NamespaceManagement_Supervisors_Identity_Providers_Info

NamespaceManagement_Supervisors_Identity_Providers_Info
NamespaceManagement_Supervisors_Identity_Providers_Info

The Providers.Info structure provides details about an identity provider configured with a Supervisor.

JSON Example 
{
    "provider": "string",
    "display_name": "string",
    "issuer_URL": "string",
    "username_claim": "string",
    "groups_claim": "string",
    "client_ID": "string",
    "certificate_authority_data": "string",
    "additional_scopes": [
        "string"
    ],
    "additional_authorize_parameters": {
        "additional_authorize_parameters": "string"
    }
}
string
provider
Required

The immutable identifier of an identity provider generated when an identity provider is registered for a Supervisor. When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

string
display_name
Required

A name to be used for the given identity provider. This name will be displayed in the vCenter UI.

string
issuer_URL
Required

The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme.

string
username_claim
Optional

The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. If unset, the upstream issuer URL will be concatenated with the 'sub' claim to generate the username to be used with Kubernetes.

string
groups_claim
Optional

The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. If unset, no groups will be used from the upstream identity provider.

string
client_ID
Required

The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor.

string
certificate_authority_data
Optional

The certificate authority data holds the trusted roots to be used to establish HTTPS connections with the identity provider. If unset, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.

array of string
additional_scopes
Optional

Additional scopes to be requested in tokens issued by this identity provider. The 'openid' scope will always be requested. If unset, no additional scopes will be requested.

object
additional_authorize_parameters
Optional

Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware's Cloud Services Platform, if your organization ID is 'long-form-org-id', the 'orgLink' parameter can be set to "/csp/gateway/am/api/orgs/long-form-org-id" to allow users logging in to leverage that organization. If unset, no additional parameters will be sent to the upstream identity provider.