@pulumi/keycloak 5.3.0 → 5.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (285) hide show
  1. package/attributeImporterIdentityProviderMapper.d.ts +46 -63
  2. package/attributeImporterIdentityProviderMapper.js +25 -33
  3. package/attributeImporterIdentityProviderMapper.js.map +1 -1
  4. package/attributeToRoleIdentityMapper.d.ts +10 -2
  5. package/attributeToRoleIdentityMapper.js +10 -2
  6. package/attributeToRoleIdentityMapper.js.map +1 -1
  7. package/authentication/bindings.d.ts +2 -0
  8. package/authentication/bindings.js +2 -0
  9. package/authentication/bindings.js.map +1 -1
  10. package/authentication/execution.d.ts +8 -2
  11. package/authentication/execution.js +8 -2
  12. package/authentication/execution.js.map +1 -1
  13. package/authentication/executionConfig.d.ts +12 -2
  14. package/authentication/executionConfig.js +12 -2
  15. package/authentication/executionConfig.js.map +1 -1
  16. package/authentication/flow.d.ts +16 -2
  17. package/authentication/flow.js +16 -2
  18. package/authentication/flow.js.map +1 -1
  19. package/authentication/subflow.d.ts +18 -2
  20. package/authentication/subflow.js +18 -2
  21. package/authentication/subflow.js.map +1 -1
  22. package/customIdentityProviderMapping.d.ts +13 -5
  23. package/customIdentityProviderMapping.js +10 -2
  24. package/customIdentityProviderMapping.js.map +1 -1
  25. package/customUserFederation.d.ts +51 -50
  26. package/customUserFederation.js +27 -14
  27. package/customUserFederation.js.map +1 -1
  28. package/defaultGroups.d.ts +19 -27
  29. package/defaultGroups.js +19 -9
  30. package/defaultGroups.js.map +1 -1
  31. package/defaultRoles.d.ts +13 -2
  32. package/defaultRoles.js +13 -2
  33. package/defaultRoles.js.map +1 -1
  34. package/genericClientProtocolMapper.d.ts +40 -37
  35. package/genericClientProtocolMapper.js +25 -13
  36. package/genericClientProtocolMapper.js.map +1 -1
  37. package/genericClientRoleMapper.d.ts +22 -2
  38. package/genericClientRoleMapper.js +22 -2
  39. package/genericClientRoleMapper.js.map +1 -1
  40. package/genericProtocolMapper.d.ts +8 -2
  41. package/genericProtocolMapper.js +8 -2
  42. package/genericProtocolMapper.js.map +1 -1
  43. package/genericRoleMapper.d.ts +22 -2
  44. package/genericRoleMapper.js +22 -2
  45. package/genericRoleMapper.js.map +1 -1
  46. package/getAuthenticationExecution.d.ts +4 -0
  47. package/getAuthenticationExecution.js +4 -0
  48. package/getAuthenticationExecution.js.map +1 -1
  49. package/getAuthenticationFlow.d.ts +4 -0
  50. package/getAuthenticationFlow.js +4 -0
  51. package/getAuthenticationFlow.js.map +1 -1
  52. package/getClientDescriptionConverter.d.ts +4 -0
  53. package/getClientDescriptionConverter.js +4 -0
  54. package/getClientDescriptionConverter.js.map +1 -1
  55. package/getGroup.d.ts +4 -62
  56. package/getGroup.js +4 -50
  57. package/getGroup.js.map +1 -1
  58. package/getRealm.d.ts +32 -10
  59. package/getRealm.js +32 -4
  60. package/getRealm.js.map +1 -1
  61. package/getRealmKeys.d.ts +8 -28
  62. package/getRealmKeys.js +8 -4
  63. package/getRealmKeys.js.map +1 -1
  64. package/getRole.d.ts +4 -65
  65. package/getRole.js +4 -44
  66. package/getRole.js.map +1 -1
  67. package/getUser.d.ts +4 -0
  68. package/getUser.js +4 -0
  69. package/getUser.js.map +1 -1
  70. package/getUserRealmRoles.d.ts +4 -0
  71. package/getUserRealmRoles.js +4 -0
  72. package/getUserRealmRoles.js.map +1 -1
  73. package/group.d.ts +35 -58
  74. package/group.js +35 -16
  75. package/group.js.map +1 -1
  76. package/groupMemberships.d.ts +27 -43
  77. package/groupMemberships.js +27 -16
  78. package/groupMemberships.js.map +1 -1
  79. package/groupPermissions.d.ts +13 -0
  80. package/groupPermissions.js +13 -0
  81. package/groupPermissions.js.map +1 -1
  82. package/groupRoles.d.ts +32 -91
  83. package/groupRoles.js +32 -55
  84. package/groupRoles.js.map +1 -1
  85. package/hardcodedAttributeIdentityProviderMapper.d.ts +2 -0
  86. package/hardcodedAttributeIdentityProviderMapper.js +2 -0
  87. package/hardcodedAttributeIdentityProviderMapper.js.map +1 -1
  88. package/hardcodedRoleIdentityMapper.d.ts +2 -0
  89. package/hardcodedRoleIdentityMapper.js +2 -0
  90. package/hardcodedRoleIdentityMapper.js.map +1 -1
  91. package/identityProviderTokenExchangeScopePermission.d.ts +10 -2
  92. package/identityProviderTokenExchangeScopePermission.js +10 -2
  93. package/identityProviderTokenExchangeScopePermission.js.map +1 -1
  94. package/ldap/customMapper.d.ts +10 -2
  95. package/ldap/customMapper.js +10 -2
  96. package/ldap/customMapper.js.map +1 -1
  97. package/ldap/fullNameMapper.d.ts +41 -54
  98. package/ldap/fullNameMapper.js +32 -18
  99. package/ldap/fullNameMapper.js.map +1 -1
  100. package/ldap/groupMapper.d.ts +55 -164
  101. package/ldap/groupMapper.js +46 -20
  102. package/ldap/groupMapper.js.map +1 -1
