Skip to main content
Version: v41

sources

countinteger
items object[]
  • Array [
  • idstring<uuid>

    The UUID of the returned object

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    createdstring<date-time>

    When the object was created

    Example: 2017-01-01T15:05:05Z
    updatedstring<date-time>

    When the object was created

    Example: 2017-01-01T15:05:05Z
    updated_bystring<uuid>

    ID of the user who updated the object

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    authorstring<uuid>

    ID of the user who originally authored the object

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    enabledboolean
    ttlinteger

    How often the source data should be refreshed, time in seconds

    Example: 86400
    status_codestring

    Source status, OK / NOK / DISABLED

    Possible values: [OK, NOK, DISABLED]

    Example: OK
    status_textstring

    A string indicating source status, free textual format.

    Example: Connection established
    namestring

    A name describing the source

    Example: A pretty source
    commentstring

    A comment describing the object

    Example: A comment
    tagsstring[]

    Array of tag strings

    username_patternstring[]

    Array of wildcarded username patters which should be authenticated against this source

    external_user_mapping object[]

    Mapping external users to source users via id+username

  • Array [
  • source_idstring

    A shared identifier between an external user source and this directory, used to map an external user to this source.

    source_search_fieldstring

    Search this field (be that AD/LDAP attribute or a database column) for the user id provided.

  • ]
  • session_password_enabledboolean
    child_session_auto_logout_delayinteger

    Child session auto logout delay in seconds

    Example: 900
    session_password_policy object

    Password policy for session password generation

    password_min_lengthinteger

    Minimum password length, must be large enough to produce at least WEAK passwords and at least 10

    Example: 16
    password_max_lengthinteger

    Maximum password length, must be smaller or equal to 99

    Example: 16
    use_special_charactersboolean
    Example: true
    use_lower_caseboolean
    Example: true
    use_upper_caseboolean
    Example: true
    use_numbersboolean
    Example: true
    password_entropyinteger

    Password entropy in bits for session passwords generated from this policy

    Example: 95
    password_strengthstring

    Possible values: [VERY_WEAK, WEAK, STRONG, VERY_STRONG]

    Example: STRONG
    connection object

    Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined

    typestring

    Type of the source, LDAP, AD or AWS IAM

    Possible values: [LDAP, AD, GOOGLEGSUITE, OIDC, AWS, GOOGLECLOUD, OPENSTACK, AZURE, LOCAL]

    addressstring

    The address of the LDAP/AD/Local source provider

    portinteger

    The port of the LDAP/AD/Local source provider

    service_address_auto_updateboolean

    Should the host-service addresses be automatically updated if an address change is detected

    iam_access_key_idstring

    AWS access key

    iam_secret_access_keystring

    AWS secret access key

    iam_session_tokenstring

    AWS session token

    iam_fetch_rolesboolean

    Fetch roles from Amazon

    iam_fetch_role_path_prefixstring

    A prefix for roles to be fetched from Amazon

    google_cloud_project_idsstring[]

    Array of Google Cloud project IDs

    google_cloud_config_jsonstring

    Google Cloud service-account configuration. Base64 encoded JSON blob.

    openstack_versionstring

    The OpenStack version being configured.

    Possible values: [V2, V3]

    openstack_endpointstring

    OpenStack service endpoint url.

    openstack_usernamestring

    OpenStack user name for Identity V2 API.

    openstack_user_idstring

    OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName

    openstack_passwordstring

    OpenStack password for Identity V2 and V3. Either password or API key is used.

    openstack_apikeystring

    OpenStack API key for Identity V2 and V3. Either password or API key is used.

    openstack_domainnamestring

    OpenStack domain name for Identity V3, used with user name.

    openstack_domainidstring

    OpenStack domain ID for Identity V3, used with user name.

    openstack_token_idstring

    OpenStack token ID.

    openstack_tenant_idsstring[]

    Array of OpenStack tenant IDs.

    openstack_tenant_namesstring[]

    Array of OpenStack tenant names.

    azure_base_urlstring

    Azure connection endpoint url

    azure_subscription_idstring

    Azure subscription ID

    azure_tenant_idstring

    Azure tenant ID

    azure_client_idstring

    Azure client ID

    azure_client_secretstring

    Azure client secret

    ldap_protocolstring

    Possible values: [LDAP, LDAPS, STARTTLS]

    ldap_basestring

    The base LDAP/AD DN of the search string

    ldap_user_filterstring

    The user filter for the base DN

    Example: (&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory
    ldap_bind_dnstring

