saml

package
v5.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	pulumi.CustomResourceState

	// SAML POST Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerPostUrl pulumi.StringPtrOutput `pulumi:"assertionConsumerPostUrl"`
	// SAML Redirect Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerRedirectUrl pulumi.StringPtrOutput `pulumi:"assertionConsumerRedirectUrl"`
	// Override realm authentication flow bindings
	AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrOutput `pulumi:"authenticationFlowBindingOverrides"`
	// When specified, this URL will be used whenever Keycloak needs to link to this client.
	BaseUrl pulumi.StringPtrOutput `pulumi:"baseUrl"`
	// The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE".
	CanonicalizationMethod pulumi.StringPtrOutput `pulumi:"canonicalizationMethod"`
	// The unique ID of this client, referenced in the URI during authentication and in issued tokens.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`.
	ClientSignatureRequired pulumi.BoolPtrOutput `pulumi:"clientSignatureRequired"`
	// The description of this client in the GUI.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.
	EncryptAssertions pulumi.BoolPtrOutput `pulumi:"encryptAssertions"`
	// If assertions for the client are encrypted, this certificate will be used for encryption.
	EncryptionCertificate pulumi.StringOutput `pulumi:"encryptionCertificate"`
	// (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.
	EncryptionCertificateSha1 pulumi.StringOutput    `pulumi:"encryptionCertificateSha1"`
	ExtraConfig               pulumi.StringMapOutput `pulumi:"extraConfig"`
	// Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`.
	ForceNameIdFormat pulumi.BoolPtrOutput `pulumi:"forceNameIdFormat"`
	// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.
	ForcePostBinding pulumi.BoolPtrOutput `pulumi:"forcePostBinding"`
	// When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.
	FrontChannelLogout pulumi.BoolPtrOutput `pulumi:"frontChannelLogout"`
	// Allow to include all roles mappings in the access token
	FullScopeAllowed pulumi.BoolPtrOutput `pulumi:"fullScopeAllowed"`
	// Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
	IdpInitiatedSsoRelayState pulumi.StringPtrOutput `pulumi:"idpInitiatedSsoRelayState"`
	// URL fragment name to reference client when you want to do IDP Initiated SSO.
	IdpInitiatedSsoUrlName pulumi.StringPtrOutput `pulumi:"idpInitiatedSsoUrlName"`
	// When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.
	IncludeAuthnStatement pulumi.BoolPtrOutput `pulumi:"includeAuthnStatement"`
	// The login theme of this client.
	LoginTheme pulumi.StringPtrOutput `pulumi:"loginTheme"`
	// SAML POST Binding URL for the client's single logout service.
	LogoutServicePostBindingUrl pulumi.StringPtrOutput `pulumi:"logoutServicePostBindingUrl"`
	// SAML Redirect Binding URL for the client's single logout service.
	LogoutServiceRedirectBindingUrl pulumi.StringPtrOutput `pulumi:"logoutServiceRedirectBindingUrl"`
	// When specified, this URL will be used for all SAML requests.
	MasterSamlProcessingUrl pulumi.StringPtrOutput `pulumi:"masterSamlProcessingUrl"`
	// The display name of this client in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// Sets the Name ID format for the subject.
	NameIdFormat pulumi.StringOutput `pulumi:"nameIdFormat"`
	// The realm this client is attached to.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// When specified, this value is prepended to all relative URLs.
	RootUrl pulumi.StringPtrOutput `pulumi:"rootUrl"`
	// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.
	SignAssertions pulumi.BoolPtrOutput `pulumi:"signAssertions"`
	// When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.
	SignDocuments pulumi.BoolPtrOutput `pulumi:"signDocuments"`
	// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1".
	SignatureAlgorithm pulumi.StringPtrOutput `pulumi:"signatureAlgorithm"`
	// The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID".
	SignatureKeyName pulumi.StringPtrOutput `pulumi:"signatureKeyName"`
	// If documents or assertions from the client are signed, this certificate will be used to verify the signature.
	SigningCertificate pulumi.StringOutput `pulumi:"signingCertificate"`
	// (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.
	SigningCertificateSha1 pulumi.StringOutput `pulumi:"signingCertificateSha1"`
	// If documents or assertions from the client are signed, this private key will be used to verify the signature.
	SigningPrivateKey pulumi.StringOutput `pulumi:"signingPrivateKey"`
	// (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.
	SigningPrivateKeySha1 pulumi.StringOutput `pulumi:"signingPrivateKeySha1"`
	// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
	ValidRedirectUris pulumi.StringArrayOutput `pulumi:"validRedirectUris"`
}

Allows for creating and managing Keycloak clients that use the SAML protocol.

Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO.

## Import

Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak

assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.

Example:

