esx authentication client profiles: list
List the existing client profiles.
Request:
HTTP request
GET https://{server}/api/esx/authentication/client-profiles
?local_user_name={value}
&external_group_name={value}
&external_user_name={value}
&scopes={value-1}
&scopes={value-2}
&domain={value}
&issuer_alias={obj-103}
&projection={value}
?local_user_name={value}
&external_group_name={value}
&external_user_name={value}
&scopes={value-1}
&scopes={value-2}
&domain={value}
&issuer_alias={obj-103}
&projection={value}
Query Parameters:
| Name | Type | Description |
|---|---|---|
| bold = required | ||
| local_user_name | string | Filter for local user by name. Exactly one of esx.authentication.client_profiles.filter_spec.local_user_name, or esx.authentication.client_profiles.filter_spec.external_group_name, or esx.authentication.client_profiles.filter_spec.external_user_name, or scopes must be set. Optional. If set, filter for a local user. |
| external_group_name | string | The external group name. Exactly one of esx.authentication.client_profiles.filter_spec.local_user_name, esx.authentication.client_profiles.filter_spec.external_group_name, or esx.authentication.client_profiles.filter_spec.external_user_name, or scopes must be set. Optional. If set, filter for an external group, esx.authentication.client_profiles.filter_spec.issuer_alias and esx.authentication.client_profiles.filter_spec.domain must be set. |
| external_user_name | string | The external user name. Exactly one of esx.authentication.client_profiles.filter_spec.local_user_name, or esx.authentication.client_profiles.filter_spec.external_group_name, or esx.authentication.client_profiles.filter_spec.external_user_name, or scopes must be set. Optional. If set, filter for an external user, esx.authentication.client_profiles.filter_spec.issuer_alias and esx.authentication.client_profiles.filter_spec.domain must be set. |
| scopes | string[] | The set of scope privileges for which to apply the filter. Exactly one of esx.authentication.client_profiles.filter_spec.local_user_name, or esx.authentication.client_profiles.filter_spec.external_group_name, or esx.authentication.client_profiles.filter_spec.external_user_name, or scopes must be set. Warning: This attribute is part of a new feature in development. It may be changed at any time and may not have all supported functionality implemented. Optional. If set, filter by privilege scope, esx.authentication.client_profiles.filter_spec.issuer_alias must also be set. |
| domain | string | Domain of the external principal. Optional. Must be set only if esx.authentication.client_profiles.filter_spec.external_group_name or esx.authentication.client_profiles.filter_spec.external_user_name is set. |
| issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. Must be set only if esx.authentication.client_profiles.filter_spec.external_group_name, or esx.authentication.client_profiles.filter_spec.external_user_name, or scopes are set.
A special case is matching against a privilege specification - in this case field scopes is set, and in such a case - return the list of all privilege specification client profiles that would match (i.e., are subsets of) the scopes specification supplied in the filter. . When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type:com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. |
| projection | string | Optional. The type of the returned summary - brief, normal or full. |
Response:
HTTP Status Code: 200
Response Body Structure:
[
{
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
},
"client_profile" : "obj-103",
"summary_type" : "FULL"
},
{
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
},
"client_profile" : "obj-103",
"summary_type" : "FULL"
}
]
{
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
},
"client_profile" : "obj-103",
"summary_type" : "FULL"
},
{
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
},
"client_profile" : "obj-103",
"summary_type" : "FULL"
}
]
Headers:
NoneType:
| Name | Type | Description |
|---|---|---|
| bold = required | ||
| - | summary[] | The list of current client profiles. |
| -[].summary_type | string | Defines the verbosity of the sumary. Defines the types of esx.authentication.client_profiles.summary members to return from the list method. The profile information could include the access grants or be a shorter summary. Value is one of:FULL: The full profile information, including access grants. NORMAL: A summary containing only the profile identifier and the subject information. BRIEF: A brief summary, containing only the profile identifier. |
| -[].client_profile | string | Client profile identifier. Optional. It is only relevant when summary_type has value [BRIEF, NORMAL, FULL]. This field is optional and it is only relevant when the value of summary_type is one of BRIEF, NORMAL, or FULL.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. |
| -[].subject | subject | The subject of the profile. Optional. It is only relevant when summary_type has value [NORMAL, FULL]. This field is optional and it is only relevant when the value of summary_type is one of NORMAL or FULL. |
| -[].subject.type | string | subject type Defines the types of subject matching that a client profile is associated with. Value is one of: LOCAL_USER: local user EXTERNAL_GROUP: A group from external source. EXTERNAL_USER: A user from external source. PRIVILEGES: Privilege specifications. |
| -[].subject.name | string | The user or group name Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of LOCAL_USER, EXTERNAL_GROUP, or EXTERNAL_USER. |
| -[].subject.issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER, PRIVILEGES]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP, EXTERNAL_USER, or PRIVILEGES.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. |
| -[].subject.domain | string | Domain of the principal. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER. |
| -[].subject.privileges | object | Scope privilege mapping. The token issuer may provide a map of scopes and the authenticated user's privilege list on those scopes. Doing so allows a higher layer authorization scheme to be partly mapped into one or more esx.authentication.client_profiles. The token issuer must represent this mapping as a 'privs' claim. Encoded in JSON the claim would appear as follows. "privs": { "scope1": [ "priv1", "priv2", ...], "scope2": [ "priv1", "priv3", ...], ... } Note that this does not specify a subject directly, but rather a set of subjects who have some privilege on an entity. Optional. It is only relevant when type has value [PRIVILEGES]. This field is optional and it is only relevant when the value oftype is PRIVILEGES.Object with element values of type string[]. |
| -[].subject.privileges.* | string[] | |
Errors:
| HTTP Status Code | Type | Description |
|---|---|---|
| 500 | error | if there is a problem accessing the stored data. |
| 400 | invalid_argument | if the arguments contain invalid data. |
| 401 | unauthenticated | if the user can not be authenticated. |