The role specifies which privileges (ie policies) should be associated which tokens generated through successful authentication using the OpenID Connect server. It can impose constraints on which users are admitted by enforcing limitations on claims.
It is optionally possible to use custom claims for mapping to policies.
name required | string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ |
display-name | string |
discovery-url required | string This should be the URI from witch the .well-known/openid-configuration can be fetched. For example, https://accounts.google.com/, when using the Google OIDC server, or https://xx.yy.com/oauth/v2/oauth-anonymous when using Curity IO. The base URL or the full URL including the .well-known/openid-configuration part. |
discovery-ca-cert | string <ca-cert> One or more root certificates in PEM format. CA certificates, in PEM format, to use when validating TLS connection to discovery-url. Multiple certs may be added as one string. |
use-root-ca-certs | boolean Default: true Use root CA certificate bundle when validating certificate of discovery url. |
server-name-indication | string If the discovery-url is a https URL, then this field can be used to configure which name must be present in the cert presented by the server. By default the host name from the discovery-url will be used. |
tls-verify | boolean Default: true This field can be used to disable server cert validation when talking to the discovery-url. It should only be set to false in test setups and never in production. |
client-id required | string The Client ID is provided by the OIDC server. Usually some non-guessable value such as 6779ef20e75817b79602 or 292085223830.apps.googleusercontent.com |
client-secret required | string The Secret ID is a non-public that is only known by the client and the OIDC server. Usually some 256-bit hex value. |
response-mode | string <enumeration> Default: "query"
|
response-type | string <enumeration>
Only |
default-role | string <name> If no role is specified when invoking a oidc-login, then this role is used. |
verbose-logging | boolean Default: false |
object An alternative way of letting the OIDC server control which policies and token properties are given to different users is to select oidc service role based on a claim provided by the OIDC server. In order to do this certain role specific parameters needs to be provided here. They will be ignored in the selected role. | |
to (object) or sites (object) or deployments (object) |
Created
Bad Request
Unauthorized
Forbidden
Not Found
Conflict (instance exists)
Service Unavailable (strongbox sealed)
name: qlik display-name: qlik discovery-url: http://192.168.100.50:9000/ discovery-ca-cert: | -----BEGIN CERTIFICATE----- MIIDUDCCAvagAwIBAgITAKYom2ar3MFwt//DipR5NywBdjAKBggqhkjOPQQDAjBa MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw MjIwMTEyMDYyMTQ4WhgPMjAyMjAxMjcwOTU3NDhaMGIxFzAVBgNVBAMTDnRpby5h dmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKa7LYXK0P1IOpXkEAI52kJizdUA74z7NsAegV38 LFvipzCggEJr9niqRNmZqR6B8cs+CWIRZub0Qm5eQIzPtZtzLzwBD+i5AyitW5Tq Top79tVlta4wupAtkxBCOeIAzFtFwWaiGCVA+4D9Ns6TXo7GUxC0aw/MOeRyAHt/ HaBIPk6hIGKOAiCjP4r4fEl4tWpSNzexovCvKCl4fGs4WLvRR1YoNdx0spvROc63 hd9gikokDEuHMsh9Q1wEIP7/V+rgbYGtRw990mHl0zWoGtS+hp/QHAngcJnJiJk3 gOPTXnQKqCzBWUmZUdwt27LKTdK7Vsq6DtNEKchaqRzGMRkCAwEAAaOBwzCBwDB+ BgNVHSMEdzB1oV6kXDBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2Nr aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlz dHJpYnV0aW9ughMAp0MSfyaImp0XtPO3uqCnMRITMCMGA1UdEQQcMBqCDnRpby5h dmFzc2EubmV0ggNmb2+CA2JhcjALBgNVHQ8EBAMCA4gwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiAssZp0WV7ejre85Zh4LJZQiTVWEObLXRwifAHQoiqi iwIhAOga9thMhWISM1FFgSTeNUtUe9jziVdPfSYQpInAcg3V -----END CERTIFICATE----- use-root-ca-certs: true server-name-indication: oauth tls-verify: true client-id: JVX9fZTK9fvsRZxuZ3uuGUuh1zPps1Ng client-secret: JIRhxGpPQ99ZyEBlaEFafJP3HTfw3w5npD9Rc4kodJSQpWrr6odIoTdKmsHcMvvw response-mode: query response-type: code default-role: reader verbose-logging: true role-select: role-claim: group allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout state-addition: foo.acme.com oidc-scopes: - profile - email - avassa use-nonce: true state-ttl: 10m distribute: to: inherit
