vcd 3.14.1, Apr 14 25

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

vcd.OrgOidc

Explore with Pulumi AI

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

Create OrgOidc Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new OrgOidc(name: string, args: OrgOidcArgs, opts?: CustomResourceOptions);

@overload
def OrgOidc(resource_name: str,
            args: OrgOidcArgs,
            opts: Optional[ResourceOptions] = None)

@overload
def OrgOidc(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            enabled: Optional[bool] = None,
            org_id: Optional[str] = None,
            client_id: Optional[str] = None,
            client_secret: Optional[str] = None,
            keys: Optional[Sequence[OrgOidcKeyArgs]] = None,
            max_clock_skew_seconds: Optional[float] = None,
            key_expire_duration_hours: Optional[float] = None,
            key_refresh_endpoint: Optional[str] = None,
            key_refresh_period_hours: Optional[float] = None,
            key_refresh_strategy: Optional[str] = None,
            access_token_endpoint: Optional[str] = None,
            issuer_id: Optional[str] = None,
            claims_mapping: Optional[OrgOidcClaimsMappingArgs] = None,
            org_oidc_id: Optional[str] = None,
            prefer_id_token: Optional[bool] = None,
            scopes: Optional[Sequence[str]] = None,
            ui_button_label: Optional[str] = None,
            user_authorization_endpoint: Optional[str] = None,
            userinfo_endpoint: Optional[str] = None,
            wellknown_endpoint: Optional[str] = None)

func NewOrgOidc(ctx *Context, name string, args OrgOidcArgs, opts ...ResourceOption) (*OrgOidc, error)

public OrgOidc(string name, OrgOidcArgs args, CustomResourceOptions? opts = null)

public OrgOidc(String name, OrgOidcArgs args)
public OrgOidc(String name, OrgOidcArgs args, CustomResourceOptions options)

type: vcd:OrgOidc
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args OrgOidcArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args OrgOidcArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OrgOidcArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OrgOidcArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args OrgOidcArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var orgOidcResource = new Vcd.OrgOidc("orgOidcResource", new()
{
    Enabled = false,
    OrgId = "string",
    ClientId = "string",
    ClientSecret = "string",
    Keys = new[]
    {
        new Vcd.Inputs.OrgOidcKeyArgs
        {
            Algorithm = "string",
            Certificate = "string",
            Id = "string",
            ExpirationDate = "string",
        },
    },
    MaxClockSkewSeconds = 0,
    KeyExpireDurationHours = 0,
    KeyRefreshEndpoint = "string",
    KeyRefreshPeriodHours = 0,
    KeyRefreshStrategy = "string",
    AccessTokenEndpoint = "string",
    IssuerId = "string",
    ClaimsMapping = new Vcd.Inputs.OrgOidcClaimsMappingArgs
    {
        Email = "string",
        FirstName = "string",
        FullName = "string",
        Groups = "string",
        LastName = "string",
        Roles = "string",
        Subject = "string",
    },
    OrgOidcId = "string",
    PreferIdToken = false,
    Scopes = new[]
    {
        "string",
    },
    UiButtonLabel = "string",
    UserAuthorizationEndpoint = "string",
    UserinfoEndpoint = "string",
    WellknownEndpoint = "string",
});