  103. package/ldap/hardcodedAttributeMapper.d.ts +10 -2
  104. package/ldap/hardcodedAttributeMapper.js +10 -2
  105. package/ldap/hardcodedAttributeMapper.js.map +1 -1
  106. package/ldap/hardcodedGroupMapper.d.ts +10 -2
  107. package/ldap/hardcodedGroupMapper.js +10 -2
  108. package/ldap/hardcodedGroupMapper.js.map +1 -1
  109. package/ldap/hardcodedRoleMapper.d.ts +29 -64
  110. package/ldap/hardcodedRoleMapper.js +17 -52
  111. package/ldap/hardcodedRoleMapper.js.map +1 -1
  112. package/ldap/msadLdsUserAccountControlMapper.d.ts +10 -2
  113. package/ldap/msadLdsUserAccountControlMapper.js +10 -2
  114. package/ldap/msadLdsUserAccountControlMapper.js.map +1 -1
  115. package/ldap/msadUserAccountControlMapper.d.ts +34 -32
  116. package/ldap/msadUserAccountControlMapper.js +25 -14
  117. package/ldap/msadUserAccountControlMapper.js.map +1 -1
  118. package/ldap/roleMapper.d.ts +10 -2
  119. package/ldap/roleMapper.js +10 -2
  120. package/ldap/roleMapper.js.map +1 -1
  121. package/ldap/userAttributeMapper.d.ts +60 -45
  122. package/ldap/userAttributeMapper.js +30 -15
  123. package/ldap/userAttributeMapper.js.map +1 -1
  124. package/ldap/userFederation.d.ts +125 -95
  125. package/ldap/userFederation.js +53 -20
  126. package/ldap/userFederation.js.map +1 -1
  127. package/oidc/googleIdentityProvider.d.ts +8 -2
  128. package/oidc/googleIdentityProvider.js +8 -2
  129. package/oidc/googleIdentityProvider.js.map +1 -1
  130. package/oidc/identityProvider.d.ts +8 -2
  131. package/oidc/identityProvider.js +8 -2
  132. package/oidc/identityProvider.js.map +1 -1
  133. package/openid/audienceProtocolMapper.d.ts +62 -45
  134. package/openid/audienceProtocolMapper.js +38 -21
  135. package/openid/audienceProtocolMapper.js.map +1 -1
  136. package/openid/audienceResolveProtocolMapper.d.ts +17 -3
  137. package/openid/audienceResolveProtocolMapper.js +17 -3
  138. package/openid/audienceResolveProtocolMapper.js.map +1 -1
  139. package/openid/audienceResolveProtocolMappter.d.ts +17 -3
  140. package/openid/audienceResolveProtocolMappter.js +17 -3
  141. package/openid/audienceResolveProtocolMappter.js.map +1 -1
  142. package/openid/client.d.ts +48 -431
  143. package/openid/client.js +48 -14
  144. package/openid/client.js.map +1 -1
  145. package/openid/clientAuthorizationPermission.d.ts +6 -2
  146. package/openid/clientAuthorizationPermission.js +6 -2
  147. package/openid/clientAuthorizationPermission.js.map +1 -1
  148. package/openid/clientDefaultScopes.d.ts +17 -33
  149. package/openid/clientDefaultScopes.js +17 -6
  150. package/openid/clientDefaultScopes.js.map +1 -1
  151. package/openid/clientOptionalScopes.d.ts +17 -34
  152. package/openid/clientOptionalScopes.js +17 -7
  153. package/openid/clientOptionalScopes.js.map +1 -1
  154. package/openid/clientPolicy.d.ts +2 -0
  155. package/openid/clientPolicy.js +2 -0
  156. package/openid/clientPolicy.js.map +1 -1
  157. package/openid/clientScope.d.ts +27 -67
  158. package/openid/clientScope.js +27 -13
  159. package/openid/clientScope.js.map +1 -1
  160. package/openid/clientServiceAccountRealmRole.d.ts +8 -2
  161. package/openid/clientServiceAccountRealmRole.js +8 -2
  162. package/openid/clientServiceAccountRealmRole.js.map +1 -1
  163. package/openid/clientServiceAccountRole.d.ts +8 -2
  164. package/openid/clientServiceAccountRole.js +8 -2
  165. package/openid/clientServiceAccountRole.js.map +1 -1
  166. package/openid/fullNameProtocolMapper.d.ts +49 -61
  167. package/openid/fullNameProtocolMapper.js +37 -22
  168. package/openid/fullNameProtocolMapper.js.map +1 -1
  169. package/openid/getClient.d.ts +32 -14
  170. package/openid/getClient.js +32 -2
  171. package/openid/getClient.js.map +1 -1
  172. package/openid/getClientAuthorizationPolicy.d.ts +4 -0
  173. package/openid/getClientAuthorizationPolicy.js +4 -0
  174. package/openid/getClientAuthorizationPolicy.js.map +1 -1
  175. package/openid/getClientScope.d.ts +4 -0
  176. package/openid/getClientScope.js +4 -0
  177. package/openid/getClientScope.js.map +1 -1
  178. package/openid/getClientServiceAccountUser.d.ts +4 -0
  179. package/openid/getClientServiceAccountUser.js +4 -0
  180. package/openid/getClientServiceAccountUser.js.map +1 -1
  181. package/openid/groupMembershipProtocolMapper.d.ts +53 -81
  182. package/openid/groupMembershipProtocolMapper.js +41 -24
  183. package/openid/groupMembershipProtocolMapper.js.map +1 -1
  184. package/openid/hardcodedClaimProtocolMapper.d.ts +66 -66
  185. package/openid/hardcodedClaimProtocolMapper.js +42 -24
  186. package/openid/hardcodedClaimProtocolMapper.js.map +1 -1
  187. package/openid/hardcodedRoleProtocolMapper.d.ts +48 -43
  188. package/openid/hardcodedRoleProtocolMapper.js +36 -22
  189. package/openid/hardcodedRoleProtocolMapper.js.map +1 -1
  190. package/openid/scriptProtocolMapper.d.ts +17 -3
