Create Broker Oidc Identity Provider

Create Broker Oidc Identity Provider

This endpoint is responsible for creating an identity provider. Note that SAML type identity providers are currently not supported for vCenter.

Request
URI
POST
https://{api_host}//federation/t/{tenant}/broker/identity-providers
COPY
Path Parameters
string
tenant
Required

The VMware Identity Services tenant ID

tenant example
my-tenant

Request Body
BrokerIdentityProviderMedia of type(s) application/vnd.vmware.vidm.federation.broker.identityprovider+json
Required
{
    "_links": {
        "self": {
            "href": "https://example.com/path-to-self"
        }
    },
    "id": "string",
    "idp_name": "example_idp_name",
    "idp_type": "OIDC",
    "directory_list": [
        {
            "id": "string",
            "name": "string"
        }
    ],
    "oidc_profile": {
        "configuration_url": "https://example.com/.well-known/openid-configuration",
        "client_id": "my-auth-grant-client1",
        "client_secret": "my-auth-grant-client1-secret",
        "oidc_user_attribute_mapping": {
            "email": "user_email"
        },
        "authorize_params": {
            "param1": "param1_value"
        },
        "token_params": {
            "param1": "param1_value"
        },
        "pass_through_claims": false,
        "open_id_user_identifier_attribute": "string",
        "internal_user_identifier_attribute": "string"
    },
    "saml_profile": {
        "saml_metadata": "See https://en.wikipedia.org/wiki/SAML_metadata#Identity_provider_metadata for an example of an IDP SAML metadata",
        "saml_metadata_url": "https://example.com/path/to/my/saml/metadata.xml",
        "saml_name_id_user_attribute_mapping": {
            "param1": "param1_value"
        },
        "saml_identity_user_attribute_mapping": {
            "saml_attribute_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
            "saml_attribute_name": "uid",
            "idm_attribute": "userName"
        },
        "request_name_id_format_type": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
        "request_preferred_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
        "send_subject_in_request": false,
        "send_subject_with_mapping": false,
        "saml_slo_configuration": {
            "slo_url": "https://www.okta.com/slologout",
            "relay_state_param": "param",
            "enabled": true
        },
        "jit_group_membership_attr_name": "groups",
        "saml_pass_through_claim_names": [
            "attr1",
            "attr2"
        ]
    }
}
object
_links
Optional

The resource HATEOAS links. Usually includes a "self" link for this resource

string As uuid As uuid
id
Optional

The unique identifier of the identity provider

string
idp_name
Optional

This is the name of the identity provider. It must be unique for a tenant. The allowed symbols are letters in any language, digits (0-9), space and -_

string
idp_type
Optional

The protocol type to be used for the external identity provider

Possible values are : OIDC, SAML,
directory_list
Optional

The list of directories associated with this identity provider

oidc_profile
Optional

oidc_profile

saml_profile
Optional

saml_profile

Authentication
This operation uses the following authentication methods.
Responses
201

The identity provider was successfully added.

Returns BrokerIdentityProviderMedia of type(s) application/vnd.vmware.vidm.federation.broker.identityprovider+json
{
    "_links": {
        "self": {
            "href": "https://example.com/path-to-self"
        }
    },
    "id": "string",
    "idp_name": "example_idp_name",
    "idp_type": "OIDC",
    "directory_list": [
        {
            "id": "string",
            "name": "string"
        }
    ],
    "oidc_profile": {
        "configuration_url": "https://example.com/.well-known/openid-configuration",
        "client_id": "my-auth-grant-client1",
        "client_secret": "my-auth-grant-client1-secret",
        "oidc_user_attribute_mapping": {
            "email": "user_email"
        },
        "authorize_params": {
            "param1": "param1_value"
        },
        "token_params": {
            "param1": "param1_value"
        },
        "pass_through_claims": false,
        "open_id_user_identifier_attribute": "string",
        "internal_user_identifier_attribute": "string"
    },
    "saml_profile": {
        "saml_metadata": "See https://en.wikipedia.org/wiki/SAML_metadata#Identity_provider_metadata for an example of an IDP SAML metadata",
        "saml_metadata_url": "https://example.com/path/to/my/saml/metadata.xml",
        "saml_name_id_user_attribute_mapping": {
            "param1": "param1_value"
        },
        "saml_identity_user_attribute_mapping": {
            "saml_attribute_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
            "saml_attribute_name": "uid",
            "idm_attribute": "userName"
        },
        "request_name_id_format_type": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
        "request_preferred_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
        "send_subject_in_request": false,
        "send_subject_with_mapping": false,
        "saml_slo_configuration": {
            "slo_url": "https://www.okta.com/slologout",
            "relay_state_param": "param",
            "enabled": true
        },
        "jit_group_membership_attr_name": "groups",
        "saml_pass_through_claim_names": [
            "attr1",
            "attr2"
        ]
    }
}
object
_links
Optional

The resource HATEOAS links. Usually includes a "self" link for this resource

string As uuid As uuid
id
Optional

The unique identifier of the identity provider

string
idp_name
Optional

This is the name of the identity provider. It must be unique for a tenant. The allowed symbols are letters in any language, digits (0-9), space and -_

string
idp_type
Optional

The protocol type to be used for the external identity provider

Possible values are : OIDC, SAML,
directory_list
Optional

The list of directories associated with this identity provider

oidc_profile
Optional

oidc_profile

saml_profile
Optional

saml_profile


400

The identity provider information is invalid.

Operation doesn't return any data structure

401

Unauthorized to create an identity provider.

Operation doesn't return any data structure

409

An identity provider with the same name already exists.

Operation doesn't return any data structure