VMware Developer Documentation
API Reference PowerCLI Reference
[{"label":"Latest (5.0.0)","version":"latest"},{"version":"4.5.1"},{"version":"4.5.0"},{"version":"4.4.0"},{"version":"4.3.1"},{"link":"https://developer.vmware.com/apis/1126/vmware-cloud-foundation","version":"4.3"},{"link":"https://developer.vmware.com/apis/1077/vmware-cloud-foundation","version":"4.2"},{"link":"https://developer.vmware.com/apis/1032/vmware-cloud-foundation","version":"4.1"},{"link":"https://developer.vmware.com/apis/1002/vmware-cloud-foundation","version":"4.0.1"},{"link":"https://developer.vmware.com/apis/921/vmware-cloud-foundation","version":"4.0"},{"link":"https://developer.vmware.com/apis/925/vmware-cloud-foundation","version":"3.10"},{"link":"https://developer.vmware.com/apis/891/vmware-cloud-foundation","version":"3.9.1"},{"link":"https://developer.vmware.com/apis/723/vmware-cloud-foundation","version":"3.9.0"},{"link":"https://developer.vmware.com/apis/711/vmware-cloud-foundation","version":"3.8.1"},{"link":"https://developer.vmware.com/apis/685/vmware-cloud-foundation","version":"3.8"}]
vcf
VMware Cloud Foundation API Reference Guide

Identity Providers

APIs for managing Identity Providers

Table of Contents

1. Get all Identity Providers

  • This API is used to get a list of all Identity Providers

Tip : Please refer to IdentityProvider

1.1. Prerequisites

None

1.2. Steps

  • Invoke the API.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers' -i -X GET \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/identity-providers HTTP/1.1
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1682

{
  "elements" : [ {
    "id" : "b9103988-c8a4-4f66-8076-42c93d480bbe",
    "name" : "Embedded IDP",
    "type" : "Embedded",
    "identitySources" : [ {
      "name" : "vsphere.local",
      "type" : "SystemDomain",
      "domainNames" : [ "vsphere.local" ]
    }, {
      "name" : "localos",
      "type" : "LocalOs",
      "domainNames" : [ "localos" ]
    }, {
      "name" : "embedded-ids-name",
      "type" : "ActiveDirectory",
      "domainNames" : [ "embedded-ids.com" ],
      "ldap" : {
        "type" : "ActiveDirectory",
        "domainName" : "embedded-ids.com",
        "domainAlias" : "embedded-ids",
        "username" : "test-user@domain.com",
        "sourceDetails" : {
          "usersBaseDn" : "users-base-dn",
          "groupsBaseDn" : "groups-base-dn",
          "certChain" : [ ],
          "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
        }
      }
    } ],
    "status" : "inactive"
  }, {
    "id" : "bb7a3e9b-8322-4b0e-9431-3ed00b17a821",
    "name" : "My AD Identity Source",
    "type" : "Microsoft ADFS",
    "domainNames" : [ "external-idp.com" ],
    "ldap" : {
      "type" : "Oidc",
      "domainName" : "external-idp.com",
      "domainAlias" : "external-idp",
      "username" : "test-user@domain.com",
      "sourceDetails" : {
        "usersBaseDn" : "users-base-dn",
        "groupsBaseDn" : "groups-base-dn",
        "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
      }
    },
    "oidc" : {
      "clientId" : "4be2e29f-2be3-49a2-87b9-3614dea398ba",
      "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
    },
    "status" : "active"
  } ]
}

2. Get Identity Provider

Retrieve detailed information of the specified identity provider.

2.1. Prerequisites

The following data is required

  • Identifier of the provider

2.2. Steps

  • Invoke the API.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/14903101-fe54-448e-96be-6ffadad2284f' -i -X GET \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/identity-providers/14903101-fe54-448e-96be-6ffadad2284f HTTP/1.1
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 684

{
  "id" : "14903101-fe54-448e-96be-6ffadad2284f",
  "name" : "My AD Identity Source",
  "type" : "Microsoft ADFS",
  "domainNames" : [ "external-idp.com" ],
  "ldap" : {
    "type" : "Oidc",
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "90f5489e-d7e8-46ad-8324-e86d3fa2de38",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  },
  "status" : "active"
}

3. Add an embedded Identity Source

3.1. Prerequisites

The following data is required

  • Identifier of the embedded Identity Provider

Tip : Please refer to IdentitySourceSpec.

