lbcli create idp-client-configuration
Creates a new IdP client configuration.
Synopsis
This is step two of a three-step operation, mapping an identity provider (IdP) to a Lightbits authorization engine scope and role.
The required steps for using IdP are:
- Step 1: Create an idp-configuration, configuring an IdP cluster to work with.
- Step 2: Create an idp-client-configuration, specifying the app/user mode of operation for a specific client.
- Step 3: Create an auth-map-entry, mapping the identifier (client ID or group information) to a Lightbits scope/role.
lbcli create idp-client-configuration [flags]Examples:
lbcli -J $JWT create idp-client-configuration --name client-users --client-id 819d735c-8d9b-4936-9fc1-0eecafbd00bd --idp-configuration-name idp1 --authz-mode user --claim-name grouplbcli -J $JWT create idp-client-configuration --name monitoring-service-client --client-id 037d735c-5d9b-4976-9fc1-11e5a9bd00bd --idp-configuration-name idp1 --authz-mode applbcli -J $JWT create idp-client-configuration --name client-converge --client-id NOT_APPLICABLE --idp-configuration-name idp1 --authz-mode converge --claim-name group| Flag | Short | Type | Default | Description |
|---|---|---|---|---|
| --help | -h | bool | Help for idp-client-configuration. | |
| --name | string | The IdP client configuration name (required). | ||
| --authz-mode | string | Authentication mode, user or app or converge (required). | ||
| --client-id | string | The IdP client ID (required). | ||
| --idp-configuration-name | string | The name of the corresponding idp-configuration (required). | ||
| --claim-name | string | The name of the user claim in the JWT (required only when the authz-mode is User). |
Was this page helpful?