identity_provider

iduuid

namestringrequired

Identity provider name, must be unique

Possible values: >= 2 characters and <= 2042 characters

Example: Acme identity provider

token_typestringrequired

Token type. Only "JWT" is supported.

Possible values: [JWT]

Example: JWT

jwt_issuerstringrequired

JWT issuer

Possible values: <= 2042 characters

Example: acme

jwt_audiencestring

Expected JWT audience. JWT aud claim must either have a single matching value or it must be have an array of values of which at least one value must match.

Possible values: <= 2042 characters

Example: privx

jwt_subject_typestringrequired

JWT subject claim format

Possible values: [plain, dn]

Example: dn

jwt_subject_dn_username_attributestring

If jwt_subject_type is "dn" then jwt_subject_dn_username_attribute specifies the name of the attribute to be used as username when resolving the user

Example: cn

custom_attributes object[]

Array [

field_namestringrequired

Name of JWT token claim

typestringrequired

Type of the custom attribute validation. "string_pattern" compares a claim value to a glob pattern. "numeric_range" checks that the claim value is within an expected numeric range. "ip_range" checks that claim value is an IP address within an IP range. "ip_client" check that claim value matches the IP address from which the token login REST API request is made.

Possible values: [string_pattern, numeric_range, ip_range, ip_client]

expected_valuestring

Expected claim value as glob pattern when type is "string_pattern"

startstring

Start value. If type is numeric_range then start must be an integer or a float value in string format. If type is ip_range then start must be a valid IPv4 or IPv6 address.

endstring

End value. If type is numeric_range then the type of the value must match start and the value must not be smaller than start. If type is ip_range then the IP version must match start and the value must not be smaller than start.

]

public_key_methodstring

Method for obtaining the token verification public key

Possible values: [static, x5u, x5u-publickey]

public_keys object[]

Array [

key_idstringrequired

Key ID

Example: key-1

commentstring

Comment

public_keystringrequired

Public key in PKIX PEM format

Example: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoopkfuxiDKcB3XGT3TlF 14dyBUTJctzO80O2iX69GVzcXcx/TFVo8J1f8QASxHaW8w5GyLyNVMjc0lhoKM9T Prb5RN/wXchfBCRYxMu57sVcvD1e7JR586ELebX1206ZL9/jyeFK4wVjaPxcBbhC Eb/Gw1dcSxlt0SoeconCv2yRsRVxxQCHv91HAvg2S17uC3K/AxU4gOoGzlK/dEYi 6TztKimKhuxkNFcT9l5gDIWoQQXLPCxN7ayqJ60MBw/N8esbgrgAYfGPgOEWnRDY 59aAuOMzVBlRVFnrBRU+pVlINcDens1DaZP8Dut7gdaZs8fJQ8KmvfrYQm9uOFCn CwIDAQAB -----END PUBLIC KEY-----

]

x5u_trust_anchorPEM certificate or certificate chain

Trust anchor for verifying X.509 certificates fetched from x5u urls. Required if public_key_method is "x5u"

