REST API - create
  1. Operations
  2. esx
  3. authentication
  4. trust
  5. security token issuers

esx authentication trust security token issuers: create

Create a new trust to a Security Token Issuer.

Request:

HTTP request

POST https://{server}/api/esx/authentication/trust/security-token-issuers
{
    "issuer_alias""obj-103",
    "signing_cert_chains"[
        {
            "cert_chain"[
                "string",
                "string"
            ]
        },
        {
            "cert_chain"[
                "string",
                "string"
            ]
        }
    ],
    "issuer""string"
}

Body Parameters:

Name Type Description
bold = required
- create_spec Settings for the new security token issuer trust.
-.issuer_alias string A unique string selected by the user.

When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer.
-.issuer string Who created and signed the security token.

A unique string used by the security token issuer and added to all tokens. It must match the issuer field in the security token.

For example:

  • vCenter SAML issuer: https://vsphere1.example.com/websso/SAML2/Metadata/vsphere.local
  • vCenter JWT issuer: https://vsphere2.example.com/openidconnect/vsphere.local

-.signing_cert_chains x509_cert_chain[] List of token signing certificate chains. Private key is not included. JWT and SAML token issuer certificates are supported with public-private keys. Symmetric keys are not supported.
-.signing_cert_chains[].cert_chain string[] Certificate chain in base64 format

Response:

HTTP Status Code: 204

Headers:

None

Type:

None

Errors:

HTTP Status Code Type Description
400 already_exists if the security token issuer or alias already exist. If the issuer already exists, the value of the data field will be a structure that contains all the fields defined in esx.authentication.trust.security_token_issuers.issuer_already_exists_info where IssuerAlreadyExists#issuerAlias is the alias where the issuer is already saved.
400 invalid_argument if the esx.authentication.trust.security_token_issuers.create_spec argument contains invalid data.
500 error if there is a problem storing the data.
401 unauthenticated if the user can not be authenticated.