  191. package/openid/scriptProtocolMapper.js +17 -3
  192. package/openid/scriptProtocolMapper.js.map +1 -1
  193. package/openid/userAttributeProtocolMapper.d.ts +73 -72
  194. package/openid/userAttributeProtocolMapper.js +43 -24
  195. package/openid/userAttributeProtocolMapper.js.map +1 -1
  196. package/openid/userClientRoleProtocolMapper.d.ts +17 -3
  197. package/openid/userClientRoleProtocolMapper.js +17 -3
  198. package/openid/userClientRoleProtocolMapper.js.map +1 -1
  199. package/openid/userPropertyProtocolMapper.d.ts +66 -67
  200. package/openid/userPropertyProtocolMapper.js +42 -25
  201. package/openid/userPropertyProtocolMapper.js.map +1 -1
  202. package/openid/userRealmRoleProtocolMapper.d.ts +73 -63
  203. package/openid/userRealmRoleProtocolMapper.js +43 -24
  204. package/openid/userRealmRoleProtocolMapper.js.map +1 -1
  205. package/openid/userSessionNoteProtocolMapper.d.ts +17 -3
  206. package/openid/userSessionNoteProtocolMapper.js +17 -3
  207. package/openid/userSessionNoteProtocolMapper.js.map +1 -1
  208. package/package.json +1 -1
  209. package/realm.d.ts +30 -509
  210. package/realm.js +0 -83
  211. package/realm.js.map +1 -1
  212. package/realmEvents.d.ts +20 -74
  213. package/realmEvents.js +20 -11
  214. package/realmEvents.js.map +1 -1
  215. package/realmKeystoreAesGenerated.d.ts +8 -2
  216. package/realmKeystoreAesGenerated.js +8 -2
  217. package/realmKeystoreAesGenerated.js.map +1 -1
  218. package/realmKeystoreEcdsaGenerated.d.ts +8 -2
  219. package/realmKeystoreEcdsaGenerated.js +8 -2
  220. package/realmKeystoreEcdsaGenerated.js.map +1 -1
  221. package/realmKeystoreHmacGenerated.d.ts +8 -2
  222. package/realmKeystoreHmacGenerated.js +8 -2
  223. package/realmKeystoreHmacGenerated.js.map +1 -1
  224. package/realmKeystoreJavaGenerated.d.ts +8 -2
  225. package/realmKeystoreJavaGenerated.js +8 -2
  226. package/realmKeystoreJavaGenerated.js.map +1 -1
  227. package/realmKeystoreRsa.d.ts +6 -2
  228. package/realmKeystoreRsa.js +6 -2
  229. package/realmKeystoreRsa.js.map +1 -1
  230. package/realmKeystoreRsaGenerated.d.ts +8 -2
  231. package/realmKeystoreRsaGenerated.js +8 -2
  232. package/realmKeystoreRsaGenerated.js.map +1 -1
  233. package/realmUserProfile.d.ts +2 -0
  234. package/realmUserProfile.js +2 -0
  235. package/realmUserProfile.js.map +1 -1
  236. package/requiredAction.d.ts +8 -2
  237. package/requiredAction.js +8 -2
  238. package/requiredAction.js.map +1 -1
  239. package/role.d.ts +58 -125
  240. package/role.js +58 -71
  241. package/role.js.map +1 -1
  242. package/saml/client.d.ts +46 -327
  243. package/saml/client.js +46 -12
  244. package/saml/client.js.map +1 -1
  245. package/saml/clientDefaultScope.d.ts +5 -1
  246. package/saml/clientDefaultScope.js +5 -1
  247. package/saml/clientDefaultScope.js.map +1 -1
  248. package/saml/clientScope.d.ts +10 -2
  249. package/saml/clientScope.js +10 -2
  250. package/saml/clientScope.js.map +1 -1
  251. package/saml/getClient.d.ts +4 -0
  252. package/saml/getClient.js +4 -0
  253. package/saml/getClient.js.map +1 -1
  254. package/saml/getClientInstallationProvider.d.ts +4 -0
  255. package/saml/getClientInstallationProvider.js +4 -0
  256. package/saml/getClientInstallationProvider.js.map +1 -1
  257. package/saml/identityProvider.d.ts +163 -117
  258. package/saml/identityProvider.js +52 -21
  259. package/saml/identityProvider.js.map +1 -1
  260. package/saml/scriptProtocolMapper.d.ts +13 -3
  261. package/saml/scriptProtocolMapper.js +13 -3
  262. package/saml/scriptProtocolMapper.js.map +1 -1
  263. package/saml/userAttributeProtocolMapper.d.ts +32 -91
  264. package/saml/userAttributeProtocolMapper.js +32 -19
  265. package/saml/userAttributeProtocolMapper.js.map +1 -1
  266. package/saml/userPropertyProtocolMapper.d.ts +32 -91
  267. package/saml/userPropertyProtocolMapper.js +32 -19
  268. package/saml/userPropertyProtocolMapper.js.map +1 -1
  269. package/types/input.d.ts +74 -183
  270. package/types/output.d.ts +44 -207
  271. package/user.d.ts +36 -112
  272. package/user.js +36 -22
  273. package/user.js.map +1 -1
  274. package/userGroups.d.ts +9 -1
  275. package/userGroups.js +9 -1
  276. package/userGroups.js.map +1 -1
  277. package/userRoles.d.ts +11 -2
  278. package/userRoles.js +11 -2
  279. package/userRoles.js.map +1 -1
  280. package/userTemplateImporterIdentityProviderMapper.d.ts +10 -2
  281. package/userTemplateImporterIdentityProviderMapper.js +10 -2
  282. package/userTemplateImporterIdentityProviderMapper.js.map +1 -1
  283. package/usersPermissions.d.ts +10 -25
  284. package/usersPermissions.js +10 -25
  285. package/usersPermissions.js.map +1 -1
@@ -1,42 +1,73 @@
1
1
  import * as pulumi from "@pulumi/pulumi";
2
2
  /**
3
- * Allows for creating and managing SAML Identity Providers within Keycloak.