Example: -----BEGIN CERTIFICATE----- MIIDXzCCAkegAwIBAgIUKDzwc7wsPLlP4YVLEZDAme2lDUUwDQYJKoZIhvcNAQEL BQAwPzELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzEMMAoGA1UECwwD UiZEMQ4wDAYDVQQDDAVQUklWWDAeFw0yMjA1MTkwODUyMjlaFw0yMzA1MTQwODUy MjlaMD8xCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlTU0hDT01TRUMxDDAKBgNVBAsM A1ImRDEOMAwGA1UEAwwFUFJJVlgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCiimR+7GIMpwHdcZPdOUXXh3IFRMly3M7zQ7aJfr0ZXNxdzH9MVWjwnV/x ABLEdpbzDkbIvI1UyNzSWGgoz1M+tvlE3/BdyF8EJFjEy7nuxVy8PV7slHnzoQt5 tfXbTpkv3+PJ4UrjBWNo/FwFuEIRv8bDV1xLGW3RKh5yicK/bJGxFXHFAIe/3UcC +DZLXu4Lcr8DFTiA6gbOUr90RiLpPO0qKYqG7GQ0VxP2XmAMhahBBcs8LE3trKon rQwHD83x6xuCuABh8Y+A4RadENjn1oC44zNUGVFUWesFFT6lWUg1wN6ezUNpk/wO 63uB1pmzx8lDwqa9+thCb244UKcLAgMBAAGjUzBRMB0GA1UdDgQWBBRs5UC6jHc0 uqp1ABqZrONLE1Rv1TAfBgNVHSMEGDAWgBRs5UC6jHc0uqp1ABqZrONLE1Rv1TAP BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8lbh+wEJKZlEVtIJ/ wswLjwnzXc0MxGJL7/zVAfn1XKN+igAhKFUK13tziRjM68/Qbe9ckr2VRmvNLOxE ALsPx0poKruAMWuu3p1JHNjm3MrLRsC/K+Fogi1r1RiSoyZFBS2HVl+5hDbtW2bx UEm1dqYzELyAnjuIJFN1gZwMQP3abHuGQnmIF0nNHyNMBVU64i5mHuSulCY+pGur x93kOQNESHRGoYhCQwYJSI03BfcIRrv5BPCd98tpSfNXgoOga1vFSb1AwiWpq/zL u5z8eBbsLf9xmkylqMNZbZWsJFMv0r43cLA87Qo848YsJYpk51iIOZgGR6xTQF0+ Q+M6 -----END CERTIFICATE-----

x5u_tls_trust_anchorPEM certificate or certificate chain

Trust anchor for TLS server certificates used when fetching X.509 certificates or public keys from x5u urls. If not specified then system trust anchors will be used.

Example: -----BEGIN CERTIFICATE----- MIIDIzCCAgugAwIBAgIUV19HtBxY1nF7nfgk9X/YIyba4XEwDQYJKoZIhvcNAQEL BQAwITELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzAeFw0yMjA1MTkx MjI0NDhaFw0yMzA1MTkxMjI0NDhaMCExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlT U0hDT01TRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsoOmkZ7L PqTwPvhbMItewr92kY6HfityYmQ5gCHp6T03X6jvhiZYNM0FuhhGYHr9RNnBEuTB U1eKYgb59lUsLtNWAxy1D2riQ4/2P2jU6ldSEUrzAHQ0tYlkGAWecpzh601XBE9f Bde1kDPzw5qdUGIt8oLTCaY0FydBHNOopxvbpO7kJGAxA8jsYrmvXaglMBSmChPg rubfTp1D07VuRDAJEQW9kwYWbO9PSSRGsGsg2ZQRpJpvqLzLb7iBjG68kJik+zBA YT4AkjItf71XvkzI+X18Rn4RuaYgKXUX5S1BVGy6JqbC+Zd6X/sJBsxx3h67RG8/ brOr2h86bgJ/AgMBAAGjUzBRMB0GA1UdDgQWBBT3gsAZ1c+rjewKAhZ/y/yHjC2w hjAfBgNVHSMEGDAWgBT3gsAZ1c+rjewKAhZ/y/yHjC2whjAPBgNVHRMBAf8EBTAD AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAQjNPfE7oTbYY8eqv9NoEB/OUD3VJRHFVT ffYIag8/X1pz3lG1hYBy2XXSw4+1XDOH9Rgf+Ol78Sbse38ciVoZkwotkInJjdat 6x5keBNdSQj97/Ec0xPZeM6ArTeajl12qlvgZUjUhz3xKdNwmbsBKGL+YdgMeOBg zyRcqMvynOH3KlxYyXbiEtx+Sw3FQflKZ+VZhlmmplsgnqk9YOByX6DZlP5thI2C Pew6jTFHtJosa7G5l3V8qwQc1KXYkPIUr6yMOZhxrHuqZR+QuujXb4CFe8idHmgF TDfPuHLK9IAd4MfPxVwMhvvWezbYAnqojCF73n4k6KLKXH262s7s -----END CERTIFICATE-----

x5u_prefixuri

The url in the token's x5u claim must start with the x5u_prefix or it will be rejected. x5u_prefix must be a valid https url. Required if public_key_method is "x5u-publickey".

