REST API - summary

vcenter identity providers: summary

The summary structure contains commonly used information about an identity provider. This structure was added in vSphere API 7.0.0.0.

Representation:

JSON
LEGACY JSON

{
    "provider" : "obj-103",
    "name" : "string",
    "config_tag" : "Oauth2",
    "oauth2" : {
        "authentication_header" : "string",
        "auth_endpoint" : "http://myurl.com",
        "auth_query_params" : {
            "<string>" : [
                "string",
                "string"
            ]
        },
        "client_id" : "string",
        "token_endpoint" : "http://myurl.com"
    },
    "is_default" : true,
    "auth_query_params" : {
        "<string>" : [
            "string",
            "string"
        ]
    },
    "oidc" : {
        "authentication_header" : "string",
        "auth_endpoint" : "http://myurl.com",
        "logout_endpoint" : "http://myurl.com",
        "auth_query_params" : {
            "<string>" : [
                "string",
                "string"
            ]
        },
        "discovery_endpoint" : "http://myurl.com",
        "client_id" : "string",
        "token_endpoint" : "http://myurl.com"
    },
    "domain_names" : [
        "string",
        "string"
    ]
}

{
    "provider" : "obj-103",
    "name" : "string",
    "config_tag" : "Oauth2",
    "oauth2" : {
        "authentication_header" : "string",
        "auth_endpoint" : "http://myurl.com",
        "auth_query_params" : [
            {
                "value" : [
                    "string",
                    "string"
                ],
                "key" : "string"
            }
        ],
        "client_id" : "string",
        "token_endpoint" : "http://myurl.com"
    },
    "is_default" : true,
    "auth_query_params" : [
        {
            "value" : [
                "string",
                "string"
            ],
            "key" : "string"
        }
    ],
    "oidc" : {
        "authentication_header" : "string",
        "auth_endpoint" : "http://myurl.com",
        "logout_endpoint" : "http://myurl.com",
        "auth_query_params" : [
            {
                "value" : [
                    "string",
                    "string"
                ],
                "key" : "string"
            }
        ],
        "discovery_endpoint" : "http://myurl.com",
        "client_id" : "string",
        "token_endpoint" : "http://myurl.com"
    },
    "domain_names" : [
        "string",
        "string"
    ]
}

Attributes:

Name	Type	Description
Required
-.provider	string	The identifier of the provider. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: `com.vmware.vcenter.identity.Providers`. When operations return a value of this structure as a result, the field will be an identifier for the resource type: `com.vmware.vcenter.identity.Providers`.
-.config_tag	string	The config type of the identity provider. This attribute was added in vSphere API 7.0.0.0. The `config_type` structure contains the possible types of vCenter Server identity providers. This enumeration was added in vSphere API 7.0.0.0. Value is one of: Oauth2: Config for OAuth2. This constant was added in vSphere API 7.0.0.0. Oidc: Config for OIDC. This constant was added in vSphere API 7.0.0.0.
-.oauth2.auth_endpoint	URI	Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0.
-.oauth2.token_endpoint	URI	Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0.
-.oauth2.client_id	string	Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0.
-.oauth2.authentication_header	string	The authentication data used as part of request header to acquire or refresh an OAuth2 token. The data format depends on the authentication method used. Example of basic authentication format: Authorization: Basic [base64Encode(clientId + ":" + secret)]. This attribute was added in vSphere API 7.0.0.0.
-.oauth2.auth_query_params	object	key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. . This attribute was added in vSphere API 7.0.0.0. Object with element values of type string[].
-.oauth2.auth_query_params.*	string[]
-.oidc.auth_endpoint	URI	Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0.
-.oidc.token_endpoint	URI	Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0.
-.oidc.client_id	string	Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0.
-.oidc.authentication_header	string	The authentication data used as part of request header to acquire or refresh an OAuth2 token. The data format depends on the authentication method used. Example of basic authentication format: Authorization: Basic [base64Encode(clientId + ":" + secret)]. This attribute was added in vSphere API 7.0.0.0.
-.oidc.auth_query_params	object	key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. . This attribute was added in vSphere API 7.0.0.0. Object with element values of type string[].
-.is_default	boolean	Specifies whether the provider is the default provider. This attribute was added in vSphere API 7.0.0.0.
Optional
-.name	string	The user friendly name for the provider. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.
-.oauth2	oauth2_summary	OAuth2 Summary. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when config_tag has value Oauth2. This field is optional and it is only relevant when the value of `config_tag` is oauth2.
-.oidc	oidc_summary	OIDC Summary. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when config_tag has value Oidc. This field is optional and it is only relevant when the value of `config_tag` is oidc.
-.oidc.discovery_endpoint	URI	Endpoint to retrieve the provider metadata. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.
-.oidc.logout_endpoint	URI	The endpoint to use for terminating the user's session at the identity provider. This value is automatically derived from the metadata information provided by the OIDC discovery endpoint. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.
-.domain_names	string[]	Set of fully qualified domain names to trust when federating with this identity provider. Tokens from this identity provider will only be validated if the user belongs to one of these domains, and any domain-qualified groups in the tokens will be filtered to include only those groups that belong to one of these domains. If domainNames is an empty set, domain validation behavior at login with this identity provider will be as follows: the user's domain will be parsed from the User Principal Name (UPN) value that is found in the tokens returned by the identity provider. This domain will then be implicitly trusted and used to filter any groups that are also provided in the tokens. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.
-.auth_query_params	object	key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. . This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.Object with element values of type string[].

