saml

package
v3.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client 

type Client struct {
	pulumi.CustomResourceState

	// SAML POST Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerPostUrl pulumi.StringPtrOutput `pulumi:"assertionConsumerPostUrl"`
	// SAML Redirect Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerRedirectUrl pulumi.StringPtrOutput `pulumi:"assertionConsumerRedirectUrl"`
	// Override realm authentication flow bindings
	AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrOutput `pulumi:"authenticationFlowBindingOverrides"`
	// When specified, this URL will be used whenever Keycloak needs to link to this client.
	BaseUrl pulumi.StringPtrOutput `pulumi:"baseUrl"`
	// The unique ID of this client, referenced in the URI during authentication and in issued tokens.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`.
	ClientSignatureRequired pulumi.BoolOutput `pulumi:"clientSignatureRequired"`
	// The description of this client in the GUI.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key.
	EncryptAssertions pulumi.BoolOutput `pulumi:"encryptAssertions"`
	// If assertions for the client are encrypted, this certificate will be used for encryption.
	EncryptionCertificate pulumi.StringPtrOutput `pulumi:"encryptionCertificate"`
	// Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead.
	ForceNameIdFormat pulumi.BoolOutput `pulumi:"forceNameIdFormat"`
	// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding.
	ForcePostBinding pulumi.BoolOutput `pulumi:"forcePostBinding"`
	// When `true`, this client will require a browser redirect in order to perform a logout.
	FrontChannelLogout pulumi.BoolOutput `pulumi:"frontChannelLogout"`
	// - Allow to include all roles mappings in the access token
	FullScopeAllowed pulumi.BoolPtrOutput `pulumi:"fullScopeAllowed"`
	// Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
	IdpInitiatedSsoRelayState pulumi.StringPtrOutput `pulumi:"idpInitiatedSsoRelayState"`
	// URL fragment name to reference client when you want to do IDP Initiated SSO.
	IdpInitiatedSsoUrlName pulumi.StringPtrOutput `pulumi:"idpInitiatedSsoUrlName"`
	// When `true`, an `AuthnStatement` will be included in the SAML response.
	IncludeAuthnStatement pulumi.BoolOutput `pulumi:"includeAuthnStatement"`
	// SAML POST Binding URL for the client's single logout service.
	LogoutServicePostBindingUrl pulumi.StringPtrOutput `pulumi:"logoutServicePostBindingUrl"`
	// SAML Redirect Binding URL for the client's single logout service.
	LogoutServiceRedirectBindingUrl pulumi.StringPtrOutput `pulumi:"logoutServiceRedirectBindingUrl"`
	// When specified, this URL will be used for all SAML requests.
	MasterSamlProcessingUrl pulumi.StringPtrOutput `pulumi:"masterSamlProcessingUrl"`
	// The display name of this client in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// Sets the Name ID format for the subject.
	NameIdFormat pulumi.StringOutput `pulumi:"nameIdFormat"`
	// The realm this client is attached to.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// When specified, this value is prepended to all relative URLs.
	RootUrl pulumi.StringPtrOutput `pulumi:"rootUrl"`
	// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response.
	SignAssertions pulumi.BoolOutput `pulumi:"signAssertions"`
	// When `true`, the SAML document will be signed by Keycloak using the realm's private key.
	SignDocuments pulumi.BoolOutput `pulumi:"signDocuments"`
	// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA512", or "DSA_SHA1".
	SignatureAlgorithm pulumi.StringPtrOutput `pulumi:"signatureAlgorithm"`
	// If documents or assertions from the client are signed, this certificate will be used to verify the signature.
	SigningCertificate pulumi.StringPtrOutput `pulumi:"signingCertificate"`
	// If documents or assertions from the client are signed, this private key will be used to verify the signature.
	SigningPrivateKey pulumi.StringPtrOutput `pulumi:"signingPrivateKey"`
	// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
	ValidRedirectUris pulumi.StringArrayOutput `pulumi:"validRedirectUris"`
}

Allows for creating and managing Keycloak clients that use the SAML protocol.

Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO.

## Import

Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID. Examplebash

```sh 

$ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352

```

func GetClient 

func GetClient(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ClientState, opts ...pulumi.ResourceOption) (*Client, error)

GetClient gets an existing Client resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewClient 

func NewClient(ctx *pulumi.Context,
	name string, args *ClientArgs, opts ...pulumi.ResourceOption) (*Client, error)

NewClient registers a new resource with the given unique name, arguments, and options.

func (*Client) ElementType added in v3.1.1 

func (*Client) ElementType() reflect.Type

func (*Client) ToClientOutput added in v3.1.1 

func (i *Client) ToClientOutput() ClientOutput

func (*Client) ToClientOutputWithContext added in v3.1.1 

func (i *Client) ToClientOutputWithContext(ctx context.Context) ClientOutput

func (*Client) ToClientPtrOutput added in v3.4.1 

func (i *Client) ToClientPtrOutput() ClientPtrOutput

func (*Client) ToClientPtrOutputWithContext added in v3.4.1 

func (i *Client) ToClientPtrOutputWithContext(ctx context.Context) ClientPtrOutput

type ClientArgs 

type ClientArgs struct {
	// SAML POST Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerPostUrl pulumi.StringPtrInput
	// SAML Redirect Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerRedirectUrl pulumi.StringPtrInput
	// Override realm authentication flow bindings
	AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput
	// When specified, this URL will be used whenever Keycloak needs to link to this client.
	BaseUrl pulumi.StringPtrInput
	// The unique ID of this client, referenced in the URI during authentication and in issued tokens.
	ClientId pulumi.StringInput
	// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`.
	ClientSignatureRequired pulumi.BoolPtrInput
	// The description of this client in the GUI.
	Description pulumi.StringPtrInput
	// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key.
	EncryptAssertions pulumi.BoolPtrInput
	// If assertions for the client are encrypted, this certificate will be used for encryption.
	EncryptionCertificate pulumi.StringPtrInput
	// Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead.
	ForceNameIdFormat pulumi.BoolPtrInput
	// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding.
	ForcePostBinding pulumi.BoolPtrInput
	// When `true`, this client will require a browser redirect in order to perform a logout.
	FrontChannelLogout pulumi.BoolPtrInput
	// - Allow to include all roles mappings in the access token
	FullScopeAllowed pulumi.BoolPtrInput
	// Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
	IdpInitiatedSsoRelayState pulumi.StringPtrInput
	// URL fragment name to reference client when you want to do IDP Initiated SSO.
	IdpInitiatedSsoUrlName pulumi.StringPtrInput
	// When `true`, an `AuthnStatement` will be included in the SAML response.
	IncludeAuthnStatement pulumi.BoolPtrInput
	// SAML POST Binding URL for the client's single logout service.
	LogoutServicePostBindingUrl pulumi.StringPtrInput
	// SAML Redirect Binding URL for the client's single logout service.
	LogoutServiceRedirectBindingUrl pulumi.StringPtrInput
	// When specified, this URL will be used for all SAML requests.
	MasterSamlProcessingUrl pulumi.StringPtrInput
	// The display name of this client in the GUI.
	Name pulumi.StringPtrInput
	// Sets the Name ID format for the subject.
	NameIdFormat pulumi.StringPtrInput
	// The realm this client is attached to.
	RealmId pulumi.StringInput
	// When specified, this value is prepended to all relative URLs.
	RootUrl pulumi.StringPtrInput
	// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response.
	SignAssertions pulumi.BoolPtrInput
	// When `true`, the SAML document will be signed by Keycloak using the realm's private key.
	SignDocuments pulumi.BoolPtrInput
	// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA512", or "DSA_SHA1".
	SignatureAlgorithm pulumi.StringPtrInput
	// If documents or assertions from the client are signed, this certificate will be used to verify the signature.
	SigningCertificate pulumi.StringPtrInput
	// If documents or assertions from the client are signed, this private key will be used to verify the signature.
	SigningPrivateKey pulumi.StringPtrInput
	// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
	ValidRedirectUris pulumi.StringArrayInput
}

The set of arguments for constructing a Client resource.

func (ClientArgs) ElementType 

func (ClientArgs) ElementType() reflect.Type

type ClientArray added in v3.4.1 

type ClientArray []ClientInput

func (ClientArray) ElementType added in v3.4.1 

func (ClientArray) ElementType() reflect.Type

func (ClientArray) ToClientArrayOutput added in v3.4.1 

func (i ClientArray) ToClientArrayOutput() ClientArrayOutput

func (ClientArray) ToClientArrayOutputWithContext added in v3.4.1 

func (i ClientArray) ToClientArrayOutputWithContext(ctx context.Context) ClientArrayOutput

type ClientArrayInput added in v3.4.1 

type ClientArrayInput interface {
	pulumi.Input

	ToClientArrayOutput() ClientArrayOutput
	ToClientArrayOutputWithContext(context.Context) ClientArrayOutput
}

ClientArrayInput is an input type that accepts ClientArray and ClientArrayOutput values. You can construct a concrete instance of `ClientArrayInput` via: 

ClientArray{ ClientArgs{...} }

type ClientArrayOutput added in v3.4.1 

type ClientArrayOutput struct{ *pulumi.OutputState }

func (ClientArrayOutput) ElementType added in v3.4.1 

func (ClientArrayOutput) ElementType() reflect.Type

func (ClientArrayOutput) Index added in v3.4.1 

func (o ClientArrayOutput) Index(i pulumi.IntInput) ClientOutput

func (ClientArrayOutput) ToClientArrayOutput added in v3.4.1 

func (o ClientArrayOutput) ToClientArrayOutput() ClientArrayOutput

func (ClientArrayOutput) ToClientArrayOutputWithContext added in v3.4.1 

func (o ClientArrayOutput) ToClientArrayOutputWithContext(ctx context.Context) ClientArrayOutput

type ClientAuthenticationFlowBindingOverrides added in v3.2.0 

type ClientAuthenticationFlowBindingOverrides struct {
	// Browser flow id, (flow needs to exist)
	BrowserId *string `pulumi:"browserId"`
	// Direct grant flow id (flow needs to exist)
	DirectGrantId *string `pulumi:"directGrantId"`
}

type ClientAuthenticationFlowBindingOverridesArgs added in v3.2.0 

type ClientAuthenticationFlowBindingOverridesArgs struct {
	// Browser flow id, (flow needs to exist)
	BrowserId pulumi.StringPtrInput `pulumi:"browserId"`
	// Direct grant flow id (flow needs to exist)
	DirectGrantId pulumi.StringPtrInput `pulumi:"directGrantId"`
}

func (ClientAuthenticationFlowBindingOverridesArgs) ElementType added in v3.2.0 

func (ClientAuthenticationFlowBindingOverridesArgs) ElementType() reflect.Type

func (ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesOutput added in v3.2.0 

func (i ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesOutput() ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesOutputWithContext added in v3.2.0 

func (i ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesPtrOutput added in v3.2.0 

func (i ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesPtrOutput() ClientAuthenticationFlowBindingOverridesPtrOutput

func (ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext added in v3.2.0 

func (i ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesPtrOutput

type ClientAuthenticationFlowBindingOverridesInput added in v3.2.0 

type ClientAuthenticationFlowBindingOverridesInput interface {
	pulumi.Input

	ToClientAuthenticationFlowBindingOverridesOutput() ClientAuthenticationFlowBindingOverridesOutput
	ToClientAuthenticationFlowBindingOverridesOutputWithContext(context.Context) ClientAuthenticationFlowBindingOverridesOutput
}