Example: https://privx.io/token-issuer

enabledboolean

Enable/Disable Identity Provider

users_directoryuuidrequired

ID of the PrivX user directory from which the users are resolved by token's sub claim. OIDC user directories are not supported.

authoruuid

Identity Provider Author

createddate-time

Creation time

updateddate-time

Time of the last update

updated_bystring

ID of the user who last updated the identity provider

identity_provider

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "Acme identity provider",
  "token_type": "JWT",
  "jwt_issuer": "acme",
  "jwt_audience": "privx",
  "jwt_subject_type": "dn",
  "jwt_subject_dn_username_attribute": "cn",
  "custom_attributes": [
    {
      "field_name": "email",
      "type": "string_pattern",
      "expected_value": "*@privx.io"
    },
    {
      "field_name": "instances",
      "type": "ip_range",
      "start": "192.168.3.1",
      "end": "192.168.3.254"
    },
    {
      "field_name": "instances",
      "type": "ip_client"
    },
    {
      "field_name": "uid",
      "type": "numeric_range",
      "start": "1001",
      "end": "65535"
    }
  ],
  "public_key_method": "static",
  "public_keys": [
    {
      "key_id": "key-1",
      "comment": "string",
      "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoopkfuxiDKcB3XGT3TlF\n14dyBUTJctzO80O2iX69GVzcXcx/TFVo8J1f8QASxHaW8w5GyLyNVMjc0lhoKM9T\nPrb5RN/wXchfBCRYxMu57sVcvD1e7JR586ELebX1206ZL9/jyeFK4wVjaPxcBbhC\nEb/Gw1dcSxlt0SoeconCv2yRsRVxxQCHv91HAvg2S17uC3K/AxU4gOoGzlK/dEYi\n6TztKimKhuxkNFcT9l5gDIWoQQXLPCxN7ayqJ60MBw/N8esbgrgAYfGPgOEWnRDY\n59aAuOMzVBlRVFnrBRU+pVlINcDens1DaZP8Dut7gdaZs8fJQ8KmvfrYQm9uOFCn\nCwIDAQAB\n-----END PUBLIC KEY-----\n"
    }
  ],
  "x5u_trust_anchor": "-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgIUKDzwc7wsPLlP4YVLEZDAme2lDUUwDQYJKoZIhvcNAQEL\nBQAwPzELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzEMMAoGA1UECwwD\nUiZEMQ4wDAYDVQQDDAVQUklWWDAeFw0yMjA1MTkwODUyMjlaFw0yMzA1MTQwODUy\nMjlaMD8xCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlTU0hDT01TRUMxDDAKBgNVBAsM\nA1ImRDEOMAwGA1UEAwwFUFJJVlgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQCiimR+7GIMpwHdcZPdOUXXh3IFRMly3M7zQ7aJfr0ZXNxdzH9MVWjwnV/x\nABLEdpbzDkbIvI1UyNzSWGgoz1M+tvlE3/BdyF8EJFjEy7nuxVy8PV7slHnzoQt5\ntfXbTpkv3+PJ4UrjBWNo/FwFuEIRv8bDV1xLGW3RKh5yicK/bJGxFXHFAIe/3UcC\n+DZLXu4Lcr8DFTiA6gbOUr90RiLpPO0qKYqG7GQ0VxP2XmAMhahBBcs8LE3trKon\nrQwHD83x6xuCuABh8Y+A4RadENjn1oC44zNUGVFUWesFFT6lWUg1wN6ezUNpk/wO\n63uB1pmzx8lDwqa9+thCb244UKcLAgMBAAGjUzBRMB0GA1UdDgQWBBRs5UC6jHc0\nuqp1ABqZrONLE1Rv1TAfBgNVHSMEGDAWgBRs5UC6jHc0uqp1ABqZrONLE1Rv1TAP\nBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8lbh+wEJKZlEVtIJ/\nwswLjwnzXc0MxGJL7/zVAfn1XKN+igAhKFUK13tziRjM68/Qbe9ckr2VRmvNLOxE\nALsPx0poKruAMWuu3p1JHNjm3MrLRsC/K+Fogi1r1RiSoyZFBS2HVl+5hDbtW2bx\nUEm1dqYzELyAnjuIJFN1gZwMQP3abHuGQnmIF0nNHyNMBVU64i5mHuSulCY+pGur\nx93kOQNESHRGoYhCQwYJSI03BfcIRrv5BPCd98tpSfNXgoOga1vFSb1AwiWpq/zL\nu5z8eBbsLf9xmkylqMNZbZWsJFMv0r43cLA87Qo848YsJYpk51iIOZgGR6xTQF0+\nQ+M6\n-----END CERTIFICATE-----\n",
  "x5u_tls_trust_anchor": "-----BEGIN CERTIFICATE-----\nMIIDIzCCAgugAwIBAgIUV19HtBxY1nF7nfgk9X/YIyba4XEwDQYJKoZIhvcNAQEL\nBQAwITELMAkGA1UEBhMCRkkxEjAQBgNVBAoMCVNTSENPTVNFQzAeFw0yMjA1MTkx\nMjI0NDhaFw0yMzA1MTkxMjI0NDhaMCExCzAJBgNVBAYTAkZJMRIwEAYDVQQKDAlT\nU0hDT01TRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsoOmkZ7L\nPqTwPvhbMItewr92kY6HfityYmQ5gCHp6T03X6jvhiZYNM0FuhhGYHr9RNnBEuTB\nU1eKYgb59lUsLtNWAxy1D2riQ4/2P2jU6ldSEUrzAHQ0tYlkGAWecpzh601XBE9f\nBde1kDPzw5qdUGIt8oLTCaY0FydBHNOopxvbpO7kJGAxA8jsYrmvXaglMBSmChPg\nrubfTp1D07VuRDAJEQW9kwYWbO9PSSRGsGsg2ZQRpJpvqLzLb7iBjG68kJik+zBA\nYT4AkjItf71XvkzI+X18Rn4RuaYgKXUX5S1BVGy6JqbC+Zd6X/sJBsxx3h67RG8/\nbrOr2h86bgJ/AgMBAAGjUzBRMB0GA1UdDgQWBBT3gsAZ1c+rjewKAhZ/y/yHjC2w\nhjAfBgNVHSMEGDAWgBT3gsAZ1c+rjewKAhZ/y/yHjC2whjAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAQjNPfE7oTbYY8eqv9NoEB/OUD3VJRHFVT\nffYIag8/X1pz3lG1hYBy2XXSw4+1XDOH9Rgf+Ol78Sbse38ciVoZkwotkInJjdat\n6x5keBNdSQj97/Ec0xPZeM6ArTeajl12qlvgZUjUhz3xKdNwmbsBKGL+YdgMeOBg\nzyRcqMvynOH3KlxYyXbiEtx+Sw3FQflKZ+VZhlmmplsgnqk9YOByX6DZlP5thI2C\nPew6jTFHtJosa7G5l3V8qwQc1KXYkPIUr6yMOZhxrHuqZR+QuujXb4CFe8idHmgF\nTDfPuHLK9IAd4MfPxVwMhvvWezbYAnqojCF73n4k6KLKXH262s7s\n-----END CERTIFICATE-----\n",
  "x5u_prefix": "https://privx.io/token-issuer",
  "enabled": true,
  "users_directory": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "author": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "created": "2024-07-29T15:51:28.071Z",
  "updated": "2024-07-29T15:51:28.071Z",
  "updated_by": "string"
}