• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Keystone
  5. Token
  6. Obtaining a Scoped Token in Federated Identity Authentication Mode

Obtaining a Scoped Token in Federated Identity Authentication Mode

Function Description

This interface is used to obtain a scoped token in federated identity authentication mode.

URI

URI format

POST /v3/auth/tokens

Request

  • Request header parameter description

    Parameter

    Type

    Mandatory

    Description

    identity

    Dict

    Yes

    Authentication information, such as user passwords.

    scope

    Dict

    No

    Scope of a token.

  • Description for the identity format

    Parameter

    Type

    Mandatory

    Description

    methods

    List

    Yes

    The value of this parameter is token.

    token

    Dict

    Yes

    Unscoped token obtained in federated identity authentication mode.

  • Description for the token format

    Parameter

    Type

    Mandatory

    Description

    id

    String

    Yes

    ID of an unscoped token obtained in federated identity authentication mode for authentication.

  • Description for the scope format

    Parameter

    Type

    Mandatory

    Description

    project

    Dict

    Yes

    Project. Select either project or domain.

    domain

    Dict

    Yes

    Domain. Select either project or domain.

  • Description for the project format

    Parameter

    Type

    Mandatory

    Description

    name

    String

    Yes

    Project name. Select either name or id.

    domain

    Dict

    Yes

    Domain to which a project belongs. This parameter is mandatory when the name parameter is used.

    id

    String

    Yes

    Project ID. Select either name or id.

  • Description for the domain format

    Parameter

    Type

    Mandatory

    Description

    name

    String

    Yes

    Domain name. Select either name or id.

    id

    String

    Yes

    Domain ID. Select either name or id.

  • Sample request
    POST /v3/auth/tokens
    {
    "auth": {
    "identity": {
    "methods": [
    "token"
    ],
    "token": {
    "id": "--federated-token-id--"
    }
    },
    "scope": {
    "domain": {
    "id": "e31ac82d778b4d128cb6fed37fd72cdb"
    }
    }
    }
    }
NOTE:

You are not advised to obtain a token by directly calling this interface. You are advised to obtain a token using the OpenStack client.

Response

  • Response body parameter description

    Parameter

    Type

    Mandatory

    Description

    methods

    List

    Yes

    Authentication method used when you obtain a token.

    roles

    List

    Yes

    Role of a user in a project or domain who obtains a token.

    expires_at

    String

    Yes

    Time when a token expires.

    project

    Dict

    Yes

    Project to which a token belongs.

    catalog

    Dict

    No

    Service and endpoint address information.

    extras

    Dict

    No

    Extra token information.

    user

    Dict

    Yes

    User to which a token belongs.

    issued_at

    String

    Yes

    Time when a token is generated.

