Get OIDC Configuration

GET /authn/api/v1/oauth2/config

Get the OAuth2 configuration details of a tenant that is used by OpenID Connect(OIDC).

Responses

Successful operation

application/json

Schema
Example (from schema)

Schema

id uuid

prismaId int64

Prisma ID of the tenant.

clientId stringrequired

Client ID obtained after Identity Provider(IdP) configuration.

issuer stringrequired

The identifier of the OpenID Connect(OIDC) provider.

scopes string[]required

Identifiers used to specify what access privileges are being requested.

grantType string

Possible values: [authorization_code]

Grant types are a way to specify how a client wants to interact with an Identity Provider(IdP).

withPkce boolean

Possible values: [true, false]

Using proof key for code exchange(PKCE) as additional verification. PKCE ensures that only the client that requests the access token can redeem it.

idpAuthUri stringrequired

The URL of the authentication endpoint on the Identity Provider(IdP).

tokenUri stringrequired

The Identity Provider token endpoint URL for obtaining access and ID tokens.

jwkSetUri string

The URL of the Identity Provider(IdP) JSON Web Key Set document.This document contains signing keys that are used to validate the signatures from the provider.

endSessionUri string

The URL used to sign out the user from the Identity Provider(IdP).

isActive boolean

Possible values: [true, false]

True to enable SSO using OIDC; False otherwise.

isJitEnabled boolean

Possible values: [true, false]

Is JIT enabled

jitRoleClaimName string

Token claim providing the name of Prisma Cloud role for user.

jitDefaultRoleId string

Default Prisma Cloud role to use for JIT when claim is missing or undefined.

pcAuthUri string

Prisma Cloud endpoint URL to begin the authentication flow.

pcRelayUri string

Prisma Cloud callback endpoint URL from the IdP during authentication.

lastLoginErrors string[]

Recent OIDC login errors.

createdBy string

User who created the resource.

createdTs int64

Created on timestamp.

lastModifiedBy string

User who made the last update.

lastModifiedTs int64

Last update timestamp.

clientSecretIsBlank boolean

Possible values: [true, false]

True if client secret is not configured; False otherwise.

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "prismaId": 0,
  "clientId": "string",
  "issuer": "string",
  "scopes": "[openid, email, profile]",
  "grantType": "authorization_code",
  "withPkce": true,
  "idpAuthUri": "string",
  "tokenUri": "string",
  "jwkSetUri": "string",
  "endSessionUri": "string",
  "isActive": true,
  "isJitEnabled": true,
  "jitRoleClaimName": "string",
  "jitDefaultRoleId": "string",
  "pcAuthUri": "string",
  "pcRelayUri": "string",
  "lastLoginErrors": [
    "string"
  ],
  "createdBy": "string",
  "createdTs": 0,
  "lastModifiedBy": "string",
  "lastModifiedTs": 0,
  "clientSecretIsBlank": true
}

Client error

Response Headers

x-redlock-status string
error description

application/json

Schema
Example (from schema)

Schema

timestamp stringrequired

status int32required

error stringrequired

errorDetails object[]

Array [

name stringrequired

message stringrequired

]

message stringrequired

path stringrequired

{
  "timestamp": "string",
  "status": 0,
  "error": "string",
  "errorDetails": [
    {
      "name": "string",
      "message": "string"
    }
  ],
  "message": "string",
  "path": "string"
}

Authentication error

application/json

Schema
Example (from schema)

Schema

id uuid

prismaId int64

Prisma ID of the tenant.

clientId stringrequired

Client ID obtained after Identity Provider(IdP) configuration.

issuer stringrequired

The identifier of the OpenID Connect(OIDC) provider.

scopes string[]required

Identifiers used to specify what access privileges are being requested.

grantType string

Possible values: [authorization_code]

Grant types are a way to specify how a client wants to interact with an Identity Provider(IdP).

withPkce boolean

Possible values: [true, false]

Using proof key for code exchange(PKCE) as additional verification. PKCE ensures that only the client that requests the access token can redeem it.

idpAuthUri stringrequired

The URL of the authentication endpoint on the Identity Provider(IdP).

tokenUri stringrequired

The Identity Provider token endpoint URL for obtaining access and ID tokens.

jwkSetUri string

The URL of the Identity Provider(IdP) JSON Web Key Set document.This document contains signing keys that are used to validate the signatures from the provider.

endSessionUri string

The URL used to sign out the user from the Identity Provider(IdP).

isActive boolean

Possible values: [true, false]

True to enable SSO using OIDC; False otherwise.

isJitEnabled boolean

Possible values: [true, false]

Is JIT enabled

jitRoleClaimName string

Token claim providing the name of Prisma Cloud role for user.

jitDefaultRoleId string

Default Prisma Cloud role to use for JIT when claim is missing or undefined.

pcAuthUri string

Prisma Cloud endpoint URL to begin the authentication flow.

pcRelayUri string

Prisma Cloud callback endpoint URL from the IdP during authentication.

lastLoginErrors string[]

Recent OIDC login errors.

createdBy string

User who created the resource.

createdTs int64

Created on timestamp.

lastModifiedBy string

User who made the last update.

lastModifiedTs int64

Last update timestamp.

clientSecretIsBlank boolean

Possible values: [true, false]

True if client secret is not configured; False otherwise.

