[{"label":"Latest (5.0.0)","version":"latest"},{"version":"4.5.1"},{"version":"4.5.0"},{"version":"4.4.0"},{"version":"4.3.1"},{"link":"https://developer.vmware.com/apis/1127/vmware-cloud-foundation","version":"4.3"},{"link":"https://developer.vmware.com/apis/1078/vmware-cloud-foundation","version":"4.2"},{"link":"https://developer.vmware.com/apis/1033/vmware-cloud-foundation","version":"4.1"},{"link":"https://developer.vmware.com/apis/1003/vmware-cloud-foundation","version":"4.0.1"},{"link":"https://developer.vmware.com/apis/939/vmware-cloud-foundation","version":"4.0"}]
vcf-for-vxrail
VMware Cloud Foundation on Dell EMC VxRail API Reference Guide

Identity Providers

APIs for managing Identity Providers

Table of Contents

1. Get all Identity Providers

  • This API is used to get a list of all Identity Providers

Tip : Please refer to IdentityProvider

1.1. Prerequisites

None

1.2. Steps

  • Invoke the API.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers' -i -X GET \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/identity-providers HTTP/1.1
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1682

{
  "elements" : [ {
    "id" : "b9103988-c8a4-4f66-8076-42c93d480bbe",
    "name" : "Embedded IDP",
    "type" : "Embedded",
    "identitySources" : [ {
      "name" : "vsphere.local",
      "type" : "SystemDomain",
      "domainNames" : [ "vsphere.local" ]
    }, {
      "name" : "localos",
      "type" : "LocalOs",
      "domainNames" : [ "localos" ]
    }, {
      "name" : "embedded-ids-name",
      "type" : "ActiveDirectory",
      "domainNames" : [ "embedded-ids.com" ],
      "ldap" : {
        "type" : "ActiveDirectory",
        "domainName" : "embedded-ids.com",
        "domainAlias" : "embedded-ids",
        "username" : "test-user@domain.com",
        "sourceDetails" : {
          "usersBaseDn" : "users-base-dn",
          "groupsBaseDn" : "groups-base-dn",
          "certChain" : [ ],
          "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
        }
      }
    } ],
    "status" : "inactive"
  }, {
    "id" : "bb7a3e9b-8322-4b0e-9431-3ed00b17a821",
    "name" : "My AD Identity Source",
    "type" : "Microsoft ADFS",
    "domainNames" : [ "external-idp.com" ],
    "ldap" : {
      "type" : "Oidc",
      "domainName" : "external-idp.com",
      "domainAlias" : "external-idp",
      "username" : "test-user@domain.com",
      "sourceDetails" : {
        "usersBaseDn" : "users-base-dn",
        "groupsBaseDn" : "groups-base-dn",
        "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
      }
    },
    "oidc" : {
      "clientId" : "4be2e29f-2be3-49a2-87b9-3614dea398ba",
      "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
    },
    "status" : "active"
  } ]
}

2. Get Identity Provider

Retrieve detailed information of the specified identity provider.

2.1. Prerequisites

The following data is required

  • Identifier of the provider

2.2. Steps

  • Invoke the API.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/14903101-fe54-448e-96be-6ffadad2284f' -i -X GET \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/identity-providers/14903101-fe54-448e-96be-6ffadad2284f HTTP/1.1
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 684

{
  "id" : "14903101-fe54-448e-96be-6ffadad2284f",
  "name" : "My AD Identity Source",
  "type" : "Microsoft ADFS",
  "domainNames" : [ "external-idp.com" ],
  "ldap" : {
    "type" : "Oidc",
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "90f5489e-d7e8-46ad-8324-e86d3fa2de38",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  },
  "status" : "active"
}

3. Add an embedded Identity Source

3.1. Prerequisites

The following data is required

  • Identifier of the embedded Identity Provider

Tip : Please refer to IdentitySourceSpec.

3.2. Steps

  • Fetch the ID for the embedded identity provider from the list Identity Providers Response.

Tip : Refer to Get all Identity Providers

  • Invoke the API to add an embedded identity source.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/cc81918d-6772-41ca-8b1b-494aa01c04a0/identity-sources' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "name" : "My AD Identity Source",
  "ldap" : {
    "type" : "ActiveDirectory",
    "domainName" : "embedded-ids.com",
    "domainAlias" : "embedded-ids",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  }
}'

HTTP Request

POST /v1/identity-providers/cc81918d-6772-41ca-8b1b-494aa01c04a0/identity-sources HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 452
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "name" : "My AD Identity Source",
  "ldap" : {
    "type" : "ActiveDirectory",
    "domainName" : "embedded-ids.com",
    "domainAlias" : "embedded-ids",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  }
}

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 68

Added Identity source with domain name embedded-ids.com successfully

4. Update an embedded Identity Source

4.1. Prerequisites

The following data is required

  • Identifier of the embedded Identity Provider

  • The domain name associated with the identity source

Tip : Please refer to IdentitySourceSpec.

