Update OpenID Connect Identity Provider

This method updates an existing OIDC Identity Provider. Any user who is a member of the Vault admins group can run this web service.

URL

 
https://{PVWA_SERVER}/passwordvault/api/Configuration/OIDC/Providers/{id}/
  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

Resource information

HTTP method

Content type

PUT

application/json

Header parameter

Parameter

Description

Authorization

The token that identifies the session, encoded in BASE 64.

Type: string

Mandatory: yes

Default value: none

URL parameter

Parameter

Description

id

The unique identifier of the provider.

This ID is used to identify the OIDC Identity Provider in PVWA.

Type: string

Mandatory: yes

Default value: none

Max length: 50

Body parameters

 
{
"authenticationFlow": "Code",
"discoveryEndpointUrl": "https://10.10.22.121/OPServer/.well-known/openid-configuration",
"clientId": "pvwa",
"clientSecretMethod" : "basic",
"userNameClaim": "given_name"
}

 

Parameter

Description

authenticationFlow

The OIDC connection flow.

Type: string

Mandatory: no

Default value: Code

Valid values: Code

authenticationEndpointUrl

The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL.

Note: This is not relevant if the Discovery URL is provided.

Type: URL

Mandatory: yes (when no discovery URL is provided)

Default value: no

issuer

The Issuer Identifier for the OpenID Provider. This is used by the application to verify that the response was issued from a specific provider.

Note: This is not relevant if the Discovery URL is provided.

Type: string

Mandatory: yes (when no discovery URL is provided)

Default value: no

description

A description of the provider.

Type: string

Mandatory: no

Default value: none

Max length: 255

discoveryEndpointUrl

OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL.

This URL is metadata that describes the provider's configuration.

Type: URL

Mandatory: yes

Default value: none

jwkSet

(JSON web key set) The set of keys provided by the OIDC Identity Provider for validating JWT (JSON web tokens) during the authentication flow.

The JSON must include a "keys" parameter, which is an array of JWKs (JWT signing keys).

Note: This is not relevant if the Discovery URL is provided.

Type: string

Mandatory: yes (when no discovery URL is provided)

Default value: none

clientId

The unique identifier for the client application.

This ID is created by the provider, and assigned to each client application upon registration.

Type: string

Mandatory: yes

Default value: none

Max length: 100

clientSecret

The client secret is only known to the application and the provider for secure communication during the authentication flow.

This secret is created by the provider, and assigned to each client application upon registration.

Type: string

Mandatory: no

Default value: none

Max length: 200

clientSecretMethod

The client authentication method for the client secret.

Type: string

Mandatory: yes

Default value: none

Valid values: Basic, Post

Max length: 50

userNameClaim

The property in the ID token provided by the OIDC Identity Provider that contains the user name.

Note: By default, the system will use the preferred_username claim in the ID token.

Type: string

Mandatory: no

Default value: preferred_username

Valid characters: Aa-Zz, underscore "_"

Max length: 50

Result

None

Return codes

For a complete list of return codes, see Return Codes.