Getting a list of identity providers

Ops Center Common Services REST API Reference Guide

Version
10.9.x
File Size
533 KB
Audience
anonymous
Part Number
MK-99OPS003-06
The following request gets a list of identity providers registered in Common Services.

Execution permission

You must be a system administrator or a security administrator.

Request line

GET base-URL/idp/v1/external-identity-provider

Request message

Object ID
None.
Query parameters
None.
Body
None.

Response message

Body
When the federation protocol is OIDC
[
    {
        "providerType": "ADFS",
        "protocol": "oidc",
        "alias": "ad5oidc",
        "displayName": "AD5OIDC",
        "fromUrl": "https://adfs.example.com/adfs/.well-known/openid-configuration",
        "enabled": true,
        "guiOrder": 1,
        "defaultGroupList": [
            {
                "localGroupId": "a39f9e45-5e2e-446b-89d3-93f9e9ec4c31",
                "localGroupName": "opscenter-users"
            }
        ],
        "customGroupList": [
            {
                "idpGroupName": "opscenter-ad5\\opscenter_admins",
                "localGroupId": "9fd2ef28-5077-4816-ade8-526204f4d2ac",
                "localGroupName": "opscenter-administrators"
            }
        ],
        "clientId": "a49d4539-c080-4436-8bcb-113271b5152a",
        "clientSecret": "**********",
        "config": {
            "userInfoUrl": "https://adfs.example.com/adfs/userinfo",
            "validateSignature": "true",
            "redirectURI": "https://example.com:8443/auth/realms/opscenter/broker/ad5oidc/endpoint",
            "clientId": "a49d4539-c080-4436-8bcb-113271b5152a",
            "tokenUrl": "https://adfs.example.com/adfs/oauth2/token/",
            "jwksUrl": "https://adfs.example.com/adfs/discovery/keys",
            "issuer": "https://adfs.example.com/adfs",
            "useJwksUrl": "true",
            "authorizationUrl": "https://adfs.example.com/adfs/oauth2/authorize/",
            "clientAuthMethod": "client_secret_post",
            "disableUserInfo": "true",
            "fromUrl": "https://adfs.example.com/adfs/.well-known/openid-configuration",
            "logoutUrl": "https://adfs.example.com/adfs/oauth2/logout",
            "syncMode": "FORCE",
            "clientSecret": "**********",
            "allowedClockSkew": "300",
            "defaultScope": "https://example.com/openid https://example.com/allatclaims"
        }
    }
]
When the federation protocol is SAML
[
    {
        "providerType": "ADFS",
        "protocol": "saml",
        "alias": "ad5saml",
        "displayName": "AD5SAML",
        "fromUrl": "https://adfs.example.com/FederationMetadata/2007-06/FederationMetadata.xml",
        "enabled": true,
        "guiOrder": 1,
        "defaultGroupList": [
            {
                "localGroupId": "a39f9e45-5e2e-446b-89d3-93f9e9ec4c31",
                "localGroupName": "opscenter-users"
            }
        ],
        "customGroupList": [
            {
                "idpGroupName": "opscenter-ad5\\opscenter_admins",
                "localGroupId": "9fd2ef28-5077-4816-ade8-526204f4d2ac",
                "localGroupName": "opscenter-administrators"
            }
        ],
        "clientId": null,
        "clientSecret": null,
        "config": {
            "redirectURI": "https://example.com:8443/auth/realms/opscenter/broker/ad5saml/endpoint",
            "samlXmlKeyNameTranformer": "KEY_ID",
            "postBindingLogout": "true",
            "postBindingResponse": "true",
            "singleLogoutServiceUrl": "https://adfs.example.com/adfs/ls/",
            "claimEmail": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
            "claimFirstname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
            "claimGroup": "http://schemas.xmlsoap.org/claims/Group",
            "claimLastname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
            "xmlSigKeyInfoKeyNameTransformer": "CERT_SUBJECT",
            "metadataEndpoint": "https://example.com:8443/auth/realms/opscenter/broker/ad5saml/endpoint/descriptor",
            "syncMode": "FORCE",
            "singleSignOnServiceUrl": "https://adfs.example.com/adfs/ls/",
            "wantAuthnRequestsSigned": "true",
            "allowedClockSkew": "300",
            "encryptionPublicKey": "MIIDDDCCAfSgAwIBAgIQPniaLjBZQolPp9AouqTIATANBgkqhkiG9w0BAQsFADBCMUAwPgYDVQQDEzdBREZTIEVuY3J5cHRpb24gLSB2bTIzNzA1My5vcmlvbi1hZDIuc29mdC5oaXRhY2hpLmNvLmpwMB4XDTIxMDMyMzA0MTI0MVoXDTI0MDMyMjA0MTI0MVowQjFAMD4GA1UEAxM3QURGUyBFbmNyeXB0aW9uIC0gdm0yMzcwNTMub3Jpb24tYWQyLnNvZnQuaGl0YWNoaS5jby5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpfyp7lB7YdRjnKir4RlRgJIshm1x9ZmjPZYXu+VZ0o7m+r6a+CwuH3zsFJlhu8/QYhjAthL6iHwyrLdv3YETOrURRzd23BY3q0d9aZ50efaAfh1NfcZOltoMkFhOvz39TGjtHL6FlayPkJKRP+AwONZ8VOWkAJIHlmMF3wX8myFHs6Y2cSR5ClbWGZ+eRLfQP4gjLlribfcZMRCulBHk7FrOe9k4hZd2/IaqMVZQKEUofqv1r8fpSu99e01pR59hvoJUQE6xl2mgmKmQygMceit+mCEldw5N31lxq8vj3Uab12OeuadSDYbOJDAuNUwFhx360VJMo6vmZqSpnJlcECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAo7wvasuKX7NtGd8YcHzwZ/v/2klT0jx1tmuWS0TezKAnZSofYmJn7HAYugJa/VUal8nehvBAPjajjRvArDLsZBAxOzYsn2U4m3XuEzHrtS+40/dBS/vYGldIfTfupVjCRJZvV35ONFL7sqnXnnxk0PiVTC0r3jY3oIqB8uRELFYEmLgDEEdB3YizH0NdtzWHdWIcHyWTYdZBe3zfizl3UEIOfbZIeMolgXjZquiNcOO/EZKLuJWgbupc17B7RQOhX1ZeKY2OGcL2opqnaBRcib2bTyg6R0E+ZGm6yOy6pC8pYdbvvKv9uBoys7BB/JgbSnLWXz9nB7c6o/yU6WdCA==",
            "validateSignature": "true",
            "signingCertificate": "MIIDBjCCAe6gAwIBAgIQMCWzE1wV4b9Kq4X13T/i3DANBgkqhkiG9w0BAQsFADA/MT0wOwYDVQQDEzRBREZTIFNpZ25pbmcgLSB2bTIzNzA1My5vcmlvbi1hZDIuc29mdC5oaXRhY2hpLmNvLmpwMB4XDTIxMDMyMzA0MTI0NVoXDTI0MDMyMjA0MTI0NVowPzE9MDsGA1UEAxM0QURGUyBTaWduaW5nIC0gdm0yMzcwNTMub3Jpb24tYWQyLnNvZnQuaGl0YWNoaS5jby5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIwQWHRYEJ1MglckuKBBStb+ClBz3QlrzDlcXAPv1/QQjOpWa20fB0YlL2RmKTjtVE3AuUNEtJXkYfMWoYqVaDcudPj5I6zRve+ZYE46KgyjDkDSBE2o2saENe74KvZ23G9J+1beKt/hcmPdXKH6oOQ8c1C40fEXfxoiV2Uw5K3ltOYfa7lSeQ6ywYdso/DYtUrJqK4juq2kVk7+hHsrQ7hNndKpAKhouq89KZ1opbzxvG/cdQqWR110NZx2CFtZrYXtVu5P4VzloBoA+GVvu7CBQoFlZ2dbWruI0oEPj7/ebV+84HFZYG1NrSMn3D5Da+6LwReljZEoDwJkNKz3m6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAIelrzirZug21oHupUezWbaeP7wAYfS8LBIKpbyR+xrtoaJhcdcEUUGwpadT283Yq3AXzRAVJ7rXPVhAGYCOuw+1kq3WaT+glaTbQJPPAy57WhrhNLRRY3AowohOdCZi5fznTTMbREK4E0hJ1xh4r7Hst+JlR9hLfMK1l5DNPKrBMZuiYXa566WIw6F708VLJxRQcTVG9P/MqecOOuch6f9lH4zDyNFPrjDmbssdGVCBX2RnVqHhUKJXPVCTTTLDNOqqUZ4Z/wWzuEAhis0/eyUBs0w3XlBVXYuHaEMIESpGDUSBrBY+Uqv6oR7q0i4Ge+YmfqqwpaxKAUrAN0m2ckA==",
            "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName",
            "signatureAlgorithm": "RSA_SHA256",
            "wantAssertionsEncrypted": "true",
            "useJwksUrl": "true",
            "wantAssertionsSigned": "true",
            "fromUrl": "https://adfs.example.com/FederationMetadata/2007-06/FederationMetadata.xml",
            "postBindingAuthnRequest": "true",
            "forceAuthn": "true",
            "addExtensionsElementWithKeyInfo": "false",
            "principalType": "SUBJECT"
        }
    }
]