3
+ * ## # keycloak.saml.IdentityProvider
4
4
  *
5
- * SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol.
5
+ * Allows to create and manage SAML Identity Providers within Keycloak.
6
6
  *
7
- * ## Example Usage
7
+ * SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard.
8
8
  *
9
+ * ### Example Usage
10
+ *
11
+ * <!--Start PulumiCodeChooser -->
9
12
  * ```typescript
10
13
  * import * as pulumi from "@pulumi/pulumi";
11
14
  * import * as keycloak from "@pulumi/keycloak";
12
15
  *
13
- * const realm = new keycloak.Realm("realm", {
14
- * realm: "my-realm",
15
- * enabled: true,
16
- * });
17
- * const realmSamlIdentityProvider = new keycloak.saml.IdentityProvider("realmSamlIdentityProvider", {
18
- * realm: realm.id,
19
- * alias: "my-saml-idp",
20
- * entityId: "https://domain.com/entity_id",
21
- * singleSignOnServiceUrl: "https://domain.com/adfs/ls/",
22
- * singleLogoutServiceUrl: "https://domain.com/adfs/ls/?wa=wsignout1.0",
16
+ * const realmIdentityProvider = new keycloak.saml.IdentityProvider("realmIdentityProvider", {
17
+ * alias: "my-idp",
23
18
  * backchannelSupported: true,
24
- * postBindingResponse: true,
25
- * postBindingLogout: true,
19
+ * forceAuthn: true,
26
20
  * postBindingAuthnRequest: true,
21
+ * postBindingLogout: true,
22
+ * postBindingResponse: true,
23
+ * realm: "my-realm",
24
+ * singleLogoutServiceUrl: "https://domain.com/adfs/ls/?wa=wsignout1.0",
25
+ * singleSignOnServiceUrl: "https://domain.com/adfs/ls/",
27
26
  * storeToken: false,
28
27
  * trustEmail: true,
29
- * forceAuthn: true,
30
28
  * });
31
29
  * ```
30
+ * <!--End PulumiCodeChooser -->
32
31
  *
33
- * ## Import
32
+ * ### Argument Reference
34
33
  *
35
- * Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. Examplebash
34
+ * The following arguments are supported:
36
35
  *
37
- * ```sh
38
- * $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp
39
- * ```
36
+ * - `realm` - (Required) The name of the realm. This is unique across Keycloak.
37
+ * - `alias` - (Optional) The uniq name of identity provider.
38
+ * - `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`.
39
+ * - `displayName` - (Optional) The display name for the realm that is shown when logging in to the admin console.
40
+ * - `storeToken` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`.
41
+ * - `addReadTokenRoleOnCreate` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`.
42
+ * - `trustEmail` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`.
43
+ * - `linkOnly` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`.
44
+ * - `hideOnLoginPage` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
45
+ * - `firstBrokerLoginFlowAlias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
46
+ * - `postBrokerLoginFlowAlias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
47
+ * - `authenticateByDefault` - (Optional) Authenticate users by default. Defaults to `false`.
48
+ *
49
+ * #### SAML Configuration
50
+ *
51
+ * - `singleSignOnServiceUrl` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest).
52
+ * - `singleLogoutServiceUrl` - (Optional) The Url that must be used to send logout requests.
53
+ * - `backchannelSupported` - (Optional) Does the external IDP support back-channel logout ?.
54
+ * - `nameIdPolicyFormat` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
55
+ * - `postBindingResponse` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
56
+ * - `postBindingAuthnRequest` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
57
+ * - `postBindingLogout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
58
+ * - `wantAssertionsSigned` - (Optional) Indicates whether this service provider expects a signed Assertion.
59
+ * - `wantAssertionsEncrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion.
60
+ * - `forceAuthn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
61
+ * - `validateSignature` - (Optional) Enable/disable signature validation of SAML responses.
62
+ * - `signingCertificate` - (Optional) Signing Certificate.
63
+ * - `signatureAlgorithm` - (Optional) Signing Algorithm. Defaults to empty.
64
+ * - `xmlSignKeyInfoKeyNameTransformer` - (Optional) Sign Key Transformer. Defaults to empty.
