doc-exports/docs/iam/api-ref/en-us_topic_0057845567.html

Querying the Mapping List

Function

This API is used to query the mapping list.

URI

GET /v3/OS-FEDERATION/mappings

Request Parameters

• Parameters in the request header

  Parameter	Mandatory	Type	Description
  Content-Type	Yes	String	Fill application/json;charset=utf8 in this field.
  X-Auth-Token	Yes	String	Authenticated token.

• Example request

  curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -H "X-Auth-Token:$token" -X GET https://sample.domain.com/v3/OS-FEDERATION/mappings

Response Parameters

• Parameters in the response body

  Parameter	Mandatory	Type	Description
  mappings	Yes	Array	List of mappings.
  links	Yes	Object	Mapping resource link.

• mappings

  Parameter	Mandatory	Type	Description
  id	Yes	String	Mapping ID.
  rules	Yes	Array	Rule used to map federated users to local users Example rule for SAML: "rules": [ { "local": [ { "user": { "name": "{0}" } }, { "group": { "name": "0cd5e9" } } ], "remote": [ { "type": "UserName" }, { "type": "orgPersonType", "not_any_of": [ "Contractor", "Guest" ] } ] } ] local: indicates the information about a federated user in the cloud system. user: indicates the name of a federated user in the cloud system. {0} indicates the first attribute of the user information in remote. group: indicates the user group to which a federated user belongs in the cloud system. remote: indicates the information about a federated user in the IdP. This expression is a combination of assertion attributes and operators. The value of remote is determined based on the assertion. "type": "UserName" indicates an attribute in an IdP assertion. "type": "orgPersonType" indicates an attribute in an IdP assertion. not_any_of: The rule is not matched if any of the specified strings appear in the attribute type. The condition result is Boolean, not the argument that is passed as input.
  links	Yes	Object	Mapping resource link.

• links

  Parameter	Type	Description
  self	String	Resource link.
  previous	String	Previous resource link. If the previous resource link is unavailable, this parameter is set to null.
  next	String	Next resource link. If the next resource link is unavailable, this parameter is set to null.

• mappings.links

  Parameter	Type	Description
  self	String	Resource link.

• mappings.rules

  Parameter	Type	Description
  local	Array of RulesLocal objects	Federated user information on the cloud platform. user indicates the name of a federated user, and group indicates the group to which the federated user belongs.
  remote	Array of objects	Federated user information in the IdP system. This field is an expression consisting of assertion attributes and operators. The value of this parameter is determined by the assertion.

• mappings.rules.local

  Parameter	Type	Description
  user	user object	Name of a federated user on the cloud platform.
  group	group object	User group to which a federated user belongs on the cloud platform.
  groups	String	The user group list to which a federated user belongs on the cloud platform.

• mappings.rules.local.user

  Parameter	Type	Description
  name	String	Name of a federated user on the cloud platform.

• mappings.rules.local.group

  Parameter	Type	Description
  name	String	User group to which a federated user belongs on the cloud platform.

• mappings.rules.remote

  Parameter	Type	Description
  type	String	IdP assertion (SAML) or ID token (OIDC).
  any_one_of	Array of strings	The rule is matched only if the specified strings appear in the attribute type. A Boolean value will be returned and cannot be used as a placeholder in the local block. In a remote array, any_one_of and not_any_of are mutually exclusive and cannot be used at the same time.
  not_any_of	Array of strings	The rule is matched only if the specified strings do not appear in the attribute type. A Boolean value will be returned and cannot be used as a placeholder in the local block. any_one_of and not_any_of are mutually exclusive and cannot be used at the same time.

• Example response

  {
      "links": {
          "next": null,
          "previous": null,
          "self": "https://example.com/v3/OS-FEDERATION/mappings"
      },
      "mappings": [
          {
              "id": "ACME",
              "links": {
                  "self": "https://example.com/v3/OS-FEDERATION/mappings/ACME"
              },
              "rules": [
                  {
                      "local": [
                          {
                              "user": {
                                  "name": "{0}"
                              }
                          },
                          {
                              "group": {
                                  "id": "0cd5e9"
                              }
                          }
                      ],
                      "remote": [
                          {
                              "type": "UserName"
                          },
                          {
                              "type": "orgPersonType",
                              "any_one_of": [
                                  "Contractor",
                                  "SubContractor"
                              ]
                          }
                      ]
                  }
              ]
          }
      ]
  }

Status Codes

Status Code	Description
200	The request is successful.
400	The server failed to process the request.
401	Authentication failed.
403	Access denied.
404	The requested resource cannot be found.
405	The method specified in the request is not allowed for the requested resource.
413	The request entity is too large.
500	Internal server error.
503	Service unavailable.

Parent topic: Mapping