Docs Home
cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc
cyral.IntegrationIdpForgerock
Explore with Pulumi AI
# cyral.IntegrationIdpForgerock (Resource)
Manages integration with Forgerock identity provider to allow single-sign on to Cyral.
Example Usage
Integration with Default Configuration
import * as pulumi from "@pulumi/pulumi";
import * as cyral from "@pulumi/cyral";
const someResourceName = new cyral.IntegrationIdpForgerock("someResourceName", {samlp: {
config: {
singleSignOnServiceUrl: "some_sso_url",
},
}});
import pulumi
import pulumi_cyral as cyral
some_resource_name = cyral.IntegrationIdpForgerock("someResourceName", samlp={
"config": {
"single_sign_on_service_url": "some_sso_url",
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cyral.NewIntegrationIdpForgerock(ctx, "someResourceName", &cyral.IntegrationIdpForgerockArgs{
Samlp: &cyral.IntegrationIdpForgerockSamlpArgs{
Config: &cyral.IntegrationIdpForgerockSamlpConfigArgs{
SingleSignOnServiceUrl: pulumi.String("some_sso_url"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cyral = Pulumi.Cyral;
return await Deployment.RunAsync(() =>
{
var someResourceName = new Cyral.IntegrationIdpForgerock("someResourceName", new()
{
Samlp = new Cyral.Inputs.IntegrationIdpForgerockSamlpArgs
{
Config = new Cyral.Inputs.IntegrationIdpForgerockSamlpConfigArgs
{
SingleSignOnServiceUrl = "some_sso_url",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cyral.IntegrationIdpForgerock;
import com.pulumi.cyral.IntegrationIdpForgerockArgs;
import com.pulumi.cyral.inputs.IntegrationIdpForgerockSamlpArgs;
import com.pulumi.cyral.inputs.IntegrationIdpForgerockSamlpConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var someResourceName = new IntegrationIdpForgerock("someResourceName", IntegrationIdpForgerockArgs.builder()
.samlp(IntegrationIdpForgerockSamlpArgs.builder()
.config(IntegrationIdpForgerockSamlpConfigArgs.builder()
.singleSignOnServiceUrl("some_sso_url")
.build())
.build())
.build());
}
}
resources:
someResourceName:
type: cyral:IntegrationIdpForgerock
properties:
samlp:
config:
singleSignOnServiceUrl: some_sso_url
Integration using SAML Configuration Data Source
import * as pulumi from "@pulumi/pulumi";
import * as cyral from "@pulumi/cyral";
const someDataSourceName = cyral.getSamlConfiguration({
samlMetadataUrl: "some_metadata_url",
});
const config = someDataSourceName;
const someResourceName = new cyral.IntegrationIdpForgerock("someResourceName", {samlp: {
providerId: "saml",
disabled: false,
firstBrokerLoginFlowAlias: "SAML_First_Broker",
postBrokerLoginFlowAlias: "",
displayName: "Custom-Forgerock",
storeToken: false,
addReadTokenRoleOnCreate: false,
trustEmail: false,
linkOnly: false,
config: {
singleSignOnServiceUrl: config.then(config => config.singleSignOnServiceUrl),
singleLogoutServiceUrl: Promise.all([config, config]).then(([config, config1]) => config.singleLogoutServiceUrl == "" ? undefined : config1.singleLogoutServiceUrl),
disableUsingJwksUrl: config.then(config => config.disableUsingJwksUrl),
syncMode: Promise.all([config, config]).then(([config, config1]) => config.syncMode == "" ? undefined : config1.syncMode),
nameIdPolicyFormat: Promise.all([config, config]).then(([config, config1]) => config.nameIdPolicyFormat == "" ? undefined : config1.nameIdPolicyFormat),
principalType: Promise.all([config, config]).then(([config, config1]) => config.principalType == "" ? undefined : config1.principalType),
signatureType: Promise.all([config, config]).then(([config, config1]) => config.signatureType == "" ? undefined : config1.signatureType),
samlXmlKeyNameTranformer: Promise.all([config, config]).then(([config, config1]) => config.samlXmlKeyNameTranformer == "" ? undefined : config1.samlXmlKeyNameTranformer),
hideOnLoginPage: config.then(config => config.hideOnLoginPage),
backChannelSupported: config.then(config => config.backChannelSupported),
disablePostBindingResponse: config.then(config => config.disablePostBindingResponse),
disablePostBindingAuthnRequest: config.then(config => config.disablePostBindingAuthnRequest),
disablePostBindingLogout: config.then(config => config.disablePostBindingLogout),
wantAssertionsEncrypted: config.then(config => config.wantAssertionsEncrypted),
disableForceAuthentication: config.then(config => config.disableForceAuthentication),
guiOrder: Promise.all([config, config]).then(([config, config1]) => config.guiOrder == "" ? undefined : config1.guiOrder),
xmlSigKeyInfoKeyNameTransformer: Promise.all([config, config]).then(([config, config1]) => config.xmlSigKeyInfoKeyNameTransformer == "" ? undefined : config1.xmlSigKeyInfoKeyNameTransformer),
signingCertificate: Promise.all([config, config]).then(([config, config1]) => config.signingCertificate == "" ? undefined : config1.signingCertificate),
allowedClockSkew: config.then(config => config.allowedClockSkew),
samlMetadataUrl: Promise.all([config, config]).then(([config, config1]) => config.samlMetadataUrl == "" ? undefined : config1.samlMetadataUrl),
base64SamlMetadataDocument: Promise.all([config, config]).then(([config, config1]) => config.base64SamlMetadataDocument == "" ? undefined : config1.base64SamlMetadataDocument),
ldapGroupAttribute: Promise.all([config, config]).then(([config, config1]) => config.ldapGroupAttribute == "" ? undefined : config1.ldapGroupAttribute),
},
}});
import pulumi
import pulumi_cyral as cyral
some_data_source_name = cyral.get_saml_configuration(saml_metadata_url="some_metadata_url")
config = some_data_source_name
some_resource_name = cyral.IntegrationIdpForgerock("someResourceName", samlp={
"provider_id": "saml",
"disabled": False,
"first_broker_login_flow_alias": "SAML_First_Broker",
"post_broker_login_flow_alias": "",
"display_name": "Custom-Forgerock",
