/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include namespace Aws { template class AmazonWebServiceResult; namespace Utils { namespace Xml { class XmlDocument; } // namespace Xml } // namespace Utils namespace STS { namespace Model { /** *

Contains the response to a successful AssumeRoleWithSAML request, * including temporary Amazon Web Services credentials that can be used to make * Amazon Web Services requests.

See Also:

AWS * API Reference

*/ class AssumeRoleWithSAMLResult { public: AWS_STS_API AssumeRoleWithSAMLResult() = default; AWS_STS_API AssumeRoleWithSAMLResult(const Aws::AmazonWebServiceResult& result); AWS_STS_API AssumeRoleWithSAMLResult& operator=(const Aws::AmazonWebServiceResult& result); ///@{ /** *

The temporary security credentials, which include an access key ID, a secret * access key, and a security (or session) token.

The size of the * security token that STS API operations return is not fixed. We strongly * recommend that you make no assumptions about the maximum size.

*/ inline const Credentials& GetCredentials() const { return m_credentials; } template void SetCredentials(CredentialsT&& value) { m_credentialsHasBeenSet = true; m_credentials = std::forward(value); } template AssumeRoleWithSAMLResult& WithCredentials(CredentialsT&& value) { SetCredentials(std::forward(value)); return *this; } ///@} ///@{ /** *

The identifiers for the temporary security credentials that the operation * returns.

*/ inline const AssumedRoleUser& GetAssumedRoleUser() const { return m_assumedRoleUser; } template void SetAssumedRoleUser(AssumedRoleUserT&& value) { m_assumedRoleUserHasBeenSet = true; m_assumedRoleUser = std::forward(value); } template AssumeRoleWithSAMLResult& WithAssumedRoleUser(AssumedRoleUserT&& value) { SetAssumedRoleUser(std::forward(value)); return *this; } ///@} ///@{ /** *

A percentage value that indicates the packed size of the session policies and * session tags combined passed in the request. The request fails if the packed * size is greater than 100 percent, which means the policies and tags exceeded the * allowed space.

*/ inline int GetPackedPolicySize() const { return m_packedPolicySize; } inline void SetPackedPolicySize(int value) { m_packedPolicySizeHasBeenSet = true; m_packedPolicySize = value; } inline AssumeRoleWithSAMLResult& WithPackedPolicySize(int value) { SetPackedPolicySize(value); return *this; } ///@} ///@{ /** *

The value of the NameID element in the Subject * element of the SAML assertion.

*/ inline const Aws::String& GetSubject() const { return m_subject; } template void SetSubject(SubjectT&& value) { m_subjectHasBeenSet = true; m_subject = std::forward(value); } template AssumeRoleWithSAMLResult& WithSubject(SubjectT&& value) { SetSubject(std::forward(value)); return *this; } ///@} ///@{ /** *

The format of the name ID, as defined by the Format attribute * in the NameID element of the SAML assertion. Typical examples of * the format are transient or persistent.

If * the format includes the prefix * urn:oasis:names:tc:SAML:2.0:nameid-format, that prefix is removed. * For example, urn:oasis:names:tc:SAML:2.0:nameid-format:transient is * returned as transient. If the format includes any other prefix, the * format is returned with no modifications.

*/ inline const Aws::String& GetSubjectType() const { return m_subjectType; } template void SetSubjectType(SubjectTypeT&& value) { m_subjectTypeHasBeenSet = true; m_subjectType = std::forward(value); } template AssumeRoleWithSAMLResult& WithSubjectType(SubjectTypeT&& value) { SetSubjectType(std::forward(value)); return *this; } ///@} ///@{ /** *

The value of the Issuer element of the SAML assertion.

*/ inline const Aws::String& GetIssuer() const { return m_issuer; } template void SetIssuer(IssuerT&& value) { m_issuerHasBeenSet = true; m_issuer = std::forward(value); } template AssumeRoleWithSAMLResult& WithIssuer(IssuerT&& value) { SetIssuer(std::forward(value)); return *this; } ///@} ///@{ /** *

The value of the Recipient attribute of the * SubjectConfirmationData element of the SAML assertion.

