Kueri Federated Credential Provider dengan EIAM API - Identity as a Service - Alibaba Cloud - Identity as a Service

Mencantumkan penyedia identitas federasi.

Coba sekarang

Coba API ini di OpenAPI Explorer tanpa perlu penandatanganan manual. Panggilan yang berhasil akan secara otomatis menghasilkan contoh kode SDK sesuai dengan parameter Anda. Unduh kode tersebut dengan kredensial bawaan yang aman untuk penggunaan lokal.

Test

RAM authorization

Tabel berikut menjelaskan otorisasi yang diperlukan untuk memanggil API ini. Anda dapat menentukannya dalam kebijakan Resource Access Management (RAM). Kolom pada tabel dijelaskan sebagai berikut:

Action: Aksi yang dapat digunakan dalam elemen Action pada pernyataan kebijakan izin RAM untuk memberikan izin guna melakukan operasi tersebut.
API: API yang dapat Anda panggil untuk melakukan aksi tersebut.
Access level: Tingkat akses yang telah ditentukan untuk setiap API. Nilai yang valid: create, list, get, update, dan delete.
Resource type: Jenis resource yang mendukung otorisasi untuk melakukan aksi tersebut. Ini menunjukkan apakah aksi tersebut mendukung izin tingkat resource. Resource yang ditentukan harus kompatibel dengan aksi tersebut. Jika tidak, kebijakan tersebut tidak akan berlaku.
- Untuk API dengan izin tingkat resource, jenis resource yang diperlukan ditandai dengan tanda bintang (*). Tentukan Nama Sumber Daya Alibaba Cloud (ARN) yang sesuai dalam elemen Resource pada kebijakan.
- Untuk API tanpa izin tingkat resource, ditampilkan sebagai All Resources. Gunakan tanda bintang (*) dalam elemen Resource pada kebijakan.
Condition key: Kunci kondisi yang didefinisikan oleh layanan. Kunci ini memungkinkan kontrol granular, berlaku baik hanya untuk aksi maupun untuk aksi yang terkait dengan resource tertentu. Selain kunci kondisi spesifik layanan, Alibaba Cloud menyediakan serangkaian common condition keys yang berlaku di semua layanan yang didukung RAM.
Dependent action: Aksi dependen yang diperlukan untuk menjalankan aksi tersebut. Untuk menyelesaikan aksi tersebut, pengguna RAM atau role RAM harus memiliki izin untuk melakukan semua aksi dependen.

Action

Access level

Resource type

Condition key

Dependent action

eiam:ListFederatedCredentialProviders

list

*FederatedCredentialProvider

acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/federatedcredentialprovider/*

None

Parameter permintaan

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	ID instans.	idaas_ue2jvisn35ea5lmthk267xxxxx
NextToken	string	No	Token untuk mengambil halaman hasil berikutnya.	NTxxxxxexample
PreviousToken	string	No	Token untuk mengambil halaman hasil sebelumnya.	PTxxxxxexample
MaxResults	integer	No	Jumlah maksimum entri yang dikembalikan per halaman.	20
FederatedCredentialProviderName	string	No	Nama penyedia kredensial federasi.	test
FederatedCredentialProviderType	string	No	Tipe penyedia kredensial federasi.	pkcs7