"store_token": False,
"add_read_token_role_on_create": False,
"trust_email": False,
"link_only": False,
"config": {
"single_sign_on_service_url": config.single_sign_on_service_url,
"single_logout_service_url": None if config.single_logout_service_url == "" else config.single_logout_service_url,
"disable_using_jwks_url": config.disable_using_jwks_url,
"sync_mode": None if config.sync_mode == "" else config.sync_mode,
"name_id_policy_format": None if config.name_id_policy_format == "" else config.name_id_policy_format,
"principal_type": None if config.principal_type == "" else config.principal_type,
"signature_type": None if config.signature_type == "" else config.signature_type,
"saml_xml_key_name_tranformer": None if config.saml_xml_key_name_tranformer == "" else config.saml_xml_key_name_tranformer,
"hide_on_login_page": config.hide_on_login_page,
"back_channel_supported": config.back_channel_supported,
"disable_post_binding_response": config.disable_post_binding_response,
"disable_post_binding_authn_request": config.disable_post_binding_authn_request,
"disable_post_binding_logout": config.disable_post_binding_logout,
"want_assertions_encrypted": config.want_assertions_encrypted,
"disable_force_authentication": config.disable_force_authentication,
"gui_order": None if config.gui_order == "" else config.gui_order,
"xml_sig_key_info_key_name_transformer": None if config.xml_sig_key_info_key_name_transformer == "" else config.xml_sig_key_info_key_name_transformer,
"signing_certificate": None if config.signing_certificate == "" else config.signing_certificate,
"allowed_clock_skew": config.allowed_clock_skew,
"saml_metadata_url": None if config.saml_metadata_url == "" else config.saml_metadata_url,
"base64_saml_metadata_document": None if config.base64_saml_metadata_document == "" else config.base64_saml_metadata_document,
"ldap_group_attribute": None if config.ldap_group_attribute == "" else config.ldap_group_attribute,
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
someDataSourceName, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{
SamlMetadataUrl: pulumi.StringRef("some_metadata_url"),
}, nil)
if err != nil {
return err
}
config := someDataSourceName
var tmp0 pulumi.String
if config.SingleLogoutServiceUrl == "" {
tmp0 = nil
} else {
tmp0 = pulumi.String(config.SingleLogoutServiceUrl)
}
var tmp1 pulumi.String
if config.SyncMode == "" {
tmp1 = nil
} else {
tmp1 = pulumi.String(config.SyncMode)
}
var tmp2 pulumi.String
if config.NameIdPolicyFormat == "" {
tmp2 = nil
} else {
tmp2 = pulumi.String(config.NameIdPolicyFormat)
}
var tmp3 pulumi.String
if config.PrincipalType == "" {
tmp3 = nil
} else {
tmp3 = pulumi.String(config.PrincipalType)
}
var tmp4 pulumi.String
if config.SignatureType == "" {
tmp4 = nil
} else {
tmp4 = pulumi.String(config.SignatureType)
}
var tmp5 pulumi.String
if config.SamlXmlKeyNameTranformer == "" {
tmp5 = nil
} else {
tmp5 = pulumi.String(config.SamlXmlKeyNameTranformer)
}
var tmp6 pulumi.String
if config.GuiOrder == "" {
tmp6 = nil
} else {
tmp6 = pulumi.String(config.GuiOrder)
}
var tmp7 pulumi.String
if config.XmlSigKeyInfoKeyNameTransformer == "" {
tmp7 = nil
} else {
tmp7 = pulumi.String(config.XmlSigKeyInfoKeyNameTransformer)
}
var tmp8 pulumi.String
if config.SigningCertificate == "" {
tmp8 = nil
} else {
tmp8 = pulumi.String(config.SigningCertificate)
}
var tmp9 pulumi.String
if config.SamlMetadataUrl == "" {
tmp9 = nil
} else {
tmp9 = pulumi.String(config.SamlMetadataUrl)
}
var tmp10 pulumi.String
if config.Base64SamlMetadataDocument == "" {
tmp10 = nil
} else {
tmp10 = pulumi.String(config.Base64SamlMetadataDocument)
}
var tmp11 pulumi.String
if config.LdapGroupAttribute == "" {
tmp11 = nil
} else {
tmp11 = pulumi.String(config.LdapGroupAttribute)
}
_, err = cyral.NewIntegrationIdpForgerock(ctx, "someResourceName", &cyral.IntegrationIdpForgerockArgs{
Samlp: &cyral.IntegrationIdpForgerockSamlpArgs{
ProviderId: pulumi.String("saml"),
Disabled: pulumi.Bool(false),
FirstBrokerLoginFlowAlias: pulumi.String("SAML_First_Broker"),
PostBrokerLoginFlowAlias: pulumi.String(""),
DisplayName: pulumi.String("Custom-Forgerock"),
StoreToken: pulumi.Bool(false),
AddReadTokenRoleOnCreate: pulumi.Bool(false),
TrustEmail: pulumi.Bool(false),
LinkOnly: pulumi.Bool(false),
Config: &cyral.IntegrationIdpForgerockSamlpConfigArgs{
SingleSignOnServiceUrl: pulumi.String(config.SingleSignOnServiceUrl),
SingleLogoutServiceUrl: pulumi.String(tmp0),
DisableUsingJwksUrl: pulumi.Bool(config.DisableUsingJwksUrl),
SyncMode: pulumi.String(tmp1),
NameIdPolicyFormat: pulumi.String(tmp2),
PrincipalType: pulumi.String(tmp3),
SignatureType: pulumi.String(tmp4),
SamlXmlKeyNameTranformer: pulumi.String(tmp5),
HideOnLoginPage: pulumi.Bool(config.HideOnLoginPage),
BackChannelSupported: pulumi.Bool(config.BackChannelSupported),
DisablePostBindingResponse: pulumi.Bool(config.DisablePostBindingResponse),
DisablePostBindingAuthnRequest: pulumi.Bool(config.DisablePostBindingAuthnRequest),
DisablePostBindingLogout: pulumi.Bool(config.DisablePostBindingLogout),
WantAssertionsEncrypted: pulumi.Bool(config.WantAssertionsEncrypted),
DisableForceAuthentication: pulumi.Bool(config.DisableForceAuthentication),
GuiOrder: pulumi.String(tmp6),
XmlSigKeyInfoKeyNameTransformer: pulumi.String(tmp7),
SigningCertificate: pulumi.String(tmp8),
AllowedClockSkew: pulumi.Float64(config.AllowedClockSkew),
SamlMetadataUrl: pulumi.String(tmp9),
Base64SamlMetadataDocument: pulumi.String(tmp10),
LdapGroupAttribute: pulumi.String(tmp11),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cyral = Pulumi.Cyral;
return await Deployment.RunAsync(() =>
{
var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()
{
SamlMetadataUrl = "some_metadata_url",
});
var config = someDataSourceName;
