blob: 46593f1d8a47342e82718efbdbad28db237a7a1c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
===============================
OpenID Connect Provider in RGW
===============================
An entity describing the OpenID Connect Provider needs to be created in RGW, in order to establish trust between the two.
REST APIs for Manipulating an OpenID Connect Provider
=====================================================
The following REST APIs can be used for creating and managing an OpenID Connect Provider entity in RGW.
In order to invoke the REST admin APIs, a user with admin caps needs to be created.
.. code-block:: javascript
radosgw-admin --uid TESTER --display-name "TestUser" --access_key TESTER --secret test123 user create
radosgw-admin caps add --uid="TESTER" --caps="oidc-provider=*"
CreateOpenIDConnectProvider
---------------------------------
Create an OpenID Connect Provider entity in RGW
Request Parameters
~~~~~~~~~~~~~~~~~~
``ClientIDList.member.N``
:Description: List of Client Ids that needs access to S3 resources.
:Type: Array of Strings
``ThumbprintList.member.N``
:Description: List of OpenID Connect IDP's server certificates' thumbprints. A maximum of 5 thumbprints are allowed.
:Type: Array of Strings
``Url``
:Description: URL of the IDP.
:Type: String
Example::
POST "<hostname>?Action=Action=CreateOpenIDConnectProvider
&ThumbprintList.list.1=F7D7B3515DD0D319DD219A43A9EA727AD6065287
&ClientIDList.list.1=app-profile-jsp
&Url=http://localhost:8080/auth/realms/quickstart
DeleteOpenIDConnectProvider
---------------------------
Deletes an OpenID Connect Provider entity in RGW
Request Parameters
~~~~~~~~~~~~~~~~~~
``OpenIDConnectProviderArn``
:Description: ARN of the IDP which is returned by the Create API.
:Type: String
Example::
POST "<hostname>?Action=Action=DeleteOpenIDConnectProvider
&OpenIDConnectProviderArn=arn:aws:iam:::oidc-provider/localhost:8080/auth/realms/quickstart
GetOpenIDConnectProvider
---------------------------
Gets information about an IDP.
Request Parameters
~~~~~~~~~~~~~~~~~~
``OpenIDConnectProviderArn``
:Description: ARN of the IDP which is returned by the Create API.
:Type: String
Example::
POST "<hostname>?Action=Action=GetOpenIDConnectProvider
&OpenIDConnectProviderArn=arn:aws:iam:::oidc-provider/localhost:8080/auth/realms/quickstart
ListOpenIDConnectProviders
--------------------------
Lists information about all IDPs
Request Parameters
~~~~~~~~~~~~~~~~~~
None
Example::
POST "<hostname>?Action=Action=ListOpenIDConnectProviders
|
