NamespaceManagement_Supervisors_Identity_Providers_UpdateSpec

NamespaceManagement_Supervisors_Identity_Providers_UpdateSpec
NamespaceManagement_Supervisors_Identity_Providers_UpdateSpec

The Providers.UpdateSpec structure contains the specification required to update the configuration of an identity provider used with a Supervisor.

JSON Example
{
    "display_name": "string",
    "issuer_URL": "string",
    "username_claim": "string",
    "unset_username_claim": false,
    "groups_claim": "string",
    "unset_groups_claim": false,
    "client_ID": "string",
    "client_secret": "string",
    "certificate_authority_data": "string",
    "unset_certificate_authority_data": false,
    "additional_scopes": [
        "string"
    ],
    "additional_authorize_parameters": {
        "additional_authorize_parameters": "string"
    }
}
string
display_name
Optional

A name to be used for the given identity provider. This name will be displayed in the vCenter UI. if unset, the name will remained unchanged.

string
issuer_URL
Optional

The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. If unset, the issuer URL will not be updated.

string
username_claim
Optional

The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. If unset, the username claim will not be updated.

boolean
unset_username_claim
Optional

This represents the intent of the change to Providers.UpdateSpec.username-claim. If this field is set to true, the existing 'usernameClaim' value will be removed. If this field is set to false, the existing username claim will be changed to the value specified in Providers.UpdateSpec.username-claim, if any. If unset, the existing 'usernameClaim' value will be changed to the value specified in Providers.UpdateSpec.username-claim, if any.

string
groups_claim
Optional

The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. If unset, the groups claim will not be updated.

boolean
unset_groups_claim
Optional

This represents the intent of the change to Providers.UpdateSpec.groups-claim. If this field is set to true, the existing 'groupsClaim' value will be removed. If this field is set to false, the existing groups claim will be changed to the value specified in Providers.UpdateSpec.groups-claim, if any. If unset, the existing 'groupsClaim' value will be changed to the value specified in Providers.UpdateSpec.groups-claim, if any.

string
client_ID
Optional

The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. If unset, the client ID will not be updated.

string As password
client_secret
Optional

The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider. If unset, the client secret will not be updated.

string
certificate_authority_data
Optional

Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value. If unset, the certificate authority data will not be updated.

boolean
unset_certificate_authority_data
Optional

This represents the intent of the change to Providers.UpdateSpec.certificate-authority-data. If this field is set to true, the existing 'certificateAuthorityData' value will be removed. If this field is set to false, the existing certificate authority data will be changed to the value specified in Providers.UpdateSpec.certificate-authority-data, if any. If unset, the existing 'certificateAuthorityData' value will be changed to the value specified in Providers.UpdateSpec.certificate-authority-data, if any.

array of string
additional_scopes
Optional

Additional scopes to be requested in tokens issued by this identity provider. If unset, the additional scopes will not be updated.

object
additional_authorize_parameters
Optional

Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware's Cloud Services Platform, if your organization ID is 'long-form-org-id', the 'orgLink' parameter can be set to "/csp/gateway/am/api/orgs/long-form-org-id" to allow users logging in to leverage that organization. If unset, the additional parameters will not be updated.