var someResourceName = new Cyral.IntegrationIdpForgerock("someResourceName", new()
{
Samlp = new Cyral.Inputs.IntegrationIdpForgerockSamlpArgs
{
ProviderId = "saml",
Disabled = false,
FirstBrokerLoginFlowAlias = "SAML_First_Broker",
PostBrokerLoginFlowAlias = "",
DisplayName = "Custom-Forgerock",
StoreToken = false,
AddReadTokenRoleOnCreate = false,
TrustEmail = false,
LinkOnly = false,
Config = new Cyral.Inputs.IntegrationIdpForgerockSamlpConfigArgs
{
SingleSignOnServiceUrl = config.Apply(config => config.SingleSignOnServiceUrl),
SingleLogoutServiceUrl = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.SingleLogoutServiceUrl == "" ? null : config1.SingleLogoutServiceUrl;
}),
DisableUsingJwksUrl = config.Apply(config => config.DisableUsingJwksUrl),
SyncMode = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.SyncMode == "" ? null : config1.SyncMode;
}),
NameIdPolicyFormat = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.NameIdPolicyFormat == "" ? null : config1.NameIdPolicyFormat;
}),
PrincipalType = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.PrincipalType == "" ? null : config1.PrincipalType;
}),
SignatureType = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.SignatureType == "" ? null : config1.SignatureType;
}),
SamlXmlKeyNameTranformer = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.SamlXmlKeyNameTranformer == "" ? null : config1.SamlXmlKeyNameTranformer;
}),
HideOnLoginPage = config.Apply(config => config.HideOnLoginPage),
BackChannelSupported = config.Apply(config => config.BackChannelSupported),
DisablePostBindingResponse = config.Apply(config => config.DisablePostBindingResponse),
DisablePostBindingAuthnRequest = config.Apply(config => config.DisablePostBindingAuthnRequest),
DisablePostBindingLogout = config.Apply(config => config.DisablePostBindingLogout),
WantAssertionsEncrypted = config.Apply(config => config.WantAssertionsEncrypted),
DisableForceAuthentication = config.Apply(config => config.DisableForceAuthentication),
GuiOrder = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.GuiOrder == "" ? null : config1.GuiOrder;
}),
XmlSigKeyInfoKeyNameTransformer = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.XmlSigKeyInfoKeyNameTransformer == "" ? null : config1.XmlSigKeyInfoKeyNameTransformer;
}),
SigningCertificate = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.SigningCertificate == "" ? null : config1.SigningCertificate;
}),
AllowedClockSkew = config.Apply(config => config.AllowedClockSkew),
SamlMetadataUrl = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.SamlMetadataUrl == "" ? null : config1.SamlMetadataUrl;
}),
Base64SamlMetadataDocument = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.Base64SamlMetadataDocument == "" ? null : config1.Base64SamlMetadataDocument;
}),
LdapGroupAttribute = Output.Tuple(config, config).Apply(values =>
{
var config = values.Item1;
var config1 = values.Item2;
return config.LdapGroupAttribute == "" ? null : config1.LdapGroupAttribute;
}),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cyral.CyralFunctions;
import com.pulumi.cyral.inputs.GetSamlConfigurationArgs;
import com.pulumi.cyral.IntegrationIdpForgerock;
import com.pulumi.cyral.IntegrationIdpForgerockArgs;
import com.pulumi.cyral.inputs.IntegrationIdpForgerockSamlpArgs;
import com.pulumi.cyral.inputs.IntegrationIdpForgerockSamlpConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()
.samlMetadataUrl("some_metadata_url")
.build());
final var config = someDataSourceName.applyValue(getSamlConfigurationResult -> getSamlConfigurationResult);
var someResourceName = new IntegrationIdpForgerock("someResourceName", IntegrationIdpForgerockArgs.builder()
.samlp(IntegrationIdpForgerockSamlpArgs.builder()
.providerId("saml")
.disabled(false)
.firstBrokerLoginFlowAlias("SAML_First_Broker")
.postBrokerLoginFlowAlias("")
.displayName("Custom-Forgerock")
.storeToken(false)
.addReadTokenRoleOnCreate(false)
.trustEmail(false)
.linkOnly(false)
.config(IntegrationIdpForgerockSamlpConfigArgs.builder()
.singleSignOnServiceUrl(config.singleSignOnServiceUrl())
.singleLogoutServiceUrl(config.singleLogoutServiceUrl() == "" ? null : config.singleLogoutServiceUrl())
.disableUsingJwksUrl(config.disableUsingJwksUrl())
.syncMode(config.syncMode() == "" ? null : config.syncMode())
.nameIdPolicyFormat(config.nameIdPolicyFormat() == "" ? null : config.nameIdPolicyFormat())
.principalType(config.principalType() == "" ? null : config.principalType())
.signatureType(config.signatureType() == "" ? null : config.signatureType())
.samlXmlKeyNameTranformer(config.samlXmlKeyNameTranformer() == "" ? null : config.samlXmlKeyNameTranformer())
.hideOnLoginPage(config.hideOnLoginPage())
.backChannelSupported(config.backChannelSupported())
.disablePostBindingResponse(config.disablePostBindingResponse())
.disablePostBindingAuthnRequest(config.disablePostBindingAuthnRequest())
.disablePostBindingLogout(config.disablePostBindingLogout())
.wantAssertionsEncrypted(config.wantAssertionsEncrypted())
.disableForceAuthentication(config.disableForceAuthentication())
.guiOrder(config.guiOrder() == "" ? null : config.guiOrder())
.xmlSigKeyInfoKeyNameTransformer(config.xmlSigKeyInfoKeyNameTransformer() == "" ? null : config.xmlSigKeyInfoKeyNameTransformer())
.signingCertificate(config.signingCertificate() == "" ? null : config.signingCertificate())
.allowedClockSkew(config.allowedClockSkew())
.samlMetadataUrl(config.samlMetadataUrl() == "" ? null : config.samlMetadataUrl())
.base64SamlMetadataDocument(config.base64SamlMetadataDocument() == "" ? null : config.base64SamlMetadataDocument())
.ldapGroupAttribute(config.ldapGroupAttribute() == "" ? null : config.ldapGroupAttribute())
.build())
.build())
.build());
}
}
Coming soon!
