Documentation|Tencent Cloud

Recent Pages

AssumeRoleWithSAML

Last updated: 2020-07-03 11:38:39

1. API Description

Domain name for API request: sts.tencentcloudapi.com.

This API is used to request for the temporary credentials for a role that has been authenticated via a SAML assertion.

A maximum of 200 requests can be initiated per second for this API.

Note: This API supports Finance regions. If the common parameter Region is a Finance region, a domain name with the Finance region needs to be specified, for example: sts.ap-shanghai-fsi.tencentcloudapi.com

We recommend you to use API Explorer

Try it

API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name	Required	Type	Description
Action	Yes	String	Common parameter. The value used for this API: AssumeRoleWithSAML.
Version	Yes	String	Common parameter. The value used for this API: 2018-08-13.
Region	Yes	String	Common parameter. For more information, please see the list of regions supported by the product. This API only supports: ap-bangkok, ap-beijing, ap-chengdu, ap-chongqing, ap-guangzhou, ap-guangzhou-open, ap-hangzhou-ec, ap-hongkong, ap-jinan-ec, ap-mumbai, ap-nanjing, ap-seoul, ap-shanghai, ap-shanghai-fsi, ap-shenzhen-fsi, ap-singapore, ap-taipei, ap-tianjin, ap-tokyo, eu-frankfurt, eu-moscow, na-ashburn, na-siliconvalley, na-toronto
SAMLAssertion	Yes	String	Base64-encoded SAML assertion
PrincipalArn	Yes	String	Principal access description name
RoleArn	Yes	String	Role access description name
RoleSessionName	Yes	String	Session name
DurationSeconds	No	Integer	Specifies the validity period of credentials in seconds. Default value: 7200. Maximum value: 7200

3. Output Parameters

Parameter Name	Type	Description
Credentials	Credentials	An object consists of the `Token`, `TmpSecretId`, and `TmpSecretId`
ExpiredTime	Integer	Credentials expiration time. A Unix timestamp will be returned which is accurate to the second
Expiration	String	Credentials expiration time in UTC time in ISO 8601 format.
RequestId	String	The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Requesting for the temporary credentials for a role that has been authenticated via a SAML assertion

Input Example

https://sts.tencentcloudapi.com/?Action=AssumeRoleWithSAML
&PrincipalArn=qcs::cam::uin/798950673:saml-provider/OneLogin
&RoleArn=qcs::cam::uin/798950673:roleName/OneLogin-Role
&RoleSessionName=test
&SAMLAssertion=c2FtbCBhc3NlcnRpb24=
&<Common request parameters>

Output Example

{
  "Response": {
    "Credentials": {
      "Token": "1siMD5r0tPAq9xpRlnzj4pjI8daS4MIW4dcd2a6a1ad76f09a0069002923def8aFw7tUMd2nH-yMZE5816oW7_Y-0JwI_ReMlkz-ajVxc_6MrXEYRtRShjDg5-L4Dq0ceupsIfdokiZG9EkfzO6Vt11iW0jLlPMT1pRFue",
      "TmpSecretId": "AKID65zyIP0mpXtaIFqt2SlWIQVMn1umNH58",
      "TmpSecretKey": "q95K84wrzuEGocfy39zg52boxvp71yoh"
    },
    "ExpiredTime": 1543914376,
    "Expiration": "2018-12-04T09:06:16Z",
    "RequestId": "4daec797-9cd2-4f09-9e7a-7d4c43b2a74c"
  }
}

5. Developer Resources

API Explorer

This tool allows online call, signature authentication, SDK code generation and quick search of APIs to greatly improve the efficiency of using TencentCloud APIs.

API 3.0 Explorer

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

Tencent Cloud CLI 3.0

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code	Description
InternalError.DbError	Database error.
InternalError.EncryptError	Encryption failed.
InternalError.GetAppIdError	Failed to get the `appid`.
InternalError.GetRoleError	Failed to get the role.
InternalError.GetSeedTokenError	Failed to obtain the seed token.
InternalError.IllegalRole	Invalid role.
InternalError.PbSerializeError	pb packaging failed.
InternalError.SystemError	Internal error.
InternalError.UnknownError	Unknown error.
InvalidParameter.AccountNotAvaliable	The account does not exist or is unavailable.
InvalidParameter.ExtendStrategyOverSize	The extension policy is too large.
InvalidParameter.GrantOtherResource	Unauthorized access to the resource.
InvalidParameter.OverTimeError	The expiration time exceeds the threshold.
InvalidParameter.ParamError	Invalid parameter.
InvalidParameter.PolicyTooLong	The policy is too long.
InvalidParameter.ResouceError	Resource error.
InvalidParameter.StrategyFormatError	Policy syntax error.
InvalidParameter.StrategyInvalid	Invalid policy.
InvalidParameter.TempCodeNotAvaliable	Invalid `TCB temp code`.
ResourceNotFound.RoleNotFound	The role corresponding to the account does not exist.
UnauthorizedOperation	Unauthorized operation.