  • Sample response
    X-Subject-Token: MIIFwAYJKoZIhvcNAQcCoIIFsTCCBa0CAQExDTALBglghkgBZQMEAgEwggQOBgkqhkiG9w0BBwGgggP-BIID+3sidG9rZW4iOnsibWV0aG9kcyI6WyJ0b2tlbiJdLCJpc3N1ZWRfYXQiOiIyMDE3LTA1LTIzVDA2OjU0OjEyLjUwODAwMFoiLCJleHBpcmVzX2F0IjoiMjAxNy0wNS0yNFQwNjo1NDoxMi41MDgwMDBaIiwidXNlciI6eyJpZCI6IlJNUVRndGpqU05HRGNLeTdvVW1JM0FaZzdHZ3NXRzBaIiwibmFtZSI6InN0b25laWRwMDEiLCJPUy1GRURFUkFUSU9OIjp7ImlkZW50aXR5X3Byb3ZpZGVyIjp7ImlkIjoic3RvbmVpZHAwMSJ9LCJwcm90b2NvbCI6eyJpZCI6InNhbWwifSwiZ3JvdXBzIjpbeyJpZCI6ImI0MDE4OWUyNmVhNDRmOTU5ODc3NjIxYjRiMjk4ZGI1In1dfSwiZG9tYWluIjp7ImlkIjoiZTMxYWM4MmQ3NzhiNGQxMjhjYjZmZWQzN2ZkNzJjZGIiLCJuYW1lIjoic3RvbmUiLCJ4ZG9tYWluX2lkIjoieGRvbWFpbmlkMDA2OTU4MTQ5MDM5NDQ1NzE0NDU5MzIzIiwieGRvbWFpbl90eXBlIjoiVFNJIn19LCJkb21haW4iOnsiaWQiOiJlMzFhYzgyZDc3OGI0ZDEyOGNiNmZlZDM3ZmQ3MmNkYiIsIm5hbWUiOiJzdG9uZSIsInhkb21haW5faWQiOiJ4ZG9tYWluaWQwMDY5NTgxNDkwMzk0NDU3MTQ0NTkzMjMiLCJ4ZG9tYWluX3R5cGUiOiJUU0kifSwicm9sZXMiOlt7ImlkIjoiZWFlODI2Njg0ZDc3NDYyNDgyZDgxNThjMGZjN2IxNjEiLCJuYW1lIjoidGVfYWRtaW4ifSx7ImlkIjoiMDA3YjczYjIyOWYxNGMzZDhlNzFmNWRjY2Y5NjY5YTYiLCJuYW1lIjoic2VjdV9hZG1pbiJ9LHsiaWQiOiI5M2JjNTc1M2UwZmM0ZjAxYTZmZDY5ZjQ1YTE1YzEyNiIsIm5hbWUiOiJ0ZV9hZ2VuY3kifSx7ImlkIjoiMCIsIm5hbWUiOiJvcF9nYXRlZF9zdG9uZSJ9LHsiaWQiOiIwIiwibmFtZSI6Im9wX2dhdGVkX3Rhc3NzZzEifSx7ImlkIjoiMCIsIm5hbWUiOiJvcF9nYXRlZF90YXNzc2cyIn0seyJpZCI6IjAiLCJuYW1lIjoib3BfZ2F0ZWRfdGFzc3NnNCJ9LHsiaWQiOiIwIiwibmFtZSI6Im9wX2dhdGVkX3Rhc3NzZzUifSx7ImlkIjoiMCIsIm5hbWUiOiJvcF9nYXRlZF90YXNzc2c2In1dLCJjYXRhbG9nIjpbXX19MYIBhTCCAYECAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tAgEBMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQBbiTxUJJ7OS-yk0XspQwu5f8labMMjpM8clbe3PrPZNQhBtJNqG1joUH9QIWXJkQ54VHu9B0yWzO8enbn2qQaHu6IVzs4tAl034k250CcYcBL241KJQtKDgJyu0Q1mnQXWCCcV9a5-3sQitvBYSINirYAh7UH-lUhO4q01nUp1O3UEOq6-xhLpCy63DP7LgrfE8tIvkRxfj62-NgVffaEgxSC7iCZMc84MQYxdYWPXTrJk110UUh86JyzXfOEov-sIWBGvC6g9FpPpUvTlpM+IK7yogFxmZwIshPLmDj5aqtaT6YxkMxMIY9G7kNCljTUn1QJhqbIEIM-5zl4f7m6w 
    {
        "token": {
            "domain": {
                "xdomain_type": "TSI",
                "id": "e31ac82d778b4d128cb6fed37fd72cdb",
                "xdomain_id": "xdomainid006958149039445714459323",
                "name": "exampledomain"
            },
            "methods": [
                "token"
            ],
            "roles": [
                {
                    "id": "eae826684d77462482d8158c0fc7b161",
                    "name": "te_admin"
                },
                {
                    "id": "007b73b229f14c3d8e71f5dccf9669a6",
                    "name": "secu_admin"
                },
                {
                    "id": "93bc5753e0fc4f01a6fd69f45a15c126",
                    "name": "te_agency"
                },
                {
                    "id": "0",
                    "name": "op_gated_stone"
                },
                {
                    "id": "0",
                    "name": "op_gated_tasssg1"
                },
                {
                    "id": "0",
                    "name": "op_gated_tasssg2"
                },
                {
                    "id": "0",
                    "name": "op_gated_tasssg4"
                },
                {
                    "id": "0",
                    "name": "op_gated_tasssg5"
                },
                {
                    "id": "0",
                    "name": "op_gated_tasssg6"
                }
            ],
            "expires_at": "2017-05-24T06:54:12.508000Z",
            "catalog": [
                {
                    "endpoints": [
                        {
                            "url": "https://sample.domain.com/v3",
                            "interface": "public",
                            "region": "*",
                            "region_id": "*",
                            "id": "f2a24165ecf14efeb5fcb2682ebc4cde"
                        }
                    ],
                    "type": "identity",
                    "id": "90ded4a66ee14ecea72266ee2fdc2b0a",
                    "name": "keystone"
                }
            ],
            "user": {
                "OS-FEDERATION": {
                    "identity_provider": {
                        "id": "stoneidp01"
                    },
                    "protocol": {
                        "id": "saml"
                    },
                    "groups": [
                        {
                            "id": "b40189e26ea44f959877621b4b298db5"
                        }
                    ]
                },
                "domain": {
                    "xdomain_type": "TSI",
                    "id": "e31ac82d778b4d128cb6fed37fd72cdb",
                    "xdomain_id": "xdomainid006958149039445714459323",
                    "name": "exampledomain"
                },
                "id": "RMQTgtjjSNGDcKy7oUmI3AZg7GgsWG0Z",
                "name": "exampleuser"
            },
            "issued_at": "2017-05-23T06:54:12.508000Z"
        }
    }

Status Codes

Status Code

Description

201

The request is successful.

400

The server failed to process the request.

401

You must enter a username and password to access the requested page.

403

You are forbidden to access the requested page.

404

The server could not find the requested page.

500

Failed to complete the request because of an internal service error.

503

Failed to complete the request because the service is unavailable.