ClientAuthenticationFlowBindingOverridesInput is an input type that accepts ClientAuthenticationFlowBindingOverridesArgs and ClientAuthenticationFlowBindingOverridesOutput values. You can construct a concrete instance of `ClientAuthenticationFlowBindingOverridesInput` via: 

ClientAuthenticationFlowBindingOverridesArgs{...}

type ClientAuthenticationFlowBindingOverridesOutput added in v3.2.0 

type ClientAuthenticationFlowBindingOverridesOutput struct{ *pulumi.OutputState }

func (ClientAuthenticationFlowBindingOverridesOutput) BrowserId added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesOutput) BrowserId() pulumi.StringPtrOutput

Browser flow id, (flow needs to exist)

func (ClientAuthenticationFlowBindingOverridesOutput) DirectGrantId added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesOutput) DirectGrantId() pulumi.StringPtrOutput

Direct grant flow id (flow needs to exist)

func (ClientAuthenticationFlowBindingOverridesOutput) ElementType added in v3.2.0 

func (ClientAuthenticationFlowBindingOverridesOutput) ElementType() reflect.Type

func (ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesOutput added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesOutput() ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesOutputWithContext added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesPtrOutput added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesPtrOutput() ClientAuthenticationFlowBindingOverridesPtrOutput

func (ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesPtrOutput

type ClientAuthenticationFlowBindingOverridesPtrInput added in v3.2.0 

type ClientAuthenticationFlowBindingOverridesPtrInput interface {
	pulumi.Input

	ToClientAuthenticationFlowBindingOverridesPtrOutput() ClientAuthenticationFlowBindingOverridesPtrOutput
	ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext(context.Context) ClientAuthenticationFlowBindingOverridesPtrOutput
}

ClientAuthenticationFlowBindingOverridesPtrInput is an input type that accepts ClientAuthenticationFlowBindingOverridesArgs, ClientAuthenticationFlowBindingOverridesPtr and ClientAuthenticationFlowBindingOverridesPtrOutput values. You can construct a concrete instance of `ClientAuthenticationFlowBindingOverridesPtrInput` via: 

        ClientAuthenticationFlowBindingOverridesArgs{...}

or:

        nil

func ClientAuthenticationFlowBindingOverridesPtr added in v3.2.0 

func ClientAuthenticationFlowBindingOverridesPtr(v *ClientAuthenticationFlowBindingOverridesArgs) ClientAuthenticationFlowBindingOverridesPtrInput

type ClientAuthenticationFlowBindingOverridesPtrOutput added in v3.2.0 

type ClientAuthenticationFlowBindingOverridesPtrOutput struct{ *pulumi.OutputState }

func (ClientAuthenticationFlowBindingOverridesPtrOutput) BrowserId added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesPtrOutput) BrowserId() pulumi.StringPtrOutput

Browser flow id, (flow needs to exist)

func (ClientAuthenticationFlowBindingOverridesPtrOutput) DirectGrantId added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesPtrOutput) DirectGrantId() pulumi.StringPtrOutput

Direct grant flow id (flow needs to exist)

func (ClientAuthenticationFlowBindingOverridesPtrOutput) Elem added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesPtrOutput) Elem() ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesPtrOutput) ElementType added in v3.2.0 

func (ClientAuthenticationFlowBindingOverridesPtrOutput) ElementType() reflect.Type

func (ClientAuthenticationFlowBindingOverridesPtrOutput) ToClientAuthenticationFlowBindingOverridesPtrOutput added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesPtrOutput) ToClientAuthenticationFlowBindingOverridesPtrOutput() ClientAuthenticationFlowBindingOverridesPtrOutput

func (ClientAuthenticationFlowBindingOverridesPtrOutput) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext added in v3.2.0 

func (o ClientAuthenticationFlowBindingOverridesPtrOutput) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesPtrOutput

type ClientDefaultScope 

type ClientDefaultScope struct {
	pulumi.CustomResourceState

	// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// An array of client scope names to attach to this client.
	DefaultScopes pulumi.StringArrayOutput `pulumi:"defaultScopes"`
	// The realm this client and scopes exists in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

## Import

This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist on the server.

func GetClientDefaultScope 

func GetClientDefaultScope(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ClientDefaultScopeState, opts ...pulumi.ResourceOption) (*ClientDefaultScope, error)

GetClientDefaultScope gets an existing ClientDefaultScope resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewClientDefaultScope 

func NewClientDefaultScope(ctx *pulumi.Context,
	name string, args *ClientDefaultScopeArgs, opts ...pulumi.ResourceOption) (*ClientDefaultScope, error)

NewClientDefaultScope registers a new resource with the given unique name, arguments, and options.

func (*ClientDefaultScope) ElementType added in v3.1.1 

func (*ClientDefaultScope) ElementType() reflect.Type

func (*ClientDefaultScope) ToClientDefaultScopeOutput added in v3.1.1 

func (i *ClientDefaultScope) ToClientDefaultScopeOutput() ClientDefaultScopeOutput

func (*ClientDefaultScope) ToClientDefaultScopeOutputWithContext added in v3.1.1 

func (i *ClientDefaultScope) ToClientDefaultScopeOutputWithContext(ctx context.Context) ClientDefaultScopeOutput

func (*ClientDefaultScope) ToClientDefaultScopePtrOutput added in v3.4.1 

func (i *ClientDefaultScope) ToClientDefaultScopePtrOutput() ClientDefaultScopePtrOutput

func (*ClientDefaultScope) ToClientDefaultScopePtrOutputWithContext added in v3.4.1 

func (i *ClientDefaultScope) ToClientDefaultScopePtrOutputWithContext(ctx context.Context) ClientDefaultScopePtrOutput

type ClientDefaultScopeArgs 

type ClientDefaultScopeArgs struct {
	// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.
	ClientId pulumi.StringInput
	// An array of client scope names to attach to this client.
	DefaultScopes pulumi.StringArrayInput
	// The realm this client and scopes exists in.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a ClientDefaultScope resource.

func (ClientDefaultScopeArgs) ElementType 

func (ClientDefaultScopeArgs) ElementType() reflect.Type

type ClientDefaultScopeArray added in v3.4.1 

type ClientDefaultScopeArray []ClientDefaultScopeInput

func (ClientDefaultScopeArray) ElementType added in v3.4.1 

func (ClientDefaultScopeArray) ElementType() reflect.Type

func (ClientDefaultScopeArray) ToClientDefaultScopeArrayOutput added in v3.4.1 

func (i ClientDefaultScopeArray) ToClientDefaultScopeArrayOutput() ClientDefaultScopeArrayOutput

func (ClientDefaultScopeArray) ToClientDefaultScopeArrayOutputWithContext added in v3.4.1 

func (i ClientDefaultScopeArray) ToClientDefaultScopeArrayOutputWithContext(ctx context.Context) ClientDefaultScopeArrayOutput

type ClientDefaultScopeArrayInput added in v3.4.1 

type ClientDefaultScopeArrayInput interface {
	pulumi.Input

	ToClientDefaultScopeArrayOutput() ClientDefaultScopeArrayOutput
	ToClientDefaultScopeArrayOutputWithContext(context.Context) ClientDefaultScopeArrayOutput
}

ClientDefaultScopeArrayInput is an input type that accepts ClientDefaultScopeArray and ClientDefaultScopeArrayOutput values. You can construct a concrete instance of `ClientDefaultScopeArrayInput` via: 

ClientDefaultScopeArray{ ClientDefaultScopeArgs{...} }

type ClientDefaultScopeArrayOutput added in v3.4.1 

type ClientDefaultScopeArrayOutput struct{ *pulumi.OutputState }

func (ClientDefaultScopeArrayOutput) ElementType added in v3.4.1 

func (ClientDefaultScopeArrayOutput) ElementType() reflect.Type

func (ClientDefaultScopeArrayOutput) Index added in v3.4.1 

func (o ClientDefaultScopeArrayOutput) Index(i pulumi.IntInput) ClientDefaultScopeOutput

func (ClientDefaultScopeArrayOutput) ToClientDefaultScopeArrayOutput added in v3.4.1 

func (o ClientDefaultScopeArrayOutput) ToClientDefaultScopeArrayOutput() ClientDefaultScopeArrayOutput

func (ClientDefaultScopeArrayOutput) ToClientDefaultScopeArrayOutputWithContext added in v3.4.1 

func (o ClientDefaultScopeArrayOutput) ToClientDefaultScopeArrayOutputWithContext(ctx context.Context) ClientDefaultScopeArrayOutput

type ClientDefaultScopeInput added in v3.1.1 

type ClientDefaultScopeInput interface {
	pulumi.Input

	ToClientDefaultScopeOutput() ClientDefaultScopeOutput
	ToClientDefaultScopeOutputWithContext(ctx context.Context) ClientDefaultScopeOutput
}

type ClientDefaultScopeMap added in v3.4.1 

type ClientDefaultScopeMap map[string]ClientDefaultScopeInput

func (ClientDefaultScopeMap) ElementType added in v3.4.1 

func (ClientDefaultScopeMap) ElementType() reflect.Type

func (ClientDefaultScopeMap) ToClientDefaultScopeMapOutput added in v3.4.1 

func (i ClientDefaultScopeMap) ToClientDefaultScopeMapOutput() ClientDefaultScopeMapOutput

func (ClientDefaultScopeMap) ToClientDefaultScopeMapOutputWithContext added in v3.4.1 

func (i ClientDefaultScopeMap) ToClientDefaultScopeMapOutputWithContext(ctx context.Context) ClientDefaultScopeMapOutput

type ClientDefaultScopeMapInput added in v3.4.1 

type ClientDefaultScopeMapInput interface {
	pulumi.Input

	ToClientDefaultScopeMapOutput() ClientDefaultScopeMapOutput
	ToClientDefaultScopeMapOutputWithContext(context.Context) ClientDefaultScopeMapOutput
}

ClientDefaultScopeMapInput is an input type that accepts ClientDefaultScopeMap and ClientDefaultScopeMapOutput values. You can construct a concrete instance of `ClientDefaultScopeMapInput` via: 

