@pulumi/keycloak 5.3.0 → 5.3.1

package/saml/client.d.ts

@@ -2,40 +2,74 @@ import * as pulumi from "@pulumi/pulumi";
 import * as inputs from "../types/input";
 import * as outputs from "../types/output";
 /**
+ * ## # keycloak.saml.Client
+ *
  * Allows for creating and managing Keycloak clients that use the SAML protocol.
  *
- * Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users
- * to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO.
+ * Clients are entities that can use Keycloak for user authentication. Typically,
+ * clients are applications that redirect users to Keycloak for authentication
+ * in order to take advantage of Keycloak's user sessions for SSO.
  *
- * ## Example Usage
+ * ### Example Usage
  *
+ * <!--Start PulumiCodeChooser -->
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
  * import * as fs from "fs";
  * import * as keycloak from "@pulumi/keycloak";
  *
  * const realm = new keycloak.Realm("realm", {
- *     realm: "my-realm",
  *     enabled: true,
+ *     realm: "my-realm",
  * });
  * const samlClient = new keycloak.saml.Client("samlClient", {
+ *     clientId: "test-saml-client",
+ *     includeAuthnStatement: true,
  *     realmId: realm.id,
- *     clientId: "saml-client",
- *     signDocuments: false,
  *     signAssertions: true,
- *     includeAuthnStatement: true,
+ *     signDocuments: false,
  *     signingCertificate: fs.readFileSync("saml-cert.pem", "utf8"),
  *     signingPrivateKey: fs.readFileSync("saml-key.pem", "utf8"),
  * });
  * ```
+ * <!--End PulumiCodeChooser -->
  *
- * ## Import
+ * ### Argument Reference
  *
- * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. Examplebash
+ * The following arguments are supported:
  *
- * ```sh
- *  $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352
- * ```
+ * - `realmId` - (Required) The realm this client is attached to.
+ * - `clientId` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.
+ * - `name` - (Optional) The display name of this client in the GUI.
+ * - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
+ * - `description` - (Optional) The description of this client in the GUI.
+ * - `includeAuthnStatement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response.
+ * - `signDocuments` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key.
+ * - `signAssertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response.
+ * - `clientSignatureRequired` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`.
+ * - `forcePostBinding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding.
+ * - `frontChannelLogout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout.
+ * - `nameIdFormat` - (Optional) Sets the Name ID format for the subject.
+ * - `rootUrl` - (Optional) When specified, this value is prepended to all relative URLs.
+ * - `validRedirectUris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
+ * - `baseUrl` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client.
+ * - `masterSamlProcessingUrl` - (Optional) When specified, this URL will be used for all SAML requests.
+ * - `signingCertificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature.
+ * - `signingPrivateKey` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature.
+ * - `idpInitiatedSsoUrlName` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO.
+ * - `idpInitiatedSsoRelayState` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
+ * - `assertionConsumerPostUrl` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses).
+ * - `assertionConsumerRedirectUrl` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses).
+ * - `logoutServicePostBindingUrl` - (Optional) SAML POST Binding URL for the client's single logout service.
+ * - `logoutServiceRedirectBindingUrl` - (Optional) SAML Redirect Binding URL for the client's single logout service.
+ * - `fullScopeAllowed` - (Optional) - Allow to include all roles mappings in the access token
+ *
+ * ### Import
+ *
+ * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `clientKeycloakId` is the unique ID that Keycloak
+ * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.
+ *
+ * Example:
  */
 export declare class Client extends pulumi.CustomResource {
     /**
@@ -53,152 +87,44 @@ export declare class Client extends pulumi.CustomResource {
      * when multiple copies of the Pulumi SDK have been loaded into the same process.
      */
     static isInstance(obj: any): obj is Client;
-    /**
-     * SAML POST Binding URL for the client's assertion consumer service (login responses).