bash

```sh $ pulumi import keycloak:saml/client:Client saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352 ```

func GetClient

func GetClient(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ClientState, opts ...pulumi.ResourceOption) (*Client, error)

GetClient gets an existing Client resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewClient

func NewClient(ctx *pulumi.Context,
	name string, args *ClientArgs, opts ...pulumi.ResourceOption) (*Client, error)

NewClient registers a new resource with the given unique name, arguments, and options.

func (*Client) ElementType

func (*Client) ElementType() reflect.Type

func (*Client) ToClientOutput

func (i *Client) ToClientOutput() ClientOutput

func (*Client) ToClientOutputWithContext

func (i *Client) ToClientOutputWithContext(ctx context.Context) ClientOutput

type ClientArgs

type ClientArgs struct {
	// SAML POST Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerPostUrl pulumi.StringPtrInput
	// SAML Redirect Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerRedirectUrl pulumi.StringPtrInput
	// Override realm authentication flow bindings
	AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput
	// When specified, this URL will be used whenever Keycloak needs to link to this client.
	BaseUrl pulumi.StringPtrInput
	// The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE".
	CanonicalizationMethod pulumi.StringPtrInput
	// The unique ID of this client, referenced in the URI during authentication and in issued tokens.
	ClientId pulumi.StringInput
	// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`.
	ClientSignatureRequired pulumi.BoolPtrInput
	// The description of this client in the GUI.
	Description pulumi.StringPtrInput
	// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.
	EncryptAssertions pulumi.BoolPtrInput
	// If assertions for the client are encrypted, this certificate will be used for encryption.
	EncryptionCertificate pulumi.StringPtrInput
	ExtraConfig           pulumi.StringMapInput
	// Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`.
	ForceNameIdFormat pulumi.BoolPtrInput
	// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.
	ForcePostBinding pulumi.BoolPtrInput
	// When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.
	FrontChannelLogout pulumi.BoolPtrInput
	// Allow to include all roles mappings in the access token
	FullScopeAllowed pulumi.BoolPtrInput
	// Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
	IdpInitiatedSsoRelayState pulumi.StringPtrInput
	// URL fragment name to reference client when you want to do IDP Initiated SSO.
	IdpInitiatedSsoUrlName pulumi.StringPtrInput
	// When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.
	IncludeAuthnStatement pulumi.BoolPtrInput
	// The login theme of this client.
	LoginTheme pulumi.StringPtrInput
	// SAML POST Binding URL for the client's single logout service.
	LogoutServicePostBindingUrl pulumi.StringPtrInput
	// SAML Redirect Binding URL for the client's single logout service.
	LogoutServiceRedirectBindingUrl pulumi.StringPtrInput
	// When specified, this URL will be used for all SAML requests.
	MasterSamlProcessingUrl pulumi.StringPtrInput
	// The display name of this client in the GUI.
	Name pulumi.StringPtrInput
	// Sets the Name ID format for the subject.
	NameIdFormat pulumi.StringPtrInput
	// The realm this client is attached to.
	RealmId pulumi.StringInput
	// When specified, this value is prepended to all relative URLs.
	RootUrl pulumi.StringPtrInput
	// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.
	SignAssertions pulumi.BoolPtrInput
	// When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.
	SignDocuments pulumi.BoolPtrInput
	// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1".
	SignatureAlgorithm pulumi.StringPtrInput
	// The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID".
	SignatureKeyName pulumi.StringPtrInput
	// If documents or assertions from the client are signed, this certificate will be used to verify the signature.
	SigningCertificate pulumi.StringPtrInput
	// If documents or assertions from the client are signed, this private key will be used to verify the signature.
	SigningPrivateKey pulumi.StringPtrInput
	// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
	ValidRedirectUris pulumi.StringArrayInput
}

The set of arguments for constructing a Client resource.

func (ClientArgs) ElementType

func (ClientArgs) ElementType() reflect.Type

type ClientArray

type ClientArray []ClientInput

func (ClientArray) ElementType

func (ClientArray) ElementType() reflect.Type

func (ClientArray) ToClientArrayOutput

func (i ClientArray) ToClientArrayOutput() ClientArrayOutput

func (ClientArray) ToClientArrayOutputWithContext

func (i ClientArray) ToClientArrayOutputWithContext(ctx context.Context) ClientArrayOutput

type ClientArrayInput

type ClientArrayInput interface {
	pulumi.Input

	ToClientArrayOutput() ClientArrayOutput
	ToClientArrayOutputWithContext(context.Context) ClientArrayOutput
}

ClientArrayInput is an input type that accepts ClientArray and ClientArrayOutput values. You can construct a concrete instance of `ClientArrayInput` via:

ClientArray{ ClientArgs{...} }

type ClientArrayOutput

type ClientArrayOutput struct{ *pulumi.OutputState }

func (ClientArrayOutput) ElementType

func (ClientArrayOutput) ElementType() reflect.Type

func (ClientArrayOutput) Index

func (ClientArrayOutput) ToClientArrayOutput

func (o ClientArrayOutput) ToClientArrayOutput() ClientArrayOutput

func (ClientArrayOutput) ToClientArrayOutputWithContext

func (o ClientArrayOutput) ToClientArrayOutputWithContext(ctx context.Context) ClientArrayOutput

type ClientAuthenticationFlowBindingOverrides

type ClientAuthenticationFlowBindingOverrides struct {
	// Browser flow id, (flow needs to exist)
	BrowserId *string `pulumi:"browserId"`
	// Direct grant flow id (flow needs to exist)
	DirectGrantId *string `pulumi:"directGrantId"`
}

type ClientAuthenticationFlowBindingOverridesArgs

type ClientAuthenticationFlowBindingOverridesArgs struct {
	// Browser flow id, (flow needs to exist)
	BrowserId pulumi.StringPtrInput `pulumi:"browserId"`
	// Direct grant flow id (flow needs to exist)
	DirectGrantId pulumi.StringPtrInput `pulumi:"directGrantId"`
}

func (ClientAuthenticationFlowBindingOverridesArgs) ElementType

func (ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesOutput

func (i ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesOutput() ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesOutputWithContext

func (i ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesPtrOutput

func (i ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesPtrOutput() ClientAuthenticationFlowBindingOverridesPtrOutput

func (ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext

func (i ClientAuthenticationFlowBindingOverridesArgs) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesPtrOutput

type ClientAuthenticationFlowBindingOverridesInput

type ClientAuthenticationFlowBindingOverridesInput interface {
	pulumi.Input

	ToClientAuthenticationFlowBindingOverridesOutput() ClientAuthenticationFlowBindingOverridesOutput
	ToClientAuthenticationFlowBindingOverridesOutputWithContext(context.Context) ClientAuthenticationFlowBindingOverridesOutput
}

ClientAuthenticationFlowBindingOverridesInput is an input type that accepts ClientAuthenticationFlowBindingOverridesArgs and ClientAuthenticationFlowBindingOverridesOutput values. You can construct a concrete instance of `ClientAuthenticationFlowBindingOverridesInput` via:

ClientAuthenticationFlowBindingOverridesArgs{...}

type ClientAuthenticationFlowBindingOverridesOutput

type ClientAuthenticationFlowBindingOverridesOutput struct{ *pulumi.OutputState }

func (ClientAuthenticationFlowBindingOverridesOutput) BrowserId

Browser flow id, (flow needs to exist)

func (ClientAuthenticationFlowBindingOverridesOutput) DirectGrantId

Direct grant flow id (flow needs to exist)

func (ClientAuthenticationFlowBindingOverridesOutput) ElementType

func (ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesOutput

func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesOutput() ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesOutputWithContext

func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesOutput

func (ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesPtrOutput

func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesPtrOutput() ClientAuthenticationFlowBindingOverridesPtrOutput

func (ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext

func (o ClientAuthenticationFlowBindingOverridesOutput) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesPtrOutput

type ClientAuthenticationFlowBindingOverridesPtrInput

type ClientAuthenticationFlowBindingOverridesPtrInput interface {
