@pulumi/keycloak 5.3.0 → 5.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/attributeImporterIdentityProviderMapper.d.ts +46 -63
- package/attributeImporterIdentityProviderMapper.js +25 -33
- package/attributeImporterIdentityProviderMapper.js.map +1 -1
- package/attributeToRoleIdentityMapper.d.ts +10 -2
- package/attributeToRoleIdentityMapper.js +10 -2
- package/attributeToRoleIdentityMapper.js.map +1 -1
- package/authentication/bindings.d.ts +2 -0
- package/authentication/bindings.js +2 -0
- package/authentication/bindings.js.map +1 -1
- package/authentication/execution.d.ts +8 -2
- package/authentication/execution.js +8 -2
- package/authentication/execution.js.map +1 -1
- package/authentication/executionConfig.d.ts +12 -2
- package/authentication/executionConfig.js +12 -2
- package/authentication/executionConfig.js.map +1 -1
- package/authentication/flow.d.ts +16 -2
- package/authentication/flow.js +16 -2
- package/authentication/flow.js.map +1 -1
- package/authentication/subflow.d.ts +18 -2
- package/authentication/subflow.js +18 -2
- package/authentication/subflow.js.map +1 -1
- package/customIdentityProviderMapping.d.ts +13 -5
- package/customIdentityProviderMapping.js +10 -2
- package/customIdentityProviderMapping.js.map +1 -1
- package/customUserFederation.d.ts +51 -50
- package/customUserFederation.js +27 -14
- package/customUserFederation.js.map +1 -1
- package/defaultGroups.d.ts +19 -27
- package/defaultGroups.js +19 -9
- package/defaultGroups.js.map +1 -1
- package/defaultRoles.d.ts +13 -2
- package/defaultRoles.js +13 -2
- package/defaultRoles.js.map +1 -1
- package/genericClientProtocolMapper.d.ts +40 -37
- package/genericClientProtocolMapper.js +25 -13
- package/genericClientProtocolMapper.js.map +1 -1
- package/genericClientRoleMapper.d.ts +22 -2
- package/genericClientRoleMapper.js +22 -2
- package/genericClientRoleMapper.js.map +1 -1
- package/genericProtocolMapper.d.ts +8 -2
- package/genericProtocolMapper.js +8 -2
- package/genericProtocolMapper.js.map +1 -1
- package/genericRoleMapper.d.ts +22 -2
- package/genericRoleMapper.js +22 -2
- package/genericRoleMapper.js.map +1 -1
- package/getAuthenticationExecution.d.ts +4 -0
- package/getAuthenticationExecution.js +4 -0
- package/getAuthenticationExecution.js.map +1 -1
- package/getAuthenticationFlow.d.ts +4 -0
- package/getAuthenticationFlow.js +4 -0
- package/getAuthenticationFlow.js.map +1 -1
- package/getClientDescriptionConverter.d.ts +4 -0
- package/getClientDescriptionConverter.js +4 -0
- package/getClientDescriptionConverter.js.map +1 -1
- package/getGroup.d.ts +4 -62
- package/getGroup.js +4 -50
- package/getGroup.js.map +1 -1
- package/getRealm.d.ts +32 -10
- package/getRealm.js +32 -4
- package/getRealm.js.map +1 -1
- package/getRealmKeys.d.ts +8 -28
- package/getRealmKeys.js +8 -4
- package/getRealmKeys.js.map +1 -1
- package/getRole.d.ts +4 -65
- package/getRole.js +4 -44
- package/getRole.js.map +1 -1
- package/getUser.d.ts +4 -0
- package/getUser.js +4 -0
- package/getUser.js.map +1 -1
- package/getUserRealmRoles.d.ts +4 -0
- package/getUserRealmRoles.js +4 -0
- package/getUserRealmRoles.js.map +1 -1
- package/group.d.ts +35 -58
- package/group.js +35 -16
- package/group.js.map +1 -1
- package/groupMemberships.d.ts +27 -43
- package/groupMemberships.js +27 -16
- package/groupMemberships.js.map +1 -1
- package/groupPermissions.d.ts +13 -0
- package/groupPermissions.js +13 -0
- package/groupPermissions.js.map +1 -1
- package/groupRoles.d.ts +32 -91
- package/groupRoles.js +32 -55
- package/groupRoles.js.map +1 -1
- package/hardcodedAttributeIdentityProviderMapper.d.ts +2 -0
- package/hardcodedAttributeIdentityProviderMapper.js +2 -0
- package/hardcodedAttributeIdentityProviderMapper.js.map +1 -1
- package/hardcodedRoleIdentityMapper.d.ts +2 -0
- package/hardcodedRoleIdentityMapper.js +2 -0
- package/hardcodedRoleIdentityMapper.js.map +1 -1
- package/identityProviderTokenExchangeScopePermission.d.ts +10 -2
- package/identityProviderTokenExchangeScopePermission.js +10 -2
- package/identityProviderTokenExchangeScopePermission.js.map +1 -1
- package/ldap/customMapper.d.ts +10 -2
- package/ldap/customMapper.js +10 -2
- package/ldap/customMapper.js.map +1 -1
- package/ldap/fullNameMapper.d.ts +41 -54
- package/ldap/fullNameMapper.js +32 -18
- package/ldap/fullNameMapper.js.map +1 -1
- package/ldap/groupMapper.d.ts +55 -164
- package/ldap/groupMapper.js +46 -20
- package/ldap/groupMapper.js.map +1 -1
- package/ldap/hardcodedAttributeMapper.d.ts +10 -2
- package/ldap/hardcodedAttributeMapper.js +10 -2
- package/ldap/hardcodedAttributeMapper.js.map +1 -1
- package/ldap/hardcodedGroupMapper.d.ts +10 -2
- package/ldap/hardcodedGroupMapper.js +10 -2
- package/ldap/hardcodedGroupMapper.js.map +1 -1
- package/ldap/hardcodedRoleMapper.d.ts +29 -64
- package/ldap/hardcodedRoleMapper.js +17 -52
- package/ldap/hardcodedRoleMapper.js.map +1 -1
- package/ldap/msadLdsUserAccountControlMapper.d.ts +10 -2
- package/ldap/msadLdsUserAccountControlMapper.js +10 -2
- package/ldap/msadLdsUserAccountControlMapper.js.map +1 -1
