Domain name for API request: sts.tencentcloudapi.com.
This API is used to request for the temporary credentials for a role that has been authenticated via a SAML assertion.
A maximum of 200 requests can be initiated per second for this API.
Note: This API supports Finance regions. If the common parameter Region is a Finance region, a domain name with the Finance region needs to be specified, for example: sts.ap-shanghai-fsi.tencentcloudapi.com
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
Parameter Name | Required | Type | Description |
---|---|---|---|
Action | Yes | String | Common parameter. The value used for this API: AssumeRoleWithSAML. |
Version | Yes | String | Common parameter. The value used for this API: 2018-08-13. |
Region | Yes | String | Common parameter. For more information, please see the list of regions supported by the product. This API only supports: ap-bangkok, ap-beijing, ap-chengdu, ap-chongqing, ap-guangzhou, ap-guangzhou-open, ap-hangzhou-ec, ap-hongkong, ap-jinan-ec, ap-mumbai, ap-nanjing, ap-seoul, ap-shanghai, ap-shanghai-fsi, ap-shenzhen-fsi, ap-singapore, ap-taipei, ap-tianjin, ap-tokyo, eu-frankfurt, eu-moscow, na-ashburn, na-siliconvalley, na-toronto |
SAMLAssertion | Yes | String | Base64-encoded SAML assertion |
PrincipalArn | Yes | String | Principal access description name |
RoleArn | Yes | String | Role access description name |
RoleSessionName | Yes | String | Session name |
DurationSeconds | No | Integer | Specifies the validity period of credentials in seconds. Default value: 7200. Maximum value: 7200 |
Parameter Name | Type | Description |
---|---|---|
Credentials | Credentials | An object consists of the Token , TmpSecretId , and TmpSecretId |
ExpiredTime | Integer | Credentials expiration time. A Unix timestamp will be returned which is accurate to the second |
Expiration | String | Credentials expiration time in UTC time in ISO 8601 format. |
RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
https://sts.tencentcloudapi.com/?Action=AssumeRoleWithSAML
&PrincipalArn=qcs::cam::uin/798950673:saml-provider/OneLogin
&RoleArn=qcs::cam::uin/798950673:roleName/OneLogin-Role
&RoleSessionName=test
&SAMLAssertion=c2FtbCBhc3NlcnRpb24=
&<Common request parameters>
{
"Response": {
"Credentials": {
"Token": "1siMD5r0tPAq9xpRlnzj4pjI8daS4MIW4dcd2a6a1ad76f09a0069002923def8aFw7tUMd2nH-yMZE5816oW7_Y-0JwI_ReMlkz-ajVxc_6MrXEYRtRShjDg5-L4Dq0ceupsIfdokiZG9EkfzO6Vt11iW0jLlPMT1pRFue",
"TmpSecretId": "AKID65zyIP0mpXtaIFqt2SlWIQVMn1umNH58",
"TmpSecretKey": "q95K84wrzuEGocfy39zg52boxvp71yoh"
},
"ExpiredTime": 1543914376,
"Expiration": "2018-12-04T09:06:16Z",
"RequestId": "4daec797-9cd2-4f09-9e7a-7d4c43b2a74c"
}
}
This tool allows online call, signature authentication, SDK code generation and quick search of APIs to greatly improve the efficiency of using TencentCloud APIs.
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
Error Code | Description |
---|---|
InternalError.DbError | Database error. |
InternalError.EncryptError | Encryption failed. |
InternalError.GetAppIdError | Failed to get the appid . |
InternalError.GetRoleError | Failed to get the role. |
InternalError.GetSeedTokenError | Failed to obtain the seed token. |
InternalError.IllegalRole | Invalid role. |
InternalError.PbSerializeError | pb packaging failed. |
InternalError.SystemError | Internal error. |
InternalError.UnknownError | Unknown error. |
InvalidParameter.AccountNotAvaliable | The account does not exist or is unavailable. |
InvalidParameter.ExtendStrategyOverSize | The extension policy is too large. |
InvalidParameter.GrantOtherResource | Unauthorized access to the resource. |
InvalidParameter.OverTimeError | The expiration time exceeds the threshold. |
InvalidParameter.ParamError | Invalid parameter. |
InvalidParameter.PolicyTooLong | The policy is too long. |
InvalidParameter.ResouceError | Resource error. |
InvalidParameter.StrategyFormatError | Policy syntax error. |
InvalidParameter.StrategyInvalid | Invalid policy. |
InvalidParameter.TempCodeNotAvaliable | Invalid TCB temp code . |
ResourceNotFound.RoleNotFound | The role corresponding to the account does not exist. |
UnauthorizedOperation | Unauthorized operation. |
Was this page helpful?