NSX-T Data Center REST API
OidcEndPoint (schema)
OpenID Connect end-point
OpenID Connect end-point specifying where to fetch the JWKS document used to
validate JWT tokens for TokenBasedPrincipalIdentities.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| authorization_endpoint | Authorization endpoint The URL of the OpenID provider's authorization endpoint. |
string | Readonly |
| claim_map | Map from ID token claims to NSX roles Configuration for mapping claims in OIDC ID tokens to NSX roles. |
array of ClaimMap | |
| claims_supported | Claims supported The list of claims that the OpenID provider supports. |
array of string | Readonly |
| client_id | OIDC Client ID The client ID for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is "ws_one" or "csp". |
string | |
| client_secret | OIDC Client Secret The client secret for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is "ws_one". |
secure_string | |
| csp_config | CSP-specific configuration Extra configuration specific to CSP endpoints. This property is ignored unless the oidc_type is "csp". |
CspConfig | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| end_session_endpoint_uri | OpenID session logout URI URI of the OpenID session logout end-point. |
string | Readonly Maximum length: 255 |
| id | Unique identifier of this resource | string | Sortable |
| issuer | JWT token issuer Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri. |
string | Readonly |
| jwks_uri | URI of JWKS document The URI where the JWKS document is located that has the key used to validate the JWT signature. |
string | Readonly |
| name | Unique name for this OpenID Connect end-point A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint. |
string | |
| oidc_type | OIDC Type Type used to distinguish the OIDC end-points by IDP. |
string | Enum: vcenter, ws_one, csp Maximum length: 255 Default: "vcenter" |
| oidc_uri | OpenID Connect URI URI of the OpenID Connect end-point. |
string | Required Maximum length: 255 |
| override_roles | Roles used instead of token roles When specified this role or roles are used instead of the nsx-role in the JWT |
array of string | Readonly |
| resource_type | Must be set to the value OidcEndPoint | string | |
| restrict_scim_search | SCIM search restriction indicator If set to true, then it is only possible to perform a SCIM search against the OIDC provider used to authenticate. If OIDC was not used to authenticate (for example, if authenticated as a local user), then this restriction does not apply. |
boolean | Default: "False" |
| scim_endpoints | SCIM endpoints The SCIM (System for Cross-domain Identity Management) endpoint URLs to use when enumerating users and groups. All endpoints will be queried to obtain user and group information. |
array of string | Readonly |
| serviced_domains | List of domains serviced by this OIDC provider When a login to NSX using a principal name of the form user@domain is attempted, the list of OIDC providers will be scanned to find one with a matching domain. If a match is found, that OIDC provider is used to authenticate the user. Each domain must be unique across all OIDC providers. If a duplicate domain is provided when adding or updating and OIDC provider, the request will be rejected. |
array of string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| thumbprint | Thumbprint Thumbprint in SHA-256 format used to verify the server certificate at the URI. |
string | Maximum length: 255 |
| token_endpoint | Token endpoint The URL of the OpenID provider's token endpoint. |
string | Readonly |
| userinfo_endpoint | Userinfo endpoint The URL of the OpenID provider's userinfo endpoint. |
string | Readonly |