- package/ldap/msadUserAccountControlMapper.d.ts +34 -32
- package/ldap/msadUserAccountControlMapper.js +25 -14
- package/ldap/msadUserAccountControlMapper.js.map +1 -1
- package/ldap/roleMapper.d.ts +10 -2
- package/ldap/roleMapper.js +10 -2
- package/ldap/roleMapper.js.map +1 -1
- package/ldap/userAttributeMapper.d.ts +60 -45
- package/ldap/userAttributeMapper.js +30 -15
- package/ldap/userAttributeMapper.js.map +1 -1
- package/ldap/userFederation.d.ts +125 -95
- package/ldap/userFederation.js +53 -20
- package/ldap/userFederation.js.map +1 -1
- package/oidc/googleIdentityProvider.d.ts +8 -2
- package/oidc/googleIdentityProvider.js +8 -2
- package/oidc/googleIdentityProvider.js.map +1 -1
- package/oidc/identityProvider.d.ts +8 -2
- package/oidc/identityProvider.js +8 -2
- package/oidc/identityProvider.js.map +1 -1
- package/openid/audienceProtocolMapper.d.ts +62 -45
- package/openid/audienceProtocolMapper.js +38 -21
- package/openid/audienceProtocolMapper.js.map +1 -1
- package/openid/audienceResolveProtocolMapper.d.ts +17 -3
- package/openid/audienceResolveProtocolMapper.js +17 -3
- package/openid/audienceResolveProtocolMapper.js.map +1 -1
- package/openid/audienceResolveProtocolMappter.d.ts +17 -3
- package/openid/audienceResolveProtocolMappter.js +17 -3
- package/openid/audienceResolveProtocolMappter.js.map +1 -1
- package/openid/client.d.ts +48 -431
- package/openid/client.js +48 -14
- package/openid/client.js.map +1 -1
- package/openid/clientAuthorizationPermission.d.ts +6 -2
- package/openid/clientAuthorizationPermission.js +6 -2
- package/openid/clientAuthorizationPermission.js.map +1 -1
- package/openid/clientDefaultScopes.d.ts +17 -33
- package/openid/clientDefaultScopes.js +17 -6
- package/openid/clientDefaultScopes.js.map +1 -1
- package/openid/clientOptionalScopes.d.ts +17 -34
- package/openid/clientOptionalScopes.js +17 -7
- package/openid/clientOptionalScopes.js.map +1 -1
- package/openid/clientPolicy.d.ts +2 -0
- package/openid/clientPolicy.js +2 -0
- package/openid/clientPolicy.js.map +1 -1
- package/openid/clientScope.d.ts +27 -67
- package/openid/clientScope.js +27 -13
- package/openid/clientScope.js.map +1 -1
- package/openid/clientServiceAccountRealmRole.d.ts +8 -2
- package/openid/clientServiceAccountRealmRole.js +8 -2
- package/openid/clientServiceAccountRealmRole.js.map +1 -1
- package/openid/clientServiceAccountRole.d.ts +8 -2
- package/openid/clientServiceAccountRole.js +8 -2
- package/openid/clientServiceAccountRole.js.map +1 -1
- package/openid/fullNameProtocolMapper.d.ts +49 -61
- package/openid/fullNameProtocolMapper.js +37 -22
- package/openid/fullNameProtocolMapper.js.map +1 -1
- package/openid/getClient.d.ts +32 -14
- package/openid/getClient.js +32 -2
- package/openid/getClient.js.map +1 -1
- package/openid/getClientAuthorizationPolicy.d.ts +4 -0
- package/openid/getClientAuthorizationPolicy.js +4 -0
- package/openid/getClientAuthorizationPolicy.js.map +1 -1
- package/openid/getClientScope.d.ts +4 -0
- package/openid/getClientScope.js +4 -0
- package/openid/getClientScope.js.map +1 -1
- package/openid/getClientServiceAccountUser.d.ts +4 -0
- package/openid/getClientServiceAccountUser.js +4 -0
- package/openid/getClientServiceAccountUser.js.map +1 -1
- package/openid/groupMembershipProtocolMapper.d.ts +53 -81
- package/openid/groupMembershipProtocolMapper.js +41 -24
- package/openid/groupMembershipProtocolMapper.js.map +1 -1
- package/openid/hardcodedClaimProtocolMapper.d.ts +66 -66
- package/openid/hardcodedClaimProtocolMapper.js +42 -24
- package/openid/hardcodedClaimProtocolMapper.js.map +1 -1
- package/openid/hardcodedRoleProtocolMapper.d.ts +48 -43
- package/openid/hardcodedRoleProtocolMapper.js +36 -22
- package/openid/hardcodedRoleProtocolMapper.js.map +1 -1
- package/openid/scriptProtocolMapper.d.ts +17 -3
- package/openid/scriptProtocolMapper.js +17 -3
- package/openid/scriptProtocolMapper.js.map +1 -1
- package/openid/userAttributeProtocolMapper.d.ts +73 -72
- package/openid/userAttributeProtocolMapper.js +43 -24
- package/openid/userAttributeProtocolMapper.js.map +1 -1
- package/openid/userClientRoleProtocolMapper.d.ts +17 -3
- package/openid/userClientRoleProtocolMapper.js +17 -3
- package/openid/userClientRoleProtocolMapper.js.map +1 -1
- package/openid/userPropertyProtocolMapper.d.ts +66 -67
- package/openid/userPropertyProtocolMapper.js +42 -25
- package/openid/userPropertyProtocolMapper.js.map +1 -1
- package/openid/userRealmRoleProtocolMapper.d.ts +73 -63
- package/openid/userRealmRoleProtocolMapper.js +43 -24
- package/openid/userRealmRoleProtocolMapper.js.map +1 -1
- package/openid/userSessionNoteProtocolMapper.d.ts +17 -3
- package/openid/userSessionNoteProtocolMapper.js +17 -3
- package/openid/userSessionNoteProtocolMapper.js.map +1 -1
- package/package.json +1 -1
- package/realm.d.ts +30 -509
- package/realm.js +0 -83
- package/realm.js.map +1 -1
- package/realmEvents.d.ts +20 -74
- package/realmEvents.js +20 -11
- package/realmEvents.js.map +1 -1
- package/realmKeystoreAesGenerated.d.ts +8 -2
