Vcenter NamespaceManagement Supervisors Identity Providers get
Returns information about an identity provider configured for a Supervisor.
This operation was added in vSphere API 8.0.0.1.
identifier for the Supervisor for which the identity provider is being read.
The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.
identifier for the identity provider that is being read.
The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.
An {#link Info} representing the requested identity provider.
{
"provider": "string",
"display_name": "string",
"issuer_url": "string",
"username_claim": "string",
"groups_claim": "string",
"client_id": "string",
"certificate_authority_data": "string",
"additional_scopes": [
"string"
],
"additional_authorize_parameters": {
"additional_authorize_parameters": "string"
},
"credentials_exchange_jwt_authenticator": "string",
"allow_credentials_exchange": false
}The immutable identifier of an identity provider generated when an identity provider is registered for a Supervisor.
This property was added in vSphere API 8.0.0.1.
When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider. When operations return a value of this schema as a response, the property will be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.
A name to be used for the given identity provider. This name will be displayed in the vCenter UI.
This property was added in vSphere API 8.0.0.1.
The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme.
This property was added in vSphere API 8.0.0.1.
The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user.
This property was added in vSphere API 8.0.0.1.
If missing or null, the upstream issuer URL will be concatenated with the 'sub' claim to generate the username to be used with Kubernetes.
The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user.
This property was added in vSphere API 8.0.0.1.
If missing or null, no groups will be used from the upstream identity provider.
The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor.
This property was added in vSphere API 8.0.0.1.
The certificate authority data holds the trusted roots to be used to establish HTTPS connections with the identity provider.
This property was added in vSphere API 8.0.0.1.
If missing or null, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.
Additional scopes to be requested in tokens issued by this identity provider. The 'openid' scope will always be requested.
This property was added in vSphere API 8.0.0.1.
If missing or null, no additional scopes will be requested.
Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware's Cloud Services Platform, if your organization ID is 'long-form-org-id', the 'orgLink' parameter can be set to "/csp/gateway/am/api/orgs/long-form-org-id" to allow users logging in to leverage that organization.
This property was added in vSphere API 8.0.0.1.
If missing or null, no additional parameters will be sent to the upstream identity provider.
Name of the 'JWTAuthenticator' Supervisor object created when Vcenter NamespaceManagement Supervisors Identity Providers Info.allow_credentials_exchange is set to true.
This property was added in vSphere API 9.0.0.0.
if missing or null, no 'JWTAuthenticator' object created on the Supervisor.
If true client can exchange an identity provider issued ID token for an mTLS client ceritificate key pair by using the Supervisor 'TokenCredentialRequest' API.
This property was added in vSphere API 9.0.0.0.
Defaults to false if missing or null.
if the user cannot be authenticated.
"Vapi Std Errors Unauthenticated Object"Indicates the authentication challenges applicable to the target API provider. It can be used by a client to discover the correct authentication scheme to use. The exact syntax of the value is defined by the specific provider, the protocol and authentication schemes used.
For example, a provider using REST may adhere to the WWW-Authenticate HTTP header specification, RFC7235, section 4.1. In this case an example challenge value may be: SIGN realm="27da1358-2ba4-11e9-b210-d663bd873d93",sts="http://vcenter/sso?vsphere.local", Basic realm="vCenter"
This property was added in vSphere API 7.0.0.0.
This property is optional because it was added in a newer version than its parent node.
if the user is missing the System.Read privilege on the Supervisor.
"Vapi Std Errors Unauthorized Object"if the given identity provider or Supervisor cannot be found.
"Vapi Std Errors NotFound Object"if the system reports an error while responding to the request.
"Vapi Std Errors Error Object"Stack of one or more localizable messages for human error consumers.
The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.
Each subsequent message in the stack describes the "cause" of the prior message.
Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully.
Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.
The Vapi Std Errors ArgumentLocations, Vapi Std Errors FileLocations, and Vapi Std Errors TransientIndication schemas are intended as possible values for this property. Vapi Std DynamicID may also be useful as a value for this property (although that is not its primary purpose). Some resources may provide their own specific schemas for use as the value of this property when reporting errors from their operations.
Some operations will not set this property when reporting errors.
Discriminator field to help API consumers identify the structure type.
For more information see: Vapi Std Errors Error Type.
This property was added in vSphere API 6.7.2.
Can be missing or null for compatibility with preceding implementations.
curl -H 'Authorization: <value>' https://{api_host}/api/vcenter/namespace-management/supervisors/{supervisor}/identity/providers/{provider}