fields | string Retrieve only requested fields from the resource See section fields |
validate | string <enumeration> Validate the request but do not actually perform the requested operation |
keys | string <enumeration> Retrieve only the keys for the list |
count | string <enumeration> Retrieve only the number of elements in the list |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
- name: qlik display-name: qlik discovery-url: http://192.168.100.50:9000/ discovery-ca-cert: | -----BEGIN CERTIFICATE----- MIIDUDCCAvagAwIBAgITAKYom2ar3MFwt//DipR5NywBdjAKBggqhkjOPQQDAjBa MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw MjIwMTEyMDYyMTQ4WhgPMjAyMjAxMjcwOTU3NDhaMGIxFzAVBgNVBAMTDnRpby5h dmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKa7LYXK0P1IOpXkEAI52kJizdUA74z7NsAegV38 LFvipzCggEJr9niqRNmZqR6B8cs+CWIRZub0Qm5eQIzPtZtzLzwBD+i5AyitW5Tq Top79tVlta4wupAtkxBCOeIAzFtFwWaiGCVA+4D9Ns6TXo7GUxC0aw/MOeRyAHt/ HaBIPk6hIGKOAiCjP4r4fEl4tWpSNzexovCvKCl4fGs4WLvRR1YoNdx0spvROc63 hd9gikokDEuHMsh9Q1wEIP7/V+rgbYGtRw990mHl0zWoGtS+hp/QHAngcJnJiJk3 gOPTXnQKqCzBWUmZUdwt27LKTdK7Vsq6DtNEKchaqRzGMRkCAwEAAaOBwzCBwDB+ BgNVHSMEdzB1oV6kXDBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2Nr aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlz dHJpYnV0aW9ughMAp0MSfyaImp0XtPO3uqCnMRITMCMGA1UdEQQcMBqCDnRpby5h dmFzc2EubmV0ggNmb2+CA2JhcjALBgNVHQ8EBAMCA4gwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiAssZp0WV7ejre85Zh4LJZQiTVWEObLXRwifAHQoiqi iwIhAOga9thMhWISM1FFgSTeNUtUe9jziVdPfSYQpInAcg3V -----END CERTIFICATE----- use-root-ca-certs: true server-name-indication: oauth tls-verify: true client-id: JVX9fZTK9fvsRZxuZ3uuGUuh1zPps1Ng client-secret: JIRhxGpPQ99ZyEBlaEFafJP3HTfw3w5npD9Rc4kodJSQpWrr6odIoTdKmsHcMvvw response-mode: query response-type: code default-role: reader verbose-logging: true role-select: role-claim: group allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout state-addition: foo.acme.com oidc-scopes: - profile - email - avassa use-nonce: true state-ttl: 10m distribute: to: inherit
name required | string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ |
display-name | string |
discovery-url required | string This should be the URI from witch the .well-known/openid-configuration can be fetched. For example, https://accounts.google.com/, when using the Google OIDC server, or https://xx.yy.com/oauth/v2/oauth-anonymous when using Curity IO. The base URL or the full URL including the .well-known/openid-configuration part. |
discovery-ca-cert | string <ca-cert> One or more root certificates in PEM format. CA certificates, in PEM format, to use when validating TLS connection to discovery-url. Multiple certs may be added as one string. |
use-root-ca-certs | boolean Default: true Use root CA certificate bundle when validating certificate of discovery url. |
server-name-indication | string If the discovery-url is a https URL, then this field can be used to configure which name must be present in the cert presented by the server. By default the host name from the discovery-url will be used. |
tls-verify | boolean Default: true This field can be used to disable server cert validation when talking to the discovery-url. It should only be set to false in test setups and never in production. |
client-id required | string The Client ID is provided by the OIDC server. Usually some non-guessable value such as 6779ef20e75817b79602 or 292085223830.apps.googleusercontent.com |
client-secret required | string The Secret ID is a non-public that is only known by the client and the OIDC server. Usually some 256-bit hex value. |
response-mode | string <enumeration> Default: "query"
|
response-type | string <enumeration>
Only |
default-role | string <name> If no role is specified when invoking a oidc-login, then this role is used. |
verbose-logging | boolean Default: false |
object An alternative way of letting the OIDC server control which policies and token properties are given to different users is to select oidc service role based on a claim provided by the OIDC server. In order to do this certain role specific parameters needs to be provided here. They will be ignored in the selected role. | |