-     */
     readonly assertionConsumerPostUrl: pulumi.Output<string | undefined>;
-    /**
-     * SAML Redirect Binding URL for the client's assertion consumer service (login responses).
-     */
     readonly assertionConsumerRedirectUrl: pulumi.Output<string | undefined>;
-    /**
-     * Override realm authentication flow bindings
-     */
     readonly authenticationFlowBindingOverrides: pulumi.Output<outputs.saml.ClientAuthenticationFlowBindingOverrides | undefined>;
-    /**
-     * When specified, this URL will be used whenever Keycloak needs to link to this client.
-     */
     readonly baseUrl: pulumi.Output<string | undefined>;
-    /**
-     * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE".
-     */
     readonly canonicalizationMethod: pulumi.Output<string | undefined>;
-    /**
-     * The unique ID of this client, referenced in the URI during authentication and in issued tokens.
-     */
     readonly clientId: pulumi.Output<string>;
-    /**
-     * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`.
-     */
     readonly clientSignatureRequired: pulumi.Output<boolean | undefined>;
-    /**
-     * The description of this client in the GUI.
-     */
     readonly description: pulumi.Output<string | undefined>;
-    /**
-     * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
-     */
     readonly enabled: pulumi.Output<boolean | undefined>;
-    /**
-     * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.
-     */
     readonly encryptAssertions: pulumi.Output<boolean | undefined>;
-    /**
-     * If assertions for the client are encrypted, this certificate will be used for encryption.
-     */
     readonly encryptionCertificate: pulumi.Output<string>;
-    /**
-     * (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.
-     */
     readonly encryptionCertificateSha1: pulumi.Output<string>;
     readonly extraConfig: pulumi.Output<{
         [key: string]: any;
     } | undefined>;
-    /**
-     * Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`.
-     */
     readonly forceNameIdFormat: pulumi.Output<boolean | undefined>;
-    /**
-     * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.
-     */
     readonly forcePostBinding: pulumi.Output<boolean | undefined>;
-    /**
-     * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.
-     */
     readonly frontChannelLogout: pulumi.Output<boolean | undefined>;
-    /**
-     * Allow to include all roles mappings in the access token
-     */
     readonly fullScopeAllowed: pulumi.Output<boolean | undefined>;
-    /**
-     * Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
-     */
     readonly idpInitiatedSsoRelayState: pulumi.Output<string | undefined>;
-    /**
-     * URL fragment name to reference client when you want to do IDP Initiated SSO.
-     */
     readonly idpInitiatedSsoUrlName: pulumi.Output<string | undefined>;
-    /**
-     * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.
-     */
     readonly includeAuthnStatement: pulumi.Output<boolean | undefined>;
-    /**
-     * The login theme of this client.
-     */
     readonly loginTheme: pulumi.Output<string | undefined>;
-    /**
-     * SAML POST Binding URL for the client's single logout service.
-     */
     readonly logoutServicePostBindingUrl: pulumi.Output<string | undefined>;
-    /**
-     * SAML Redirect Binding URL for the client's single logout service.
-     */
     readonly logoutServiceRedirectBindingUrl: pulumi.Output<string | undefined>;
-    /**
-     * When specified, this URL will be used for all SAML requests.
-     */
     readonly masterSamlProcessingUrl: pulumi.Output<string | undefined>;
-    /**
-     * The display name of this client in the GUI.
-     */
     readonly name: pulumi.Output<string>;
-    /**
-     * Sets the Name ID format for the subject.
-     */
     readonly nameIdFormat: pulumi.Output<string>;
-    /**
-     * The realm this client is attached to.
-     */
     readonly realmId: pulumi.Output<string>;
-    /**
-     * When specified, this value is prepended to all relative URLs.
-     */
     readonly rootUrl: pulumi.Output<string | undefined>;
-    /**
-     * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.
-     */
     readonly signAssertions: pulumi.Output<boolean | undefined>;
-    /**
-     * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.
-     */
     readonly signDocuments: pulumi.Output<boolean | undefined>;
-    /**
-     * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1".
