Identity Providers APIs
APIs for managing Identity Providers
Table of Contents
1. Get all Identity Providers
- This API is used to get a list of all Identity Providers
Tip : Please refer to IdentityProvider
1.1. Prerequisites
None
1.2. Steps
- Invoke the API.
Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers' -i -X GET \
-H 'Authorization: Bearer etYWRta....'
HTTP Request
GET /v1/identity-providers HTTP/1.1
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1682
{
"elements" : [ {
"id" : "4d8a8736-08d3-4bb6-8327-fd6bb83fa78e",
"name" : "Embedded IDP",
"type" : "Embedded",
"identitySources" : [ {
"name" : "vsphere.local",
"type" : "SystemDomain",
"domainNames" : [ "vsphere.local" ]
}, {
"name" : "localos",
"type" : "LocalOs",
"domainNames" : [ "localos" ]
}, {
"name" : "embedded-ids-name",
"type" : "ActiveDirectory",
"domainNames" : [ "embedded-ids.com" ],
"ldap" : {
"type" : "ActiveDirectory",
"domainName" : "embedded-ids.com",
"domainAlias" : "embedded-ids",
"username" : "[email protected]",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
}
} ],
"status" : "inactive"
}, {
"id" : "453ae887-e9eb-46dc-a64e-220c47f39db3",
"name" : "My AD Identity Source",
"type" : "Microsoft ADFS",
"domainNames" : [ "external-idp.com" ],
"ldap" : {
"type" : "Oidc",
"domainName" : "external-idp.com",
"domainAlias" : "external-idp",
"username" : "[email protected]",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
},
"oidc" : {
"clientId" : "f033673c-e782-4332-9978-8b1d80356ebe",
"discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
},
"status" : "active"
} ]
}
2. Get Identity Provider
Retrieve detailed information of the specified identity provider.
2.1. Prerequisites
The following data is required
- Identifier of the provider
2.2. Steps
- Invoke the API.
Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/068083ef-8c8f-4c2f-bf15-4fb7f2a2ce71' -i -X GET \
-H 'Authorization: Bearer etYWRta....'
HTTP Request
GET /v1/identity-providers/068083ef-8c8f-4c2f-bf15-4fb7f2a2ce71 HTTP/1.1
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 684
{
"id" : "068083ef-8c8f-4c2f-bf15-4fb7f2a2ce71",
"name" : "My AD Identity Source",
"type" : "Microsoft ADFS",
"domainNames" : [ "external-idp.com" ],
"ldap" : {
"type" : "Oidc",
"domainName" : "external-idp.com",
"domainAlias" : "external-idp",
"username" : "[email protected]",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
},
"oidc" : {
"clientId" : "2cb92274-6280-40d1-933f-5b066e1f9e41",
"discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
},
"status" : "active"
}
3. Add an embedded Identity Source
3.1. Prerequisites
The following data is required
- Identifier of the embedded Identity Provider
Tip : Please refer to IdentitySourceSpec.
3.2. Steps
- Fetch the ID for the embedded identity provider from the list Identity Providers Response.
Tip : Refer to Get all Identity Providers
- Invoke the API to add an embedded identity source.
Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/132eea6b-7407-4dc3-a88e-994f3407abe9/identity-sources' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer etYWRta....' \
-d '{
"name" : "My AD Identity Source",
"ldap" : {
"type" : "ActiveDirectory",
"domainName" : "embedded-ids.com",
"domainAlias" : "embedded-ids",
"username" : "[email protected]",
"password" : "xxxxxxxxx",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
}
}'
HTTP Request
POST /v1/identity-providers/132eea6b-7407-4dc3-a88e-994f3407abe9/identity-sources HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 452
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....
{
"name" : "My AD Identity Source",
"ldap" : {
"type" : "ActiveDirectory",
"domainName" : "embedded-ids.com",
"domainAlias" : "embedded-ids",
"username" : "[email protected]",
"password" : "xxxxxxxxx",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
}
}
HTTP Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 68
Added Identity source with domain name embedded-ids.com successfully
4. Update an embedded Identity Source
4.1. Prerequisites
The following data is required
Identifier of the embedded Identity Provider
The domain name associated with the identity source
Tip : Please refer to IdentitySourceSpec.
4.2. Steps
- Fetch the ID for the embedded identity provider and the domain name associated with the identity source from the list Identity Providers Response.
Tip : Refer to Get all Identity Providers
- Invoke the API to delete an embedded identity source.
Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/9eafc34c-0bb1-417a-a04e-8e4630e8f55d/identity-sources/embedded-ids.com' -i -X PATCH \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer etYWRta....' \
-d '{
"name" : "My AD Identity Source",
"ldap" : {
"type" : "ActiveDirectory",
"domainName" : "embedded-ids.com",
"domainAlias" : "embedded-ids",
"username" : "[email protected]",
"password" : "xxxxxxxxx",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
}
}'
HTTP Request
PATCH /v1/identity-providers/9eafc34c-0bb1-417a-a04e-8e4630e8f55d/identity-sources/embedded-ids.com HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 452
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....