3.2. Steps

  • Fetch the ID for the embedded identity provider from the list Identity Providers Response.

Tip : Refer to Get all Identity Providers

  • Invoke the API to add an embedded identity source.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/cc81918d-6772-41ca-8b1b-494aa01c04a0/identity-sources' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "name" : "My AD Identity Source",
  "ldap" : {
    "type" : "ActiveDirectory",
    "domainName" : "embedded-ids.com",
    "domainAlias" : "embedded-ids",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  }
}'

HTTP Request

POST /v1/identity-providers/cc81918d-6772-41ca-8b1b-494aa01c04a0/identity-sources HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 452
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "name" : "My AD Identity Source",
  "ldap" : {
    "type" : "ActiveDirectory",
    "domainName" : "embedded-ids.com",
    "domainAlias" : "embedded-ids",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  }
}

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 68

Added Identity source with domain name embedded-ids.com successfully

4. Update an embedded Identity Source

4.1. Prerequisites

The following data is required

  • Identifier of the embedded Identity Provider

  • The domain name associated with the identity source

Tip : Please refer to IdentitySourceSpec.

4.2. Steps

  • Fetch the ID for the embedded identity provider and the domain name associated with the identity source from the list Identity Providers Response.

Tip : Refer to Get all Identity Providers

  • Invoke the API to delete an embedded identity source.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/d57ec6b3-9cb3-4603-9276-ebef8990a5ef/identity-sources/embedded-ids.com' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "name" : "My AD Identity Source",
  "ldap" : {
    "type" : "ActiveDirectory",
    "domainName" : "embedded-ids.com",
    "domainAlias" : "embedded-ids",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  }
}'

HTTP Request

PATCH /v1/identity-providers/d57ec6b3-9cb3-4603-9276-ebef8990a5ef/identity-sources/embedded-ids.com HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 452
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "name" : "My AD Identity Source",
  "ldap" : {
    "type" : "ActiveDirectory",
    "domainName" : "embedded-ids.com",
    "domainAlias" : "embedded-ids",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  }
}

HTTP Response

HTTP/1.1 204 No Content

5. Delete an embedded Identity Source

5.1. Prerequisites

The following data is required

  • Identifier of the embedded Identity Provider

  • The domain name associated with the identity source

5.2. Steps

  • Fetch the ID for the embedded identity provider and the domain name associated with the identity source from the list Identity Providers Response.

Tip : Refer to Get all Identity Providers

  • Invoke the API to delete an embedded identity source.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/649db6a0-1606-4341-92f8-d5df6f4184a7/identity-sources/embedded-ids.com' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

DELETE /v1/identity-providers/649db6a0-1606-4341-92f8-d5df6f4184a7/identity-sources/embedded-ids.com HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 204 No Content

6. Add an external Identity Provider

6.1. Prerequisites

The following data is needed:

  • Identity Provider Spec details

Tip : Please refer to IdentityProviderSpec.

6.2. Steps

  • Invoke the API to add an external identity provider.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "name" : "My ADFS",
  "type" : "ActiveDirectory",
  "certChain" : [ ],
  "ldap" : {
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "6619e3ff-8e06-4892-8031-0d27a40b54ba",
    "clientSecret" : "23bf3c38-28bb-43a3-8bf7-6c16f2e3324c",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  }
}'

HTTP Request

POST /v1/identity-providers HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 673
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "name" : "My ADFS",
  "type" : "ActiveDirectory",
  "certChain" : [ ],
  "ldap" : {
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "6619e3ff-8e06-4892-8031-0d27a40b54ba",
    "clientSecret" : "23bf3c38-28bb-43a3-8bf7-6c16f2e3324c",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  }
}

HTTP Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 36

bb65e41c-e00d-4d74-b417-db72df6024f9

7. Update an external Identity Provider

7.1. Prerequisites

The following data is required

  • Identifier of the external Identity Provider

Tip : Please refer to IdentityProviderSpec.