- package/realmKeystoreAesGenerated.js +8 -2
- package/realmKeystoreAesGenerated.js.map +1 -1
- package/realmKeystoreEcdsaGenerated.d.ts +8 -2
- package/realmKeystoreEcdsaGenerated.js +8 -2
- package/realmKeystoreEcdsaGenerated.js.map +1 -1
- package/realmKeystoreHmacGenerated.d.ts +8 -2
- package/realmKeystoreHmacGenerated.js +8 -2
- package/realmKeystoreHmacGenerated.js.map +1 -1
- package/realmKeystoreJavaGenerated.d.ts +8 -2
- package/realmKeystoreJavaGenerated.js +8 -2
- package/realmKeystoreJavaGenerated.js.map +1 -1
- package/realmKeystoreRsa.d.ts +6 -2
- package/realmKeystoreRsa.js +6 -2
- package/realmKeystoreRsa.js.map +1 -1
- package/realmKeystoreRsaGenerated.d.ts +8 -2
- package/realmKeystoreRsaGenerated.js +8 -2
- package/realmKeystoreRsaGenerated.js.map +1 -1
- package/realmUserProfile.d.ts +2 -0
- package/realmUserProfile.js +2 -0
- package/realmUserProfile.js.map +1 -1
- package/requiredAction.d.ts +8 -2
- package/requiredAction.js +8 -2
- package/requiredAction.js.map +1 -1
- package/role.d.ts +58 -125
- package/role.js +58 -71
- package/role.js.map +1 -1
- package/saml/client.d.ts +46 -327
- package/saml/client.js +46 -12
- package/saml/client.js.map +1 -1
- package/saml/clientDefaultScope.d.ts +5 -1
- package/saml/clientDefaultScope.js +5 -1
- package/saml/clientDefaultScope.js.map +1 -1
- package/saml/clientScope.d.ts +10 -2
- package/saml/clientScope.js +10 -2
- package/saml/clientScope.js.map +1 -1
- package/saml/getClient.d.ts +4 -0
- package/saml/getClient.js +4 -0
- package/saml/getClient.js.map +1 -1
- package/saml/getClientInstallationProvider.d.ts +4 -0
- package/saml/getClientInstallationProvider.js +4 -0
- package/saml/getClientInstallationProvider.js.map +1 -1
- package/saml/identityProvider.d.ts +163 -117
- package/saml/identityProvider.js +52 -21
- package/saml/identityProvider.js.map +1 -1
- package/saml/scriptProtocolMapper.d.ts +13 -3
- package/saml/scriptProtocolMapper.js +13 -3
- package/saml/scriptProtocolMapper.js.map +1 -1
- package/saml/userAttributeProtocolMapper.d.ts +32 -91
- package/saml/userAttributeProtocolMapper.js +32 -19
- package/saml/userAttributeProtocolMapper.js.map +1 -1
- package/saml/userPropertyProtocolMapper.d.ts +32 -91
- package/saml/userPropertyProtocolMapper.js +32 -19
- package/saml/userPropertyProtocolMapper.js.map +1 -1
- package/types/input.d.ts +74 -183
- package/types/output.d.ts +44 -207
- package/user.d.ts +36 -112
- package/user.js +36 -22
- package/user.js.map +1 -1
- package/userGroups.d.ts +9 -1
- package/userGroups.js +9 -1
- package/userGroups.js.map +1 -1
- package/userRoles.d.ts +11 -2
- package/userRoles.js +11 -2
- package/userRoles.js.map +1 -1
- package/userTemplateImporterIdentityProviderMapper.d.ts +10 -2
- package/userTemplateImporterIdentityProviderMapper.js +10 -2
- package/userTemplateImporterIdentityProviderMapper.js.map +1 -1
- package/usersPermissions.d.ts +10 -25
- package/usersPermissions.js +10 -25
- package/usersPermissions.js.map +1 -1
|
@@ -1,42 +1,73 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
3
|
+
* ## # keycloak.saml.IdentityProvider
|
|
4
4
|
*
|
|
5
|
-
*
|
|
5
|
+
* Allows to create and manage SAML Identity Providers within Keycloak.
|
|
6
6
|
*
|
|
7
|
-
*
|
|
7
|
+
* SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard.
|
|
8
8
|
*
|
|
9
|
+
* ### Example Usage
|
|
10
|
+
*
|
|
11
|
+
* <!--Start PulumiCodeChooser -->
|
|
9
12
|
* ```typescript
|
|
10
13
|
* import * as pulumi from "@pulumi/pulumi";
|
|
11
14
|
* import * as keycloak from "@pulumi/keycloak";
|
|
12
15
|
*
|
|
13
|
-
* const
|
|
14
|
-
*
|
|
15
|
-
* enabled: true,
|
|
16
|
-
* });
|
|
17
|
-
* const realmSamlIdentityProvider = new keycloak.saml.IdentityProvider("realmSamlIdentityProvider", {
|
|
18
|
-
* realm: realm.id,
|
|
19
|
-
* alias: "my-saml-idp",
|
|
20
|
-
* entityId: "https://domain.com/entity_id",
|
|
21
|
-
* singleSignOnServiceUrl: "https://domain.com/adfs/ls/",
|
|
22
|
-
* singleLogoutServiceUrl: "https://domain.com/adfs/ls/?wa=wsignout1.0",
|
|
16
|
+
* const realmIdentityProvider = new keycloak.saml.IdentityProvider("realmIdentityProvider", {
|
|
17
|
+
* alias: "my-idp",
|
|
23
18
|
* backchannelSupported: true,
|
|
24
|
-
*
|
|
25
|
-
* postBindingLogout: true,
|
|
19
|
+
* forceAuthn: true,
|
|
26
20
|
* postBindingAuthnRequest: true,
|
|
21
|
+
* postBindingLogout: true,
|
|
22
|
+
* postBindingResponse: true,
|
|
23
|
+
* realm: "my-realm",
|
|
24
|
+
* singleLogoutServiceUrl: "https://domain.com/adfs/ls/?wa=wsignout1.0",
|
|
25
|
+
* singleSignOnServiceUrl: "https://domain.com/adfs/ls/",
|
|
27
26
|
* storeToken: false,
|
|
28
27
|
* trustEmail: true,
|
|
29
|
-
* forceAuthn: true,
|
|
30
28
|
* });
|
|
31
29
|
* ```
|
|
30
|
+
* <!--End PulumiCodeChooser -->
|
|
32
31
|
*
|
|
33
|
-
*
|
|
32
|
+
* ### Argument Reference
|
|
34
33
|
*
|
|
35
|
-
*
|
|
34
|
+
* The following arguments are supported:
|
|
36
35
|
*
|
|
37
|
-
*
|
|
38
|
-
*
|
|
39
|
-
*
|
|
36
|
+
* - `realm` - (Required) The name of the realm. This is unique across Keycloak.
