Create Broker Oidc Identity Provider

VMware Identity Services API to add an identity provider for a specified tenant.

Request

URI

POST

https://{api_host}//federation/t/{TENANT}/broker/identity-providers

COPY

Path Parameters

string

TENANT

Required

TENANT

Request Body

BrokerIdentityProviderMedia of type(s) application/vnd.vmware.vidm.federation.broker.identityprovider+json

Required

{
    "_links": {
        "self": {
            "href": "https://example.com/path-to-self"
        }
    },
    "id": "string",
    "idp_name": "example_idp_name",
    "idp_type": "OIDC",
    "directory_list": [
        {
            "id": "string",
            "name": "string"
        }
    ],
    "oidc_profile": {
        "configuration_url": "https://example.com/.well-known/openid-configuration",
        "client_id": "my-auth-grant-client1",
        "client_secret": "my-auth-grant-client1-secret",
        "oidc_user_attribute_mapping": {
            "email": "user_email"
        },
        "authorize_params": {
            "param1": "param1_value"
        },
        "token_params": {
            "param1": "param1_value"
        },
        "pass_through_claims": false,
        "open_id_user_identifier_attribute": "string",
        "internal_user_identifier_attribute": "string"
    },
    "saml_profile": {
        "saml_metadata": "See https://en.wikipedia.org/wiki/SAML_metadata#Identity_provider_metadata for an example of an IDP SAML metadata",
        "saml_metadata_url": "https://example.com/path/to/my/saml/metadata.xml",
        "saml_name_id_user_attribute_mapping": {
            "param1": "param1_value"
        },
        "saml_identity_user_attribute_mapping": {
            "saml_attribute_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
            "saml_attribute_name": "uid",
            "idm_attribute": "userName"
        },
        "request_name_id_format_type": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
        "request_preferred_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
        "send_subject_in_request": false,
        "send_subject_with_mapping": false,
        "saml_slo_configuration": {
            "slo_url": "https://www.okta.com/slologout",
            "relay_state_param": "param"
        },
        "jit_group_membership_attr_name": "groups",
        "saml_pass_through_claim_names": [
            "attr1",
            "attr2"
        ]
    }
}

object

_links

Optional

The resource HATEOAS links. Usually includes a "self" link for this resource

string As uuid As uuid

Optional

Identity Provider UUID - uniquely identifies this IdentityProvider

string

idp_name

Required

Identity Provider name. Must be unique for a tenant. The allowed symbols are letters in any language, digits (0-9), space and -_.

string

idp_type

Optional

The protocol type to be used for the external Identity Provider

Possible values are : OIDC, SAML,

array of DirectoryTO

directory_list

Optional

The list of directories associated with this identity provider.

OidcProfileTO

oidc_profile

Optional

oidc_profile

SamlProfileTO

saml_profile

Optional

saml_profile

Authentication

This operation uses the following authentication methods.

admin

Responses

201

Identity Provider was successfully added.

Returns BrokerIdentityProviderMedia of type(s) application/vnd.vmware.vidm.federation.broker.identityprovider+json

{
    "_links": {
        "self": {
            "href": "https://example.com/path-to-self"
        }
    },
    "id": "string",
    "idp_name": "example_idp_name",
    "idp_type": "OIDC",
    "directory_list": [
        {
            "id": "string",
            "name": "string"
        }
    ],
    "oidc_profile": {
        "configuration_url": "https://example.com/.well-known/openid-configuration",
        "client_id": "my-auth-grant-client1",
        "client_secret": "my-auth-grant-client1-secret",
        "oidc_user_attribute_mapping": {
            "email": "user_email"
        },
        "authorize_params": {
            "param1": "param1_value"
        },
        "token_params": {
            "param1": "param1_value"
        },
        "pass_through_claims": false,
        "open_id_user_identifier_attribute": "string",
        "internal_user_identifier_attribute": "string"
    },
    "saml_profile": {
        "saml_metadata": "See https://en.wikipedia.org/wiki/SAML_metadata#Identity_provider_metadata for an example of an IDP SAML metadata",
        "saml_metadata_url": "https://example.com/path/to/my/saml/metadata.xml",
        "saml_name_id_user_attribute_mapping": {
            "param1": "param1_value"
        },
        "saml_identity_user_attribute_mapping": {
            "saml_attribute_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
            "saml_attribute_name": "uid",
            "idm_attribute": "userName"
        },
        "request_name_id_format_type": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
        "request_preferred_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
        "send_subject_in_request": false,
        "send_subject_with_mapping": false,
        "saml_slo_configuration": {
            "slo_url": "https://www.okta.com/slologout",
            "relay_state_param": "param"
        },
        "jit_group_membership_attr_name": "groups",
        "saml_pass_through_claim_names": [
            "attr1",
            "attr2"
        ]
    }
}

object

_links

Optional

The resource HATEOAS links. Usually includes a "self" link for this resource

string As uuid As uuid

Optional

Identity Provider UUID - uniquely identifies this IdentityProvider

string

idp_name

Required

Identity Provider name. Must be unique for a tenant. The allowed symbols are letters in any language, digits (0-9), space and -_.

string