-     */
     readonly signatureAlgorithm: pulumi.Output<string | undefined>;
-    /**
-     * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID".
-     */
     readonly signatureKeyName: pulumi.Output<string | undefined>;
-    /**
-     * If documents or assertions from the client are signed, this certificate will be used to verify the signature.
-     */
     readonly signingCertificate: pulumi.Output<string>;
-    /**
-     * (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.
-     */
     readonly signingCertificateSha1: pulumi.Output<string>;
-    /**
-     * If documents or assertions from the client are signed, this private key will be used to verify the signature.
-     */
     readonly signingPrivateKey: pulumi.Output<string>;
-    /**
-     * (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.
-     */
     readonly signingPrivateKeySha1: pulumi.Output<string>;
-    /**
-     * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
-     */
     readonly validRedirectUris: pulumi.Output<string[] | undefined>;
     /**
      * Create a Client resource with the given unique name, arguments, and options.
@@ -213,291 +139,84 @@ export declare class Client extends pulumi.CustomResource {
  * Input properties used for looking up and filtering Client resources.
  */
 export interface ClientState {
-    /**
-     * SAML POST Binding URL for the client's assertion consumer service (login responses).
-     */
     assertionConsumerPostUrl?: pulumi.Input<string>;
-    /**
-     * SAML Redirect Binding URL for the client's assertion consumer service (login responses).
-     */
     assertionConsumerRedirectUrl?: pulumi.Input<string>;
-    /**
-     * Override realm authentication flow bindings
-     */
     authenticationFlowBindingOverrides?: pulumi.Input<inputs.saml.ClientAuthenticationFlowBindingOverrides>;
-    /**
-     * When specified, this URL will be used whenever Keycloak needs to link to this client.
-     */
     baseUrl?: pulumi.Input<string>;
-    /**
-     * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE".
-     */
     canonicalizationMethod?: pulumi.Input<string>;
-    /**
-     * The unique ID of this client, referenced in the URI during authentication and in issued tokens.
-     */
     clientId?: pulumi.Input<string>;
-    /**
-     * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`.
-     */
     clientSignatureRequired?: pulumi.Input<boolean>;
-    /**
-     * The description of this client in the GUI.
-     */
     description?: pulumi.Input<string>;
-    /**
-     * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
-     */
     enabled?: pulumi.Input<boolean>;
-    /**
-     * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.
-     */
     encryptAssertions?: pulumi.Input<boolean>;
-    /**
-     * If assertions for the client are encrypted, this certificate will be used for encryption.
-     */
     encryptionCertificate?: pulumi.Input<string>;
-    /**
-     * (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.
-     */
     encryptionCertificateSha1?: pulumi.Input<string>;
     extraConfig?: pulumi.Input<{
         [key: string]: any;
     }>;
-    /**
-     * Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`.
-     */
     forceNameIdFormat?: pulumi.Input<boolean>;
-    /**
-     * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.
-     */
     forcePostBinding?: pulumi.Input<boolean>;
-    /**
-     * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.
-     */
     frontChannelLogout?: pulumi.Input<boolean>;
-    /**
-     * Allow to include all roles mappings in the access token
-     */
     fullScopeAllowed?: pulumi.Input<boolean>;
-    /**
-     * Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
-     */
     idpInitiatedSsoRelayState?: pulumi.Input<string>;
-    /**
-     * URL fragment name to reference client when you want to do IDP Initiated SSO.
-     */
     idpInitiatedSsoUrlName?: pulumi.Input<string>;
-    /**
-     * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.
-     */
     includeAuthnStatement?: pulumi.Input<boolean>;
-    /**
-     * The login theme of this client.
-     */
     loginTheme?: pulumi.Input<string>;
-    /**
-     * SAML POST Binding URL for the client's single logout service.
-     */
     logoutServicePostBindingUrl?: pulumi.Input<string>;
-    /**
-     * SAML Redirect Binding URL for the client's single logout service.
