Class: MistApi::Sso

Inherits:

BaseModel

• Object
• CoreLibrary::BaseModel
• BaseModel
• MistApi::Sso

Defined in:

lib/mist_api/models/sso.rb

Overview

SSO

Instance Attribute Summary

• #created_time ⇒ Float

  When the object has been created, in epoch.

• #custom_logout_url ⇒ String

  If ‘idp_type`==`saml`, a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process).

• #default_role ⇒ String

  If ‘idp_type`==`saml`, default role to assign if there’s no match.

• #domain ⇒ String

  Random string generated during the SSO creation and used to generate the SAML URLs: * ACS URL = ‘/api/v1/saml/#domain/login` (e.g. `api.mist.com/api/v1/saml/s4t5vwv8/login`) * Single Logout URL = `/api/v1/saml/#domain/logout` (e.g. `api.mist.com/api/v1/saml/s4t5vwv8/logout`).

• #group_filter ⇒ String

  Required if ‘ldap_type`==`custom`, LDAP filter that will identify the type of group.

• #id ⇒ UUID | String

  Unique ID of the object instance in the Mist Organization.

• #idp_cert ⇒ String

  If ‘idp_type`==`saml`.

• #idp_sign_algo ⇒ SsoIdpSignAlgoEnum

  Required if ‘idp_type`==`saml`, Signing algorithm for SAML Assertion.

• #idp_sso_url ⇒ String

  Required if ‘idp_type`==`saml`, IDP Single-Sign-On URL.

• #idp_type ⇒ SsoIdpTypeEnum

  SSO IDP Type: * For Admin SSO, enum: ‘saml` * For NAC SSO, enum: `ldap`, `mxedge_proxy`, `oauth`, `openroaming`.

• #ignore_unmatched_roles ⇒ TrueClass | FalseClass

  If ‘idp_type`==`saml`, ignore any unmatched roles provided in assertion.

• #issuer ⇒ String

  If ‘idp_type`==`saml`.

• #ldap_base_dn ⇒ String

  Required if ‘idp_type`==`ldap`, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree.

• #ldap_bind_dn ⇒ String

  Required if ‘idp_type`==`ldap`, the account used to authenticate against the LDAP.

• #ldap_bind_password ⇒ String

  Required if ‘idp_type`==`ldap`, the password used to authenticate against the LDAP.

• #ldap_cacerts ⇒ Array[String]

  Required if ‘idp_type`==`ldap`, list of CA certificates to validate the LDAP certificate.

• #ldap_client_cert ⇒ String

  If ‘idp_type`==`ldap`, LDAPS Client certificate.

• #ldap_client_key ⇒ String

  If ‘idp_type`==`ldap`, Key for the `ldap_client_cert`.

• #ldap_group_attr ⇒ String

  If ‘ldap_type`==`custom`.

• #ldap_group_dn ⇒ String

  If ‘ldap_type`==`custom`.

• #ldap_resolve_groups ⇒ TrueClass | FalseClass

  If ‘idp_type`==`ldap`, whether to recursively resolve LDAP groups.

• #ldap_server_hosts ⇒ Array[String]

  If ‘idp_type`==`ldap`, list of LDAP/LDAPS server IP Addresses or Hostnames.

• #ldap_type ⇒ SsoLdapTypeEnum

  if ‘idp_type`==`ldap`.

• #ldap_user_filter ⇒ String

  Required if ‘ldap_type`==`custom`, LDAP filter that will identify the type of user.

• #member_filter ⇒ String

  Required if ‘ldap_type`==`custom`,LDAP filter that will identify the type of member.

• #modified_time ⇒ Float

  When the object has been modified for the last time, in epoch.

• #msp_id ⇒ UUID | String

  When the object has been modified for the last time, in epoch.

• #mxedge_proxy ⇒ SsoMxedgeProxy

  If ‘idp_type`==`mxedge_proxy`, this requires `mist_nac` to be enabled on the mxcluster.

• #name ⇒ String

  Name.

• #nameid_format ⇒ SsoNameidFormatEnum

  if ‘idp_type`==`saml`.

• #oauth_cc_client_id ⇒ String

  Required if ‘idp_type`==`oauth`, Client Credentials.

• #oauth_cc_client_secret ⇒ String

  Required if ‘idp_type`==`oauth`, oauth_cc_client_secret is RSA private key, of the form “—–BEGIN RSA PRIVATE KEY–.…”.

• #oauth_discovery_url ⇒ String

  If ‘idp_type`==`oauth`.

• #oauth_ping_identity_region ⇒ OauthPingIdentityRegionEnum

  enum: ‘us` (United States, default), `ca` (Canada), `eu` (Europe), `asia` (Asia), `au` (Australia).

• #oauth_provider_domain ⇒ OauthProviderDomainEnum

  If ‘oauth_type`==`okta`, specifies the region-specific OAuth provider domain.

• #oauth_ropc_client_id ⇒ String

  If ‘idp_type`==`oauth`, ropc = Resource Owner Password Credentials.

• #oauth_ropc_client_secret ⇒ String

  If ‘oauth_type`==`azure` or `oauth_type`==`azure-gov`.

• #oauth_tenant_id ⇒ String

  Required if ‘idp_type`==`oauth`, oauth_tenant_id.

• #oauth_type ⇒ SsoOauthTypeEnum

  if ‘idp_type`==`oauth`.

• #openroaming ⇒ SsoOpenroaming

  if ‘idp_type`==`openroaming`.

• #org_id ⇒ UUID | String

  if ‘idp_type`==`openroaming`.

