GetOutboundWebIdentityFederationInfo - Amazon Identity and Access Management
Response ElementsErrorsExamplesSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

GetOutboundWebIdentityFederationInfo

Retrieves the configuration information for the outbound identity federation feature in your Amazon account. The response includes the unique issuer URL for your Amazon account and the current enabled/disabled status of the feature. Use this operation to obtain the issuer URL that you need to configure trust relationships with external services.

Response Elements

The following elements are returned by the service.

IssuerIdentifier

A unique issuer URL for your Amazon account that hosts the OpenID Connect (OIDC) discovery endpoints at /.well-known/openid-configuration and /.well-known/jwks.json. The OpenID Connect (OIDC) discovery endpoints contain verification keys and metadata necessary for token verification.

Type: String

JwtVendingEnabled

Indicates whether outbound identity federation is currently enabled for your Amazon account. When true, IAM principals in the account can call the GetWebIdentityToken API to obtain JSON Web Tokens (JWTs) for authentication with external services.

Type: Boolean

Errors

For information about the errors that are common to all actions, see Common Errors.

FeatureDisabled

The request failed because outbound identity federation is already disabled for your Amazon account. You cannot disable the feature multiple times

HTTP Status Code: 404

Examples

Example

This example illustrates one usage of GetOutboundWebIdentityFederationInfo.

Sample Request


                https://iam.amazonaws.com/?Action=GetOutboundWebIdentityFederationInfo
                &Version=2010-05-08
                &AUTHPARAMS

Sample Response


                <GetOutboundWebIdentityFederationInfoResponse>
                  <GetOutboundWebIdentityFederationInfoResult>
                    <IssuerIdentifier>https://a1d2b0fd-1177-4468-9351-2fEXAMPLE723.tokens.sts.global.api.aws</IssuerIdentifier>
                    <JwtVendingEnabled>true</JwtVendingEnabled>
                  </GetOutboundWebIdentityFederationInfoResult>
                  <ResponseMetadata>
                    <RequestId>a6dac9b4-fdc8-4489-acec-b1EXAMPLEf44</RequestId>
                  </ResponseMetadata>
                </GetOutboundWebIdentityFederationInfoResponse>

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: