ListFederatedCredentialProviders - Identity as a Service

Queries a list of federated credential providers.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eiam:ListFederatedCredentialProviders

list

*FederatedCredentialProvider

acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/federatedcredentialprovider/*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The instance ID.	idaas_ue2jvisn35ea5lmthk267xxxxx
NextToken	string	No	The token that is used to retrieve the next page of results.	NTxxxxxexample
PreviousToken	string	No	The token that is used to retrieve the previous page of results.	PTxxxxxexample
MaxResults	integer	No	The number of entries to return on each page.	20
FederatedCredentialProviderName	string	No	The name of the federated credential provider.	test
FederatedCredentialProviderType	string	No	The type of the federated credential provider.	pkcs7

Response elements

Element	Type	Description	Example
	object
RequestId	string	The request ID.	0441BD79-92F3-53AA-8657-F8CE4A2B912A
TotalCount	integer	The total number of entries.	100
NextToken	string	The token to retrieve the next page of results. This parameter is empty when all results are returned.	NTxxxexample
PreviousToken	string	The query token that is returned by the call.	PTxxxexample
MaxResults	integer	The number of entries returned on each page.	20
FederatedCredentialProviders	array<object>	The list of federated credential providers.
	object
InstanceId	string	The instance ID.	idaas_dd4n3rnknybjjxuu5gq6ovqxXXX
CreateTime	integer	The time when the provider was created.	1729061324000
UpdateTime	integer	The time when the provider was last updated.	1729061324000
Status	string	The status.	enabled
Description	string	The description.	test
FederatedCredentialProviderType	string	The type of the federated credential provider.	pkcs7
NetworkAccessEndpointId	string	The ID of the network access endpoint.	inae_public
FederatedCredentialProviderName	string	The name of the federated credential provider.	pkcs7test
FederatedCredentialProviderId	string	The ID of the federated credential provider.	fcp_asda123XXX
Pkcs7ProviderConfig	object	The PKCS7 configuration.
SignatureEffectiveTime	integer	The validity period of the signature.	3600
TrustAnchorSource	string	The source of the certificate trust anchor.	alibaba_cloud
CmsVerificationMode	string	The Cryptographic Message Syntax (CMS) verification mode.	cert
SigningTimeValueExpression	string	The expression used to obtain the signing time.	pkcs7.payload.jsonData.audience.signingTime
Certificates	array<object>	The list of PKCS7 certificates.
	object	The certificate object.
CertificateMetadata	object	The certificate metadata.
NotBefore	integer	The start time of the validity period of the certificate.	1729061324000
NotAfter	integer	The expiration time of the certificate.	1729061324000
Fingerprint	string	The certificate fingerprint.	2b18947a6a9fc7764fd8b5fb18a863b0c6daxxx
Content	string	The content of the certificate.	-----BEGIN CERTIFICATE----- MIIE+zCCA0egAwIBAgIJAJZY0ZY0ZY0Z -----END CERTIFICATE-----
TrustCondition	string	The trust condition.	IsNullOrEmpty("certNo")
OidcProviderConfig	object	The OpenID Connect (OIDC) configuration.
JwksUri	string	The JSON Web Key Set (JWKS) endpoint.	https://example.com
Issuer	string	The issuer.	https://example.com
Audiences	array	The list of audiences for the OIDC credential.
	string	The audience.	https://example.com
JwksLastObtainedTime	integer	The time when the JWKS was last obtained.	1729061324000
StaticJwks	string	The statically obtained JWKS.	{ "keys": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "KEY2RzsjRrimRASiAhCjBo18YwDoxpYHnHtv", "n": "qrsfFfSZngqKOxVE29ZIR4SXkwKq029B3HLDAZui_Pwaxwn8FssR9QdwsljZS06BTDp10vhPgqMB7s7TmHulL3I4WuSB-l4uXTXXXX" } ] }
JwksSource	string	The JWKS source.	static
TrustCondition	string	The trust condition.	IsNullOrEmpty("jwt.issuer")
DynamicJwks	string	The dynamically obtained JWKS.	{ "keys": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "KEY2RzsjRrimRASiAhCjBo18YwDoxpYHnHtv", "n": "qrsfFfSZngqKOxVE29ZIR4SXkwKq029B3HLDAZui_Pwaxwn8FssR9QdwsljZS06BTDp10vhPgqMB7s7TmHulL3I4WuSB-l4uXTXXXX" } ] }
PrivateCaProviderConfig	object	The private certificate authority (CA) configuration.
TrustAnchorSource	string	The method used to obtain the root certificate.	custom
Certificates	array<object>	The root certificate.
	object
CertificateMetadata	object	The certificate metadata.
NotBefore	integer	The start time of the validity period of the certificate.	1729061324000
NotAfter	integer	The expiration time of the certificate.	1729061324000
Fingerprint	string	The fingerprint of the root certificate.	2b18947a6a9fc7764fd8b5fb18a863b0c6daxxx
Content	string	The content of the root certificate.	-----BEGIN CERTIFICATE----- MIIE+zCCA0egAwIBAgIJAJZY0ZY0ZY0Z -----END CERTIFICATE-----
TrustCondition	string	The trust condition.	IsNullOrEmpty("certNo")