example, err := vcd.NewOrgOidc(ctx, "orgOidcResource", &vcd.OrgOidcArgs{
	Enabled:      pulumi.Bool(false),
	OrgId:        pulumi.String("string"),
	ClientId:     pulumi.String("string"),
	ClientSecret: pulumi.String("string"),
	Keys: vcd.OrgOidcKeyArray{
		&vcd.OrgOidcKeyArgs{
			Algorithm:      pulumi.String("string"),
			Certificate:    pulumi.String("string"),
			Id:             pulumi.String("string"),
			ExpirationDate: pulumi.String("string"),
		},
	},
	MaxClockSkewSeconds:    pulumi.Float64(0),
	KeyExpireDurationHours: pulumi.Float64(0),
	KeyRefreshEndpoint:     pulumi.String("string"),
	KeyRefreshPeriodHours:  pulumi.Float64(0),
	KeyRefreshStrategy:     pulumi.String("string"),
	AccessTokenEndpoint:    pulumi.String("string"),
	IssuerId:               pulumi.String("string"),
	ClaimsMapping: &vcd.OrgOidcClaimsMappingArgs{
		Email:     pulumi.String("string"),
		FirstName: pulumi.String("string"),
		FullName:  pulumi.String("string"),
		Groups:    pulumi.String("string"),
		LastName:  pulumi.String("string"),
		Roles:     pulumi.String("string"),
		Subject:   pulumi.String("string"),
	},
	OrgOidcId:     pulumi.String("string"),
	PreferIdToken: pulumi.Bool(false),
	Scopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	UiButtonLabel:             pulumi.String("string"),
	UserAuthorizationEndpoint: pulumi.String("string"),
	UserinfoEndpoint:          pulumi.String("string"),
	WellknownEndpoint:         pulumi.String("string"),
})

var orgOidcResource = new OrgOidc("orgOidcResource", OrgOidcArgs.builder()
    .enabled(false)
    .orgId("string")
    .clientId("string")
    .clientSecret("string")
    .keys(OrgOidcKeyArgs.builder()
        .algorithm("string")
        .certificate("string")
        .id("string")
        .expirationDate("string")
        .build())
    .maxClockSkewSeconds(0)
    .keyExpireDurationHours(0)
    .keyRefreshEndpoint("string")
    .keyRefreshPeriodHours(0)
    .keyRefreshStrategy("string")
    .accessTokenEndpoint("string")
    .issuerId("string")
    .claimsMapping(OrgOidcClaimsMappingArgs.builder()
        .email("string")
        .firstName("string")
        .fullName("string")
        .groups("string")
        .lastName("string")
        .roles("string")
        .subject("string")
        .build())
    .orgOidcId("string")
    .preferIdToken(false)
    .scopes("string")
    .uiButtonLabel("string")
    .userAuthorizationEndpoint("string")
    .userinfoEndpoint("string")
    .wellknownEndpoint("string")
    .build());

org_oidc_resource = vcd.OrgOidc("orgOidcResource",
    enabled=False,
    org_id="string",
    client_id="string",
    client_secret="string",
    keys=[{
        "algorithm": "string",
        "certificate": "string",
        "id": "string",
        "expiration_date": "string",
    }],
    max_clock_skew_seconds=0,
    key_expire_duration_hours=0,
    key_refresh_endpoint="string",
    key_refresh_period_hours=0,
    key_refresh_strategy="string",
    access_token_endpoint="string",
    issuer_id="string",
    claims_mapping={
        "email": "string",
        "first_name": "string",
        "full_name": "string",
        "groups": "string",
        "last_name": "string",
        "roles": "string",
        "subject": "string",
    },
    org_oidc_id="string",
    prefer_id_token=False,
    scopes=["string"],
    ui_button_label="string",
    user_authorization_endpoint="string",
    userinfo_endpoint="string",
    wellknown_endpoint="string")

const orgOidcResource = new vcd.OrgOidc("orgOidcResource", {
    enabled: false,
    orgId: "string",
    clientId: "string",
    clientSecret: "string",
    keys: [{
        algorithm: "string",
        certificate: "string",
        id: "string",
        expirationDate: "string",
    }],
    maxClockSkewSeconds: 0,
    keyExpireDurationHours: 0,
    keyRefreshEndpoint: "string",
    keyRefreshPeriodHours: 0,
    keyRefreshStrategy: "string",
    accessTokenEndpoint: "string",
    issuerId: "string",
    claimsMapping: {
        email: "string",
        firstName: "string",
        fullName: "string",
        groups: "string",
        lastName: "string",
        roles: "string",
        subject: "string",
    },
    orgOidcId: "string",
    preferIdToken: false,
    scopes: ["string"],
    uiButtonLabel: "string",
    userAuthorizationEndpoint: "string",
    userinfoEndpoint: "string",
    wellknownEndpoint: "string",
});