|
|
37
|
+
* - `alias` - (Optional) The uniq name of identity provider.
|
|
38
|
+
* - `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`.
|
|
39
|
+
* - `displayName` - (Optional) The display name for the realm that is shown when logging in to the admin console.
|
|
40
|
+
* - `storeToken` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`.
|
|
41
|
+
* - `addReadTokenRoleOnCreate` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`.
|
|
42
|
+
* - `trustEmail` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`.
|
|
43
|
+
* - `linkOnly` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`.
|
|
44
|
+
* - `hideOnLoginPage` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
|
|
45
|
+
* - `firstBrokerLoginFlowAlias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
|
|
46
|
+
* - `postBrokerLoginFlowAlias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
|
|
47
|
+
* - `authenticateByDefault` - (Optional) Authenticate users by default. Defaults to `false`.
|
|
48
|
+
*
|
|
49
|
+
* #### SAML Configuration
|
|
50
|
+
*
|
|
51
|
+
* - `singleSignOnServiceUrl` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest).
|
|
52
|
+
* - `singleLogoutServiceUrl` - (Optional) The Url that must be used to send logout requests.
|
|
53
|
+
* - `backchannelSupported` - (Optional) Does the external IDP support back-channel logout ?.
|
|
54
|
+
* - `nameIdPolicyFormat` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
|
|
55
|
+
* - `postBindingResponse` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
|
|
56
|
+
* - `postBindingAuthnRequest` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
|
|
57
|
+
* - `postBindingLogout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
|
|
58
|
+
* - `wantAssertionsSigned` - (Optional) Indicates whether this service provider expects a signed Assertion.
|
|
59
|
+
* - `wantAssertionsEncrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion.
|
|
60
|
+
* - `forceAuthn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
|
|
61
|
+
* - `validateSignature` - (Optional) Enable/disable signature validation of SAML responses.
|
|
62
|
+
* - `signingCertificate` - (Optional) Signing Certificate.
|
|
63
|
+
* - `signatureAlgorithm` - (Optional) Signing Algorithm. Defaults to empty.
|
|
64
|
+
* - `xmlSignKeyInfoKeyNameTransformer` - (Optional) Sign Key Transformer. Defaults to empty.
|
|
65
|
+
*
|
|
66
|
+
* ### Import
|
|
67
|
+
*
|
|
68
|
+
* Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idpAlias` is the identity provider alias.
|
|
69
|
+
*
|
|
70
|
+
* Example:
|
|
40
71
|
*/
|
|
41
72
|
export declare class IdentityProvider extends pulumi.CustomResource {
|
|
42
73
|
/**
|
|
@@ -55,39 +86,39 @@ export declare class IdentityProvider extends pulumi.CustomResource {
|
|
|
55
86
|
*/
|
|
56
87
|
static isInstance(obj: any): obj is IdentityProvider;
|
|
57
88
|
/**
|
|
58
|
-
*
|
|
89
|
+
* Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
|
|
59
90
|
*/
|
|
60
91
|
readonly addReadTokenRoleOnCreate: pulumi.Output<boolean | undefined>;
|
|
61
92
|
/**
|
|
62
|
-
* The
|
|
93
|
+
* The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
|
|
63
94
|
*/
|
|
64
95
|
readonly alias: pulumi.Output<string>;
|
|
65
96
|
/**
|
|
66
|
-
*
|
|
97
|
+
* Enable/disable authenticate users by default.
|
|
67
98
|
*/
|
|
68
99
|
readonly authenticateByDefault: pulumi.Output<boolean | undefined>;
|
|
69
100
|
/**
|
|
70
|
-
*
|
|
101
|
+
* AuthnContext ClassRefs
|
|
71
102
|
*/
|
|
72
103
|
readonly authnContextClassRefs: pulumi.Output<string[] | undefined>;
|
|
73
104
|
/**
|
|
74
|
-
*
|
|
105
|
+
* AuthnContext Comparison
|
|
75
106
|
*/
|
|
76
107
|
readonly authnContextComparisonType: pulumi.Output<string | undefined>;
|
|
77
108
|
/**
|
|
78
|
-
*
|
|
109
|
+
* AuthnContext DeclRefs
|
|
79
110
|
*/
|
|
80
111
|
readonly authnContextDeclRefs: pulumi.Output<string[] | undefined>;
|
|
81
112
|
/**
|
|
82
|
-
* Does the external IDP support backchannel logout
|
|
113
|
+
* Does the external IDP support backchannel logout?
|
|
83
114
|
*/
|
|
84
115
|
readonly backchannelSupported: pulumi.Output<boolean | undefined>;
|
|
85
116
|
/**
|
|
86
|
-
*
|
|
117
|
+
* Friendly name for Identity Providers.
|
|
87
118
|
*/
|
|
88
119
|
readonly displayName: pulumi.Output<string | undefined>;
|
|
89
120
|
/**
|
|
90
|
-
*
|
|
121
|
+
* Enable/disable this identity provider.
|
|
91
122
|
*/
|
|
92
123
|
readonly enabled: pulumi.Output<boolean | undefined>;
|
|
93
124
|
/**
|
|
@@ -98,19 +129,20 @@ export declare class IdentityProvider extends pulumi.CustomResource {
|
|
|
98
129
|
[key: string]: any;
|
|
99
130
|
} | undefined>;
|
|
100
131
|
/**
|
|
101
|
-
* Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
|
|
132
|
+
* Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
|
|
133
|
+
* that there is not yet existing Keycloak account linked with the authenticated identity provider account.
