BrokerIdentityProviderMedia

BrokerIdentityProviderMedia
BrokerIdentityProviderMedia

Represents the request information for VMware Identity Services OIDC Identity Provider API.

JSON Example
{
    "metadata": [
        {
            "key": "string",
            "value": "string"
        }
    ],
    "_links": {
        "self": {
            "href": "https://example.com/path-to-self"
        }
    },
    "id": "5e895ddb-c2ae-414a-9db3-a2d693ee0db1",
    "idp_name": "example_idp_name",
    "idp_type": "OIDC",
    "directory_list": [
        {
            "id": "165178fc-acba-46d3-8a0a-6099ab71eb51",
            "name": "my_dir 1"
        }
    ],
    "oidc_profile": {
        "configuration_url": "https://example.com/.well-known/openid-configuration",
        "client_id": "my-auth-grant-client1",
        "client_secret": "my-auth-grant-client1-secret",
        "oidc_user_attribute_mapping": {
            "email": "user_email"
        },
        "authorize_params": {
            "param1": "param1_value"
        },
        "token_params": {
            "param1": "param1_value"
        },
        "pass_through_claims": false,
        "open_id_user_identifier_attribute": "sub",
        "internal_user_identifier_attribute": "ExternalId"
    },
    "saml_profile": {
        "saml_metadata": "See https://en.wikipedia.org/wiki/SAML_metadata#Identity_provider_metadata for an example of an IDP SAML metadata",
        "saml_metadata_url": "https://example.com/path/to/my/saml/metadata.xml",
        "saml_name_id_user_attribute_mapping": {
            "param1": "param1_value"
        },
        "saml_identity_user_attribute_mapping": {
            "saml_attribute_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
            "saml_attribute_name": "uid",
            "idm_attribute": "userName"
        },
        "request_name_id_format_type": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
        "request_preferred_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
        "send_subject_in_request": false,
        "send_subject_with_mapping": false,
        "saml_slo_configuration": {
            "slo_url": "https://www.okta.com/slologout",
            "relay_state_param": "param",
            "enabled": true
        },
        "jit_group_membership_attr_name": "groups",
        "saml_pass_through_claim_names": [
            "attr1",
            "attr2"
        ]
    },
    "trust_certificates": [
        "-----BEGIN CERTIFICATE-----\n<encoded-certificate-1>\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n<encoded-certificate-2>\n-----END CERTIFICATE-----",
        "-----BEGIN CERTIFICATE-----\n<another-encoded-certificate\n-----END CERTIFICATE-----"
    ],
    "jit_enabled": true,
    "auth_type_list": [
        {
            "id": "8edacc5b-ff9d-4f8d-8575-6a137619fc88",
            "auth_method_name": "example_auth_method_name",
            "saml_authn_context": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"
        }
    ]
}
metadata
Optional

Identity provider's metadata

object
_links
Optional

The resource HATEOAS links. Usually includes a "self" link for this resource

string As uuid As uuid
id
Optional

The unique identifier of the identity provider

string
idp_name
Optional
Constraints: maxLength: 100

This is the name of the identity provider. It must be unique for a tenant. It is required for creating and optional for patching an identity provider. The allowed symbols are letters in any language, digits (0-9), space and -_

string
idp_type
Optional

The protocol type to be used for the external identity provider. It is required for creating and optional for patching an identity provider.

Possible values are : OIDC, SAML, LDAP,
array of DirectoryTO
directory_list
Optional

The list of directories associated with this identity provider. It is required for creating and optional for patching an identity provider.

oidc_profile
Optional

Represents an Identity Provider OIDC profile. It must be present only if idp_type=OIDC and is otherwise ignored. It is required for creating and optional for patching an identity provider.

saml_profile
Optional

Represents an Identity Provider SAML profile. It must be present only if idp_type=SAML and is otherwise ignored. It is required for creating and optional for patching an identity provider.

array of string
trust_certificates
Optional

List of certificate chains encoded in PEM format. It is optional for both creating and patching an identity provider. The certificates in the chain have to be separated by a line break and the encoded certificate between the BEGIN/END markers needs to be surrounded by line breaks. The chains in the array cannot be more than three and each chain can consist of maximum five certificates. When updating this field, the entire list of certificate chains is updated. There is no support for managing individual chains in the list.

boolean
jit_enabled
Optional

To enable JIT, set parameter to true.

auth_type_list
Required

The list of auth methods associated with this identity provider. This field is only modifiable via patch, and will always be defaulted during create. When updating this field, the entire list of auth methods is updated. At least one auth method must be present for the identity provider. If auth methods are not provided during a patch, the existing auth methods will not be changed. Provide the uuid of the auth method when patching an existing auth method