7.2. Steps

  • Invoke the API to update an external identity provider.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/373d09f7-a47e-42d8-9597-293ff84ee6f6' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "name" : "My ADFS",
  "type" : "ActiveDirectory",
  "certChain" : [ ],
  "ldap" : {
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "e51a82a2-1689-4175-87f5-7d8f43058dea",
    "clientSecret" : "ecea94de-1483-47f7-8b78-329de996ca15",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  }
}'

HTTP Request

PATCH /v1/identity-providers/373d09f7-a47e-42d8-9597-293ff84ee6f6 HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 673
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "name" : "My ADFS",
  "type" : "ActiveDirectory",
  "certChain" : [ ],
  "ldap" : {
    "domainName" : "external-idp.com",
    "domainAlias" : "external-idp",
    "username" : "test-user@domain.com",
    "password" : "xxxxxxxxx",
    "sourceDetails" : {
      "usersBaseDn" : "users-base-dn",
      "groupsBaseDn" : "groups-base-dn",
      "certChain" : [ ],
      "serverEndpoints" : [ "ldap://dns01.domain.com", "ldap://dns02.domain.com" ]
    }
  },
  "oidc" : {
    "clientId" : "e51a82a2-1689-4175-87f5-7d8f43058dea",
    "clientSecret" : "ecea94de-1483-47f7-8b78-329de996ca15",
    "discoveryEndpoint" : "https://domain.com/.well-known/openid-configuration"
  }
}

HTTP Response

HTTP/1.1 204 No Content

8. Delete an external Identity Provider

8.1. Prerequisites

The following data is required

  • Identifier of the external Identity Provider

8.2. Steps

  • Invoke the API to delete an external identity provider.

Note : For the sake of brevity, the Bearer tokens in the Authorization header has been abbreviated in the code snippets throughout this document.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/identity-providers/c6dfc1ca-6dbd-461c-b1e9-bea36bdf2786' -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

DELETE /v1/identity-providers/c6dfc1ca-6dbd-461c-b1e9-bea36bdf2786 HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 204 No Content

Last updated 2023-04-27 11:11:38 PDT

Operations


post
Add Embedded Identity Source
Add an embedded Identity source
post
Add External Identity Provider
Add an external Identity provider
delete
Delete External Identity Provider
Delete an external Identity Provider
delete
Delete Identity Source
Delete an Identity Source
get
Get All IDPs
Get all Identity Providers
get
Get Identity Provider By ID
Get Identity Provider By Id
patch
Update Embedded Identity Source
Update an embedded Identity source
patch
Update External Identity Provider
Update an external Identity provider

Generated on: 25 May 23 10:38 UTC
[{"label":"Latest (5.0.0)","version":"latest"},{"version":"4.5.1"},{"version":"4.5.0"},{"version":"4.4.0"},{"version":"4.3.1"},{"link":"https://developer.vmware.com/apis/1126/vmware-cloud-foundation","version":"4.3"},{"link":"https://developer.vmware.com/apis/1077/vmware-cloud-foundation","version":"4.2"},{"link":"https://developer.vmware.com/apis/1032/vmware-cloud-foundation","version":"4.1"},{"link":"https://developer.vmware.com/apis/1002/vmware-cloud-foundation","version":"4.0.1"},{"link":"https://developer.vmware.com/apis/921/vmware-cloud-foundation","version":"4.0"},{"link":"https://developer.vmware.com/apis/925/vmware-cloud-foundation","version":"3.10"},{"link":"https://developer.vmware.com/apis/891/vmware-cloud-foundation","version":"3.9.1"},{"link":"https://developer.vmware.com/apis/723/vmware-cloud-foundation","version":"3.9.0"},{"link":"https://developer.vmware.com/apis/711/vmware-cloud-foundation","version":"3.8.1"},{"link":"https://developer.vmware.com/apis/685/vmware-cloud-foundation","version":"3.8"}]
vcf
Feedback

Was this page helpful?

© 2023 VMware Inc. Terms of Use Privacy Your California Privacy Rights Accessibility Trademarks Glossary Help Contact Us