openstack-attic/identity-api
Code Issues Proposed changes

Merge "Add `user` object to the mapping rules examples."

Browse Source
This commit is contained in:
Jenkins 2014-07-05 14:10:39 +00:00 committed by Gerrit Code Review
commit 3a38757aeb
1 changed files with 66 additions and 18 deletions

84
v3/src/markdown/identity-api-v3-os-federation-ext.md

@ -77,7 +77,7 @@ Required attributes::
References a local Identity API resource, such as a `group` or `user` to
which the remote attributes will be mapped.
The object itself contains one of two structures, described below.
Each object has one of two structures, as follows.
To map a remote attribute value directly to a local attribute, identify the
local resource type and attribute:
@ -88,9 +88,11 @@ Required attributes::
}
}
This assigns identity attributes to ephemeral users.
Note that at least one rule must have a `user` attribute. If the `user`
attribute is missing when processing an assertion, the action returns
an HTTP 401 Unauthorized error.
Alternatively, for attribute type and value mapping, identify the local
For attribute type and value mapping, identify the local
resource type, attribute, and value:
{
@ -365,6 +367,11 @@ Request:
"rules": [
{
"local": [
{
"user": {
"name": "{0}"
}
},
{
"group": {
"id": "0cd5e9"
@ -372,6 +379,9 @@ Request:
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"not_any_of": [
@ -398,6 +408,11 @@ Response:
"rules": [
{
"local": [
{
"user": {
"name": "{0}"
}
},
{
"group": {
"id": "0cd5e9"
@ -405,6 +420,9 @@ Response:
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"not_any_of": [
@ -433,6 +451,11 @@ Response:
"rules": [
{
"local": [
{
"user": {
"name": "{0}"
}
},
{
"group": {
"id": "0cd5e9"
@ -440,6 +463,9 @@ Response:
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"not_any_of": [
@ -462,6 +488,11 @@ Request:
"rules": [
{
"local": [
{
"user": {
"name": "{0}"
}
},
{
"group": {
"id": "0cd5e9"
@ -469,6 +500,9 @@ Request:
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"any_one_of": [
@ -495,6 +529,11 @@ Response:
"rules": [
{
"local": [
{
"user": {
"name": "{0}"
}
},
{
"group": {
"id": "0cd5e9"
@ -502,6 +541,9 @@ Response:
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"any_one_of": [
@ -536,6 +578,11 @@ Response:
"rules": [
{
"local": [
{
"user": {
"name": "{0}"
}
},
{
"group": {
"id": "0cd5e9"
@ -543,6 +590,9 @@ Response:
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"any_one_of": [
@ -638,15 +688,15 @@ Response:
Example Mapping Rules
---------------------
### Mapping any user name
### Map identities to their own groups
This is an example of *Attribute type mappings*, where an attribute type is
mapped into a Identity API property.
This is an example of *Attribute type and value mappings*, where an attribute
type and value are mapped into a Identity API property and value.
{
"rules": [
{
"local":[
"local": [
{
"user": {
"name": "{0}"
@ -658,17 +708,7 @@ mapped into a Identity API property.
"type": "UserName"
}
]
}
]
}
### Map identities to their own groups
This is an example of *Attribute type and value mappings*, where an attribute
type and value are mapped into a Identity API property and value.
{
"rules": [
},
{
"local": [
{
@ -717,6 +757,11 @@ This is an example that is similar to the previous, but displays how multiple
"rules": [
{
"local": [
{
"user": {
"name": "{0}"
}
},
{
"group": {
"id": "85a868"
@ -724,6 +769,9 @@ This is an example that is similar to the previous, but displays how multiple
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"any_one_of": [