identity-provider create oidc
qlik identity-provider create oidc
Creates a new IdP
Synopsis
This endpoint creates an identity provider resource. It returns a 201 Created when creation is successful with a header “QLIK-IDP-POPTS” (A unique string representing a hash of the current configuration being tested), returns a 403 Forbidden for a non TenantAdmin user JWT or if the tenantID in the JWT does not match with any of the tenantIDs in the payload. An IdP can be created with Pending Options or options depending whether the IdP is interactive or not.
qlik identity-provider create oidc [flags]
Options
--clockToleranceSec int There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set, decimals will be rounded off.
--createNewUsersOnLogin Tells the consumer of the IdP that new users should be created on login if they don't exist.
--description string Payload for creating an OIDC-compatible identity provider.
-f, --file string Reads request from a file
-h, --help help for oidc
--interactive Indicates whether the IdP is meant for interactive login.
--interval int Duration in seconds to wait between retries, at least 1 (default 1)
--options-allowedClientIds strings Only clients with IDs in this list will be allowed API access. A blank list or empty value means any client IDs authenticated against the IdP will be allowed access.
--options-audience string Allows for setting audience in access tokens.
--options-claimsMapping-client_id strings A list of JSON pointers used to map the user's client ID.
--options-claimsMapping-sub strings A list of JSON pointers used to map the user's subject.
--options-discoveryUrl string The OpenID configuration endpoint. (Ex: https://<domain>/.well-known/openid-configuration). Required if openid_configuration is not given.
--options-openid_configuration-authorization_endpoint string OAuth 2.0 Authorization Endpoint
--options-openid_configuration-end_session_endpoint string URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
--options-openid_configuration-introspection_endpoint string The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
--options-openid_configuration-issuer string OpenID Provider issuer
--options-openid_configuration-jwks_uri string URL of the OP's JSON Web Key Set [JWK] document
--options-openid_configuration-token_endpoint string OAuth 2.0 Token Endpoint
--options-openid_configuration-userinfo_endpoint string URL of the OP's UserInfo Endpoint
--options-realm string The realm identifier for the IdP.
--pendingOptions-blockOfflineAccessScope offline_access When true, the offline_access scope will not be requested from the IdP where applicable.
--pendingOptions-claimsMapping-client_id strings A list of JSON pointers used to map the user's client ID.
--pendingOptions-claimsMapping-email strings A list of JSON pointers used to map the user's email.
--pendingOptions-claimsMapping-email_verified strings A list of JSON pointers used to map the user's email_verified claim.
--pendingOptions-claimsMapping-groups strings A list of JSON pointers used to map the user's groups.
--pendingOptions-claimsMapping-locale strings A list of JSON pointers used to map the user's locale.
--pendingOptions-claimsMapping-name strings A list of JSON pointers used to map the user's name.
--pendingOptions-claimsMapping-picture strings A list of JSON pointers used to map the user's picture.
--pendingOptions-claimsMapping-sub strings A list of JSON pointers used to map the user's subject.
--pendingOptions-claimsMapping-zoneinfo strings A list of JSON pointers used to map the user's zoneinfo.
--pendingOptions-clientId string The client identifier used as part of authenticating an interactive identity provider.
--pendingOptions-clientSecret string The client secret used as part of authenticating an interactive identity provider.
--pendingOptions-discoveryUrl string The OpenID configuration endpoint. (Ex: https://<domain>/.well-known/openid-configuration). Required if openid_configuration is not given.
--pendingOptions-emailVerifiedAlwaysTrue Only ADFS and AzureAD IdPs can set this property. For ADFS and AzureAD, it defaults to false. For other IdPs, it defaults to undefined.
--pendingOptions-openid_configuration-authorization_endpoint string OAuth 2.0 Authorization Endpoint
--pendingOptions-openid_configuration-end_session_endpoint string URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
--pendingOptions-openid_configuration-introspection_endpoint string The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
--pendingOptions-openid_configuration-issuer string OpenID Provider issuer
--pendingOptions-openid_configuration-jwks_uri string URL of the OP's JSON Web Key Set [JWK] document
--pendingOptions-openid_configuration-token_endpoint string OAuth 2.0 Token Endpoint
--pendingOptions-openid_configuration-userinfo_endpoint string URL of the OP's UserInfo Endpoint
--pendingOptions-realm string The realm identifier for the IdP.
--pendingOptions-scope string Scope which will be sent along with token requests to the IdP. Scopes should be space delimited. Will default to certain values depending on the IdP provider.
--pendingOptions-useClaimsFromIdToken If true, will use the claims from the ID token. By default it is set to true for ADFS and AzureAD.
--postLogoutRedirectUri string Direct the user on logout to a specific URI.
--protocol string The protocol to be used for communicating with the identity provider.
--provider string The identity provider to be used.
-q, --quiet Return only IDs from the command
--raw Return original response from server without any processing
--retry int Number of retries to do before failing, max 10
--skipVerify true If set to true, skips IdP verification process and assumes the IdP is verified.
--tenantIds strings The tenant identifiers that map to the given IdP.
Options inherited from parent commands
-c, --config string path/to/config.yml where parameters can be set instead of on the command line
--context string Name of the context used when connecting to Qlik Associative Engine
--headers stringToString HTTP headers to use when connecting to Qlik Associative Engine (default [])
--insecure Enabling insecure will make it possible to connect using self-signed certificates
--json Returns output in JSON format, if possible. Disables verbose and traffic output
-s, --server string URL to Qlik Cloud or directly to a Qlik Associative Engine
--server-type string The type of server you are using: cloud, Windows (Enterprise on Windows) or engine
-v, --verbose Log extra information