security oauth2 client show
Display OAuth 2.0 Provider
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security oauth2 client show
command displays the configured OAuth 2.0 Provider configuration.
Parameters
- {
[-fields <fieldname>,…]
-
This specifies the fields that need to be displayed.
- |
[-instance ]
} -
If this parameter is specified, the command displays information about all OAuth 2.0 configuration entries.
[-config-name <text>]
- Configuration Entry Name-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified config-name.
[-application <OAuth 2.0 Applications>]
- Application-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified application. Currently only the
http
application is supported. [-issuer {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…}]
- OAuth 2.0 Issuer-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified issuer.
[-audience <text>]
- OAuth 2.0 Audience-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified audience.
[-client-id <text>]
- OAuth 2.0 Client ID-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified client-id.
[-hashed-client-secret <Hex String>]
- Hashed representation of client secret-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified hashed-client-secret.
[-introspection-endpoint {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…}]
- OAuth 2.0 Token Introspection Endpoint Location-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified introspection-endpoint.
[-introspection-interval {P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W | disabled}]
- OAuth 2.0 Token Introspection Refresh Interval in ISO-8601 format-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified introspection-interval.
[-remote-user-claim <text>]
- OAuth 2.0 Remote User Claim-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified remote-user-claim.
[-provider-jwks-uri {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…}]
- OAuth 2.0 Provider JSON Web Key Set Location-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified provider-jwks-uri.
[-jwks-refresh-interval {P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W}]
- OAuth 2.0 JSON Web Key Set Refresh Interval in ISO-8601 format-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified jwks-refresh-interval.
[-outgoing-proxy <text>]
- OAuth 2.0 Outgoing Proxy To Access External IdPs-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified outgoing-proxy.
[-use-local-roles-if-present {true|false}]
- Use Local Roles, If Present-
If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified use-local-roles-if-present.
[-use-mutual-tls {none|request|required}]
- Mutual TLS enforcement-
This is the Mutual TLS setting for the OAuth 2.0 configuration. When set to
required
, OAuth 2.0 mutual TLS authentication is enforced for all access tokens and any token that does not have x5t#S256 property in the cnf section is rejected. The default value isrequest
when not set, which means OAuth 2.0 mutual TLS authentication is enforced only if the x5t#S256 property is present in the cnf section of the access token. This can be disabled by setting to valuenone
.
Examples
The following example displays the OAuth 2.0 Provider configuration for Local Validation:
cluster1::> security oidc client show Configuration Name: auth1 Application: http Issuer: https://issuer.example.com/ Audience: - Client ID: - Hashed Client Secret: - Introspection Endpoint: - Introspection Refresh Interval : - Use local roles: true Provider JSON Web Key Set Location: https://issuer.example.com/.well-known/jwks.json JSON Web Key Set Refresh Interval: 1h Remote User Claim: preferred_username Outgoing Proxy: https://outgoing_proxy Mutual TLS enforcement: request
The following example displays the OAuth 2.0 Provider configuration for Remote Introspection:
cluster1::> security oidc client show Configuration Name: auth1 Application: http Issuer: https://issuer.example.com/ Audience: - Client ID: client_id Hashed Client Secret: e194e3472ee55c4202582cfbf59a03a37ef27085d2baf1b2fd7f7da3973c56fa Introspection Endpoint: - Introspection Refresh Interval : 0s Use local roles: true Provider JSON Web Key Set Location: - JSON Web Key Set Refresh Interval: - Remote User Claim: preferred_username Outgoing Proxy: https://outgoing_proxy Mutual TLS enforcement: required