65
+ *
66
+ * ### Import
67
+ *
68
+ * Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idpAlias` is the identity provider alias.
69
+ *
70
+ * Example:
40
71
  */
41
72
  export declare class IdentityProvider extends pulumi.CustomResource {
42
73
  /**
@@ -55,39 +86,39 @@ export declare class IdentityProvider extends pulumi.CustomResource {
55
86
  */
56
87
  static isInstance(obj: any): obj is IdentityProvider;
57
88
  /**
58
- * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
89
+ * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
59
90
  */
60
91
  readonly addReadTokenRoleOnCreate: pulumi.Output<boolean | undefined>;
61
92
  /**
62
- * The unique name of identity provider.
93
+ * The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
63
94
  */
64
95
  readonly alias: pulumi.Output<string>;
65
96
  /**
66
- * Authenticate users by default. Defaults to `false`.
97
+ * Enable/disable authenticate users by default.
67
98
  */
68
99
  readonly authenticateByDefault: pulumi.Output<boolean | undefined>;
69
100
  /**
70
- * Ordered list of requested AuthnContext ClassRefs.
101
+ * AuthnContext ClassRefs
71
102
  */
72
103
  readonly authnContextClassRefs: pulumi.Output<string[] | undefined>;
73
104
  /**
74
- * Specifies the comparison method used to evaluate the requested context classes or statements.
105
+ * AuthnContext Comparison
75
106
  */
76
107
  readonly authnContextComparisonType: pulumi.Output<string | undefined>;
77
108
  /**
78
- * Ordered list of requested AuthnContext DeclRefs.
109
+ * AuthnContext DeclRefs
79
110
  */
80
111
  readonly authnContextDeclRefs: pulumi.Output<string[] | undefined>;
81
112
  /**
82
- * Does the external IDP support backchannel logout?. Defaults to `false`.
113
+ * Does the external IDP support backchannel logout?
83
114
  */
84
115
  readonly backchannelSupported: pulumi.Output<boolean | undefined>;
85
116
  /**
86
- * The display name for the realm that is shown when logging in to the admin console.
117
+ * Friendly name for Identity Providers.
87
118
  */
88
119
  readonly displayName: pulumi.Output<string | undefined>;
89
120
  /**
90
- * When `false`, users and clients will not be able to access this realm. Defaults to `true`.
121
+ * Enable/disable this identity provider.
91
122
  */
92
123
  readonly enabled: pulumi.Output<boolean | undefined>;
93
124
  /**
@@ -98,19 +129,20 @@ export declare class IdentityProvider extends pulumi.CustomResource {
98
129
  [key: string]: any;
99
130
  } | undefined>;
100
131
  /**
101
- * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
132
+ * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
133
+ * that there is not yet existing Keycloak account linked with the authenticated identity provider account.
102
134
  */
103
135
  readonly firstBrokerLoginFlowAlias: pulumi.Output<string | undefined>;
104
136
  /**
105
- * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
137
+ * Require Force Authn.
106
138
  */
107
139
  readonly forceAuthn: pulumi.Output<boolean | undefined>;
108
140
  /**
109
- * A number defining the order of this identity provider in the GUI.
141
+ * GUI Order
110
142
  */
111
143
  readonly guiOrder: pulumi.Output<string | undefined>;
112
144
  /**
113
- * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
145
+ * Hide On Login Page.
114
146
  */
115
147
  readonly hideOnLoginPage: pulumi.Output<boolean | undefined>;
116
148
  /**
@@ -118,7 +150,8 @@ export declare class IdentityProvider extends pulumi.CustomResource {
118
150
  */
119
151
  readonly internalId: pulumi.Output<string>;
120
152
  /**
121
- * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
153
+ * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't
154
+ * want to allow login from the provider, but want to integrate with a provider
122
155
  */
123
156
  readonly linkOnly: pulumi.Output<boolean | undefined>;
124
157
  /**
@@ -126,43 +159,46 @@ export declare class IdentityProvider extends pulumi.CustomResource {
126
159
  */
127
160
  readonly loginHint: pulumi.Output<string | undefined>;
128
161
  /**
129
- * Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
162
+ * Name ID Policy Format.
130
163
  */
131
164
  readonly nameIdPolicyFormat: pulumi.Output<string | undefined>;
132
165
  /**
133
- * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
166
+ * Post Binding Authn Request.
134
167
  */
135
168
  readonly postBindingAuthnRequest: pulumi.Output<boolean | undefined>;
136
169
  /**
137
- * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
170
+ * Post Binding Logout.
138
171
  */
139
172
  readonly postBindingLogout: pulumi.Output<boolean | undefined>;
140
173
  /**
141
- * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
174
+ * Post Binding Response.
142
175
  */
143
176
  readonly postBindingResponse: pulumi.Output<boolean | undefined>;
144
177
  /**
145
- * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
178
+ * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
179
+ * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if
180
+ * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that
181
+ * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
146
182
  */
147
183
  readonly postBrokerLoginFlowAlias: pulumi.Output<string | undefined>;
148
184
  /**
149
- * The principal attribute.
185
+ * Principal Attribute
150
186
  */
151
187
  readonly principalAttribute: pulumi.Output<string | undefined>;
152
188
  /**
153
- * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.
189
+ * Principal Type
154
190
  */
155
191
  readonly principalType: pulumi.Output<string | undefined>;
156
192
  /**
157
- * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.
193
+ * provider id, is always saml, unless you have a custom implementation
158
194
  */
159
195
  readonly providerId: pulumi.Output<string | undefined>;
160
196
  /**
161
- * The name of the realm. This is unique across Keycloak.
