REST API - get

esx authentication client profiles: get

Get the details of a client profile.

Request:

HTTP request

GET https://{server}/api/esx/authentication/client-profiles/{profile}

Path Parameters

Name Type Description
Required
profile string The requested client profile identifier.

Response:

HTTP Status Code: 200

Response Body Structure:

{
    "grants"[
        {
            "resource_type""ENTITLEMENT",
            "entitlement""IDENTITY_MGMT"
        },
        {
            "resource_type""ENTITLEMENT",
            "entitlement""IDENTITY_MGMT"
        }
    ],
    "subject"{
        "domain""string",
        "name""string",
        "issuer_alias""obj-103",
        "type""LOCAL_USER"
    }
}

Headers:

None

Type:

Name Type Description
bold = required
- info The requested client profile.
-.subject subject The subject of the profile.

-.subject.type string subject type

Defines the types of subject matching that a client profile is associated with. Value is one of:
LOCAL_USER: local user
EXTERNAL_GROUP: A group from external source.
EXTERNAL_USER: A user from external source.

-.subject.name string The user or group name

Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of LOCAL_USER, EXTERNAL_GROUP, or EXTERNAL_USER.

-.subject.issuer_alias string The security token issuer alias, who created and signed the security token.

Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer.

-.subject.domain string Domain of the principal.

Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER.

-.grants access_grant[] Access grants. When the list is empty, the matching subjects don't receive grants from this client profile. but will receive grants from other matching ClientProfiles.

-.grants[].resource_type string Type of permission entity.

Defines the types of esx.authentication.client_profiles.access_grant elements in a client profile. These are permission resource types. There is support for entitlements, but not for groups. Value is one of:
ENTITLEMENT: Permission entitlements.

These are coarse-grained permissions that are not associated with an object, i.e. they are system-wide.

-.grants[].entitlement string The entitlement in the access grant.

Defines all permission entitlements supported on the ESX.

These are coarse-grained permissions that are not associated with an object, i.e. they are system-wide.

Value is one of:
IDENTITY_MGMT: Allows modifying the identity configuration.

For example: esx.authentication.client_profiles, esx.authentication.trust.security_token_issuers.


SECURITY_MGMT: Allows modifying security configuration.

For example: KMS, Attestation.


READ_ONLY: Allows access to some read-only operations. Not all read-only operations are accessible with this entitlement. Check the specific operation documentation for the required authorization.Optional. It is only relevant when resource_type has value ENTITLEMENT. This field is optional and it is only relevant when the value of resource_type is ENTITLEMENT.

Errors:

HTTP Status Code Type Description
404 not_found if the profile is not found.
500 error if there is a problem accessing the stored data.
401 unauthenticated if the user can not be authenticated.