-     */
     logoutServiceRedirectBindingUrl?: pulumi.Input<string>;
-    /**
-     * When specified, this URL will be used for all SAML requests.
-     */
     masterSamlProcessingUrl?: pulumi.Input<string>;
-    /**
-     * The display name of this client in the GUI.
-     */
     name?: pulumi.Input<string>;
-    /**
-     * Sets the Name ID format for the subject.
-     */
     nameIdFormat?: pulumi.Input<string>;
-    /**
-     * The realm this client is attached to.
-     */
     realmId?: pulumi.Input<string>;
-    /**
-     * When specified, this value is prepended to all relative URLs.
-     */
     rootUrl?: pulumi.Input<string>;
-    /**
-     * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.
-     */
     signAssertions?: pulumi.Input<boolean>;
-    /**
-     * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.
-     */
     signDocuments?: pulumi.Input<boolean>;
-    /**
-     * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1".
-     */
     signatureAlgorithm?: pulumi.Input<string>;
-    /**
-     * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID".
-     */
     signatureKeyName?: pulumi.Input<string>;
-    /**
-     * If documents or assertions from the client are signed, this certificate will be used to verify the signature.
-     */
     signingCertificate?: pulumi.Input<string>;
-    /**
-     * (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.
-     */
     signingCertificateSha1?: pulumi.Input<string>;
-    /**
-     * If documents or assertions from the client are signed, this private key will be used to verify the signature.
-     */
     signingPrivateKey?: pulumi.Input<string>;
-    /**
-     * (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.
-     */
     signingPrivateKeySha1?: pulumi.Input<string>;
-    /**
-     * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
-     */
     validRedirectUris?: pulumi.Input<pulumi.Input<string>[]>;
 }
 /**
  * The set of arguments for constructing a Client resource.
  */
 export interface ClientArgs {
-    /**
-     * SAML POST Binding URL for the client's assertion consumer service (login responses).
-     */
     assertionConsumerPostUrl?: pulumi.Input<string>;
-    /**
-     * SAML Redirect Binding URL for the client's assertion consumer service (login responses).
-     */
     assertionConsumerRedirectUrl?: pulumi.Input<string>;
-    /**
-     * Override realm authentication flow bindings
-     */
     authenticationFlowBindingOverrides?: pulumi.Input<inputs.saml.ClientAuthenticationFlowBindingOverrides>;
-    /**
-     * When specified, this URL will be used whenever Keycloak needs to link to this client.
-     */
     baseUrl?: pulumi.Input<string>;
-    /**
-     * The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE".
-     */
     canonicalizationMethod?: pulumi.Input<string>;
-    /**
-     * The unique ID of this client, referenced in the URI during authentication and in issued tokens.
-     */
     clientId: pulumi.Input<string>;
-    /**
-     * When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`.
-     */
     clientSignatureRequired?: pulumi.Input<boolean>;
-    /**
-     * The description of this client in the GUI.
-     */
     description?: pulumi.Input<string>;
-    /**
-     * When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
-     */
     enabled?: pulumi.Input<boolean>;
-    /**
-     * When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.
-     */
     encryptAssertions?: pulumi.Input<boolean>;
-    /**
-     * If assertions for the client are encrypted, this certificate will be used for encryption.
-     */
     encryptionCertificate?: pulumi.Input<string>;
     extraConfig?: pulumi.Input<{
         [key: string]: any;
     }>;
-    /**
-     * Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`.
-     */
     forceNameIdFormat?: pulumi.Input<boolean>;
-    /**
-     * When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.
-     */
     forcePostBinding?: pulumi.Input<boolean>;
-    /**
-     * When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.
-     */
     frontChannelLogout?: pulumi.Input<boolean>;
-    /**
-     * Allow to include all roles mappings in the access token
-     */
     fullScopeAllowed?: pulumi.Input<boolean>;
-    /**
-     * Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
-     */
     idpInitiatedSsoRelayState?: pulumi.Input<string>;
-    /**
-     * URL fragment name to reference client when you want to do IDP Initiated SSO.
