Update OIDC provider SCIM Integration.

PUT

/api/web/custom/namespaces/{namespace}/oidc_providers/{name}/scim

curl --request PUT \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/web/custom/namespaces/example/oidc_providers/example/scim \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "name": "example", "namespace": "example", "scim_enabled": true, "scim_token_meta": { "expiration_days": 1, "namespace": "example" } }'

• F5 Distributed Cloud Console

Enables / Disables the SCIM integration for the OIDC provider.

Examples of this operation.

Authorizations

• ApiToken

Parameters

Path Parameters

namespace

required

string

Namespace Supports only system namespace.

name

required

string

Name Name of OIDC provider object.

Request Body^required

Media typeapplication/json

UpdateScimIntegrationRequest

Request for updating the SCIM integration status for an OIDC provider.

object

name

name

Name of OIDC provider object.

string

>= 6 characters <= 1024 characters

namespace

namespace

Supports only system namespace.

string

>= 6 characters <= 1024 characters

scim_enabled

scim_enabled

Update the SCIM integration, either enables/disables for the OIDC provider on the basis of the provided value.

boolean format: boolean

scim_token_meta

object

expiration_days

Expiry in days

Qty of days of service credential expiration. Default value is 180. Expiration days value can range between 1 and 730.

integer format: int64

namespace

Namespace

Value of namespace is always “system”.

string

>= 6 characters <= 1024 characters

Example^generated

{
  "name": "example",
  "namespace": "example",
  "scim_enabled": true,
  "scim_token_meta": {
    "expiration_days": 1,
    "namespace": "example"
  }
}

Responses

200

A successful response.

Media typeapplication/json

UpdateScimIntegrationResponse

Response for the SCIM enablement request for an OIDC provider.

object

error

object

code

string

default: EOK

Allowed values: EOK EPERMS EBADINPUT ENOTFOUND EEXISTS EUNKNOWN ESERIALIZE EINTERNAL EPARTIAL

error_obj

object

type_url

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one ”/” character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.duration). The name should be in a canonical form (e.g., leading ”.” is not accepted).

In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme HTTP, HTTPS, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows:

• If no scheme is provided, HTTPS is assumed.
• An HTTP GET on the URL must yield a [google.protobuf.type][] value in binary format, or produce an error.
• Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.)

Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com.

Schemes other than HTTP, HTTPS (or the empty scheme) might be used with implementation specific semantics.

string

<= 1024 characters

value

Must be a valid serialized protocol buffer of the above specified type.

string format: byte

>= 3 characters <= 1024 characters

message

message

A human readable string of the error.

string

<= 1024 characters

scim_enabled

scim_enabled

This is for representing the status of scim integration.

boolean format: boolean

scim_token

object

active

Indicates if the resource is active

boolean format: boolean

data

Credentials

Data is the response format based on the API credential type. In case of API_CERTIFICATES, the response is the base64 encoded value of certificate in PKCS12 format. In case of KUBE_CONFIG, the response is the base64 encoded value of the K8s kubeconfig file with contents as requested - cluster,namespace and base64 encoded certificate, key and CA.

string

<= 1024 characters

expiration_timestamp

Configuration parameter for expiration timestamp

string format: date-time

<= 1024 characters

name

Human-readable name for the resource

string

>= 6 characters <= 1024 characters

url

url

This is the root URL that needs to be used in the external identity providers SCIM client which will be used for all API requests. As an example, if root URL is https://customer.domain/API/scim/namespaces/system/v2/ actual API request client will need make for user resource is via endpoint https://customer.domain/API/scim/namespaces/system/v2/Users.

string format: uri

<= 1024 characters

Example

{
  "error": {
    "code": "EOK"
  }
}

401

Returned when operation is not authorized.

Media typeapplication/json

string format: string

Example^generated

example

403

Returned when there is no permission to access resource.

Media typeapplication/json

string format: string

Example^generated

example

404

Returned when resource is not found.

Media typeapplication/json

string format: string

Example^generated

example

409

Returned when operation on resource is conflicting with current value.

Media typeapplication/json

string format: string

Example^generated

example

429

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json

string format: string

Example^generated

example

500

Returned when server encountered an error in processing API.

Media typeapplication/json

string format: string

Example^generated

example

503

Returned when service is unavailable temporarily.

Media typeapplication/json

string format: string

Example^generated

example

504

Returned when server timed out processing request.

Media typeapplication/json

string format: string

Example^generated

example