ExtensionX509IdentityProvider

class oci.identity_domains.models.ExtensionX509IdentityProvider(**kwargs)

Bases: object

X509 Identity Provider Extension Schema

Attributes

EKU_VALUES_CLIENT_AUTH A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider.
EKU_VALUES_CODE_SIGNING A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider.
EKU_VALUES_EMAIL_PROTECTION A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider.
EKU_VALUES_OCSP_SIGNING A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider.
EKU_VALUES_SERVER_AUTH A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider.
EKU_VALUES_TIME_STAMPING A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider.
cert_match_attribute [Required] Gets the cert_match_attribute of this ExtensionX509IdentityProvider.
crl_check_on_ocsp_failure_enabled Gets the crl_check_on_ocsp_failure_enabled of this ExtensionX509IdentityProvider.
crl_enabled Gets the crl_enabled of this ExtensionX509IdentityProvider.
crl_location Gets the crl_location of this ExtensionX509IdentityProvider.
crl_reload_duration Gets the crl_reload_duration of this ExtensionX509IdentityProvider.
eku_validation_enabled Gets the eku_validation_enabled of this ExtensionX509IdentityProvider.
eku_values Gets the eku_values of this ExtensionX509IdentityProvider.
ocsp_allow_unknown_response_status Gets the ocsp_allow_unknown_response_status of this ExtensionX509IdentityProvider.
ocsp_enable_signed_response Gets the ocsp_enable_signed_response of this ExtensionX509IdentityProvider.
ocsp_enabled Gets the ocsp_enabled of this ExtensionX509IdentityProvider.
ocsp_responder_url Gets the ocsp_responder_url of this ExtensionX509IdentityProvider.
ocsp_revalidate_time Gets the ocsp_revalidate_time of this ExtensionX509IdentityProvider.
ocsp_server_name Gets the ocsp_server_name of this ExtensionX509IdentityProvider.
ocsp_trust_cert_chain Gets the ocsp_trust_cert_chain of this ExtensionX509IdentityProvider.
other_cert_match_attribute Gets the other_cert_match_attribute of this ExtensionX509IdentityProvider.
signing_certificate_chain [Required] Gets the signing_certificate_chain of this ExtensionX509IdentityProvider.
user_match_attribute [Required] Gets the user_match_attribute of this ExtensionX509IdentityProvider.

Methods

__init__(**kwargs) Initializes a new ExtensionX509IdentityProvider object with values from keyword arguments.
EKU_VALUES_CLIENT_AUTH = 'CLIENT_AUTH'

A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider. This constant has a value of “CLIENT_AUTH”

EKU_VALUES_CODE_SIGNING = 'CODE_SIGNING'

A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider. This constant has a value of “CODE_SIGNING”

EKU_VALUES_EMAIL_PROTECTION = 'EMAIL_PROTECTION'

A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider. This constant has a value of “EMAIL_PROTECTION”

EKU_VALUES_OCSP_SIGNING = 'OCSP_SIGNING'

A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider. This constant has a value of “OCSP_SIGNING”

EKU_VALUES_SERVER_AUTH = 'SERVER_AUTH'

A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider. This constant has a value of “SERVER_AUTH”

EKU_VALUES_TIME_STAMPING = 'TIME_STAMPING'

A constant which can be used with the eku_values property of a ExtensionX509IdentityProvider. This constant has a value of “TIME_STAMPING”

__init__(**kwargs)

Initializes a new ExtensionX509IdentityProvider object with values from keyword arguments. The following keyword arguments are supported (corresponding to the getters/setters of this class):

Parameters:
  • cert_match_attribute (str) – The value to assign to the cert_match_attribute property of this ExtensionX509IdentityProvider.
  • user_match_attribute (str) – The value to assign to the user_match_attribute property of this ExtensionX509IdentityProvider.
  • other_cert_match_attribute (str) – The value to assign to the other_cert_match_attribute property of this ExtensionX509IdentityProvider.
  • signing_certificate_chain (list[str]) – The value to assign to the signing_certificate_chain property of this ExtensionX509IdentityProvider.
  • ocsp_enabled (bool) – The value to assign to the ocsp_enabled property of this ExtensionX509IdentityProvider.
  • ocsp_server_name (str) – The value to assign to the ocsp_server_name property of this ExtensionX509IdentityProvider.
  • ocsp_responder_url (str) – The value to assign to the ocsp_responder_url property of this ExtensionX509IdentityProvider.
  • ocsp_allow_unknown_response_status (bool) – The value to assign to the ocsp_allow_unknown_response_status property of this ExtensionX509IdentityProvider.
  • ocsp_revalidate_time (int) – The value to assign to the ocsp_revalidate_time property of this ExtensionX509IdentityProvider.
  • ocsp_enable_signed_response (bool) – The value to assign to the ocsp_enable_signed_response property of this ExtensionX509IdentityProvider.
  • ocsp_trust_cert_chain (list[str]) – The value to assign to the ocsp_trust_cert_chain property of this ExtensionX509IdentityProvider.
  • crl_enabled (bool) – The value to assign to the crl_enabled property of this ExtensionX509IdentityProvider.
  • crl_check_on_ocsp_failure_enabled (bool) – The value to assign to the crl_check_on_ocsp_failure_enabled property of this ExtensionX509IdentityProvider.
  • crl_location (str) – The value to assign to the crl_location property of this ExtensionX509IdentityProvider.
  • crl_reload_duration (int) – The value to assign to the crl_reload_duration property of this ExtensionX509IdentityProvider.
  • eku_validation_enabled (bool) – The value to assign to the eku_validation_enabled property of this ExtensionX509IdentityProvider.
  • eku_values (list[str]) – The value to assign to the eku_values property of this ExtensionX509IdentityProvider. Allowed values for items in this list are: “SERVER_AUTH”, “CLIENT_AUTH”, “CODE_SIGNING”, “EMAIL_PROTECTION”, “TIME_STAMPING”, “OCSP_SIGNING”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
cert_match_attribute