ClientDefaultScopeMap{ "key": ClientDefaultScopeArgs{...} }

type ClientDefaultScopeMapOutput added in v3.4.1 

type ClientDefaultScopeMapOutput struct{ *pulumi.OutputState }

func (ClientDefaultScopeMapOutput) ElementType added in v3.4.1 

func (ClientDefaultScopeMapOutput) ElementType() reflect.Type

func (ClientDefaultScopeMapOutput) MapIndex added in v3.4.1 

func (o ClientDefaultScopeMapOutput) MapIndex(k pulumi.StringInput) ClientDefaultScopeOutput

func (ClientDefaultScopeMapOutput) ToClientDefaultScopeMapOutput added in v3.4.1 

func (o ClientDefaultScopeMapOutput) ToClientDefaultScopeMapOutput() ClientDefaultScopeMapOutput

func (ClientDefaultScopeMapOutput) ToClientDefaultScopeMapOutputWithContext added in v3.4.1 

func (o ClientDefaultScopeMapOutput) ToClientDefaultScopeMapOutputWithContext(ctx context.Context) ClientDefaultScopeMapOutput

type ClientDefaultScopeOutput added in v3.1.1 

type ClientDefaultScopeOutput struct {
	*pulumi.OutputState
}

func (ClientDefaultScopeOutput) ElementType added in v3.1.1 

func (ClientDefaultScopeOutput) ElementType() reflect.Type

func (ClientDefaultScopeOutput) ToClientDefaultScopeOutput added in v3.1.1 

func (o ClientDefaultScopeOutput) ToClientDefaultScopeOutput() ClientDefaultScopeOutput

func (ClientDefaultScopeOutput) ToClientDefaultScopeOutputWithContext added in v3.1.1 

func (o ClientDefaultScopeOutput) ToClientDefaultScopeOutputWithContext(ctx context.Context) ClientDefaultScopeOutput

func (ClientDefaultScopeOutput) ToClientDefaultScopePtrOutput added in v3.4.1 

func (o ClientDefaultScopeOutput) ToClientDefaultScopePtrOutput() ClientDefaultScopePtrOutput

func (ClientDefaultScopeOutput) ToClientDefaultScopePtrOutputWithContext added in v3.4.1 

func (o ClientDefaultScopeOutput) ToClientDefaultScopePtrOutputWithContext(ctx context.Context) ClientDefaultScopePtrOutput

type ClientDefaultScopePtrInput added in v3.4.1 

type ClientDefaultScopePtrInput interface {
	pulumi.Input

	ToClientDefaultScopePtrOutput() ClientDefaultScopePtrOutput
	ToClientDefaultScopePtrOutputWithContext(ctx context.Context) ClientDefaultScopePtrOutput
}

type ClientDefaultScopePtrOutput added in v3.4.1 

type ClientDefaultScopePtrOutput struct {
	*pulumi.OutputState
}

func (ClientDefaultScopePtrOutput) ElementType added in v3.4.1 

func (ClientDefaultScopePtrOutput) ElementType() reflect.Type

func (ClientDefaultScopePtrOutput) ToClientDefaultScopePtrOutput added in v3.4.1 

func (o ClientDefaultScopePtrOutput) ToClientDefaultScopePtrOutput() ClientDefaultScopePtrOutput

func (ClientDefaultScopePtrOutput) ToClientDefaultScopePtrOutputWithContext added in v3.4.1 

func (o ClientDefaultScopePtrOutput) ToClientDefaultScopePtrOutputWithContext(ctx context.Context) ClientDefaultScopePtrOutput

type ClientDefaultScopeState 

type ClientDefaultScopeState struct {
	// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.
	ClientId pulumi.StringPtrInput
	// An array of client scope names to attach to this client.
	DefaultScopes pulumi.StringArrayInput
	// The realm this client and scopes exists in.
	RealmId pulumi.StringPtrInput
}

func (ClientDefaultScopeState) ElementType 

func (ClientDefaultScopeState) ElementType() reflect.Type

type ClientInput added in v3.1.1 

type ClientInput interface {
	pulumi.Input

	ToClientOutput() ClientOutput
	ToClientOutputWithContext(ctx context.Context) ClientOutput
}

type ClientMap added in v3.4.1 

type ClientMap map[string]ClientInput

func (ClientMap) ElementType added in v3.4.1 

func (ClientMap) ElementType() reflect.Type

func (ClientMap) ToClientMapOutput added in v3.4.1 

func (i ClientMap) ToClientMapOutput() ClientMapOutput

func (ClientMap) ToClientMapOutputWithContext added in v3.4.1 

func (i ClientMap) ToClientMapOutputWithContext(ctx context.Context) ClientMapOutput

type ClientMapInput added in v3.4.1 

type ClientMapInput interface {
	pulumi.Input

	ToClientMapOutput() ClientMapOutput
	ToClientMapOutputWithContext(context.Context) ClientMapOutput
}

ClientMapInput is an input type that accepts ClientMap and ClientMapOutput values. You can construct a concrete instance of `ClientMapInput` via: 

ClientMap{ "key": ClientArgs{...} }

type ClientMapOutput added in v3.4.1 

type ClientMapOutput struct{ *pulumi.OutputState }

func (ClientMapOutput) ElementType added in v3.4.1 

func (ClientMapOutput) ElementType() reflect.Type

func (ClientMapOutput) MapIndex added in v3.4.1 

func (o ClientMapOutput) MapIndex(k pulumi.StringInput) ClientOutput

func (ClientMapOutput) ToClientMapOutput added in v3.4.1 

func (o ClientMapOutput) ToClientMapOutput() ClientMapOutput

func (ClientMapOutput) ToClientMapOutputWithContext added in v3.4.1 

func (o ClientMapOutput) ToClientMapOutputWithContext(ctx context.Context) ClientMapOutput

type ClientOutput added in v3.1.1 

type ClientOutput struct {
	*pulumi.OutputState
}

func (ClientOutput) ElementType added in v3.1.1 

func (ClientOutput) ElementType() reflect.Type

func (ClientOutput) ToClientOutput added in v3.1.1 

func (o ClientOutput) ToClientOutput() ClientOutput

func (ClientOutput) ToClientOutputWithContext added in v3.1.1 

func (o ClientOutput) ToClientOutputWithContext(ctx context.Context) ClientOutput

func (ClientOutput) ToClientPtrOutput added in v3.4.1 

func (o ClientOutput) ToClientPtrOutput() ClientPtrOutput

func (ClientOutput) ToClientPtrOutputWithContext added in v3.4.1 

func (o ClientOutput) ToClientPtrOutputWithContext(ctx context.Context) ClientPtrOutput

type ClientPtrInput added in v3.4.1 

type ClientPtrInput interface {
	pulumi.Input

	ToClientPtrOutput() ClientPtrOutput
	ToClientPtrOutputWithContext(ctx context.Context) ClientPtrOutput
}

type ClientPtrOutput added in v3.4.1 

type ClientPtrOutput struct {
	*pulumi.OutputState
}

func (ClientPtrOutput) ElementType added in v3.4.1 

func (ClientPtrOutput) ElementType() reflect.Type

func (ClientPtrOutput) ToClientPtrOutput added in v3.4.1 

func (o ClientPtrOutput) ToClientPtrOutput() ClientPtrOutput

func (ClientPtrOutput) ToClientPtrOutputWithContext added in v3.4.1 

func (o ClientPtrOutput) ToClientPtrOutputWithContext(ctx context.Context) ClientPtrOutput

type ClientScope 

type ClientScope struct {
	pulumi.CustomResourceState

	// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.
	ConsentScreenText pulumi.StringPtrOutput `pulumi:"consentScreenText"`
	// The description of this client scope in the GUI.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specify order of the client scope in GUI (such as in Consent page) as integer.
	GuiOrder pulumi.IntPtrOutput `pulumi:"guiOrder"`
	// The display name of this client scope in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm this client scope belongs to.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

Allows for creating and managing Keycloak client scopes that can be attached to clients that use the SAML protocol.

Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewClientScope(ctx, "samlClientScope", &saml.ClientScopeArgs{
			RealmId:     realm.ID(),
			Description: pulumi.String("This scope will map a user's group memberships to SAML assertion"),
			GuiOrder:    pulumi.Int(1),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. Examplebash

```sh 

$ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e

```

func GetClientScope 

func GetClientScope(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ClientScopeState, opts ...pulumi.ResourceOption) (*ClientScope, error)

GetClientScope gets an existing ClientScope resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewClientScope 

func NewClientScope(ctx *pulumi.Context,
	name string, args *ClientScopeArgs, opts ...pulumi.ResourceOption) (*ClientScope, error)

NewClientScope registers a new resource with the given unique name, arguments, and options.

func (*ClientScope) ElementType added in v3.1.1 

func (*ClientScope) ElementType() reflect.Type

func (*ClientScope) ToClientScopeOutput added in v3.1.1 

func (i *ClientScope) ToClientScopeOutput() ClientScopeOutput

func (*ClientScope) ToClientScopeOutputWithContext added in v3.1.1 

func (i *ClientScope) ToClientScopeOutputWithContext(ctx context.Context) ClientScopeOutput

func (*ClientScope) ToClientScopePtrOutput added in v3.4.1 

func (i *ClientScope) ToClientScopePtrOutput() ClientScopePtrOutput

func (*ClientScope) ToClientScopePtrOutputWithContext added in v3.4.1 

func (i *ClientScope) ToClientScopePtrOutputWithContext(ctx context.Context) ClientScopePtrOutput

type ClientScopeArgs 

type ClientScopeArgs struct {
	// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.
	ConsentScreenText pulumi.StringPtrInput
	// The description of this client scope in the GUI.
	Description pulumi.StringPtrInput
	// Specify order of the client scope in GUI (such as in Consent page) as integer.
	GuiOrder pulumi.IntPtrInput
	// The display name of this client scope in the GUI.
	Name pulumi.StringPtrInput
	// The realm this client scope belongs to.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a ClientScope resource.

func (ClientScopeArgs) ElementType 

func (ClientScopeArgs) ElementType() reflect.Type

type ClientScopeArray added in v3.4.1 

type ClientScopeArray []ClientScopeInput

func (ClientScopeArray) ElementType added in v3.4.1 

func (ClientScopeArray) ElementType() reflect.Type

func (ClientScopeArray) ToClientScopeArrayOutput added in v3.4.1 

func (i ClientScopeArray) ToClientScopeArrayOutput() ClientScopeArrayOutput

func (ClientScopeArray) ToClientScopeArrayOutputWithContext added in v3.4.1 

func (i ClientScopeArray) ToClientScopeArrayOutputWithContext(ctx context.Context) ClientScopeArrayOutput

type ClientScopeArrayInput added in v3.4.1 

type ClientScopeArrayInput interface {
	pulumi.Input

	ToClientScopeArrayOutput() ClientScopeArrayOutput
	ToClientScopeArrayOutputWithContext(context.Context) ClientScopeArrayOutput
}

ClientScopeArrayInput is an input type that accepts ClientScopeArray and ClientScopeArrayOutput values. You can construct a concrete instance of `ClientScopeArrayInput` via: 

ClientScopeArray{ ClientScopeArgs{...} }

type ClientScopeArrayOutput added in v3.4.1 

type ClientScopeArrayOutput struct{ *pulumi.OutputState }

func (ClientScopeArrayOutput) ElementType added in v3.4.1 

func (ClientScopeArrayOutput) ElementType() reflect.Type

func (ClientScopeArrayOutput) Index added in v3.4.1 

func (o ClientScopeArrayOutput) Index(i pulumi.IntInput) ClientScopeOutput

func (ClientScopeArrayOutput) ToClientScopeArrayOutput added in v3.4.1 

func (o ClientScopeArrayOutput) ToClientScopeArrayOutput() ClientScopeArrayOutput

func (ClientScopeArrayOutput) ToClientScopeArrayOutputWithContext added in v3.4.1 

func (o ClientScopeArrayOutput) ToClientScopeArrayOutputWithContext(ctx context.Context) ClientScopeArrayOutput

type ClientScopeInput added in v3.1.1 

type ClientScopeInput interface {
	pulumi.Input

	ToClientScopeOutput() ClientScopeOutput
	ToClientScopeOutputWithContext(ctx context.Context) ClientScopeOutput
}

type ClientScopeMap added in v3.4.1 

type ClientScopeMap map[string]ClientScopeInput

func (ClientScopeMap) ElementType added in v3.4.1 

func (ClientScopeMap) ElementType() reflect.Type

func (ClientScopeMap) ToClientScopeMapOutput added in v3.4.1 

func (i ClientScopeMap) ToClientScopeMapOutput() ClientScopeMapOutput

func (ClientScopeMap) ToClientScopeMapOutputWithContext added in v3.4.1 

func (i ClientScopeMap) ToClientScopeMapOutputWithContext(ctx context.Context) ClientScopeMapOutput

type ClientScopeMapInput added in v3.4.1 

type ClientScopeMapInput interface {
	pulumi.Input

	ToClientScopeMapOutput() ClientScopeMapOutput
	ToClientScopeMapOutputWithContext(context.Context) ClientScopeMapOutput
}