When using the SAML Configuration Data Source to configure this IdP Integration resource, consider verifying if the
stringattributes areemptylike in the example above so that the resource arguments can be used with their default values, instead of setting them as empty.
Create IntegrationIdpForgerock Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IntegrationIdpForgerock(name: string, args: IntegrationIdpForgerockArgs, opts?: CustomResourceOptions);@overload
def IntegrationIdpForgerock(resource_name: str,
args: IntegrationIdpForgerockArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IntegrationIdpForgerock(resource_name: str,
opts: Optional[ResourceOptions] = None,
samlp: Optional[IntegrationIdpForgerockSamlpArgs] = None,
draft_alias: Optional[str] = None)func NewIntegrationIdpForgerock(ctx *Context, name string, args IntegrationIdpForgerockArgs, opts ...ResourceOption) (*IntegrationIdpForgerock, error)public IntegrationIdpForgerock(string name, IntegrationIdpForgerockArgs args, CustomResourceOptions? opts = null)
public IntegrationIdpForgerock(String name, IntegrationIdpForgerockArgs args)
public IntegrationIdpForgerock(String name, IntegrationIdpForgerockArgs args, CustomResourceOptions options)
type: cyral:IntegrationIdpForgerock
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IntegrationIdpForgerockArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IntegrationIdpForgerockArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IntegrationIdpForgerockArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IntegrationIdpForgerockArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IntegrationIdpForgerockArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var integrationIdpForgerockResource = new Cyral.IntegrationIdpForgerock("integrationIdpForgerockResource", new()
{
Samlp = new Cyral.Inputs.IntegrationIdpForgerockSamlpArgs
{
Config = new Cyral.Inputs.IntegrationIdpForgerockSamlpConfigArgs
{
SingleSignOnServiceUrl = "string",
LdapGroupAttribute = "string",
PrincipalType = "string",
DisableForceAuthentication = false,
DisablePostBindingAuthnRequest = false,
DisablePostBindingLogout = false,
DisablePostBindingResponse = false,
DisableUsingJwksUrl = false,
GuiOrder = "string",
HideOnLoginPage = false,
AllowedClockSkew = 0,
Base64SamlMetadataDocument = "string",
SamlMetadataUrl = "string",
NameIdPolicyFormat = "string",
SamlXmlKeyNameTranformer = "string",
SignatureType = "string",
SigningCertificate = "string",
SingleLogoutServiceUrl = "string",
BackChannelSupported = false,
SyncMode = "string",
WantAssertionsEncrypted = false,
XmlSigKeyInfoKeyNameTransformer = "string",
},
AddReadTokenRoleOnCreate = false,
Disabled = false,
DisplayName = "string",
FirstBrokerLoginFlowAlias = "string",
InternalId = "string",
LinkOnly = false,
PostBrokerLoginFlowAlias = "string",
ProviderId = "string",
StoreToken = false,
TrustEmail = false,
},
DraftAlias = "string",
});
example, err := cyral.NewIntegrationIdpForgerock(ctx, "integrationIdpForgerockResource", &cyral.IntegrationIdpForgerockArgs{
Samlp: &cyral.IntegrationIdpForgerockSamlpArgs{
Config: &cyral.IntegrationIdpForgerockSamlpConfigArgs{
SingleSignOnServiceUrl: pulumi.String("string"),
LdapGroupAttribute: pulumi.String("string"),
PrincipalType: pulumi.String("string"),
DisableForceAuthentication: pulumi.Bool(false),
DisablePostBindingAuthnRequest: pulumi.Bool(false),
DisablePostBindingLogout: pulumi.Bool(false),
DisablePostBindingResponse: pulumi.Bool(false),
DisableUsingJwksUrl: pulumi.Bool(false),
GuiOrder: pulumi.String("string"),
HideOnLoginPage: pulumi.Bool(false),
AllowedClockSkew: pulumi.Float64(0),
Base64SamlMetadataDocument: pulumi.String("string"),
SamlMetadataUrl: pulumi.String("string"),
NameIdPolicyFormat: pulumi.String("string"),
SamlXmlKeyNameTranformer: pulumi.String("string"),
SignatureType: pulumi.String("string"),
SigningCertificate: pulumi.String("string"),
SingleLogoutServiceUrl: pulumi.String("string"),
BackChannelSupported: pulumi.Bool(false),
SyncMode: pulumi.String("string"),
WantAssertionsEncrypted: pulumi.Bool(false),
XmlSigKeyInfoKeyNameTransformer: pulumi.String("string"),
},
AddReadTokenRoleOnCreate: pulumi.Bool(false),
Disabled: pulumi.Bool(false),
DisplayName: pulumi.String("string"),
FirstBrokerLoginFlowAlias: pulumi.String("string"),
InternalId: pulumi.String("string"),
LinkOnly: pulumi.Bool(false),
PostBrokerLoginFlowAlias: pulumi.String("string"),
ProviderId: pulumi.String("string"),
StoreToken: pulumi.Bool(false),
TrustEmail: pulumi.Bool(false),
},
DraftAlias: pulumi.String("string"),
})
var integrationIdpForgerockResource = new IntegrationIdpForgerock("integrationIdpForgerockResource", IntegrationIdpForgerockArgs.builder()
.samlp(IntegrationIdpForgerockSamlpArgs.builder()
.config(IntegrationIdpForgerockSamlpConfigArgs.builder()
.singleSignOnServiceUrl("string")
.ldapGroupAttribute("string")
.principalType("string")
.disableForceAuthentication(false)
.disablePostBindingAuthnRequest(false)
.disablePostBindingLogout(false)
.disablePostBindingResponse(false)
.disableUsingJwksUrl(false)
.guiOrder("string")
.hideOnLoginPage(false)
