test.com/adfs/services/trust |
| IdPSsoUrl |
string |
The single sign-on (SSO) URL of the SAML identity provider. |
https://dc.test.com/adfs/ls/ |
| Certificates |
array<object> |
The list of signing certificates for the SAML identity provider. |
|
|
array<object> |
The certificate information. |
||
| Content |
string |
The content of the certificate. |
-----BEGIN CERTIFICATE----- MIIC0jCCAbqgAwIBAgIQXXXXX -----END CERTIFICATE----- |
| CertificateMetadata |
object |
The metadata of the certificate. |
|
| NotBefore |
integer |
Certificate not valid before |
1672531200000 |
| NotAfter |
integer |
Certificate expiration on or before |
1704067200000 |
| RequireRequestSigned |
boolean |
Is request signing required? |
true |
| BindingMethod |
string |
Binding Type |
HTTP-REDIRECT |
| MaxClockSkew |
integer |
Maximum clock skew |
180 |
| WantResponseSigned |
boolean |
||
| WantAssertionsSigned |
boolean |
||
| EndpointMetadata |
object |
The endpoint metadata. |
|
| SamlEntityId |
string |
SAML EntityId |
https://9test.aliyunidaas.com/login/saml2/idp_nhlraxfiwsx7w7zp26qzyoxxxx/meta |
| SamlAcsEndpoint |
string |
SAML ACS address |
https://9test.aliyunidaas.com/login/saml2/idp_nhlraxfiwsx7w7zp26qzyoxxxx/acs |
| SamlMetaEndpoint |
string |
SAML metadata address |
https://9test.aliyunidaas.com/login/saml2/idp_nhlraxfiwsx7w7zp26qzyoxxxx/meta |
| RequestId |
string |
The request ID. |
0441BD79-92F3-53AA-8657-F8CE4A2B912A |
Examples
Success response
JSON format
{
"IdentityProviderDetail": {
"AdvancedStatus": "disabled",
"AuthnSourceSupplier": "urn:alibaba:idaas:idp:bytedance:lark",
"AuthnSourceType": "urn:alibaba:idaas:authntype:oidc",
"AuthnStatus": "disabled",
"CreateTime": 1726021079000,
"Description": "for poc test",
"DingtalkAppConfig": {
"AppKey": "41reopmwoy9s",
"AppSecret": "REOQ6Cl55kriOd8NOBeqWYLKpHR4p6fdZxxxx",
"CorpId": "3756043633237690761",
"DingtalkVersion": "public_dingtalk",
"EncryptKey": "29003eb11d0a28b4802a6f02fb8aa25dff730e2ac26ffd200d",
"VerificationToken": "5ba9c127a7abe029003eb11d0a28b4802a6f02fb8aa25dff730e2ac26ffd200d",
"DingtalkLoginVersion": "old_version"
},
"DingtalkProvisioningConfig": {
"AuthedDepartmentIds": [
{
"DeptId": "123xxx444",
"DeptName": "test_department"
}
],
"AuthedUsers": [
{
"Name": "zhangsan",
"UserId": "130308333929200479"
}
],
"CorpId": "ding_xxxxx",
"CorpName": "test_enterprise"
},
"IdentityProviderExternalId": "idp_xxxx",
"IdentityProviderId": "idp_mwpcwnhrimlr2horx7xgg7pp7y",
"IdentityProviderName": "test",
"IdentityProviderType": "urn:alibaba:idaas:idp:alibaba:dingtalk:push\n",
"InstanceId": "idaas_x2df3bak3uwnapqm6xxxx",
"LarkConfig": {
"AppId": "cli_a7a99f53a317100c",
"AppSecret": "***",
"EnterpriseNumber": "FX1231xxxx",
"EncryptKey": "VkdWw91mdkrjVFr3ObNwefap21dfbZbK",
"VerificationToken": "VkdWw91mdkrjVFr3ObNwefap21dfbZbK"
},
"LastStatusCheckJobResult": "success",
"LdapConfig": {
"AdministratorPassword": "XXXX",
"AdministratorUsername": "example.com",
"CertificateFingerprintStatus": "enabled",
"CertificateFingerprints": [
"asdsadaasd"
],
"LdapProtocol": "ldap",
"LdapServerHost": "127.xx.xx.100",
"LdapServerPort": 389,
"StartTlsStatus": "enabled"
},
"LockReason": "financial",
"NetworkAccessEndpointId": "nae_mx4vsadfe6govkqkwckxxxx",
"OidcConfig": {
"AuthnParam": {
"AuthnMethod": "client_secret_post",
"ClientId": "mkv7rgt4d7i4u7zqtzev2mxxxx",
"ClientSecret": "CSEHDddddddxxxxuxkJEHPveWRXBGqVqRsxxxx"
},
"EndpointConfig": {
"AuthorizationEndpoint": "https://example.com/oauth/authorize",
"Issuer": "https://example.com/oauth",
"JwksUri": "https://example.com/oauth/jwks",
"TokenEndpoint": "https://example.com/oauth/token",
"UserinfoEndpoint": "https://example.com/oauth/userinfo"
},
"GrantScopes": [
"ou_asdaq1addsxzdq1xxxx"
],
"GrantType": "authorization_code",
"PkceChallengeMethod": "S256",
"PkceRequired": true
},
"UdPullConfig": {
"GroupSyncStatus": "disabled",
"IncrementalCallbackStatus": "disabled",
"UdSyncScopeConfig": {
"SourceScopes": [
"ou_123xxxx"
],
"TargetScope": "ou_123xxxx"
}
},
"UdPullStatus": "disabled",
"UdPushConfig": {
"IncrementalCallbackStatus": "disabled",
"UdSyncScopeConfigs": [
{
"SourceScopes": [
"ou_123xxxx"
],
"TargetScope": "ou_123xxxx"
}
]
},
"UdPushStatus": "disabled",
"UpdateTime": 1726021079000,
"WeComConfig": {
"AgentId": "1242350",
"AuthorizeCallbackDomain": "https://example.com/xxxx",
"CorpId": "3562012953454577801",
"CorpSecret": "weaseiszjskejskaj12sjeszojxxxx",
"TrustableDomain": "https://example.com"
},
"LogoUrl": "https://img.alicdn.com/imgextra/i4/O1CN01lvYwpv1aGowQXDML9_!!6000000003303-0-tps-580-580.jpg",
"SamlConfig": {
"IdPEntityId": "http://dc.test.com/adfs/services/trust",
"IdPSsoUrl": "https://dc.test.com/adfs/ls/",
"Certificates": [
{
"Content": "-----BEGIN CERTIFICATE----- MIIC0jCCAbqgAwIBAgIQXXXXX -----END CERTIFICATE-----",
"CertificateMetadata": {
"NotBefore": 1672531200000,
"NotAfter": 1704067200000
}
}
],
"RequireRequestSigned": true,
"BindingMethod": "HTTP-REDIRECT",
"MaxClockSkew": 180,
"WantResponseSigned": false,
"WantAssertionsSigned": false
},
"EndpointMetadata": {
"SamlEntityId": "https://9test.aliyunidaas.com/login/saml2/idp_nhlraxfiwsx7w7zp26qzyoxxxx/meta",
"SamlAcsEndpoint": "https://9test.aliyunidaas.com/login/saml2/idp_nhlraxfiwsx7w7zp26qzyoxxxx/acs",
"SamlMetaEndpoint": "https://9test.aliyunidaas.com/login/saml2/idp_nhlraxfiwsx7w7zp26qzyoxxxx/meta"
}
},
"RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A"
}Error codes
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.