to (object) or sites (object) or deployments (object) |
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: qlik display-name: qlik discovery-url: http://192.168.100.50:9000/ discovery-ca-cert: | -----BEGIN CERTIFICATE----- MIIDUDCCAvagAwIBAgITAKYom2ar3MFwt//DipR5NywBdjAKBggqhkjOPQQDAjBa MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw MjIwMTEyMDYyMTQ4WhgPMjAyMjAxMjcwOTU3NDhaMGIxFzAVBgNVBAMTDnRpby5h dmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKa7LYXK0P1IOpXkEAI52kJizdUA74z7NsAegV38 LFvipzCggEJr9niqRNmZqR6B8cs+CWIRZub0Qm5eQIzPtZtzLzwBD+i5AyitW5Tq Top79tVlta4wupAtkxBCOeIAzFtFwWaiGCVA+4D9Ns6TXo7GUxC0aw/MOeRyAHt/ HaBIPk6hIGKOAiCjP4r4fEl4tWpSNzexovCvKCl4fGs4WLvRR1YoNdx0spvROc63 hd9gikokDEuHMsh9Q1wEIP7/V+rgbYGtRw990mHl0zWoGtS+hp/QHAngcJnJiJk3 gOPTXnQKqCzBWUmZUdwt27LKTdK7Vsq6DtNEKchaqRzGMRkCAwEAAaOBwzCBwDB+ BgNVHSMEdzB1oV6kXDBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2Nr aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlz dHJpYnV0aW9ughMAp0MSfyaImp0XtPO3uqCnMRITMCMGA1UdEQQcMBqCDnRpby5h dmFzc2EubmV0ggNmb2+CA2JhcjALBgNVHQ8EBAMCA4gwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiAssZp0WV7ejre85Zh4LJZQiTVWEObLXRwifAHQoiqi iwIhAOga9thMhWISM1FFgSTeNUtUe9jziVdPfSYQpInAcg3V -----END CERTIFICATE----- use-root-ca-certs: true server-name-indication: oauth tls-verify: true client-id: JVX9fZTK9fvsRZxuZ3uuGUuh1zPps1Ng client-secret: JIRhxGpPQ99ZyEBlaEFafJP3HTfw3w5npD9Rc4kodJSQpWrr6odIoTdKmsHcMvvw response-mode: query response-type: code default-role: reader verbose-logging: true role-select: role-claim: group allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout state-addition: foo.acme.com oidc-scopes: - profile - email - avassa use-nonce: true state-ttl: 10m distribute: to: inherit
name required | string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ |
display-name | string |
discovery-url required | string This should be the URI from witch the .well-known/openid-configuration can be fetched. For example, https://accounts.google.com/, when using the Google OIDC server, or https://xx.yy.com/oauth/v2/oauth-anonymous when using Curity IO. The base URL or the full URL including the .well-known/openid-configuration part. |
discovery-ca-cert | string <ca-cert> One or more root certificates in PEM format. CA certificates, in PEM format, to use when validating TLS connection to discovery-url. Multiple certs may be added as one string. |
use-root-ca-certs | boolean Default: true Use root CA certificate bundle when validating certificate of discovery url. |
server-name-indication | string If the discovery-url is a https URL, then this field can be used to configure which name must be present in the cert presented by the server. By default the host name from the discovery-url will be used. |
tls-verify | boolean Default: true This field can be used to disable server cert validation when talking to the discovery-url. It should only be set to false in test setups and never in production. |
client-id required | string The Client ID is provided by the OIDC server. Usually some non-guessable value such as 6779ef20e75817b79602 or 292085223830.apps.googleusercontent.com |
client-secret required | string The Secret ID is a non-public that is only known by the client and the OIDC server. Usually some 256-bit hex value. |
response-mode | string <enumeration> Default: "query"
|
response-type | string <enumeration>
Only |
default-role | string <name> If no role is specified when invoking a oidc-login, then this role is used. |
verbose-logging | boolean Default: false |
object An alternative way of letting the OIDC server control which policies and token properties are given to different users is to select oidc service role based on a claim provided by the OIDC server. In order to do this certain role specific parameters needs to be provided here. They will be ignored in the selected role. | |
to (object) or sites (object) or deployments (object) |
Created
