Open ntap-cfouts opened 2 months ago
Thanks for your feedback. We are reviewing.
The page you are referring to is designed to provide a list of the ways OAuth 2,0 can be deployed and configured with ONTAP. There are a total of five deployment scenarios divided into local validation (4) and remote introspection (1). Each scenario provides the parameters needed for that scenario. The issue is that configuration is not confined to the CLI only as you suggest, but rather it can be done using 1.) System Manager or 2.) ONTAP CLI or 3.) REST API. Further, the exact name for a specific parameter can vary across these three administrative interfaces. This makes it challenging to provide a concise summary because there are three names for each parameter depending on the interface. And so rather than use the exact parameter names, I am using a generic name for each parameter. The exact parameter name for the interface you're using should be easy to determine. I actually explain this in the paragraph just above the table in that section. I repeat it here for your convenience:
"The parameter names can vary slightly depending on the ONTAP administrative interface. For example, when configuring remote introspection, the endpoint is identified using the CLI command parameter -introspection-endpoint. But with the System Manager, the equivalent field is Authorization server token introspection URI. To accommodate all the ONTAP administrative interfaces, a general description of the parameters is provided. The exact parameter or field should be obvious based on the context."
I'll look at any possibility for spelling out the three versions of each parameter, perhaps one time in a table at the top of the page (along with the generic name). At a minimum I can place the text above under a NOTE on the page to make it stand out.
Thanks for pointing out that the parameter table tries to address both System Manager and the ONTAP CLI. I think there needs to be some additional work though as the current state of the table is confusing.
Thanks. As far as #1 in your list, this feature can be accessed through the CLI and System Manager and REST API. Three ONTAP administrative interfaces. As a general statement, the name of a specific parameter can be different across all three. We are exploring the best option for presenting this in the doc but will have a solution soon.
Item #2 is a typo will correct. And #3 looks to be missing, will confirm in the ENG notes and add.
Page URL
https://docs.netapp.com/us-en/ontap/authentication/oauth2-deployment-scenarios.html
Page title
OAuth 2.0 deployment scenarios
Summary
Under the "Summary of the configuration parameters" there are inaccuracies for the parameters when compared with the
security oauth2 client create
CLI command. I am using ONTAP 9.14.1.security oauth2 client
commands. There is a "Configuration Name" (-config-name param) that is used to name the OAuth2 client configuration in ONTAP.-remote-user-claim
parameter.-audience
parameter is missing.Public issues must not contain sensitive information