ClientScopeMapInput is an input type that accepts ClientScopeMap and ClientScopeMapOutput values. You can construct a concrete instance of `ClientScopeMapInput` via: 

ClientScopeMap{ "key": ClientScopeArgs{...} }

type ClientScopeMapOutput added in v3.4.1 

type ClientScopeMapOutput struct{ *pulumi.OutputState }

func (ClientScopeMapOutput) ElementType added in v3.4.1 

func (ClientScopeMapOutput) ElementType() reflect.Type

func (ClientScopeMapOutput) MapIndex added in v3.4.1 

func (o ClientScopeMapOutput) MapIndex(k pulumi.StringInput) ClientScopeOutput

func (ClientScopeMapOutput) ToClientScopeMapOutput added in v3.4.1 

func (o ClientScopeMapOutput) ToClientScopeMapOutput() ClientScopeMapOutput

func (ClientScopeMapOutput) ToClientScopeMapOutputWithContext added in v3.4.1 

func (o ClientScopeMapOutput) ToClientScopeMapOutputWithContext(ctx context.Context) ClientScopeMapOutput

type ClientScopeOutput added in v3.1.1 

type ClientScopeOutput struct {
	*pulumi.OutputState
}

func (ClientScopeOutput) ElementType added in v3.1.1 

func (ClientScopeOutput) ElementType() reflect.Type

func (ClientScopeOutput) ToClientScopeOutput added in v3.1.1 

func (o ClientScopeOutput) ToClientScopeOutput() ClientScopeOutput

func (ClientScopeOutput) ToClientScopeOutputWithContext added in v3.1.1 

func (o ClientScopeOutput) ToClientScopeOutputWithContext(ctx context.Context) ClientScopeOutput

func (ClientScopeOutput) ToClientScopePtrOutput added in v3.4.1 

func (o ClientScopeOutput) ToClientScopePtrOutput() ClientScopePtrOutput

func (ClientScopeOutput) ToClientScopePtrOutputWithContext added in v3.4.1 

func (o ClientScopeOutput) ToClientScopePtrOutputWithContext(ctx context.Context) ClientScopePtrOutput

type ClientScopePtrInput added in v3.4.1 

type ClientScopePtrInput interface {
	pulumi.Input

	ToClientScopePtrOutput() ClientScopePtrOutput
	ToClientScopePtrOutputWithContext(ctx context.Context) ClientScopePtrOutput
}

type ClientScopePtrOutput added in v3.4.1 

type ClientScopePtrOutput struct {
	*pulumi.OutputState
}

func (ClientScopePtrOutput) ElementType added in v3.4.1 

func (ClientScopePtrOutput) ElementType() reflect.Type

func (ClientScopePtrOutput) ToClientScopePtrOutput added in v3.4.1 

func (o ClientScopePtrOutput) ToClientScopePtrOutput() ClientScopePtrOutput

func (ClientScopePtrOutput) ToClientScopePtrOutputWithContext added in v3.4.1 

func (o ClientScopePtrOutput) ToClientScopePtrOutputWithContext(ctx context.Context) ClientScopePtrOutput

type ClientScopeState 

type ClientScopeState struct {
	// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.
	ConsentScreenText pulumi.StringPtrInput
	// The description of this client scope in the GUI.
	Description pulumi.StringPtrInput
	// Specify order of the client scope in GUI (such as in Consent page) as integer.
	GuiOrder pulumi.IntPtrInput
	// The display name of this client scope in the GUI.
	Name pulumi.StringPtrInput
	// The realm this client scope belongs to.
	RealmId pulumi.StringPtrInput
}

func (ClientScopeState) ElementType 

func (ClientScopeState) ElementType() reflect.Type

type ClientState 

type ClientState struct {
	// SAML POST Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerPostUrl pulumi.StringPtrInput
	// SAML Redirect Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerRedirectUrl pulumi.StringPtrInput
	// Override realm authentication flow bindings
	AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput
	// When specified, this URL will be used whenever Keycloak needs to link to this client.
	BaseUrl pulumi.StringPtrInput
	// The unique ID of this client, referenced in the URI during authentication and in issued tokens.
	ClientId pulumi.StringPtrInput
	// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`.
	ClientSignatureRequired pulumi.BoolPtrInput
	// The description of this client in the GUI.
	Description pulumi.StringPtrInput
	// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key.
	EncryptAssertions pulumi.BoolPtrInput
	// If assertions for the client are encrypted, this certificate will be used for encryption.
	EncryptionCertificate pulumi.StringPtrInput
	// Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead.
	ForceNameIdFormat pulumi.BoolPtrInput
	// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding.
	ForcePostBinding pulumi.BoolPtrInput
	// When `true`, this client will require a browser redirect in order to perform a logout.
	FrontChannelLogout pulumi.BoolPtrInput
	// - Allow to include all roles mappings in the access token
	FullScopeAllowed pulumi.BoolPtrInput
	// Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
	IdpInitiatedSsoRelayState pulumi.StringPtrInput
	// URL fragment name to reference client when you want to do IDP Initiated SSO.
	IdpInitiatedSsoUrlName pulumi.StringPtrInput
	// When `true`, an `AuthnStatement` will be included in the SAML response.
	IncludeAuthnStatement pulumi.BoolPtrInput
	// SAML POST Binding URL for the client's single logout service.
	LogoutServicePostBindingUrl pulumi.StringPtrInput
	// SAML Redirect Binding URL for the client's single logout service.
	LogoutServiceRedirectBindingUrl pulumi.StringPtrInput
	// When specified, this URL will be used for all SAML requests.
	MasterSamlProcessingUrl pulumi.StringPtrInput
	// The display name of this client in the GUI.
	Name pulumi.StringPtrInput
	// Sets the Name ID format for the subject.
	NameIdFormat pulumi.StringPtrInput
	// The realm this client is attached to.
	RealmId pulumi.StringPtrInput
	// When specified, this value is prepended to all relative URLs.
	RootUrl pulumi.StringPtrInput
	// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response.
	SignAssertions pulumi.BoolPtrInput
	// When `true`, the SAML document will be signed by Keycloak using the realm's private key.
	SignDocuments pulumi.BoolPtrInput
	// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA512", or "DSA_SHA1".
	SignatureAlgorithm pulumi.StringPtrInput
	// If documents or assertions from the client are signed, this certificate will be used to verify the signature.
	SigningCertificate pulumi.StringPtrInput
	// If documents or assertions from the client are signed, this private key will be used to verify the signature.
	SigningPrivateKey pulumi.StringPtrInput
	// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
	ValidRedirectUris pulumi.StringArrayInput
}

func (ClientState) ElementType 

func (ClientState) ElementType() reflect.Type

type GetClientAuthenticationFlowBindingOverride added in v3.3.0 

type GetClientAuthenticationFlowBindingOverride struct {
	BrowserId     string `pulumi:"browserId"`
	DirectGrantId string `pulumi:"directGrantId"`
}

type GetClientAuthenticationFlowBindingOverrideArgs added in v3.3.0 

type GetClientAuthenticationFlowBindingOverrideArgs struct {
	BrowserId     pulumi.StringInput `pulumi:"browserId"`
	DirectGrantId pulumi.StringInput `pulumi:"directGrantId"`
}

func (GetClientAuthenticationFlowBindingOverrideArgs) ElementType added in v3.3.0 

func (GetClientAuthenticationFlowBindingOverrideArgs) ElementType() reflect.Type

func (GetClientAuthenticationFlowBindingOverrideArgs) ToGetClientAuthenticationFlowBindingOverrideOutput added in v3.3.0 

func (i GetClientAuthenticationFlowBindingOverrideArgs) ToGetClientAuthenticationFlowBindingOverrideOutput() GetClientAuthenticationFlowBindingOverrideOutput

func (GetClientAuthenticationFlowBindingOverrideArgs) ToGetClientAuthenticationFlowBindingOverrideOutputWithContext added in v3.3.0 

func (i GetClientAuthenticationFlowBindingOverrideArgs) ToGetClientAuthenticationFlowBindingOverrideOutputWithContext(ctx context.Context) GetClientAuthenticationFlowBindingOverrideOutput

type GetClientAuthenticationFlowBindingOverrideArray added in v3.3.0 

type GetClientAuthenticationFlowBindingOverrideArray []GetClientAuthenticationFlowBindingOverrideInput

func (GetClientAuthenticationFlowBindingOverrideArray) ElementType added in v3.3.0 

func (GetClientAuthenticationFlowBindingOverrideArray) ElementType() reflect.Type

func (GetClientAuthenticationFlowBindingOverrideArray) ToGetClientAuthenticationFlowBindingOverrideArrayOutput added in v3.3.0 

func (i GetClientAuthenticationFlowBindingOverrideArray) ToGetClientAuthenticationFlowBindingOverrideArrayOutput() GetClientAuthenticationFlowBindingOverrideArrayOutput

func (GetClientAuthenticationFlowBindingOverrideArray) ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext added in v3.3.0 

func (i GetClientAuthenticationFlowBindingOverrideArray) ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext(ctx context.Context) GetClientAuthenticationFlowBindingOverrideArrayOutput

type GetClientAuthenticationFlowBindingOverrideArrayInput added in v3.3.0 

type GetClientAuthenticationFlowBindingOverrideArrayInput interface {
	pulumi.Input

	ToGetClientAuthenticationFlowBindingOverrideArrayOutput() GetClientAuthenticationFlowBindingOverrideArrayOutput
	ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext(context.Context) GetClientAuthenticationFlowBindingOverrideArrayOutput
}

GetClientAuthenticationFlowBindingOverrideArrayInput is an input type that accepts GetClientAuthenticationFlowBindingOverrideArray and GetClientAuthenticationFlowBindingOverrideArrayOutput values. You can construct a concrete instance of `GetClientAuthenticationFlowBindingOverrideArrayInput` via: 

GetClientAuthenticationFlowBindingOverrideArray{ GetClientAuthenticationFlowBindingOverrideArgs{...} }

type GetClientAuthenticationFlowBindingOverrideArrayOutput added in v3.3.0 

type GetClientAuthenticationFlowBindingOverrideArrayOutput struct{ *pulumi.OutputState }

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) ElementType added in v3.3.0 

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) ElementType() reflect.Type

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) Index added in v3.3.0 

func (o GetClientAuthenticationFlowBindingOverrideArrayOutput) Index(i pulumi.IntInput) GetClientAuthenticationFlowBindingOverrideOutput

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) ToGetClientAuthenticationFlowBindingOverrideArrayOutput added in v3.3.0 

func (o GetClientAuthenticationFlowBindingOverrideArrayOutput) ToGetClientAuthenticationFlowBindingOverrideArrayOutput() GetClientAuthenticationFlowBindingOverrideArrayOutput