• #role_attr_extraction ⇒ String

  If ‘idp_type`==`saml`, custom role attribute parsing scheme.

• #role_attr_from ⇒ String

  If ‘idp_type`==`saml`, name of the attribute in SAML Assertion to extract role from.

• #scim_enabled ⇒ TrueClass | FalseClass

  If ‘idp_type`==`oauth`, indicates if SCIM provisioning is enabled for the OAuth IDP.

• #scim_secret_token ⇒ String

  If ‘idp_type`==`oauth`, scim_secret_token (auto-generated when not provided by caller and `scim_enabled`==`true`, empty string when `scim_enabled`==`false`) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP.

• #site_id ⇒ UUID | String

  If ‘idp_type`==`oauth`, scim_secret_token (auto-generated when not provided by caller and `scim_enabled`==`true`, empty string when `scim_enabled`==`false`) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP.

Class Method Summary

• .from_hash(hash) ⇒ Object

  Creates an instance of the object from a hash.

• .names ⇒ Object

  A mapping from model property names to API property names.

• .nullables ⇒ Object

  An array for nullable fields.

• .optionals ⇒ Object

  An array for optional fields.

Instance Method Summary

• #initialize(name = nil, created_time = SKIP, custom_logout_url = SKIP, default_role = SKIP, domain = SKIP, group_filter = SKIP, id = SKIP, idp_cert = SKIP, idp_sign_algo = SKIP, idp_sso_url = SKIP, idp_type = SsoIdpTypeEnum::SAML, ignore_unmatched_roles = SKIP, issuer = SKIP, ldap_base_dn = SKIP, ldap_bind_dn = SKIP, ldap_bind_password = SKIP, ldap_cacerts = SKIP, ldap_client_cert = SKIP, ldap_client_key = SKIP, ldap_group_attr = 'memberOf', ldap_group_dn = 'base_dn', ldap_resolve_groups = false, ldap_server_hosts = SKIP, ldap_type = SsoLdapTypeEnum::AZURE, ldap_user_filter = SKIP, member_filter = SKIP, modified_time = SKIP, msp_id = SKIP, mxedge_proxy = SKIP, nameid_format = SsoNameidFormatEnum::EMAIL, oauth_cc_client_id = SKIP, oauth_cc_client_secret = SKIP, oauth_discovery_url = SKIP, oauth_ping_identity_region = OauthPingIdentityRegionEnum::US, oauth_provider_domain = OauthProviderDomainEnum::ENUM_OKTACOM, oauth_ropc_client_id = SKIP, oauth_ropc_client_secret = SKIP, oauth_tenant_id = SKIP, oauth_type = SsoOauthTypeEnum::AZURE, openroaming = SKIP, org_id = SKIP, role_attr_extraction = SKIP, role_attr_from = 'Role', scim_enabled = false, scim_secret_token = SKIP, site_id = SKIP, additional_properties = nil) ⇒ Sso constructor

  A new instance of Sso.

• #inspect ⇒ Object

  Provides a debugging-friendly string with detailed object information.

• #to_s ⇒ Object

  Provides a human-readable string representation of the object.

Methods inherited from BaseModel

#check_for_conflict, #process_additional_properties, #process_array, #process_basic_value, #process_hash, #to_hash, #to_json

Constructor Details

#initialize(name = nil, created_time = SKIP, custom_logout_url = SKIP, default_role = SKIP, domain = SKIP, group_filter = SKIP, id = SKIP, idp_cert = SKIP, idp_sign_algo = SKIP, idp_sso_url = SKIP, idp_type = SsoIdpTypeEnum::SAML, ignore_unmatched_roles = SKIP, issuer = SKIP, ldap_base_dn = SKIP, ldap_bind_dn = SKIP, ldap_bind_password = SKIP, ldap_cacerts = SKIP, ldap_client_cert = SKIP, ldap_client_key = SKIP, ldap_group_attr = 'memberOf', ldap_group_dn = 'base_dn', ldap_resolve_groups = false, ldap_server_hosts = SKIP, ldap_type = SsoLdapTypeEnum::AZURE, ldap_user_filter = SKIP, member_filter = SKIP, modified_time = SKIP, msp_id = SKIP, mxedge_proxy = SKIP, nameid_format = SsoNameidFormatEnum::EMAIL, oauth_cc_client_id = SKIP, oauth_cc_client_secret = SKIP, oauth_discovery_url = SKIP, oauth_ping_identity_region = OauthPingIdentityRegionEnum::US, oauth_provider_domain = OauthProviderDomainEnum::ENUM_OKTACOM, oauth_ropc_client_id = SKIP, oauth_ropc_client_secret = SKIP, oauth_tenant_id = SKIP, oauth_type = SsoOauthTypeEnum::AZURE, openroaming = SKIP, org_id = SKIP, role_attr_extraction = SKIP, role_attr_from = 'Role', scim_enabled = false, scim_secret_token = SKIP, site_id = SKIP, additional_properties = nil) ⇒ Sso

Returns a new instance of Sso.

