Interface SsoClient
- All Superinterfaces:
AutoCloseable
,AwsClient
,SdkAutoCloseable
,SdkClient
builder()
method.
AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web service that makes it easy for you to assign user access to IAM Identity Center resources such as the AWS access portal. Users can get AWS account applications and roles assigned to them and get federated into the application.
Although AWS Single Sign-On was renamed, the sso
and identitystore
API namespaces will
continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename.
This reference guide describes the IAM Identity Center Portal operations that you can call programatically and includes detailed information on data types and errors.
AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs provide a convenient way to create programmatic access to IAM Identity Center and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Value for looking up the service's metadata from theServiceMetadataProvider
.static final String
-
Method Summary
Modifier and TypeMethodDescriptionstatic SsoClientBuilder
builder()
Create a builder that can be used to configure and create aSsoClient
.static SsoClient
create()
Create aSsoClient
with the region loaded from theDefaultAwsRegionProviderChain
and credentials loaded from theDefaultCredentialsProvider
.default GetRoleCredentialsResponse
getRoleCredentials
(Consumer<GetRoleCredentialsRequest.Builder> getRoleCredentialsRequest) Returns the STS short-term credentials for a given role name that is assigned to the user.default GetRoleCredentialsResponse
getRoleCredentials
(GetRoleCredentialsRequest getRoleCredentialsRequest) Returns the STS short-term credentials for a given role name that is assigned to the user.default ListAccountRolesResponse
listAccountRoles
(Consumer<ListAccountRolesRequest.Builder> listAccountRolesRequest) Lists all roles that are assigned to the user for a given AWS account.default ListAccountRolesResponse
listAccountRoles
(ListAccountRolesRequest listAccountRolesRequest) Lists all roles that are assigned to the user for a given AWS account.default ListAccountRolesIterable
listAccountRolesPaginator
(Consumer<ListAccountRolesRequest.Builder> listAccountRolesRequest) This is a variant oflistAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest)
operation.default ListAccountRolesIterable
listAccountRolesPaginator
(ListAccountRolesRequest listAccountRolesRequest) This is a variant oflistAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest)
operation.default ListAccountsResponse
listAccounts
(Consumer<ListAccountsRequest.Builder> listAccountsRequest) Lists all AWS accounts assigned to the user.default ListAccountsResponse
listAccounts
(ListAccountsRequest listAccountsRequest) Lists all AWS accounts assigned to the user.default ListAccountsIterable
listAccountsPaginator
(Consumer<ListAccountsRequest.Builder> listAccountsRequest) This is a variant oflistAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest)
operation.default ListAccountsIterable
listAccountsPaginator
(ListAccountsRequest listAccountsRequest) This is a variant oflistAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest)
operation.default LogoutResponse
logout
(Consumer<LogoutRequest.Builder> logoutRequest) Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.default LogoutResponse
logout
(LogoutRequest logoutRequest) Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.default SsoServiceClientConfiguration
The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfigurationstatic ServiceMetadata
Methods inherited from interface software.amazon.awssdk.utils.SdkAutoCloseable
close
Methods inherited from interface software.amazon.awssdk.core.SdkClient
serviceName
-
Field Details
-
SERVICE_NAME
- See Also:
-
SERVICE_METADATA_ID
Value for looking up the service's metadata from theServiceMetadataProvider
.- See Also:
-
-
Method Details
-
getRoleCredentials
default GetRoleCredentialsResponse getRoleCredentials(GetRoleCredentialsRequest getRoleCredentialsRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException Returns the STS short-term credentials for a given role name that is assigned to the user.
- Parameters:
getRoleCredentialsRequest
-- Returns:
- Result of the GetRoleCredentials operation returned by the service.
- See Also:
-
getRoleCredentials
default GetRoleCredentialsResponse getRoleCredentials(Consumer<GetRoleCredentialsRequest.Builder> getRoleCredentialsRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException Returns the STS short-term credentials for a given role name that is assigned to the user.
This is a convenience which creates an instance of the
GetRoleCredentialsRequest.Builder
avoiding the need to create one manually viaGetRoleCredentialsRequest.builder()
- Parameters:
getRoleCredentialsRequest
- AConsumer
that will call methods onGetRoleCredentialsRequest.Builder
to create a request.- Returns:
- Result of the GetRoleCredentials operation returned by the service.
- See Also:
-
listAccountRoles
default ListAccountRolesResponse listAccountRoles(ListAccountRolesRequest listAccountRolesRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException Lists all roles that are assigned to the user for a given AWS account.
- Parameters:
listAccountRolesRequest
-- Returns:
- Result of the ListAccountRoles operation returned by the service.
- See Also:
-
listAccountRoles
default ListAccountRolesResponse listAccountRoles(Consumer<ListAccountRolesRequest.Builder> listAccountRolesRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException Lists all roles that are assigned to the user for a given AWS account.
This is a convenience which creates an instance of the
ListAccountRolesRequest.Builder
avoiding the need to create one manually viaListAccountRolesRequest.builder()
- Parameters:
listAccountRolesRequest
- AConsumer
that will call methods onListAccountRolesRequest.Builder
to create a request.- Returns:
- Result of the ListAccountRoles operation returned by the service.
