GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Paws::STS::AssumeRoleWithSAMLResponse(3) User Contributed Perl Documentation Paws::STS::AssumeRoleWithSAMLResponse(3)

Paws::STS::AssumeRoleWithSAMLResponse

The identifiers for the temporary security credentials that the operation returns.

The value of the "Recipient" attribute of the "SubjectConfirmationData" element of the SAML assertion.

The temporary security credentials, which include an access key ID, a secret access key, and a security (or session) token.

The size of the security token that STS API operations return is not fixed. We strongly recommend that you make no assumptions about the maximum size.

The value of the "Issuer" element of the SAML assertion.

A hash value based on the concatenation of the following:

  • The "Issuer" response value.
  • The AWS account ID.
  • The friendly name (the last part of the ARN) of the SAML provider in IAM.

The combination of "NameQualifier" and "Subject" can be used to uniquely identify a federated user.

The following pseudocode shows how the hash value is calculated:

"BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )"

A percentage value that indicates the packed size of the session policies and session tags combined passed in the request. The request fails if the packed size is greater than 100 percent, which means the policies and tags exceeded the allowed space.

The value in the "SourceIdentity" attribute in the SAML assertion.

You can require users to set a source identity value when they assume a role. You do this by using the "sts:SourceIdentity" condition key in a role trust policy. That way, actions that are taken with the role are associated with that user. After the source identity is set, the value cannot be changed. It is present in the request for all actions that are taken by the role and persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining) sessions. You can configure your SAML identity provider to use an attribute associated with your users, like user name or email, as the source identity when calling "AssumeRoleWithSAML". You do this by adding an attribute to the SAML assertion. For more information about using source identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

The value of the "NameID" element in the "Subject" element of the SAML assertion.

The format of the name ID, as defined by the "Format" attribute in the "NameID" element of the SAML assertion. Typical examples of the format are "transient" or "persistent".

If the format includes the prefix "urn:oasis:names:tc:SAML:2.0:nameid-format", that prefix is removed. For example, "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" is returned as "transient". If the format includes any other prefix, the format is returned with no modifications.

2022-06-01 perl v5.40.2
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.