Read metadata-only active auth mode and provider configuration state.

GET

/v1/identity-provider

Returns safe refs, claim mapping names, trusted-header contract, and SAML-through-proxy support. Raw tokens, SAML assertions, secrets, JWKS bodies, and claim payloads are never returned.

Authorizations

oidc

Responses

200

Metadata-only identity provider state for admin UI.

object

schema_version

required

auth_mode

required

Allowed values: trusted_proxy oidc_jwt local_identity local_header_bootstrap

tenant_id

required

string

>= 1 characters

environment_id

required

string

>= 1 characters

oidc

required

object

configured

required

boolean

issuer_ref

required

string

>= 1 characters

jwks_ref

required

string

>= 1 characters

audience_ref

required

string

>= 1 characters

client_id_ref

required

string

>= 1 characters

claim_mapping

required

object

subject

required

string

>= 1 characters

groups

required

string

>= 1 characters

user_id

required

string

>= 1 characters

client_surface

required

string

>= 1 characters

tenant

required

string

>= 1 characters

environment

required

string

>= 1 characters

service_id

required

string

>= 1 characters

workload_id

required

string

>= 1 characters

agent_id

required

string

>= 1 characters

agent_instance_id

required

string

>= 1 characters

human_delegator_id

required

string

>= 1 characters

allowed_algorithms

required

Array

Allowed values: RS256 RS384 RS512 PS256 PS384 PS512 ES256 ES384

saml

required

object

proxy_supported

required

boolean

direct_acs_supported

required

boolean

metadata_ref

required

string

>= 1 characters

entity_id_ref

required

string

>= 1 characters

acs_ref

required

string

>= 1 characters

trusted_headers

required

object

enabled

required

boolean

required_headers

required

Array<string>

optional_headers

required

Array<string>

client_supplied_headers_trusted

required

boolean

local_identity

required

object

enabled

required

boolean

bootstrap_token_configured

required

boolean

Type set in Geist, Source Serif 4, and Departure Mono.