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: qlik display-name: qlik discovery-url: http://192.168.100.50:9000/ discovery-ca-cert: | -----BEGIN CERTIFICATE----- MIIDUDCCAvagAwIBAgITAKYom2ar3MFwt//DipR5NywBdjAKBggqhkjOPQQDAjBa MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw MjIwMTEyMDYyMTQ4WhgPMjAyMjAxMjcwOTU3NDhaMGIxFzAVBgNVBAMTDnRpby5h dmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKa7LYXK0P1IOpXkEAI52kJizdUA74z7NsAegV38 LFvipzCggEJr9niqRNmZqR6B8cs+CWIRZub0Qm5eQIzPtZtzLzwBD+i5AyitW5Tq Top79tVlta4wupAtkxBCOeIAzFtFwWaiGCVA+4D9Ns6TXo7GUxC0aw/MOeRyAHt/ HaBIPk6hIGKOAiCjP4r4fEl4tWpSNzexovCvKCl4fGs4WLvRR1YoNdx0spvROc63 hd9gikokDEuHMsh9Q1wEIP7/V+rgbYGtRw990mHl0zWoGtS+hp/QHAngcJnJiJk3 gOPTXnQKqCzBWUmZUdwt27LKTdK7Vsq6DtNEKchaqRzGMRkCAwEAAaOBwzCBwDB+ BgNVHSMEdzB1oV6kXDBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2Nr aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlz dHJpYnV0aW9ughMAp0MSfyaImp0XtPO3uqCnMRITMCMGA1UdEQQcMBqCDnRpby5h dmFzc2EubmV0ggNmb2+CA2JhcjALBgNVHQ8EBAMCA4gwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiAssZp0WV7ejre85Zh4LJZQiTVWEObLXRwifAHQoiqi iwIhAOga9thMhWISM1FFgSTeNUtUe9jziVdPfSYQpInAcg3V -----END CERTIFICATE----- use-root-ca-certs: true server-name-indication: oauth tls-verify: true client-id: JVX9fZTK9fvsRZxuZ3uuGUuh1zPps1Ng client-secret: JIRhxGpPQ99ZyEBlaEFafJP3HTfw3w5npD9Rc4kodJSQpWrr6odIoTdKmsHcMvvw response-mode: query response-type: code default-role: reader verbose-logging: true role-select: role-claim: group allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout state-addition: foo.acme.com oidc-scopes: - profile - email - avassa use-nonce: true state-ttl: 10m distribute: to: inherit
fields | string Retrieve only requested fields from the resource See section fields |
validate | string <enumeration> Validate the request but do not actually perform the requested operation |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: qlik display-name: qlik discovery-url: http://192.168.100.50:9000/ discovery-ca-cert: | -----BEGIN CERTIFICATE----- MIIDUDCCAvagAwIBAgITAKYom2ar3MFwt//DipR5NywBdjAKBggqhkjOPQQDAjBa MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw MjIwMTEyMDYyMTQ4WhgPMjAyMjAxMjcwOTU3NDhaMGIxFzAVBgNVBAMTDnRpby5h dmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKa7LYXK0P1IOpXkEAI52kJizdUA74z7NsAegV38 LFvipzCggEJr9niqRNmZqR6B8cs+CWIRZub0Qm5eQIzPtZtzLzwBD+i5AyitW5Tq Top79tVlta4wupAtkxBCOeIAzFtFwWaiGCVA+4D9Ns6TXo7GUxC0aw/MOeRyAHt/ HaBIPk6hIGKOAiCjP4r4fEl4tWpSNzexovCvKCl4fGs4WLvRR1YoNdx0spvROc63 hd9gikokDEuHMsh9Q1wEIP7/V+rgbYGtRw990mHl0zWoGtS+hp/QHAngcJnJiJk3 gOPTXnQKqCzBWUmZUdwt27LKTdK7Vsq6DtNEKchaqRzGMRkCAwEAAaOBwzCBwDB+ BgNVHSMEdzB1oV6kXDBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2Nr aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlz dHJpYnV0aW9ughMAp0MSfyaImp0XtPO3uqCnMRITMCMGA1UdEQQcMBqCDnRpby5h dmFzc2EubmV0ggNmb2+CA2JhcjALBgNVHQ8EBAMCA4gwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiAssZp0WV7ejre85Zh4LJZQiTVWEObLXRwifAHQoiqi iwIhAOga9thMhWISM1FFgSTeNUtUe9jziVdPfSYQpInAcg3V -----END CERTIFICATE----- use-root-ca-certs: true server-name-indication: oauth tls-verify: true client-id: JVX9fZTK9fvsRZxuZ3uuGUuh1zPps1Ng client-secret: JIRhxGpPQ99ZyEBlaEFafJP3HTfw3w5npD9Rc4kodJSQpWrr6odIoTdKmsHcMvvw response-mode: query response-type: code default-role: reader verbose-logging: true role-select: role-claim: group allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout state-addition: foo.acme.com oidc-scopes: - profile - email - avassa use-nonce: true state-ttl: 10m distribute: to: inherit
Created
Bad Request
Unauthorized
Forbidden
Not Found
Conflict (instance exists)
Service Unavailable (strongbox sealed)
name: reader bound-audiences: [] user-claim: sub bound-subject: "34772" bound-claims: supd: allow claim-mappings: nickname: nickname email: email name: username policies-claim: policies tenant-claim: tenant use-nonce: true state-addition: foo.acme.com oidc-scopes: - profile - email - avassa allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout logout-uri: https://c2id.com/logout verbose-logging: true state-ttl: 10m token-ttl: 32d token-max-ttl: 32d token-policies: - user token-bound-cidrs: - 192.168.1.0/24 token-explicit-max-ttl: 0s token-no-default-policy: false token-num-uses: 0 token-period: 0s token-type: default token-renewable: true distribute: to: inherit
