Back to index
Summary
Creates a new OpenID Connect configuration.openIDConnectConfigurationNameStringrequiredThe name of the OpenID Connect provider. authorizationEndpointStringoptionalURL for the authorization endpoint. clientIdStringoptionalClient ID used to uniquely identify the SDA server with the OIDC provider. clientSecretStringoptionalSecret used to request token ID for the authenticated used from the OIDC provider. configurationUrlStringoptionalThe OpenID Connect provider's well-known configuration endpoint. If specified, then the other endpoints will be dynamically discovered when refreshConfiguration is set to true. If using an IPv6 address, enclose the address in square brackets. Example: [<IPv6-ADDRESS>].descriptionStringoptionalComment text describing this object that is not interpreted at all by CloudBees CD/RO. emailIdTokenClaimStringoptionalClaim name in the token ID used to retrieve the user email. enableSingleLogoutBooleanoptionalWhether the user will be logged out from the OIDC provider when the user logs out of SDA. enabledBooleanoptionalWhether this OpenID Connect configuration is enabled. Defaults to true. fullUserNameIdTokenClaimStringoptionalClaim name in the token ID used to retrieve the user full name. idTokenJwsAlgsStringoptionalThe supported ID token JWS algorithms separated by comma. jwkProviderEndpointStringoptionalURL for the JWK keys endpoint. logoutEndpointStringoptionalURL for the logout endpoint. refreshConfigurationBooleanoptionalWhether the endpoint attributes such as authorizationEndpoint, tokenEndpoint and other configuration details should be updated using the configurationURL. If true, then configurationURL must be set. serverUrlStringoptionalURL for the service host. If using an IPv6 address, enclose the address in square brackets. Example: [<IPv6-ADDRESS>].ssoProviderStringoptionalUsed to identify the SSO provider for displaying the branded SSO button on the login page. Possible values: "GOOGLE", "KEYCLOAK", "OKTA", "OTHER"tokenEndpointStringoptionalURL for the token endpoint. userGroupsIdTokenClaimStringoptionalClaim name in the token ID used to retrieve the groups that the user belongs to. userNameIdTokenClaimStringoptionalClaim name in the token ID used to retrieve the user name. |
Usage
Perl
$cmdr->createOpenIDConnectConfiguration( "test-openIDConnectConfigurationName" # openIDConnectConfigurationName # optionals );
ectool
ectool createOpenIDConnectConfiguration \ "test-openIDConnectConfigurationName" `# openIDConnectConfigurationName` \ # optionals
Examples
ectool
ectool createOpenIDConnectConfiguration \ --clientId yyyyyyyyyyyy \ --clientSecret zzzzzzzzzzzzz \ --userNameIdTokenClaim sub \ --openIDConnectConfigurationName Okta \ --enabled true \ --serverUrl https://localhost \ --enableSingleLogout true \ --configurationUrl https://dev-xxxxxx.oktapreview.com/oauth2/default \ --refreshConfiguration true
Response:
<response requestId="1" nodeId="172.17.0.1"> <openIDConnectConfiguration> <openIDConnectConfigurationId>46010f05-fe82-11eb-871b-c2153bca2a26</openIDConnectConfigurationId> <openIDConnectConfigurationName>Okta</openIDConnectConfigurationName> <authorizationEndpoint>https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/authorize</authorizationEndpoint> <clientId>yyyyyyyyyyyy</clientId> <configurationUrl>https://dev-xxxxxx.oktapreview.com/oauth2/default</configurationUrl> <createTime>2021-08-16T11:08:23.858Z</createTime> <enableSingleLogout>1</enableSingleLogout> <enabled>1</enabled> <jwkProviderEndpoint>https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/keys</jwkProviderEndpoint> <lastModifiedBy>admin</lastModifiedBy> <logoutEndpoint>https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/logout</logoutEndpoint> <modifyTime>2021-08-16T11:08:23.858Z</modifyTime> <owner>admin</owner> <refreshConfiguration>1</refreshConfiguration> <serverUrl>https://localhost</serverUrl> <tokenEndpoint>https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/token</tokenEndpoint> <userNameIdTokenClaim>sub</userNameIdTokenClaim> </openIDConnectConfiguration> </response>