Vcenter Identity Providers get

Vcenter Identity Providers get

Retrieve detailed information of the specified identity provider.

This operation was added in vSphere API 7.0.0.0.

Returns an authorization error if you do not have all of the privileges described as follows:

  • Operation execution requires VcIdentityProviders.Read and VcIdentityProviders.Manage.
Request
URI
GET
https://{api_host}/api/vcenter/identity/providers/{provider}
COPY
Path Parameters
string
provider
Required

the identifier of the provider

The parameter must be an identifier for the resource type: com.vmware.vcenter.identity.Providers.


Authentication
This operation uses the following authentication methods.
Responses
200

Detailed information of the specified identity provider.

Returns Vcenter Identity Providers Info of type(s) application/json
{
    "name": "string",
    "org_ids": [
        "string"
    ],
    "config_tag": "string",
    "oauth2": {
        "auth_endpoint": "string",
        "token_endpoint": "string",
        "public_key_uri": "string",
        "client_id": "string",
        "client_secret": "string",
        "claim_map": {
            "claim_map": {
                "claim_map": [
                    "string"
                ]
            }
        },
        "issuer": "string",
        "authentication_method": "string",
        "auth_query_params": {
            "auth_query_params": [
                "string"
            ]
        }
    },
    "oidc": {
        "discovery_endpoint": "string",
        "logout_endpoint": "string",
        "auth_endpoint": "string",
        "token_endpoint": "string",
        "public_key_uri": "string",
        "client_id": "string",
        "client_secret": "string",
        "claim_map": {
            "claim_map": {
                "claim_map": [
                    "string"
                ]
            }
        },
        "issuer": "string",
        "authentication_method": "string",
        "auth_query_params": {
            "auth_query_params": [
                "string"
            ]
        }
    },
    "is_default": false,
    "domain_names": [
        "string"
    ],
    "auth_query_params": {
        "auth_query_params": [
            "string"
        ]
    },
    "idm_protocol": "string",
    "idm_endpoints": [
        "string"
    ],
    "active_directory_over_ldap": {
        "user_name": "string",
        "password": "string",
        "users_base_dn": "string",
        "groups_base_dn": "string",
        "server_endpoints": [
            "string"
        ],
        "cert_chain": {
            "cert_chain": [
                "string"
            ]
        }
    },
    "upn_claim": "string",
    "groups_claim": "string",
    "federation_type": "string"
}
string
name
Optional

The user friendly name for the provider

This property was added in vSphere API 7.0.0.0.

This property is optional because it was added in a newer version than its parent node.

array of string
org_ids
Required

The set of orgIds as part of SDDC creation which provides the basis for tenancy

This property was added in vSphere API 7.0.0.0.

string
config_tag
Required

The config type of the identity provider

For more information see: Vcenter Identity Providers ConfigType.

This property was added in vSphere API 7.0.0.0.

oauth2
Optional

OAuth2 Info

This property was added in vSphere API 7.0.0.0.

This property is optional and it is only relevant when the value of config_tag is Vcenter Identity Providers ConfigType.oauth2.

oidc
Optional

OIDC Info

This property was added in vSphere API 7.0.0.0.

This property is optional and it is only relevant when the value of config_tag is Vcenter Identity Providers ConfigType.oidc.

boolean
is_default
Required

Specifies whether the provider is the default provider.

This property was added in vSphere API 7.0.0.0.

array of string
domain_names
Optional

Set of fully qualified domain names to trust when federating with this identity provider. Tokens from this identity provider will only be validated if the user belongs to one of these domains, and any domain-qualified groups in the tokens will be filtered to include only those groups that belong to one of these domains. If domainNames is an empty set, domain validation behavior at login with this identity provider will be as follows: the user's domain will be parsed from the User Principal Name (UPN) value that is found in the tokens returned by the identity provider. This domain will then be implicitly trusted and used to filter any groups that are also provided in the tokens.

This property was added in vSphere API 7.0.0.0.

This property is optional because it was added in a newer version than its parent node.

object
auth_query_params
Optional

key/value pairs that are to be appended to the authEndpoint request.

How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details:

  • If the value contains only one string, then the key is added with "k=v".
  • If the value is an empty list, then the key is added without a "=v".
  • If the value contains multiple strings, then the key is repeated in the query-string for each string in the value.

This property was added in vSphere API 7.0.0.0.

This property is optional because it was added in a newer version than its parent node.

string
idm_protocol
Optional

Communication protocol to the identity management endpoints.

For more information see: Vcenter Identity Providers IdmProtocol.

This property was added in vSphere API 7.0.0.0.

This property is optional because it was added in a newer version than its parent node.

array of string
idm_endpoints
Optional

Identity management endpoints.

This property was added in vSphere API 7.0.0.0.

This property is optional and it is only relevant when the value of idm_protocol is one of Vcenter Identity Providers IdmProtocol.REST, Vcenter Identity Providers IdmProtocol.SCIM, or Vcenter Identity Providers IdmProtocol.scim2_0.

active_directory_over_ldap
Optional

Identity management configuration.

This property was added in vSphere API 7.0.0.0.

This property is optional and it is only relevant when the value of idm_protocol is Vcenter Identity Providers IdmProtocol.LDAP.

string
upn_claim
Optional

Specifies which claim provides the user principal name (UPN) for the user.

This property was added in vSphere API 7.0.0.0.

This property is optional because it was added in a newer version than its parent node.

string
groups_claim
Optional

Specifies which claim provides the group membership for the token subject. If empty, the default behavior for CSP is used. In this case, the groups for the subject will be comprised of the groups in 'group_names' and 'group_ids' claims.

This property was added in vSphere API 7.0.0.0.

This property is optional because it was added in a newer version than its parent node.

string
federation_type
Optional

The type of the identity provider

For more information see: Vcenter Identity FederationType.

This property was added in vSphere API 8.0.1.0.

If no federation type value set earlier.


403

if authorization is not given to caller.

Returns Vapi Std Errors Unauthorized of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors Unauthorized0
"Vapi Std Errors Unauthorized Object"

404

if no provider found with the given provider identifier.

Returns Vapi Std Errors NotFound of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors NotFound0
"Vapi Std Errors NotFound Object"

Code Samples
COPY
                    curl -H 'Authorization: <value>' https://{api_host}/api/vcenter/identity/providers/{provider}