fields | string Retrieve only requested fields from the resource See section fields |
validate | string <enumeration> Validate the request but do not actually perform the requested operation |
keys | string <enumeration> Retrieve only the keys for the list |
count | string <enumeration> Retrieve only the number of elements in the list |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
- name: reader bound-audiences: [] user-claim: sub bound-subject: "34772" bound-claims: supd: allow claim-mappings: nickname: nickname email: email name: username policies-claim: policies tenant-claim: tenant use-nonce: true state-addition: foo.acme.com oidc-scopes: - profile - email - avassa allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout logout-uri: https://c2id.com/logout verbose-logging: true state-ttl: 10m token-ttl: 32d token-max-ttl: 32d token-policies: - user token-bound-cidrs: - 192.168.1.0/24 token-explicit-max-ttl: 0s token-no-default-policy: false token-num-uses: 0 token-period: 0s token-type: default token-renewable: true distribute: to: inherit
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: reader bound-audiences: [] user-claim: sub bound-subject: "34772" bound-claims: supd: allow claim-mappings: nickname: nickname email: email name: username policies-claim: policies tenant-claim: tenant use-nonce: true state-addition: foo.acme.com oidc-scopes: - profile - email - avassa allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout logout-uri: https://c2id.com/logout verbose-logging: true state-ttl: 10m token-ttl: 32d token-max-ttl: 32d token-policies: - user token-bound-cidrs: - 192.168.1.0/24 token-explicit-max-ttl: 0s token-no-default-policy: false token-num-uses: 0 token-period: 0s token-type: default token-renewable: true distribute: to: inherit
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
Created
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: reader bound-audiences: [] user-claim: sub bound-subject: "34772" bound-claims: supd: allow claim-mappings: nickname: nickname email: email name: username policies-claim: policies tenant-claim: tenant use-nonce: true state-addition: foo.acme.com oidc-scopes: - profile - email - avassa allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout logout-uri: https://c2id.com/logout verbose-logging: true state-ttl: 10m token-ttl: 32d token-max-ttl: 32d token-policies: - user token-bound-cidrs: - 192.168.1.0/24 token-explicit-max-ttl: 0s token-no-default-policy: false token-num-uses: 0 token-period: 0s token-type: default token-renewable: true distribute: to: inherit
fields | string Retrieve only requested fields from the resource See section fields |
validate | string <enumeration> Validate the request but do not actually perform the requested operation |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
name: reader bound-audiences: [] user-claim: sub bound-subject: "34772" bound-claims: supd: allow claim-mappings: nickname: nickname email: email name: username policies-claim: policies tenant-claim: tenant use-nonce: true state-addition: foo.acme.com oidc-scopes: - profile - email - avassa allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout logout-uri: https://c2id.com/logout verbose-logging: true state-ttl: 10m token-ttl: 32d token-max-ttl: 32d token-policies: - user token-bound-cidrs: - 192.168.1.0/24 token-explicit-max-ttl: 0s token-no-default-policy: false token-num-uses: 0 token-period: 0s token-type: default token-renewable: true distribute: to: inherit
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
default-service: auth0 distribute: to: all
Created
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
default-service: auth0 distribute: to: all
fields | string Retrieve only requested fields from the resource See section fields |
validate | string <enumeration> Validate the request but do not actually perform the requested operation |
OK
Not Modified
Bad Request
Unauthorized
Forbidden
Not Found
Precondition Failed
Service Unavailable (strongbox sealed)
default-service: auth0 distribute: to: all
Lists OIDC services and roles for a given tenant, allowing an API to list all available roles.