197
+ * Realm Name
162
198
  */
163
199
  readonly realm: pulumi.Output<string>;
164
200
  /**
165
- * Signing Algorithm. Defaults to empty.
201
+ * Signing Algorithm.
166
202
  */
167
203
  readonly signatureAlgorithm: pulumi.Output<string | undefined>;
168
204
  /**
@@ -170,23 +206,23 @@ export declare class IdentityProvider extends pulumi.CustomResource {
170
206
  */
171
207
  readonly signingCertificate: pulumi.Output<string | undefined>;
172
208
  /**
173
- * The Url that must be used to send logout requests.
209
+ * Logout URL.
174
210
  */
175
211
  readonly singleLogoutServiceUrl: pulumi.Output<string | undefined>;
176
212
  /**
177
- * The Url that must be used to send authentication requests (SAML AuthnRequest).
213
+ * SSO Logout URL.
178
214
  */
179
215
  readonly singleSignOnServiceUrl: pulumi.Output<string>;
180
216
  /**
181
- * When `true`, tokens will be stored after authenticating users. Defaults to `true`.
217
+ * Enable/disable if tokens must be stored after authenticating users.
182
218
  */
183
219
  readonly storeToken: pulumi.Output<boolean | undefined>;
184
220
  /**
185
- * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.
221
+ * Sync Mode
186
222
  */
187
223
  readonly syncMode: pulumi.Output<string | undefined>;
188
224
  /**
189
- * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
225
+ * If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
190
226
  */
191
227
  readonly trustEmail: pulumi.Output<boolean | undefined>;
192
228
  /**
@@ -194,15 +230,15 @@ export declare class IdentityProvider extends pulumi.CustomResource {
194
230
  */
195
231
  readonly validateSignature: pulumi.Output<boolean | undefined>;
196
232
  /**
197
- * Indicates whether this service provider expects an encrypted Assertion.
233
+ * Want Assertions Encrypted.
198
234
  */
199
235
  readonly wantAssertionsEncrypted: pulumi.Output<boolean | undefined>;
200
236
  /**
201
- * Indicates whether this service provider expects a signed Assertion.
237
+ * Want Assertions Signed.
202
238
  */
203
239
  readonly wantAssertionsSigned: pulumi.Output<boolean | undefined>;
204
240
  /**
205
- * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.
241
+ * Sign Key Transformer.
206
242
  */
207
243
  readonly xmlSignKeyInfoKeyNameTransformer: pulumi.Output<string | undefined>;
208
244
  /**
@@ -219,39 +255,39 @@ export declare class IdentityProvider extends pulumi.CustomResource {
219
255
  */
220
256
  export interface IdentityProviderState {
221
257
  /**
222
- * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
258
+ * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
223
259
  */
224
260
  addReadTokenRoleOnCreate?: pulumi.Input<boolean>;
225
261
  /**
226
- * The unique name of identity provider.
262
+ * The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
227
263
  */
228
264
  alias?: pulumi.Input<string>;
229
265
  /**
230
- * Authenticate users by default. Defaults to `false`.
266
+ * Enable/disable authenticate users by default.
231
267
  */
232
268
  authenticateByDefault?: pulumi.Input<boolean>;
233
269
  /**
234
- * Ordered list of requested AuthnContext ClassRefs.
270
+ * AuthnContext ClassRefs
235
271
  */
236
272
  authnContextClassRefs?: pulumi.Input<pulumi.Input<string>[]>;
237
273
  /**
238
- * Specifies the comparison method used to evaluate the requested context classes or statements.
274
+ * AuthnContext Comparison
239
275
  */
240
276
  authnContextComparisonType?: pulumi.Input<string>;
241
277
  /**
242
- * Ordered list of requested AuthnContext DeclRefs.
278
+ * AuthnContext DeclRefs
243
279
  */
244
280
  authnContextDeclRefs?: pulumi.Input<pulumi.Input<string>[]>;
245
281
  /**
246
- * Does the external IDP support backchannel logout?. Defaults to `false`.
282
+ * Does the external IDP support backchannel logout?
247
283
  */
248
284
  backchannelSupported?: pulumi.Input<boolean>;
249
285
  /**
250
- * The display name for the realm that is shown when logging in to the admin console.
286
+ * Friendly name for Identity Providers.
251
287
  */
252
288
  displayName?: pulumi.Input<string>;
253
289
  /**
254
- * When `false`, users and clients will not be able to access this realm. Defaults to `true`.
290
+ * Enable/disable this identity provider.
255
291
  */
256
292
  enabled?: pulumi.Input<boolean>;
257
293
  /**
@@ -262,19 +298,20 @@ export interface IdentityProviderState {
262
298
  [key: string]: any;
263
299
  }>;
264
300
  /**
265
- * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
301
+ * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
302
+ * that there is not yet existing Keycloak account linked with the authenticated identity provider account.
266
303
  */
267
304
  firstBrokerLoginFlowAlias?: pulumi.Input<string>;
268
305
  /**
269
- * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
306
+ * Require Force Authn.
270
307
  */
271
308
  forceAuthn?: pulumi.Input<boolean>;
272
309
  /**
273
- * A number defining the order of this identity provider in the GUI.
310
+ * GUI Order
274
311
  */
275
312
  guiOrder?: pulumi.Input<string>;
276
313
  /**
277
- * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
314
+ * Hide On Login Page.
