vcenter identity providers: info
The
info
structure contains the information about an identity provider. This structure was added in vSphere API 7.0.0.0.Representation:
{
"idm_protocol" : "REST",
"config_tag" : "Oauth2",
"org_ids" : [
"string",
"string"
],
"upn_claim" : "string",
"oauth2" : {
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : {
"<string>" : {
"<string>" : [
"string",
"string"
]
}
},
"auth_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : {
"<string>" : [
"string",
"string"
]
},
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
},
"is_default" : true,
"auth_query_params" : {
"<string>" : [
"string",
"string"
]
},
"oidc" : {
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : {
"<string>" : {
"<string>" : [
"string",
"string"
]
}
},
"auth_endpoint" : "http://myurl.com",
"logout_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : {
"<string>" : [
"string",
"string"
]
},
"discovery_endpoint" : "http://myurl.com",
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
},
"idm_endpoints" : [
"http://myurl.com",
"http://myurl.com"
],
"domain_names" : [
"string",
"string"
],
"groups_claim" : "string",
"active_directory_over_ldap" : {
"groups_base_dn" : "string",
"password" : "secret string",
"user_name" : "string",
"users_base_dn" : "string",
"server_endpoints" : [
"http://myurl.com",
"http://myurl.com"
],
"cert_chain" : {
"cert_chain" : [
"string",
"string"
]
}
},
"name" : "string"
}
"idm_protocol" : "REST",
"config_tag" : "Oauth2",
"org_ids" : [
"string",
"string"
],
"upn_claim" : "string",
"oauth2" : {
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : {
"<string>" : {
"<string>" : [
"string",
"string"
]
}
},
"auth_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : {
"<string>" : [
"string",
"string"
]
},
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
},
"is_default" : true,
"auth_query_params" : {
"<string>" : [
"string",
"string"
]
},
"oidc" : {
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : {
"<string>" : {
"<string>" : [
"string",
"string"
]
}
},
"auth_endpoint" : "http://myurl.com",
"logout_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : {
"<string>" : [
"string",
"string"
]
},
"discovery_endpoint" : "http://myurl.com",
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
},
"idm_endpoints" : [
"http://myurl.com",
"http://myurl.com"
],
"domain_names" : [
"string",
"string"
],
"groups_claim" : "string",
"active_directory_over_ldap" : {
"groups_base_dn" : "string",
"password" : "secret string",
"user_name" : "string",
"users_base_dn" : "string",
"server_endpoints" : [
"http://myurl.com",
"http://myurl.com"
],
"cert_chain" : {
"cert_chain" : [
"string",
"string"
]
}
},
"name" : "string"
}
{
"idm_protocol" : "REST",
"config_tag" : "Oauth2",
"org_ids" : [
"string",
"string"
],
"upn_claim" : "string",
"oauth2" : {
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : [
{
"value" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"key" : "string"
}
],
"auth_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
},
"is_default" : true,
"auth_query_params" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"oidc" : {
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : [
{
"value" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"key" : "string"
}
],
"auth_endpoint" : "http://myurl.com",
"logout_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"discovery_endpoint" : "http://myurl.com",
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
},
"idm_endpoints" : [
"http://myurl.com",
"http://myurl.com"
],
"domain_names" : [
"string",
"string"
],
"groups_claim" : "string",
"active_directory_over_ldap" : {
"groups_base_dn" : "string",
"password" : "secret string",
"user_name" : "string",
"users_base_dn" : "string",
"server_endpoints" : [
"http://myurl.com",
"http://myurl.com"
],
"cert_chain" : {
"cert_chain" : [
"string",
"string"
]
}
},
"name" : "string"
}
"idm_protocol" : "REST",
"config_tag" : "Oauth2",
"org_ids" : [
"string",
"string"
],
"upn_claim" : "string",
"oauth2" : {
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : [
{
"value" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"key" : "string"
}
],
"auth_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
},
"is_default" : true,
"auth_query_params" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"oidc" : {
"authentication_method" : "CLIENT_SECRET_BASIC",
"public_key_uri" : "http://myurl.com",
"claim_map" : [
{
"value" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"key" : "string"
}
],
"auth_endpoint" : "http://myurl.com",
"logout_endpoint" : "http://myurl.com",
"client_secret" : "string",
"auth_query_params" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"discovery_endpoint" : "http://myurl.com",
"client_id" : "string",
"issuer" : "string",
"token_endpoint" : "http://myurl.com"
},
"idm_endpoints" : [
"http://myurl.com",
"http://myurl.com"
],
"domain_names" : [
"string",
"string"
],
"groups_claim" : "string",
"active_directory_over_ldap" : {
"groups_base_dn" : "string",
"password" : "secret string",
