Module netapp_ontap.resources.security_oidc

Copyright © 2026 NetApp Inc. All rights reserved.

This file has been automatically generated based on the ONTAP REST API documentation.

Overview

This API is used to manage the OpenID Connect (OIDC) authentication configuration for the cluster. The POST method is used to create a new OIDC configuration, while the GET method is used to retrieve the current OIDC configuration. The PATCH method is used to enable or disable the OIDC feature, and the DELETE method is used to remove an existing OIDC configuration.

Examples

Retrieving the OIDC configuration in the cluster

The following output shows the OIDC configuration in the cluster.

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityOidc

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityOidc()
    resource.get()
    print(resource)

SecurityOidc(
    {
        "_links": {"self": {"href": "/api/security/authentication/cluster/oidc"}},
        "remote_user_claim": "unique_name",
        "authorization_endpoint": "https://example.com/adfs/oauth2/authorize/",
        "access_token_issuer": "https://example.com/adfs/services/trust",
        "redirect_ipaddress": "10.10.10.10",
        "client_secret_hash": "<HASHED-CLIENT-SECRET>",
        "issuer": "https://example.com/adfs",
        "client_id": "client-id-value",
        "jwks_refresh_interval": "PT1H",
        "provider": "adfs",
        "outgoing_proxy": "https://johndoe:secretpass@proxy.example.com:8080",
        "token_endpoint": "https://example.com/adfs/oauth2/token/",
        "provider_jwks_uri": "https://example.com/adfs/discovery/keys",
        "skip_uri_validation": False,
        "end_session_endpoint": "https://example.com/adfs/oauth2/logout",
        "enabled": False,
    }
)

Creating the OIDC configuration in the cluster

The following output shows how to create the OIDC configuration in the cluster.

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityOidc

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityOidc()
    resource.provider = "adfs"
    resource.issuer = "https://example.com/adfs"
    resource.client_id = "client-id-value"
    resource.client_secret = "<CLIENT-SECRET>"
    resource.provider_jwks_uri = "https://example.com/adfs/discovery/keys"
    resource.remote_user_claim = "unique_name"
    resource.authorization_endpoint = "https://example.com/adfs/oauth2/authorize/"
    resource.token_endpoint = "https://example.com/adfs/oauth2/token/"
    resource.skip_uri_validation = False
    resource.redirect_ipaddress = "10.10.10.10"
    resource.end_session_endpoint = "https://example.com/adfs/oauth2/logout"
    resource.jwks_refresh_interval = "PT1H"
    resource.outgoing_proxy = "https://johndoe:secretpass@proxy.example.com:8080"
    resource.access_token_issuer = "https://example.com/adfs/services/trust"
    resource.post(hydrate=True)
    print(resource)

SecurityOidc(
    {
        "remote_user_claim": "unique_name",
        "authorization_endpoint": "https://example.com/adfs/oauth2/authorize/",
        "access_token_issuer": "https://example.com/adfs/services/trust",
        "redirect_ipaddress": "10.10.10.10",
        "issuer": "https://example.com/adfs",
        "client_id": "client-id-value",
        "jwks_refresh_interval": "PT1H",
        "client_secret": "<CLIENT-SECRET>",
        "provider": "adfs",
        "outgoing_proxy": "https://johndoe:secretpass@proxy.example.com:8080",
        "token_endpoint": "https://example.com/adfs/oauth2/token/",
        "provider_jwks_uri": "https://example.com/adfs/discovery/keys",
        "skip_uri_validation": False,
        "end_session_endpoint": "https://example.com/adfs/oauth2/logout",
    }
)

Updating the OIDC configuration in the cluster

The following output shows how to update the OIDC configuration in the cluster.

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityOidc

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityOidc()
    resource.enabled = True
    resource.patch()

Deleting the OIDC configuration in the cluster

The following output shows how to delete the OIDC configuration in the cluster.

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityOidc

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityOidc()
    resource.delete()

Classes

class SecurityOidc (*args, **kwargs)

Allows interaction with SecurityOidc objects on the host

Initialize the instance of the resource.

Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:

MyResource(name='foo').name == 'foo'

Args

*args

Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.

**kwargs

each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.

Ancestors

• Resource

Methods

def delete (self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse

Deletes the OIDC configuration in the cluster.

Related ONTAP commands

• security oidc delete

Learn more

• DOC /security/authentication/cluster/oidc

---

Send a deletion request to the host for this object.

