esx authentication client profiles: get
Get the details of a client profile.
Request:
HTTP request
GET https://{server}/api/esx/authentication/client-profiles/{profile}
Path Parameters
| Name | Type | Description |
|---|---|---|
| Required | ||
| profile | string | The requested client profile identifier. |
Response:
HTTP Status Code: 200
Response Body Structure:
{
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
}
}
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
}
}
Headers:
NoneType:
| Name | Type | Description |
|---|---|---|
| bold = required | ||
| - | info | The requested client profile. |
| -.subject | subject | The subject of the profile. |
| -.subject.type | string | subject type Defines the types of subject matching that a client profile is associated with. Value is one of: LOCAL_USER: local user EXTERNAL_GROUP: A group from external source. EXTERNAL_USER: A user from external source. PRIVILEGES: Privilege specifications. |
| -.subject.name | string | The user or group name Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of LOCAL_USER, EXTERNAL_GROUP, or EXTERNAL_USER. |
| -.subject.issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER, PRIVILEGES]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP, EXTERNAL_USER, or PRIVILEGES.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. |
| -.subject.domain | string | Domain of the principal. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER. |
| -.subject.privileges | object | Scope privilege mapping. The token issuer may provide a map of scopes and the authenticated user's privilege list on those scopes. Doing so allows a higher layer authorization scheme to be partly mapped into one or more esx.authentication.client_profiles. The token issuer must represent this mapping as a 'privs' claim. Encoded in JSON the claim would appear as follows. "privs": { "scope1": [ "priv1", "priv2", ...], "scope2": [ "priv1", "priv3", ...], ... } Note that this does not specify a subject directly, but rather a set of subjects who have some privilege on an entity. Optional. It is only relevant when type has value [PRIVILEGES]. This field is optional and it is only relevant when the value oftype is PRIVILEGES.Object with element values of type string[]. |
| -.subject.privileges.* | string[] | |
| -.grants | access_grant[] | Access grants. When the list is empty, the matching subjects don't receive grants from this client profile. but will receive grants from other matching ClientProfiles. |
Errors:
| HTTP Status Code | Type | Description |
|---|---|---|
| 404 | not_found | if the profile is not found. |
| 500 | error | if there is a problem accessing the stored data. |
| 401 | unauthenticated | if the user can not be authenticated. |