type: vcd:OrgOidc
properties:
    accessTokenEndpoint: string
    claimsMapping:
        email: string
        firstName: string
        fullName: string
        groups: string
        lastName: string
        roles: string
        subject: string
    clientId: string
    clientSecret: string
    enabled: false
    issuerId: string
    keyExpireDurationHours: 0
    keyRefreshEndpoint: string
    keyRefreshPeriodHours: 0
    keyRefreshStrategy: string
    keys:
        - algorithm: string
          certificate: string
          expirationDate: string
          id: string
    maxClockSkewSeconds: 0
    orgId: string
    orgOidcId: string
    preferIdToken: false
    scopes:
        - string
    uiButtonLabel: string
    userAuthorizationEndpoint: string
    userinfoEndpoint: string
    wellknownEndpoint: string

OrgOidc Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The OrgOidc resource accepts the following input properties:

ClientId string: Client ID to use with the OIDC provider
ClientSecret string: Client Secret to use with the OIDC provider
Enabled bool: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
OrgId string: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
AccessTokenEndpoint string: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
ClaimsMapping OrgOidcClaimsMapping: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
IssuerId string: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
KeyExpireDurationHours double: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
KeyRefreshEndpoint string: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
KeyRefreshPeriodHours double: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
KeyRefreshStrategy string: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
Keys List<OrgOidcKey>: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
MaxClockSkewSeconds double: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
OrgOidcId string
PreferIdToken bool: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
Scopes List<string>: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
UiButtonLabel string: Customizes the label of the UI button of the login screen
UserAuthorizationEndpoint string: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
UserinfoEndpoint string: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
WellknownEndpoint string: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

ClientId string: Client ID to use with the OIDC provider
ClientSecret string: Client Secret to use with the OIDC provider
Enabled bool: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
OrgId string: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
AccessTokenEndpoint string: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
ClaimsMapping OrgOidcClaimsMappingArgs: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
IssuerId string: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
KeyExpireDurationHours float64: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
KeyRefreshEndpoint string: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
KeyRefreshPeriodHours float64: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
KeyRefreshStrategy string: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
Keys []OrgOidcKeyArgs: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
MaxClockSkewSeconds float64: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
OrgOidcId string
PreferIdToken bool: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
Scopes []string: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
UiButtonLabel string: Customizes the label of the UI button of the login screen
UserAuthorizationEndpoint string: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
UserinfoEndpoint string: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
WellknownEndpoint string: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

clientId String: Client ID to use with the OIDC provider
clientSecret String: Client Secret to use with the OIDC provider
enabled Boolean: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
orgId String: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
accessTokenEndpoint String: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
claimsMapping OrgOidcClaimsMapping: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
issuerId String: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
keyExpireDurationHours Double: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
keyRefreshEndpoint String: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
keyRefreshPeriodHours Double: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
keyRefreshStrategy String: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
keys List<OrgOidcKey>: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
maxClockSkewSeconds Double: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
orgOidcId String
preferIdToken Boolean: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
scopes List<String>: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
uiButtonLabel String: Customizes the label of the UI button of the login screen
userAuthorizationEndpoint String: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
userinfoEndpoint String: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
wellknownEndpoint String: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