*/ inline const Aws::String& GetAudience() const { return m_audience; } template void SetAudience(AudienceT&& value) { m_audienceHasBeenSet = true; m_audience = std::forward(value); } template AssumeRoleWithSAMLResult& WithAudience(AudienceT&& value) { SetAudience(std::forward(value)); return *this; } ///@} ///@{ /** *

A hash value based on the concatenation of the following:

  • *

    The Issuer response value.

  • The Amazon Web * Services account ID.

  • The friendly name (the last part of the * ARN) of the SAML provider in IAM.

The combination of * NameQualifier and Subject can be used to uniquely * identify a user.

The following pseudocode shows how the hash value is * calculated:

BASE64 ( SHA1 ( "https://example.com/saml" + * "123456789012" + "/MySAMLIdP" ) )

*/ inline const Aws::String& GetNameQualifier() const { return m_nameQualifier; } template void SetNameQualifier(NameQualifierT&& value) { m_nameQualifierHasBeenSet = true; m_nameQualifier = std::forward(value); } template AssumeRoleWithSAMLResult& WithNameQualifier(NameQualifierT&& value) { SetNameQualifier(std::forward(value)); return *this; } ///@} ///@{ /** *

The value in the SourceIdentity attribute in the SAML assertion. * The source identity value persists across chained * role sessions.

You can require users to set a source identity value * when they assume a role. You do this by using the * sts:SourceIdentity condition key in a role trust policy. That way, * actions that are taken with the role are associated with that user. After the * source identity is set, the value cannot be changed. It is present in the * request for all actions that are taken by the role and persists across chained * role sessions. You can configure your SAML identity provider to use an * attribute associated with your users, like user name or email, as the source * identity when calling AssumeRoleWithSAML. You do this by adding an * attribute to the SAML assertion. For more information about using source * identity, see Monitor * and control actions taken with assumed roles in the IAM User * Guide.

The regex used to validate this parameter is a string of * characters consisting of upper- and lower-case alphanumeric characters with no * spaces. You can also include underscores or any of the following characters: * =,.@-

*/ inline const Aws::String& GetSourceIdentity() const { return m_sourceIdentity; } template void SetSourceIdentity(SourceIdentityT&& value) { m_sourceIdentityHasBeenSet = true; m_sourceIdentity = std::forward(value); } template AssumeRoleWithSAMLResult& WithSourceIdentity(SourceIdentityT&& value) { SetSourceIdentity(std::forward(value)); return *this; } ///@} ///@{ inline const ResponseMetadata& GetResponseMetadata() const { return m_responseMetadata; } template void SetResponseMetadata(ResponseMetadataT&& value) { m_responseMetadataHasBeenSet = true; m_responseMetadata = std::forward(value); } template AssumeRoleWithSAMLResult& WithResponseMetadata(ResponseMetadataT&& value) { SetResponseMetadata(std::forward(value)); return *this; } ///@} inline Aws::Http::HttpResponseCode GetHttpResponseCode() const { return m_HttpResponseCode; } private: Credentials m_credentials; AssumedRoleUser m_assumedRoleUser; int m_packedPolicySize{0}; Aws::String m_subject; Aws::String m_subjectType; Aws::String m_issuer; Aws::String m_audience; Aws::String m_nameQualifier; Aws::String m_sourceIdentity; ResponseMetadata m_responseMetadata; Aws::Http::HttpResponseCode m_HttpResponseCode; bool m_credentialsHasBeenSet = false; bool m_assumedRoleUserHasBeenSet = false; bool m_packedPolicySizeHasBeenSet = false; bool m_subjectHasBeenSet = false; bool m_subjectTypeHasBeenSet = false; bool m_issuerHasBeenSet = false; bool m_audienceHasBeenSet = false; bool m_nameQualifierHasBeenSet = false; bool m_sourceIdentityHasBeenSet = false; bool m_responseMetadataHasBeenSet = false; }; } // namespace Model } // namespace STS } // namespace Aws