|
|
102
134
|
*/
|
|
103
135
|
readonly firstBrokerLoginFlowAlias: pulumi.Output<string | undefined>;
|
|
104
136
|
/**
|
|
105
|
-
*
|
|
137
|
+
* Require Force Authn.
|
|
106
138
|
*/
|
|
107
139
|
readonly forceAuthn: pulumi.Output<boolean | undefined>;
|
|
108
140
|
/**
|
|
109
|
-
*
|
|
141
|
+
* GUI Order
|
|
110
142
|
*/
|
|
111
143
|
readonly guiOrder: pulumi.Output<string | undefined>;
|
|
112
144
|
/**
|
|
113
|
-
*
|
|
145
|
+
* Hide On Login Page.
|
|
114
146
|
*/
|
|
115
147
|
readonly hideOnLoginPage: pulumi.Output<boolean | undefined>;
|
|
116
148
|
/**
|
|
@@ -118,7 +150,8 @@ export declare class IdentityProvider extends pulumi.CustomResource {
|
|
|
118
150
|
*/
|
|
119
151
|
readonly internalId: pulumi.Output<string>;
|
|
120
152
|
/**
|
|
121
|
-
*
|
|
153
|
+
* If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't
|
|
154
|
+
* want to allow login from the provider, but want to integrate with a provider
|
|
122
155
|
*/
|
|
123
156
|
readonly linkOnly: pulumi.Output<boolean | undefined>;
|
|
124
157
|
/**
|
|
@@ -126,43 +159,46 @@ export declare class IdentityProvider extends pulumi.CustomResource {
|
|
|
126
159
|
*/
|
|
127
160
|
readonly loginHint: pulumi.Output<string | undefined>;
|
|
128
161
|
/**
|
|
129
|
-
*
|
|
162
|
+
* Name ID Policy Format.
|
|
130
163
|
*/
|
|
131
164
|
readonly nameIdPolicyFormat: pulumi.Output<string | undefined>;
|
|
132
165
|
/**
|
|
133
|
-
*
|
|
166
|
+
* Post Binding Authn Request.
|
|
134
167
|
*/
|
|
135
168
|
readonly postBindingAuthnRequest: pulumi.Output<boolean | undefined>;
|
|
136
169
|
/**
|
|
137
|
-
*
|
|
170
|
+
* Post Binding Logout.
|
|
138
171
|
*/
|
|
139
172
|
readonly postBindingLogout: pulumi.Output<boolean | undefined>;
|
|
140
173
|
/**
|
|
141
|
-
*
|
|
174
|
+
* Post Binding Response.
|
|
142
175
|
*/
|
|
143
176
|
readonly postBindingResponse: pulumi.Output<boolean | undefined>;
|
|
144
177
|
/**
|
|
145
|
-
* Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
|
|
178
|
+
* Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
|
|
179
|
+
* additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if
|
|
180
|
+
* you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that
|
|
181
|
+
* authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
|
|
146
182
|
*/
|
|
147
183
|
readonly postBrokerLoginFlowAlias: pulumi.Output<string | undefined>;
|
|
148
184
|
/**
|
|
149
|
-
*
|
|
185
|
+
* Principal Attribute
|
|
150
186
|
*/
|
|
151
187
|
readonly principalAttribute: pulumi.Output<string | undefined>;
|
|
152
188
|
/**
|
|
153
|
-
*
|
|
189
|
+
* Principal Type
|
|
154
190
|
*/
|
|
155
191
|
readonly principalType: pulumi.Output<string | undefined>;
|
|
156
192
|
/**
|
|
157
|
-
*
|
|
193
|
+
* provider id, is always saml, unless you have a custom implementation
|
|
158
194
|
*/
|
|
159
195
|
readonly providerId: pulumi.Output<string | undefined>;
|
|
160
196
|
/**
|
|
161
|
-
*
|
|
197
|
+
* Realm Name
|
|
162
198
|
*/
|
|
163
199
|
readonly realm: pulumi.Output<string>;
|
|
164
200
|
/**
|
|
165
|
-
* Signing Algorithm.
|
|
201
|
+
* Signing Algorithm.
|
|
166
202
|
*/
|
|
167
203
|
readonly signatureAlgorithm: pulumi.Output<string | undefined>;
|
|
168
204
|
/**
|
|
@@ -170,23 +206,23 @@ export declare class IdentityProvider extends pulumi.CustomResource {
|
|
|
170
206
|
*/
|
|
171
207
|
readonly signingCertificate: pulumi.Output<string | undefined>;
|
|
172
208
|
/**
|
|
173
|
-
*
|
|
209
|
+
* Logout URL.
|
|
174
210
|
*/
|
|
175
211
|
readonly singleLogoutServiceUrl: pulumi.Output<string | undefined>;
|
|
176
212
|
/**
|
|
177
|
-
*
|
|
213
|
+
* SSO Logout URL.
|
|
178
214
|
*/
|
|
179
215
|
readonly singleSignOnServiceUrl: pulumi.Output<string>;
|
|
180
216
|
/**
|
|
181
|
-
*
|
|
217
|
+
* Enable/disable if tokens must be stored after authenticating users.
|
|
182
218
|
*/
|
|
183
219
|
readonly storeToken: pulumi.Output<boolean | undefined>;
|
|
184
220
|
/**
|
|
185
|
-
*
|
|
221
|
+
* Sync Mode
|
|
186
222
|
*/
|
|
187
223
|
readonly syncMode: pulumi.Output<string | undefined>;
|
|
188
224
|
/**
|
|
189
|
-
*
|
|
225
|
+
* If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
|
|
190
226
|
*/
|
|
191
227
|
readonly trustEmail: pulumi.Output<boolean | undefined>;
|
|
192
228
|
/**
|
|
@@ -194,15 +230,15 @@ export declare class IdentityProvider extends pulumi.CustomResource {
|
|
|
194
230
|
*/
|
|
195
231
|
readonly validateSignature: pulumi.Output<boolean | undefined>;
|
|
196
232
|
/**
|
|
197
|
-
*
|
|
233
|
+
* Want Assertions Encrypted.