	pulumi.Input

	ToClientAuthenticationFlowBindingOverridesPtrOutput() ClientAuthenticationFlowBindingOverridesPtrOutput
	ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext(context.Context) ClientAuthenticationFlowBindingOverridesPtrOutput
}

ClientAuthenticationFlowBindingOverridesPtrInput is an input type that accepts ClientAuthenticationFlowBindingOverridesArgs, ClientAuthenticationFlowBindingOverridesPtr and ClientAuthenticationFlowBindingOverridesPtrOutput values. You can construct a concrete instance of `ClientAuthenticationFlowBindingOverridesPtrInput` via:

        ClientAuthenticationFlowBindingOverridesArgs{...}

or:

        nil

type ClientAuthenticationFlowBindingOverridesPtrOutput

type ClientAuthenticationFlowBindingOverridesPtrOutput struct{ *pulumi.OutputState }

func (ClientAuthenticationFlowBindingOverridesPtrOutput) BrowserId

Browser flow id, (flow needs to exist)

func (ClientAuthenticationFlowBindingOverridesPtrOutput) DirectGrantId

Direct grant flow id (flow needs to exist)

func (ClientAuthenticationFlowBindingOverridesPtrOutput) Elem

func (ClientAuthenticationFlowBindingOverridesPtrOutput) ElementType

func (ClientAuthenticationFlowBindingOverridesPtrOutput) ToClientAuthenticationFlowBindingOverridesPtrOutput

func (o ClientAuthenticationFlowBindingOverridesPtrOutput) ToClientAuthenticationFlowBindingOverridesPtrOutput() ClientAuthenticationFlowBindingOverridesPtrOutput

func (ClientAuthenticationFlowBindingOverridesPtrOutput) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext

func (o ClientAuthenticationFlowBindingOverridesPtrOutput) ToClientAuthenticationFlowBindingOverridesPtrOutputWithContext(ctx context.Context) ClientAuthenticationFlowBindingOverridesPtrOutput

type ClientDefaultScope

type ClientDefaultScope struct {
	pulumi.CustomResourceState

	// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// An array of client scope names to attach to this client.
	DefaultScopes pulumi.StringArrayOutput `pulumi:"defaultScopes"`
	// The realm this client and scopes exists in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

## Example Usage

func GetClientDefaultScope

func GetClientDefaultScope(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ClientDefaultScopeState, opts ...pulumi.ResourceOption) (*ClientDefaultScope, error)

GetClientDefaultScope gets an existing ClientDefaultScope resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewClientDefaultScope

func NewClientDefaultScope(ctx *pulumi.Context,
	name string, args *ClientDefaultScopeArgs, opts ...pulumi.ResourceOption) (*ClientDefaultScope, error)

NewClientDefaultScope registers a new resource with the given unique name, arguments, and options.

func (*ClientDefaultScope) ElementType

func (*ClientDefaultScope) ElementType() reflect.Type

func (*ClientDefaultScope) ToClientDefaultScopeOutput

func (i *ClientDefaultScope) ToClientDefaultScopeOutput() ClientDefaultScopeOutput

func (*ClientDefaultScope) ToClientDefaultScopeOutputWithContext

func (i *ClientDefaultScope) ToClientDefaultScopeOutputWithContext(ctx context.Context) ClientDefaultScopeOutput

type ClientDefaultScopeArgs

type ClientDefaultScopeArgs struct {
	// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.
	ClientId pulumi.StringInput
	// An array of client scope names to attach to this client.
	DefaultScopes pulumi.StringArrayInput
	// The realm this client and scopes exists in.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a ClientDefaultScope resource.

func (ClientDefaultScopeArgs) ElementType

func (ClientDefaultScopeArgs) ElementType() reflect.Type

type ClientDefaultScopeArray

type ClientDefaultScopeArray []ClientDefaultScopeInput

func (ClientDefaultScopeArray) ElementType

func (ClientDefaultScopeArray) ElementType() reflect.Type

func (ClientDefaultScopeArray) ToClientDefaultScopeArrayOutput

func (i ClientDefaultScopeArray) ToClientDefaultScopeArrayOutput() ClientDefaultScopeArrayOutput

func (ClientDefaultScopeArray) ToClientDefaultScopeArrayOutputWithContext

func (i ClientDefaultScopeArray) ToClientDefaultScopeArrayOutputWithContext(ctx context.Context) ClientDefaultScopeArrayOutput

type ClientDefaultScopeArrayInput

type ClientDefaultScopeArrayInput interface {
	pulumi.Input

	ToClientDefaultScopeArrayOutput() ClientDefaultScopeArrayOutput
	ToClientDefaultScopeArrayOutputWithContext(context.Context) ClientDefaultScopeArrayOutput
}

ClientDefaultScopeArrayInput is an input type that accepts ClientDefaultScopeArray and ClientDefaultScopeArrayOutput values. You can construct a concrete instance of `ClientDefaultScopeArrayInput` via:

ClientDefaultScopeArray{ ClientDefaultScopeArgs{...} }

type ClientDefaultScopeArrayOutput

type ClientDefaultScopeArrayOutput struct{ *pulumi.OutputState }

func (ClientDefaultScopeArrayOutput) ElementType

func (ClientDefaultScopeArrayOutput) Index

func (ClientDefaultScopeArrayOutput) ToClientDefaultScopeArrayOutput

func (o ClientDefaultScopeArrayOutput) ToClientDefaultScopeArrayOutput() ClientDefaultScopeArrayOutput

func (ClientDefaultScopeArrayOutput) ToClientDefaultScopeArrayOutputWithContext

func (o ClientDefaultScopeArrayOutput) ToClientDefaultScopeArrayOutputWithContext(ctx context.Context) ClientDefaultScopeArrayOutput

type ClientDefaultScopeInput

type ClientDefaultScopeInput interface {
	pulumi.Input

	ToClientDefaultScopeOutput() ClientDefaultScopeOutput
	ToClientDefaultScopeOutputWithContext(ctx context.Context) ClientDefaultScopeOutput
}

type ClientDefaultScopeMap

type ClientDefaultScopeMap map[string]ClientDefaultScopeInput

func (ClientDefaultScopeMap) ElementType

func (ClientDefaultScopeMap) ElementType() reflect.Type

func (ClientDefaultScopeMap) ToClientDefaultScopeMapOutput

func (i ClientDefaultScopeMap) ToClientDefaultScopeMapOutput() ClientDefaultScopeMapOutput

func (ClientDefaultScopeMap) ToClientDefaultScopeMapOutputWithContext

func (i ClientDefaultScopeMap) ToClientDefaultScopeMapOutputWithContext(ctx context.Context) ClientDefaultScopeMapOutput

type ClientDefaultScopeMapInput

type ClientDefaultScopeMapInput interface {
	pulumi.Input

	ToClientDefaultScopeMapOutput() ClientDefaultScopeMapOutput
	ToClientDefaultScopeMapOutputWithContext(context.Context) ClientDefaultScopeMapOutput
}

ClientDefaultScopeMapInput is an input type that accepts ClientDefaultScopeMap and ClientDefaultScopeMapOutput values. You can construct a concrete instance of `ClientDefaultScopeMapInput` via:

ClientDefaultScopeMap{ "key": ClientDefaultScopeArgs{...} }

type ClientDefaultScopeMapOutput

type ClientDefaultScopeMapOutput struct{ *pulumi.OutputState }

func (ClientDefaultScopeMapOutput) ElementType

func (ClientDefaultScopeMapOutput) MapIndex

func (ClientDefaultScopeMapOutput) ToClientDefaultScopeMapOutput

func (o ClientDefaultScopeMapOutput) ToClientDefaultScopeMapOutput() ClientDefaultScopeMapOutput

func (ClientDefaultScopeMapOutput) ToClientDefaultScopeMapOutputWithContext

func (o ClientDefaultScopeMapOutput) ToClientDefaultScopeMapOutputWithContext(ctx context.Context) ClientDefaultScopeMapOutput

type ClientDefaultScopeOutput

type ClientDefaultScopeOutput struct{ *pulumi.OutputState }

func (ClientDefaultScopeOutput) ClientId

The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.

func (ClientDefaultScopeOutput) DefaultScopes

An array of client scope names to attach to this client.

func (ClientDefaultScopeOutput) ElementType

func (ClientDefaultScopeOutput) ElementType() reflect.Type

func (ClientDefaultScopeOutput) RealmId

The realm this client and scopes exists in.

func (ClientDefaultScopeOutput) ToClientDefaultScopeOutput

func (o ClientDefaultScopeOutput) ToClientDefaultScopeOutput() ClientDefaultScopeOutput

func (ClientDefaultScopeOutput) ToClientDefaultScopeOutputWithContext

func (o ClientDefaultScopeOutput) ToClientDefaultScopeOutputWithContext(ctx context.Context) ClientDefaultScopeOutput

type ClientDefaultScopeState

type ClientDefaultScopeState struct {
	// The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.
	ClientId pulumi.StringPtrInput
	// An array of client scope names to attach to this client.
	DefaultScopes pulumi.StringArrayInput
	// The realm this client and scopes exists in.
	RealmId pulumi.StringPtrInput
}

func (ClientDefaultScopeState) ElementType

func (ClientDefaultScopeState) ElementType() reflect.Type

type ClientInput

type ClientInput interface {
	pulumi.Input

	ToClientOutput() ClientOutput
	ToClientOutputWithContext(ctx context.Context) ClientOutput
}

type ClientMap

type ClientMap map[string]ClientInput

func (ClientMap) ElementType

func (ClientMap) ElementType() reflect.Type

func (ClientMap) ToClientMapOutput

func (i ClientMap) ToClientMapOutput() ClientMapOutput