# File 'lib/mist_api/models/sso.rb', line 347

def initialize(
  name = nil, created_time = SKIP, custom_logout_url = SKIP,
  default_role = SKIP, domain = SKIP, group_filter = SKIP, id = SKIP,
  idp_cert = SKIP, idp_sign_algo = SKIP, idp_sso_url = SKIP,
  idp_type = SsoIdpTypeEnum::SAML, ignore_unmatched_roles = SKIP,
  issuer = SKIP, ldap_base_dn = SKIP, ldap_bind_dn = SKIP,
  ldap_bind_password = SKIP, ldap_cacerts = SKIP, ldap_client_cert = SKIP,
  ldap_client_key = SKIP, ldap_group_attr = 'memberOf',
  ldap_group_dn = 'base_dn', ldap_resolve_groups = false,
  ldap_server_hosts = SKIP, ldap_type = SsoLdapTypeEnum::AZURE,
  ldap_user_filter = SKIP, member_filter = SKIP, modified_time = SKIP,
  msp_id = SKIP, mxedge_proxy = SKIP,
  nameid_format = SsoNameidFormatEnum::EMAIL, oauth_cc_client_id = SKIP,
  oauth_cc_client_secret = SKIP, oauth_discovery_url = SKIP,
  oauth_ping_identity_region = OauthPingIdentityRegionEnum::US,
  oauth_provider_domain = OauthProviderDomainEnum::ENUM_OKTACOM,
  oauth_ropc_client_id = SKIP, oauth_ropc_client_secret = SKIP,
  oauth_tenant_id = SKIP, oauth_type = SsoOauthTypeEnum::AZURE,
  openroaming = SKIP, org_id = SKIP, role_attr_extraction = SKIP,
  role_attr_from = 'Role', scim_enabled = false, scim_secret_token = SKIP,
  site_id = SKIP, additional_properties = nil
)
  # Add additional model properties to the instance
  additional_properties = {} if additional_properties.nil?

  @created_time = created_time unless created_time == SKIP
  @custom_logout_url = custom_logout_url unless custom_logout_url == SKIP
  @default_role = default_role unless default_role == SKIP
  @domain = domain unless domain == SKIP
  @group_filter = group_filter unless group_filter == SKIP
  @id = id unless id == SKIP
  @idp_cert = idp_cert unless idp_cert == SKIP
  @idp_sign_algo = idp_sign_algo unless idp_sign_algo == SKIP
  @idp_sso_url = idp_sso_url unless idp_sso_url == SKIP
  @idp_type = idp_type unless idp_type == SKIP
  @ignore_unmatched_roles = ignore_unmatched_roles unless ignore_unmatched_roles == SKIP
  @issuer = issuer unless issuer == SKIP
  @ldap_base_dn = ldap_base_dn unless ldap_base_dn == SKIP
  @ldap_bind_dn = ldap_bind_dn unless ldap_bind_dn == SKIP
  @ldap_bind_password = ldap_bind_password unless ldap_bind_password == SKIP
  @ldap_cacerts = ldap_cacerts unless ldap_cacerts == SKIP
  @ldap_client_cert = ldap_client_cert unless ldap_client_cert == SKIP
  @ldap_client_key = ldap_client_key unless ldap_client_key == SKIP
  @ldap_group_attr = ldap_group_attr unless ldap_group_attr == SKIP
  @ldap_group_dn = ldap_group_dn unless ldap_group_dn == SKIP
  @ldap_resolve_groups = ldap_resolve_groups unless ldap_resolve_groups == SKIP
  @ldap_server_hosts = ldap_server_hosts unless ldap_server_hosts == SKIP
  @ldap_type = ldap_type unless ldap_type == SKIP
  @ldap_user_filter = ldap_user_filter unless ldap_user_filter == SKIP
  @member_filter = member_filter unless member_filter == SKIP
  @modified_time = modified_time unless modified_time == SKIP
  @msp_id = msp_id unless msp_id == SKIP
  @mxedge_proxy = mxedge_proxy unless mxedge_proxy == SKIP
  @name = name
  @nameid_format = nameid_format unless nameid_format == SKIP
  @oauth_cc_client_id = oauth_cc_client_id unless oauth_cc_client_id == SKIP
  @oauth_cc_client_secret = oauth_cc_client_secret unless oauth_cc_client_secret == SKIP
  @oauth_discovery_url = oauth_discovery_url unless oauth_discovery_url == SKIP
  unless oauth_ping_identity_region == SKIP
    @oauth_ping_identity_region =
      oauth_ping_identity_region
  end
  @oauth_provider_domain = oauth_provider_domain unless oauth_provider_domain == SKIP
  @oauth_ropc_client_id = oauth_ropc_client_id unless oauth_ropc_client_id == SKIP
  @oauth_ropc_client_secret = oauth_ropc_client_secret unless oauth_ropc_client_secret == SKIP
  @oauth_tenant_id = oauth_tenant_id unless oauth_tenant_id == SKIP
  @oauth_type = oauth_type unless oauth_type == SKIP
  @openroaming = openroaming unless openroaming == SKIP
  @org_id = org_id unless org_id == SKIP
  @role_attr_extraction = role_attr_extraction unless role_attr_extraction == SKIP
  @role_attr_from = role_attr_from unless role_attr_from == SKIP
  @scim_enabled = scim_enabled unless scim_enabled == SKIP
  @scim_secret_token = scim_secret_token unless scim_secret_token == SKIP
  @site_id = site_id unless site_id == SKIP
  @additional_properties = additional_properties
end

Instance Attribute Details

#created_time ⇒ Float

When the object has been created, in epoch

Returns:

• (Float)

# File 'lib/mist_api/models/sso.rb', line 14

def created_time
  @created_time
end

#custom_logout_url ⇒ String

If ‘idp_type`==`saml`, a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 20

def custom_logout_url
  @custom_logout_url
end

#default_role ⇒ String

If ‘idp_type`==`saml`, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 25

def default_role
  @default_role
end

#domain ⇒ String

Random string generated during the SSO creation and used to generate the SAML URLs:

* ACS URL = `/api/v1/saml/{domain}/login` (e.g.

