NSX-T Data Center REST API

Add an OpenID Connect end-point.

This request also fetches the issuer and jwks_uri meta-data from the OIDC
end-point and stores it.

Request:

Method:

POST

URI Path(s):

/api/v1/trust-management/oidc-uris

Request Headers:

n/a

Query Parameters:

n/a

Request Body:

OidcEndPoint+

OidcEndPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
authorization_endpoint	Authorization endpoint The URL of the OpenID provider's authorization endpoint.	string	Readonly
claims_supported	Claims supported The list of claims that the OpenID provider supports.	array of string	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
issuer	JWT token issuer Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri.	string	Readonly
jwks_uri	URI of JWKS document The URI where the JWKS document is located that has the key used to validate the JWT signature.	string	Readonly
name	Unique name for this OpenID Connect end-point A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint.	string
oidc_type	OIDC Type Type used to distinguish the OIDC end-points by IDP.	string	Enum: vcenter, ws_one Maximum length: 255 Default: "vcenter"
oidc_uri	OpenID Connect URI URI of the OpenID Connect end-point.	string	Required Maximum length: 255
override_roles	Roles used instead of token roles When specified this role or roles are used instead of the nsx-role in the JWT	array of string	Readonly
resource_type	Must be set to the value OidcEndPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
thumbprint	Thumbprint Thumbprint in SHA-256 format used to verify the server certificate at the URI.	string	Required Maximum length: 255
token_endpoint	Token endpoint The URL of the OpenID provider's token endpoint.	string	Readonly
userinfo_endpoint	Userinfo endpoint The URL of the OpenID provider's userinfo endpoint.	string	Readonly

Example Request:

POST https://<nsx-mgr>/api/v1/trust-management/oidc-uris { "oidc_uri": "https://sc2-rdops-vm08-dhcp-27-70.eng.vmware.com/openidconnect/.well-known/openid-configuration", "thumbprint": "601dfc76c4ade8e062e2530ddf8c28236a284db8059ca3bb43340c29c5c9d681", "oidc_type": "vcenter" }

Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

OidcEndPoint+

OidcEndPoint (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
authorization_endpoint	Authorization endpoint The URL of the OpenID provider's authorization endpoint.	string	Readonly
claims_supported	Claims supported The list of claims that the OpenID provider supports.	array of string	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
issuer	JWT token issuer Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri.	string	Readonly
jwks_uri	URI of JWKS document The URI where the JWKS document is located that has the key used to validate the JWT signature.	string	Readonly
name	Unique name for this OpenID Connect end-point A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint.	string
oidc_type	OIDC Type Type used to distinguish the OIDC end-points by IDP.	string	Enum: vcenter, ws_one Maximum length: 255 Default: "vcenter"
oidc_uri	OpenID Connect URI URI of the OpenID Connect end-point.	string	Required Maximum length: 255
override_roles	Roles used instead of token roles When specified this role or roles are used instead of the nsx-role in the JWT	array of string	Readonly
resource_type	Must be set to the value OidcEndPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
thumbprint	Thumbprint Thumbprint in SHA-256 format used to verify the server certificate at the URI.	string	Required Maximum length: 255
token_endpoint	Token endpoint The URL of the OpenID provider's token endpoint.	string	Readonly
userinfo_endpoint	Userinfo endpoint The URL of the OpenID provider's userinfo endpoint.	string	Readonly

Example Response:

{ "id": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "name": "ebd3032d-728e-44d4-9914-d4f81c9972cb", "oidc_uri": "https://sc2-rdops-vm08-dhcp-27-70.eng.vmware.com/openidconnect/.well-known/openid-configuration", "thumbprint": "601dfc76c4ade8e062e2530ddf8c28236a284db8059ca3bb43340c29c5c9d681", "oidc_type": "vcenter", "issuer": "https://sc2-rdops-vm08-dhcp-27-70.eng.vmware.com/openidconnect/vsphere.local", "jwks_uri": "https://sc2-rdops-vm08-dhcp-27-70.eng.vmware.com/openidconnect/jwks/vsphere.local" }

NSX-T Data Center REST API

Add an OpenID Connect end-point.

Request:

OidcEndPoint (schema)

Example Request:

Successful Response:

OidcEndPoint (schema)

Example Response:

Required Permissions:

Feature:

Additional Errors: