update-oidc-provider
Updates the configuration of an OpenID Connect provider.
[-c value | --configuration=value]
[-b value | --bootstrap-config=value]
<-n value | --provider-name=value>
[--enabled=<true|false>]
[--discovery-url=value]
[--client-id=value]
[--client-secret=value]
[--domain-option=value]
[--domain-name=value]
[--username-claim=value]
[--display-name-claim=value]
[--email-claim=value]
[--domain-claim=value]
[--id-token-signing-alg=value]
[--id-token-signature-verification-disabled=<true|false>]
[--token-endpoint-auth-method=value]
{-Svalue}
[--auth-request-prompt-value=value]
[--clear-custom-params]
{-Pkey=value}
[--bg-color=value]Overview
Use this command to update an existing OpenID Connect provider
configuration. For example, can be used after the
register-oidc-client command in a script.
Options
| Option | Optional or Required | Default Value | Description |
|---|---|---|---|
|
Optional | configuration.xml | The path to the server configuration file. |
|
Optional | none | The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file. |
|
Required | none | The name of the provider to update. Normally displayed to end users on the login page. |
|
Optional | none | Specifies whether the provider should be enabled.. |
|
Optional | none | The URL to the provider's OpenID Connect Discovery document. |
|
Optional | none | The client ID given by the provider during registration. |
|
Optional | none | The client secret given by the provider during registration. |
|
Optional | none | The way the domain of authenticated users
is established. Can be one of the following.
|
|
This argument is optional unless the value
of the
--provider-domain-option is
use_static_domain.
|
none | The domain name which to assign the authenticated users to. |
|
Optional | none | The name of the claim to use as username
for the authenticated users. Can be
email, for example. The name of the claim is
case sensitive.
Note: Only
sub is guaranteed to be a unique and stable
identifier.
|
|
Optional | none | The name of the claim to use as the display name for the authenticated users. The name of the claim is case sensitive. |
|
Optional | none | The name of the claim to use as email address for the authenticated users. The name of the claim is case sensitive. |
|
Optional | none | The name of the claim to use as domain name for the authenticated users. The name of the claim is case sensitive. |
|
Optional | none | The ID token signature algorithm to expect. |
|
Optional | none | Indicates that signature verification of ID tokens should be disabled. This should normally only be specified if the provider does not sign the ID tokens. |
|
Optional | none | The authentication method to use when
communicating with the provider's Token Endpoint. Can be one of the following.
private_key_jwt is not supported.
|
|
Optional | none | A scope to include in the authentication
request (besides
openid; that is always included). This
argument can be specified multiple times with different values.
|
|
Optional | none | The value to give the
prompt request parameter when making the
authentication request. Controls how the provider prompts the end user. May be
one of the following.
|
|
Optional | none | Custom parameters are cleared from the
provider configuration. This flag can be used together with the
-Pkey flag to remove all old custom parameters
before adding the new.
|
|
Optional | none | A custom parameter included in the
authentication request. Must not be any of the parameters controlled through
other settings (such as
scope or
prompt). Can be specified multiple times with
different keys.
|
|
Optional | none | The background color of the provider's button on the login page (when applicable), as a hexadecimal color value. |