Elemen respons

Element	Type	Description	Example
	object
RequestId	string	The request ID.	0441BD79-92F3-53AA-8657-F8CE4A2B912A
TotalCount	integer	The total number of entries.	100
NextToken	string	The token to retrieve the next page of results. This parameter is empty if all results have been returned.	NTxxxexample
PreviousToken	string	The token for the previous page of results.	PTxxxexample
MaxResults	integer	The number of entries per page.	20
FederatedCredentialProviders	array<object>	The list of federated credential providers.
	array<object>
InstanceId	string	The instance ID.	idaas_dd4n3rnknybjjxuu5gq6ovqxXXX
CreateTime	integer	The provider's creation time.	1729061324000
UpdateTime	integer	The provider's last update time.	1729061324000
Status	string	The provider's status.	enabled
Description	string	The provider's description.	test
FederatedCredentialProviderType	string	The type of the federated credential provider.	pkcs7
NetworkAccessEndpointId	string	The ID of the network access endpoint.	inae_public
FederatedCredentialProviderName	string	The name of the federated credential provider.	pkcs7test
FederatedCredentialProviderId	string	The ID of the federated credential provider.	fcp_asda123XXX
Pkcs7ProviderConfig	object	The PKCS7 configuration.
SignatureEffectiveTime	integer	The validity period of the signature.	3600
TrustAnchorSource	string	The source of the certificate trust anchor.	alibaba_cloud
CmsVerificationMode	string	The Cryptographic Message Syntax (CMS) verification mode.	cert
SigningTimeValueExpression	string	The expression used to obtain the signing time.	pkcs7.payload.jsonData.audience.signingTime
Certificates	array<object>	The list of PKCS7 certificates.
	array<object>	The certificate object.
CertificateMetadata	object	The certificate metadata.
NotBefore	integer	The start time of the validity period of the certificate.	1729061324000
NotAfter	integer	The expiration time of the certificate.	1729061324000
Fingerprint	string	The certificate fingerprint.	2b18947a6a9fc7764fd8b5fb18a863b0c6daxxx
Content	string	The content of the certificate.	-----BEGIN CERTIFICATE----- MIIE+zCCA0egAwIBAgIJAJZY0ZY0ZY0Z -----END CERTIFICATE-----
TrustCondition	string	The trust condition.	IsNullOrEmpty("certNo")
OidcProviderConfig	object	The OpenID Connect (OIDC) configuration.
JwksUri	string	The JSON Web Key Set (JWKS) endpoint.	https://example.com
Issuer	string	The issuer.	https://example.com
Audiences	array	The list of audiences for the OIDC credential.
	string	The audience.	https://example.com
JwksLastObtainedTime	integer	The time when the JWKS was last obtained.	1729061324000
StaticJwks	string	The statically obtained JWKS.	{ "keys": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "KEY2RzsjRrimRASiAhCjBo18YwDoxpYHnHtv", "n": "qrsfFfSZngqKOxVE29ZIR4SXkwKq029B3HLDAZui_Pwaxwn8FssR9QdwsljZS06BTDp10vhPgqMB7s7TmHulL3I4WuSB-l4uXTXXXX" } ] }
JwksSource	string	The JWKS source.	static
TrustCondition	string	The trust condition.	IsNullOrEmpty("jwt.issuer")
DynamicJwks	string	The dynamically obtained JWKS.	{ "keys": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "KEY2RzsjRrimRASiAhCjBo18YwDoxpYHnHtv", "n": "qrsfFfSZngqKOxVE29ZIR4SXkwKq029B3HLDAZui_Pwaxwn8FssR9QdwsljZS06BTDp10vhPgqMB7s7TmHulL3I4WuSB-l4uXTXXXX" } ] }
PrivateCaProviderConfig	object	The private CA configuration.
TrustAnchorSource	string	The method used to obtain the root certificate.	custom
Certificates	array<object>	The root certificate.
	array<object>
CertificateMetadata	object	The certificate metadata.
NotBefore	integer	The start time of the validity period of the certificate.	1729061324000
NotAfter	integer	The expiration time of the certificate.	1729061324000
Fingerprint	string	The fingerprint of the root certificate.	2b18947a6a9fc7764fd8b5fb18a863b0c6daxxx
Content	string	The content of the root certificate.	-----BEGIN CERTIFICATE----- MIIE+zCCA0egAwIBAgIJAJZY0ZY0ZY0Z -----END CERTIFICATE-----
TrustCondition	string	The trust condition.	IsNullOrEmpty("certNo")
CloudIdPProviderConfig	object
IdentityProviderId	string