.allowedClockSkew(0.0)
.base64SamlMetadataDocument("string")
.samlMetadataUrl("string")
.nameIdPolicyFormat("string")
.samlXmlKeyNameTranformer("string")
.signatureType("string")
.signingCertificate("string")
.singleLogoutServiceUrl("string")
.backChannelSupported(false)
.syncMode("string")
.wantAssertionsEncrypted(false)
.xmlSigKeyInfoKeyNameTransformer("string")
.build())
.addReadTokenRoleOnCreate(false)
.disabled(false)
.displayName("string")
.firstBrokerLoginFlowAlias("string")
.internalId("string")
.linkOnly(false)
.postBrokerLoginFlowAlias("string")
.providerId("string")
.storeToken(false)
.trustEmail(false)
.build())
.draftAlias("string")
.build());
integration_idp_forgerock_resource = cyral.IntegrationIdpForgerock("integrationIdpForgerockResource",
samlp={
"config": {
"single_sign_on_service_url": "string",
"ldap_group_attribute": "string",
"principal_type": "string",
"disable_force_authentication": False,
"disable_post_binding_authn_request": False,
"disable_post_binding_logout": False,
"disable_post_binding_response": False,
"disable_using_jwks_url": False,
"gui_order": "string",
"hide_on_login_page": False,
"allowed_clock_skew": 0,
"base64_saml_metadata_document": "string",
"saml_metadata_url": "string",
"name_id_policy_format": "string",
"saml_xml_key_name_tranformer": "string",
"signature_type": "string",
"signing_certificate": "string",
"single_logout_service_url": "string",
"back_channel_supported": False,
"sync_mode": "string",
"want_assertions_encrypted": False,
"xml_sig_key_info_key_name_transformer": "string",
},
"add_read_token_role_on_create": False,
"disabled": False,
"display_name": "string",
"first_broker_login_flow_alias": "string",
"internal_id": "string",
"link_only": False,
"post_broker_login_flow_alias": "string",
"provider_id": "string",
"store_token": False,
"trust_email": False,
},
draft_alias="string")
const integrationIdpForgerockResource = new cyral.IntegrationIdpForgerock("integrationIdpForgerockResource", {
samlp: {
config: {
singleSignOnServiceUrl: "string",
ldapGroupAttribute: "string",
principalType: "string",
disableForceAuthentication: false,
disablePostBindingAuthnRequest: false,
disablePostBindingLogout: false,
disablePostBindingResponse: false,
disableUsingJwksUrl: false,
guiOrder: "string",
hideOnLoginPage: false,
allowedClockSkew: 0,
base64SamlMetadataDocument: "string",
samlMetadataUrl: "string",
nameIdPolicyFormat: "string",
samlXmlKeyNameTranformer: "string",
signatureType: "string",
signingCertificate: "string",
singleLogoutServiceUrl: "string",
backChannelSupported: false,
syncMode: "string",
wantAssertionsEncrypted: false,
xmlSigKeyInfoKeyNameTransformer: "string",
},
addReadTokenRoleOnCreate: false,
disabled: false,
displayName: "string",
firstBrokerLoginFlowAlias: "string",
internalId: "string",
linkOnly: false,
postBrokerLoginFlowAlias: "string",
providerId: "string",
storeToken: false,
trustEmail: false,
},
draftAlias: "string",
});
type: cyral:IntegrationIdpForgerock
properties:
draftAlias: string
samlp:
addReadTokenRoleOnCreate: false
config:
allowedClockSkew: 0
backChannelSupported: false
base64SamlMetadataDocument: string
disableForceAuthentication: false
disablePostBindingAuthnRequest: false
disablePostBindingLogout: false
disablePostBindingResponse: false
disableUsingJwksUrl: false
guiOrder: string
hideOnLoginPage: false
ldapGroupAttribute: string
nameIdPolicyFormat: string
principalType: string
samlMetadataUrl: string
samlXmlKeyNameTranformer: string
signatureType: string
signingCertificate: string
singleLogoutServiceUrl: string
singleSignOnServiceUrl: string
syncMode: string
wantAssertionsEncrypted: false
xmlSigKeyInfoKeyNameTransformer: string
disabled: false
displayName: string
firstBrokerLoginFlowAlias: string
internalId: string
linkOnly: false
postBrokerLoginFlowAlias: string
providerId: string
storeToken: false
trustEmail: false
IntegrationIdpForgerock Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IntegrationIdpForgerock resource accepts the following input properties:
- Samlp
Integration
Idp Forgerock Samlp - It contains the top-level configuration for an identity provider.
- Draft
Alias string - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"".
- Samlp
Integration
Idp Forgerock Samlp Args - It contains the top-level configuration for an identity provider.
- Draft
Alias string - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"".
- samlp
Integration
Idp Forgerock Samlp - It contains the top-level configuration for an identity provider.
- draft
Alias String - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"".
- samlp
Integration
Idp Forgerock Samlp - It contains the top-level configuration for an identity provider.
- draft
Alias string - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"".
- samlp
Integration
Idp Forgerock Samlp Args - It contains the top-level configuration for an identity provider.
- draft_
alias str - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"".
- samlp Property Map
- It contains the top-level configuration for an identity provider.
- draft
Alias String - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"".
