Skip to content

identity-provider create oidc

qlik identity-provider create oidc

Creates a new IdP

Synopsis

This endpoint creates an identity provider resource. It returns a 201 Created when creation is successful with a header “QLIK-IDP-POPTS” (A unique string representing a hash of the current configuration being tested), returns a 403 Forbidden for a non TenantAdmin user JWT or if the tenantID in the JWT does not match with any of the tenantIDs in the payload. An IdP can be created with Pending Options or options depending whether the IdP is interactive or not.

qlik identity-provider create oidc [flags]

Options

      --clockToleranceSec int                                               There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set, decimals will be rounded off.
      --createNewUsersOnLogin                                               Tells the consumer of the IdP that new users should be created on login if they don't exist.
      --description string                                                  Payload for creating an OIDC-compatible identity provider.
  -f, --file string                                                         Reads request from a file
  -h, --help                                                                help for oidc
      --interactive                                                         Indicates whether the IdP is meant for interactive login.
      --interval int                                                        Duration in seconds to wait between retries, at least 1 (default 1)
      --options-allowedClientIds strings                                    Only clients with IDs in this list will be allowed API access. A blank list or empty value means any client IDs authenticated against the IdP will be allowed access.
      --options-audience string                                             Allows for setting audience in access tokens.
      --options-claimsMapping-client_id strings                             A list of JSON pointers used to map the user's client ID.
      --options-claimsMapping-sub strings                                   A list of JSON pointers used to map the user's subject.
      --options-discoveryUrl string                                         The OpenID configuration endpoint. (Ex: https://<domain>/.well-known/openid-configuration). Required if openid_configuration is not given.
      --options-openid_configuration-authorization_endpoint string          OAuth 2.0 Authorization Endpoint
      --options-openid_configuration-end_session_endpoint string            URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
      --options-openid_configuration-introspection_endpoint string          The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
      --options-openid_configuration-issuer string                          OpenID Provider issuer
      --options-openid_configuration-jwks_uri string                        URL of the OP's JSON Web Key Set [JWK] document
      --options-openid_configuration-token_endpoint string                  OAuth 2.0 Token Endpoint
      --options-openid_configuration-userinfo_endpoint string               URL of the OP's UserInfo Endpoint
      --options-realm string                                                The realm identifier for the IdP.
      --pendingOptions-blockOfflineAccessScope offline_access               When true, the offline_access scope will not be requested from the IdP where applicable.
      --pendingOptions-claimsMapping-client_id strings                      A list of JSON pointers used to map the user's client ID.
      --pendingOptions-claimsMapping-email strings                          A list of JSON pointers used to map the user's email.
      --pendingOptions-claimsMapping-email_verified strings                 A list of JSON pointers used to map the user's email_verified claim.
      --pendingOptions-claimsMapping-groups strings                         A list of JSON pointers used to map the user's groups.
      --pendingOptions-claimsMapping-locale strings                         A list of JSON pointers used to map the user's locale.
      --pendingOptions-claimsMapping-name strings                           A list of JSON pointers used to map the user's name.
      --pendingOptions-claimsMapping-picture strings                        A list of JSON pointers used to map the user's picture.
      --pendingOptions-claimsMapping-sub strings                            A list of JSON pointers used to map the user's subject.
      --pendingOptions-claimsMapping-zoneinfo strings                       A list of JSON pointers used to map the user's zoneinfo.
      --pendingOptions-clientId string                                      The client identifier used as part of authenticating an interactive identity provider.
      --pendingOptions-clientSecret string                                  The client secret used as part of authenticating an interactive identity provider.
      --pendingOptions-discoveryUrl string                                  The OpenID configuration endpoint. (Ex: https://<domain>/.well-known/openid-configuration). Required if openid_configuration is not given.
      --pendingOptions-emailVerifiedAlwaysTrue                              Only ADFS and AzureAD IdPs can set this property. For ADFS and AzureAD, it defaults to false. For other IdPs, it defaults to undefined.
      --pendingOptions-openid_configuration-authorization_endpoint string   OAuth 2.0 Authorization Endpoint
      --pendingOptions-openid_configuration-end_session_endpoint string     URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
      --pendingOptions-openid_configuration-introspection_endpoint string   The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
      --pendingOptions-openid_configuration-issuer string                   OpenID Provider issuer
      --pendingOptions-openid_configuration-jwks_uri string                 URL of the OP's JSON Web Key Set [JWK] document
      --pendingOptions-openid_configuration-token_endpoint string           OAuth 2.0 Token Endpoint
      --pendingOptions-openid_configuration-userinfo_endpoint string        URL of the OP's UserInfo Endpoint
      --pendingOptions-realm string                                         The realm identifier for the IdP.
      --pendingOptions-scope string                                         Scope which will be sent along with token requests to the IdP. Scopes should be space delimited. Will default to certain values depending on the IdP provider.
      --pendingOptions-useClaimsFromIdToken                                 If true, will use the claims from the ID token. By default it is set to true for ADFS and AzureAD.
      --postLogoutRedirectUri string                                        Direct the user on logout to a specific URI.
      --protocol string                                                     The protocol to be used for communicating with the identity provider.
      --provider string                                                     The identity provider to be used.
  -q, --quiet                                                               Return only IDs from the command
      --raw                                                                 Return original response from server without any processing
      --retry int                                                           Number of retries to do before failing, max 10
      --skipVerify true                                                     If set to true, skips IdP verification process and assumes the IdP is verified.
      --tenantIds strings                                                   The tenant identifiers that map to the given IdP.

Options inherited from parent commands

  -c, --config string            path/to/config.yml where parameters can be set instead of on the command line
      --context string           Name of the context used when connecting to Qlik Associative Engine
      --headers stringToString   HTTP headers to use when connecting to Qlik Associative Engine (default [])
      --insecure                 Enabling insecure will make it possible to connect using self-signed certificates
      --json                     Returns output in JSON format, if possible. Disables verbose and traffic output
  -s, --server string            URL to Qlik Cloud or directly to a Qlik Associative Engine
      --server-type string       The type of server you are using: cloud, Windows (Enterprise on Windows) or engine
  -v, --verbose                  Log extra information
Was this page helpful?