EnableOutboundWebIdentityFederation
Enables the outbound identity federation feature for your AWS account. When enabled, IAM principals in your account
can use the GetWebIdentityToken API to obtain JSON Web Tokens (JWTs) for secure authentication with external services.
This operation also generates a unique issuer URL for your AWS account.
Response Elements
The following element is returned by the service.
- IssuerIdentifier
-
A unique issuer URL for your AWS account that hosts the OpenID Connect (OIDC) discovery endpoints at
/.well-known/openid-configuration and /.well-known/jwks.json. The OpenID Connect (OIDC) discovery endpoints contain verification keys and metadata necessary for token verification.Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- FeatureEnabled
-
The request failed because outbound identity federation is already enabled for your AWS account. You cannot enable the feature multiple times. To fetch the current configuration (including the unique issuer URL), use the
GetOutboundWebIdentityFederationInfooperation.HTTP Status Code: 409
Examples
Example
This example illustrates one usage of EnableOutboundWebIdentityFederation.
Sample Request
https://iam.amazonaws.com/?Action=EnableOutboundWebIdentityFederation
&Version=2010-05-08
&AUTHPARAMS
Sample Response
<EnableOutboundWebIdentityFederationResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<EnableOutboundWebIdentityFederationResult>
<IssuerIdentifier>https://a1d2b0fd-1177-4468-9351-2fEXAMPLE723.tokens.sts.global.api.aws</IssuerIdentifier>
</EnableOutboundWebIdentityFederationResult>
<ResponseMetadata>
<RequestId>4a396884-3469-427a-938f-e5EXAMPLE11e</RequestId>
</ResponseMetadata>
</EnableOutboundWebIdentityFederationResponse>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