‘api.mist.com/api/v1/saml/s4t5vwv8/login`)

* Single Logout URL = `/api/v1/saml/{domain}/logout` (e.g.

‘api.mist.com/api/v1/saml/s4t5vwv8/logout`)

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 34

def domain
  @domain
end

#group_filter ⇒ String

Required if ‘ldap_type`==`custom`, LDAP filter that will identify the type of group

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 39

def group_filter
  @group_filter
end

#id ⇒ UUID | String

Unique ID of the object instance in the Mist Organization

Returns:

• (UUID | String)

# File 'lib/mist_api/models/sso.rb', line 43

def id
  @id
end

#idp_cert ⇒ String

If ‘idp_type`==`saml`. IDP Cert (used to verify the signed response)

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 47

def idp_cert
  @idp_cert
end

#idp_sign_algo ⇒ SsoIdpSignAlgoEnum

Required if ‘idp_type`==`saml`, Signing algorithm for SAML Assertion. enum: `sha1`, `sha256`, `sha384`, `sha512`

Returns:

• (SsoIdpSignAlgoEnum)

# File 'lib/mist_api/models/sso.rb', line 52

def idp_sign_algo
  @idp_sign_algo
end

#idp_sso_url ⇒ String

Required if ‘idp_type`==`saml`, IDP Single-Sign-On URL

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 56

def idp_sso_url
  @idp_sso_url
end

#idp_type ⇒ SsoIdpTypeEnum

SSO IDP Type:

* For Admin SSO, enum: `saml`
* For NAC SSO, enum: `ldap`, `mxedge_proxy`, `oauth`, `openroaming`

Returns:

• (SsoIdpTypeEnum)

# File 'lib/mist_api/models/sso.rb', line 62

def idp_type
  @idp_type
end

#ignore_unmatched_roles ⇒ TrueClass | FalseClass

If ‘idp_type`==`saml`, ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role

Returns:

• (TrueClass | FalseClass)

# File 'lib/mist_api/models/sso.rb', line 67

def ignore_unmatched_roles
  @ignore_unmatched_roles
end

#issuer ⇒ String

If ‘idp_type`==`saml`. IDP issuer URL

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 71

def issuer
  @issuer
end

#ldap_base_dn ⇒ String

Required if ‘idp_type`==`ldap`, whole domain or a specific organization unit (container) in Search base to specify where users and groups are found in the LDAP tree

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 77

def ldap_base_dn
  @ldap_base_dn
end

#ldap_bind_dn ⇒ String

Required if ‘idp_type`==`ldap`, the account used to authenticate against the LDAP

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 82

def ldap_bind_dn
  @ldap_bind_dn
end

#ldap_bind_password ⇒ String

Required if ‘idp_type`==`ldap`, the password used to authenticate against the LDAP

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 87

def ldap_bind_password
  @ldap_bind_password
end

#ldap_cacerts ⇒ Array[String]

Required if ‘idp_type`==`ldap`, list of CA certificates to validate the LDAP certificate

Returns:

• (Array[String])

# File 'lib/mist_api/models/sso.rb', line 92

def ldap_cacerts
  @ldap_cacerts
end

#ldap_client_cert ⇒ String

If ‘idp_type`==`ldap`, LDAPS Client certificate

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 96

def ldap_client_cert
  @ldap_client_cert
end

#ldap_client_key ⇒ String

If ‘idp_type`==`ldap`, Key for the `ldap_client_cert`

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 100

def ldap_client_key
  @ldap_client_key
end

#ldap_group_attr ⇒ String

If ‘ldap_type`==`custom`

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 104

def ldap_group_attr
  @ldap_group_attr
end

#ldap_group_dn ⇒ String

If ‘ldap_type`==`custom`

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 108

def ldap_group_dn
  @ldap_group_dn
end

#ldap_resolve_groups ⇒ TrueClass | FalseClass

If ‘idp_type`==`ldap`, whether to recursively resolve LDAP groups

Returns:

• (TrueClass | FalseClass)

# File 'lib/mist_api/models/sso.rb', line 112

def ldap_resolve_groups
  @ldap_resolve_groups
end

#ldap_server_hosts ⇒ Array[String]

If ‘idp_type`==`ldap`, list of LDAP/LDAPS server IP Addresses or Hostnames

Returns:

• (Array[String])

# File 'lib/mist_api/models/sso.rb', line 116

def ldap_server_hosts
  @ldap_server_hosts
end

#ldap_type ⇒ SsoLdapTypeEnum

if ‘idp_type`==`ldap`. enum: `azure`, `custom`, `google`, `okta`, `ping_identity`

Returns:

• (SsoLdapTypeEnum)

# File 'lib/mist_api/models/sso.rb', line 121

def ldap_type
  @ldap_type
end

#ldap_user_filter ⇒ String

Required if ‘ldap_type`==`custom`, LDAP filter that will identify the type of user

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 126

def ldap_user_filter
  @ldap_user_filter
end

#member_filter ⇒ String

Required if ‘ldap_type`==`custom`,LDAP filter that will identify the type of member

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 131

def member_filter
  @member_filter
end

#modified_time ⇒ Float

When the object has been modified for the last time, in epoch

Returns:

• (Float)

# File 'lib/mist_api/models/sso.rb', line 135

def modified_time
  @modified_time
end

#msp_id ⇒ UUID | String

When the object has been modified for the last time, in epoch

Returns:

• (UUID | String)

