@Generated(value="OracleSDKGenerator", comments="API Version: 20180222") public final class OpenIdConnectTokenAuthenticationConfig extends com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel
The properties that configure OIDC token authentication in kube-apiserver. For more information,
see Configuring the API
Server.
Note: Objects should always be created or deserialized using the OpenIdConnectTokenAuthenticationConfig.Builder
. This model
distinguishes fields that are null
because they are unset from fields that are explicitly
set to null
. This is done in the setter methods of the OpenIdConnectTokenAuthenticationConfig.Builder
, which maintain a
set of all explicitly set fields called OpenIdConnectTokenAuthenticationConfig.Builder.__explicitlySet__
. The hashCode()
and equals(Object)
methods are implemented to take the explicitly set
fields into account. The constructor, on the other hand, does not take the explicitly set fields
into account (since the constructor cannot distinguish explicit null
from unset null
).
Modifier and Type | Class and Description |
---|---|
static class |
OpenIdConnectTokenAuthenticationConfig.Builder |
EXPLICITLY_SET_FILTER_NAME, EXPLICITLY_SET_PROPERTY_NAME
Constructor and Description |
---|
OpenIdConnectTokenAuthenticationConfig(String issuerUrl,
String clientId,
String usernameClaim,
String usernamePrefix,
String groupsClaim,
String groupsPrefix,
List<KeyValue> requiredClaims,
String caCertificate,
List<String> signingAlgorithms,
Boolean isOpenIdConnectAuthEnabled)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
static OpenIdConnectTokenAuthenticationConfig.Builder |
builder()
Create a new builder.
|
boolean |
equals(Object o) |
String |
getCaCertificate()
A Base64 encoded public RSA or ECDSA certificates used to signed your identity provider’s web
certificate.
|
String |
getClientId()
A client id that all tokens must be issued for.
|
String |
getGroupsClaim()
JWT claim to use as the user’s group.
|
String |
getGroupsPrefix()
Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups).
|
Boolean |
getIsOpenIdConnectAuthEnabled()
Whether the cluster has OIDC Auth Config enabled.
|
String |
getIssuerUrl()
URL of the provider that allows the API server to discover public signing keys.
|
List<KeyValue> |
getRequiredClaims()
A key=value pair that describes a required claim in the ID Token.
|
List<String> |
getSigningAlgorithms()
The signing algorithms accepted.
|
String |
getUsernameClaim()
JWT claim to use as the user name.
|
String |
getUsernamePrefix()
Prefix prepended to username claims to prevent clashes with existing names (such as
system:users).
|
int |
hashCode() |
OpenIdConnectTokenAuthenticationConfig.Builder |
toBuilder() |
String |
toString() |
String |
toString(boolean includeByteArrayContents)
Return a string representation of the object.
|
markPropertyAsExplicitlySet, wasPropertyExplicitlySet
@Deprecated @ConstructorProperties(value={"issuerUrl","clientId","usernameClaim","usernamePrefix","groupsClaim","groupsPrefix","requiredClaims","caCertificate","signingAlgorithms","isOpenIdConnectAuthEnabled"}) public OpenIdConnectTokenAuthenticationConfig(String issuerUrl, String clientId, String usernameClaim, String usernamePrefix, String groupsClaim, String groupsPrefix, List<KeyValue> requiredClaims, String caCertificate, List<String> signingAlgorithms, Boolean isOpenIdConnectAuthEnabled)
public static OpenIdConnectTokenAuthenticationConfig.Builder builder()
Create a new builder.
public OpenIdConnectTokenAuthenticationConfig.Builder toBuilder()
public String getIssuerUrl()
URL of the provider that allows the API server to discover public signing keys. Only URLs that use the https:// scheme are accepted. This is typically the provider’s discovery URL, changed to have an empty path.
public String getClientId()
A client id that all tokens must be issued for.
public String getUsernameClaim()
JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
public String getUsernamePrefix()
Prefix prepended to username claims to prevent clashes with existing names (such as system:users). For example, the value oidc: will create usernames like oidc:jane.doe. If this flag isn’t provided and –oidc-username-claim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of –oidc-issuer-url. The value - can be used to disable all prefixing.
public String getGroupsClaim()
JWT claim to use as the user’s group. If the claim is present it must be an array of strings.
public String getGroupsPrefix()
Prefix prepended to group claims to prevent clashes with existing names (such as system:groups).
public List<KeyValue> getRequiredClaims()
A key=value pair that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value. Repeat this flag to specify multiple claims.
public String getCaCertificate()
A Base64 encoded public RSA or ECDSA certificates used to signed your identity provider’s web certificate.
public List<String> getSigningAlgorithms()
The signing algorithms accepted. Default is [“RS256”].
public Boolean getIsOpenIdConnectAuthEnabled()
Whether the cluster has OIDC Auth Config enabled. Defaults to false.
public String toString()
toString
in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel
public String toString(boolean includeByteArrayContents)
Return a string representation of the object.
includeByteArrayContents
- true to include the full contents of byte arrayspublic boolean equals(Object o)
equals
in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel
public int hashCode()
hashCode
in class com.oracle.bmc.http.client.internal.ExplicitlySetBmcModel
Copyright © 2016–2025. All rights reserved.