Cet article vous a-t-il été utile ?
Comment pourrions-nous l'améliorer ?
The STS endpoint (https://sts.example.lyve.seagate.com) allows managing temporary user tokens and performing login with username and password. Requests to the STS endpoint must be signed specifying "sts" as service.
Get a set of temporary keys for a user with access/secret keys:
POST /?Action=AssumeRole
Parameter | Description |
---|---|
Action | must be set to AssumeRole |
Version | must be set to 2011-06-15 |
DurationSeconds | token validity in seconds, between 15 minutes and 12 hours. Defaults to 15 minutes |
RoleSessionName | required but ignored |
RoleArn | required but ignored |
POST / HTTP/1.1 Host: sts.example.rstorcloud.io Content-Length: 80 Content-Type: application/x-www-form-urlencoded; charset=utf-8 Authorization: [...] X-Amz-Date: [...] Action=AssumeRole&RoleArn=Required1&RoleSessionName=Required2&Version=2011-06-15
On success, an XML document containing the requested credentials at AssumeRoleResult/Credentials
is returned. An error status code is returned otherwise.
<AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/"> <AssumeRoleResult> <Credentials> <SessionToken>42</SessionToken> <SecretAccessKey>EXAMPLESECRETACCESSKEYXXXXXXXXXXXXXXXXXXXXXXXXI6GGPQ</SecretAccessKey> <Expiration>2019-02-25T14:40:05.410Z</Expiration> <AccessKeyId>AWS4XXXEXAMPLEACCESSKEYID4UYJN3RQWFVFXBOP7FMOQLIXYZXYZ</AccessKeyId> </Credentials> <AssumedRoleUser> <Arn>arn:aws:sts::42:assumed-role/demo/Test</Arn> <AssumeRoleId>AWS4XXXEXAMPLEACCESSKEYID4UYJN3RQWFVFXBOP7FMOQLIDNXYZXYZ:Jim</AssumeRoleId> </AssumedRoleUser> <PackedPolicySize>42</PackedPolicySize> </AssumeRoleResult> <ResponseMetadata> <RequestId>42</RequestId> </ResponseMetadata> </AssumeRoleResponse>
Perform a login retrieving the credential and the user details.
Parameter | Description |
---|---|
Customer | the name of the customer |
UserName | the username (can be the email) of the user |
Password | the current user password |
OTP | a valid One Time Password (if needed) |
DurationSeconds | specify the duration of the session (the validity time for the key) |
Extra headers used to authenticate the request when whitelisting is enabled:
Header | Description |
---|---|
x-rstor-customer | specify the customer name |
POST / HTTP/1.1 Host: sts.lyve.seagate.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0 Accept: application/json, text/plain, */* Accept-Language: en,it-IT;q=0.8,it;q=0.5,en-US;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Content-Length: 123 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache x-lyve-customer: fastvideo Action=RSLogin&Version=2011-06-15&DurationSeconds=300&Customer=fastvideo&UserName=super@fastvideo.com&Password=Hg27TxBBfOzZntb&OTP=
{ "RequestId":"050517212914402dd8aedfc50bb0dad0", "Credentials": { "SessionToken":"", "SecretAccessKey":"I/Ki9fZqmLkdWrAgIrKVdp6amEu9Q40CoRPVNpSeKVS", "Expiration":"2019-10-14T14:13:03.500533224Z", "AccessKeyId":"STX09VFCSKU9OZJY5Y4PLWD9" }, "UserInfo": { "Id":"100000000209", "Name":"super@fastvideo.com", "PwdMustChange":false, "Email":"super@fastvideo.com", "Firstname":"Clark", "Lastname":"Kent", "Type":"user", "CreatedOn":"2019-10-03T15:37:52.635Z", "LastAccess":"2019-10-14T13:13:03.500533224Z", "Path":"", "Root":"lyve:fastvideo", "TFAEnabled":false } }
Retrieve credential to manage a Customer with AssumeRole
enabled. In order to perform this action a specific account is used for security reason. Only a reseller account can perform this action.
Parameter | Description |
---|---|
Customer | the name of the customer |
DurationSeconds | specify the duration of the session (the validity time for the key) |
POST / HTTP/1.1 Host: sts.lyve.seagate.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0 Accept: application/json, text/plain, */* Accept-Language: en,it-IT;q=0.8,it;q=0.5,en-US;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache Action=RSAssumeCustomerRole&Version=2011-06-15&Customer=newcorp&DurationSeconds=300
{ "Ok":true, "AccessKeyId":"STX06MSKQJCRTS4SJHHQJWOP", "SecretAccessKey":"RQTcszgc4xkZkmYXRJJLYR7adksTn8SBIalTP7rrpKa", "Expiration":"2019-10-14T14:29:43.919Z" }