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "prismaId": 0,
  "clientId": "string",
  "issuer": "string",
  "scopes": "[openid, email, profile]",
  "grantType": "authorization_code",
  "withPkce": true,
  "idpAuthUri": "string",
  "tokenUri": "string",
  "jwkSetUri": "string",
  "endSessionUri": "string",
  "isActive": true,
  "isJitEnabled": true,
  "jitRoleClaimName": "string",
  "jitDefaultRoleId": "string",
  "pcAuthUri": "string",
  "pcRelayUri": "string",
  "lastLoginErrors": [
    "string"
  ],
  "createdBy": "string",
  "createdTs": 0,
  "lastModifiedBy": "string",
  "lastModifiedTs": 0,
  "clientSecretIsBlank": true
}

Authorization error

application/json

Schema
Example (from schema)

Schema

id uuid

prismaId int64

Prisma ID of the tenant.

clientId stringrequired

Client ID obtained after Identity Provider(IdP) configuration.

issuer stringrequired

The identifier of the OpenID Connect(OIDC) provider.

scopes string[]required

Identifiers used to specify what access privileges are being requested.

grantType string

Possible values: [authorization_code]

Grant types are a way to specify how a client wants to interact with an Identity Provider(IdP).

withPkce boolean

Possible values: [true, false]

Using proof key for code exchange(PKCE) as additional verification. PKCE ensures that only the client that requests the access token can redeem it.

idpAuthUri stringrequired

The URL of the authentication endpoint on the Identity Provider(IdP).

tokenUri stringrequired

The Identity Provider token endpoint URL for obtaining access and ID tokens.

jwkSetUri string

The URL of the Identity Provider(IdP) JSON Web Key Set document.This document contains signing keys that are used to validate the signatures from the provider.

endSessionUri string

The URL used to sign out the user from the Identity Provider(IdP).

isActive boolean

Possible values: [true, false]

True to enable SSO using OIDC; False otherwise.

isJitEnabled boolean

Possible values: [true, false]

Is JIT enabled

jitRoleClaimName string

Token claim providing the name of Prisma Cloud role for user.

jitDefaultRoleId string

Default Prisma Cloud role to use for JIT when claim is missing or undefined.

pcAuthUri string

Prisma Cloud endpoint URL to begin the authentication flow.

pcRelayUri string

Prisma Cloud callback endpoint URL from the IdP during authentication.

lastLoginErrors string[]

Recent OIDC login errors.

createdBy string

User who created the resource.

createdTs int64

Created on timestamp.

lastModifiedBy string

User who made the last update.

lastModifiedTs int64

Last update timestamp.

clientSecretIsBlank boolean

Possible values: [true, false]

True if client secret is not configured; False otherwise.

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "prismaId": 0,
  "clientId": "string",
  "issuer": "string",
  "scopes": "[openid, email, profile]",
  "grantType": "authorization_code",
  "withPkce": true,
  "idpAuthUri": "string",
  "tokenUri": "string",
  "jwkSetUri": "string",
  "endSessionUri": "string",
  "isActive": true,
  "isJitEnabled": true,
  "jitRoleClaimName": "string",
  "jitDefaultRoleId": "string",
  "pcAuthUri": "string",
  "pcRelayUri": "string",
  "lastLoginErrors": [
    "string"
  ],
  "createdBy": "string",
  "createdTs": 0,
  "lastModifiedBy": "string",
  "lastModifiedTs": 0,
  "clientSecretIsBlank": true
}

Too many requests

application/json

Schema
Example (from schema)

Schema

id uuid

prismaId int64

Prisma ID of the tenant.

clientId stringrequired

Client ID obtained after Identity Provider(IdP) configuration.

issuer stringrequired

The identifier of the OpenID Connect(OIDC) provider.

scopes string[]required

Identifiers used to specify what access privileges are being requested.

grantType string

Possible values: [authorization_code]

Grant types are a way to specify how a client wants to interact with an Identity Provider(IdP).

withPkce boolean

Possible values: [true, false]

Using proof key for code exchange(PKCE) as additional verification. PKCE ensures that only the client that requests the access token can redeem it.

idpAuthUri stringrequired

The URL of the authentication endpoint on the Identity Provider(IdP).

tokenUri stringrequired

The Identity Provider token endpoint URL for obtaining access and ID tokens.

jwkSetUri string

The URL of the Identity Provider(IdP) JSON Web Key Set document.This document contains signing keys that are used to validate the signatures from the provider.

endSessionUri string

The URL used to sign out the user from the Identity Provider(IdP).

isActive boolean

Possible values: [true, false]

True to enable SSO using OIDC; False otherwise.

isJitEnabled boolean

Possible values: [true, false]

Is JIT enabled

jitRoleClaimName string

Token claim providing the name of Prisma Cloud role for user.

jitDefaultRoleId string

Default Prisma Cloud role to use for JIT when claim is missing or undefined.

pcAuthUri string

Prisma Cloud endpoint URL to begin the authentication flow.

pcRelayUri string

Prisma Cloud callback endpoint URL from the IdP during authentication.

lastLoginErrors string[]

Recent OIDC login errors.

createdBy string

User who created the resource.

createdTs int64

Created on timestamp.

lastModifiedBy string

User who made the last update.

lastModifiedTs int64

Last update timestamp.

clientSecretIsBlank boolean

Possible values: [true, false]

True if client secret is not configured; False otherwise.

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "prismaId": 0,
  "clientId": "string",
  "issuer": "string",
  "scopes": "[openid, email, profile]",
  "grantType": "authorization_code",
  "withPkce": true,
  "idpAuthUri": "string",
  "tokenUri": "string",
  "jwkSetUri": "string",
  "endSessionUri": "string",
  "isActive": true,
  "isJitEnabled": true,
  "jitRoleClaimName": "string",
  "jitDefaultRoleId": "string",
  "pcAuthUri": "string",
  "pcRelayUri": "string",
  "lastLoginErrors": [
    "string"
  ],
  "createdBy": "string",
  "createdTs": 0,
  "lastModifiedBy": "string",
  "lastModifiedTs": 0,
  "clientSecretIsBlank": true
}

Get OIDC Configuration

/authn/api/v1/oauth2/config

Responses​

Responses