-     */
     idpInitiatedSsoUrlName?: pulumi.Input<string>;
-    /**
-     * When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.
-     */
     includeAuthnStatement?: pulumi.Input<boolean>;
-    /**
-     * The login theme of this client.
-     */
     loginTheme?: pulumi.Input<string>;
-    /**
-     * SAML POST Binding URL for the client's single logout service.
-     */
     logoutServicePostBindingUrl?: pulumi.Input<string>;
-    /**
-     * SAML Redirect Binding URL for the client's single logout service.
-     */
     logoutServiceRedirectBindingUrl?: pulumi.Input<string>;
-    /**
-     * When specified, this URL will be used for all SAML requests.
-     */
     masterSamlProcessingUrl?: pulumi.Input<string>;
-    /**
-     * The display name of this client in the GUI.
-     */
     name?: pulumi.Input<string>;
-    /**
-     * Sets the Name ID format for the subject.
-     */
     nameIdFormat?: pulumi.Input<string>;
-    /**
-     * The realm this client is attached to.
-     */
     realmId: pulumi.Input<string>;
-    /**
-     * When specified, this value is prepended to all relative URLs.
-     */
     rootUrl?: pulumi.Input<string>;
-    /**
-     * When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.
-     */
     signAssertions?: pulumi.Input<boolean>;
-    /**
-     * When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.
-     */
     signDocuments?: pulumi.Input<boolean>;
-    /**
-     * The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1".
-     */
     signatureAlgorithm?: pulumi.Input<string>;
-    /**
-     * The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID".
-     */
     signatureKeyName?: pulumi.Input<string>;
-    /**
-     * If documents or assertions from the client are signed, this certificate will be used to verify the signature.
-     */
     signingCertificate?: pulumi.Input<string>;
-    /**
-     * If documents or assertions from the client are signed, this private key will be used to verify the signature.
-     */
     signingPrivateKey?: pulumi.Input<string>;
-    /**
-     * When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
-     */
     validRedirectUris?: pulumi.Input<pulumi.Input<string>[]>;
 }

package/saml/client.js

@@ -6,40 +6,74 @@ exports.Client = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("../utilities");
 /**
+ * ## # keycloak.saml.Client
+ *
  * Allows for creating and managing Keycloak clients that use the SAML protocol.
  *
- * Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users
- * to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO.
+ * Clients are entities that can use Keycloak for user authentication. Typically,
+ * clients are applications that redirect users to Keycloak for authentication
+ * in order to take advantage of Keycloak's user sessions for SSO.
  *
- * ## Example Usage
+ * ### Example Usage
  *
+ * <!--Start PulumiCodeChooser -->
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
  * import * as fs from "fs";
  * import * as keycloak from "@pulumi/keycloak";
  *
  * const realm = new keycloak.Realm("realm", {
- *     realm: "my-realm",
  *     enabled: true,
+ *     realm: "my-realm",
  * });
  * const samlClient = new keycloak.saml.Client("samlClient", {
+ *     clientId: "test-saml-client",
+ *     includeAuthnStatement: true,
  *     realmId: realm.id,
- *     clientId: "saml-client",
- *     signDocuments: false,
  *     signAssertions: true,
- *     includeAuthnStatement: true,
+ *     signDocuments: false,
  *     signingCertificate: fs.readFileSync("saml-cert.pem", "utf8"),
  *     signingPrivateKey: fs.readFileSync("saml-key.pem", "utf8"),
  * });
  * ```
+ * <!--End PulumiCodeChooser -->
  *
- * ## Import
+ * ### Argument Reference
  *
- * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. Examplebash
+ * The following arguments are supported:
  *
- * ```sh
- *  $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352
- * ```
+ * - `realmId` - (Required) The realm this client is attached to.
+ * - `clientId` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.
+ * - `name` - (Optional) The display name of this client in the GUI.
+ * - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
+ * - `description` - (Optional) The description of this client in the GUI.
+ * - `includeAuthnStatement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response.
+ * - `signDocuments` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key.
+ * - `signAssertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response.
+ * - `clientSignatureRequired` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`.
+ * - `forcePostBinding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding.
+ * - `frontChannelLogout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout.
+ * - `nameIdFormat` - (Optional) Sets the Name ID format for the subject.
+ * - `rootUrl` - (Optional) When specified, this value is prepended to all relative URLs.
+ * - `validRedirectUris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
+ * - `baseUrl` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client.
+ * - `masterSamlProcessingUrl` - (Optional) When specified, this URL will be used for all SAML requests.
+ * - `signingCertificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature.
+ * - `signingPrivateKey` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature.
+ * - `idpInitiatedSsoUrlName` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO.
+ * - `idpInitiatedSsoRelayState` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
+ * - `assertionConsumerPostUrl` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses).
+ * - `assertionConsumerRedirectUrl` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses).
+ * - `logoutServicePostBindingUrl` - (Optional) SAML POST Binding URL for the client's single logout service.
+ * - `logoutServiceRedirectBindingUrl` - (Optional) SAML Redirect Binding URL for the client's single logout service.
+ * - `fullScopeAllowed` - (Optional) - Allow to include all roles mappings in the access token
+ *
+ * ### Import
+ *
+ * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `clientKeycloakId` is the unique ID that Keycloak
+ * assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.
+ *
+ * Example:
  */
 class Client extends pulumi.CustomResource {
     /**

package/saml/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../saml/client.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAa,MAAO,SAAQ,MAAM,CAAC,cAAc;IAC7C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmB,EAAE,IAAmC;QACjH,OAAO,IAAI,MAAM,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC;IACvD,CAAC;IA4JD,YAAY,IAAY,EAAE,WAAsC,EAAE,IAAmC;QACjG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsC,CAAC;YACrD,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,8BAA8B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS,CAAC;YACxG,cAAc,CAAC,oCAAoC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC,SAAS,CAAC;YACpH,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,iCAAiC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9G,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;SACrF;aAAM;YACH,MAAM,IAAI,GAAG,WAAqC,CAAC;YACnD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,8BAA8B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,oCAAoC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC,SAAS,CAAC;YAClH,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,2BAA2B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,SAAS,CAAC;YACpG,cAAc,CAAC,iCAAiC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5G,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,2BAA2B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChE,cAAc,CAAC,wBAAwB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7D,cAAc,CAAC,uBAAuB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC/D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;;AAhRL,wBAiRC;AAnQG,gBAAgB;AACO,mBAAY,GAAG,6BAA6B,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../saml/client.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqEG;AACH,MAAa,MAAO,SAAQ,MAAM,CAAC,cAAc;IAC7C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmB,EAAE,IAAmC;QACjH,OAAO,IAAI,MAAM,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC;IACvD,CAAC;IAgDD,YAAY,IAAY,EAAE,WAAsC,EAAE,IAAmC;QACjG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsC,CAAC;YACrD,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,8BAA8B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS,CAAC;YACxG,cAAc,CAAC,oCAAoC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC,SAAS,CAAC;YACpH,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,iCAAiC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9G,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;SACrF;aAAM;YACH,MAAM,IAAI,GAAG,WAAqC,CAAC;YACnD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,8BAA8B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,oCAAoC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC,SAAS,CAAC;YAClH,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,2BAA2B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,SAAS,CAAC;YACpG,cAAc,CAAC,iCAAiC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5G,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,2BAA2B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChE,cAAc,CAAC,wBAAwB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7D,cAAc,CAAC,uBAAuB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC/D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;;AApKL,wBAqKC;AAvJG,gBAAgB;AACO,mBAAY,GAAG,6BAA6B,CAAC"}