tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation
    Download PDF

    AssumeRoleWithSAML

    Last updated: 2022-05-19 18:07:00
    Download PDF

    1. API Description

    Domain name for API request: sts.tencentcloudapi.com.

    This API is used to request for the temporary credentials for a role that has been authenticated via a SAML assertion.

    A maximum of 200 requests can be initiated per second for this API.

    Note: when called with signature method v3, this API doesn't require Authorization and X-TC-Token request header.

    Note: when called with signature method v1, this API doesn't require SecretId, Signature, SignatureMethod and Token parameters.

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

    Parameter Name Required Type Description
    Action Yes String Common Params. The value used for this API: AssumeRoleWithSAML.
    Version Yes String Common Params. The value used for this API: 2018-08-13.
    Region Yes String Common Params. For more information, please see the list of regions supported by the product.
    SAMLAssertion Yes String Base64-encoded SAML assertion
    PrincipalArn Yes String Principal access description name
    RoleArn Yes String Role access description name
    RoleSessionName Yes String Session name
    DurationSeconds No Integer The validity period of the temporary credentials in seconds. Default value: 7,200s. Maximum value: 43,200s.

    3. Output Parameters

    Parameter Name Type Description
    Credentials Credentials An object consists of the Token, TmpSecretId, and TmpSecretId
    ExpiredTime Integer Credentials expiration time. A Unix timestamp will be returned which is accurate to the second
    Expiration String Credentials expiration time in UTC time in ISO 8601 format.
    RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

    4. Example

    Example1 Applying for temporary credentials for a role via a SAML assertion

    Input Example

    https://sts.tencentcloudapi.com/?Action=AssumeRoleWithSAML
&PrincipalArn=qcs::cam::uin/798950673:saml-provider/OneLogin
&RoleArn=qcs::cam::uin/798950673:roleName/OneLogin-Role
&RoleSessionName=test
&SAMLAssertion=c2FtbCBhc3NlcnRpb24=
&<Common request parameters>

    Output Example

    {
  "Response": {
    "Credentials": {
      "Token": "1siMD5r0tPAq9xpRlnzj4pjI8daS4MIW4dcd2a6a1ad76f09a0069002923def8aFw7tUMd2nH-yMZE5816oW7_Y-0JwI_ReMlkz-ajVxc_6MrXEYRtRShjDg5-L4Dq0ceupsIfdokiZG9EkfzO6Vt11iW0jLlPMT1pRFue",
      "TmpSecretId": "AKID65zyIP0mp****qt2SlWIQVMn1umNH58",
      "TmpSecretKey": "q95K84wrzuE****y39zg52boxvp71yoh"
    },
    "ExpiredTime": 1543914376,
    "Expiration": "2018-12-04T09:06:16Z",
    "RequestId": "4daec797-9cd2-4f09-9e7a-7d4c43b2a74c"
  }
}

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    InternalError.DbError Database error.
    InternalError.EncryptError Encryption failed.
    InternalError.GetAppIdError Failed to get the appid.
    InternalError.GetRoleError Failed to get the role.
    InternalError.GetSeedTokenError Failed to obtain the token.
    InternalError.IllegalRole Invalid role.
    InternalError.PbSerializeError pb packaging failed.
    InternalError.SystemError Internal system error, such as network error.
    InternalError.UnknownError Unknown error.
    InvalidParameter.AccountNotAvaliable The account does not exist or is unavailable.
    InvalidParameter.ExtendStrategyOverSize The extension policy is too large.
    InvalidParameter.GrantOtherResource Unauthorized access to the resource.
    InvalidParameter.OverTimeError The expiration time exceeds the threshold.
    InvalidParameter.ParamError Invalid parameter.
    InvalidParameter.PolicyTooLong The policy is too long.
    InvalidParameter.ResouceError Six-segment resource description error.
    InvalidParameter.StrategyFormatError Policy syntax error.
    InvalidParameter.StrategyInvalid Invalid policy.
    InvalidParameter.TempCodeNotAvaliable Invalid temporary code.
    ResourceNotFound.RoleNotFound The role corresponding to the account does not exist.
    UnauthorizedOperation Unauthorized operation.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Contact Us
    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    Submit a Ticket
    7x24 Phone Support
    tencent
    Copyright © 2013-2022 Tencent Cloud. All Rights Reserved.
    Privacy PolicyLegalCookie Policy