clientId string: Client ID to use with the OIDC provider
clientSecret string: Client Secret to use with the OIDC provider
enabled boolean: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
orgId string: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
accessTokenEndpoint string: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
claimsMapping OrgOidcClaimsMapping: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
issuerId string: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
keyExpireDurationHours number: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
keyRefreshEndpoint string: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
keyRefreshPeriodHours number: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
keyRefreshStrategy string: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
keys OrgOidcKey[]: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
maxClockSkewSeconds number: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
orgOidcId string
preferIdToken boolean: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
scopes string[]: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
uiButtonLabel string: Customizes the label of the UI button of the login screen
userAuthorizationEndpoint string: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
userinfoEndpoint string: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
wellknownEndpoint string: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

client_id str: Client ID to use with the OIDC provider
client_secret str: Client Secret to use with the OIDC provider
enabled bool: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
org_id str: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
access_token_endpoint str: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
claims_mapping OrgOidcClaimsMappingArgs: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
issuer_id str: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
key_expire_duration_hours float: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
key_refresh_endpoint str: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
key_refresh_period_hours float: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
key_refresh_strategy str: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
keys Sequence[OrgOidcKeyArgs]: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
max_clock_skew_seconds float: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
org_oidc_id str
prefer_id_token bool: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
scopes Sequence[str]: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
ui_button_label str: Customizes the label of the UI button of the login screen
user_authorization_endpoint str: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
userinfo_endpoint str: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
wellknown_endpoint str: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

clientId String: Client ID to use with the OIDC provider
clientSecret String: Client Secret to use with the OIDC provider
enabled Boolean: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
orgId String: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
accessTokenEndpoint String: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
claimsMapping Property Map: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
issuerId String: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
keyExpireDurationHours Number: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
keyRefreshEndpoint String: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
keyRefreshPeriodHours Number: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
keyRefreshStrategy String: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
keys List<Property Map>: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
maxClockSkewSeconds Number: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
orgOidcId String
preferIdToken Boolean: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
scopes List<String>: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
uiButtonLabel String: Customizes the label of the UI button of the login screen
userAuthorizationEndpoint String: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
userinfoEndpoint String: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
wellknownEndpoint String: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

Outputs

All input properties are implicitly available as output properties. Additionally, the OrgOidc resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RedirectUri string: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard

Id string: The provider-assigned unique ID for this managed resource.
RedirectUri string: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard

id String: The provider-assigned unique ID for this managed resource.
redirectUri String: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard

id string: The provider-assigned unique ID for this managed resource.
redirectUri string: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard

id str: The provider-assigned unique ID for this managed resource.
redirect_uri str: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard

id String: The provider-assigned unique ID for this managed resource.
redirectUri String: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard

Look up Existing OrgOidc Resource

Get an existing OrgOidc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OrgOidcState, opts?: CustomResourceOptions): OrgOidc

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token_endpoint: Optional[str] = None,
        claims_mapping: Optional[OrgOidcClaimsMappingArgs] = None,
        client_id: Optional[str] = None,
        client_secret: Optional[str] = None,
        enabled: Optional[bool] = None,
        issuer_id: Optional[str] = None,
        key_expire_duration_hours: Optional[float] = None,
        key_refresh_endpoint: Optional[str] = None,
        key_refresh_period_hours: Optional[float] = None,
        key_refresh_strategy: Optional[str] = None,
        keys: Optional[Sequence[OrgOidcKeyArgs]] = None,
        max_clock_skew_seconds: Optional[float] = None,
        org_id: Optional[str] = None,
        org_oidc_id: Optional[str] = None,
        prefer_id_token: Optional[bool] = None,
        redirect_uri: Optional[str] = None,
        scopes: Optional[Sequence[str]] = None,
        ui_button_label: Optional[str] = None,
        user_authorization_endpoint: Optional[str] = None,
        userinfo_endpoint: Optional[str] = None,
        wellknown_endpoint: Optional[str] = None) -> OrgOidc

func GetOrgOidc(ctx *Context, name string, id IDInput, state *OrgOidcState, opts ...ResourceOption) (*OrgOidc, error)

public static OrgOidc Get(string name, Input<string> id, OrgOidcState? state, CustomResourceOptions? opts = null)

