BrokerIdentityProviderMedia
Represents the request information for VMware Identity Services OIDC Identity Provider API.
{
"metadata": [
{
"key": "string",
"value": "string"
}
],
"_links": {
"self": {
"href": "https://example.com/path-to-self"
}
},
"id": "5e895ddb-c2ae-414a-9db3-a2d693ee0db1",
"idp_name": "example_idp_name",
"idp_type": "OIDC",
"directory_list": [
{
"id": "165178fc-acba-46d3-8a0a-6099ab71eb51",
"name": "my_dir 1"
}
],
"oidc_profile": {
"configuration_url": "https://example.com/.well-known/openid-configuration",
"client_id": "my-auth-grant-client1",
"client_secret": "my-auth-grant-client1-secret",
"oidc_user_attribute_mapping": {
"email": "user_email"
},
"authorize_params": {
"param1": "param1_value"
},
"token_params": {
"param1": "param1_value"
},
"pass_through_claims": false,
"open_id_user_identifier_attribute": "sub",
"internal_user_identifier_attribute": "ExternalId"
},
"saml_profile": {
"saml_metadata": "See https://en.wikipedia.org/wiki/SAML_metadata#Identity_provider_metadata for an example of an IDP SAML metadata",
"saml_metadata_url": "https://example.com/path/to/my/saml/metadata.xml",
"saml_name_id_user_attribute_mapping": {
"param1": "param1_value"
},
"saml_identity_user_attribute_mapping": {
"saml_attribute_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
"saml_attribute_name": "uid",
"idm_attribute": "userName"
},
"request_name_id_format_type": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
"request_preferred_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"send_subject_in_request": false,
"send_subject_with_mapping": false,
"saml_slo_configuration": {
"slo_url": "https://www.okta.com/slologout",
"relay_state_param": "param",
"enabled": true
},
"jit_group_membership_attr_name": "groups",
"saml_pass_through_claim_names": [
"attr1",
"attr2"
]
},
"trust_certificates": [
"-----BEGIN CERTIFICATE-----\n<encoded-certificate-1>\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n<encoded-certificate-2>\n-----END CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----\n<another-encoded-certificate\n-----END CERTIFICATE-----"
],
"jit_enabled": true,
"auth_type_list": [
{
"id": "8edacc5b-ff9d-4f8d-8575-6a137619fc88",
"auth_method_name": "example_auth_method_name",
"saml_authn_context": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"
}
]
}
The resource HATEOAS links. Usually includes a "self" link for this resource
The unique identifier of the identity provider
This is the name of the identity provider. It must be unique for a tenant. It is required for creating and optional for patching an identity provider. The allowed symbols are letters in any language, digits (0-9), space and -_
The protocol type to be used for the external identity provider. It is required for creating and optional for patching an identity provider.
The list of directories associated with this identity provider. It is required for creating and optional for patching an identity provider.
Represents an Identity Provider OIDC profile. It must be present only if idp_type=OIDC and is otherwise ignored. It is required for creating and optional for patching an identity provider.
Represents an Identity Provider SAML profile. It must be present only if idp_type=SAML and is otherwise ignored. It is required for creating and optional for patching an identity provider.
List of certificate chains encoded in PEM format. It is optional for both creating and patching an identity provider. The certificates in the chain have to be separated by a line break and the encoded certificate between the BEGIN/END markers needs to be surrounded by line breaks. The chains in the array cannot be more than three and each chain can consist of maximum five certificates. When updating this field, the entire list of certificate chains is updated. There is no support for managing individual chains in the list.
To enable JIT, set parameter to true.
The list of auth methods associated with this identity provider. This field is only modifiable via patch, and will always be defaulted during create. When updating this field, the entire list of auth methods is updated. At least one auth method must be present for the identity provider. If auth methods are not provided during a patch, the existing auth methods will not be changed. Provide the uuid of the auth method when patching an existing auth method