"user_name" : "string",
"users_base_dn" : "string",
"server_endpoints" : [
"http://myurl.com",
"http://myurl.com"
],
"cert_chain" : {
"cert_chain" : [
"string",
"string"
]
}
},
"name" : "string"
}
Attributes:
Name | Type | Description |
---|---|---|
Required | ||
-.org_ids | string[] | The set of orgIds as part of SDDC creation which provides the basis for tenancy. This attribute was added in vSphere API 7.0.0.0. |
-.config_tag | string | The config type of the identity provider. This attribute was added in vSphere API 7.0.0.0. The config_type structure contains the possible types of vCenter Server identity providers. This enumeration was added in vSphere API 7.0.0.0. Value is one of:Oauth2: Config for OAuth2. This constant was added in vSphere API 7.0.0.0. Oidc: Config for OIDC. This constant was added in vSphere API 7.0.0.0. |
-.oauth2.auth_endpoint | URI | Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. |
-.oauth2.token_endpoint | URI | Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. |
-.oauth2.public_key_uri | URI | Endpoint to retrieve the provider public key for validation. This attribute was added in vSphere API 7.0.0.0. |
-.oauth2.client_id | string | Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0. |
-.oauth2.client_secret | string | The secret shared between the client and the provider. This attribute was added in vSphere API 7.0.0.0. |
-.oauth2.claim_map | object | The map used to transform an OAuth2 claim to a corresponding claim that vCenter Server understands. Currently only the key "perms" is supported. The key "perms" is used for mapping the "perms" claim of incoming JWT. The value is another map with an external group as the key and a vCenter Server group as value. This attribute was added in vSphere API 7.0.0.0. Object with element values of type object. |
-.oauth2.issuer | string | The identity provider namespace. It is used to validate the issuer in the acquired OAuth2 token. This attribute was added in vSphere API 7.0.0.0. |
-.oauth2.authentication_method | string | Authentication method used by the provider. This attribute was added in vSphere API 7.0.0.0. The oauth2_authentication_method structure contains the possible types of OAuth2 authentication methods. This enumeration was added in vSphere API 7.0.0.0. Value is one of:CLIENT_SECRET_BASIC: Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] using the HTTP Basic authentication scheme. This constant was added in vSphere API 7.0.0.0. CLIENT_SECRET_POST: Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] by including the Client Credentials in the request body. This constant was added in vSphere API 7.0.0.0. CLIENT_SECRET_JWT: Clients that have received a client_secret value from the Authorization Server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the octets of the UTF-8 representation of the client_secret as the shared key. This constant was added in vSphere API 7.0.0.0. PRIVATE_KEY_JWT: Clients that have registered a public key sign a JWT using that key. The client authenticates in accordance with JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.JWT] and Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.Assertions]. This constant was added in vSphere API 7.0.0.0. |
-.oauth2.auth_query_params | object | key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details:
|
-.oidc.discovery_endpoint | URI | Endpoint to retrieve the provider metadata. This attribute was added in vSphere API 7.0.0.0. |
-.oidc.auth_endpoint | URI | Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. |
-.oidc.token_endpoint | URI | Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. |
-.oidc.public_key_uri | URI | Endpoint to retrieve the provider public key for validation. This attribute was added in vSphere API 7.0.0.0. |
-.oidc.client_id | string | Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0. |
-.oidc.client_secret | string | The secret shared between the client and the provider. This attribute was added in vSphere API 7.0.0.0. |
-.oidc.claim_map | object | The map used to transform an OAuth2 claim to a corresponding claim that vCenter Server understands. Currently only the key "perms" is supported. The key "perms" is used for mapping the "perms" claim of incoming JWT. The value is another map with an external group as the key and a vCenter Server group as value. This attribute was added in vSphere API 7.0.0.0. Object with element values of type object. |
-.oidc.issuer | string | The identity provider namespace. It is used to validate the issuer in the acquired OAuth2 token. This attribute was added in vSphere API 7.0.0.0. |
