VMware Developer Documentation
API Reference PowerCLI Reference
vSphere Automation API vCenter REST APIs Data Structures

IdentityProvidersOidcInfo

The Providers.OidcInfo structure contains information about an OIDC identity provider. OIDC is a discovery protocol for OAuth2 configuration metadata, so Providers.OidcInfo contains additional discovered OAuth2 metadata.

Properties

string as uri
auth_endpoint Required

Authentication/authorization endpoint of the provider
map of string
auth_query_params Required

key/value pairs that are to be appended to the authEndpoint request.

How to append to authEndpoint request: If the map is not empty, a “?” is added to the endpoint URL, and combination of each k and each string in the v is added with an “&” delimiter. Details: - If the value contains only one string, then the key is added with “k=v”. - If the value is an empty list, then the key is added without a “=v”. - If the value contains multiple strings, then the key is repeated in the query-string for each string in the value.
IdentityProvidersOauth2AuthenticationMethod Enum
authentication_method Required

Authentication method used by the provider

Possible values are: CLIENT_SECRET_BASICCLIENT_SECRET_POSTCLIENT_SECRET_JWTPRIVATE_KEY_JWT

map[string]map[string][]string
claim_map Required

The map used to transform an OAuth2 claim to a corresponding claim that vCenter Server understands. Currently only the key “perms” is supported. The key “perms” is used for mapping the “perms” claim of incoming JWT. The value is another map with an external group as the key and a vCenter Server group as value.
string
client_id Required

Client identifier to connect to the provider
string
client_secret Required

The secret shared between the client and the provider
string as uri
discovery_endpoint Required

Endpoint to retrieve the provider metadata
string
issuer Required

The identity provider namespace. It is used to validate the issuer in the acquired OAuth2 token
string as uri
logout_endpoint Optional

The endpoint to use for terminating the user’s session at the identity provider. This value is automatically derived from the metadata information provided by the OIDC discovery endpoint. This field is optional because it was added in a newer version than its parent node.
string as uri
public_key_uri Required

Endpoint to retrieve the provider public key for validation
string as uri
token_endpoint Required

Token endpoint of the provider

JSON Example

{
    "auth_endpoint": "string",
    "auth_query_params": {
        "key": "string"
    },
    "authentication_method": "enum",
    "client_id": "string",
    "client_secret": "string",
    "discovery_endpoint": "string",
    "issuer": "string",
    "public_key_uri": "string",
    "token_endpoint": "string"
}
Property Of

IdentityProvidersInfo
Feedback

Was this page helpful?

©2021 VMware Inc. Terms of Use Privacy Your California Privacy Rights Accessibility Trademarks Glossary Help Contact Us