Vcenter Identity Providers UpdateSpec

Vcenter Identity Providers UpdateSpec
Vcenter Identity Providers UpdateSpec

The Vcenter Identity Providers UpdateSpec schema contains the information used to update the identity provider.

This schema was added in vSphere API 7.0.0.0.

JSON Example
{
    "config_tag": "string",
    "oauth2": {
        "auth_endpoint": "string",
        "token_endpoint": "string",
        "public_key_uri": "string",
        "client_id": "string",
        "client_secret": "string",
        "claim_map": {
            "claim_map": {
                "claim_map": [
                    "string"
                ]
            }
        },
        "issuer": "string",
        "authentication_method": "string",
        "auth_query_params": {
            "auth_query_params": [
                "string"
            ]
        }
    },
    "oidc": {
        "discovery_endpoint": "string",
        "client_id": "string",
        "client_secret": "string",
        "claim_map": {
            "claim_map": {
                "claim_map": [
                    "string"
                ]
            }
        }
    },
    "org_ids": [
        "string"
    ],
    "make_default": false,
    "name": "string",
    "domain_names": [
        "string"
    ],
    "auth_query_params": {
        "auth_query_params": [
            "string"
        ]
    },
    "idm_protocol": "string",
    "idm_endpoints": [
        "string"
    ],
    "active_directory_over_ldap": {
        "user_name": "string",
        "password": "string",
        "users_base_dn": "string",
        "groups_base_dn": "string",
        "server_endpoints": [
            "string"
        ],
        "cert_chain": {
            "cert_chain": [
                "string"
            ]
        }
    },
    "upn_claim": "string",
    "reset_upn_claim": false,
    "groups_claim": "string",
    "reset_groups_claim": false,
    "federation_type": "string"
}
string
config_tag
Required

The config type of the identity provider

For more information see: Vcenter Identity Providers ConfigType.

This property was added in vSphere API 7.0.0.0.

oauth2
Optional

OAuth2 UpdateSpec

This property was added in vSphere API 7.0.0.0.

This property is optional and it is only relevant when the value of config_tag is Vcenter Identity Providers ConfigType.oauth2.

oidc
Optional

OIDC UpdateSpec

This property was added in vSphere API 7.0.0.0.

This property is optional and it is only relevant when the value of config_tag is Vcenter Identity Providers ConfigType.oidc.

array of string
org_ids
Optional

The set orgIds as part of SDDC creation which provides the basis for tenancy

This property was added in vSphere API 7.0.0.0.

If missing or null, leaves value unchanged.

boolean
make_default
Optional

Specifies whether to make this the default provider. If make_default is set to true, this provider will be flagged as the default provider and any other providers that had previously been flagged as the default will be made non-default. If make_default is set to false, this provider's default flag will not be modified.

This property was added in vSphere API 7.0.0.0.

If missing or null, leaves value unchanged.

string
name
Optional

The user friendly name for the provider. This name can be used for human-readable identification purposes, but it does not have to be unique, as the system will use internal UUIDs to differentiate providers.

This property was added in vSphere API 7.0.0.0.

If missing or null, leaves value unchanged.

array of string
domain_names
Optional

Set of fully qualified domain names to trust when federating with this identity provider. Tokens from this identity provider will only be validated if the user belongs to one of these domains, and any domain-qualified groups in the tokens will be filtered to include only those groups that belong to one of these domains.

This property was added in vSphere API 7.0.0.0.

If missing or null, leaves value unchanged. If domainNames is an empty set, domain validation behavior at login with this identity provider will be as follows: the user's domain will be parsed from the User Principal Name (UPN) value that is found in the tokens returned by the identity provider. This domain will then be implicitly trusted and used to filter any groups that are also provided in the tokens.

object
auth_query_params
Optional

key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details: If the value contains only one string, then the key is added with "k=v". If the value is an empty list, then the key is added without a "=v". If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. If the map is empty, deletes all params.

This property was added in vSphere API 7.0.0.0.

If missing or null, leaves value unchanged.

string
idm_protocol
Optional

The protocol to communicate to the identity management endpoints

For more information see: Vcenter Identity Providers IdmProtocol.

This property was added in vSphere API 7.0.0.0.

If missing or null, leave value unchanged.

array of string
idm_endpoints
Optional

Identity management endpoints. When specified, at least one endpoint must be provided.

This property was added in vSphere API 7.0.0.0.

This property is optional and it is only relevant when the value of idm_protocol is one of Vcenter Identity Providers IdmProtocol.REST, Vcenter Identity Providers IdmProtocol.SCIM, or Vcenter Identity Providers IdmProtocol.scim2_0.

active_directory_over_ldap
Optional

Identity management configuration. If the protocol is LDAP, the configuration must be set, else InvalidArgument is thrown

This property was added in vSphere API 7.0.0.0.

This property is optional and it is only relevant when the value of idm_protocol is Vcenter Identity Providers IdmProtocol.LDAP.

string
upn_claim
Optional

Specifies which claim provides the user principal name (UPN) for the subject of the token.

This property was added in vSphere API 7.0.0.0.

If missing or null, leaves value unchanged.

boolean
reset_upn_claim
Optional

Flag indicating whether the user principal name (UPN) claim should be set back to its default value. If this field is set to true, the user principal name (UPN) claim will be set to 'acct', which is used for backwards compatibility with CSP. If this field is set to false, the existing user principal name (UPN) claim will be changed to the value specified in Vcenter Identity Providers UpdateSpec.upn_claim, if any.

This property was added in vSphere API 7.0.0.0.

If missing or null, the existing user principal name (UPN) claim will be changed to the value specified in Vcenter Identity Providers UpdateSpec.upn_claim, if any.

string
groups_claim
Optional

Specifies which claim provides the group membership for the token subject.

This property was added in vSphere API 7.0.0.0.

If missing or null, leaves value unchanged.

boolean
reset_groups_claim
Optional

Flag indicating whether any existing groups claim value should be removed. If this field is set to true, the existing groups claim value is removed which defaults to backwards compatibility with CSP. In this case, the groups for the subject will be comprised of the groups in 'group_names' and 'group_ids' claims. If this field is set to false, the existing groups claim will be changed to the value specified in Vcenter Identity Providers UpdateSpec.groups_claim, if any.

This property was added in vSphere API 7.0.0.0.

If missing or null, the existing groups claim will be changed to the value specified in Vcenter Identity Providers UpdateSpec.groups_claim, if any.

string
federation_type
Optional

The type of the identity provider

For more information see: Vcenter Identity FederationType.

This property was added in vSphere API 8.0.1.0.

If missing or null, leaves value unchanged.