-.oidc.authentication_method | string | Authentication method used by the provider. This attribute was added in vSphere API 7.0.0.0. The oauth2_authentication_method structure contains the possible types of OAuth2 authentication methods. This enumeration was added in vSphere API 7.0.0.0. Value is one of:CLIENT_SECRET_BASIC: Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] using the HTTP Basic authentication scheme. This constant was added in vSphere API 7.0.0.0. CLIENT_SECRET_POST: Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] by including the Client Credentials in the request body. This constant was added in vSphere API 7.0.0.0. CLIENT_SECRET_JWT: Clients that have received a client_secret value from the Authorization Server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the octets of the UTF-8 representation of the client_secret as the shared key. This constant was added in vSphere API 7.0.0.0. PRIVATE_KEY_JWT: Clients that have registered a public key sign a JWT using that key. The client authenticates in accordance with JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.JWT] and Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.Assertions]. This constant was added in vSphere API 7.0.0.0. |
-.oidc.auth_query_params | object | key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details:
|
-.is_default | boolean | Specifies whether the provider is the default provider. This attribute was added in vSphere API 7.0.0.0. |
-.active_directory_over_ldap.user_name | string | User name to connect to the active directory server. This attribute was added in vSphere API 7.0.0.0. |
-.active_directory_over_ldap.password | secret | Password to connect to the active directory server. This attribute was added in vSphere API 7.0.0.0. |
-.active_directory_over_ldap.users_base_dn | string | Base distinguished name for users. This attribute was added in vSphere API 7.0.0.0. |
-.active_directory_over_ldap.groups_base_dn | string | Base distinguished name for groups. This attribute was added in vSphere API 7.0.0.0. |
-.active_directory_over_ldap.server_endpoints | URI[] | Active directory server endpoints. At least one active directory server endpoint must be set. This attribute was added in vSphere API 7.0.0.0. |
-.active_directory_over_ldap.cert_chain.cert_chain | string[] | Certificate chain in base64 format. This attribute was added in vSphere API 6.7.2. |
Optional | ||
-.name | string | The user friendly name for the provider. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
-.oauth2 | oauth2_info | OAuth2 Info. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when config_tag has value Oauth2. This field is optional and it is only relevant when the value of config_tag is oauth2. |
-.oidc | oidc_info | OIDC Info. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when config_tag has value Oidc. This field is optional and it is only relevant when the value of config_tag is oidc. |
-.oidc.logout_endpoint | URI | The endpoint to use for terminating the user's session at the identity provider. This value is automatically derived from the metadata information provided by the OIDC discovery endpoint. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
-.domain_names | string[] | Set of fully qualified domain names to trust when federating with this identity provider. Tokens from this identity provider will only be validated if the user belongs to one of these domains, and any domain-qualified groups in the tokens will be filtered to include only those groups that belong to one of these domains. If domainNames is an empty set, domain validation behavior at login with this identity provider will be as follows: the user's domain will be parsed from the User Principal Name (UPN) value that is found in the tokens returned by the identity provider. This domain will then be implicitly trusted and used to filter any groups that are also provided in the tokens. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
-.auth_query_params | object | key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details:
|
-.idm_protocol | string | Communication protocol to the identity management endpoints. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
-.idm_endpoints | URI[] | Identity management endpoints. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when idm_protocol has value [REST, SCIM, SCIM2_0]. This field is optional and it is only relevant when the value of idm_protocol is one of REST, SCIM, or scim2_0. |
-.active_directory_over_ldap | active_directory_over_ldap | Identity management configuration. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when idm_protocol has value LDAP. This field is optional and it is only relevant when the value of idm_protocol is LDAP. |
-.active_directory_over_ldap.cert_chain | x509_cert_chain | SSL certificate chain in base64 encoding. This attribute was added in vSphere API 7.0.0.0. Optional. This field can be unset only, if all the active directory server endpoints use the LDAP (not LDAPS) protocol. |
-.upn_claim | string | Specifies which claim provides the user principal name (UPN) for the user. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
-.groups_claim | string | Specifies which claim provides the group membership for the token subject. If empty, the default behavior for CSP is used. In this case, the groups for the subject will be comprised of the groups in 'group_names' and 'group_ids' claims. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
