This API has a deprecated equivalent from v7.0U1.
Update Providers
Update a vCenter Server identity provider. if you do not have all of the privileges described as follows: - Operation execution requires VcIdentityProviders.Manage.
Request
URLURL
https://{api_host}/api/vcenter/identity/providers/{provider}
Path Parameters
Path Parameters
string
provider
Required
the identifier of the provider to update The parameter must be an identifier for the resource type: com.vmware.vcenter.identity.Providers.
Header Parameters
Header Parameters
string
vmware-api-session-id
Required
Required session ID, acquired from Create Session API under CIS product
vmware-api-session-id example
"b00db39f948d13ea1e59b4d6fce56389"
Request Body
Request Body
IdentityProvidersUpdateSpec of mimetype application/json
Required
the UpdateSpec contains the information used to update the provider
{
"config_tag": "Oauth2"
}
config_tag
Required
The Providers.ConfigType structure contains the possible types of vCenter Server identity providers.
Oauth2 : Config for OAuth2
Oidc : Config for OIDC
Possible values are: Oauth2 , Oidc
active_directory_over_ldap
Optional
Identity management configuration. If the protocol is LDAP, the configuration must be set, else InvalidArgument is thrown This field is optional and it is only relevant when the value of Providers.UpdateSpec.idm-protocol is LDAP.
map of
string
auth_query_params
Optional
key/value pairs that are to be appended to the authEndpoint request. How to append to authEndpoint request: If the map is not empty, a “?” is added to the endpoint URL, and combination of each k and each string in the v is added with an “&” delimiter. Details: If the value contains only one string, then the key is added with “k=v”. If the value is an empty list, then the key is added without a “=v”. If the value contains multiple strings, then the key is repeated in the query-string for each string in the value. If the map is empty, deletes all params. If unset, leaves value unchanged.
array of
string
domain_names
Optional
Set of fully qualified domain names to trust when federating with this identity provider. Tokens from this identity provider will only be validated if the user belongs to one of these domains, and any domain-qualified groups in the tokens will be filtered to include only those groups that belong to one of these domains. If unset, leaves value unchanged. If domainNames is an empty set, domain validation behavior at login with this identity provider will be as follows: the user’s domain will be parsed from the User Principal Name (UPN) value that is found in the tokens returned by the identity provider. This domain will then be implicitly trusted and used to filter any groups that are also provided in the tokens.
federation_type
Optional
The FederationType enumerated type contains the possible types of federation paths for, vCenter Server identity providers configuration.
DIRECT_FEDERATION : vCenter Server federated directly to the external identity provider.
INDIRECT_FEDERATION : vCenter Server federated indirectly to the external identity provider, by means of an intermediary federation broker.
Possible values are: DIRECT_FEDERATION , INDIRECT_FEDERATION
string
groups_claim
Optional
Specifies which claim provides the group membership for the token subject. If unset, leaves value unchanged.
array of
string
idm_endpoints
Optional
Identity management endpoints. When specified, at least one endpoint must be provided. This field is optional and it is only relevant when the value of Providers.UpdateSpec.idm-protocol is one of REST, SCIM, or SCIM2_0.
idm_protocol
Optional
The Providers.IdmProtocol structure contains the possible types of communication protocols to the identity management endpoints.
REST : REST protocol based identity management endpoints
SCIM : SCIM V1.1 protocol based identity management endpoints
SCIM2_0 : SCIM V2.0 protocol based identity management endpoints
LDAP : LDAP protocol based identity management endpoints
Possible values are: REST , SCIM , SCIM2_0 , LDAP
boolean
make_default
Optional
Specifies whether to make this the default provider. If Providers.UpdateSpec.make-default is set to true, this provider will be flagged as the default provider and any other providers that had previously been flagged as the default will be made non-default. If Providers.UpdateSpec.make-default is set to false, this provider’s default flag will not be modified. If unset, leaves value unchanged.
string
name
Optional
The user friendly name for the provider. This name can be used for human-readable identification purposes, but it does not have to be unique, as the system will use internal UUIDs to differentiate providers. If unset, leaves value unchanged.
oauth2
Optional
OAuth2 UpdateSpec This field is optional and it is only relevant when the value of Providers.UpdateSpec.config-tag is Oauth2.
oidc
Optional
OIDC UpdateSpec This field is optional and it is only relevant when the value of Providers.UpdateSpec.config-tag is Oidc.
array of
string
org_ids
Optional
The set orgIds as part of SDDC creation which provides the basis for tenancy If unset, leaves value unchanged.
boolean
reset_groups_claim
Optional
Flag indicating whether any existing groups claim value should be removed. If this field is set to true, the existing groups claim value is removed which defaults to backwards compatibility with CSP. In this case, the groups for the subject will be comprised of the groups in ‘group_names’ and ‘group_ids’ claims. If this field is set to false, the existing groups claim will be changed to the value specified in Providers.UpdateSpec.groups-claim, if any. If unset, the existing groups claim will be changed to the value specified in Providers.UpdateSpec.groups-claim, if any.
boolean
reset_upn_claim
Optional
Flag indicating whether the user principal name (UPN) claim should be set back to its default value. If this field is set to true, the user principal name (UPN) claim will be set to ‘acct’, which is used for backwards compatibility with CSP. If this field is set to false, the existing user principal name (UPN) claim will be changed to the value specified in Providers.UpdateSpec.upn-claim, if any. If unset, the existing user principal name (UPN) claim will be changed to the value specified in Providers.UpdateSpec.upn-claim, if any.
string
upn_claim
Optional
Specifies which claim provides the user principal name (UPN) for the subject of the token. If unset, leaves value unchanged.
Authentication
This operation uses the following authentication methods.
Errors
Errors
400
com.vmware.vapi.std.errors.invalid_argument : if invalid arguments are provided in updateSpec.
404
com.vmware.vapi.std.errors.not_found : if no provider found with the given provider identifier.
default
‘Default’ means this response is used for all HTTP codes that are not covered individually for this operation.
Code Samples
PowerCLI Client SDK Example
$IdentityProvidersUpdateSpec = Initialize-IdentityProvidersUpdateSpec -ConfigTag "Oauth2"
Invoke-UpdateProviderIdentity -Provider "MyProvider" -IdentityProvidersUpdateSpec $IdentityProvidersUpdateSpec
PowerCLI Client SDK All Parameters Example
$IdentityProvidersOauth2UpdateSpec = Initialize-IdentityProvidersOauth2UpdateSpec -AuthEndpoint "MyAuthEndpoint" -TokenEndpoint "MyTokenEndpoint" -PublicKeyUri "MyPublicKeyUri" -ClientId "MyClientId" -ClientSecret "MyClientSecret" -ClaimMap @{ key_example = @{ key_example = "MyInner" } } -Issuer "MyIssuer" -AuthenticationMethod "CLIENT_SECRET_BASIC" -AuthQueryParams @{ key_example = "MyInner" }
$IdentityProvidersOidcUpdateSpec = Initialize-IdentityProvidersOidcUpdateSpec -DiscoveryEndpoint "MyDiscoveryEndpoint" -ClientId "MyClientId" -ClientSecret "MyClientSecret" -ClaimMap @{ key_example = @{ key_example = "MyInner" } }
$CertificateManagementX509CertChain = Initialize-CertificateManagementX509CertChain -CertChain "MyCertChain"
$IdentityProvidersActiveDirectoryOverLdap = Initialize-IdentityProvidersActiveDirectoryOverLdap -UserName "MyUserName" -Password "MyPassword" -UsersBaseDn "MyUsersBaseDn" -GroupsBaseDn "MyGroupsBaseDn" -ServerEndpoints "MyServerEndpoints" -CertChain $CertificateManagementX509CertChain
$IdentityProvidersUpdateSpec = Initialize-IdentityProvidersUpdateSpec -ConfigTag "Oauth2" -Oauth2 $IdentityProvidersOauth2UpdateSpec -Oidc $IdentityProvidersOidcUpdateSpec -OrgIds "MyOrgIds" -MakeDefault $false -Name "MyName" -DomainNames "MyDomainNames" -AuthQueryParams @{ key_example = "MyInner" } -IdmProtocol "REST" -IdmEndpoints "MyIdmEndpoints" -ActiveDirectoryOverLdap $IdentityProvidersActiveDirectoryOverLdap -UpnClaim "MyUpnClaim" -ResetUpnClaim $false -GroupsClaim "MyGroupsClaim" -ResetGroupsClaim $false -FederationType "DIRECT_FEDERATION"
Invoke-UpdateProviderIdentity -Provider "MyProvider" -IdentityProvidersUpdateSpec $IdentityProvidersUpdateSpec
cURL Command
curl -X PATCH -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" -H "Content-Type: application/json" -d '{"active_directory_over_ldap":{"cert_chain":{"cert_chain":["string"]},"groups_base_dn":"string","password":"string","server_endpoints":["string"],"user_name":"string","users_base_dn":"string"},"auth_query_params":{"key":"string"},"config_tag":"Oauth2","domain_names":["string"],"federation_type":"DIRECT_FEDERATION","groups_claim":"string","idm_endpoints":["string"],"idm_protocol":"REST","make_default":false,"name":"string","oauth2":{"auth_endpoint":"string","auth_query_params":{"key":"string"},"authentication_method":"CLIENT_SECRET_BASIC","client_id":"string","client_secret":"string","issuer":"string","public_key_uri":"string","token_endpoint":"string"},"oidc":{"client_id":"string","client_secret":"string","discovery_endpoint":"string"},"org_ids":["string"],"reset_groups_claim":false,"reset_upn_claim":false,"upn_claim":"string"}' https://{api_host}/api/vcenter/identity/providers/{provider}
Vendor Extensions
This operation contains the following vendor extensions defined in the spec:
x-vmw-doc-deprecated-method: patch
x-vmw-doc-deprecated-path: /rest/vcenter/identity/providers/{provider}
x-vmw-doc-operation: update
Availability
Added in 7.0U2
On This Page
Providers Operations
get
post
get
patch
delete