|
|
198
234
|
*/
|
|
199
235
|
readonly wantAssertionsEncrypted: pulumi.Output<boolean | undefined>;
|
|
200
236
|
/**
|
|
201
|
-
*
|
|
237
|
+
* Want Assertions Signed.
|
|
202
238
|
*/
|
|
203
239
|
readonly wantAssertionsSigned: pulumi.Output<boolean | undefined>;
|
|
204
240
|
/**
|
|
205
|
-
*
|
|
241
|
+
* Sign Key Transformer.
|
|
206
242
|
*/
|
|
207
243
|
readonly xmlSignKeyInfoKeyNameTransformer: pulumi.Output<string | undefined>;
|
|
208
244
|
/**
|
|
@@ -219,39 +255,39 @@ export declare class IdentityProvider extends pulumi.CustomResource {
|
|
|
219
255
|
*/
|
|
220
256
|
export interface IdentityProviderState {
|
|
221
257
|
/**
|
|
222
|
-
*
|
|
258
|
+
* Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
|
|
223
259
|
*/
|
|
224
260
|
addReadTokenRoleOnCreate?: pulumi.Input<boolean>;
|
|
225
261
|
/**
|
|
226
|
-
* The
|
|
262
|
+
* The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
|
|
227
263
|
*/
|
|
228
264
|
alias?: pulumi.Input<string>;
|
|
229
265
|
/**
|
|
230
|
-
*
|
|
266
|
+
* Enable/disable authenticate users by default.
|
|
231
267
|
*/
|
|
232
268
|
authenticateByDefault?: pulumi.Input<boolean>;
|
|
233
269
|
/**
|
|
234
|
-
*
|
|
270
|
+
* AuthnContext ClassRefs
|
|
235
271
|
*/
|
|
236
272
|
authnContextClassRefs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
237
273
|
/**
|
|
238
|
-
*
|
|
274
|
+
* AuthnContext Comparison
|
|
239
275
|
*/
|
|
240
276
|
authnContextComparisonType?: pulumi.Input<string>;
|
|
241
277
|
/**
|
|
242
|
-
*
|
|
278
|
+
* AuthnContext DeclRefs
|
|
243
279
|
*/
|
|
244
280
|
authnContextDeclRefs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
245
281
|
/**
|
|
246
|
-
* Does the external IDP support backchannel logout
|
|
282
|
+
* Does the external IDP support backchannel logout?
|
|
247
283
|
*/
|
|
248
284
|
backchannelSupported?: pulumi.Input<boolean>;
|
|
249
285
|
/**
|
|
250
|
-
*
|
|
286
|
+
* Friendly name for Identity Providers.
|
|
251
287
|
*/
|
|
252
288
|
displayName?: pulumi.Input<string>;
|
|
253
289
|
/**
|
|
254
|
-
*
|
|
290
|
+
* Enable/disable this identity provider.
|
|
255
291
|
*/
|
|
256
292
|
enabled?: pulumi.Input<boolean>;
|
|
257
293
|
/**
|
|
@@ -262,19 +298,20 @@ export interface IdentityProviderState {
|
|
|
262
298
|
[key: string]: any;
|
|
263
299
|
}>;
|
|
264
300
|
/**
|
|
265
|
-
* Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
|
|
301
|
+
* Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
|
|
302
|
+
* that there is not yet existing Keycloak account linked with the authenticated identity provider account.
|
|
266
303
|
*/
|
|
267
304
|
firstBrokerLoginFlowAlias?: pulumi.Input<string>;
|
|
268
305
|
/**
|
|
269
|
-
*
|
|
306
|
+
* Require Force Authn.
|
|
270
307
|
*/
|
|
271
308
|
forceAuthn?: pulumi.Input<boolean>;
|
|
272
309
|
/**
|
|
273
|
-
*
|
|
310
|
+
* GUI Order
|
|
274
311
|
*/
|
|
275
312
|
guiOrder?: pulumi.Input<string>;
|
|
276
313
|
/**
|
|
277
|
-
*
|
|
314
|
+
* Hide On Login Page.
|
|
278
315
|
*/
|
|
279
316
|
hideOnLoginPage?: pulumi.Input<boolean>;
|
|
280
317
|
/**
|
|
@@ -282,7 +319,8 @@ export interface IdentityProviderState {
|
|
|
282
319
|
*/
|
|
283
320
|
internalId?: pulumi.Input<string>;
|
|
284
321
|
/**
|
|
285
|
-
*
|
|
322
|
+
* If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't
|
|
323
|
+
* want to allow login from the provider, but want to integrate with a provider
|
|
286
324
|
*/
|
|
287
325
|
linkOnly?: pulumi.Input<boolean>;
|
|
288
326
|
/**
|
|
@@ -290,43 +328,46 @@ export interface IdentityProviderState {
|
|
|
290
328
|
*/
|
|
291
329
|
loginHint?: pulumi.Input<string>;
|
|
292
330
|
/**
|
|
293
|
-
*
|
|
331
|
+
* Name ID Policy Format.
|
|
294
332
|
*/
|
|
295
333
|
nameIdPolicyFormat?: pulumi.Input<string>;
|
|
296
334
|
/**
|
|
297
|
-
*
|
|
335
|
+
* Post Binding Authn Request.
|
|
298
336
|
*/
|
|
299
337
|
postBindingAuthnRequest?: pulumi.Input<boolean>;
|
|
300
338
|
/**
|
|
301
|
-
*
|
|
339
|
+
* Post Binding Logout.
|
|
302
340
|
*/
|
|
303
341
|
postBindingLogout?: pulumi.Input<boolean>;
|
|
304
342
|
/**
|
|
305
|
-
*
|
|
343
|
+
* Post Binding Response.
