esx authentication client profiles: subject
subject structure contains information about the subject that a client profile is associated with.The structure includes a name, issuer alias, and domain.
Representation:
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
}
"privileges" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
}
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| -.type | string | subject type Defines the types of subject matching that a client profile is associated with. Value is one of: LOCAL_USER: local user EXTERNAL_GROUP: A group from external source. EXTERNAL_USER: A user from external source. PRIVILEGES: Privilege specifications. |
| -.privileges.* | string[] | |
| Optional | ||
| -.name | string | The user or group name Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of LOCAL_USER, EXTERNAL_GROUP, or EXTERNAL_USER. |
| -.issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER, PRIVILEGES]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP, EXTERNAL_USER, or PRIVILEGES.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. |
| -.domain | string | Domain of the principal. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER. |
| -.privileges | object | Scope privilege mapping. The token issuer may provide a map of scopes and the authenticated user's privilege list on those scopes. Doing so allows a higher layer authorization scheme to be partly mapped into one or more esx.authentication.client_profiles. The token issuer must represent this mapping as a 'privs' claim. Encoded in JSON the claim would appear as follows. "privs": { "scope1": [ "priv1", "priv2", ...], "scope2": [ "priv1", "priv3", ...], ... } Note that this does not specify a subject directly, but rather a set of subjects who have some privilege on an entity. Optional. It is only relevant when type has value [PRIVILEGES]. This field is optional and it is only relevant when the value oftype is PRIVILEGES.Object with element values of type string[]. |
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| type | string | subject type Defines the types of subject matching that a client profile is associated with. Value is one of: LOCAL_USER: local user EXTERNAL_GROUP: A group from external source. EXTERNAL_USER: A user from external source. PRIVILEGES: Privilege specifications. |
| privileges[].key | string | |
| privileges[].value | string[] | |
| Optional | ||
| name | string | The user or group name Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of LOCAL_USER, EXTERNAL_GROUP, or EXTERNAL_USER. |
| issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER, PRIVILEGES]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP, EXTERNAL_USER, or PRIVILEGES.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. |
| domain | string | Domain of the principal. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER. |
| privileges | list | Scope privilege mapping. The token issuer may provide a map of scopes and the authenticated user's privilege list on those scopes. Doing so allows a higher layer authorization scheme to be partly mapped into one or more esx.authentication.client_profiles. The token issuer must represent this mapping as a 'privs' claim. Encoded in JSON the claim would appear as follows. "privs": { "scope1": [ "priv1", "priv2", ...], "scope2": [ "priv1", "priv3", ...], ... } Note that this does not specify a subject directly, but rather a set of subjects who have some privilege on an entity. Optional. It is only relevant when type has value [PRIVILEGES]. This field is optional and it is only relevant when the value oftype is PRIVILEGES.List of {"key": string, "value": string[]} |