GetOutboundWebIdentityFederationInfo - AWS Identity and Access Management
Response ElementsErrorsExamplesSee Also

GetOutboundWebIdentityFederationInfo

Retrieves the configuration information for the outbound identity federation feature in your AWS account. The response includes the unique issuer URL for your AWS account and the current enabled/disabled status of the feature. Use this operation to obtain the issuer URL that you need to configure trust relationships with external services.

Response Elements

The following elements are returned by the service.

IssuerIdentifier

A unique issuer URL for your AWS account that hosts the OpenID Connect (OIDC) discovery endpoints at /.well-known/openid-configuration and /.well-known/jwks.json. The OpenID Connect (OIDC) discovery endpoints contain verification keys and metadata necessary for token verification.

Type: String

JwtVendingEnabled

Indicates whether outbound identity federation is currently enabled for your AWS account. When true, IAM principals in the account can call the GetWebIdentityToken API to obtain JSON Web Tokens (JWTs) for authentication with external services.

Type: Boolean

Errors

For information about the errors that are common to all actions, see Common Errors.

FeatureDisabled

The request failed because outbound identity federation is already disabled for your AWS account. You cannot disable the feature multiple times

HTTP Status Code: 404

Examples

Example

This example illustrates one usage of GetOutboundWebIdentityFederationInfo.

Sample Request


                https://iam.amazonaws.com/?Action=GetOutboundWebIdentityFederationInfo
                &Version=2010-05-08
                &AUTHPARAMS

Sample Response


                <GetOutboundWebIdentityFederationInfoResponse>
                  <GetOutboundWebIdentityFederationInfoResult>
                    <IssuerIdentifier>https://a1d2b0fd-1177-4468-9351-2fEXAMPLE723.tokens.sts.global.api.aws</IssuerIdentifier>
                    <JwtVendingEnabled>true</JwtVendingEnabled>
                  </GetOutboundWebIdentityFederationInfoResult>
                  <ResponseMetadata>
                    <RequestId>a6dac9b4-fdc8-4489-acec-b1EXAMPLEf44</RequestId>
                  </ResponseMetadata>
                </GetOutboundWebIdentityFederationInfoResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: