Set Supervisors Identity Providers
Update the entire configuration for an existing identity provider used with a Supervisor.
Request
URLURL
https://{api_host}/api/vcenter/namespace-management/supervisors/{supervisor}/identity/providers/{provider}
Path Parameters
Path Parameters
string
supervisor
Required
the identifier for the Supervisor associated with the identity provider to be updated. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.
string
provider
Required
the identifier for the identity provider that is to be updated. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.
Header Parameters
Header Parameters
string
vmware-api-session-id
Required
Required session ID, acquired from Create Session API under CIS product
vmware-api-session-id example
"b00db39f948d13ea1e59b4d6fce56389"
Request Body
Request Body
NamespaceManagementSupervisorsIdentityProvidersSetSpec of mimetype application/json
Required
the {#link SetSpec} to be applied to the identity provider configuration.
{
"client_ID": "string",
"client_secret": "string",
"display_name": "string",
"issuer_URL": "string"
}
string
issuer_URL
Required
The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme.
string
client_ID
Required
The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor.
string
client_secret
Required
The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider.
string
display_name
Required
A name to be used for the given identity provider. This name will be displayed in the vCenter UI.
map of
string
additional_authorize_parameters
Optional
Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. If unset, no additional parameters will be sent to the upstream identity provider.
string
certificate_authority_data
Optional
Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value. If unset, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.
string
groups_claim
Optional
The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. If unset, no groups will be used from the upstream identity provider.
array of
string
additional_scopes
Optional
Additional scopes to be requested in tokens issued by this identity provider. If unset, no additional scopes will be requested.
string
username_claim
Optional
The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. If unset, the upstream issuer URL will be concatenated with the ‘sub’ claim to generate the username to be used with Kubernetes.
Authentication
This operation uses the following authentication methods.
Errors
Errors
400
com.vmware.vapi.std.errors.invalid_argument : if the @{param.name spec} contains any errors.
403
com.vmware.vapi.std.errors.unauthorized : if the user is missing the Namespaces.Manage privilege on the Supervisor.
404
com.vmware.vapi.std.errors.not_found : if the given identity provider or Supervisor cannot be found.
500
com.vmware.vapi.std.errors.error : if the system reports an error while responding to the request.
default
‘Default’ means this response is used for all HTTP codes that are not covered individually for this operation.
Code Samples
PowerCLI Client SDK Example
$NamespaceManagementSupervisorsIdentityProvidersSetSpec = Initialize-NamespaceManagementSupervisorsIdentityProvidersSetSpec -DisplayName "MyDisplayName" -IssuerURL "MyIssuerURL" -ClientID "MyClientID" -ClientSecret "MyClientSecret"
Invoke-SetSupervisorProviderIdentity -Supervisor "MySupervisor" -Provider "MyProvider" -NamespaceManagementSupervisorsIdentityProvidersSetSpec $NamespaceManagementSupervisorsIdentityProvidersSetSpec
PowerCLI Client SDK All Parameters Example
$NamespaceManagementSupervisorsIdentityProvidersSetSpec = Initialize-NamespaceManagementSupervisorsIdentityProvidersSetSpec -DisplayName "MyDisplayName" -IssuerURL "MyIssuerURL" -UsernameClaim "MyUsernameClaim" -GroupsClaim "MyGroupsClaim" -ClientID "MyClientID" -ClientSecret "MyClientSecret" -CertificateAuthorityData "MyCertificateAuthorityData" -AdditionalScopes "MyAdditionalScopes" -AdditionalAuthorizeParameters @{ key_example = "MyInner" }
Invoke-SetSupervisorProviderIdentity -Supervisor "MySupervisor" -Provider "MyProvider" -NamespaceManagementSupervisorsIdentityProvidersSetSpec $NamespaceManagementSupervisorsIdentityProvidersSetSpec
cURL Command
curl -X PUT -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" -H "Content-Type: application/json" -d '{"additional_authorize_parameters":{"key":"string"},"additional_scopes":["string"],"certificate_authority_data":"string","client_ID":"string","client_secret":"string","display_name":"string","groups_claim":"string","issuer_URL":"string","username_claim":"string"}' https://{api_host}/api/vcenter/namespace-management/supervisors/{supervisor}/identity/providers/{provider}
Vendor Extensions
This operation contains the following vendor extensions defined in the spec:
x-vmw-doc-operation: set
Availability
Added in 8.0.0.1