Attributes:

Name	Type	Description
Required
provider	string	The identifier of the provider. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: `com.vmware.vcenter.identity.Providers`. When operations return a value of this structure as a result, the field will be an identifier for the resource type: `com.vmware.vcenter.identity.Providers`.
config_tag	string	The config type of the identity provider. This attribute was added in vSphere API 7.0.0.0. The `config_type` structure contains the possible types of vCenter Server identity providers. This enumeration was added in vSphere API 7.0.0.0. Value is one of: Oauth2: Config for OAuth2. This constant was added in vSphere API 7.0.0.0. Oidc: Config for OIDC. This constant was added in vSphere API 7.0.0.0.
oauth2.auth_endpoint	URI	Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0.
oauth2.token_endpoint	URI	Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0.
oauth2.client_id	string	Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0.
oauth2.authentication_header	string	The authentication data used as part of request header to acquire or refresh an OAuth2 token. The data format depends on the authentication method used. Example of basic authentication format: Authorization: Basic [base64Encode(clientId + ":" + secret)]. This attribute was added in vSphere API 7.0.0.0.
oauth2.auth_query_params	list	key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. . This attribute was added in vSphere API 7.0.0.0. List of {"key": string, "value": string[]}
oauth2.auth_query_params[].key	string
oauth2.auth_query_params[].value	string[]
oidc.auth_endpoint	URI	Authentication/authorization endpoint of the provider. This attribute was added in vSphere API 7.0.0.0.
oidc.token_endpoint	URI	Token endpoint of the provider. This attribute was added in vSphere API 7.0.0.0.
oidc.client_id	string	Client identifier to connect to the provider. This attribute was added in vSphere API 7.0.0.0.
oidc.authentication_header	string	The authentication data used as part of request header to acquire or refresh an OAuth2 token. The data format depends on the authentication method used. Example of basic authentication format: Authorization: Basic [base64Encode(clientId + ":" + secret)]. This attribute was added in vSphere API 7.0.0.0.
oidc.auth_query_params	list	key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. . This attribute was added in vSphere API 7.0.0.0. List of {"key": string, "value": string[]}
is_default	boolean	Specifies whether the provider is the default provider. This attribute was added in vSphere API 7.0.0.0.
Optional
name	string	The user friendly name for the provider. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.
oauth2	oauth2_summary	OAuth2 Summary. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when config_tag has value Oauth2. This field is optional and it is only relevant when the value of `config_tag` is oauth2.
oidc	oidc_summary	OIDC Summary. This attribute was added in vSphere API 7.0.0.0. Optional. It is only relevant when config_tag has value Oidc. This field is optional and it is only relevant when the value of `config_tag` is oidc.
oidc.discovery_endpoint	URI	Endpoint to retrieve the provider metadata. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.
oidc.logout_endpoint	URI	The endpoint to use for terminating the user's session at the identity provider. This value is automatically derived from the metadata information provided by the OIDC discovery endpoint. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.
domain_names	string[]	Set of fully qualified domain names to trust when federating with this identity provider. Tokens from this identity provider will only be validated if the user belongs to one of these domains, and any domain-qualified groups in the tokens will be filtered to include only those groups that belong to one of these domains. If domainNames is an empty set, domain validation behavior at login with this identity provider will be as follows: the user's domain will be parsed from the User Principal Name (UPN) value that is found in the tokens returned by the identity provider. This domain will then be implicitly trusted and used to filter any groups that are also provided in the tokens. This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.
auth_query_params	list	key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. . This attribute was added in vSphere API 7.0.0.0. Optional. This field is optional because it was added in a newer version than its parent node.List of {"key": string, "value": string[]}