|
|
306
344
|
*/
|
|
307
345
|
postBindingResponse?: pulumi.Input<boolean>;
|
|
308
346
|
/**
|
|
309
|
-
* Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
|
|
347
|
+
* Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
|
|
348
|
+
* additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if
|
|
349
|
+
* you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that
|
|
350
|
+
* authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
|
|
310
351
|
*/
|
|
311
352
|
postBrokerLoginFlowAlias?: pulumi.Input<string>;
|
|
312
353
|
/**
|
|
313
|
-
*
|
|
354
|
+
* Principal Attribute
|
|
314
355
|
*/
|
|
315
356
|
principalAttribute?: pulumi.Input<string>;
|
|
316
357
|
/**
|
|
317
|
-
*
|
|
358
|
+
* Principal Type
|
|
318
359
|
*/
|
|
319
360
|
principalType?: pulumi.Input<string>;
|
|
320
361
|
/**
|
|
321
|
-
*
|
|
362
|
+
* provider id, is always saml, unless you have a custom implementation
|
|
322
363
|
*/
|
|
323
364
|
providerId?: pulumi.Input<string>;
|
|
324
365
|
/**
|
|
325
|
-
*
|
|
366
|
+
* Realm Name
|
|
326
367
|
*/
|
|
327
368
|
realm?: pulumi.Input<string>;
|
|
328
369
|
/**
|
|
329
|
-
* Signing Algorithm.
|
|
370
|
+
* Signing Algorithm.
|
|
330
371
|
*/
|
|
331
372
|
signatureAlgorithm?: pulumi.Input<string>;
|
|
332
373
|
/**
|
|
@@ -334,23 +375,23 @@ export interface IdentityProviderState {
|
|
|
334
375
|
*/
|
|
335
376
|
signingCertificate?: pulumi.Input<string>;
|
|
336
377
|
/**
|
|
337
|
-
*
|
|
378
|
+
* Logout URL.
|
|
338
379
|
*/
|
|
339
380
|
singleLogoutServiceUrl?: pulumi.Input<string>;
|
|
340
381
|
/**
|
|
341
|
-
*
|
|
382
|
+
* SSO Logout URL.
|
|
342
383
|
*/
|
|
343
384
|
singleSignOnServiceUrl?: pulumi.Input<string>;
|
|
344
385
|
/**
|
|
345
|
-
*
|
|
386
|
+
* Enable/disable if tokens must be stored after authenticating users.
|
|
346
387
|
*/
|
|
347
388
|
storeToken?: pulumi.Input<boolean>;
|
|
348
389
|
/**
|
|
349
|
-
*
|
|
390
|
+
* Sync Mode
|
|
350
391
|
*/
|
|
351
392
|
syncMode?: pulumi.Input<string>;
|
|
352
393
|
/**
|
|
353
|
-
*
|
|
394
|
+
* If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
|
|
354
395
|
*/
|
|
355
396
|
trustEmail?: pulumi.Input<boolean>;
|
|
356
397
|
/**
|
|
@@ -358,15 +399,15 @@ export interface IdentityProviderState {
|
|
|
358
399
|
*/
|
|
359
400
|
validateSignature?: pulumi.Input<boolean>;
|
|
360
401
|
/**
|
|
361
|
-
*
|
|
402
|
+
* Want Assertions Encrypted.
|
|
362
403
|
*/
|
|
363
404
|
wantAssertionsEncrypted?: pulumi.Input<boolean>;
|
|
364
405
|
/**
|
|
365
|
-
*
|
|
406
|
+
* Want Assertions Signed.
|
|
366
407
|
*/
|
|
367
408
|
wantAssertionsSigned?: pulumi.Input<boolean>;
|
|
368
409
|
/**
|
|
369
|
-
*
|
|
410
|
+
* Sign Key Transformer.
|
|
370
411
|
*/
|
|
371
412
|
xmlSignKeyInfoKeyNameTransformer?: pulumi.Input<string>;
|
|
372
413
|
}
|
|
@@ -375,39 +416,39 @@ export interface IdentityProviderState {
|
|
|
375
416
|
*/
|
|
376
417
|
export interface IdentityProviderArgs {
|
|
377
418
|
/**
|
|
378
|
-
*
|
|
419
|
+
* Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
|
|
379
420
|
*/
|
|
380
421
|
addReadTokenRoleOnCreate?: pulumi.Input<boolean>;
|
|
381
422
|
/**
|
|
382
|
-
* The
|
|
423
|
+
* The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
|
|
383
424
|
*/
|
|
384
425
|
alias: pulumi.Input<string>;
|
|
385
426
|
/**
|
|
386
|
-
*
|
|
427
|
+
* Enable/disable authenticate users by default.
|
|
387
428
|
*/
|
|
388
429
|
authenticateByDefault?: pulumi.Input<boolean>;
|
|
389
430
|
/**
|
|
390
|
-
*
|
|
431
|
+
* AuthnContext ClassRefs
|
|
391
432
|
*/
|
|
392
433
|
authnContextClassRefs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
393
434
|
/**
|
|
394
|
-
*
|
|
435
|
+
* AuthnContext Comparison
|
|
395
436
|
*/
|
|
396
437
|
authnContextComparisonType?: pulumi.Input<string>;
|
|
397
438
|
/**
|
|
398
|
-
*
|
|
439
|
+
* AuthnContext DeclRefs
|
|
399
440
|
*/
|
|
400
441
|
authnContextDeclRefs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
401
442
|
/**
|
|
402
|
-
* Does the external IDP support backchannel logout
|
|
443
|
+
* Does the external IDP support backchannel logout?
|
|
403
444
|
*/
|
|
404
445
|
backchannelSupported?: pulumi.Input<boolean>;
|
|
405
446
|
/**
|
|
406
|
-
*
|
|
447
|
+
* Friendly name for Identity Providers.
|
|
407
448
|
*/
|
|
408
449
|
displayName?: pulumi.Input<string>;
|
|
409
450
|
/**
|
|
410
|
-
*
|
|
451
|
+
* Enable/disable this identity provider.
|
|
411
452
|
*/
|
|
412
453
|
enabled?: pulumi.Input<boolean>;
|
|
413
454
|
/**
|
|
@@ -418,23 +459,25 @@ export interface IdentityProviderArgs {
|
|
|
418
459
|
[key: string]: any;
|
|
419
460
|
}>;
|
|
420
461
|
/**
|
|
421
|
-
* Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
|
|
462
|
+
* Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
|
|
463
|
+
* that there is not yet existing Keycloak account linked with the authenticated identity provider account.