278
315
  */
279
316
  hideOnLoginPage?: pulumi.Input<boolean>;
280
317
  /**
@@ -282,7 +319,8 @@ export interface IdentityProviderState {
282
319
  */
283
320
  internalId?: pulumi.Input<string>;
284
321
  /**
285
- * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
322
+ * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't
323
+ * want to allow login from the provider, but want to integrate with a provider
286
324
  */
287
325
  linkOnly?: pulumi.Input<boolean>;
288
326
  /**
@@ -290,43 +328,46 @@ export interface IdentityProviderState {
290
328
  */
291
329
  loginHint?: pulumi.Input<string>;
292
330
  /**
293
- * Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
331
+ * Name ID Policy Format.
294
332
  */
295
333
  nameIdPolicyFormat?: pulumi.Input<string>;
296
334
  /**
297
- * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
335
+ * Post Binding Authn Request.
298
336
  */
299
337
  postBindingAuthnRequest?: pulumi.Input<boolean>;
300
338
  /**
301
- * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
339
+ * Post Binding Logout.
302
340
  */
303
341
  postBindingLogout?: pulumi.Input<boolean>;
304
342
  /**
305
- * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
343
+ * Post Binding Response.
306
344
  */
307
345
  postBindingResponse?: pulumi.Input<boolean>;
308
346
  /**
309
- * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
347
+ * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
348
+ * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if
349
+ * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that
350
+ * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
310
351
  */
311
352
  postBrokerLoginFlowAlias?: pulumi.Input<string>;
312
353
  /**
313
- * The principal attribute.
354
+ * Principal Attribute
314
355
  */
315
356
  principalAttribute?: pulumi.Input<string>;
316
357
  /**
317
- * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.
358
+ * Principal Type
318
359
  */
319
360
  principalType?: pulumi.Input<string>;
320
361
  /**
321
- * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.
362
+ * provider id, is always saml, unless you have a custom implementation
322
363
  */
323
364
  providerId?: pulumi.Input<string>;
324
365
  /**
325
- * The name of the realm. This is unique across Keycloak.
366
+ * Realm Name
326
367
  */
327
368
  realm?: pulumi.Input<string>;
328
369
  /**
329
- * Signing Algorithm. Defaults to empty.
370
+ * Signing Algorithm.
330
371
  */
331
372
  signatureAlgorithm?: pulumi.Input<string>;
332
373
  /**
@@ -334,23 +375,23 @@ export interface IdentityProviderState {
334
375
  */
335
376
  signingCertificate?: pulumi.Input<string>;
336
377
  /**
337
- * The Url that must be used to send logout requests.
378
+ * Logout URL.
338
379
  */
339
380
  singleLogoutServiceUrl?: pulumi.Input<string>;
340
381
  /**
341
- * The Url that must be used to send authentication requests (SAML AuthnRequest).
382
+ * SSO Logout URL.
342
383
  */
343
384
  singleSignOnServiceUrl?: pulumi.Input<string>;
344
385
  /**
345
- * When `true`, tokens will be stored after authenticating users. Defaults to `true`.
386
+ * Enable/disable if tokens must be stored after authenticating users.
346
387
  */
347
388
  storeToken?: pulumi.Input<boolean>;
348
389
  /**
349
- * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.
390
+ * Sync Mode
350
391
  */
351
392
  syncMode?: pulumi.Input<string>;
352
393
  /**
353
- * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
394
+ * If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
354
395
  */
355
396
  trustEmail?: pulumi.Input<boolean>;
356
397
  /**
@@ -358,15 +399,15 @@ export interface IdentityProviderState {
358
399
  */
359
400
  validateSignature?: pulumi.Input<boolean>;
360
401
  /**
361
- * Indicates whether this service provider expects an encrypted Assertion.
402
+ * Want Assertions Encrypted.
362
403
  */
363
404
  wantAssertionsEncrypted?: pulumi.Input<boolean>;
364
405
  /**
365
- * Indicates whether this service provider expects a signed Assertion.
406
+ * Want Assertions Signed.
366
407
  */
367
408
  wantAssertionsSigned?: pulumi.Input<boolean>;
368
409
  /**
369
- * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.
410
+ * Sign Key Transformer.
370
411
  */
371
412
  xmlSignKeyInfoKeyNameTransformer?: pulumi.Input<string>;
372
413
  }
@@ -375,39 +416,39 @@ export interface IdentityProviderState {
375
416
  */
376
417
  export interface IdentityProviderArgs {
377
418
  /**
378
- * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
419
+ * Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
379
420
  */
380
421
  addReadTokenRoleOnCreate?: pulumi.Input<boolean>;
381
422
  /**
382
- * The unique name of identity provider.
423
+ * The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
383
424
  */
384
425
  alias: pulumi.Input<string>;
385
426
  /**
386
- * Authenticate users by default. Defaults to `false`.
427
+ * Enable/disable authenticate users by default.
387
428
  */
388
429
  authenticateByDefault?: pulumi.Input<boolean>;
389
430
  /**
390
- * Ordered list of requested AuthnContext ClassRefs.
431
+ * AuthnContext ClassRefs
391
432
  */
392
433
  authnContextClassRefs?: pulumi.Input<pulumi.Input<string>[]>;
393
434
  /**
394
- * Specifies the comparison method used to evaluate the requested context classes or statements.
435
+ * AuthnContext Comparison
395
436
  */
396
437
  authnContextComparisonType?: pulumi.Input<string>;
397
438
  /**
398
- * Ordered list of requested AuthnContext DeclRefs.
439
+ * AuthnContext DeclRefs
399
440
  */
400
441
  authnContextDeclRefs?: pulumi.Input<pulumi.Input<string>[]>;
401
442
  /**
402
- * Does the external IDP support backchannel logout?. Defaults to `false`.