public static OrgOidc get(String name, Output<String> id, OrgOidcState state, CustomResourceOptions options)

resources:  _:    type: vcd:OrgOidc    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessTokenEndpoint string: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
ClaimsMapping OrgOidcClaimsMapping: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
ClientId string: Client ID to use with the OIDC provider
ClientSecret string: Client Secret to use with the OIDC provider
Enabled bool: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
IssuerId string: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
KeyExpireDurationHours double: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
KeyRefreshEndpoint string: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
KeyRefreshPeriodHours double: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
KeyRefreshStrategy string: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
Keys List<OrgOidcKey>: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
MaxClockSkewSeconds double: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
OrgId string: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
OrgOidcId string
PreferIdToken bool: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
RedirectUri string: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard
Scopes List<string>: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
UiButtonLabel string: Customizes the label of the UI button of the login screen
UserAuthorizationEndpoint string: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
UserinfoEndpoint string: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
WellknownEndpoint string: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

AccessTokenEndpoint string: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
ClaimsMapping OrgOidcClaimsMappingArgs: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
ClientId string: Client ID to use with the OIDC provider
ClientSecret string: Client Secret to use with the OIDC provider
Enabled bool: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
IssuerId string: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
KeyExpireDurationHours float64: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
KeyRefreshEndpoint string: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
KeyRefreshPeriodHours float64: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
KeyRefreshStrategy string: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
Keys []OrgOidcKeyArgs: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
MaxClockSkewSeconds float64: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
OrgId string: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
OrgOidcId string
PreferIdToken bool: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
RedirectUri string: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard
Scopes []string: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
UiButtonLabel string: Customizes the label of the UI button of the login screen
UserAuthorizationEndpoint string: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
UserinfoEndpoint string: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
WellknownEndpoint string: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

accessTokenEndpoint String: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
claimsMapping OrgOidcClaimsMapping: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
clientId String: Client ID to use with the OIDC provider
clientSecret String: Client Secret to use with the OIDC provider
enabled Boolean: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
issuerId String: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
keyExpireDurationHours Double: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
keyRefreshEndpoint String: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
keyRefreshPeriodHours Double: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
keyRefreshStrategy String: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
keys List<OrgOidcKey>: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
maxClockSkewSeconds Double: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
orgId String: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
orgOidcId String
preferIdToken Boolean: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
redirectUri String: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard
scopes List<String>: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
uiButtonLabel String: Customizes the label of the UI button of the login screen
userAuthorizationEndpoint String: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
userinfoEndpoint String: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
wellknownEndpoint String: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

accessTokenEndpoint string: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
claimsMapping OrgOidcClaimsMapping: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
clientId string: Client ID to use with the OIDC provider
clientSecret string: Client Secret to use with the OIDC provider
enabled boolean: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
issuerId string: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
keyExpireDurationHours number: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
keyRefreshEndpoint string: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
keyRefreshPeriodHours number: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
keyRefreshStrategy string: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
keys OrgOidcKey[]: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
maxClockSkewSeconds number: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
orgId string: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
orgOidcId string
preferIdToken boolean: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
redirectUri string: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard
scopes string[]: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
uiButtonLabel string: Customizes the label of the UI button of the login screen
userAuthorizationEndpoint string: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
userinfoEndpoint string: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
wellknownEndpoint string: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

access_token_endpoint str: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
claims_mapping OrgOidcClaimsMappingArgs: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
client_id str: Client ID to use with the OIDC provider
client_secret str: Client Secret to use with the OIDC provider
enabled bool: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
issuer_id str: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
key_expire_duration_hours float: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
key_refresh_endpoint str: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
key_refresh_period_hours float: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
key_refresh_strategy str: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
keys Sequence[OrgOidcKeyArgs]: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
max_clock_skew_seconds float: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
org_id str: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
org_oidc_id str
prefer_id_token bool: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
redirect_uri str: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard
scopes Sequence[str]: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
ui_button_label str: Customizes the label of the UI button of the login screen
user_authorization_endpoint str: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
userinfo_endpoint str: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
wellknown_endpoint str: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

