GetUserSsoSettings

更新时间:
复制 MD 格式

Queries the configurations of user-based single sign-on (SSO).

Try it now

您可以在OpenAPI Explorer中直接运行该接口,免去您计算签名的困扰。运行成功后,OpenAPI Explorer可以自动生成SDK代码示例。

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

ram:GetUserSsoSettings

get

*All Resource

*

None

None

Request parameters

Parameter

Type

Required

Description

Example

No parameters required.

Response elements

Element

Type

Description

Example

object

The response parameters.

UserSsoSettings

object

The configurations of user-based SSO.

AuxiliaryDomain

string

The auxiliary domain name.

example.com

MetadataDocument

string

The metadata file, which is Base64-encoded.

PD94bWwgdmVy****

SsoEnabled

boolean

Indicates whether user-based SSO is enabled.

false

SsoLoginWithDomain

boolean

Indicates whether the Security Assertion Markup Language (SAML) SSO requires a domain name in the <saml:NameID> element of the SAML response. If yes, the username specified by the identity provider (IdP) for SSO must have a domain name as the suffix.

  • If the value of the parameter is true, the <saml:NameID> element must be in the username@domain format. You can set domain to the default domain name or the configured domain alias.

  • If the value of the parameter is false, the <saml:NameID> element must be in the username format and cannot contain the domain suffix.

The default value is true.

true

AuthnSignAlgo

string

The supported signature algorithm. Valid values:

  • rsa-sha256

  • rsa-sha1

rsa-sha1

RequestId

string

The request ID.

69FC3E5E-D3D9-434B-90CA-BBA8E0551A47

Examples

Success response

JSON format

{
  "UserSsoSettings": {
    "AuxiliaryDomain": "example.com",
    "MetadataDocument": "PD94bWwgdmVy****",
    "SsoEnabled": false,
    "SsoLoginWithDomain": true,
    "AuthnSignAlgo": "rsa-sha1"
  },
  "RequestId": "69FC3E5E-D3D9-434B-90CA-BBA8E0551A47"
}

Error codes

See Error Codes for a complete list.

Release notes

See 变更详情 for a complete list.