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext added in v3.3.0 

func (o GetClientAuthenticationFlowBindingOverrideArrayOutput) ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext(ctx context.Context) GetClientAuthenticationFlowBindingOverrideArrayOutput

type GetClientAuthenticationFlowBindingOverrideInput added in v3.3.0 

type GetClientAuthenticationFlowBindingOverrideInput interface {
	pulumi.Input

	ToGetClientAuthenticationFlowBindingOverrideOutput() GetClientAuthenticationFlowBindingOverrideOutput
	ToGetClientAuthenticationFlowBindingOverrideOutputWithContext(context.Context) GetClientAuthenticationFlowBindingOverrideOutput
}

GetClientAuthenticationFlowBindingOverrideInput is an input type that accepts GetClientAuthenticationFlowBindingOverrideArgs and GetClientAuthenticationFlowBindingOverrideOutput values. You can construct a concrete instance of `GetClientAuthenticationFlowBindingOverrideInput` via: 

GetClientAuthenticationFlowBindingOverrideArgs{...}

type GetClientAuthenticationFlowBindingOverrideOutput added in v3.3.0 

type GetClientAuthenticationFlowBindingOverrideOutput struct{ *pulumi.OutputState }

func (GetClientAuthenticationFlowBindingOverrideOutput) BrowserId added in v3.3.0 

func (o GetClientAuthenticationFlowBindingOverrideOutput) BrowserId() pulumi.StringOutput

func (GetClientAuthenticationFlowBindingOverrideOutput) DirectGrantId added in v3.3.0 

func (o GetClientAuthenticationFlowBindingOverrideOutput) DirectGrantId() pulumi.StringOutput

func (GetClientAuthenticationFlowBindingOverrideOutput) ElementType added in v3.3.0 

func (GetClientAuthenticationFlowBindingOverrideOutput) ElementType() reflect.Type

func (GetClientAuthenticationFlowBindingOverrideOutput) ToGetClientAuthenticationFlowBindingOverrideOutput added in v3.3.0 

func (o GetClientAuthenticationFlowBindingOverrideOutput) ToGetClientAuthenticationFlowBindingOverrideOutput() GetClientAuthenticationFlowBindingOverrideOutput

func (GetClientAuthenticationFlowBindingOverrideOutput) ToGetClientAuthenticationFlowBindingOverrideOutputWithContext added in v3.3.0 

func (o GetClientAuthenticationFlowBindingOverrideOutput) ToGetClientAuthenticationFlowBindingOverrideOutputWithContext(ctx context.Context) GetClientAuthenticationFlowBindingOverrideOutput

type GetClientInstallationProviderArgs 

type GetClientInstallationProviderArgs struct {
	// The ID of the SAML client. The `id` attribute of a `keycloakClient` resource should be used here.
	ClientId string `pulumi:"clientId"`
	// The ID of the SAML installation provider. Could be one of `saml-idp-descriptor`, `keycloak-saml`, `saml-sp-descriptor`, `keycloak-saml-subsystem`, `mod-auth-mellon`, etc.
	ProviderId string `pulumi:"providerId"`
	// The realm that the SAML client exists within.
	RealmId string `pulumi:"realmId"`
}

A collection of arguments for invoking getClientInstallationProvider.

type GetClientInstallationProviderResult 

type GetClientInstallationProviderResult struct {
	ClientId string `pulumi:"clientId"`
	// The provider-assigned unique ID for this managed resource.
	Id         string `pulumi:"id"`
	ProviderId string `pulumi:"providerId"`
	RealmId    string `pulumi:"realmId"`
	// (Computed) The returned document needed for SAML installation.
	Value string `pulumi:"value"`
}

A collection of values returned by getClientInstallationProvider.

func GetClientInstallationProvider 

func GetClientInstallationProvider(ctx *pulumi.Context, args *GetClientInstallationProviderArgs, opts ...pulumi.InvokeOption) (*GetClientInstallationProviderResult, error)

This data source can be used to retrieve Installation Provider of a SAML Client.

type IdentityProvider 

type IdentityProvider struct {
	pulumi.CustomResourceState

	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrOutput `pulumi:"addReadTokenRoleOnCreate"`
	// The unique name of identity provider.
	Alias pulumi.StringOutput `pulumi:"alias"`
	// Authenticate users by default. Defaults to `false`.
	AuthenticateByDefault pulumi.BoolPtrOutput `pulumi:"authenticateByDefault"`
	// Does the external IDP support back-channel logout ?.
	BackchannelSupported pulumi.BoolPtrOutput `pulumi:"backchannelSupported"`
	// The display name for the realm that is shown when logging in to the admin console.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// When `false`, users and clients will not be able to access this realm. Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"firstBrokerLoginFlowAlias"`
	// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
	ForceAuthn pulumi.BoolPtrOutput `pulumi:"forceAuthn"`
	// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
	HideOnLoginPage pulumi.BoolPtrOutput `pulumi:"hideOnLoginPage"`
	// Internal Identity Provider Id
	InternalId pulumi.StringOutput `pulumi:"internalId"`
	// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"`
	// Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
	NameIdPolicyFormat pulumi.StringPtrOutput `pulumi:"nameIdPolicyFormat"`
	// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingAuthnRequest pulumi.BoolPtrOutput `pulumi:"postBindingAuthnRequest"`
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingLogout pulumi.BoolPtrOutput `pulumi:"postBindingLogout"`
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
	PostBindingResponse pulumi.BoolPtrOutput `pulumi:"postBindingResponse"`
	// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
	PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"`
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringOutput `pulumi:"realm"`
	// Signing Algorithm. Defaults to empty.
	SignatureAlgorithm pulumi.StringPtrOutput `pulumi:"signatureAlgorithm"`
	// Signing Certificate.
	SigningCertificate pulumi.StringPtrOutput `pulumi:"signingCertificate"`
	// The Url that must be used to send logout requests.
	SingleLogoutServiceUrl pulumi.StringPtrOutput `pulumi:"singleLogoutServiceUrl"`
	// The Url that must be used to send authentication requests (SAML AuthnRequest).
	SingleSignOnServiceUrl pulumi.StringOutput `pulumi:"singleSignOnServiceUrl"`
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrOutput `pulumi:"storeToken"`
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"`
	// Enable/disable signature validation of SAML responses.
	ValidateSignature pulumi.BoolPtrOutput `pulumi:"validateSignature"`
	// Indicates whether this service provider expects an encrypted Assertion.
	WantAssertionsEncrypted pulumi.BoolPtrOutput `pulumi:"wantAssertionsEncrypted"`
	// Indicates whether this service provider expects a signed Assertion.
	WantAssertionsSigned pulumi.BoolPtrOutput `pulumi:"wantAssertionsSigned"`
	// Sign Key Transformer. Defaults to empty.
	XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrOutput `pulumi:"xmlSignKeyInfoKeyNameTransformer"`
}

Allows for creating and managing SAML Identity Providers within Keycloak.

SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewIdentityProvider(ctx, "realmSamlIdentityProvider", &saml.IdentityProviderArgs{
			Realm:                   realm.ID(),
			Alias:                   pulumi.String("my-saml-idp"),
			SingleSignOnServiceUrl:  pulumi.String("https://domain.com/adfs/ls/"),
			SingleLogoutServiceUrl:  pulumi.String("https://domain.com/adfs/ls/?wa=wsignout1.0"),
			BackchannelSupported:    pulumi.Bool(true),
			PostBindingResponse:     pulumi.Bool(true),
			PostBindingLogout:       pulumi.Bool(true),
			PostBindingAuthnRequest: pulumi.Bool(true),
			StoreToken:              pulumi.Bool(false),
			TrustEmail:              pulumi.Bool(true),
			ForceAuthn:              pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. Examplebash

```sh 

$ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp

```

func GetIdentityProvider 

func GetIdentityProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IdentityProviderState, opts ...pulumi.ResourceOption) (*IdentityProvider, error)

GetIdentityProvider gets an existing IdentityProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIdentityProvider 

func NewIdentityProvider(ctx *pulumi.Context,
	name string, args *IdentityProviderArgs, opts ...pulumi.ResourceOption) (*IdentityProvider, error)

NewIdentityProvider registers a new resource with the given unique name, arguments, and options.

func (*IdentityProvider) ElementType added in v3.1.1 

func (*IdentityProvider) ElementType() reflect.Type

func (*IdentityProvider) ToIdentityProviderOutput added in v3.1.1 

func (i *IdentityProvider) ToIdentityProviderOutput() IdentityProviderOutput

func (*IdentityProvider) ToIdentityProviderOutputWithContext added in v3.1.1 

func (i *IdentityProvider) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput

func (*IdentityProvider) ToIdentityProviderPtrOutput added in v3.4.1 

func (i *IdentityProvider) ToIdentityProviderPtrOutput() IdentityProviderPtrOutput

func (*IdentityProvider) ToIdentityProviderPtrOutputWithContext added in v3.4.1 

func (i *IdentityProvider) ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput

type IdentityProviderArgs 

type IdentityProviderArgs struct {
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrInput
	// The unique name of identity provider.
	Alias pulumi.StringInput
	// Authenticate users by default. Defaults to `false`.
	AuthenticateByDefault pulumi.BoolPtrInput
	// Does the external IDP support back-channel logout ?.
	BackchannelSupported pulumi.BoolPtrInput
	// The display name for the realm that is shown when logging in to the admin console.
	DisplayName pulumi.StringPtrInput
	// When `false`, users and clients will not be able to access this realm. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrInput
	// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
	ForceAuthn pulumi.BoolPtrInput
	// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
	HideOnLoginPage pulumi.BoolPtrInput
	// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrInput
	// Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
	NameIdPolicyFormat pulumi.StringPtrInput
	// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingAuthnRequest pulumi.BoolPtrInput
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingLogout pulumi.BoolPtrInput
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
	PostBindingResponse pulumi.BoolPtrInput
	// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
	PostBrokerLoginFlowAlias pulumi.StringPtrInput
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringInput
	// Signing Algorithm. Defaults to empty.
	SignatureAlgorithm pulumi.StringPtrInput
	// Signing Certificate.
	SigningCertificate pulumi.StringPtrInput
	// The Url that must be used to send logout requests.
	SingleLogoutServiceUrl pulumi.StringPtrInput
	// The Url that must be used to send authentication requests (SAML AuthnRequest).
	SingleSignOnServiceUrl pulumi.StringInput
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrInput
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrInput
	// Enable/disable signature validation of SAML responses.
	ValidateSignature pulumi.BoolPtrInput
	// Indicates whether this service provider expects an encrypted Assertion.
	WantAssertionsEncrypted pulumi.BoolPtrInput
	// Indicates whether this service provider expects a signed Assertion.
	WantAssertionsSigned pulumi.BoolPtrInput
	// Sign Key Transformer. Defaults to empty.
	XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrInput
}

The set of arguments for constructing a IdentityProvider resource.

func (IdentityProviderArgs) ElementType 

func (IdentityProviderArgs) ElementType() reflect.Type

type IdentityProviderArray added in v3.4.1 

type IdentityProviderArray []IdentityProviderInput

func (IdentityProviderArray) ElementType added in v3.4.1 

func (IdentityProviderArray) ElementType() reflect.Type

func (IdentityProviderArray) ToIdentityProviderArrayOutput added in v3.4.1 

func (i IdentityProviderArray) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput

func (IdentityProviderArray) ToIdentityProviderArrayOutputWithContext added in v3.4.1 

func (i IdentityProviderArray) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput

type IdentityProviderArrayInput added in v3.4.1 

type IdentityProviderArrayInput interface {
	pulumi.Input

	ToIdentityProviderArrayOutput() IdentityProviderArrayOutput
	ToIdentityProviderArrayOutputWithContext(context.Context) IdentityProviderArrayOutput
}