func (ClientMap) ToClientMapOutputWithContext

func (i ClientMap) ToClientMapOutputWithContext(ctx context.Context) ClientMapOutput

type ClientMapInput

type ClientMapInput interface {
	pulumi.Input

	ToClientMapOutput() ClientMapOutput
	ToClientMapOutputWithContext(context.Context) ClientMapOutput
}

ClientMapInput is an input type that accepts ClientMap and ClientMapOutput values. You can construct a concrete instance of `ClientMapInput` via:

ClientMap{ "key": ClientArgs{...} }

type ClientMapOutput

type ClientMapOutput struct{ *pulumi.OutputState }

func (ClientMapOutput) ElementType

func (ClientMapOutput) ElementType() reflect.Type

func (ClientMapOutput) MapIndex

func (ClientMapOutput) ToClientMapOutput

func (o ClientMapOutput) ToClientMapOutput() ClientMapOutput

func (ClientMapOutput) ToClientMapOutputWithContext

func (o ClientMapOutput) ToClientMapOutputWithContext(ctx context.Context) ClientMapOutput

type ClientOutput

type ClientOutput struct{ *pulumi.OutputState }

func (ClientOutput) AssertionConsumerPostUrl

func (o ClientOutput) AssertionConsumerPostUrl() pulumi.StringPtrOutput

SAML POST Binding URL for the client's assertion consumer service (login responses).

func (ClientOutput) AssertionConsumerRedirectUrl

func (o ClientOutput) AssertionConsumerRedirectUrl() pulumi.StringPtrOutput

SAML Redirect Binding URL for the client's assertion consumer service (login responses).

func (ClientOutput) AuthenticationFlowBindingOverrides

func (o ClientOutput) AuthenticationFlowBindingOverrides() ClientAuthenticationFlowBindingOverridesPtrOutput

Override realm authentication flow bindings

func (ClientOutput) BaseUrl

func (o ClientOutput) BaseUrl() pulumi.StringPtrOutput

When specified, this URL will be used whenever Keycloak needs to link to this client.

func (ClientOutput) CanonicalizationMethod

func (o ClientOutput) CanonicalizationMethod() pulumi.StringPtrOutput

The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE".

func (ClientOutput) ClientId

func (o ClientOutput) ClientId() pulumi.StringOutput

The unique ID of this client, referenced in the URI during authentication and in issued tokens.

func (ClientOutput) ClientSignatureRequired

func (o ClientOutput) ClientSignatureRequired() pulumi.BoolPtrOutput

When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`.

func (ClientOutput) Description

func (o ClientOutput) Description() pulumi.StringPtrOutput

The description of this client in the GUI.

func (ClientOutput) ElementType

func (ClientOutput) ElementType() reflect.Type

func (ClientOutput) Enabled

func (o ClientOutput) Enabled() pulumi.BoolPtrOutput

When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.

func (ClientOutput) EncryptAssertions

func (o ClientOutput) EncryptAssertions() pulumi.BoolPtrOutput

When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.

func (ClientOutput) EncryptionCertificate

func (o ClientOutput) EncryptionCertificate() pulumi.StringOutput

If assertions for the client are encrypted, this certificate will be used for encryption.

func (ClientOutput) EncryptionCertificateSha1

func (o ClientOutput) EncryptionCertificateSha1() pulumi.StringOutput

(Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.

func (ClientOutput) ExtraConfig

func (o ClientOutput) ExtraConfig() pulumi.StringMapOutput

func (ClientOutput) ForceNameIdFormat

func (o ClientOutput) ForceNameIdFormat() pulumi.BoolPtrOutput

Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`.

func (ClientOutput) ForcePostBinding

func (o ClientOutput) ForcePostBinding() pulumi.BoolPtrOutput

When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.

func (ClientOutput) FrontChannelLogout

func (o ClientOutput) FrontChannelLogout() pulumi.BoolPtrOutput

When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.

func (ClientOutput) FullScopeAllowed

func (o ClientOutput) FullScopeAllowed() pulumi.BoolPtrOutput

Allow to include all roles mappings in the access token

func (ClientOutput) IdpInitiatedSsoRelayState

func (o ClientOutput) IdpInitiatedSsoRelayState() pulumi.StringPtrOutput

Relay state you want to send with SAML request when you want to do IDP Initiated SSO.

func (ClientOutput) IdpInitiatedSsoUrlName

func (o ClientOutput) IdpInitiatedSsoUrlName() pulumi.StringPtrOutput

URL fragment name to reference client when you want to do IDP Initiated SSO.

func (ClientOutput) IncludeAuthnStatement

func (o ClientOutput) IncludeAuthnStatement() pulumi.BoolPtrOutput

When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.

func (ClientOutput) LoginTheme

func (o ClientOutput) LoginTheme() pulumi.StringPtrOutput

The login theme of this client.

func (ClientOutput) LogoutServicePostBindingUrl

func (o ClientOutput) LogoutServicePostBindingUrl() pulumi.StringPtrOutput

SAML POST Binding URL for the client's single logout service.

func (ClientOutput) LogoutServiceRedirectBindingUrl

func (o ClientOutput) LogoutServiceRedirectBindingUrl() pulumi.StringPtrOutput

SAML Redirect Binding URL for the client's single logout service.

func (ClientOutput) MasterSamlProcessingUrl

func (o ClientOutput) MasterSamlProcessingUrl() pulumi.StringPtrOutput

When specified, this URL will be used for all SAML requests.

func (ClientOutput) Name

func (o ClientOutput) Name() pulumi.StringOutput

The display name of this client in the GUI.

func (ClientOutput) NameIdFormat

func (o ClientOutput) NameIdFormat() pulumi.StringOutput

Sets the Name ID format for the subject.

func (ClientOutput) RealmId

func (o ClientOutput) RealmId() pulumi.StringOutput

The realm this client is attached to.

func (ClientOutput) RootUrl

func (o ClientOutput) RootUrl() pulumi.StringPtrOutput

When specified, this value is prepended to all relative URLs.

func (ClientOutput) SignAssertions

func (o ClientOutput) SignAssertions() pulumi.BoolPtrOutput

When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.

func (ClientOutput) SignDocuments

func (o ClientOutput) SignDocuments() pulumi.BoolPtrOutput

When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.

func (ClientOutput) SignatureAlgorithm

func (o ClientOutput) SignatureAlgorithm() pulumi.StringPtrOutput

The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1".

func (ClientOutput) SignatureKeyName

func (o ClientOutput) SignatureKeyName() pulumi.StringPtrOutput

The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID".

func (ClientOutput) SigningCertificate

func (o ClientOutput) SigningCertificate() pulumi.StringOutput

If documents or assertions from the client are signed, this certificate will be used to verify the signature.

func (ClientOutput) SigningCertificateSha1

func (o ClientOutput) SigningCertificateSha1() pulumi.StringOutput

(Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.

func (ClientOutput) SigningPrivateKey

func (o ClientOutput) SigningPrivateKey() pulumi.StringOutput

If documents or assertions from the client are signed, this private key will be used to verify the signature.

func (ClientOutput) SigningPrivateKeySha1

func (o ClientOutput) SigningPrivateKeySha1() pulumi.StringOutput

(Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.

func (ClientOutput) ToClientOutput

func (o ClientOutput) ToClientOutput() ClientOutput

func (ClientOutput) ToClientOutputWithContext

func (o ClientOutput) ToClientOutputWithContext(ctx context.Context) ClientOutput

func (ClientOutput) ValidRedirectUris

func (o ClientOutput) ValidRedirectUris() pulumi.StringArrayOutput

When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.

type ClientScope

type ClientScope struct {
	pulumi.CustomResourceState

	// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.
	ConsentScreenText pulumi.StringPtrOutput `pulumi:"consentScreenText"`
	// The description of this client scope in the GUI.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specify order of the client scope in GUI (such as in Consent page) as integer.
	GuiOrder pulumi.IntPtrOutput `pulumi:"guiOrder"`
	// The display name of this client scope in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm this client scope belongs to.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

Allows for creating and managing Keycloak client scopes that can be attached to clients that use the SAML protocol.

Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewClientScope(ctx, "saml_client_scope", &saml.ClientScopeArgs{
			RealmId:     realm.ID(),
			Name:        pulumi.String("groups"),
			Description: pulumi.String("This scope will map a user's group memberships to SAML assertion"),
			GuiOrder:    pulumi.Int(1),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Client scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak

assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.

Example:

bash