Attribute

Type

Description

providerType

string

Provider type

A fixed string (ADFS) is returned.

protocol

string

Federation protocol

  • oidc
  • saml

alias

string

Alias name

displayName

string

Display name

fromUrl

string

OpenID Connect discovery endpoint or metadata endpoint of the identity provider

enabled

boolean

Whether the server setting is enabled

  • true: Enabled

  • false: Disabled

guiOrder

int

Server display sequence in the Identity Provider window

A fixed value (1) is returned.

defaultGroupList

object

Settings of default group mappers
  • localGroupId (string)

    Object ID of the local user group

  • localGroupName (string)

    Local user group name

customGroupList

object

Settings of custom group mappers
  • idpGroupName (string)

    Group name of the identity provider

  • localGroupId (string)

    Object ID of the local user group

  • localGroupName (string)

    Local user group name

clientId

string

Client ID of the identity provider

If the value of the protocol attribute is saml, the value null is always returned.

clientSecret

string

Client secret of the identity provider

If the value of the protocol attribute is oidc, the value ********** is always returned.

If the value of the protocol attribute is saml, the value null is always returned.

config

object

Configuration information of the identity provider

Coding example

curl -v -X GET -s "https://example.com:443/portal/idp/v1/external-identity-provider" -H "Authorization:Bearer eyJhbxxx"
Tip: Because this request uses SSL communication, you must either run the curl command with the root certificate of the Common Services server certificate specified for the --cacert option, or run the command with the -k option specified. (The -k option runs the command by ignoring SSL errors.)