# File 'lib/mist_api/models/sso.rb', line 139

def msp_id
  @msp_id
end

#mxedge_proxy ⇒ SsoMxedgeProxy

If ‘idp_type`==`mxedge_proxy`, this requires `mist_nac` to be enabled on the mxcluster

Returns:

• (SsoMxedgeProxy)

# File 'lib/mist_api/models/sso.rb', line 144

def mxedge_proxy
  @mxedge_proxy
end

#name ⇒ String

Name

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 148

def name
  @name
end

#nameid_format ⇒ SsoNameidFormatEnum

if ‘idp_type`==`saml`. enum: `email`, `unspecified`

Returns:

• (SsoNameidFormatEnum)

# File 'lib/mist_api/models/sso.rb', line 152

def nameid_format
  @nameid_format
end

#oauth_cc_client_id ⇒ String

Required if ‘idp_type`==`oauth`, Client Credentials

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 156

def oauth_cc_client_id
  @oauth_cc_client_id
end

#oauth_cc_client_secret ⇒ String

Required if ‘idp_type`==`oauth`, oauth_cc_client_secret is RSA private key, of the form “—–BEGIN RSA PRIVATE KEY–.…”

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 161

def oauth_cc_client_secret
  @oauth_cc_client_secret
end

#oauth_discovery_url ⇒ String

If ‘idp_type`==`oauth`

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 165

def oauth_discovery_url
  @oauth_discovery_url
end

#oauth_ping_identity_region ⇒ OauthPingIdentityRegionEnum

enum: ‘us` (United States, default), `ca` (Canada), `eu` (Europe), `asia` (Asia), `au` (Australia)

Returns:

• (OauthPingIdentityRegionEnum)

# File 'lib/mist_api/models/sso.rb', line 170

def oauth_ping_identity_region
  @oauth_ping_identity_region
end

#oauth_provider_domain ⇒ OauthProviderDomainEnum

If ‘oauth_type`==`okta`, specifies the region-specific OAuth provider domain. enum: `okta.com`, `oktapreview.com`, `okta-emea.com`, `okta-gov.com`, `okta.mil`, `mtls.okta.com`

Returns:

• (OauthProviderDomainEnum)

# File 'lib/mist_api/models/sso.rb', line 176

def oauth_provider_domain
  @oauth_provider_domain
end

#oauth_ropc_client_id ⇒ String

If ‘idp_type`==`oauth`, ropc = Resource Owner Password Credentials

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 180

def oauth_ropc_client_id
  @oauth_ropc_client_id
end

#oauth_ropc_client_secret ⇒ String

If ‘oauth_type`==`azure` or `oauth_type`==`azure-gov`. oauth_ropc_client_secret can be empty

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 185

def oauth_ropc_client_secret
  @oauth_ropc_client_secret
end

#oauth_tenant_id ⇒ String

Required if ‘idp_type`==`oauth`, oauth_tenant_id

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 189

def oauth_tenant_id
  @oauth_tenant_id
end

#oauth_type ⇒ SsoOauthTypeEnum

if ‘idp_type`==`oauth`. enum: `azure`, `azure-gov`, `okta`, `ping_identity`

Returns:

• (SsoOauthTypeEnum)

# File 'lib/mist_api/models/sso.rb', line 194

def oauth_type
  @oauth_type
end

#openroaming ⇒ SsoOpenroaming

if ‘idp_type`==`openroaming`

Returns:

• (SsoOpenroaming)

# File 'lib/mist_api/models/sso.rb', line 198

def openroaming
  @openroaming
end

#org_id ⇒ UUID | String

if ‘idp_type`==`openroaming`

Returns:

• (UUID | String)

# File 'lib/mist_api/models/sso.rb', line 202

def org_id
  @org_id
end

#role_attr_extraction ⇒ String

If ‘idp_type`==`saml`, custom role attribute parsing scheme. Supported Role Parsing Schemes <table><tr><th>Name</th><th>Scheme</th></tr><tr><td>`cn`</td><td><ul><li>T he expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”</li><li>CN (the key) is case-insensitive and exactly 1 CN is expected (or the entire entry will be ignored)</li></ul>E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”</td></tr></table>

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 213

def role_attr_extraction
  @role_attr_extraction
end

#role_attr_from ⇒ String

If ‘idp_type`==`saml`, name of the attribute in SAML Assertion to extract role from

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 218

def role_attr_from
  @role_attr_from
end

#scim_enabled ⇒ TrueClass | FalseClass

If ‘idp_type`==`oauth`, indicates if SCIM provisioning is enabled for the OAuth IDP

Returns:

• (TrueClass | FalseClass)

# File 'lib/mist_api/models/sso.rb', line 223

def scim_enabled
  @scim_enabled
end

#scim_secret_token ⇒ String

If ‘idp_type`==`oauth`, scim_secret_token (auto-generated when not provided by caller and `scim_enabled`==`true`, empty string when `scim_enabled`==`false`) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP

Returns:

• (String)

# File 'lib/mist_api/models/sso.rb', line 230

def scim_secret_token
  @scim_secret_token
end

#site_id ⇒ UUID | String

If ‘idp_type`==`oauth`, scim_secret_token (auto-generated when not provided by caller and `scim_enabled`==`true`, empty string when `scim_enabled`==`false`) is used as the Bearer token in the Authorization header of SCIM provisioning requests by the IDP

Returns:

• (UUID | String)

# File 'lib/mist_api/models/sso.rb', line 237

def site_id
  @site_id
end

Class Method Details

.from_hash(hash) ⇒ Object

Creates an instance of the object from a hash.

