REST API - list

esx authentication client profiles: list

List the existing client profiles.

Request:

HTTP request

GET https://{server}/api/esx/authentication/client-profiles

?local_user_name={value}
&external_group_name={value}
&external_user_name={value}
&issuer_alias={obj-103}
&domain={value}
&projection={value}

Query Parameters:

Name Type Description
bold = required
local_user_name string Filter for local user by name.

Exactly one of esx.authentication.client_profiles.filter_spec.local_user_name, esx.authentication.client_profiles.filter_spec.external_group_name or esx.authentication.client_profiles.filter_spec.external_user_name must be set.

Optional. If set, filter for a local user.

external_group_name string The external group name.

Exactly one of esx.authentication.client_profiles.filter_spec.local_user_name, esx.authentication.client_profiles.filter_spec.external_group_name or esx.authentication.client_profiles.filter_spec.external_user_name must be set.

Optional. If set, filter for an external group, esx.authentication.client_profiles.filter_spec.issuer_alias and esx.authentication.client_profiles.filter_spec.domain must be set.

external_user_name string The external user name.

Exactly one of esx.authentication.client_profiles.filter_spec.local_user_name, esx.authentication.client_profiles.filter_spec.external_group_name or esx.authentication.client_profiles.filter_spec.external_user_name must be set.

Optional. If set, filter for an external user, esx.authentication.client_profiles.filter_spec.issuer_alias and esx.authentication.client_profiles.filter_spec.domain must be set.

issuer_alias string The security token issuer alias, who created and signed the security token.

Optional. Must be set only if esx.authentication.client_profiles.filter_spec.external_group_name or esx.authentication.client_profiles.filter_spec.external_user_name is set.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer.

domain string Domain of the external principal.

Optional. Must be set only if esx.authentication.client_profiles.filter_spec.external_group_name or esx.authentication.client_profiles.filter_spec.external_user_name is set.

projection string Optional. The type of the returned summary - brief, normal or full.

Response:

HTTP Status Code: 200

Response Body Structure:

[
    {
        "grants"[
            {
                "resource_type""ENTITLEMENT",
                "entitlement""IDENTITY_MGMT"
            },
            {
                "resource_type""ENTITLEMENT",
                "entitlement""IDENTITY_MGMT"
            }
        ],
        "subject"{
            "domain""string",
            "name""string",
            "issuer_alias""obj-103",
            "type""LOCAL_USER"
        },
        "client_profile""obj-103",
        "summary_type""FULL"
    },
    {
        "grants"[
            {
                "resource_type""ENTITLEMENT",
                "entitlement""IDENTITY_MGMT"
            },
            {
                "resource_type""ENTITLEMENT",
                "entitlement""IDENTITY_MGMT"
            }
        ],
        "subject"{
            "domain""string",
            "name""string",
            "issuer_alias""obj-103",
            "type""LOCAL_USER"
        },
        "client_profile""obj-103",
        "summary_type""FULL"
    }
]

Headers:

None

Type:

Name Type Description
bold = required
- summary[] The list of current client profiles.
-[].summary_type string Defines the verbosity of the sumary.

Defines the types of esx.authentication.client_profiles.summary members to return from the list method.

The profile information could include the access grants or be a shorter summary.

Value is one of:
FULL: The full profile information, including access grants.
NORMAL: A summary containing only the profile identifier and the subject information.
BRIEF: A brief summary, containing only the profile identifier.
-[].client_profile string Client profile identifier.

Optional. It is only relevant when summary_type has value [BRIEF, NORMAL, FULL]. This field is optional and it is only relevant when the value of summary_type is one of BRIEF, NORMAL, or FULL.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.clientprofile.

-[].subject subject The subject of the profile.

Optional. It is only relevant when summary_type has value [NORMAL, FULL]. This field is optional and it is only relevant when the value of summary_type is one of NORMAL or FULL.

-[].subject.type string subject type

Defines the types of subject matching that a client profile is associated with. Value is one of:
LOCAL_USER: local user
EXTERNAL_GROUP: A group from external source.
EXTERNAL_USER: A user from external source.

-[].subject.name string The user or group name

Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of LOCAL_USER, EXTERNAL_GROUP, or EXTERNAL_USER.

-[].subject.issuer_alias string The security token issuer alias, who created and signed the security token.

Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer.

-[].subject.domain string Domain of the principal.

Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER.

-[].grants access_grant[] Access grants. When the list is empty, the matching subjects don't receive grants from this client profile. but will receive grants from other matching ClientProfiles.

Optional. It is only relevant when summary_type has value FULL. This field is optional and it is only relevant when the value of summary_type is FULL.

-[].grants[].resource_type string Type of permission entity.

Defines the types of esx.authentication.client_profiles.access_grant elements in a client profile. These are permission resource types. There is support for entitlements, but not for groups. Value is one of:
ENTITLEMENT: Permission entitlements.

These are coarse-grained permissions that are not associated with an object, i.e. they are system-wide.

-[].grants[].entitlement string The entitlement in the access grant.

Defines all permission entitlements supported on the ESX.

These are coarse-grained permissions that are not associated with an object, i.e. they are system-wide.

Value is one of:
IDENTITY_MGMT: Allows modifying the identity configuration.

For example: esx.authentication.client_profiles, esx.authentication.trust.security_token_issuers.


SECURITY_MGMT: Allows modifying security configuration.

For example: KMS, Attestation.


READ_ONLY: Allows access to some read-only operations. Not all read-only operations are accessible with this entitlement. Check the specific operation documentation for the required authorization.Optional. It is only relevant when resource_type has value ENTITLEMENT. This field is optional and it is only relevant when the value of resource_type is ENTITLEMENT.

Errors:

HTTP Status Code Type Description
500 error if there is a problem accessing the stored data.
400 invalid_argument if the arguments contain invalid data.
401 unauthenticated if the user can not be authenticated.