The temporary security credentials returned by this operation consist of an access
key ID, a secret access key, and a security token. Applications can use these
temporary security credentials to sign calls to AWS services. The credentials
are valid for the duration that you specified when calling AssumeRoleWithSAML
NotOnOrAfter
Note: |
---|
The maximum duration for a session is 1 hour, and the minimum duration is 15 minutes, even if values outside this range are specified. |
Optionally, you can pass an IAM access policy to this operation. If you choose not to pass a policy, the temporary security credentials that are returned by the operation have the permissions that are defined in the access policy of the role that is being assumed. If you pass a policy to this operation, the temporary security credentials that are returned by the operation have the permissions that are allowed by both the access policy of the role that is being assumed, and the policy that you pass. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed. For more information, see Permissions for AssumeRoleWithSAML in Using Temporary Security Credentials.
Before your application can call AssumeRoleWithSAML
Calling AssumeRoleWithSAML
For more information, see the following resources:
- Creating Temporary Security Credentials for SAML Federation in Using Temporary Security Credentials.
- SAML Providers in Using IAM.
- Configuring a Relying Party and Claims in Using IAM.
- Creating a Role for SAML-Based Federation in Using IAM.
C# |
public class AssumeRoleWithSAMLRequest : AmazonWebServiceRequest
All Members | Constructors | Methods | Properties | ||
Icon | Member | Description | ||
---|---|---|---|---|
AssumeRoleWithSAMLRequest()()()() | Initializes a new instance of the AssumeRoleWithSAMLRequest class | |||
DurationSeconds |
Gets and sets the property DurationSeconds.
The duration, in seconds, of the role session. The value can range from 900 seconds
(15 minutes) to 3600 seconds (1 hour). By default, the value is set to 3600 seconds.
An expiration can also be specified in the SAML authentication response's
| |||
Equals(Object) | (Inherited from Object.) | |||
GetHashCode()()()() | Serves as a hash function for a particular type. (Inherited from Object.) | |||
GetType()()()() | Gets the type of the current instance. (Inherited from Object.) | |||
Policy |
Gets and sets the property Policy.
An IAM policy in JSON format. The policy parameter is optional. If you pass a policy, the temporary security credentials that are returned by the operation have the permissions that are allowed by both the access policy of the role that is being assumed, and the policy that you pass. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed. For more information, see Permissions for AssumeRoleWithSAML in Using Temporary Security Credentials.
| |||
PrincipalArn |
Gets and sets the property PrincipalArn.
The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP. | |||
RoleArn |
Gets and sets the property RoleArn.
The Amazon Resource Name (ARN) of the role that the caller is assuming. | |||
SAMLAssertion |
Gets and sets the property SAMLAssertion.
The base-64 encoded SAML authentication response provided by the IdP. For more information, see Configuring a Relying Party and Adding Claims in the Using IAM guide. | |||
ToString()()()() | Returns a string that represents the current object. (Inherited from Object.) | |||
WithDurationSeconds(Int32) | Obsolete.
Sets the DurationSeconds property
| |||
WithPolicy(String) | Obsolete.
Sets the Policy property
| |||
WithPrincipalArn(String) | Obsolete.
Sets the PrincipalArn property
| |||
WithRoleArn(String) | Obsolete.
Sets the RoleArn property
| |||
WithSAMLAssertion(String) | Obsolete.
Sets the SAMLAssertion property
|
Object | ||
AmazonWebServiceRequest | ||
AssumeRoleWithSAMLRequest |