accessTokenEndpoint String: The endpoint to use for access tokens. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
claimsMapping Property Map: A single configuration block that specifies the claim mappings to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the claims given by wellknown_endpoint. The supported claims are:
clientId String: Client ID to use with the OIDC provider
clientSecret String: Client Secret to use with the OIDC provider
enabled Boolean: Either true or false, specifies whether the OIDC authentication is enabled for the given organization
issuerId String: The issuer ID for the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
keyExpireDurationHours Number: Required if key_refresh_endpoint is set and key_refresh_strategy=EXPIRE_AFTER. Defines the expiration period of the key You can get more details of the EXPIRE_AFTER strategy here. Maximum value is 24
keyRefreshEndpoint String: Endpoint used to refresh the keys. If set, key_refresh_period_hours and key_refresh_strategy will be required. If wellknown_endpoint is set, then this argument will override the obtained endpoint
keyRefreshPeriodHours Number: Required if key_refresh_endpoint is set. Defines the frequency of key refresh. Maximum value is 720 (30 days)
keyRefreshStrategy String: Required if key_refresh_endpoint is set. Defines the strategy of key refresh. One of ADD, REPLACE, EXPIRE_AFTER. The different strategies are explained here
keys List<Property Map>: One or more configuration blocks that specify the keys to use with the OIDC provider. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the keys given by wellknown_endpoint. Each key requires the following:
maxClockSkewSeconds Number: The maximum clock skew is the maximum allowable time difference between the client and server. This time compensates for any small-time differences in the timestamps when verifying tokens. The default value is 60 seconds
orgId String: ID of the Organization that will have the OpenID Connect settings configured. There must be only one resource vcd.OrgOidc per org_id, as there is only one OpenID configuration per Organization
orgOidcId String
preferIdToken Boolean: If you want to combine claims from userinfo_endpoint and the ID Token, set this to true. The identity providers do not provide all the required claims set in userinfo_endpoint. By setting this argument to true, VMware Cloud Director can fetch and consume claims from both sources
redirectUri String: The client configuration redirect URI used to create a client application registration with an identity provider that complies with the OpenID Connect standard
scopes List<String>: A set of scopes to use with the OpenID Connect provider. They are used to authorize access to user details, by defining the permissions that the access tokens have to access user information. If 'wellknown_endpoint' is set, this attribute overrides the obtained scopes
uiButtonLabel String: Customizes the label of the UI button of the login screen
userAuthorizationEndpoint String: The endpoint to use for authorization. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
userinfoEndpoint String: The endpoint to use for User Info. If wellknown_endpoint is not set, then this argument is required. Otherwise, it is optional. This allows users to override the configuration given by wellknown_endpoint
wellknownEndpoint String: This endpoint retrieves the OIDC provider configuration and automatically sets the following arguments, without setting them explicitly: issuer_id, user_authorization_endpoint, access_token_endpoint, userinfo_endpoint, the claims_mapping block, the key blocks, and scopes. These mentioned attributes will be computed, and can be overridden by setting them explicitly in HCL code

Supporting Types

OrgOidcClaimsMapping, OrgOidcClaimsMappingArgs

Email string: Required if wellknown_endpoint doesn't give info about it
FirstName string: Required if wellknown_endpoint doesn't give info about it
FullName string: Required if wellknown_endpoint doesn't give info about it
Groups string: Optional
LastName string: Required if wellknown_endpoint doesn't give info about it
Roles string: Optional
Subject string: Required if wellknown_endpoint doesn't give info about it