Outputs
All input properties are implicitly available as output properties. Additionally, the IntegrationIdpForgerock resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing IntegrationIdpForgerock Resource
Get an existing IntegrationIdpForgerock resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IntegrationIdpForgerockState, opts?: CustomResourceOptions): IntegrationIdpForgerock@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
draft_alias: Optional[str] = None,
samlp: Optional[IntegrationIdpForgerockSamlpArgs] = None) -> IntegrationIdpForgerockfunc GetIntegrationIdpForgerock(ctx *Context, name string, id IDInput, state *IntegrationIdpForgerockState, opts ...ResourceOption) (*IntegrationIdpForgerock, error)public static IntegrationIdpForgerock Get(string name, Input<string> id, IntegrationIdpForgerockState? state, CustomResourceOptions? opts = null)public static IntegrationIdpForgerock get(String name, Output<String> id, IntegrationIdpForgerockState state, CustomResourceOptions options)resources: _: type: cyral:IntegrationIdpForgerock get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Draft
Alias string - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"". - Samlp
Integration
Idp Forgerock Samlp - It contains the top-level configuration for an identity provider.
- Draft
Alias string - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"". - Samlp
Integration
Idp Forgerock Samlp Args - It contains the top-level configuration for an identity provider.
- draft
Alias String - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"". - samlp
Integration
Idp Forgerock Samlp - It contains the top-level configuration for an identity provider.
- draft
Alias string - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"". - samlp
Integration
Idp Forgerock Samlp - It contains the top-level configuration for an identity provider.
- draft_
alias str - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"". - samlp
Integration
Idp Forgerock Samlp Args - It contains the top-level configuration for an identity provider.
- draft
Alias String - An
aliasthat uniquely identifies a IdP Integration draft. If set, will delete any correspondent draft and create a new IdP Integration with the samealias. Defaults to"". - samlp Property Map
- It contains the top-level configuration for an identity provider.
Supporting Types
IntegrationIdpForgerockSamlp, IntegrationIdpForgerockSamlpArgs
- Config
Integration
Idp Forgerock Samlp Config - SAML configuration for this IdP Integration.
- Add
Read boolToken Role On Create - Adds read token role on creation. Defaults to
false. - Disabled bool
- Disable maps to Keycloak's
enabledfield. Defaults tofalse. - Display
Name string - Name of the IdP Integration displayed in the control plane. Defaults to
Forgerock - First
Broker stringLogin Flow Alias - Alias of authentication flow, which is triggered after
First Loginwith this identity provider. TermFirst Loginmeans that no Keycloak account is currently linked to the authenticated identity provider account. Defaults toSAML_First_Broker. - Internal
Id string - An ID that is auto-generated internally for this IdP Integration.
- Link
Only bool - If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to
false. - Post
Broker stringLogin Flow Alias - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to
"". - Provider
Id string - This is the provider ID of
saml. Defaults tosaml. - Store
Token bool - Enable if tokens must be stored after authenticating users. Defaults to
false. - Trust
Email bool - If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to
false.
- Config
Integration
Idp Forgerock Samlp Config - SAML configuration for this IdP Integration.
- Add
Read boolToken Role On Create - Adds read token role on creation. Defaults to
false. - Disabled bool
- Disable maps to Keycloak's
enabledfield. Defaults tofalse. - Display
Name string - Name of the IdP Integration displayed in the control plane. Defaults to
Forgerock - First
Broker stringLogin Flow Alias - Alias of authentication flow, which is triggered after
First Loginwith this identity provider. TermFirst Loginmeans that no Keycloak account is currently linked to the authenticated identity provider account. Defaults toSAML_First_Broker. - Internal
Id string - An ID that is auto-generated internally for this IdP Integration.
- Link
Only bool - If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to
false. - Post
Broker stringLogin Flow Alias - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to
"". - Provider
Id string - This is the provider ID of
saml. Defaults tosaml. - Store
Token bool - Enable if tokens must be stored after authenticating users. Defaults to
false. - Trust
Email bool - If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to
false.
- config
Integration
Idp Forgerock Samlp Config - SAML configuration for this IdP Integration.
- add
Read BooleanToken Role On Create - Adds read token role on creation. Defaults to
false. - disabled Boolean
- Disable maps to Keycloak's
enabledfield. Defaults tofalse. - display
Name String - Name of the IdP Integration displayed in the control plane. Defaults to
Forgerock - first
Broker StringLogin Flow Alias - Alias of authentication flow, which is triggered after
First Loginwith this identity provider. TermFirst Loginmeans that no Keycloak account is currently linked to the authenticated identity provider account. Defaults toSAML_First_Broker. - internal
Id String - An ID that is auto-generated internally for this IdP Integration.
- link
Only Boolean - If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to
false. - post
Broker StringLogin Flow Alias - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to
"". - provider
Id String - This is the provider ID of
saml. Defaults tosaml. - store
Token Boolean - Enable if tokens must be stored after authenticating users. Defaults to
false. - trust
Email Boolean - If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to
false.
- config
Integration
Idp Forgerock Samlp Config - SAML configuration for this IdP Integration.
- add
Read booleanToken Role On Create - Adds read token role on creation. Defaults to
false. - disabled boolean
- Disable maps to Keycloak's
enabledfield. Defaults tofalse. - display
Name string - Name of the IdP Integration displayed in the control plane. Defaults to
Forgerock - first
Broker stringLogin Flow Alias - Alias of authentication flow, which is triggered after
First Loginwith this identity provider. TermFirst Loginmeans that no Keycloak account is currently linked to the authenticated identity provider account. Defaults toSAML_First_Broker. - internal
Id string - An ID that is auto-generated internally for this IdP Integration.
- link
Only boolean - If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to
false. - post
Broker stringLogin Flow Alias - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to
"". - provider
Id string - This is the provider ID of
saml. Defaults tosaml. - store
Token boolean - Enable if tokens must be stored after authenticating users. Defaults to
false. - trust
Email boolean - If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to
false.
- config
Integration
Idp Forgerock Samlp Config - SAML configuration for this IdP Integration.
- add_
read_ booltoken_ role_ on_ create - Adds read token role on creation. Defaults to
false. - disabled bool
- Disable maps to Keycloak's
enabledfield. Defaults tofalse. - display_
name str - Name of the IdP Integration displayed in the control plane. Defaults to
Forgerock - first_
broker_ strlogin_ flow_ alias - Alias of authentication flow, which is triggered after
First Loginwith this identity provider. TermFirst Loginmeans that no Keycloak account is currently linked to the authenticated identity provider account. Defaults toSAML_First_Broker. - internal_
id str - An ID that is auto-generated internally for this IdP Integration.