Contoh

Respons sukses

JSONformat

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A",
  "TotalCount": 100,
  "NextToken": "NTxxxexample",
  "PreviousToken": "PTxxxexample",
  "MaxResults": 20,
  "FederatedCredentialProviders": [
    {
      "InstanceId": "idaas_dd4n3rnknybjjxuu5gq6ovqxXXX",
      "CreateTime": 1729061324000,
      "UpdateTime": 1729061324000,
      "Status": "enabled",
      "Description": "test",
      "FederatedCredentialProviderType": "pkcs7",
      "NetworkAccessEndpointId": "inae_public",
      "FederatedCredentialProviderName": "pkcs7test",
      "FederatedCredentialProviderId": "fcp_asda123XXX",
      "Pkcs7ProviderConfig": {
        "SignatureEffectiveTime": 3600,
        "TrustAnchorSource": "alibaba_cloud",
        "CmsVerificationMode": "cert",
        "SigningTimeValueExpression": "pkcs7.payload.jsonData.audience.signingTime\n",
        "Certificates": [
          {
            "CertificateMetadata": {
              "NotBefore": 1729061324000,
              "NotAfter": 1729061324000
            },
            "Fingerprint": "2b18947a6a9fc7764fd8b5fb18a863b0c6daxxx",
            "Content": "-----BEGIN CERTIFICATE-----\nMIIE+zCCA0egAwIBAgIJAJZY0ZY0ZY0Z\n-----END CERTIFICATE-----"
          }
        ],
        "TrustCondition": "IsNullOrEmpty(\"certNo\")\n"
      },
      "OidcProviderConfig": {
        "JwksUri": "https://example.com",
        "Issuer": "https://example.com",
        "Audiences": [
          "https://example.com"
        ],
        "JwksLastObtainedTime": 1729061324000,
        "StaticJwks": "{\n  \"keys\": [\n    {\n      \"kty\": \"RSA\",\n      \"e\": \"AQAB\",\n      \"use\": \"sig\",\n      \"kid\": \"KEY2RzsjRrimRASiAhCjBo18YwDoxpYHnHtv\",\n      \"n\": \"qrsfFfSZngqKOxVE29ZIR4SXkwKq029B3HLDAZui_Pwaxwn8FssR9QdwsljZS06BTDp10vhPgqMB7s7TmHulL3I4WuSB-l4uXTXXXX\"\n    }\n  ]\n}",
        "JwksSource": "static",
        "TrustCondition": "IsNullOrEmpty(\"jwt.issuer\")\n",
        "DynamicJwks": "{\n  \"keys\": [\n    {\n      \"kty\": \"RSA\",\n      \"e\": \"AQAB\",\n      \"use\": \"sig\",\n      \"kid\": \"KEY2RzsjRrimRASiAhCjBo18YwDoxpYHnHtv\",\n      \"n\": \"qrsfFfSZngqKOxVE29ZIR4SXkwKq029B3HLDAZui_Pwaxwn8FssR9QdwsljZS06BTDp10vhPgqMB7s7TmHulL3I4WuSB-l4uXTXXXX\"\n    }\n  ]\n}"
      },
      "PrivateCaProviderConfig": {
        "TrustAnchorSource": "custom",
        "Certificates": [
          {
            "CertificateMetadata": {
              "NotBefore": 1729061324000,
              "NotAfter": 1729061324000
            },
            "Fingerprint": "2b18947a6a9fc7764fd8b5fb18a863b0c6daxxx",
            "Content": "-----BEGIN CERTIFICATE-----\nMIIE+zCCA0egAwIBAgIJAJZY0ZY0ZY0Z\n-----END CERTIFICATE-----"
          }
        ],
        "TrustCondition": "IsNullOrEmpty(\"certNo\")\n"
      },
      "CloudIdPProviderConfig": {
        "IdentityProviderId": ""
      }
    }
  ]
}

Kode kesalahan

Lihat Error Codes untuk daftar lengkap.

Catatan rilis

Lihat Release Notes untuk daftar lengkap.