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
tenant: acme
tenant: acme oidcs: - name: auth0 display-name: Auth0 roles: - default - admin
fields | string Retrieve only requested fields from the resource See section fields |
site | string Send the request to the specfifed site |
content | string <enumeration> Filter descendant nodes in the response |
keys | string <enumeration> Retrieve only the keys for the list |
count | string <enumeration> Retrieve only the number of elements in the list |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Service Unavailable (strongbox sealed)
- name: qlik display-name: qlik discovery-url: http://192.168.100.50:9000/ discovery-ca-cert: | -----BEGIN CERTIFICATE----- MIIDUDCCAvagAwIBAgITAKYom2ar3MFwt//DipR5NywBdjAKBggqhkjOPQQDAjBa MQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMC U0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlzdHJpYnV0aW9uMCIYDzIw MjIwMTEyMDYyMTQ4WhgPMjAyMjAxMjcwOTU3NDhaMGIxFzAVBgNVBAMTDnRpby5h dmFzc2EubmV0MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYD VQQKEwZBdmFzc2ExFTATBgNVBAsTDGRpc3RyaWJ1dGlvbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKa7LYXK0P1IOpXkEAI52kJizdUA74z7NsAegV38 LFvipzCggEJr9niqRNmZqR6B8cs+CWIRZub0Qm5eQIzPtZtzLzwBD+i5AyitW5Tq Top79tVlta4wupAtkxBCOeIAzFtFwWaiGCVA+4D9Ns6TXo7GUxC0aw/MOeRyAHt/ HaBIPk6hIGKOAiCjP4r4fEl4tWpSNzexovCvKCl4fGs4WLvRR1YoNdx0spvROc63 hd9gikokDEuHMsh9Q1wEIP7/V+rgbYGtRw990mHl0zWoGtS+hp/QHAngcJnJiJk3 gOPTXnQKqCzBWUmZUdwt27LKTdK7Vsq6DtNEKchaqRzGMRkCAwEAAaOBwzCBwDB+ BgNVHSMEdzB1oV6kXDBaMQ8wDQYDVQQDEwZBdmFzc2ExEjAQBgNVBAcTCVN0b2Nr aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBkF2YXNzYTEVMBMGA1UECxMMZGlz dHJpYnV0aW9ughMAp0MSfyaImp0XtPO3uqCnMRITMCMGA1UdEQQcMBqCDnRpby5h dmFzc2EubmV0ggNmb2+CA2JhcjALBgNVHQ8EBAMCA4gwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiAssZp0WV7ejre85Zh4LJZQiTVWEObLXRwifAHQoiqi iwIhAOga9thMhWISM1FFgSTeNUtUe9jziVdPfSYQpInAcg3V -----END CERTIFICATE----- use-root-ca-certs: true server-name-indication: oauth tls-verify: true client-id: JVX9fZTK9fvsRZxuZ3uuGUuh1zPps1Ng client-secret: JIRhxGpPQ99ZyEBlaEFafJP3HTfw3w5npD9Rc4kodJSQpWrr6odIoTdKmsHcMvvw response-mode: query response-type: code default-role: reader verbose-logging: true role-select: role-claim: group allowed-redirect-uris: - https://192.168.100.101:4646/v1/oidc-callback allowed-post-logout-redirect-uris: - http://foo.com/logout state-addition: foo.acme.com oidc-scopes: - profile - email - avassa use-nonce: true state-ttl: 10m creation-time: 2022-01-13T08:09:52.605729Z distribute: to: inherit distribution-status: to: none
fields | string Retrieve only requested fields from the resource See section fields |
site | string Send the request to the specfifed site |
content | string <enumeration> Filter descendant nodes in the response |
OK
Bad Request