modifyOpenIDConnectConfiguration

Back to index

Summary

Modifies an existing OpenID Connect configuration.
openIDConnectConfigurationName
Stringrequired
The name of the OpenID Connect provider.
authorizationEndpoint
Stringoptional
URL for the authorization endpoint.
clientId
Stringoptional
Client ID used to uniquely identify the SDA server with the OIDC provider.
clientSecret
Stringoptional
Secret used to request token ID for the authenticated used from the OIDC provider.
configurationUrl
Stringoptional
The OpenID Connect provider's well-known configuration endpoint. If specified, then the other endpoints will be dynamically discovered when refreshConfiguration is set to true. If using an IPv6 address, enclose the address in square brackets. Example: [<IPv6-ADDRESS>].
description
Stringoptional
Comment text describing this object that is not interpreted at all by CloudBees CD/RO.
emailIdTokenClaim
Stringoptional
Claim name in the token ID used to retrieve the user email.
enableSingleLogout
Booleanoptional
Whether the user will be logged out from the OIDC provider when the user logs out of SDA.
enabled
Booleanoptional
Whether this OpenID Connect configuration is enabled. Defaults to true.
fullUserNameIdTokenClaim
Stringoptional
Claim name in the token ID used to retrieve the user full name.
idTokenJwsAlgs
Stringoptional
The supported ID token JWS algorithms separated by comma.
jwkProviderEndpoint
Stringoptional
URL for the JWK keys endpoint.
logoutEndpoint
Stringoptional
URL for the logout endpoint.
newName
Stringoptional
The new name for an existing object that is being renamed.
refreshConfiguration
Booleanoptional
Whether the endpoint attributes such as authorizationEndpoint, tokenEndpoint and other configuration details should be updated using the configurationURL. If true, then configurationURL must be set.
serverUrl
Stringoptional
URL for the service host. If using an IPv6 address, enclose the address in square brackets. Example: [<IPv6-ADDRESS>].
ssoProvider
Stringoptional
Used to identify the SSO provider for displaying the branded SSO button on the login page.
Possible values: "GOOGLE", "KEYCLOAK", "OKTA", "OTHER"
tokenEndpoint
Stringoptional
URL for the token endpoint.
userGroupsIdTokenClaim
Stringoptional
Claim name in the token ID used to retrieve the groups that the user belongs to.
userNameIdTokenClaim
Stringoptional
Claim name in the token ID used to retrieve the user name.

Usage

Perl

$cmdr->modifyOpenIDConnectConfiguration( "test-openIDConnectConfigurationName" # openIDConnectConfigurationName # optionals );

ectool

ectool modifyOpenIDConnectConfiguration \ "test-openIDConnectConfigurationName" `# openIDConnectConfigurationName` \ # optionals

Examples

ectool

ectool modifyOpenIDConnectConfiguration \ --clientId yyyyyyyyyyyy \ --clientSecret zzzzzzzzzzzzz \ --userNameIdTokenClaim sub \ --openIDConnectConfigurationName Okta \ --enabled true \ --serverUrl https://localhost \ --authorizationEndpoint https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/authorize \ --tokenEndpoint https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/token \ --jwkProviderEndpoint https://dev-xxxxxx-admin.oktapreview.com/oauth2/default/v1/keys \ --enableSingleLogout true \ --logoutEndpoint https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/logout \ --refreshConfiguration false

Response:

<response requestId="1" nodeId="172.17.0.1"> <openIDConnectConfiguration> <openIDConnectConfigurationId>46010f05-fe82-11eb-871b-c2153bca2a26</openIDConnectConfigurationId> <openIDConnectConfigurationName>Okta</openIDConnectConfigurationName> <authorizationEndpoint>https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/authorize</authorizationEndpoint> <clientId>yyyyyyyyyyyy</clientId> <configurationUrl>https://dev-xxxxxx.oktapreview.com/oauth2/default</configurationUrl> <createTime>2021-08-16T11:08:23.858Z</createTime> <enableSingleLogout>1</enableSingleLogout> <enabled>1</enabled> <jwkProviderEndpoint>https://dev-xxxxxx-admin.oktapreview.com/oauth2/default/v1/keys</jwkProviderEndpoint> <lastModifiedBy>admin</lastModifiedBy> <logoutEndpoint>https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/logout</logoutEndpoint> <modifyTime>2021-08-16T11:08:23.858Z</modifyTime> <owner>admin</owner> <refreshConfiguration>0</refreshConfiguration> <serverUrl>https://localhost</serverUrl> <tokenEndpoint>https://dev-xxxxxx.oktapreview.com/oauth2/default/v1/token</tokenEndpoint> <userNameIdTokenClaim>sub</userNameIdTokenClaim> </openIDConnectConfiguration> </response>