diff --git a/v3/src/markdown/identity-api-v3-os-federation-ext.md b/v3/src/markdown/identity-api-v3-os-federation-ext.md index 798a56c7..c52160ec 100644 --- a/v3/src/markdown/identity-api-v3-os-federation-ext.md +++ b/v3/src/markdown/identity-api-v3-os-federation-ext.md @@ -862,3 +862,77 @@ Example request: } } } + +Similarly to the returned unscoped token, the returned scoped token will have +an `OS-FEDERATION` section added to the `user` portion of the token. + +Example of an OS-FEDERATION token: + + { + "token": { + "methods": [ + "saml2" + ], + "roles": [ + { + "id": "36a8989f52b24872a7f0c59828ab2a26", + "name": "admin" + } + ], + "expires_at": "2014-08-06T13:43:43.367202Z", + "project": { + "domain": { + "id": "1789d1", + "links": { + "self": "http://identity:35357/v3/domains/1789d1" + }, + "name": "example.com" + }, + "id": "263fd9", + "links": { + "self": "http://identity:35357/v3/projects/263fd9" + }, + "name": "project-x" + }, + "catalog": [ + { + "endpoints": [ + { + "id": "39dc322ce86c4111b4f06c2eeae0841b", + "interface": "public", + "region": "RegionOne", + "url": "http://localhost:5000" + }, + { + "id": "ec642f27474842e78bf059f6c48f4e99", + "interface": "internal", + "region": "RegionOne", + "url": "http://localhost:5000" + }, + { + "id": "c609fc430175452290b62a4242e8a7e8", + "interface": "admin", + "region": "RegionOne", + "url": "http://localhost:35357" + } + ], + "id": "266c2aa381ea46df81bb05ddb02bd14a", + "name": "keystone", + "type": "identity" + } + ], + "user": { + "id": "username%40example.com", + "name": "username@example.com", + "OS-FEDERATION": { + "identity_provider": "ACME", + "protocol": "SAML", + "groups": [ + {"id": "abc123"}, + {"id": "bcd234"} + ] + } + }, + "issued_at": "2014-08-06T12:43:43.367288Z" + } + }