- link_
only bool - If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to
false. - post_
broker_ strlogin_ flow_ alias - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to
"". - provider_
id str - This is the provider ID of
saml. Defaults tosaml. - store_
token bool - Enable if tokens must be stored after authenticating users. Defaults to
false. - trust_
email bool - If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to
false.
- config Property Map
- SAML configuration for this IdP Integration.
- add
Read BooleanToken Role On Create - Adds read token role on creation. Defaults to
false. - disabled Boolean
- Disable maps to Keycloak's
enabledfield. Defaults tofalse. - display
Name String - Name of the IdP Integration displayed in the control plane. Defaults to
Forgerock - first
Broker StringLogin Flow Alias - Alias of authentication flow, which is triggered after
First Loginwith this identity provider. TermFirst Loginmeans that no Keycloak account is currently linked to the authenticated identity provider account. Defaults toSAML_First_Broker. - internal
Id String - An ID that is auto-generated internally for this IdP Integration.
- link
Only Boolean - If true, users cannot log in through this identity provider. They can only link to this identity provider. This is useful if you don't want to allow login from the identity provider, but want to integrate with an identity provider. Defaults to
false. - post
Broker StringLogin Flow Alias - Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you need no any additional authenticators to be triggered after login with this identity provider. Defaults to
"". - provider
Id String - This is the provider ID of
saml. Defaults tosaml. - store
Token Boolean - Enable if tokens must be stored after authenticating users. Defaults to
false. - trust
Email Boolean - If the identity provider supplies an email address this email address will be trusted. If the realm required email validation, users that log in from this identity provider will not have to go through the email verification process. Defaults to
false.
IntegrationIdpForgerockSamlpConfig, IntegrationIdpForgerockSamlpConfigArgs
- Single
Sign stringOn Service Url - URL that must be used to send authentication requests (SAML AuthnRequest).
- Allowed
Clock doubleSkew - Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to
0. - Back
Channel boolSupported - Defaults to
falseif unset. - Base64Saml
Metadata stringDocument - Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to
"". - Disable
Force boolAuthentication - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to
false - Disable
Post boolBinding Authn Request - Indicates whether the AuthnRequest must be sent using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - Disable
Post boolBinding Logout - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - Disable
Post boolBinding Response - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - Disable
Using boolJwks Url - By default, the jwks URL is used for all SAML connections. Defaults to
false. - Gui
Order string - GUI order. Defaults to
"". - Hide
On boolLogin Page - Defaults to
falseif unset. - Ldap
Group stringAttribute - Type of
LDAP Group RDNthat identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion iscn=Everyone,ou=groups,dc=openam,dc=forgerock,dc=organd theLDAP Group RDNType iscnCyral will interpretEveryoneas the group name. - Name
Id stringPolicy Format - Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedif unset. - Principal
Type string - Defaults to
SUBJECTif unset. - Saml
Metadata stringUrl - This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to
"". - Saml
Xml stringKey Name Tranformer - Defaults to
KEY_IDif unset. - Signature
Type string - Defaults to
RSA_SHA256if unset. - Signing
Certificate string - Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to
"". - Single
Logout stringService Url - URL that must be used to send logout requests. Defaults to
"". - Sync
Mode string - Defaults to
FORCEif unset. - Want
Assertions boolEncrypted - Indicates whether the service provider expects an encrypted Assertion. Defaults to
false. - Xml
Sig stringKey Info Key Name Transformer - Defaults to
KEY_IDif unset.
- Single
Sign stringOn Service Url - URL that must be used to send authentication requests (SAML AuthnRequest).
- Allowed
Clock float64Skew - Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to
0. - Back
Channel boolSupported - Defaults to
falseif unset. - Base64Saml
Metadata stringDocument - Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to
"". - Disable
Force boolAuthentication - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to
false - Disable
Post boolBinding Authn Request - Indicates whether the AuthnRequest must be sent using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - Disable
Post boolBinding Logout - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - Disable
Post boolBinding Response - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - Disable
Using boolJwks Url - By default, the jwks URL is used for all SAML connections. Defaults to
false. - Gui
Order string - GUI order. Defaults to
"". - Hide
On boolLogin Page - Defaults to
falseif unset. - Ldap
Group stringAttribute - Type of
LDAP Group RDNthat identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion iscn=Everyone,ou=groups,dc=openam,dc=forgerock,dc=organd theLDAP Group RDNType iscnCyral will interpretEveryoneas the group name. - Name
Id stringPolicy Format - Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedif unset. - Principal
Type string - Defaults to
SUBJECTif unset. - Saml
Metadata stringUrl - This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to
"". - Saml
Xml stringKey Name Tranformer - Defaults to
KEY_IDif unset. - Signature
Type string - Defaults to
RSA_SHA256if unset. - Signing
Certificate string - Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to
"". - Single
Logout stringService Url - URL that must be used to send logout requests. Defaults to
"". - Sync
Mode string - Defaults to
FORCEif unset. - Want
Assertions boolEncrypted - Indicates whether the service provider expects an encrypted Assertion. Defaults to
false. - Xml
Sig stringKey Info Key Name Transformer - Defaults to
KEY_IDif unset.
- single
Sign StringOn Service Url - URL that must be used to send authentication requests (SAML AuthnRequest).
- allowed
Clock DoubleSkew - Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to
0. - back
Channel BooleanSupported - Defaults to
falseif unset. - base64Saml
Metadata StringDocument - Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to
"". - disable
Force BooleanAuthentication - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to
false - disable
Post BooleanBinding Authn Request - Indicates whether the AuthnRequest must be sent using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Post BooleanBinding Logout - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Post BooleanBinding Response - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Using BooleanJwks Url - By default, the jwks URL is used for all SAML connections. Defaults to
false. - gui
Order String - GUI order. Defaults to
"". - hide
On BooleanLogin Page - Defaults to
falseif unset. - ldap
Group StringAttribute - Type of
LDAP Group RDNthat identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion iscn=Everyone,ou=groups,dc=openam,dc=forgerock,dc=organd theLDAP Group RDNType iscnCyral will interpretEveryoneas the group name. - name
Id StringPolicy Format - Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedif unset. - principal
Type String - Defaults to
SUBJECTif unset. - saml
Metadata StringUrl - This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to
"". - saml
Xml StringKey Name Tranformer - Defaults to
KEY_IDif unset. - signature
Type String - Defaults to
RSA_SHA256if unset. - signing
Certificate String - Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to
"". - single
Logout StringService Url - URL that must be used to send logout requests. Defaults to
"". - sync
Mode String - Defaults to
FORCEif unset. - want
Assertions BooleanEncrypted - Indicates whether the service provider expects an encrypted Assertion. Defaults to
false. - xml
Sig StringKey Info Key Name Transformer - Defaults to
KEY_IDif unset.
