@if (type() === "entraidresolver") {

Entra ID Settings

} @else if (type() === "keycloakresolver") {

Keycloak Settings

} @else {

HTTP Settings

} @if (!isAdvanced) {

Basic

Advanced

} @if (!isAdvanced && basicSettings()) {

Endpoint (URL)

@if (endpointControl.hasError("required") && endpointControl.touched) { Endpoint is required . }

Method

GET

POST

@if (methodControl.hasError("required") && methodControl.touched) { Method is required . }

Request Mapping (JSON Format)

@if (requestMappingControl.hasError("required") && requestMappingControl.touched) { Request mapping is required . }

Headers (JSON Format)

@if (headersControl.hasError("required") && headersControl.touched) { Headers are required . }

Response Mapping (JSON Format)

@if (responseMappingControl.hasError("required") && responseMappingControl.touched) { Response mapping is required . }

Special Error Handling @if (editable()) {

Response contains (JSON Format)

@if (errorResponseControl.hasError("required") && errorResponseControl.touched) { Response contains is required . } } } @else { @if (type() === "keycloakresolver") {

Realm

}

Base URL

The base URL of the API of the user store which will be concatenated with the user endpoints defined below. @if (baseUrlControl.hasError("required") && baseUrlControl.touched) { Base URL is required . }

Attribute Mapping

PrivacyIDEA Attribute	@if (!row.isCustom) { @for (attr of availableAttributes()[i]; track attr) { {{ attr }} } Custom… } @if (row.isCustom) { }	User Store Attribute		Actions	@if (row.privacyideaAttr !== null \|\| row.isCustom) { }

The left column defines the user attributes used in privacyIDEA and the right column the equivalent attribute in the user store.

Headers (JSON Format)

If no custom headers are defined this header is used for all endpoints.

Edit User Store

The user data in this user store can be modified from within privacyIDEA.

Timeout

Time in seconds privacyIDEA tries
to reach the user store server.

Verify TLS certificate of the server.

CA Certificate

The file containing the CA certificate which signed the TLS certificate of the server.

Authorization

@if (type() === "entraidresolver") {

This section allows to configure an endpoint to which the privacyIDEA server must authenticate in order to receive an access token. This token can then be used to access the user store API. You can find most of these settings in the app registration in the Entra Admin Center or you also have to add them there.

Authority

Tenant ID

@if (tenantControl.hasError("required") && tenantControl.touched) { Tenant ID is required . }

Client ID

@if (clientIdControl.hasError("required") && clientIdControl.touched) { Client ID is required . }

Client Credential Type

Secret

Certificate

@if (clientCredentialType() === "secret") {

Client Secret

@if (clientSecretControl.hasError("required") && clientSecretControl.touched) { Client secret is required . } }

@if (clientCredentialType() === "certificate") {

This credential type does not support to check the user's password.

Specify the path to the private key file of the servers certificate. If you use an encrypted key, add the password here, otherwise leave the field empty. The server certificate must be uploaded in Entra's app registration as client credential.

Path to the Private Key File

Password for the Private Key

Thumbprint of the Certificate

}

} @else {

This section allows to configure an endpoint to which the privacyIDEA server must authenticate in order to receive an access token. This token can then be used to access the user store API.

Username

Password

}

@if (clientCredentialType() !== "certificate") {

Check User Password

}

User List

Get User by ID

Get User by Name

@if (editable()) {

Create User

Edit User

Delete User

}