InlineOidcEndPoint1

InlineOidcEndPoint1
InlineOidcEndPoint1
JSON Example
{
    "authorization_endpoint": "string",
    "claim_map": [
        {
            "claim_name": "string",
            "value_to_role_map": [
                {
                    "claim_value": "string",
                    "roles": [
                        "string"
                    ]
                }
            ]
        }
    ],
    "claims_supported": [
        "string"
    ],
    "client_id": "string",
    "client_secret": "string",
    "csp_config": "CspConfig Object",
    "end_session_endpoint_uri": "string",
    "issuer": "string",
    "jwks_uri": "string",
    "name": "string",
    "oidc_type": "string",
    "oidc_uri": "string",
    "override_roles": [
        "string"
    ],
    "restrict_scim_search": false,
    "scim_endpoints": [
        "string"
    ],
    "serviced_domains": [
        "string"
    ],
    "thumbprint": "string",
    "token_endpoint": "string",
    "userinfo_endpoint": "string"
}
string
authorization_endpoint
Optional

The URL of the OpenID provider's authorization endpoint.

array of ClaimMap
claim_map
Optional

Configuration for mapping claims in OIDC ID tokens to NSX roles.

array of string
claims_supported
Optional

The list of claims that the OpenID provider supports.

string
client_id
Optional

The client ID for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is "ws_one" or "csp".

string
client_secret
Optional

The client secret for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is "ws_one".

CspConfig
csp_config
Optional

Extra OIDC configuration relevant only for CSP endpoints.

string
end_session_endpoint_uri
Optional
Constraints: maxLength: 255

URI of the OpenID session logout end-point.

string
issuer
Optional

Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri.

string
jwks_uri
Optional

The URI where the JWKS document is located that has the key used to validate the JWT signature.

string
name
Optional

A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint.

string
oidc_type
Optional
Constraints: maxLength: 255 default: vcenter

Type used to distinguish the OIDC end-points by IDP.

Possible values are : vcenter, ws_one, csp,
string
oidc_uri
Required
Constraints: maxLength: 255

URI of the OpenID Connect end-point.

array of string
override_roles
Optional

When specified this role or roles are used instead of the nsx-role in the JWT

boolean
restrict_scim_search
Optional

If set to true, then it is only possible to perform a SCIM search against the OIDC provider used to authenticate. If OIDC was not used to authenticate (for example, if authenticated as a local user), then this restriction does not apply.

array of string
scim_endpoints
Optional

The SCIM (System for Cross-domain Identity Management) endpoint URLs to use when enumerating users and groups. All endpoints will be queried to obtain user and group information.

array of string
serviced_domains
Optional

When a login to NSX using a principal name of the form user@domain is attempted, the list of OIDC providers will be scanned to find one with a matching domain. If a match is found, that OIDC provider is used to authenticate the user.

Each domain must be unique across all OIDC providers. If a duplicate domain is provided when adding or updating and OIDC provider, the request will be rejected.

string
thumbprint
Optional
Constraints: maxLength: 255

Thumbprint in SHA-256 format used to verify the server certificate at the URI.

string
token_endpoint
Optional

The URL of the OpenID provider's token endpoint.

string
userinfo_endpoint
Optional

The URL of the OpenID provider's userinfo endpoint.

Used By