Attributes:
Name | Type | Description |
---|---|---|
Required | ||
org_ids | string[] | The set of orgIds as part of SDDC creation which provides the basis for tenancy. This attribute was added in vSphere API 7.0.0.0. |
config_tag | string | The config type of the identity provider. This attribute was added in vSphere API 7.0.0.0. The config_type structure contains the possible types of vCenter Server identity providers. This enumeration was added in vSphere API 7.0.0.0. Value is one of:Oauth2: Config for OAuth2. This constant was added in vSphere API 7.0.0.0. Oidc: Config for OIDC. This constant was added in vSphere API 7.0.0.0. |
oauth2.auth_endpoint | URI | Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. |
oauth2.token_endpoint | URI | Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. |
oauth2.public_key_uri | URI | Endpoint to retrieve the provider public key for validation. This attribute was added in vSphere API 7.0.0.0. |
oauth2.client_id | string | Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0. |
oauth2.client_secret | string | The secret shared between the client and the provider. This attribute was added in vSphere API 7.0.0.0. |
oauth2.claim_map | list | The map used to transform an OAuth2 claim to a corresponding claim that vCenter Server understands. Currently only the key "perms" is supported. The key "perms" is used for mapping the "perms" claim of incoming JWT. The value is another map with an external group as the key and a vCenter Server group as value. This attribute was added in vSphere API 7.0.0.0. List of {"key": string, "value": list} |
oauth2.issuer | string | The identity provider namespace. It is used to validate the issuer in the acquired OAuth2 token. This attribute was added in vSphere API 7.0.0.0. |
oauth2.authentication_method | string | Authentication method used by the provider. This attribute was added in vSphere API 7.0.0.0. The oauth2_authentication_method structure contains the possible types of OAuth2 authentication methods. This enumeration was added in vSphere API 7.0.0.0. Value is one of:CLIENT_SECRET_BASIC: Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] using the HTTP Basic authentication scheme. This constant was added in vSphere API 7.0.0.0. CLIENT_SECRET_POST: Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] by including the Client Credentials in the request body. This constant was added in vSphere API 7.0.0.0. CLIENT_SECRET_JWT: Clients that have received a client_secret value from the Authorization Server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the octets of the UTF-8 representation of the client_secret as the shared key. This constant was added in vSphere API 7.0.0.0. PRIVATE_KEY_JWT: Clients that have registered a public key sign a JWT using that key. The client authenticates in accordance with JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.JWT] and Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.Assertions]. This constant was added in vSphere API 7.0.0.0. |
oauth2.auth_query_params | list | key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details:
|
oidc.discovery_endpoint | URI | Endpoint to retrieve the provider metadata. This attribute was added in vSphere API 7.0.0.0. |
oidc.auth_endpoint | URI | Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. |
oidc.token_endpoint | URI | Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0. |
oidc.public_key_uri | URI | Endpoint to retrieve the provider public key for validation. This attribute was added in vSphere API 7.0.0.0. |
oidc.client_id | string | Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0. |
oidc.client_secret | string | The secret shared between the client and the provider. This attribute was added in vSphere API 7.0.0.0. |
oidc.claim_map | list | The map used to transform an OAuth2 claim to a corresponding claim that vCenter Server understands. Currently only the key "perms" is supported. The key "perms" is used for mapping the "perms" claim of incoming JWT. The value is another map with an external group as the key and a vCenter Server group as value. This attribute was added in vSphere API 7.0.0.0. List of {"key": string, "value": list} |
oidc.issuer | string | The identity provider namespace. It is used to validate the issuer in the acquired OAuth2 token. This attribute was added in vSphere API 7.0.0.0. |