    The browse account for LDAP/AD connection

    Example: CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com
    ldap_bind_passwordstring

    The browse account password for LDAP/AD connection

    Example: FooBar
    ldap_user_dn_patternstring

    Where to capture the user's distinguished name

    Example: uid={0},ou=people
    google_gsuite_domainstring
    Example: mydomain.com, if left empty fetches all user domains
    google_gsuite_domain_admin_emailstring
    Example: admin@mydomain.com
    oidc_enabledboolean
    oidc_issuerstring
    oidc_button_titlestring
    oidc_client_idstring
    oidc_client_secretstring
    oidc_additional_scopesstring[]
    oidc_tags_attribute_namestring
    attribute_mappingobject

    An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.

    mfa_typestring

    Multifactor-authentication-back-end type

    Possible values: [DISABLED, INTERNAL, RADIUS, OIDC, FIDO, MOBILE]

    mfa_addressstring

    Multifactor-authentication-back-end address

    mfa_portinteger

    Multifactor-authentication back-end port

    mfa_base_dnstring

    Base DN of users who need to authenticate using MFA

    domain_controller_fqdnstring

    Domain Controller FQDN for Kerberos authentication

    domain_controller_portinteger

    Domain Controller port number for Kerberos authentication

    kerberos_ticketstring

    Base64 encoded Kerberos ticket for Kerberos authentication

    enable_user_authenticationboolean

    Is user authentication enabled for this source

    enable_machine_authenticationboolean

    Is machine user authentication enabled for this source

  • ]
  • sources
    {
    "count": 0,
    "items": [
    {
    "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
    "created": "2017-01-01T15:05:05Z",
    "updated": "2017-01-01T15:05:05Z",
    "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
    "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
    "enabled": true,
    "ttl": 86400,
    "status_code": "OK",
    "status_text": "Connection established",
    "name": "A pretty source",
    "comment": "A comment",
    "tags": [
    "string"
    ],
    "username_pattern": [
    "string"
    ],
    "external_user_mapping": [
    {
    "source_id": "string",
    "source_search_field": "string"
    }
    ],
    "session_password_enabled": true,
    "child_session_auto_logout_delay": 900,
    "session_password_policy": {
    "password_min_length": 16,
    "password_max_length": 16,
    "use_special_characters": true,
    "use_lower_case": true,
    "use_upper_case": true,
    "use_numbers": true,
    "password_entropy": 95,
    "password_strength": "STRONG"
    },
    "connection": {
    "type": "LDAP",
    "address": "string",
    "port": 0,
    "service_address_auto_update": true,
    "iam_access_key_id": "string",
    "iam_secret_access_key": "string",
    "iam_session_token": "string",
    "iam_fetch_roles": true,
    "iam_fetch_role_path_prefix": "string",
    "google_cloud_project_ids": [
    "string"
    ],
    "google_cloud_config_json": "string",
    "openstack_version": "V2",
    "openstack_endpoint": "string",
    "openstack_username": "string",
    "openstack_user_id": "string",
    "openstack_password": "string",
    "openstack_apikey": "string",
    "openstack_domainname": "string",
    "openstack_domainid": "string",
    "openstack_token_id": "string",
    "openstack_tenant_ids": [
    "string"
    ],
    "openstack_tenant_names": [
    "string"
    ],
    "azure_base_url": "string",
    "azure_subscription_id": "string",
    "azure_tenant_id": "string",
    "azure_client_id": "string",
    "azure_client_secret": "string",
    "ldap_protocol": "LDAP",
    "ldap_base": "string",
    "ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
    "ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
    "ldap_bind_password": "FooBar",
    "ldap_user_dn_pattern": "uid={0},ou=people",
    "google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
    "google_gsuite_domain_admin_email": "admin@mydomain.com",
    "oidc_enabled": true,
    "oidc_issuer": "string",
    "oidc_button_title": "string",
    "oidc_client_id": "string",
    "oidc_client_secret": "string",
    "oidc_additional_scopes": [
    "string"
    ],
    "oidc_tags_attribute_name": "string",
    "attribute_mapping": {},
    "mfa_type": "DISABLED",
    "mfa_address": "string",
    "mfa_port": 0,
    "mfa_base_dn": "string",
    "domain_controller_fqdn": "string",
    "domain_controller_port": 0,
    "kerberos_ticket": "string",
    "enable_user_authentication": true,
    "enable_machine_authentication": true
    }
    }
    ]
    }