Email string: Required if wellknown_endpoint doesn't give info about it
FirstName string: Required if wellknown_endpoint doesn't give info about it
FullName string: Required if wellknown_endpoint doesn't give info about it
Groups string: Optional
LastName string: Required if wellknown_endpoint doesn't give info about it
Roles string: Optional
Subject string: Required if wellknown_endpoint doesn't give info about it

email String: Required if wellknown_endpoint doesn't give info about it
firstName String: Required if wellknown_endpoint doesn't give info about it
fullName String: Required if wellknown_endpoint doesn't give info about it
groups String: Optional
lastName String: Required if wellknown_endpoint doesn't give info about it
roles String: Optional
subject String: Required if wellknown_endpoint doesn't give info about it

email string: Required if wellknown_endpoint doesn't give info about it
firstName string: Required if wellknown_endpoint doesn't give info about it
fullName string: Required if wellknown_endpoint doesn't give info about it
groups string: Optional
lastName string: Required if wellknown_endpoint doesn't give info about it
roles string: Optional
subject string: Required if wellknown_endpoint doesn't give info about it

email str: Required if wellknown_endpoint doesn't give info about it
first_name str: Required if wellknown_endpoint doesn't give info about it
full_name str: Required if wellknown_endpoint doesn't give info about it
groups str: Optional
last_name str: Required if wellknown_endpoint doesn't give info about it
roles str: Optional
subject str: Required if wellknown_endpoint doesn't give info about it

email String: Required if wellknown_endpoint doesn't give info about it
firstName String: Required if wellknown_endpoint doesn't give info about it
fullName String: Required if wellknown_endpoint doesn't give info about it
groups String: Optional
lastName String: Required if wellknown_endpoint doesn't give info about it
roles String: Optional
subject String: Required if wellknown_endpoint doesn't give info about it

OrgOidcKey, OrgOidcKeyArgs

Algorithm string: Algorithm used by the key. Can be RSA or EC
Certificate string: The contents of a PEM file to create/update the key
Id string: Identifier of the key
ExpirationDate string: Expiration date for the key. The accepted format is YYYY-MM-DD, like 2077-12-31

Algorithm string: Algorithm used by the key. Can be RSA or EC
Certificate string: The contents of a PEM file to create/update the key
Id string: Identifier of the key
ExpirationDate string: Expiration date for the key. The accepted format is YYYY-MM-DD, like 2077-12-31

algorithm String: Algorithm used by the key. Can be RSA or EC
certificate String: The contents of a PEM file to create/update the key
id String: Identifier of the key
expirationDate String: Expiration date for the key. The accepted format is YYYY-MM-DD, like 2077-12-31

algorithm string: Algorithm used by the key. Can be RSA or EC
certificate string: The contents of a PEM file to create/update the key
id string: Identifier of the key
expirationDate string: Expiration date for the key. The accepted format is YYYY-MM-DD, like 2077-12-31

algorithm str: Algorithm used by the key. Can be RSA or EC
certificate str: The contents of a PEM file to create/update the key
id str: Identifier of the key
expiration_date str: Expiration date for the key. The accepted format is YYYY-MM-DD, like 2077-12-31

algorithm String: Algorithm used by the key. Can be RSA or EC
certificate String: The contents of a PEM file to create/update the key
id String: Identifier of the key
expirationDate String: Expiration date for the key. The accepted format is YYYY-MM-DD, like 2077-12-31

Package Details

Repository: vcd vmware/terraform-provider-vcd
License
Notes: This Pulumi package is based on the vcd Terraform Provider.

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

vmware/terraform-provider-vcd

vcd.OrgOidc

On this page

On this page

Create OrgOidc Resource

Constructor syntax

Parameters

Constructor example

OrgOidc Resource Properties

Inputs

Outputs

Look up Existing OrgOidc Resource

Supporting Types

OrgOidcClaimsMapping, OrgOidcClaimsMappingArgs

OrgOidcKey, OrgOidcKeyArgs

Package Details

On this page

On this page