IdentityProviderArrayInput is an input type that accepts IdentityProviderArray and IdentityProviderArrayOutput values. You can construct a concrete instance of `IdentityProviderArrayInput` via: 

IdentityProviderArray{ IdentityProviderArgs{...} }

type IdentityProviderArrayOutput added in v3.4.1 

type IdentityProviderArrayOutput struct{ *pulumi.OutputState }

func (IdentityProviderArrayOutput) ElementType added in v3.4.1 

func (IdentityProviderArrayOutput) ElementType() reflect.Type

func (IdentityProviderArrayOutput) Index added in v3.4.1 

func (o IdentityProviderArrayOutput) Index(i pulumi.IntInput) IdentityProviderOutput

func (IdentityProviderArrayOutput) ToIdentityProviderArrayOutput added in v3.4.1 

func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput

func (IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext added in v3.4.1 

func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput

type IdentityProviderInput added in v3.1.1 

type IdentityProviderInput interface {
	pulumi.Input

	ToIdentityProviderOutput() IdentityProviderOutput
	ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput
}

type IdentityProviderMap added in v3.4.1 

type IdentityProviderMap map[string]IdentityProviderInput

func (IdentityProviderMap) ElementType added in v3.4.1 

func (IdentityProviderMap) ElementType() reflect.Type

func (IdentityProviderMap) ToIdentityProviderMapOutput added in v3.4.1 

func (i IdentityProviderMap) ToIdentityProviderMapOutput() IdentityProviderMapOutput

func (IdentityProviderMap) ToIdentityProviderMapOutputWithContext added in v3.4.1 

func (i IdentityProviderMap) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput

type IdentityProviderMapInput added in v3.4.1 

type IdentityProviderMapInput interface {
	pulumi.Input

	ToIdentityProviderMapOutput() IdentityProviderMapOutput
	ToIdentityProviderMapOutputWithContext(context.Context) IdentityProviderMapOutput
}

IdentityProviderMapInput is an input type that accepts IdentityProviderMap and IdentityProviderMapOutput values. You can construct a concrete instance of `IdentityProviderMapInput` via: 

IdentityProviderMap{ "key": IdentityProviderArgs{...} }

type IdentityProviderMapOutput added in v3.4.1 

type IdentityProviderMapOutput struct{ *pulumi.OutputState }

func (IdentityProviderMapOutput) ElementType added in v3.4.1 

func (IdentityProviderMapOutput) ElementType() reflect.Type

func (IdentityProviderMapOutput) MapIndex added in v3.4.1 

func (o IdentityProviderMapOutput) MapIndex(k pulumi.StringInput) IdentityProviderOutput

func (IdentityProviderMapOutput) ToIdentityProviderMapOutput added in v3.4.1 

func (o IdentityProviderMapOutput) ToIdentityProviderMapOutput() IdentityProviderMapOutput

func (IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext added in v3.4.1 

func (o IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput

type IdentityProviderOutput added in v3.1.1 

type IdentityProviderOutput struct {
	*pulumi.OutputState
}

func (IdentityProviderOutput) ElementType added in v3.1.1 

func (IdentityProviderOutput) ElementType() reflect.Type

func (IdentityProviderOutput) ToIdentityProviderOutput added in v3.1.1 

func (o IdentityProviderOutput) ToIdentityProviderOutput() IdentityProviderOutput

func (IdentityProviderOutput) ToIdentityProviderOutputWithContext added in v3.1.1 

func (o IdentityProviderOutput) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput

func (IdentityProviderOutput) ToIdentityProviderPtrOutput added in v3.4.1 

func (o IdentityProviderOutput) ToIdentityProviderPtrOutput() IdentityProviderPtrOutput

func (IdentityProviderOutput) ToIdentityProviderPtrOutputWithContext added in v3.4.1 

func (o IdentityProviderOutput) ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput

type IdentityProviderPtrInput added in v3.4.1 

type IdentityProviderPtrInput interface {
	pulumi.Input

	ToIdentityProviderPtrOutput() IdentityProviderPtrOutput
	ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput
}

type IdentityProviderPtrOutput added in v3.4.1 

type IdentityProviderPtrOutput struct {
	*pulumi.OutputState
}

func (IdentityProviderPtrOutput) ElementType added in v3.4.1 

func (IdentityProviderPtrOutput) ElementType() reflect.Type

func (IdentityProviderPtrOutput) ToIdentityProviderPtrOutput added in v3.4.1 

func (o IdentityProviderPtrOutput) ToIdentityProviderPtrOutput() IdentityProviderPtrOutput

func (IdentityProviderPtrOutput) ToIdentityProviderPtrOutputWithContext added in v3.4.1 

func (o IdentityProviderPtrOutput) ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput

type IdentityProviderState 

type IdentityProviderState struct {
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrInput
	// The unique name of identity provider.
	Alias pulumi.StringPtrInput
	// Authenticate users by default. Defaults to `false`.
	AuthenticateByDefault pulumi.BoolPtrInput
	// Does the external IDP support back-channel logout ?.
	BackchannelSupported pulumi.BoolPtrInput
	// The display name for the realm that is shown when logging in to the admin console.
	DisplayName pulumi.StringPtrInput
	// When `false`, users and clients will not be able to access this realm. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrInput
	// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
	ForceAuthn pulumi.BoolPtrInput
	// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
	HideOnLoginPage pulumi.BoolPtrInput
	// Internal Identity Provider Id
	InternalId pulumi.StringPtrInput
	// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrInput
	// Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
	NameIdPolicyFormat pulumi.StringPtrInput
	// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingAuthnRequest pulumi.BoolPtrInput
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingLogout pulumi.BoolPtrInput
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
	PostBindingResponse pulumi.BoolPtrInput
	// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
	PostBrokerLoginFlowAlias pulumi.StringPtrInput
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringPtrInput
	// Signing Algorithm. Defaults to empty.
	SignatureAlgorithm pulumi.StringPtrInput
	// Signing Certificate.
	SigningCertificate pulumi.StringPtrInput
	// The Url that must be used to send logout requests.
	SingleLogoutServiceUrl pulumi.StringPtrInput
	// The Url that must be used to send authentication requests (SAML AuthnRequest).
	SingleSignOnServiceUrl pulumi.StringPtrInput
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrInput
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrInput
	// Enable/disable signature validation of SAML responses.
	ValidateSignature pulumi.BoolPtrInput
	// Indicates whether this service provider expects an encrypted Assertion.
	WantAssertionsEncrypted pulumi.BoolPtrInput
	// Indicates whether this service provider expects a signed Assertion.
	WantAssertionsSigned pulumi.BoolPtrInput
	// Sign Key Transformer. Defaults to empty.
	XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrInput
}

func (IdentityProviderState) ElementType 

func (IdentityProviderState) ElementType() reflect.Type

type LookupClientArgs added in v3.3.0 

type LookupClientArgs struct {
	// The client id (not its unique ID).
	ClientId string `pulumi:"clientId"`
	// The realm id.
	RealmId string `pulumi:"realmId"`
}

A collection of arguments for invoking getClient.

type LookupClientResult added in v3.3.0 

type LookupClientResult struct {
	AssertionConsumerPostUrl           string                                       `pulumi:"assertionConsumerPostUrl"`
	AssertionConsumerRedirectUrl       string                                       `pulumi:"assertionConsumerRedirectUrl"`
	AuthenticationFlowBindingOverrides []GetClientAuthenticationFlowBindingOverride `pulumi:"authenticationFlowBindingOverrides"`
	BaseUrl                            string                                       `pulumi:"baseUrl"`
	ClientId                           string                                       `pulumi:"clientId"`
	ClientSignatureRequired            bool                                         `pulumi:"clientSignatureRequired"`
	Description                        string                                       `pulumi:"description"`
	Enabled                            bool                                         `pulumi:"enabled"`
	EncryptAssertions                  bool                                         `pulumi:"encryptAssertions"`
	EncryptionCertificate              string                                       `pulumi:"encryptionCertificate"`
	ForceNameIdFormat                  bool                                         `pulumi:"forceNameIdFormat"`
	ForcePostBinding                   bool                                         `pulumi:"forcePostBinding"`
	FrontChannelLogout                 bool                                         `pulumi:"frontChannelLogout"`
	FullScopeAllowed                   bool                                         `pulumi:"fullScopeAllowed"`
	// The provider-assigned unique ID for this managed resource.
	Id                              string   `pulumi:"id"`
	IdpInitiatedSsoRelayState       string   `pulumi:"idpInitiatedSsoRelayState"`
	IdpInitiatedSsoUrlName          string   `pulumi:"idpInitiatedSsoUrlName"`
	IncludeAuthnStatement           bool     `pulumi:"includeAuthnStatement"`
	LogoutServicePostBindingUrl     string   `pulumi:"logoutServicePostBindingUrl"`
	LogoutServiceRedirectBindingUrl string   `pulumi:"logoutServiceRedirectBindingUrl"`
	MasterSamlProcessingUrl         string   `pulumi:"masterSamlProcessingUrl"`
	Name                            string   `pulumi:"name"`
	NameIdFormat                    string   `pulumi:"nameIdFormat"`
	RealmId                         string   `pulumi:"realmId"`
	RootUrl                         string   `pulumi:"rootUrl"`
	SignAssertions                  bool     `pulumi:"signAssertions"`
	SignDocuments                   bool     `pulumi:"signDocuments"`
	SignatureAlgorithm              string   `pulumi:"signatureAlgorithm"`
	SigningCertificate              string   `pulumi:"signingCertificate"`
	SigningPrivateKey               string   `pulumi:"signingPrivateKey"`
	ValidRedirectUris               []string `pulumi:"validRedirectUris"`
}

A collection of values returned by getClient.

func LookupClient added in v3.3.0 

func LookupClient(ctx *pulumi.Context, args *LookupClientArgs, opts ...pulumi.InvokeOption) (*LookupClientResult, error)

This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realmManagement, err := saml.LookupClient(ctx, &saml.LookupClientArgs{
			RealmId:  "my-realm",
			ClientId: "realm-management",
		}, nil)
		if err != nil {
			return err
		}
		opt0 := realmManagement.Id
		_, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{
			RealmId:  "my-realm",
			ClientId: &opt0,
			Name:     "realm-admin",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type UserAttributeProtocolMapper 

type UserAttributeProtocolMapper struct {
	pulumi.CustomResourceState

	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"`
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"`
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"`
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"`
	// The custom user attribute to map.
	UserAttribute pulumi.StringOutput `pulumi:"userAttribute"`
}

Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak.

SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute in a SAML assertion.

Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{
			RealmId:  pulumi.Any(keycloak_realm.Test.Id),
			ClientId: pulumi.String("saml-client"),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewUserAttributeProtocolMapper(ctx, "samlUserAttributeMapper", &saml.UserAttributeProtocolMapperArgs{
			RealmId:                 pulumi.Any(keycloak_realm.Test.Id),
			ClientId:                samlClient.ID(),
			UserAttribute:           pulumi.String("displayName"),
			SamlAttributeName:       pulumi.String("displayName"),
			SamlAttributeNameFormat: pulumi.String("Unspecified"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Protocol mappers can be imported using one of the following formats- Client`{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - Client Scope`{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` Examplebash

```sh 

$ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4

```

```sh 

$ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4

```

func GetUserAttributeProtocolMapper 

func GetUserAttributeProtocolMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserAttributeProtocolMapperState, opts ...pulumi.ResourceOption) (*UserAttributeProtocolMapper, error)

GetUserAttributeProtocolMapper gets an existing UserAttributeProtocolMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserAttributeProtocolMapper 

func NewUserAttributeProtocolMapper(ctx *pulumi.Context,
	name string, args *UserAttributeProtocolMapperArgs, opts ...pulumi.ResourceOption) (*UserAttributeProtocolMapper, error)

NewUserAttributeProtocolMapper registers a new resource with the given unique name, arguments, and options.

func (*UserAttributeProtocolMapper) ElementType added in v3.1.1 

func (*UserAttributeProtocolMapper) ElementType() reflect.Type

func (*UserAttributeProtocolMapper) ToUserAttributeProtocolMapperOutput added in v3.1.1 

func (i *UserAttributeProtocolMapper) ToUserAttributeProtocolMapperOutput() UserAttributeProtocolMapperOutput

func (*UserAttributeProtocolMapper) ToUserAttributeProtocolMapperOutputWithContext added in v3.1.1 

func (i *UserAttributeProtocolMapper) ToUserAttributeProtocolMapperOutputWithContext(ctx context.Context) UserAttributeProtocolMapperOutput

func (*UserAttributeProtocolMapper) ToUserAttributeProtocolMapperPtrOutput added in v3.4.1 

func (i *UserAttributeProtocolMapper) ToUserAttributeProtocolMapperPtrOutput() UserAttributeProtocolMapperPtrOutput

func (*UserAttributeProtocolMapper) ToUserAttributeProtocolMapperPtrOutputWithContext added in v3.4.1 

func (i *UserAttributeProtocolMapper) ToUserAttributeProtocolMapperPtrOutputWithContext(ctx context.Context) UserAttributeProtocolMapperPtrOutput

type UserAttributeProtocolMapperArgs 

type UserAttributeProtocolMapperArgs struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringInput
	// The custom user attribute to map.
	UserAttribute pulumi.StringInput
}

The set of arguments for constructing a UserAttributeProtocolMapper resource.

func (UserAttributeProtocolMapperArgs) ElementType 

func (UserAttributeProtocolMapperArgs) ElementType() reflect.Type

type UserAttributeProtocolMapperArray added in v3.4.1 

type UserAttributeProtocolMapperArray []UserAttributeProtocolMapperInput

func (UserAttributeProtocolMapperArray) ElementType added in v3.4.1 

func (UserAttributeProtocolMapperArray) ElementType() reflect.Type

func (UserAttributeProtocolMapperArray) ToUserAttributeProtocolMapperArrayOutput added in v3.4.1 

func (i UserAttributeProtocolMapperArray) ToUserAttributeProtocolMapperArrayOutput() UserAttributeProtocolMapperArrayOutput

func (UserAttributeProtocolMapperArray) ToUserAttributeProtocolMapperArrayOutputWithContext added in v3.4.1 

func (i UserAttributeProtocolMapperArray) ToUserAttributeProtocolMapperArrayOutputWithContext(ctx context.Context) UserAttributeProtocolMapperArrayOutput

type UserAttributeProtocolMapperArrayInput added in v3.4.1 

type UserAttributeProtocolMapperArrayInput interface {
	pulumi.Input

	ToUserAttributeProtocolMapperArrayOutput() UserAttributeProtocolMapperArrayOutput
	ToUserAttributeProtocolMapperArrayOutputWithContext(context.Context) UserAttributeProtocolMapperArrayOutput
}

UserAttributeProtocolMapperArrayInput is an input type that accepts UserAttributeProtocolMapperArray and UserAttributeProtocolMapperArrayOutput values. You can construct a concrete instance of `UserAttributeProtocolMapperArrayInput` via: 

UserAttributeProtocolMapperArray{ UserAttributeProtocolMapperArgs{...} }

type UserAttributeProtocolMapperArrayOutput added in v3.4.1 

type UserAttributeProtocolMapperArrayOutput struct{ *pulumi.OutputState }

func (UserAttributeProtocolMapperArrayOutput) ElementType added in v3.4.1 

func (UserAttributeProtocolMapperArrayOutput) ElementType() reflect.Type

func (UserAttributeProtocolMapperArrayOutput) Index added in v3.4.1 

func (o UserAttributeProtocolMapperArrayOutput) Index(i pulumi.IntInput) UserAttributeProtocolMapperOutput

func (UserAttributeProtocolMapperArrayOutput) ToUserAttributeProtocolMapperArrayOutput added in v3.4.1 

func (o UserAttributeProtocolMapperArrayOutput) ToUserAttributeProtocolMapperArrayOutput() UserAttributeProtocolMapperArrayOutput

func (UserAttributeProtocolMapperArrayOutput) ToUserAttributeProtocolMapperArrayOutputWithContext added in v3.4.1 

func (o UserAttributeProtocolMapperArrayOutput) ToUserAttributeProtocolMapperArrayOutputWithContext(ctx context.Context) UserAttributeProtocolMapperArrayOutput

type UserAttributeProtocolMapperInput added in v3.1.1 

type UserAttributeProtocolMapperInput interface {
	pulumi.Input

	ToUserAttributeProtocolMapperOutput() UserAttributeProtocolMapperOutput
	ToUserAttributeProtocolMapperOutputWithContext(ctx context.Context) UserAttributeProtocolMapperOutput
}

type UserAttributeProtocolMapperMap added in v3.4.1 

type UserAttributeProtocolMapperMap map[string]UserAttributeProtocolMapperInput

func (UserAttributeProtocolMapperMap) ElementType added in v3.4.1 

func (UserAttributeProtocolMapperMap) ElementType() reflect.Type

func (UserAttributeProtocolMapperMap) ToUserAttributeProtocolMapperMapOutput added in v3.4.1 

func (i UserAttributeProtocolMapperMap) ToUserAttributeProtocolMapperMapOutput() UserAttributeProtocolMapperMapOutput

func (UserAttributeProtocolMapperMap) ToUserAttributeProtocolMapperMapOutputWithContext added in v3.4.1 

func (i UserAttributeProtocolMapperMap) ToUserAttributeProtocolMapperMapOutputWithContext(ctx context.Context) UserAttributeProtocolMapperMapOutput

type UserAttributeProtocolMapperMapInput added in v3.4.1 

type UserAttributeProtocolMapperMapInput interface {
	pulumi.Input

	ToUserAttributeProtocolMapperMapOutput() UserAttributeProtocolMapperMapOutput
	ToUserAttributeProtocolMapperMapOutputWithContext(context.Context) UserAttributeProtocolMapperMapOutput
}

UserAttributeProtocolMapperMapInput is an input type that accepts UserAttributeProtocolMapperMap and UserAttributeProtocolMapperMapOutput values. You can construct a concrete instance of `UserAttributeProtocolMapperMapInput` via: 

UserAttributeProtocolMapperMap{ "key": UserAttributeProtocolMapperArgs{...} }

type UserAttributeProtocolMapperMapOutput added in v3.4.1 

type UserAttributeProtocolMapperMapOutput struct{ *pulumi.OutputState }

func (UserAttributeProtocolMapperMapOutput) ElementType added in v3.4.1 

func (UserAttributeProtocolMapperMapOutput) ElementType() reflect.Type

func (UserAttributeProtocolMapperMapOutput) MapIndex added in v3.4.1 

func (o UserAttributeProtocolMapperMapOutput) MapIndex(k pulumi.StringInput) UserAttributeProtocolMapperOutput

func (UserAttributeProtocolMapperMapOutput) ToUserAttributeProtocolMapperMapOutput added in v3.4.1 

func (o UserAttributeProtocolMapperMapOutput) ToUserAttributeProtocolMapperMapOutput() UserAttributeProtocolMapperMapOutput

func (UserAttributeProtocolMapperMapOutput) ToUserAttributeProtocolMapperMapOutputWithContext added in v3.4.1 

func (o UserAttributeProtocolMapperMapOutput) ToUserAttributeProtocolMapperMapOutputWithContext(ctx context.Context) UserAttributeProtocolMapperMapOutput

type UserAttributeProtocolMapperOutput added in v3.1.1 

type UserAttributeProtocolMapperOutput struct {
	*pulumi.OutputState
}

func (UserAttributeProtocolMapperOutput) ElementType added in v3.1.1 

func (UserAttributeProtocolMapperOutput) ElementType() reflect.Type

func (UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutput added in v3.1.1 

func (o UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutput() UserAttributeProtocolMapperOutput

func (UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutputWithContext added in v3.1.1 

func (o UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutputWithContext(ctx context.Context) UserAttributeProtocolMapperOutput

func (UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperPtrOutput added in v3.4.1 

func (o UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperPtrOutput() UserAttributeProtocolMapperPtrOutput

func (UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperPtrOutputWithContext added in v3.4.1 

func (o UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperPtrOutputWithContext(ctx context.Context) UserAttributeProtocolMapperPtrOutput

type UserAttributeProtocolMapperPtrInput added in v3.4.1 

type UserAttributeProtocolMapperPtrInput interface {
	pulumi.Input

	ToUserAttributeProtocolMapperPtrOutput() UserAttributeProtocolMapperPtrOutput
	ToUserAttributeProtocolMapperPtrOutputWithContext(ctx context.Context) UserAttributeProtocolMapperPtrOutput
}

type UserAttributeProtocolMapperPtrOutput added in v3.4.1 

type UserAttributeProtocolMapperPtrOutput struct {
	*pulumi.OutputState
}

func (UserAttributeProtocolMapperPtrOutput) ElementType added in v3.4.1 

func (UserAttributeProtocolMapperPtrOutput) ElementType() reflect.Type

func (UserAttributeProtocolMapperPtrOutput) ToUserAttributeProtocolMapperPtrOutput added in v3.4.1 

func (o UserAttributeProtocolMapperPtrOutput) ToUserAttributeProtocolMapperPtrOutput() UserAttributeProtocolMapperPtrOutput

func (UserAttributeProtocolMapperPtrOutput) ToUserAttributeProtocolMapperPtrOutputWithContext added in v3.4.1 

func (o UserAttributeProtocolMapperPtrOutput) ToUserAttributeProtocolMapperPtrOutputWithContext(ctx context.Context) UserAttributeProtocolMapperPtrOutput

type UserAttributeProtocolMapperState 

type UserAttributeProtocolMapperState struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringPtrInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringPtrInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringPtrInput
	// The custom user attribute to map.
	UserAttribute pulumi.StringPtrInput
}

func (UserAttributeProtocolMapperState) ElementType 

func (UserAttributeProtocolMapperState) ElementType() reflect.Type

type UserPropertyProtocolMapper 

type UserPropertyProtocolMapper struct {
	pulumi.CustomResourceState

	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"`
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"`
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"`
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"`
	// The property of the Keycloak user model to map.
	UserProperty pulumi.StringOutput `pulumi:"userProperty"`
}

Allows for creating and managing user property protocol mappers for SAML clients within Keycloak.

SAML user property protocol mappers allow you to map properties of the Keycloak user model to an attribute in a SAML assertion.

Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{
			RealmId:  pulumi.Any(keycloak_realm.Test.Id),
			ClientId: pulumi.String("saml-client"),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewUserPropertyProtocolMapper(ctx, "samlUserPropertyMapper", &saml.UserPropertyProtocolMapperArgs{
			RealmId:                 pulumi.Any(keycloak_realm.Test.Id),
			ClientId:                samlClient.ID(),
			UserProperty:            pulumi.String("email"),
			SamlAttributeName:       pulumi.String("email"),
			SamlAttributeNameFormat: pulumi.String("Unspecified"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Protocol mappers can be imported using one of the following formats- Client`{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}` - Client Scope`{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}` Examplebash

```sh 

$ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4

```

```sh 

$ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4

```

func GetUserPropertyProtocolMapper 

func GetUserPropertyProtocolMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserPropertyProtocolMapperState, opts ...pulumi.ResourceOption) (*UserPropertyProtocolMapper, error)

GetUserPropertyProtocolMapper gets an existing UserPropertyProtocolMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserPropertyProtocolMapper 

func NewUserPropertyProtocolMapper(ctx *pulumi.Context,
	name string, args *UserPropertyProtocolMapperArgs, opts ...pulumi.ResourceOption) (*UserPropertyProtocolMapper, error)

NewUserPropertyProtocolMapper registers a new resource with the given unique name, arguments, and options.

func (*UserPropertyProtocolMapper) ElementType added in v3.1.1 

func (*UserPropertyProtocolMapper) ElementType() reflect.Type

func (*UserPropertyProtocolMapper) ToUserPropertyProtocolMapperOutput added in v3.1.1 

func (i *UserPropertyProtocolMapper) ToUserPropertyProtocolMapperOutput() UserPropertyProtocolMapperOutput

func (*UserPropertyProtocolMapper) ToUserPropertyProtocolMapperOutputWithContext added in v3.1.1 

func (i *UserPropertyProtocolMapper) ToUserPropertyProtocolMapperOutputWithContext(ctx context.Context) UserPropertyProtocolMapperOutput

func (*UserPropertyProtocolMapper) ToUserPropertyProtocolMapperPtrOutput added in v3.4.1 

func (i *UserPropertyProtocolMapper) ToUserPropertyProtocolMapperPtrOutput() UserPropertyProtocolMapperPtrOutput

func (*UserPropertyProtocolMapper) ToUserPropertyProtocolMapperPtrOutputWithContext added in v3.4.1 

func (i *UserPropertyProtocolMapper) ToUserPropertyProtocolMapperPtrOutputWithContext(ctx context.Context) UserPropertyProtocolMapperPtrOutput

type UserPropertyProtocolMapperArgs 

type UserPropertyProtocolMapperArgs struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringInput
	// The property of the Keycloak user model to map.
	UserProperty pulumi.StringInput
}

The set of arguments for constructing a UserPropertyProtocolMapper resource.

func (UserPropertyProtocolMapperArgs) ElementType 

func (UserPropertyProtocolMapperArgs) ElementType() reflect.Type

type UserPropertyProtocolMapperArray added in v3.4.1 

type UserPropertyProtocolMapperArray []UserPropertyProtocolMapperInput

func (UserPropertyProtocolMapperArray) ElementType added in v3.4.1 

func (UserPropertyProtocolMapperArray) ElementType() reflect.Type

func (UserPropertyProtocolMapperArray) ToUserPropertyProtocolMapperArrayOutput added in v3.4.1 

func (i UserPropertyProtocolMapperArray) ToUserPropertyProtocolMapperArrayOutput() UserPropertyProtocolMapperArrayOutput

func (UserPropertyProtocolMapperArray) ToUserPropertyProtocolMapperArrayOutputWithContext added in v3.4.1 

func (i UserPropertyProtocolMapperArray) ToUserPropertyProtocolMapperArrayOutputWithContext(ctx context.Context) UserPropertyProtocolMapperArrayOutput

type UserPropertyProtocolMapperArrayInput added in v3.4.1 

type UserPropertyProtocolMapperArrayInput interface {
	pulumi.Input

	ToUserPropertyProtocolMapperArrayOutput() UserPropertyProtocolMapperArrayOutput
	ToUserPropertyProtocolMapperArrayOutputWithContext(context.Context) UserPropertyProtocolMapperArrayOutput
}

UserPropertyProtocolMapperArrayInput is an input type that accepts UserPropertyProtocolMapperArray and UserPropertyProtocolMapperArrayOutput values. You can construct a concrete instance of `UserPropertyProtocolMapperArrayInput` via: 

UserPropertyProtocolMapperArray{ UserPropertyProtocolMapperArgs{...} }

type UserPropertyProtocolMapperArrayOutput added in v3.4.1 

type UserPropertyProtocolMapperArrayOutput struct{ *pulumi.OutputState }

func (UserPropertyProtocolMapperArrayOutput) ElementType added in v3.4.1 

func (UserPropertyProtocolMapperArrayOutput) ElementType() reflect.Type

func (UserPropertyProtocolMapperArrayOutput) Index added in v3.4.1 

func (o UserPropertyProtocolMapperArrayOutput) Index(i pulumi.IntInput) UserPropertyProtocolMapperOutput

func (UserPropertyProtocolMapperArrayOutput) ToUserPropertyProtocolMapperArrayOutput added in v3.4.1 

func (o UserPropertyProtocolMapperArrayOutput) ToUserPropertyProtocolMapperArrayOutput() UserPropertyProtocolMapperArrayOutput

func (UserPropertyProtocolMapperArrayOutput) ToUserPropertyProtocolMapperArrayOutputWithContext added in v3.4.1 

func (o UserPropertyProtocolMapperArrayOutput) ToUserPropertyProtocolMapperArrayOutputWithContext(ctx context.Context) UserPropertyProtocolMapperArrayOutput

type UserPropertyProtocolMapperInput added in v3.1.1 

type UserPropertyProtocolMapperInput interface {
	pulumi.Input

	ToUserPropertyProtocolMapperOutput() UserPropertyProtocolMapperOutput
	ToUserPropertyProtocolMapperOutputWithContext(ctx context.Context) UserPropertyProtocolMapperOutput
}

type UserPropertyProtocolMapperMap added in v3.4.1 

type UserPropertyProtocolMapperMap map[string]UserPropertyProtocolMapperInput

func (UserPropertyProtocolMapperMap) ElementType added in v3.4.1 

func (UserPropertyProtocolMapperMap) ElementType() reflect.Type

func (UserPropertyProtocolMapperMap) ToUserPropertyProtocolMapperMapOutput added in v3.4.1 

func (i UserPropertyProtocolMapperMap) ToUserPropertyProtocolMapperMapOutput() UserPropertyProtocolMapperMapOutput

func (UserPropertyProtocolMapperMap) ToUserPropertyProtocolMapperMapOutputWithContext added in v3.4.1 

func (i UserPropertyProtocolMapperMap) ToUserPropertyProtocolMapperMapOutputWithContext(ctx context.Context) UserPropertyProtocolMapperMapOutput

type UserPropertyProtocolMapperMapInput added in v3.4.1 

type UserPropertyProtocolMapperMapInput interface {
	pulumi.Input

	ToUserPropertyProtocolMapperMapOutput() UserPropertyProtocolMapperMapOutput
	ToUserPropertyProtocolMapperMapOutputWithContext(context.Context) UserPropertyProtocolMapperMapOutput
}

UserPropertyProtocolMapperMapInput is an input type that accepts UserPropertyProtocolMapperMap and UserPropertyProtocolMapperMapOutput values. You can construct a concrete instance of `UserPropertyProtocolMapperMapInput` via: 

UserPropertyProtocolMapperMap{ "key": UserPropertyProtocolMapperArgs{...} }

type UserPropertyProtocolMapperMapOutput added in v3.4.1 

type UserPropertyProtocolMapperMapOutput struct{ *pulumi.OutputState }

func (UserPropertyProtocolMapperMapOutput) ElementType added in v3.4.1 

func (UserPropertyProtocolMapperMapOutput) ElementType() reflect.Type

func (UserPropertyProtocolMapperMapOutput) MapIndex added in v3.4.1 

func (o UserPropertyProtocolMapperMapOutput) MapIndex(k pulumi.StringInput) UserPropertyProtocolMapperOutput

func (UserPropertyProtocolMapperMapOutput) ToUserPropertyProtocolMapperMapOutput added in v3.4.1 

func (o UserPropertyProtocolMapperMapOutput) ToUserPropertyProtocolMapperMapOutput() UserPropertyProtocolMapperMapOutput

func (UserPropertyProtocolMapperMapOutput) ToUserPropertyProtocolMapperMapOutputWithContext added in v3.4.1 

func (o UserPropertyProtocolMapperMapOutput) ToUserPropertyProtocolMapperMapOutputWithContext(ctx context.Context) UserPropertyProtocolMapperMapOutput

type UserPropertyProtocolMapperOutput added in v3.1.1 

type UserPropertyProtocolMapperOutput struct {
	*pulumi.OutputState
}

func (UserPropertyProtocolMapperOutput) ElementType added in v3.1.1 

func (UserPropertyProtocolMapperOutput) ElementType() reflect.Type

func (UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutput added in v3.1.1 

func (o UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutput() UserPropertyProtocolMapperOutput

func (UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutputWithContext added in v3.1.1 

func (o UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutputWithContext(ctx context.Context) UserPropertyProtocolMapperOutput

func (UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperPtrOutput added in v3.4.1 

func (o UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperPtrOutput() UserPropertyProtocolMapperPtrOutput

func (UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperPtrOutputWithContext added in v3.4.1 

func (o UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperPtrOutputWithContext(ctx context.Context) UserPropertyProtocolMapperPtrOutput

type UserPropertyProtocolMapperPtrInput added in v3.4.1 

type UserPropertyProtocolMapperPtrInput interface {
	pulumi.Input

	ToUserPropertyProtocolMapperPtrOutput() UserPropertyProtocolMapperPtrOutput
	ToUserPropertyProtocolMapperPtrOutputWithContext(ctx context.Context) UserPropertyProtocolMapperPtrOutput
}

type UserPropertyProtocolMapperPtrOutput added in v3.4.1 

type UserPropertyProtocolMapperPtrOutput struct {
	*pulumi.OutputState
}

func (UserPropertyProtocolMapperPtrOutput) ElementType added in v3.4.1 

func (UserPropertyProtocolMapperPtrOutput) ElementType() reflect.Type

func (UserPropertyProtocolMapperPtrOutput) ToUserPropertyProtocolMapperPtrOutput added in v3.4.1 

func (o UserPropertyProtocolMapperPtrOutput) ToUserPropertyProtocolMapperPtrOutput() UserPropertyProtocolMapperPtrOutput

func (UserPropertyProtocolMapperPtrOutput) ToUserPropertyProtocolMapperPtrOutputWithContext added in v3.4.1 

func (o UserPropertyProtocolMapperPtrOutput) ToUserPropertyProtocolMapperPtrOutputWithContext(ctx context.Context) UserPropertyProtocolMapperPtrOutput

type UserPropertyProtocolMapperState 

type UserPropertyProtocolMapperState struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringPtrInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringPtrInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringPtrInput
	// The property of the Keycloak user model to map.
	UserProperty pulumi.StringPtrInput
}

func (UserPropertyProtocolMapperState) ElementType 

func (UserPropertyProtocolMapperState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.