Examples

Success response

JSON format

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A",
  "TotalCount": 100,
  "NextToken": "NTxxxexample",
  "PreviousToken": "PTxxxexample",
  "MaxResults": 20,
  "FederatedCredentialProviders": [
    {
      "InstanceId": "idaas_dd4n3rnknybjjxuu5gq6ovqxXXX",
      "CreateTime": 1729061324000,
      "UpdateTime": 1729061324000,
      "Status": "enabled",
      "Description": "test",
      "FederatedCredentialProviderType": "pkcs7",
      "NetworkAccessEndpointId": "inae_public",
      "FederatedCredentialProviderName": "pkcs7test",
      "FederatedCredentialProviderId": "fcp_asda123XXX",
      "Pkcs7ProviderConfig": {
        "SignatureEffectiveTime": 3600,
        "TrustAnchorSource": "alibaba_cloud",
        "CmsVerificationMode": "cert",
        "SigningTimeValueExpression": "pkcs7.payload.jsonData.audience.signingTime\n",
        "Certificates": [
          {
            "CertificateMetadata": {
              "NotBefore": 1729061324000,
              "NotAfter": 1729061324000
            },
            "Fingerprint": "2b18947a6a9fc7764fd8b5fb18a863b0c6daxxx",
            "Content": "-----BEGIN CERTIFICATE-----\nMIIE+zCCA0egAwIBAgIJAJZY0ZY0ZY0Z\n-----END CERTIFICATE-----"
          }
        ],
        "TrustCondition": "IsNullOrEmpty(\"certNo\")\n"
      },
      "OidcProviderConfig": {
        "JwksUri": "https://example.com",
        "Issuer": "https://example.com",
        "Audiences": [
          "https://example.com"
        ],
        "JwksLastObtainedTime": 1729061324000,
        "StaticJwks": "{\n  \"keys\": [\n    {\n      \"kty\": \"RSA\",\n      \"e\": \"AQAB\",\n      \"use\": \"sig\",\n      \"kid\": \"KEY2RzsjRrimRASiAhCjBo18YwDoxpYHnHtv\",\n      \"n\": \"qrsfFfSZngqKOxVE29ZIR4SXkwKq029B3HLDAZui_Pwaxwn8FssR9QdwsljZS06BTDp10vhPgqMB7s7TmHulL3I4WuSB-l4uXTXXXX\"\n    }\n  ]\n}",
        "JwksSource": "static",
        "TrustCondition": "IsNullOrEmpty(\"jwt.issuer\")\n",
        "DynamicJwks": "{\n  \"keys\": [\n    {\n      \"kty\": \"RSA\",\n      \"e\": \"AQAB\",\n      \"use\": \"sig\",\n      \"kid\": \"KEY2RzsjRrimRASiAhCjBo18YwDoxpYHnHtv\",\n      \"n\": \"qrsfFfSZngqKOxVE29ZIR4SXkwKq029B3HLDAZui_Pwaxwn8FssR9QdwsljZS06BTDp10vhPgqMB7s7TmHulL3I4WuSB-l4uXTXXXX\"\n    }\n  ]\n}"
      },
      "PrivateCaProviderConfig": {
        "TrustAnchorSource": "custom",
        "Certificates": [
          {
            "CertificateMetadata": {
              "NotBefore": 1729061324000,
              "NotAfter": 1729061324000
            },
            "Fingerprint": "2b18947a6a9fc7764fd8b5fb18a863b0c6daxxx",
            "Content": "-----BEGIN CERTIFICATE-----\nMIIE+zCCA0egAwIBAgIJAJZY0ZY0ZY0Z\n-----END CERTIFICATE-----"
          }
        ],
        "TrustCondition": "IsNullOrEmpty(\"certNo\")\n"
      }
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.