This is a onetime configuration of an Oauth2 client that supports password grant on vIDM. To configure Client on vIDM
Procedure
- Login to viDM with local admin user to get session token.
Rest URL: https://<VIDM FQDN>/SAAS/API/1.0/REST/auth/system/login Method: POST Headers: Accept: application/json; charset=utf-8 Content-Type: application/json Example Request Body: { "username": "admin", "password": "Ssn123456", "issueToken": "true" } Example Response { "id": null, "sessionToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJlYTY4ZWQ0NC1mYWYwLTQ5OWEtYTk5Yi0xMWI4YzBiZDZlZjgiLCJwcm4iOiJhZG1pbkBTVkEiLCJkb21haW4iOiJMb2NhbCBVc2VycyIsInVzZXJfaWQiOiIyIiwiYXV0aF90aW1lIjoxNDM1MDI1NDY2LCJpc3MiOiJodHRwczovL2d3LWFhLmhzLnRyY2ludC5jb20vU0FBUy9BUEkvMS4wL1JFU1QvYXV0aC90b2tlbiIsImF1ZCI6Imh0dHBzOi8vZ3ctYWEuaHMudHJjaW50LmNvbSIsImN0eCI6Ilt7XCJtdGRcIjpcInVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0XCIsXCJpYXRcIjoxNDM1MDI1NDY2LFwiaWRcIjo0fV0iLCJzY3AiOiJwcm9maWxlIGFkbWluIHVzZXIgZW1haWwgb3BlcmF0b3IiLCJpZHAiOiIwIiwiZW1sIjoiYWRtaW5Adm13YXJlLmNvbSIsImNpZCI6IiIsImRpZCI6IiIsIndpZCI6IiIsImV4cCI6MTQzNTA1NDI2NiwiaWF0IjoxNDM1MDI1NDY2LCJzdWIiOiJmZjkxYWI0Zi1mZDg3LTRjZjgtODNlMS04ZTEyMTA5YTkzODgiLCJwcm5fdHlwZSI6IlVTRVIifQ.nTMNBGg_vqPB-2VBWW2YzThprrURLBjjjlF8nSM8LYS8RDlhW49ht0hjWvnLSTmboGo160BWJs1BgCaHSe1Uwj5Mqv4K05_VsfrKkvCOGtikjCZvJ8u4dz9zRxfofOeKtfH5jtX9AUjZQoVjgYAwkXd8WNE9Ax9r5QIk06zmxaI", "firstName": null, "lastName": null, "admin": false } - Use below API to create a password grant Oauth2 client.
Rest URL: https://<VIDM FQDN>/SAAS/jersey/manager/api/oauth2clients Method: POST Headers: Accept: application/vnd.vmware.horizon.manager.oauth2client+json Content-Type: application/vnd.vmware.horizon.manager.oauth2client+json Authorization:HZN <sessionToken that you received in step 1> Example: Authorization:HZN eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJlYTY4ZWQ0NC1mYWYwLTQ5OWEtYTk5Yi0xMWI4YzBiZDZlZjgiLCJwcm4iOiJhZG1pbkBTVkEiLCJkb21haW4iOiJMb2NhbCBVc2VycyIsInVzZXJfaWQiOiIyIiwiYXV0aF90aW1lIjoxNDM1MDI1NDY2LCJpc3MiOiJodHRwczovL2d3LWFhLmhzLnRyY2ludC5jb20vU0FBUy9BUEkvMS4wL1JFU1QvYXV0aC90b2tlbiIsImF1ZCI6Imh0dHBzOi8vZ3ctYWEuaHMudHJjaW50LmNvbSIsImN0eCI6Ilt7XCJtdGRcIjpcInVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0XCIsXCJpYXRcIjoxNDM1MDI1NDY2LFwiaWRcIjo0fV0iLCJzY3AiOiJwcm9maWxlIGFkbWluIHVzZXIgZW1haWwgb3BlcmF0b3IiLCJpZHAiOiIwIiwiZW1sIjoiYWRtaW5Adm13YXJlLmNvbSIsImNpZCI6IiIsImRpZCI6IiIsIndpZCI6IiIsImV4cCI6MTQzNTA1NDI2NiwiaWF0IjoxNDM1MDI1NDY2LCJzdWIiOiJmZjkxYWI0Zi1mZDg3LTRjZjgtODNlMS04ZTEyMTA5YTkzODgiLCJwcm5fdHlwZSI6IlVTRVIifQ.nTMNBGg_vqPB-2VBWW2YzThprrURLBjjjlF8nSM8LYS8RDlhW49ht0hjWvnLSTmboGo160BWJs1BgCaHSe1Uwj5Mqv4K05_VsfrKkvCOGtikjCZvJ8u4dz9zRxfofOeKtfH5jtX9AUjZQoVjgYAwkXd8WNE9Ax9r5QIk06zmxaI Payload: { "clientId":"capi_client", "secret":"YJJ4afCPWH5DZQH85XOu423qIBRcirRQctsDRPiaOlOWWwuN", "scope":"email profile user admin", "authGrantTypes":"password", "tokenType":"Bearer", "tokenLength":23, "accessTokenTTL":360, "refreshTokenTTL":43200, "rememberAs":null, "resourceUuid":"00000000-0000-0000-0000-000000000000", "displayUserGrant":false, "internalSystemClient":false, "activationToken":null, "strData":"{\"credentialCheckType\":\"ActiveDirectoryPassword\"}" } Response: Status: 201 Body: { "clientId": "capi_client", "secret": "YJJ4afCPWH5DZQH85XOu423qIBRcirRQctsDRPiaOlOWWwuN", "scope": "email profile user admin", "authGrantTypes": "password", "redirectUri": null, "tokenType": "Bearer", "tokenLength": 32, "accessTokenTTL": 360, "refreshTokenTTL": 43200, "refreshTokenIdleTTL": null, "rememberAs": null, "resourceUuid": "00000000-0000-0000-0000-000000000000", "displayUserGrant": false, "internalSystemClient": false, "activationToken": null, "strData": "{\"credentialCheckType\":\"ActiveDirectoryPassword\"}", "inheritanceAllowed": false, "returnFailureResponse": false, "_links": { "self": { "href": "/SAAS/jersey/manager/api/oauth2clients/example_browser_cli_clientid" } } }For vIDM installation and configuration details, refer the document Installing and Configuring VMware Identity Manager for Linux.