oidc.authentication_method | string | Authentication method used by the provider. This attribute was added in vSphere API 7.0.0.0. The oauth2_authentication_method structure contains the possible types of OAuth2 authentication methods. This enumeration was added in vSphere API 7.0.0.0. Value is one of:CLIENT_SECRET_BASIC: Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] using the HTTP Basic authentication scheme. This constant was added in vSphere API 7.0.0.0. CLIENT_SECRET_POST: Clients that have received a client_secret value from the Authorization Server, authenticate with the Authorization Server in accordance with Section 3.2.1 of OAuth 2.0 [RFC6749] by including the Client Credentials in the request body. This constant was added in vSphere API 7.0.0.0. CLIENT_SECRET_JWT: Clients that have received a client_secret value from the Authorization Server, create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC (Hash-based Message Authentication Code) is calculated using the octets of the UTF-8 representation of the client_secret as the shared key. This constant was added in vSphere API 7.0.0.0. PRIVATE_KEY_JWT: Clients that have registered a public key sign a JWT using that key. The client authenticates in accordance with JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.JWT] and Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants [OAuth.Assertions]. This constant was added in vSphere API 7.0.0.0. |
oidc.auth_query_params | list | key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details:
|
is_default | boolean | Specifies whether the provider is the default provider. This attribute was added in vSphere API 7.0.0.0. |
active_directory_over_ldap.user_name | string | User name to connect to the active directory server. This attribute was added in vSphere API 7.0.0.0. |
active_directory_over_ldap.password | secret | Password to connect to the active directory server. This attribute was added in vSphere API 7.0.0.0. |
active_directory_over_ldap.users_base_dn | string | Base distinguished name for users. This attribute was added in vSphere API 7.0.0.0. |
active_directory_over_ldap.groups_base_dn | string | Base distinguished name for groups. This attribute was added in vSphere API 7.0.0.0. |
active_directory_over_ldap.server_endpoints | URI[] | Active directory server endpoints. At least one active directory server endpoint must be set. This attribute was added in vSphere API 7.0.0.0. |
active_directory_over_ldap.cert_chain.cert_chain | string[] | Certificate chain in base64 format. This attribute was added in vSphere API 6.7.2. |
Optional | ||
name | string | The user friendly name for the provider. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
oauth2 | oauth2_info | OAuth2 Info. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when config_tag has value Oauth2. This field is optional and it is only relevant when the value of config_tag is oauth2. |
oidc | oidc_info | OIDC Info. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when config_tag has value Oidc. This field is optional and it is only relevant when the value of config_tag is oidc. |
oidc.logout_endpoint | URI | The endpoint to use for terminating the user's session at the identity provider. This value is automatically derived from the metadata information provided by the OIDC discovery endpoint. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
domain_names | string[] | Set of fully qualified domain names to trust when federating with this identity provider. Tokens from this identity provider will only be validated if the user belongs to one of these domains, and any domain-qualified groups in the tokens will be filtered to include only those groups that belong to one of these domains. If domainNames is an empty set, domain validation behavior at login with this identity provider will be as follows: the user's domain will be parsed from the User Principal Name (UPN) value that is found in the tokens returned by the identity provider. This domain will then be implicitly trusted and used to filter any groups that are also provided in the tokens. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
auth_query_params | list | key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details:
|
idm_protocol | string | Communication protocol to the identity management endpoints. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
idm_endpoints | URI[] | Identity management endpoints. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when idm_protocol has value [REST, SCIM, SCIM2_0]. This field is optional and it is only relevant when the value of idm_protocol is one of REST, SCIM, or scim2_0. |
active_directory_over_ldap | active_directory_over_ldap | Identity management configuration. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when idm_protocol has value LDAP. This field is optional and it is only relevant when the value of idm_protocol is LDAP. |
active_directory_over_ldap.cert_chain | x509_cert_chain | SSL certificate chain in base64 encoding. This attribute was added in vSphere API 7.0.0.0. Optional. This field can be unset only, if all the active directory server endpoints use the LDAP (not LDAPS) protocol. |
upn_claim | string | Specifies which claim provides the user principal name (UPN) for the user. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |
groups_claim | string | Specifies which claim provides the group membership for the token subject. If empty, the default behavior for CSP is used. In this case, the groups for the subject will be comprised of the groups in 'group_names' and 'group_ids' claims. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node. |