ONTAP 9.15.1 commands

security oauth2 client show

Display OAuth 2.0 Provider

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security oauth2 client show command displays the configured OAuth 2.0 Provider configuration.

Parameters

{ [-fields <fieldname>,…​]

This specifies the fields that need to be displayed.

| [-instance ] }

If this parameter is specified, the command displays information about all OAuth 2.0 configuration entries.

[-config-name <text>] - Configuration Entry Name

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified config-name.

[-application <OAuth 2.0 Applications>] - Application

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified application. Currently only the http application is supported.

[-issuer {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…​}] - OAuth 2.0 Issuer

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified issuer.

[-audience <text>] - OAuth 2.0 Audience

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified audience.

[-client-id <text>] - OAuth 2.0 Client ID

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified client-id.

[-hashed-client-secret <Hex String>] - Hashed representation of client secret

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified hashed-client-secret.

[-introspection-endpoint {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…​}] - OAuth 2.0 Token Introspection Endpoint Location

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified introspection-endpoint.

[-introspection-interval {P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W | disabled}] - OAuth 2.0 Token Introspection Refresh Interval in ISO-8601 format

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified introspection-interval.

[-remote-user-claim <text>] - OAuth 2.0 Remote User Claim

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified remote-user-claim.

[-provider-jwks-uri {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…​}] - OAuth 2.0 Provider JSON Web Key Set Location

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified provider-jwks-uri.

[-jwks-refresh-interval {P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W}] - OAuth 2.0 JSON Web Key Set Refresh Interval in ISO-8601 format

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified jwks-refresh-interval.

[-outgoing-proxy <text>] - OAuth 2.0 Outgoing Proxy To Access External IdPs

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified outgoing-proxy.

[-use-local-roles-if-present {true|false}] - Use Local Roles, If Present

If this parameter is specified, the command displays information only about the OAuth 2.0 configuration that match the specified use-local-roles-if-present.

[-use-mutual-tls {none|request|required}] - Mutual TLS enforcement

This is the Mutual TLS setting for the OAuth 2.0 configuration. When set to required , OAuth 2.0 mutual TLS authentication is enforced for all access tokens and any token that does not have x5t#S256 property in the cnf section is rejected. The default value is request when not set, which means OAuth 2.0 mutual TLS authentication is enforced only if the x5t#S256 property is present in the cnf section of the access token. This can be disabled by setting to value none .

Examples

The following example displays the OAuth 2.0 Provider configuration for Local Validation:

cluster1::> security oidc client show
                                Configuration Name: auth1
                                       Application: http
                          Issuer: https://issuer.example.com/
                                          Audience: -
                                         Client ID: -
                              Hashed Client Secret: -
                            Introspection Endpoint: -
                   Introspection Refresh Interval : -
                                   Use local roles: true
                Provider JSON Web Key Set Location: https://issuer.example.com/.well-known/jwks.json
                 JSON Web Key Set Refresh Interval: 1h
                                 Remote User Claim: preferred_username
                                    Outgoing Proxy: https://outgoing_proxy
                            Mutual TLS enforcement: request

The following example displays the OAuth 2.0 Provider configuration for Remote Introspection:

cluster1::> security oidc client show
                                Configuration Name: auth1
                                       Application: http
                                            Issuer: https://issuer.example.com/
                                          Audience: -
                                         Client ID: client_id
                              Hashed Client Secret: e194e3472ee55c4202582cfbf59a03a37ef27085d2baf1b2fd7f7da3973c56fa
                            Introspection Endpoint: -
                   Introspection Refresh Interval : 0s
                                   Use local roles: true
                Provider JSON Web Key Set Location: -
                 JSON Web Key Set Refresh Interval: -
                                 Remote User Claim: preferred_username
                                    Outgoing Proxy: https://outgoing_proxy
                            Mutual TLS enforcement: required
Top of Page