Identity_Providers_Info

Identity_Providers_Info
Identity_Providers_Info

The Providers.Info structure contains the information about an identity provider.

JSON Example
{
    "name": "string",
    "org_ids": [
        "string"
    ],
    "config_tag": "string",
    "oauth2": {
        "auth_endpoint": "string",
        "token_endpoint": "string",
        "public_key_uri": "string",
        "client_id": "string",
        "client_secret": "string",
        "claim_map": {
            "claim_map": {
                "claim_map": [
                    "string"
                ]
            }
        },
        "issuer": "string",
        "authentication_method": "string",
        "auth_query_params": {
            "auth_query_params": [
                "string"
            ]
        }
    },
    "oidc": {
        "discovery_endpoint": "string",
        "logout_endpoint": "string",
        "auth_endpoint": "string",
        "token_endpoint": "string",
        "public_key_uri": "string",
        "client_id": "string",
        "client_secret": "string",
        "claim_map": {
            "claim_map": {
                "claim_map": [
                    "string"
                ]
            }
        },
        "issuer": "string",
        "authentication_method": "Identity_Providers_Oauth2AuthenticationMethod Object",
        "auth_query_params": {
            "auth_query_params": [
                "string"
            ]
        }
    },
    "is_default": false,
    "domain_names": [
        "string"
    ],
    "auth_query_params": {
        "auth_query_params": [
            "string"
        ]
    },
    "idm_protocol": "string",
    "idm_endpoints": [
        "string"
    ],
    "active_directory_over_ldap": {
        "user_name": "string",
        "password": "string",
        "users_base_dn": "string",
        "groups_base_dn": "string",
        "server_endpoints": [
            "string"
        ],
        "cert_chain": {
            "cert_chain": [
                "string"
            ]
        }
    },
    "upn_claim": "string",
    "groups_claim": "string",
    "federation_type": "string"
}
string
name
Optional

The user friendly name for the provider This field is optional because it was added in a newer version than its parent node.

array of string
org_ids
Required

The set of orgIds as part of SDDC creation which provides the basis for tenancy

config_tag
Required

The Providers.ConfigType structure contains the possible types of vCenter Server identity providers.
Oauth2 : Config for OAuth2
Oidc : Config for OIDC

oauth2
Optional

The Providers.Oauth2Info structure contains the information about an OAuth2 identity provider.

oidc
Optional

The Providers.OidcInfo structure contains information about an OIDC identity provider. OIDC is a discovery protocol for OAuth2 configuration metadata, so Providers.OidcInfo contains additional discovered OAuth2 metadata.

boolean
is_default
Required

Specifies whether the provider is the default provider.

array of string
domain_names
Optional

Set of fully qualified domain names to trust when federating with this identity provider. Tokens from this identity provider will only be validated if the user belongs to one of these domains, and any domain-qualified groups in the tokens will be filtered to include only those groups that belong to one of these domains. If domainNames is an empty set, domain validation behavior at login with this identity provider will be as follows: the user's domain will be parsed from the User Principal Name (UPN) value that is found in the tokens returned by the identity provider. This domain will then be implicitly trusted and used to filter any groups that are also provided in the tokens. This field is optional because it was added in a newer version than its parent node.

object
auth_query_params
Optional

key/value pairs that are to be appended to the authEndpoint request.

How to append to authEndpoint request: If the map is not empty, a "?" is added to the endpoint URL, and combination of each k and each string in the v is added with an "&" delimiter. Details:

  • If the value contains only one string, then the key is added with "k=v".
  • If the value is an empty list, then the key is added without a "=v".
  • If the value contains multiple strings, then the key is repeated in the query-string for each string in the value.

This field is optional because it was added in a newer version than its parent node.

idm_protocol
Optional

The Providers.IdmProtocol structure contains the possible types of communication protocols to the identity management endpoints.
REST : REST protocol based identity management endpoints
SCIM : SCIM V1.1 protocol based identity management endpoints
SCIM2_0 : SCIM V2.0 protocol based identity management endpoints
LDAP : LDAP protocol based identity management endpoints

array of string
idm_endpoints
Optional

Identity management endpoints. This field is optional and it is only relevant when the value of Providers.Info.idm-protocol is one of REST, SCIM, or SCIM2_0.

active_directory_over_ldap
Optional

The Providers.ActiveDirectoryOverLdap structure contains the information about to how to use an Active Directory over LDAP connection to allow searching for users and groups if the identity provider is an On-Prem service.

string
upn_claim
Optional

Specifies which claim provides the user principal name (UPN) for the user. This field is optional because it was added in a newer version than its parent node.

string
groups_claim
Optional

Specifies which claim provides the group membership for the token subject. If empty, the default behavior for CSP is used. In this case, the groups for the subject will be comprised of the groups in 'group_names' and 'group_ids' claims. This field is optional because it was added in a newer version than its parent node.

federation_type
Optional

The FederationType enumerated type contains the possible types of federation paths for, vCenter Server identity providers configuration.
DIRECT_FEDERATION : vCenter Server federated directly to the external identity provider.
INDIRECT_FEDERATION : vCenter Server federated indirectly to the external identity provider, by means of an intermediary federation broker.