# File 'lib/mist_api/models/sso.rb', line 425

def self.from_hash(hash)
  return nil unless hash

  # Extract variables from the hash.
  name = hash.key?('name') ? hash['name'] : nil
  created_time = hash.key?('created_time') ? hash['created_time'] : SKIP
  custom_logout_url =
    hash.key?('custom_logout_url') ? hash['custom_logout_url'] : SKIP
  default_role = hash.key?('default_role') ? hash['default_role'] : SKIP
  domain = hash.key?('domain') ? hash['domain'] : SKIP
  group_filter = hash.key?('group_filter') ? hash['group_filter'] : SKIP
  id = hash.key?('id') ? hash['id'] : SKIP
  idp_cert = hash.key?('idp_cert') ? hash['idp_cert'] : SKIP
  idp_sign_algo = hash.key?('idp_sign_algo') ? hash['idp_sign_algo'] : SKIP
  idp_sso_url = hash.key?('idp_sso_url') ? hash['idp_sso_url'] : SKIP
  idp_type = hash['idp_type'] ||= SsoIdpTypeEnum::SAML
  ignore_unmatched_roles =
    hash.key?('ignore_unmatched_roles') ? hash['ignore_unmatched_roles'] : SKIP
  issuer = hash.key?('issuer') ? hash['issuer'] : SKIP
  ldap_base_dn = hash.key?('ldap_base_dn') ? hash['ldap_base_dn'] : SKIP
  ldap_bind_dn = hash.key?('ldap_bind_dn') ? hash['ldap_bind_dn'] : SKIP
  ldap_bind_password =
    hash.key?('ldap_bind_password') ? hash['ldap_bind_password'] : SKIP
  ldap_cacerts = hash.key?('ldap_cacerts') ? hash['ldap_cacerts'] : SKIP
  ldap_client_cert =
    hash.key?('ldap_client_cert') ? hash['ldap_client_cert'] : SKIP
  ldap_client_key =
    hash.key?('ldap_client_key') ? hash['ldap_client_key'] : SKIP
  ldap_group_attr = hash['ldap_group_attr'] ||= 'memberOf'
  ldap_group_dn = hash['ldap_group_dn'] ||= 'base_dn'
  ldap_resolve_groups = hash['ldap_resolve_groups'] ||= false
  ldap_server_hosts =
    hash.key?('ldap_server_hosts') ? hash['ldap_server_hosts'] : SKIP
  ldap_type = hash['ldap_type'] ||= SsoLdapTypeEnum::AZURE
  ldap_user_filter =
    hash.key?('ldap_user_filter') ? hash['ldap_user_filter'] : SKIP
  member_filter = hash.key?('member_filter') ? hash['member_filter'] : SKIP
  modified_time = hash.key?('modified_time') ? hash['modified_time'] : SKIP
  msp_id = hash.key?('msp_id') ? hash['msp_id'] : SKIP
  mxedge_proxy = SsoMxedgeProxy.from_hash(hash['mxedge_proxy']) if hash['mxedge_proxy']
  nameid_format = hash['nameid_format'] ||= SsoNameidFormatEnum::EMAIL
  oauth_cc_client_id =
    hash.key?('oauth_cc_client_id') ? hash['oauth_cc_client_id'] : SKIP
  oauth_cc_client_secret =
    hash.key?('oauth_cc_client_secret') ? hash['oauth_cc_client_secret'] : SKIP
  oauth_discovery_url =
    hash.key?('oauth_discovery_url') ? hash['oauth_discovery_url'] : SKIP
  oauth_ping_identity_region =
    hash['oauth_ping_identity_region'] ||= OauthPingIdentityRegionEnum::US
  oauth_provider_domain =
    hash['oauth_provider_domain'] ||= OauthProviderDomainEnum::ENUM_OKTACOM
  oauth_ropc_client_id =
    hash.key?('oauth_ropc_client_id') ? hash['oauth_ropc_client_id'] : SKIP
  oauth_ropc_client_secret =
    hash.key?('oauth_ropc_client_secret') ? hash['oauth_ropc_client_secret'] : SKIP
  oauth_tenant_id =
    hash.key?('oauth_tenant_id') ? hash['oauth_tenant_id'] : SKIP
  oauth_type = hash['oauth_type'] ||= SsoOauthTypeEnum::AZURE
  openroaming = SsoOpenroaming.from_hash(hash['openroaming']) if hash['openroaming']
  org_id = hash.key?('org_id') ? hash['org_id'] : SKIP
  role_attr_extraction =
    hash.key?('role_attr_extraction') ? hash['role_attr_extraction'] : SKIP
  role_attr_from = hash['role_attr_from'] ||= 'Role'
  scim_enabled = hash['scim_enabled'] ||= false
  scim_secret_token =
    hash.key?('scim_secret_token') ? hash['scim_secret_token'] : SKIP
  site_id = hash.key?('site_id') ? hash['site_id'] : SKIP

  # Create a new hash for additional properties, removing known properties.
  new_hash = hash.reject { |k, _| names.value?(k) }

  additional_properties = APIHelper.get_additional_properties(
    new_hash, proc { |value| value }
  )

  # Create object from extracted values.
  Sso.new(name,
          created_time,
          custom_logout_url,
          default_role,
          domain,
          group_filter,
          id,
          idp_cert,
          idp_sign_algo,
          idp_sso_url,
          idp_type,
          ignore_unmatched_roles,
          issuer,
          ldap_base_dn,
          ldap_bind_dn,
          ldap_bind_password,
          ldap_cacerts,
          ldap_client_cert,
          ldap_client_key,
          ldap_group_attr,
          ldap_group_dn,
          ldap_resolve_groups,
          ldap_server_hosts,
          ldap_type,
          ldap_user_filter,
          member_filter,
          modified_time,
          msp_id,
          mxedge_proxy,
          nameid_format,
          oauth_cc_client_id,
          oauth_cc_client_secret,
          oauth_discovery_url,
          oauth_ping_identity_region,
          oauth_provider_domain,
          oauth_ropc_client_id,
          oauth_ropc_client_secret,
          oauth_tenant_id,
          oauth_type,
          openroaming,
          org_id,
          role_attr_extraction,
          role_attr_from,
          scim_enabled,
          scim_secret_token,
          site_id,
          additional_properties)
end

.names ⇒ Object

A mapping from model property names to API property names.