|
|
422
464
|
*/
|
|
423
465
|
firstBrokerLoginFlowAlias?: pulumi.Input<string>;
|
|
424
466
|
/**
|
|
425
|
-
*
|
|
467
|
+
* Require Force Authn.
|
|
426
468
|
*/
|
|
427
469
|
forceAuthn?: pulumi.Input<boolean>;
|
|
428
470
|
/**
|
|
429
|
-
*
|
|
471
|
+
* GUI Order
|
|
430
472
|
*/
|
|
431
473
|
guiOrder?: pulumi.Input<string>;
|
|
432
474
|
/**
|
|
433
|
-
*
|
|
475
|
+
* Hide On Login Page.
|
|
434
476
|
*/
|
|
435
477
|
hideOnLoginPage?: pulumi.Input<boolean>;
|
|
436
478
|
/**
|
|
437
|
-
*
|
|
479
|
+
* If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't
|
|
480
|
+
* want to allow login from the provider, but want to integrate with a provider
|
|
438
481
|
*/
|
|
439
482
|
linkOnly?: pulumi.Input<boolean>;
|
|
440
483
|
/**
|
|
@@ -442,43 +485,46 @@ export interface IdentityProviderArgs {
|
|
|
442
485
|
*/
|
|
443
486
|
loginHint?: pulumi.Input<string>;
|
|
444
487
|
/**
|
|
445
|
-
*
|
|
488
|
+
* Name ID Policy Format.
|
|
446
489
|
*/
|
|
447
490
|
nameIdPolicyFormat?: pulumi.Input<string>;
|
|
448
491
|
/**
|
|
449
|
-
*
|
|
492
|
+
* Post Binding Authn Request.
|
|
450
493
|
*/
|
|
451
494
|
postBindingAuthnRequest?: pulumi.Input<boolean>;
|
|
452
495
|
/**
|
|
453
|
-
*
|
|
496
|
+
* Post Binding Logout.
|
|
454
497
|
*/
|
|
455
498
|
postBindingLogout?: pulumi.Input<boolean>;
|
|
456
499
|
/**
|
|
457
|
-
*
|
|
500
|
+
* Post Binding Response.
|
|
458
501
|
*/
|
|
459
502
|
postBindingResponse?: pulumi.Input<boolean>;
|
|
460
503
|
/**
|
|
461
|
-
* Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
|
|
504
|
+
* Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
|
|
505
|
+
* additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if
|
|
506
|
+
* you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that
|
|
507
|
+
* authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
|
|
462
508
|
*/
|
|
463
509
|
postBrokerLoginFlowAlias?: pulumi.Input<string>;
|
|
464
510
|
/**
|
|
465
|
-
*
|
|
511
|
+
* Principal Attribute
|
|
466
512
|
*/
|
|
467
513
|
principalAttribute?: pulumi.Input<string>;
|
|
468
514
|
/**
|
|
469
|
-
*
|
|
515
|
+
* Principal Type
|
|
470
516
|
*/
|
|
471
517
|
principalType?: pulumi.Input<string>;
|
|
472
518
|
/**
|
|
473
|
-
*
|
|
519
|
+
* provider id, is always saml, unless you have a custom implementation
|
|
474
520
|
*/
|
|
475
521
|
providerId?: pulumi.Input<string>;
|
|
476
522
|
/**
|
|
477
|
-
*
|
|
523
|
+
* Realm Name
|
|
478
524
|
*/
|
|
479
525
|
realm: pulumi.Input<string>;
|
|
480
526
|
/**
|
|
481
|
-
* Signing Algorithm.
|
|
527
|
+
* Signing Algorithm.
|
|
482
528
|
*/
|
|
483
529
|
signatureAlgorithm?: pulumi.Input<string>;
|
|
484
530
|
/**
|
|
@@ -486,23 +532,23 @@ export interface IdentityProviderArgs {
|
|
|
486
532
|
*/
|
|
487
533
|
signingCertificate?: pulumi.Input<string>;
|
|
488
534
|
/**
|
|
489
|
-
*
|
|
535
|
+
* Logout URL.
|
|
490
536
|
*/
|
|
491
537
|
singleLogoutServiceUrl?: pulumi.Input<string>;
|
|
492
538
|
/**
|
|
493
|
-
*
|
|
539
|
+
* SSO Logout URL.
|
|
494
540
|
*/
|
|
495
541
|
singleSignOnServiceUrl: pulumi.Input<string>;
|
|
496
542
|
/**
|
|
497
|
-
*
|
|
543
|
+
* Enable/disable if tokens must be stored after authenticating users.
|
|
498
544
|
*/
|
|
499
545
|
storeToken?: pulumi.Input<boolean>;
|
|
500
546
|
/**
|
|
501
|
-
*
|
|
547
|
+
* Sync Mode
|
|
502
548
|
*/
|
|
503
549
|
syncMode?: pulumi.Input<string>;
|
|
504
550
|
/**
|
|
505
|
-
*
|
|
551
|
+
* If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
|
|
506
552
|
*/
|
|
507
553
|
trustEmail?: pulumi.Input<boolean>;
|
|
508
554
|
/**
|
|
@@ -510,15 +556,15 @@ export interface IdentityProviderArgs {
|
|
|
510
556
|
*/
|
|
511
557
|
validateSignature?: pulumi.Input<boolean>;
|
|
512
558
|
/**
|
|
513
|
-
*
|
|
559
|
+
* Want Assertions Encrypted.
|
|
514
560
|
*/
|
|
515
561
|
wantAssertionsEncrypted?: pulumi.Input<boolean>;
|
|
516
562
|
/**
|
|
517
|
-
*
|
|
563
|
+
* Want Assertions Signed.
|
|
518
564
|
*/
|
|
519
565
|
wantAssertionsSigned?: pulumi.Input<boolean>;
|
|
520
566
|
/**
|
|
521
|
-
*
|
|
567
|
+
* Sign Key Transformer.
|
|
522
568
|
*/
|
|
523
569
|
xmlSignKeyInfoKeyNameTransformer?: pulumi.Input<string>;
|
|
524
570
|
}
|