[Required] Gets the cert_match_attribute of this ExtensionX509IdentityProvider. X509 Certificate Matching Attribute

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: string
  • uniqueness: none
Returns:The cert_match_attribute of this ExtensionX509IdentityProvider.
Return type:str
crl_check_on_ocsp_failure_enabled

Gets the crl_check_on_ocsp_failure_enabled of this ExtensionX509IdentityProvider. Fallback on CRL Validation if OCSP fails.

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: boolean
  • uniqueness: none
Returns:The crl_check_on_ocsp_failure_enabled of this ExtensionX509IdentityProvider.
Return type:bool
crl_enabled

Gets the crl_enabled of this ExtensionX509IdentityProvider. Set to true to enable CRL Validation

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: boolean
  • uniqueness: none
Returns:The crl_enabled of this ExtensionX509IdentityProvider.
Return type:bool
crl_location

Gets the crl_location of this ExtensionX509IdentityProvider. CRL Location URL

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The crl_location of this ExtensionX509IdentityProvider.
Return type:str
crl_reload_duration

Gets the crl_reload_duration of this ExtensionX509IdentityProvider. Fetch the CRL contents every X minutes

Added In: 2010242156

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: integer
  • uniqueness: none
Returns:The crl_reload_duration of this ExtensionX509IdentityProvider.
Return type:int
eku_validation_enabled

Gets the eku_validation_enabled of this ExtensionX509IdentityProvider. Set to true to enable EKU Validation

Added In: 2304270343

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: boolean
  • uniqueness: none
Returns:The eku_validation_enabled of this ExtensionX509IdentityProvider.
Return type:bool
eku_values

Gets the eku_values of this ExtensionX509IdentityProvider. List of EKU which needs to be validated

Added In: 2304270343

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none

Allowed values for items in this list are: “SERVER_AUTH”, “CLIENT_AUTH”, “CODE_SIGNING”, “EMAIL_PROTECTION”, “TIME_STAMPING”, “OCSP_SIGNING”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:The eku_values of this ExtensionX509IdentityProvider.
Return type:list[str]
ocsp_allow_unknown_response_status

Gets the ocsp_allow_unknown_response_status of this ExtensionX509IdentityProvider. Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: boolean
  • uniqueness: none
Returns:The ocsp_allow_unknown_response_status of this ExtensionX509IdentityProvider.
Return type:bool
ocsp_enable_signed_response

Gets the ocsp_enable_signed_response of this ExtensionX509IdentityProvider. Describes if the OCSP response is signed

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: boolean
  • uniqueness: none
Returns:The ocsp_enable_signed_response of this ExtensionX509IdentityProvider.
Return type:bool
ocsp_enabled

Gets the ocsp_enabled of this ExtensionX509IdentityProvider. Set to true to enable OCSP Validation

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: boolean
  • uniqueness: none
Returns:The ocsp_enabled of this ExtensionX509IdentityProvider.
Return type:bool
ocsp_responder_url

Gets the ocsp_responder_url of this ExtensionX509IdentityProvider. This property specifies OCSP Responder URL.

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The ocsp_responder_url of this ExtensionX509IdentityProvider.
Return type:str
ocsp_revalidate_time

Gets the ocsp_revalidate_time of this ExtensionX509IdentityProvider. Revalidate OCSP status for user after X hours

Added In: 2010242156

SCIM++ Properties:
  • idcsMaxValue: 24
  • idcsMinValue: 0
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: integer
  • uniqueness: none
Returns:The ocsp_revalidate_time of this ExtensionX509IdentityProvider.
Return type:int
ocsp_server_name

Gets the ocsp_server_name of this ExtensionX509IdentityProvider. This property specifies the OCSP Server alias name

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The ocsp_server_name of this ExtensionX509IdentityProvider.
Return type:str
ocsp_trust_cert_chain

Gets the ocsp_trust_cert_chain of this ExtensionX509IdentityProvider. OCSP Trusted Certificate Chain

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The ocsp_trust_cert_chain of this ExtensionX509IdentityProvider.
Return type:list[str]
other_cert_match_attribute

Gets the other_cert_match_attribute of this ExtensionX509IdentityProvider. Check for specific conditions of other certificate attributes

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The other_cert_match_attribute of this ExtensionX509IdentityProvider.
Return type:str
signing_certificate_chain

[Required] Gets the signing_certificate_chain of this ExtensionX509IdentityProvider. Certificate alias list to create a chain for the incoming client certificate

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: true
  • returned: default
  • type: string
  • uniqueness: none
Returns:The signing_certificate_chain of this ExtensionX509IdentityProvider.
Return type:list[str]
user_match_attribute

[Required] Gets the user_match_attribute of this ExtensionX509IdentityProvider. This property specifies the userstore attribute value that must match the incoming certificate attribute.

Added In: 2010242156

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: string
  • uniqueness: none
Returns:The user_match_attribute of this ExtensionX509IdentityProvider.
Return type:str