```sh $ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e ```

func GetClientScope

func GetClientScope(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ClientScopeState, opts ...pulumi.ResourceOption) (*ClientScope, error)

GetClientScope gets an existing ClientScope resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewClientScope

func NewClientScope(ctx *pulumi.Context,
	name string, args *ClientScopeArgs, opts ...pulumi.ResourceOption) (*ClientScope, error)

NewClientScope registers a new resource with the given unique name, arguments, and options.

func (*ClientScope) ElementType

func (*ClientScope) ElementType() reflect.Type

func (*ClientScope) ToClientScopeOutput

func (i *ClientScope) ToClientScopeOutput() ClientScopeOutput

func (*ClientScope) ToClientScopeOutputWithContext

func (i *ClientScope) ToClientScopeOutputWithContext(ctx context.Context) ClientScopeOutput

type ClientScopeArgs

type ClientScopeArgs struct {
	// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.
	ConsentScreenText pulumi.StringPtrInput
	// The description of this client scope in the GUI.
	Description pulumi.StringPtrInput
	// Specify order of the client scope in GUI (such as in Consent page) as integer.
	GuiOrder pulumi.IntPtrInput
	// The display name of this client scope in the GUI.
	Name pulumi.StringPtrInput
	// The realm this client scope belongs to.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a ClientScope resource.

func (ClientScopeArgs) ElementType

func (ClientScopeArgs) ElementType() reflect.Type

type ClientScopeArray

type ClientScopeArray []ClientScopeInput

func (ClientScopeArray) ElementType

func (ClientScopeArray) ElementType() reflect.Type

func (ClientScopeArray) ToClientScopeArrayOutput

func (i ClientScopeArray) ToClientScopeArrayOutput() ClientScopeArrayOutput

func (ClientScopeArray) ToClientScopeArrayOutputWithContext

func (i ClientScopeArray) ToClientScopeArrayOutputWithContext(ctx context.Context) ClientScopeArrayOutput

type ClientScopeArrayInput

type ClientScopeArrayInput interface {
	pulumi.Input

	ToClientScopeArrayOutput() ClientScopeArrayOutput
	ToClientScopeArrayOutputWithContext(context.Context) ClientScopeArrayOutput
}

ClientScopeArrayInput is an input type that accepts ClientScopeArray and ClientScopeArrayOutput values. You can construct a concrete instance of `ClientScopeArrayInput` via:

ClientScopeArray{ ClientScopeArgs{...} }

type ClientScopeArrayOutput

type ClientScopeArrayOutput struct{ *pulumi.OutputState }

func (ClientScopeArrayOutput) ElementType

func (ClientScopeArrayOutput) ElementType() reflect.Type

func (ClientScopeArrayOutput) Index

func (ClientScopeArrayOutput) ToClientScopeArrayOutput

func (o ClientScopeArrayOutput) ToClientScopeArrayOutput() ClientScopeArrayOutput

func (ClientScopeArrayOutput) ToClientScopeArrayOutputWithContext

func (o ClientScopeArrayOutput) ToClientScopeArrayOutputWithContext(ctx context.Context) ClientScopeArrayOutput

type ClientScopeInput

type ClientScopeInput interface {
	pulumi.Input

	ToClientScopeOutput() ClientScopeOutput
	ToClientScopeOutputWithContext(ctx context.Context) ClientScopeOutput
}

type ClientScopeMap

type ClientScopeMap map[string]ClientScopeInput

func (ClientScopeMap) ElementType

func (ClientScopeMap) ElementType() reflect.Type

func (ClientScopeMap) ToClientScopeMapOutput

func (i ClientScopeMap) ToClientScopeMapOutput() ClientScopeMapOutput

func (ClientScopeMap) ToClientScopeMapOutputWithContext

func (i ClientScopeMap) ToClientScopeMapOutputWithContext(ctx context.Context) ClientScopeMapOutput

type ClientScopeMapInput

type ClientScopeMapInput interface {
	pulumi.Input

	ToClientScopeMapOutput() ClientScopeMapOutput
	ToClientScopeMapOutputWithContext(context.Context) ClientScopeMapOutput
}

ClientScopeMapInput is an input type that accepts ClientScopeMap and ClientScopeMapOutput values. You can construct a concrete instance of `ClientScopeMapInput` via:

ClientScopeMap{ "key": ClientScopeArgs{...} }

type ClientScopeMapOutput

type ClientScopeMapOutput struct{ *pulumi.OutputState }

func (ClientScopeMapOutput) ElementType

func (ClientScopeMapOutput) ElementType() reflect.Type

func (ClientScopeMapOutput) MapIndex

func (ClientScopeMapOutput) ToClientScopeMapOutput

func (o ClientScopeMapOutput) ToClientScopeMapOutput() ClientScopeMapOutput

func (ClientScopeMapOutput) ToClientScopeMapOutputWithContext

func (o ClientScopeMapOutput) ToClientScopeMapOutputWithContext(ctx context.Context) ClientScopeMapOutput

type ClientScopeOutput

type ClientScopeOutput struct{ *pulumi.OutputState }

func (ClientScopeOutput) ConsentScreenText

func (o ClientScopeOutput) ConsentScreenText() pulumi.StringPtrOutput

When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.

func (ClientScopeOutput) Description

func (o ClientScopeOutput) Description() pulumi.StringPtrOutput

The description of this client scope in the GUI.

func (ClientScopeOutput) ElementType

func (ClientScopeOutput) ElementType() reflect.Type

func (ClientScopeOutput) GuiOrder

func (o ClientScopeOutput) GuiOrder() pulumi.IntPtrOutput

Specify order of the client scope in GUI (such as in Consent page) as integer.

func (ClientScopeOutput) Name

The display name of this client scope in the GUI.

func (ClientScopeOutput) RealmId

The realm this client scope belongs to.

func (ClientScopeOutput) ToClientScopeOutput

func (o ClientScopeOutput) ToClientScopeOutput() ClientScopeOutput

func (ClientScopeOutput) ToClientScopeOutputWithContext

func (o ClientScopeOutput) ToClientScopeOutputWithContext(ctx context.Context) ClientScopeOutput

type ClientScopeState

type ClientScopeState struct {
	// When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.
	ConsentScreenText pulumi.StringPtrInput
	// The description of this client scope in the GUI.
	Description pulumi.StringPtrInput
	// Specify order of the client scope in GUI (such as in Consent page) as integer.
	GuiOrder pulumi.IntPtrInput
	// The display name of this client scope in the GUI.
	Name pulumi.StringPtrInput
	// The realm this client scope belongs to.
	RealmId pulumi.StringPtrInput
}