- single
Sign stringOn Service Url - URL that must be used to send authentication requests (SAML AuthnRequest).
- allowed
Clock numberSkew - Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to
0. - back
Channel booleanSupported - Defaults to
falseif unset. - base64Saml
Metadata stringDocument - Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to
"". - disable
Force booleanAuthentication - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to
false - disable
Post booleanBinding Authn Request - Indicates whether the AuthnRequest must be sent using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Post booleanBinding Logout - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Post booleanBinding Response - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Using booleanJwks Url - By default, the jwks URL is used for all SAML connections. Defaults to
false. - gui
Order string - GUI order. Defaults to
"". - hide
On booleanLogin Page - Defaults to
falseif unset. - ldap
Group stringAttribute - Type of
LDAP Group RDNthat identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion iscn=Everyone,ou=groups,dc=openam,dc=forgerock,dc=organd theLDAP Group RDNType iscnCyral will interpretEveryoneas the group name. - name
Id stringPolicy Format - Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedif unset. - principal
Type string - Defaults to
SUBJECTif unset. - saml
Metadata stringUrl - This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to
"". - saml
Xml stringKey Name Tranformer - Defaults to
KEY_IDif unset. - signature
Type string - Defaults to
RSA_SHA256if unset. - signing
Certificate string - Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to
"". - single
Logout stringService Url - URL that must be used to send logout requests. Defaults to
"". - sync
Mode string - Defaults to
FORCEif unset. - want
Assertions booleanEncrypted - Indicates whether the service provider expects an encrypted Assertion. Defaults to
false. - xml
Sig stringKey Info Key Name Transformer - Defaults to
KEY_IDif unset.
- single_
sign_ stron_ service_ url - URL that must be used to send authentication requests (SAML AuthnRequest).
- allowed_
clock_ floatskew - Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to
0. - back_
channel_ boolsupported - Defaults to
falseif unset. - base64_
saml_ strmetadata_ document - Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to
"". - disable_
force_ boolauthentication - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to
false - disable_
post_ boolbinding_ authn_ request - Indicates whether the AuthnRequest must be sent using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable_
post_ boolbinding_ logout - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable_
post_ boolbinding_ response - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable_
using_ booljwks_ url - By default, the jwks URL is used for all SAML connections. Defaults to
false. - gui_
order str - GUI order. Defaults to
"". - hide_
on_ boollogin_ page - Defaults to
falseif unset. - ldap_
group_ strattribute - Type of
LDAP Group RDNthat identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion iscn=Everyone,ou=groups,dc=openam,dc=forgerock,dc=organd theLDAP Group RDNType iscnCyral will interpretEveryoneas the group name. - name_
id_ strpolicy_ format - Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedif unset. - principal_
type str - Defaults to
SUBJECTif unset. - saml_
metadata_ strurl - This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to
"". - saml_
xml_ strkey_ name_ tranformer - Defaults to
KEY_IDif unset. - signature_
type str - Defaults to
RSA_SHA256if unset. - signing_
certificate str - Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to
"". - single_
logout_ strservice_ url - URL that must be used to send logout requests. Defaults to
"". - sync_
mode str - Defaults to
FORCEif unset. - want_
assertions_ boolencrypted - Indicates whether the service provider expects an encrypted Assertion. Defaults to
false. - xml_
sig_ strkey_ info_ key_ name_ transformer - Defaults to
KEY_IDif unset.
- single
Sign StringOn Service Url - URL that must be used to send authentication requests (SAML AuthnRequest).
- allowed
Clock NumberSkew - Clock skew in seconds that is tolerated when validating identity provider tokens. Defaults to
0. - back
Channel BooleanSupported - Defaults to
falseif unset. - base64Saml
Metadata StringDocument - Full SAML metadata document that was used to import the SAML configuration, Base64 encoded. Defaults to
"". - disable
Force BooleanAuthentication - Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context. Defaults to
false - disable
Post BooleanBinding Authn Request - Indicates whether the AuthnRequest must be sent using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Post BooleanBinding Logout - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Post BooleanBinding Response - Indicates whether to respond to requests using
HTTP-POSTbinding. Iftrue,HTTP-REDIRECTbinding will be used. Defaults tofalse. - disable
Using BooleanJwks Url - By default, the jwks URL is used for all SAML connections. Defaults to
false. - gui
Order String - GUI order. Defaults to
"". - hide
On BooleanLogin Page - Defaults to
falseif unset. - ldap
Group StringAttribute - Type of
LDAP Group RDNthat identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion iscn=Everyone,ou=groups,dc=openam,dc=forgerock,dc=organd theLDAP Group RDNType iscnCyral will interpretEveryoneas the group name. - name
Id StringPolicy Format - Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedif unset. - principal
Type String - Defaults to
SUBJECTif unset. - saml
Metadata StringUrl - This is the full SAML metadata URL that was used to import the SAML configuration. Defaults to
"". - saml
Xml StringKey Name Tranformer - Defaults to
KEY_IDif unset. - signature
Type String - Defaults to
RSA_SHA256if unset. - signing
Certificate String - Signing certificate used to validate signatures. Required if signature validation is enabled. Defaults to
"". - single
Logout StringService Url - URL that must be used to send logout requests. Defaults to
"". - sync
Mode String - Defaults to
FORCEif unset. - want
Assertions BooleanEncrypted - Indicates whether the service provider expects an encrypted Assertion. Defaults to
false. - xml
Sig StringKey Info Key Name Transformer - Defaults to
KEY_IDif unset.
Package Details
- Repository
- cyral cyralinc/terraform-provider-cyral
- License
- Notes
- This Pulumi package is based on the
cyralTerraform Provider.