source_request
The address of the source provider, LDAP/AD/AWS/Local
How often the source data should be refreshed, time in seconds
86400A name describing the source
A pretty sourceA comment describing the object
A commentArray of tag strings
Array of wildcarded username patters which should be authenticated against this source
external_user_mapping object[]
Mapping external users to source users via id+username
A shared identifier between an external user source and this directory, used to map an external user to this source.
Search this field (be that AD/LDAP attribute or a database column) for the user id provided.
Child session auto logout delay in seconds
900session_password_policy object
Password policy for session password generation
Minimum password length, must be large enough to produce at least WEAK passwords and at least 10
16Maximum password length, must be smaller or equal to 99
16truetruetruetrueconnection object
Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
Type of the source, LDAP, AD or AWS IAM
Possible values: [LDAP, AD, GOOGLEGSUITE, OIDC, AWS, GOOGLECLOUD, OPENSTACK, AZURE, LOCAL]
The address of the LDAP/AD/Local source provider
The port of the LDAP/AD/Local source provider
Should the host-service addresses be automatically updated if an address change is detected
AWS access key
AWS secret access key
AWS session token
Fetch roles from Amazon
A prefix for roles to be fetched from Amazon
Array of Google Cloud project IDs
Google Cloud service-account configuration. Base64 encoded JSON blob.
The OpenStack version being configured.
Possible values: [V2, V3]
OpenStack service endpoint url.
OpenStack user name for Identity V2 API.
OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
OpenStack password for Identity V2 and V3. Either password or API key is used.
OpenStack API key for Identity V2 and V3. Either password or API key is used.
OpenStack domain name for Identity V3, used with user name.
OpenStack domain ID for Identity V3, used with user name.
OpenStack token ID.
Array of OpenStack tenant IDs.
Array of OpenStack tenant names.
Azure connection endpoint url
Azure subscription ID
Azure tenant ID
Azure client ID
Azure client secret
Possible values: [LDAP, LDAPS, STARTTLS]
The base LDAP/AD DN of the search string
The user filter for the base DN
(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active DirectoryThe browse account for LDAP/AD connection
CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=comThe browse account password for LDAP/AD connection
FooBarWhere to capture the user's distinguished name
uid={0},ou=peoplemydomain.com, if left empty fetches all user domainsadmin@mydomain.comAllows discovery to work when the issuer_url reported by upstream is mismatched with the discovery URL.
https://identity.oraclecloud.com/An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
Multifactor-authentication-back-end type
Possible values: [DISABLED, INTERNAL, RADIUS, OIDC, FIDO]
Multifactor-authentication-back-end address
Multifactor-authentication back-end port
Base DN of users who need to authenticate using MFA
Domain Controller FQDN for Kerberos authentication
Domain Controller port number for Kerberos authentication
Base64 encoded Kerberos ticket for Kerberos authentication
Is user authentication enabled for this source
Is machine user authentication enabled for this source
{
"enabled": true,
"ttl": 86400,
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 0,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_additional_issuer": "https://identity.oraclecloud.com/",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 0,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 0,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}