Args

body

The body of the delete request. This could be a Resource instance or a dictionary object.

poll

If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.

poll_interval

If the operation returns a job, this specifies how often to query the job for updates.

poll_timeout

If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.

connection

The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.

**kwargs

Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def get (self, **kwargs) -> NetAppResponse

Retrieves the OIDC configuration in the cluster.

Related ONTAP commands

• security oidc show

Learn more

• DOC /security/authentication/cluster/oidc

---

Fetch the details of the object from the host.

Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400 or if not all of the keys required are present and config.STRICT_GET has been set to True.

def patch (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse

Updates the OIDC configuration in the cluster.

Required properties

• enabled

Related ONTAP commands

• security oidc modify

Learn more

• DOC /security/authentication/cluster/oidc

---

Send the difference in the object's state to the host as a modification request.

Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.

Args

hydrate

If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.

poll

If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.

poll_interval

If the operation returns a job, this specifies how often to query the job for updates.

poll_timeout

If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.

connection

The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.

**kwargs

Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def post (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse

Creates the OIDC configuration in the cluster.

Optional properties

• skip_uri_validation
• jwks_refresh_interval
• outgoing_proxy
• access_token_issuer

Related ONTAP commands

• security oidc create

Learn more

• DOC /security/authentication/cluster/oidc

---

Send this object to the host as a creation request.

Args

hydrate

If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.

poll

If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.

poll_interval

If the operation returns a job, this specifies how often to query the job for updates.

poll_timeout

If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.

connection

The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.

**kwargs

Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Inherited members

• Resource:
  • from_dict
  • get_collection_url
  • get_connection
  • instance_location
  • path_keys
  • poll
  • set_connection
  • to_dict
  • validate_schema

class SecurityOidcSchema (*, only: types.StrSequenceOrSet | None = None, exclude: types.StrSequenceOrSet = (), many: bool | None = None, context: dict | None = None, load_only: types.StrSequenceOrSet = (), dump_only: types.StrSequenceOrSet = (), partial: bool | types.StrSequenceOrSet | None = None, unknown: str | None = None)

The fields of the SecurityOidc object

Ancestors

• netapp_ontap.resource.ResourceSchema
• marshmallow.schema.Schema
• marshmallow.base.SchemaABC
• abc.ABC

Class variables

access_token_issuer: str GET POST

The issuer value for the access token when it is different from the OpenID Connect issuer.

Example: https://example.netapp.com/adfs/services/trust

authorization_endpoint: str GET POST

The URI of the authorization endpoint for the OpenID Connect provider.

Example: https://example.netapp.com/adfs/oauth2/authorize

client_id: str GET POST

The client ID for the application.

Example: 1234567890abcdef

client_secret: str GET POST

The client secret for the application.

Example: 1234567890abcdef1234567890abcdef

client_secret_hash: str GET

The hash of the client secret for the application.

Example: 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef

enabled: bool GET PATCH

Indicates whether the OpenID Connect configuration is enabled.

Example: true

end_session_endpoint: str GET POST

The URI of the end session endpoint for the OpenID Connect provider.

Example: https://example.netapp.com/adfs/oauth2/logout

issuer: str GET POST

The URI of the OpenID Connect provider.

Example: https://example.netapp.com/adfs

jwks_refresh_interval: str GET POST

The refresh interval for the JSON Web Key Set (JWKS), in ISO-8601 format. This can be set to a value from 300 seconds to 2147483647 seconds.

Example: PT2H

links: SelfLink GET

The links field of the security_oidc.

outgoing_proxy: str GET POST

Outgoing proxy to access external identity providers (IdPs). If not specified, no proxy is configured.

Example: https://johndoe:secretpass@proxy.example.com:8080

provider: str GET POST

The OpenID Connect provider type.

Valid choices:

• adfs
• entra

provider_jwks_uri: str GET POST

The URI of the JSON Web Key Set (JWKS) for the OpenID Connect provider.

Example: https://example.netapp.com/adfs/discovery/v2.0/keys

redirect_ipaddress: str GET POST

The IP address to redirect to after authentication.

Example: 10.10.10.10

remote_user_claim: str GET POST

The claim used to identify the remote user.

Example: unique_name

skip_uri_validation: bool GET POST

Indicates whether to skip URI validation.

Example: false

token_endpoint: str GET POST

The URI of the token endpoint for the OpenID Connect provider.

Example: https://example.netapp.com/adfs/oauth2/token