# File 'lib/mist_api/models/sso.rb', line 240

def self.names
  @_hash = {} if @_hash.nil?
  @_hash['created_time'] = 'created_time'
  @_hash['custom_logout_url'] = 'custom_logout_url'
  @_hash['default_role'] = 'default_role'
  @_hash['domain'] = 'domain'
  @_hash['group_filter'] = 'group_filter'
  @_hash['id'] = 'id'
  @_hash['idp_cert'] = 'idp_cert'
  @_hash['idp_sign_algo'] = 'idp_sign_algo'
  @_hash['idp_sso_url'] = 'idp_sso_url'
  @_hash['idp_type'] = 'idp_type'
  @_hash['ignore_unmatched_roles'] = 'ignore_unmatched_roles'
  @_hash['issuer'] = 'issuer'
  @_hash['ldap_base_dn'] = 'ldap_base_dn'
  @_hash['ldap_bind_dn'] = 'ldap_bind_dn'
  @_hash['ldap_bind_password'] = 'ldap_bind_password'
  @_hash['ldap_cacerts'] = 'ldap_cacerts'
  @_hash['ldap_client_cert'] = 'ldap_client_cert'
  @_hash['ldap_client_key'] = 'ldap_client_key'
  @_hash['ldap_group_attr'] = 'ldap_group_attr'
  @_hash['ldap_group_dn'] = 'ldap_group_dn'
  @_hash['ldap_resolve_groups'] = 'ldap_resolve_groups'
  @_hash['ldap_server_hosts'] = 'ldap_server_hosts'
  @_hash['ldap_type'] = 'ldap_type'
  @_hash['ldap_user_filter'] = 'ldap_user_filter'
  @_hash['member_filter'] = 'member_filter'
  @_hash['modified_time'] = 'modified_time'
  @_hash['msp_id'] = 'msp_id'
  @_hash['mxedge_proxy'] = 'mxedge_proxy'
  @_hash['name'] = 'name'
  @_hash['nameid_format'] = 'nameid_format'
  @_hash['oauth_cc_client_id'] = 'oauth_cc_client_id'
  @_hash['oauth_cc_client_secret'] = 'oauth_cc_client_secret'
  @_hash['oauth_discovery_url'] = 'oauth_discovery_url'
  @_hash['oauth_ping_identity_region'] = 'oauth_ping_identity_region'
  @_hash['oauth_provider_domain'] = 'oauth_provider_domain'
  @_hash['oauth_ropc_client_id'] = 'oauth_ropc_client_id'
  @_hash['oauth_ropc_client_secret'] = 'oauth_ropc_client_secret'
  @_hash['oauth_tenant_id'] = 'oauth_tenant_id'
  @_hash['oauth_type'] = 'oauth_type'
  @_hash['openroaming'] = 'openroaming'
  @_hash['org_id'] = 'org_id'
  @_hash['role_attr_extraction'] = 'role_attr_extraction'
  @_hash['role_attr_from'] = 'role_attr_from'
  @_hash['scim_enabled'] = 'scim_enabled'
  @_hash['scim_secret_token'] = 'scim_secret_token'
  @_hash['site_id'] = 'site_id'
  @_hash
end

.nullables ⇒ Object

An array for nullable fields

# File 'lib/mist_api/models/sso.rb', line 343

def self.nullables
  []
end

.optionals ⇒ Object

An array for optional fields

# File 'lib/mist_api/models/sso.rb', line 292

def self.optionals
  %w[
    created_time
    custom_logout_url
    default_role
    domain
    group_filter
    id
    idp_cert
    idp_sign_algo
    idp_sso_url
    idp_type
    ignore_unmatched_roles
    issuer
    ldap_base_dn
    ldap_bind_dn
    ldap_bind_password
    ldap_cacerts
    ldap_client_cert
    ldap_client_key
    ldap_group_attr
    ldap_group_dn
    ldap_resolve_groups
    ldap_server_hosts
    ldap_type
    ldap_user_filter
    member_filter
    modified_time
    msp_id
    mxedge_proxy
    nameid_format
    oauth_cc_client_id
    oauth_cc_client_secret
    oauth_discovery_url
    oauth_ping_identity_region
    oauth_provider_domain
    oauth_ropc_client_id
    oauth_ropc_client_secret
    oauth_tenant_id
    oauth_type
    openroaming
    org_id
    role_attr_extraction
    role_attr_from
    scim_enabled
    scim_secret_token
    site_id
  ]
end

Instance Method Details

#inspect ⇒ Object

Provides a debugging-friendly string with detailed object information.