{
"name" : "My AD Identity Source",
"ldap" : {
"type" : "ActiveDirectory",
"domainName" : "embedded-ids.com",
"domainAlias" : "embedded-ids",
"username" : "[email protected]",
"password" : "xxxxxxxxx",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
}
}
HTTP Response
HTTP/1.1 204 No Content
5. Delete an embedded Identity Source
5.1. Prerequisites
The following data is required
Identifier of the embedded Identity Provider
The domain name associated with the identity source
5.2. Steps
- Fetch the ID for the embedded identity provider and the domain name associated with the identity source from the list Identity Providers Response.
Tip : Refer to Get all Identity Providers
- Invoke the API to delete an embedded identity source.
Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/020de280-2bbf-42d2-a740-a95d4b3affb2/identity-sources/embedded-ids.com' -i -X DELETE \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer etYWRta....'
HTTP Request
DELETE /v1/identity-providers/020de280-2bbf-42d2-a740-a95d4b3affb2/identity-sources/embedded-ids.com HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....
HTTP Response
HTTP/1.1 204 No Content
6. Add an external Identity Provider
6.1. Prerequisites
The following data is needed:
- Identity Provider Spec details
Tip : Please refer to IdentityProviderSpec.
6.2. Steps
- Invoke the API to add an external identity provider.
Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer etYWRta....' \
-d '{
"name" : "My ADFS",
"type" : "ActiveDirectory",
"certChain" : [ ],
"ldap" : {
"domainName" : "external-idp.com",
"domainAlias" : "external-idp",
"username" : "[email protected]",
"password" : "xxxxxxxxx",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
},
"oidc" : {
"clientId" : "c60ede1d-1866-4e13-8caa-7ac7ded6e325",
"clientSecret" : "bdbe7e2a-e76a-4ae2-a270-5dd3e97a8a1e",
"discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
}
}'
HTTP Request
POST /v1/identity-providers HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 673
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....
{
"name" : "My ADFS",
"type" : "ActiveDirectory",
"certChain" : [ ],
"ldap" : {
"domainName" : "external-idp.com",
"domainAlias" : "external-idp",
"username" : "[email protected]",
"password" : "xxxxxxxxx",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
},
"oidc" : {
"clientId" : "c60ede1d-1866-4e13-8caa-7ac7ded6e325",
"clientSecret" : "bdbe7e2a-e76a-4ae2-a270-5dd3e97a8a1e",
"discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
}
}
HTTP Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 36
70db9962-bee7-4609-a663-419fdc6d63db
7. Update an external Identity Provider
7.1. Prerequisites
The following data is required
- Identifier of the external Identity Provider
Tip : Please refer to IdentityProviderSpec.
7.2. Steps
- Invoke the API to update an external identity provider.
Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/bdbb7afc-5283-445b-9325-a1b29bdc9b1c' -i -X PATCH \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer etYWRta....' \
-d '{
"name" : "My ADFS",
"type" : "ActiveDirectory",
"certChain" : [ ],
"ldap" : {
"domainName" : "external-idp.com",
"domainAlias" : "external-idp",
"username" : "[email protected]",
"password" : "xxxxxxxxx",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
},
"oidc" : {
"clientId" : "0616610c-d643-432f-8e56-00e70c29a202",
"clientSecret" : "7d320c8d-edfa-478b-821f-568fbcbef613",
"discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
}
}'
HTTP Request
PATCH /v1/identity-providers/bdbb7afc-5283-445b-9325-a1b29bdc9b1c HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 673
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....
{
"name" : "My ADFS",
"type" : "ActiveDirectory",
"certChain" : [ ],
"ldap" : {
"domainName" : "external-idp.com",
"domainAlias" : "external-idp",
"username" : "[email protected]",
"password" : "xxxxxxxxx",
"sourceDetails" : {
"usersBaseDn" : "users-base-dn",
"groupsBaseDn" : "groups-base-dn",
"certChain" : [ ],
"serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
}
},
"oidc" : {
"clientId" : "0616610c-d643-432f-8e56-00e70c29a202",
"clientSecret" : "7d320c8d-edfa-478b-821f-568fbcbef613",
"discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
}
}
HTTP Response
HTTP/1.1 204 No Content
8. Delete an external Identity Provider
8.1. Prerequisites
The following data is required
- Identifier of the external Identity Provider
8.2. Steps
- Invoke the API to delete an external identity provider.
Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.
cURL Request
$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/28694ddc-bfe8-4cf7-9184-beebbceca115' -i -X DELETE \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer etYWRta....'
HTTP Request
DELETE /v1/identity-providers/28694ddc-bfe8-4cf7-9184-beebbceca115 HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....
HTTP Response
HTTP/1.1 204 No Content
Last updated 2023-05-21 23:30:49 PDT