Vcenter NamespaceManagement Supervisors Identity Providers update

Vcenter NamespaceManagement Supervisors Identity Providers update

Update an existing identity provider used with a Supervisor.

This operation was added in vSphere API 8.0.0.1.

Request
URI
PATCH
https://{api_host}/api/vcenter/namespace-management/supervisors/{supervisor}/identity/providers/{provider}
COPY
Path Parameters
string
supervisor
Required

the identifier for the Supervisor associated with the identity provider to be updated.

The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.

string
provider
Required

the identifier for the identity provider that is to be updated.

The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.


Request Body

the {#UpdateSpec} to be applied to the identity provider configuration.

{
    "display_name": "string",
    "issuer_url": "string",
    "username_claim": "string",
    "unset_username_claim": false,
    "groups_claim": "string",
    "unset_groups_claim": false,
    "client_id": "string",
    "client_secret": "string",
    "certificate_authority_data": "string",
    "unset_certificate_authority_data": false,
    "additional_scopes": [
        "string"
    ],
    "additional_authorize_parameters": {
        "additional_authorize_parameters": "string"
    },
    "allow_credentials_exchange": false
}
string
display_name
Optional

A name to be used for the given identity provider. This name will be displayed in the vCenter UI.

This property was added in vSphere API 8.0.0.1.

if missing or null, the name will remained unchanged.

string
issuer_url
Optional

The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme.

This property was added in vSphere API 8.0.0.1.

If missing or null, the issuer URL will not be updated.

string
username_claim
Optional

The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user.

This property was added in vSphere API 8.0.0.1.

If missing or null, the username claim will not be updated.

boolean
unset_username_claim
Optional

This represents the intent of the change to Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.username_claim. If this field is set to true, the existing 'usernameClaim' value will be removed. If this field is set to false, the existing username claim will be changed to the value specified in Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.username_claim, if any.

This property was added in vSphere API 8.0.0.1.

If missing or null, the existing 'usernameClaim' value will be changed to the value specified in Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.username_claim, if any.

string
groups_claim
Optional

The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user.

This property was added in vSphere API 8.0.0.1.

If missing or null, the groups claim will not be updated.

boolean
unset_groups_claim
Optional

This represents the intent of the change to Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.groups_claim. If this field is set to true, the existing 'groupsClaim' value will be removed. If this field is set to false, the existing groups claim will be changed to the value specified in Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.groups_claim, if any.

This property was added in vSphere API 8.0.0.1.

If missing or null, the existing 'groupsClaim' value will be changed to the value specified in Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.groups_claim, if any.

string
client_id
Optional

The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor.

This property was added in vSphere API 8.0.0.1.

If missing or null, the client ID will not be updated.

string As password As password
client_secret
Optional

The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider.

This property was added in vSphere API 8.0.0.1.

If missing or null, the client secret will not be updated.

string
certificate_authority_data
Optional

Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value.

This property was added in vSphere API 8.0.0.1.

If missing or null, the certificate authority data will not be updated.

boolean
unset_certificate_authority_data
Optional

This represents the intent of the change to Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.certificate_authority_data. If this field is set to true, the existing 'certificateAuthorityData' value will be removed. If this field is set to false, the existing certificate authority data will be changed to the value specified in Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.certificate_authority_data, if any.

This property was added in vSphere API 8.0.0.1.

If missing or null, the existing 'certificateAuthorityData' value will be changed to the value specified in Vcenter NamespaceManagement Supervisors Identity Providers UpdateSpec.certificate_authority_data, if any.

array of string
additional_scopes
Optional

Additional scopes to be requested in tokens issued by this identity provider.

This property was added in vSphere API 8.0.0.1.

If missing or null, the additional scopes will not be updated.

object
additional_authorize_parameters
Optional

Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware's Cloud Services Platform, if your organization ID is 'long-form-org-id', the 'orgLink' parameter can be set to "/csp/gateway/am/api/orgs/long-form-org-id" to allow users logging in to leverage that organization.

This property was added in vSphere API 8.0.0.1.

If missing or null, the additional parameters will not be updated.

boolean
allow_credentials_exchange
Optional

Enables a client to exchange an identity provider issued ID token for an mTLS client certificate key pair using the Supervisor 'TokenCredentialRequest' API. Note: Supervisor only supports public OAuth 2.0 clients, which do not require client secrets.

This property was added in vSphere API 9.0.0.0.

Defaults to false if missing or null.

Authentication
This operation uses the following authentication methods.
Responses
204

Success!

Operation doesn't return any data structure

400

if the spec contains any errors.

Returns Vapi Std Errors InvalidArgument of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors InvalidArgument0
"Vapi Std Errors InvalidArgument Object"

401

if the user cannot be authenticated.

Returns Vapi Std Errors Unauthenticated of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors Unauthenticated0
"Vapi Std Errors Unauthenticated Object"
string
challenge
Optional

Indicates the authentication challenges applicable to the target API provider. It can be used by a client to discover the correct authentication scheme to use. The exact syntax of the value is defined by the specific provider, the protocol and authentication schemes used.

For example, a provider using REST may adhere to the WWW-Authenticate HTTP header specification, RFC7235, section 4.1. In this case an example challenge value may be: SIGN realm="27da1358-2ba4-11e9-b210-d663bd873d93",sts="http://vcenter/sso?vsphere.local", Basic realm="vCenter"

This property was added in vSphere API 7.0.0.0.

This property is optional because it was added in a newer version than its parent node.


403

if the user is missing the Namespaces.Manage privilege on the Supervisor.

Returns Vapi Std Errors Unauthorized of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors Unauthorized0
"Vapi Std Errors Unauthorized Object"

404

if the given identity provider or Supervisor cannot be found.

Returns Vapi Std Errors NotFound of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors NotFound0
"Vapi Std Errors NotFound Object"

500

if the system reports an error while responding to the request.

Returns Vapi Std Errors Error of type(s) application/json
"Vapi Std Errors Error Object"
array of object
messages
Required

Stack of one or more localizable messages for human error consumers.

The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully.

Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The Vapi Std Errors ArgumentLocations, Vapi Std Errors FileLocations, and Vapi Std Errors TransientIndication schemas are intended as possible values for this property. Vapi Std DynamicID may also be useful as a value for this property (although that is not its primary purpose). Some resources may provide their own specific schemas for use as the value of this property when reporting errors from their operations.

Some operations will not set this property when reporting errors.

string
error_type
Required

Discriminator field to help API consumers identify the structure type.

For more information see: Vapi Std Errors Error Type.

This property was added in vSphere API 6.7.2.

Can be missing or null for compatibility with preceding implementations.


Code Samples
COPY
                    curl -X PATCH -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{}'