# File 'lib/mist_api/models/sso.rb', line 578

def inspect
  class_name = self.class.name.split('::').last
  "<#{class_name} created_time: #{@created_time.inspect}, custom_logout_url:"\
  " #{@custom_logout_url.inspect}, default_role: #{@default_role.inspect}, domain:"\
  " #{@domain.inspect}, group_filter: #{@group_filter.inspect}, id: #{@id.inspect}, idp_cert:"\
  " #{@idp_cert.inspect}, idp_sign_algo: #{@idp_sign_algo.inspect}, idp_sso_url:"\
  " #{@idp_sso_url.inspect}, idp_type: #{@idp_type.inspect}, ignore_unmatched_roles:"\
  " #{@ignore_unmatched_roles.inspect}, issuer: #{@issuer.inspect}, ldap_base_dn:"\
  " #{@ldap_base_dn.inspect}, ldap_bind_dn: #{@ldap_bind_dn.inspect}, ldap_bind_password:"\
  " #{@ldap_bind_password.inspect}, ldap_cacerts: #{@ldap_cacerts.inspect}, ldap_client_cert:"\
  " #{@ldap_client_cert.inspect}, ldap_client_key: #{@ldap_client_key.inspect},"\
  " ldap_group_attr: #{@ldap_group_attr.inspect}, ldap_group_dn: #{@ldap_group_dn.inspect},"\
  " ldap_resolve_groups: #{@ldap_resolve_groups.inspect}, ldap_server_hosts:"\
  " #{@ldap_server_hosts.inspect}, ldap_type: #{@ldap_type.inspect}, ldap_user_filter:"\
  " #{@ldap_user_filter.inspect}, member_filter: #{@member_filter.inspect}, modified_time:"\
  " #{@modified_time.inspect}, msp_id: #{@msp_id.inspect}, mxedge_proxy:"\
  " #{@mxedge_proxy.inspect}, name: #{@name.inspect}, nameid_format:"\
  " #{@nameid_format.inspect}, oauth_cc_client_id: #{@oauth_cc_client_id.inspect},"\
  " oauth_cc_client_secret: #{@oauth_cc_client_secret.inspect}, oauth_discovery_url:"\
  " #{@oauth_discovery_url.inspect}, oauth_ping_identity_region:"\
  " #{@oauth_ping_identity_region.inspect}, oauth_provider_domain:"\
  " #{@oauth_provider_domain.inspect}, oauth_ropc_client_id: #{@oauth_ropc_client_id.inspect},"\
  " oauth_ropc_client_secret: #{@oauth_ropc_client_secret.inspect}, oauth_tenant_id:"\
  " #{@oauth_tenant_id.inspect}, oauth_type: #{@oauth_type.inspect}, openroaming:"\
  " #{@openroaming.inspect}, org_id: #{@org_id.inspect}, role_attr_extraction:"\
  " #{@role_attr_extraction.inspect}, role_attr_from: #{@role_attr_from.inspect},"\
  " scim_enabled: #{@scim_enabled.inspect}, scim_secret_token: #{@scim_secret_token.inspect},"\
  " site_id: #{@site_id.inspect}, additional_properties: #{@additional_properties}>"
end

#to_s ⇒ Object

Provides a human-readable string representation of the object.

# File 'lib/mist_api/models/sso.rb', line 551

def to_s
  class_name = self.class.name.split('::').last
  "<#{class_name} created_time: #{@created_time}, custom_logout_url: #{@custom_logout_url},"\
  " default_role: #{@default_role}, domain: #{@domain}, group_filter: #{@group_filter}, id:"\
  " #{@id}, idp_cert: #{@idp_cert}, idp_sign_algo: #{@idp_sign_algo}, idp_sso_url:"\
  " #{@idp_sso_url}, idp_type: #{@idp_type}, ignore_unmatched_roles:"\
  " #{@ignore_unmatched_roles}, issuer: #{@issuer}, ldap_base_dn: #{@ldap_base_dn},"\
  " ldap_bind_dn: #{@ldap_bind_dn}, ldap_bind_password: #{@ldap_bind_password}, ldap_cacerts:"\
  " #{@ldap_cacerts}, ldap_client_cert: #{@ldap_client_cert}, ldap_client_key:"\
  " #{@ldap_client_key}, ldap_group_attr: #{@ldap_group_attr}, ldap_group_dn:"\
  " #{@ldap_group_dn}, ldap_resolve_groups: #{@ldap_resolve_groups}, ldap_server_hosts:"\
  " #{@ldap_server_hosts}, ldap_type: #{@ldap_type}, ldap_user_filter: #{@ldap_user_filter},"\
  " member_filter: #{@member_filter}, modified_time: #{@modified_time}, msp_id: #{@msp_id},"\
  " mxedge_proxy: #{@mxedge_proxy}, name: #{@name}, nameid_format: #{@nameid_format},"\
  " oauth_cc_client_id: #{@oauth_cc_client_id}, oauth_cc_client_secret:"\
  " #{@oauth_cc_client_secret}, oauth_discovery_url: #{@oauth_discovery_url},"\
  " oauth_ping_identity_region: #{@oauth_ping_identity_region}, oauth_provider_domain:"\
  " #{@oauth_provider_domain}, oauth_ropc_client_id: #{@oauth_ropc_client_id},"\
  " oauth_ropc_client_secret: #{@oauth_ropc_client_secret}, oauth_tenant_id:"\
  " #{@oauth_tenant_id}, oauth_type: #{@oauth_type}, openroaming: #{@openroaming}, org_id:"\
  " #{@org_id}, role_attr_extraction: #{@role_attr_extraction}, role_attr_from:"\
  " #{@role_attr_from}, scim_enabled: #{@scim_enabled}, scim_secret_token:"\
  " #{@scim_secret_token}, site_id: #{@site_id}, additional_properties:"\
  " #{@additional_properties}>"
end