- See Also:
-
listAccountRolesPaginator
default ListAccountRolesIterable listAccountRolesPaginator(ListAccountRolesRequest listAccountRolesRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException This is a variant of
listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request); for (software.amazon.awssdk.services.sso.model.ListAccountRolesResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest)
operation.- Parameters:
listAccountRolesRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAccountRolesPaginator
default ListAccountRolesIterable listAccountRolesPaginator(Consumer<ListAccountRolesRequest.Builder> listAccountRolesRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException This is a variant of
listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request); for (software.amazon.awssdk.services.sso.model.ListAccountRolesResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.sso.paginators.ListAccountRolesIterable responses = client.listAccountRolesPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccountRoles(software.amazon.awssdk.services.sso.model.ListAccountRolesRequest)
operation.
This is a convenience which creates an instance of the
ListAccountRolesRequest.Builder
avoiding the need to create one manually viaListAccountRolesRequest.builder()
- Parameters:
listAccountRolesRequest
- AConsumer
that will call methods onListAccountRolesRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAccounts
default ListAccountsResponse listAccounts(ListAccountsRequest listAccountsRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account. For more information, see Assign User Access in the IAM Identity Center User Guide. This operation returns a paginated response.
- Parameters:
listAccountsRequest
-- Returns:
- Result of the ListAccounts operation returned by the service.
- See Also:
-
listAccounts
default ListAccountsResponse listAccounts(Consumer<ListAccountsRequest.Builder> listAccountsRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account. For more information, see Assign User Access in the IAM Identity Center User Guide. This operation returns a paginated response.
This is a convenience which creates an instance of the
ListAccountsRequest.Builder
avoiding the need to create one manually viaListAccountsRequest.builder()
- Parameters:
listAccountsRequest
- AConsumer
that will call methods onListAccountsRequest.Builder
to create a request.- Returns:
- Result of the ListAccounts operation returned by the service.
- See Also:
-
listAccountsPaginator
default ListAccountsIterable listAccountsPaginator(ListAccountsRequest listAccountsRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException This is a variant of
listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); for (software.amazon.awssdk.services.sso.model.ListAccountsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest)
operation.- Parameters:
listAccountsRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAccountsPaginator
default ListAccountsIterable listAccountsPaginator(Consumer<ListAccountsRequest.Builder> listAccountsRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, ResourceNotFoundException, AwsServiceException, SdkClientException, SsoException This is a variant of
listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); for (software.amazon.awssdk.services.sso.model.ListAccountsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.sso.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of maxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccounts(software.amazon.awssdk.services.sso.model.ListAccountsRequest)
operation.
This is a convenience which creates an instance of the
ListAccountsRequest.Builder
avoiding the need to create one manually viaListAccountsRequest.builder()
- Parameters:
listAccountsRequest
- AConsumer
that will call methods onListAccountsRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
logout
default LogoutResponse logout(LogoutRequest logoutRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, AwsServiceException, SdkClientException, SsoException Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.
If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM Identity Center sign in session is used to obtain an IAM session, as specified in the corresponding IAM Identity Center permission set. More specifically, IAM Identity Center assumes an IAM role in the target account on behalf of the user, and the corresponding temporary AWS credentials are returned to the client.
After user logout, any existing IAM role sessions that were created by using IAM Identity Center permission sets continue based on the duration configured in the permission set. For more information, see User authentications in the IAM Identity Center User Guide.
- Parameters:
logoutRequest
-- Returns:
- Result of the Logout operation returned by the service.
- See Also:
-
logout
default LogoutResponse logout(Consumer<LogoutRequest.Builder> logoutRequest) throws InvalidRequestException, UnauthorizedException, TooManyRequestsException, AwsServiceException, SdkClientException, SsoException Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.
If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM Identity Center sign in session is used to obtain an IAM session, as specified in the corresponding IAM Identity Center permission set. More specifically, IAM Identity Center assumes an IAM role in the target account on behalf of the user, and the corresponding temporary AWS credentials are returned to the client.
After user logout, any existing IAM role sessions that were created by using IAM Identity Center permission sets continue based on the duration configured in the permission set. For more information, see User authentications in the IAM Identity Center User Guide.
This is a convenience which creates an instance of the
LogoutRequest.Builder
avoiding the need to create one manually viaLogoutRequest.builder()
- Parameters:
logoutRequest
- AConsumer
that will call methods onLogoutRequest.Builder
to create a request.- Returns:
- Result of the Logout operation returned by the service.
- See Also:
-
create
Create aSsoClient
with the region loaded from theDefaultAwsRegionProviderChain
and credentials loaded from theDefaultCredentialsProvider
. -
builder
Create a builder that can be used to configure and create aSsoClient
. -
serviceMetadata
-
serviceClientConfiguration
Description copied from interface:SdkClient
The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfiguration- Specified by:
serviceClientConfiguration
in interfaceAwsClient
- Specified by:
serviceClientConfiguration
in interfaceSdkClient
- Returns:
- SdkServiceClientConfiguration
-