1. API Description
Domain name for API request: sts.tencentcloudapi.com.
This API is used to request for the temporary credentials for a role that has been authenticated via a SAML assertion.
A maximum of 200 requests can be initiated per second for this API.
Note: when called with signature method v3, this API doesn't require Authorization and X-TC-Token request header.
Note: when called with signature method v1, this API doesn't require SecretId, Signature, SignatureMethod and Token parameters.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: AssumeRoleWithSAML. |
| Version | Yes | String | Common Params. The value used for this API: 2018-08-13. |
| Region | Yes | String | Common Params. For more information, please see the list of regions supported by the product. |
| SAMLAssertion | Yes | String | Base64-encoded SAML assertion |
| PrincipalArn | Yes | String | Principal access description name |
| RoleArn | Yes | String | Role access description name |
| RoleSessionName | Yes | String | Session name |
| DurationSeconds | No | Integer | The validity period of the temporary credentials in seconds. Default value: 7,200s. Maximum value: 43,200s. |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| Credentials | Credentials | An object consists of the Token, TmpSecretId, and TmpSecretId |
| ExpiredTime | Integer | Credentials expiration time. A Unix timestamp will be returned which is accurate to the second |
| Expiration | String | Credentials expiration time in UTC time in ISO 8601 format. |
| RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
4. Example
Example1 Applying for temporary credentials for a role via a SAML assertion
Input Example
https://sts.tencentcloudapi.com/?Action=AssumeRoleWithSAML
&PrincipalArn=qcs::cam::uin/798950673:saml-provider/OneLogin
&RoleArn=qcs::cam::uin/798950673:roleName/OneLogin-Role
&RoleSessionName=test
&SAMLAssertion=c2FtbCBhc3NlcnRpb24=
&<Common request parameters>
Output Example
{
"Response": {
"Credentials": {
"Token": "1siMD5r0tPAq9xpRlnzj4pjI8daS4MIW4dcd2a6a1ad76f09a0069002923def8aFw7tUMd2nH-yMZE5816oW7_Y-0JwI_ReMlkz-ajVxc_6MrXEYRtRShjDg5-L4Dq0ceupsIfdokiZG9EkfzO6Vt11iW0jLlPMT1pRFue",
"TmpSecretId": "AKID65zyIP0mp****qt2SlWIQVMn1umNH58",
"TmpSecretKey": "q95K84wrzuE****y39zg52boxvp71yoh"
},
"ExpiredTime": 1543914376,
"Expiration": "2018-12-04T09:06:16Z",
"RequestId": "4daec797-9cd2-4f09-9e7a-7d4c43b2a74c"
}
}
5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for NodeJS
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError.DbError | Database error. |
| InternalError.EncryptError | Encryption failed. |
| InternalError.GetAppIdError | Failed to get the appid. |
| InternalError.GetRoleError | Failed to get the role. |
| InternalError.GetSeedTokenError | Failed to obtain the token. |
| InternalError.IllegalRole | Invalid role. |
| InternalError.PbSerializeError | pb packaging failed. |
| InternalError.SystemError | Internal system error, such as network error. |
| InternalError.UnknownError | Unknown error. |
| InvalidParameter.AccountNotAvaliable | The account does not exist or is unavailable. |
| InvalidParameter.ExtendStrategyOverSize | The extension policy is too large. |
| InvalidParameter.GrantOtherResource | Unauthorized access to the resource. |
| InvalidParameter.OverTimeError | The expiration time exceeds the threshold. |
| InvalidParameter.ParamError | Invalid parameter. |
| InvalidParameter.PolicyTooLong | The policy is too long. |
| InvalidParameter.ResouceError | Six-segment resource description error. |
| InvalidParameter.StrategyFormatError | Policy syntax error. |
| InvalidParameter.StrategyInvalid | Invalid policy. |
| InvalidParameter.TempCodeNotAvaliable | Invalid temporary code. |
| ResourceNotFound.RoleNotFound | The role corresponding to the account does not exist. |
| UnauthorizedOperation | Unauthorized operation. |
Yes
No
Was this page helpful?