443
+ * Does the external IDP support backchannel logout?
403
444
  */
404
445
  backchannelSupported?: pulumi.Input<boolean>;
405
446
  /**
406
- * The display name for the realm that is shown when logging in to the admin console.
447
+ * Friendly name for Identity Providers.
407
448
  */
408
449
  displayName?: pulumi.Input<string>;
409
450
  /**
410
- * When `false`, users and clients will not be able to access this realm. Defaults to `true`.
451
+ * Enable/disable this identity provider.
411
452
  */
412
453
  enabled?: pulumi.Input<boolean>;
413
454
  /**
@@ -418,23 +459,25 @@ export interface IdentityProviderArgs {
418
459
  [key: string]: any;
419
460
  }>;
420
461
  /**
421
- * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
462
+ * Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means
463
+ * that there is not yet existing Keycloak account linked with the authenticated identity provider account.
422
464
  */
423
465
  firstBrokerLoginFlowAlias?: pulumi.Input<string>;
424
466
  /**
425
- * Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
467
+ * Require Force Authn.
426
468
  */
427
469
  forceAuthn?: pulumi.Input<boolean>;
428
470
  /**
429
- * A number defining the order of this identity provider in the GUI.
471
+ * GUI Order
430
472
  */
431
473
  guiOrder?: pulumi.Input<string>;
432
474
  /**
433
- * If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
475
+ * Hide On Login Page.
434
476
  */
435
477
  hideOnLoginPage?: pulumi.Input<boolean>;
436
478
  /**
437
- * When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
479
+ * If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't
480
+ * want to allow login from the provider, but want to integrate with a provider
438
481
  */
439
482
  linkOnly?: pulumi.Input<boolean>;
440
483
  /**
@@ -442,43 +485,46 @@ export interface IdentityProviderArgs {
442
485
  */
443
486
  loginHint?: pulumi.Input<string>;
444
487
  /**
445
- * Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
488
+ * Name ID Policy Format.
446
489
  */
447
490
  nameIdPolicyFormat?: pulumi.Input<string>;
448
491
  /**
449
- * Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
492
+ * Post Binding Authn Request.
450
493
  */
451
494
  postBindingAuthnRequest?: pulumi.Input<boolean>;
452
495
  /**
453
- * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
496
+ * Post Binding Logout.
454
497
  */
455
498
  postBindingLogout?: pulumi.Input<boolean>;
456
499
  /**
457
- * Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
500
+ * Post Binding Response.
458
501
  */
459
502
  postBindingResponse?: pulumi.Input<boolean>;
460
503
  /**
461
- * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
504
+ * Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
505
+ * additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if
506
+ * you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that
507
+ * authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
462
508
  */
463
509
  postBrokerLoginFlowAlias?: pulumi.Input<string>;
464
510
  /**
465
- * The principal attribute.
511
+ * Principal Attribute
466
512
  */
467
513
  principalAttribute?: pulumi.Input<string>;
468
514
  /**
469
- * The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.
515
+ * Principal Type
470
516
  */
471
517
  principalType?: pulumi.Input<string>;
472
518
  /**
473
- * The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.
519
+ * provider id, is always saml, unless you have a custom implementation
474
520
  */
475
521
  providerId?: pulumi.Input<string>;
476
522
  /**
477
- * The name of the realm. This is unique across Keycloak.
523
+ * Realm Name
478
524
  */
479
525
  realm: pulumi.Input<string>;
480
526
  /**
481
- * Signing Algorithm. Defaults to empty.
527
+ * Signing Algorithm.
482
528
  */
483
529
  signatureAlgorithm?: pulumi.Input<string>;
484
530
  /**
@@ -486,23 +532,23 @@ export interface IdentityProviderArgs {
486
532
  */
487
533
  signingCertificate?: pulumi.Input<string>;
488
534
  /**
489
- * The Url that must be used to send logout requests.
535
+ * Logout URL.
490
536
  */
491
537
  singleLogoutServiceUrl?: pulumi.Input<string>;
492
538
  /**
493
- * The Url that must be used to send authentication requests (SAML AuthnRequest).
539
+ * SSO Logout URL.
494
540
  */
495
541
  singleSignOnServiceUrl: pulumi.Input<string>;
496
542
  /**
497
- * When `true`, tokens will be stored after authenticating users. Defaults to `true`.
543
+ * Enable/disable if tokens must be stored after authenticating users.
498
544
  */
499
545
  storeToken?: pulumi.Input<boolean>;
500
546
  /**
501
- * The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.
547
+ * Sync Mode
502
548
  */
503
549
  syncMode?: pulumi.Input<string>;
504
550
  /**
505
- * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
551
+ * If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
506
552
  */
507
553
  trustEmail?: pulumi.Input<boolean>;
508
554
  /**
@@ -510,15 +556,15 @@ export interface IdentityProviderArgs {
510
556
  */
511
557
  validateSignature?: pulumi.Input<boolean>;
512
558
  /**
513
- * Indicates whether this service provider expects an encrypted Assertion.
559
+ * Want Assertions Encrypted.
514
560
  */
515
561
  wantAssertionsEncrypted?: pulumi.Input<boolean>;
516
562
  /**
517
- * Indicates whether this service provider expects a signed Assertion.
563
+ * Want Assertions Signed.
518
564
  */
519
565
  wantAssertionsSigned?: pulumi.Input<boolean>;
520
566
  /**
521
- * The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.
567
+ * Sign Key Transformer.
522
568
  */
523
569
  xmlSignKeyInfoKeyNameTransformer?: pulumi.Input<string>;
524
570
  }