application commands
security oauth2 client show
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
Display OAuth 2.0 Provider
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security oauth2 client show command displays the configured OAuth 2.0 Provider configuration.
Parameters
- {
[-fields <fieldname>,…] -
This specifies the fields that need to be displayed.
- |
[-instance ]} -
If this parameter is specified, the command displays information about all OAuth 2.0 configuration entries.
[-config-name <text>]- Configuration Entry Name-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified config-name.
[-application <OAuth 2.0 Applications>]- Application-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified application. Currently only the
httpapplication is supported. [-issuer {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…}]- OAuth 2.0 Issuer-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified issuer.
[-audience <text>]- OAuth 2.0 Audience-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified audience.
[-client-id <text>]- OAuth 2.0 Client ID-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified client-id.
[-hashed-client-secret <Hex String>]- Hashed representation of client secret-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified hashed-client-secret.
[-introspection-endpoint {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…}]- OAuth 2.0 Token Introspection Endpoint Location-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified introspection-endpoint.
[-introspection-interval {P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W | disabled}]- OAuth 2.0 Token Introspection Refresh Interval in ISO-8601 format-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified introspection-interval.
[-remote-user-claim <text>]- OAuth 2.0 Remote User Claim-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified remote-user-claim.
[-provider-jwks-uri {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…}]- OAuth 2.0 Provider JSON Web Key Set Location-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified provider-jwks-uri.
[-jwks-refresh-interval {P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W}]- OAuth 2.0 JSON Web Key Set Refresh Interval in ISO-8601 format-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified jwks-refresh-interval.
[-outgoing-proxy <text>]- OAuth 2.0 Outgoing Proxy To Access External IdPs-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified outgoing-proxy.
[-use-local-roles-if-present {true|false}]- Use Local Roles, If Present-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified use-local-roles-if-present.
[-use-mutual-tls {none|request|required}]- Mutual TLS enforcement-
This is the Mutual TLS setting for the OAuth 2.0 configuration. When set to
required, OAuth 2.0 mutual TLS authentication is enforced for all access tokens and any token that does not have x5t#S256 property in the cnf section is rejected. The default value isrequestwhen not set, which means OAuth 2.0 mutual TLS authentication is enforced only if the x5t#S256 property is present in the cnf section of the access token. This can be disabled by setting to valuenone.
Examples
The following example displays the OAuth 2.0 Provider configuration for Local Validation:
cluster1::> security oidc client show
Configuration Name: auth1
Application: http
Issuer: https://issuer.example.com/
Audience: -
Client ID: -
Hashed Client Secret: -
Introspection Endpoint: -
Introspection Refresh Interval : -
Use local roles: true
Provider JSON Web Key Set Location: https://issuer.example.com/.well-known/jwks.json
JSON Web Key Set Refresh Interval: 1h
Remote User Claim: preferred_username
Outgoing Proxy: https://outgoing_proxy
Mutual TLS enforcement: request
The following example displays the OAuth 2.0 Provider configuration for Remote Introspection:
cluster1::> security oidc client show
Configuration Name: auth1
Application: http
Issuer: https://issuer.example.com/
Audience: -
Client ID: client_id
Hashed Client Secret: e194e3472ee55c4202582cfbf59a03a37ef27085d2baf1b2fd7f7da3973c56fa
Introspection Endpoint: -
Introspection Refresh Interval : 0s
Use local roles: true
Provider JSON Web Key Set Location: -
JSON Web Key Set Refresh Interval: -
Remote User Claim: preferred_username
Outgoing Proxy: https://outgoing_proxy
Mutual TLS enforcement: required