4.2. Steps

  • Fetch the ID for the embedded identity provider and the domain name associated with the identity source from the list Identity Providers Response.

Tip : Refer to Get all Identity Providers

  • Invoke the API to delete an embedded identity source.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/d57ec6b3-9cb3-4603-9276-ebef8990a5ef/identity-sources/embedded-ids.com' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "name" : "My AD Identity Source",
  "ldap" : {
    "type" : "ActiveDirectory",
    "domainName" : "embedded-ids.com",
    "domainAlias" : "embedded-ids",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  }
}'

HTTP Request

PATCH /v1/identity-providers/d57ec6b3-9cb3-4603-9276-ebef8990a5ef/identity-sources/embedded-ids.com HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 452
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "name" : "My AD Identity Source",
  "ldap" : {
    "type" : "ActiveDirectory",
    "domainName" : "embedded-ids.com",
    "domainAlias" : "embedded-ids",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  }
}

HTTP Response

HTTP/1.1 204 No Content

5. Delete an embedded Identity Source

5.1. Prerequisites

The following data is required

  • Identifier of the embedded Identity Provider

  • The domain name associated with the identity source

5.2. Steps

  • Fetch the ID for the embedded identity provider and the domain name associated with the identity source from the list Identity Providers Response.

Tip : Refer to Get all Identity Providers

  • Invoke the API to delete an embedded identity source.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/649db6a0-1606-4341-92f8-d5df6f4184a7/identity-sources/embedded-ids.com' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

DELETE /v1/identity-providers/649db6a0-1606-4341-92f8-d5df6f4184a7/identity-sources/embedded-ids.com HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 204 No Content

6. Add an external Identity Provider

6.1. Prerequisites

The following data is needed:

  • Identity Provider Spec details

Tip : Please refer to IdentityProviderSpec.

6.2. Steps

  • Invoke the API to add an external identity provider.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "name" : "My ADFS",
  "type" : "ActiveDirectory",
  "certChain" : [ ],
  "ldap" : {
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "6619e3ff-8e06-4892-8031-0d27a40b54ba",
    "clientSecret" : "23bf3c38-28bb-43a3-8bf7-6c16f2e3324c",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  }
}'

HTTP Request

POST /v1/identity-providers HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 673
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "name" : "My ADFS",
  "type" : "ActiveDirectory",
  "certChain" : [ ],
  "ldap" : {
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "6619e3ff-8e06-4892-8031-0d27a40b54ba",
    "clientSecret" : "23bf3c38-28bb-43a3-8bf7-6c16f2e3324c",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  }
}

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 36

bb65e41c-e00d-4d74-b417-db72df6024f9

7. Update an external Identity Provider

7.1. Prerequisites

The following data is required

  • Identifier of the external Identity Provider

Tip : Please refer to IdentityProviderSpec.

7.2. Steps

  • Invoke the API to update an external identity provider.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/373d09f7-a47e-42d8-9597-293ff84ee6f6' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "name" : "My ADFS",
  "type" : "ActiveDirectory",
  "certChain" : [ ],
  "ldap" : {
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "e51a82a2-1689-4175-87f5-7d8f43058dea",
    "clientSecret" : "ecea94de-1483-47f7-8b78-329de996ca15",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  }
}'

HTTP Request

PATCH /v1/identity-providers/373d09f7-a47e-42d8-9597-293ff84ee6f6 HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 673
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "name" : "My ADFS",
  "type" : "ActiveDirectory",
  "certChain" : [ ],
  "ldap" : {
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "e51a82a2-1689-4175-87f5-7d8f43058dea",
    "clientSecret" : "ecea94de-1483-47f7-8b78-329de996ca15",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  }
}

HTTP Response

HTTP/1.1 204 No Content

8. Delete an external Identity Provider

8.1. Prerequisites

The following data is required

  • Identifier of the external Identity Provider

8.2. Steps

  • Invoke the API to delete an external identity provider.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/c6dfc1ca-6dbd-461c-b1e9-bea36bdf2786' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

DELETE /v1/identity-providers/c6dfc1ca-6dbd-461c-b1e9-bea36bdf2786 HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 204 No Content

Last updated 2023-04-27 11:11:38 PDT

Operations



[{"label":"Latest (5.0.0)","version":"latest"},{"version":"4.5.1"},{"version":"4.5.0"},{"version":"4.4.0"},{"version":"4.3.1"},{"link":"https://developer.vmware.com/apis/1127/vmware-cloud-foundation","version":"4.3"},{"link":"https://developer.vmware.com/apis/1078/vmware-cloud-foundation","version":"4.2"},{"link":"https://developer.vmware.com/apis/1033/vmware-cloud-foundation","version":"4.1"},{"link":"https://developer.vmware.com/apis/1003/vmware-cloud-foundation","version":"4.0.1"},{"link":"https://developer.vmware.com/apis/939/vmware-cloud-foundation","version":"4.0"}]
vcf-for-vxrail
Feedback

Was this page helpful?