func (ClientScopeState) ElementType

func (ClientScopeState) ElementType() reflect.Type

type ClientState

type ClientState struct {
	// SAML POST Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerPostUrl pulumi.StringPtrInput
	// SAML Redirect Binding URL for the client's assertion consumer service (login responses).
	AssertionConsumerRedirectUrl pulumi.StringPtrInput
	// Override realm authentication flow bindings
	AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesPtrInput
	// When specified, this URL will be used whenever Keycloak needs to link to this client.
	BaseUrl pulumi.StringPtrInput
	// The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE".
	CanonicalizationMethod pulumi.StringPtrInput
	// The unique ID of this client, referenced in the URI during authentication and in issued tokens.
	ClientId pulumi.StringPtrInput
	// When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. Defaults to `true`.
	ClientSignatureRequired pulumi.BoolPtrInput
	// The description of this client in the GUI.
	Description pulumi.StringPtrInput
	// When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// When `true`, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to `false`.
	EncryptAssertions pulumi.BoolPtrInput
	// If assertions for the client are encrypted, this certificate will be used for encryption.
	EncryptionCertificate pulumi.StringPtrInput
	// (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.
	EncryptionCertificateSha1 pulumi.StringPtrInput
	ExtraConfig               pulumi.StringMapInput
	// Ignore requested NameID subject format and use the one defined in `nameIdFormat` instead. Defaults to `false`.
	ForceNameIdFormat pulumi.BoolPtrInput
	// When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to `true`.
	ForcePostBinding pulumi.BoolPtrInput
	// When `true`, this client will require a browser redirect in order to perform a logout. Defaults to `true`.
	FrontChannelLogout pulumi.BoolPtrInput
	// Allow to include all roles mappings in the access token
	FullScopeAllowed pulumi.BoolPtrInput
	// Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
	IdpInitiatedSsoRelayState pulumi.StringPtrInput
	// URL fragment name to reference client when you want to do IDP Initiated SSO.
	IdpInitiatedSsoUrlName pulumi.StringPtrInput
	// When `true`, an `AuthnStatement` will be included in the SAML response. Defaults to `true`.
	IncludeAuthnStatement pulumi.BoolPtrInput
	// The login theme of this client.
	LoginTheme pulumi.StringPtrInput
	// SAML POST Binding URL for the client's single logout service.
	LogoutServicePostBindingUrl pulumi.StringPtrInput
	// SAML Redirect Binding URL for the client's single logout service.
	LogoutServiceRedirectBindingUrl pulumi.StringPtrInput
	// When specified, this URL will be used for all SAML requests.
	MasterSamlProcessingUrl pulumi.StringPtrInput
	// The display name of this client in the GUI.
	Name pulumi.StringPtrInput
	// Sets the Name ID format for the subject.
	NameIdFormat pulumi.StringPtrInput
	// The realm this client is attached to.
	RealmId pulumi.StringPtrInput
	// When specified, this value is prepended to all relative URLs.
	RootUrl pulumi.StringPtrInput
	// When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to `false`.
	SignAssertions pulumi.BoolPtrInput
	// When `true`, the SAML document will be signed by Keycloak using the realm's private key. Defaults to `true`.
	SignDocuments pulumi.BoolPtrInput
	// The signature algorithm used to sign documents. Should be one of "RSA_SHA1", "RSA_SHA256", "RSA_SHA256_MGF1, "RSA_SHA512", "RSA_SHA512_MGF1" or "DSA_SHA1".
	SignatureAlgorithm pulumi.StringPtrInput
	// The value of the `KeyName` element within the signed SAML document. Should be one of "NONE", "KEY_ID", or "CERT_SUBJECT". Defaults to "KEY_ID".
	SignatureKeyName pulumi.StringPtrInput
	// If documents or assertions from the client are signed, this certificate will be used to verify the signature.
	SigningCertificate pulumi.StringPtrInput
	// (Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.
	SigningCertificateSha1 pulumi.StringPtrInput
	// If documents or assertions from the client are signed, this private key will be used to verify the signature.
	SigningPrivateKey pulumi.StringPtrInput
	// (Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.
	SigningPrivateKeySha1 pulumi.StringPtrInput
	// When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
	ValidRedirectUris pulumi.StringArrayInput
}

func (ClientState) ElementType

func (ClientState) ElementType() reflect.Type

type GetClientAuthenticationFlowBindingOverride

type GetClientAuthenticationFlowBindingOverride struct {
	BrowserId     string `pulumi:"browserId"`
	DirectGrantId string `pulumi:"directGrantId"`
}

type GetClientAuthenticationFlowBindingOverrideArgs

type GetClientAuthenticationFlowBindingOverrideArgs struct {
	BrowserId     pulumi.StringInput `pulumi:"browserId"`
	DirectGrantId pulumi.StringInput `pulumi:"directGrantId"`
}

func (GetClientAuthenticationFlowBindingOverrideArgs) ElementType

func (GetClientAuthenticationFlowBindingOverrideArgs) ToGetClientAuthenticationFlowBindingOverrideOutput

func (i GetClientAuthenticationFlowBindingOverrideArgs) ToGetClientAuthenticationFlowBindingOverrideOutput() GetClientAuthenticationFlowBindingOverrideOutput

func (GetClientAuthenticationFlowBindingOverrideArgs) ToGetClientAuthenticationFlowBindingOverrideOutputWithContext

func (i GetClientAuthenticationFlowBindingOverrideArgs) ToGetClientAuthenticationFlowBindingOverrideOutputWithContext(ctx context.Context) GetClientAuthenticationFlowBindingOverrideOutput

type GetClientAuthenticationFlowBindingOverrideArray

type GetClientAuthenticationFlowBindingOverrideArray []GetClientAuthenticationFlowBindingOverrideInput

func (GetClientAuthenticationFlowBindingOverrideArray) ElementType

func (GetClientAuthenticationFlowBindingOverrideArray) ToGetClientAuthenticationFlowBindingOverrideArrayOutput

func (i GetClientAuthenticationFlowBindingOverrideArray) ToGetClientAuthenticationFlowBindingOverrideArrayOutput() GetClientAuthenticationFlowBindingOverrideArrayOutput

func (GetClientAuthenticationFlowBindingOverrideArray) ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext

func (i GetClientAuthenticationFlowBindingOverrideArray) ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext(ctx context.Context) GetClientAuthenticationFlowBindingOverrideArrayOutput

type GetClientAuthenticationFlowBindingOverrideArrayInput

type GetClientAuthenticationFlowBindingOverrideArrayInput interface {
	pulumi.Input

	ToGetClientAuthenticationFlowBindingOverrideArrayOutput() GetClientAuthenticationFlowBindingOverrideArrayOutput
	ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext(context.Context) GetClientAuthenticationFlowBindingOverrideArrayOutput
}

GetClientAuthenticationFlowBindingOverrideArrayInput is an input type that accepts GetClientAuthenticationFlowBindingOverrideArray and GetClientAuthenticationFlowBindingOverrideArrayOutput values. You can construct a concrete instance of `GetClientAuthenticationFlowBindingOverrideArrayInput` via:

GetClientAuthenticationFlowBindingOverrideArray{ GetClientAuthenticationFlowBindingOverrideArgs{...} }

type GetClientAuthenticationFlowBindingOverrideArrayOutput

type GetClientAuthenticationFlowBindingOverrideArrayOutput struct{ *pulumi.OutputState }

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) ElementType

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) Index

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) ToGetClientAuthenticationFlowBindingOverrideArrayOutput

func (GetClientAuthenticationFlowBindingOverrideArrayOutput) ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext

func (o GetClientAuthenticationFlowBindingOverrideArrayOutput) ToGetClientAuthenticationFlowBindingOverrideArrayOutputWithContext(ctx context.Context) GetClientAuthenticationFlowBindingOverrideArrayOutput

type GetClientAuthenticationFlowBindingOverrideInput

type GetClientAuthenticationFlowBindingOverrideInput interface {
	pulumi.Input

	ToGetClientAuthenticationFlowBindingOverrideOutput() GetClientAuthenticationFlowBindingOverrideOutput
	ToGetClientAuthenticationFlowBindingOverrideOutputWithContext(context.Context) GetClientAuthenticationFlowBindingOverrideOutput
}

GetClientAuthenticationFlowBindingOverrideInput is an input type that accepts GetClientAuthenticationFlowBindingOverrideArgs and GetClientAuthenticationFlowBindingOverrideOutput values. You can construct a concrete instance of `GetClientAuthenticationFlowBindingOverrideInput` via:

GetClientAuthenticationFlowBindingOverrideArgs{...}

type GetClientAuthenticationFlowBindingOverrideOutput

type GetClientAuthenticationFlowBindingOverrideOutput struct{ *pulumi.OutputState }

func (GetClientAuthenticationFlowBindingOverrideOutput) BrowserId

func (GetClientAuthenticationFlowBindingOverrideOutput) DirectGrantId

func (GetClientAuthenticationFlowBindingOverrideOutput) ElementType

func (GetClientAuthenticationFlowBindingOverrideOutput) ToGetClientAuthenticationFlowBindingOverrideOutput

func (o GetClientAuthenticationFlowBindingOverrideOutput) ToGetClientAuthenticationFlowBindingOverrideOutput() GetClientAuthenticationFlowBindingOverrideOutput

func (GetClientAuthenticationFlowBindingOverrideOutput) ToGetClientAuthenticationFlowBindingOverrideOutputWithContext

func (o GetClientAuthenticationFlowBindingOverrideOutput) ToGetClientAuthenticationFlowBindingOverrideOutputWithContext(ctx context.Context) GetClientAuthenticationFlowBindingOverrideOutput

type GetClientInstallationProviderArgs

type GetClientInstallationProviderArgs struct {
	// The ID of the SAML client. The `id` attribute of a `keycloakClient` resource should be used here.
	ClientId string `pulumi:"clientId"`
	// The ID of the SAML installation provider. Could be one of `saml-idp-descriptor`, `keycloak-saml`, `saml-sp-descriptor`, `keycloak-saml-subsystem`, `mod-auth-mellon`, etc.
	ProviderId string `pulumi:"providerId"`
	// The realm that the SAML client exists within.
	RealmId string `pulumi:"realmId"`
}

A collection of arguments for invoking getClientInstallationProvider.

type GetClientInstallationProviderOutputArgs

type GetClientInstallationProviderOutputArgs struct {
	// The ID of the SAML client. The `id` attribute of a `keycloakClient` resource should be used here.
	ClientId pulumi.StringInput `pulumi:"clientId"`
	// The ID of the SAML installation provider. Could be one of `saml-idp-descriptor`, `keycloak-saml`, `saml-sp-descriptor`, `keycloak-saml-subsystem`, `mod-auth-mellon`, etc.
	ProviderId pulumi.StringInput `pulumi:"providerId"`
	// The realm that the SAML client exists within.
	RealmId pulumi.StringInput `pulumi:"realmId"`
}

A collection of arguments for invoking getClientInstallationProvider.

func (GetClientInstallationProviderOutputArgs) ElementType

type GetClientInstallationProviderResult

type GetClientInstallationProviderResult struct {
	ClientId string `pulumi:"clientId"`
	// The provider-assigned unique ID for this managed resource.
	Id         string `pulumi:"id"`
	ProviderId string `pulumi:"providerId"`
	RealmId    string `pulumi:"realmId"`
	// (Computed) The returned document needed for SAML installation.
	Value string `pulumi:"value"`
}

A collection of values returned by getClientInstallationProvider.

func GetClientInstallationProvider

This data source can be used to retrieve Installation Provider of a SAML Client.

type GetClientInstallationProviderResultOutput

type GetClientInstallationProviderResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getClientInstallationProvider.

func (GetClientInstallationProviderResultOutput) ClientId

func (GetClientInstallationProviderResultOutput) ElementType

func (GetClientInstallationProviderResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (GetClientInstallationProviderResultOutput) ProviderId

func (GetClientInstallationProviderResultOutput) RealmId

func (GetClientInstallationProviderResultOutput) ToGetClientInstallationProviderResultOutput

func (o GetClientInstallationProviderResultOutput) ToGetClientInstallationProviderResultOutput() GetClientInstallationProviderResultOutput

func (GetClientInstallationProviderResultOutput) ToGetClientInstallationProviderResultOutputWithContext

func (o GetClientInstallationProviderResultOutput) ToGetClientInstallationProviderResultOutputWithContext(ctx context.Context) GetClientInstallationProviderResultOutput

func (GetClientInstallationProviderResultOutput) Value

(Computed) The returned document needed for SAML installation.

type IdentityProvider

type IdentityProvider struct {
	pulumi.CustomResourceState

	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrOutput `pulumi:"addReadTokenRoleOnCreate"`
	// The unique name of identity provider.
	Alias pulumi.StringOutput `pulumi:"alias"`
	// Authenticate users by default. Defaults to `false`.
	AuthenticateByDefault pulumi.BoolPtrOutput `pulumi:"authenticateByDefault"`
	// Ordered list of requested AuthnContext ClassRefs.
	AuthnContextClassRefs pulumi.StringArrayOutput `pulumi:"authnContextClassRefs"`
	// Specifies the comparison method used to evaluate the requested context classes or statements.
	AuthnContextComparisonType pulumi.StringPtrOutput `pulumi:"authnContextComparisonType"`
	// Ordered list of requested AuthnContext DeclRefs.
	AuthnContextDeclRefs pulumi.StringArrayOutput `pulumi:"authnContextDeclRefs"`
	// Does the external IDP support backchannel logout?. Defaults to `false`.
	BackchannelSupported pulumi.BoolPtrOutput `pulumi:"backchannelSupported"`
	// The display name for the realm that is shown when logging in to the admin console.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// When `false`, users and clients will not be able to access this realm. Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The Entity ID that will be used to uniquely identify this SAML Service Provider.
	EntityId    pulumi.StringOutput    `pulumi:"entityId"`
	ExtraConfig pulumi.StringMapOutput `pulumi:"extraConfig"`
	// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"firstBrokerLoginFlowAlias"`
	// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
	ForceAuthn pulumi.BoolPtrOutput `pulumi:"forceAuthn"`
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrOutput `pulumi:"guiOrder"`
	// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
	HideOnLoginPage pulumi.BoolPtrOutput `pulumi:"hideOnLoginPage"`
	// Internal Identity Provider Id
	InternalId pulumi.StringOutput `pulumi:"internalId"`
	// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"`
	// Login Hint.
	LoginHint pulumi.StringPtrOutput `pulumi:"loginHint"`
	// Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
	NameIdPolicyFormat pulumi.StringPtrOutput `pulumi:"nameIdPolicyFormat"`
	// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingAuthnRequest pulumi.BoolPtrOutput `pulumi:"postBindingAuthnRequest"`
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingLogout pulumi.BoolPtrOutput `pulumi:"postBindingLogout"`
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
	PostBindingResponse pulumi.BoolPtrOutput `pulumi:"postBindingResponse"`
	// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
	PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"`
	// The principal attribute.
	PrincipalAttribute pulumi.StringPtrOutput `pulumi:"principalAttribute"`
	// The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.
	PrincipalType pulumi.StringPtrOutput `pulumi:"principalType"`
	// The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrOutput `pulumi:"providerId"`
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringOutput `pulumi:"realm"`
	// Signing Algorithm. Defaults to empty.
	SignatureAlgorithm pulumi.StringPtrOutput `pulumi:"signatureAlgorithm"`
	// Signing Certificate.
	SigningCertificate pulumi.StringPtrOutput `pulumi:"signingCertificate"`
	// The Url that must be used to send logout requests.
	SingleLogoutServiceUrl pulumi.StringPtrOutput `pulumi:"singleLogoutServiceUrl"`
	// The Url that must be used to send authentication requests (SAML AuthnRequest).
	SingleSignOnServiceUrl pulumi.StringOutput `pulumi:"singleSignOnServiceUrl"`
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrOutput `pulumi:"storeToken"`
	// The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrOutput `pulumi:"syncMode"`
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"`
	// Enable/disable signature validation of SAML responses.
	ValidateSignature pulumi.BoolPtrOutput `pulumi:"validateSignature"`
	// Indicates whether this service provider expects an encrypted Assertion.
	WantAssertionsEncrypted pulumi.BoolPtrOutput `pulumi:"wantAssertionsEncrypted"`
	// Indicates whether this service provider expects a signed Assertion.
	WantAssertionsSigned pulumi.BoolPtrOutput `pulumi:"wantAssertionsSigned"`
	// The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.
	XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrOutput `pulumi:"xmlSignKeyInfoKeyNameTransformer"`
}

Allows for creating and managing SAML Identity Providers within Keycloak.

SAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewIdentityProvider(ctx, "realm_saml_identity_provider", &saml.IdentityProviderArgs{
			Realm:                   realm.ID(),
			Alias:                   pulumi.String("my-saml-idp"),
			EntityId:                pulumi.String("https://domain.com/entity_id"),
			SingleSignOnServiceUrl:  pulumi.String("https://domain.com/adfs/ls/"),
			SingleLogoutServiceUrl:  pulumi.String("https://domain.com/adfs/ls/?wa=wsignout1.0"),
			BackchannelSupported:    pulumi.Bool(true),
			PostBindingResponse:     pulumi.Bool(true),
			PostBindingLogout:       pulumi.Bool(true),
			PostBindingAuthnRequest: pulumi.Bool(true),
			StoreToken:              pulumi.Bool(false),
			TrustEmail:              pulumi.Bool(true),
			ForceAuthn:              pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.

Example:

bash

```sh $ pulumi import keycloak:saml/identityProvider:IdentityProvider realm_saml_identity_provider my-realm/my-saml-idp ```

func GetIdentityProvider

func GetIdentityProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IdentityProviderState, opts ...pulumi.ResourceOption) (*IdentityProvider, error)

GetIdentityProvider gets an existing IdentityProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIdentityProvider

func NewIdentityProvider(ctx *pulumi.Context,
	name string, args *IdentityProviderArgs, opts ...pulumi.ResourceOption) (*IdentityProvider, error)

NewIdentityProvider registers a new resource with the given unique name, arguments, and options.

func (*IdentityProvider) ElementType

func (*IdentityProvider) ElementType() reflect.Type

func (*IdentityProvider) ToIdentityProviderOutput

func (i *IdentityProvider) ToIdentityProviderOutput() IdentityProviderOutput

func (*IdentityProvider) ToIdentityProviderOutputWithContext

func (i *IdentityProvider) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput

type IdentityProviderArgs

type IdentityProviderArgs struct {
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrInput
	// The unique name of identity provider.
	Alias pulumi.StringInput
	// Authenticate users by default. Defaults to `false`.
	AuthenticateByDefault pulumi.BoolPtrInput
	// Ordered list of requested AuthnContext ClassRefs.
	AuthnContextClassRefs pulumi.StringArrayInput
	// Specifies the comparison method used to evaluate the requested context classes or statements.
	AuthnContextComparisonType pulumi.StringPtrInput
	// Ordered list of requested AuthnContext DeclRefs.
	AuthnContextDeclRefs pulumi.StringArrayInput
	// Does the external IDP support backchannel logout?. Defaults to `false`.
	BackchannelSupported pulumi.BoolPtrInput
	// The display name for the realm that is shown when logging in to the admin console.
	DisplayName pulumi.StringPtrInput
	// When `false`, users and clients will not be able to access this realm. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The Entity ID that will be used to uniquely identify this SAML Service Provider.
	EntityId    pulumi.StringInput
	ExtraConfig pulumi.StringMapInput
	// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrInput
	// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
	ForceAuthn pulumi.BoolPtrInput
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrInput
	// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
	HideOnLoginPage pulumi.BoolPtrInput
	// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrInput
	// Login Hint.
	LoginHint pulumi.StringPtrInput
	// Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
	NameIdPolicyFormat pulumi.StringPtrInput
	// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingAuthnRequest pulumi.BoolPtrInput
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingLogout pulumi.BoolPtrInput
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
	PostBindingResponse pulumi.BoolPtrInput
	// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
	PostBrokerLoginFlowAlias pulumi.StringPtrInput
	// The principal attribute.
	PrincipalAttribute pulumi.StringPtrInput
	// The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.
	PrincipalType pulumi.StringPtrInput
	// The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrInput
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringInput
	// Signing Algorithm. Defaults to empty.
	SignatureAlgorithm pulumi.StringPtrInput
	// Signing Certificate.
	SigningCertificate pulumi.StringPtrInput
	// The Url that must be used to send logout requests.
	SingleLogoutServiceUrl pulumi.StringPtrInput
	// The Url that must be used to send authentication requests (SAML AuthnRequest).
	SingleSignOnServiceUrl pulumi.StringInput
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrInput
	// The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrInput
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrInput
	// Enable/disable signature validation of SAML responses.
	ValidateSignature pulumi.BoolPtrInput
	// Indicates whether this service provider expects an encrypted Assertion.
	WantAssertionsEncrypted pulumi.BoolPtrInput
	// Indicates whether this service provider expects a signed Assertion.
	WantAssertionsSigned pulumi.BoolPtrInput
	// The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.
	XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrInput
}

The set of arguments for constructing a IdentityProvider resource.

func (IdentityProviderArgs) ElementType

func (IdentityProviderArgs) ElementType() reflect.Type

type IdentityProviderArray

type IdentityProviderArray []IdentityProviderInput

func (IdentityProviderArray) ElementType

func (IdentityProviderArray) ElementType() reflect.Type

func (IdentityProviderArray) ToIdentityProviderArrayOutput

func (i IdentityProviderArray) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput

func (IdentityProviderArray) ToIdentityProviderArrayOutputWithContext

func (i IdentityProviderArray) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput

type IdentityProviderArrayInput

type IdentityProviderArrayInput interface {
	pulumi.Input

	ToIdentityProviderArrayOutput() IdentityProviderArrayOutput
	ToIdentityProviderArrayOutputWithContext(context.Context) IdentityProviderArrayOutput
}

IdentityProviderArrayInput is an input type that accepts IdentityProviderArray and IdentityProviderArrayOutput values. You can construct a concrete instance of `IdentityProviderArrayInput` via:

IdentityProviderArray{ IdentityProviderArgs{...} }

type IdentityProviderArrayOutput

type IdentityProviderArrayOutput struct{ *pulumi.OutputState }

func (IdentityProviderArrayOutput) ElementType

func (IdentityProviderArrayOutput) Index

func (IdentityProviderArrayOutput) ToIdentityProviderArrayOutput

func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput

func (IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext

func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput

type IdentityProviderInput

type IdentityProviderInput interface {
	pulumi.Input

	ToIdentityProviderOutput() IdentityProviderOutput
	ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput
}

type IdentityProviderMap

type IdentityProviderMap map[string]IdentityProviderInput

func (IdentityProviderMap) ElementType

func (IdentityProviderMap) ElementType() reflect.Type

func (IdentityProviderMap) ToIdentityProviderMapOutput

func (i IdentityProviderMap) ToIdentityProviderMapOutput() IdentityProviderMapOutput

func (IdentityProviderMap) ToIdentityProviderMapOutputWithContext

func (i IdentityProviderMap) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput

type IdentityProviderMapInput

type IdentityProviderMapInput interface {
	pulumi.Input

	ToIdentityProviderMapOutput() IdentityProviderMapOutput
	ToIdentityProviderMapOutputWithContext(context.Context) IdentityProviderMapOutput
}

IdentityProviderMapInput is an input type that accepts IdentityProviderMap and IdentityProviderMapOutput values. You can construct a concrete instance of `IdentityProviderMapInput` via:

IdentityProviderMap{ "key": IdentityProviderArgs{...} }

type IdentityProviderMapOutput

type IdentityProviderMapOutput struct{ *pulumi.OutputState }

func (IdentityProviderMapOutput) ElementType

func (IdentityProviderMapOutput) ElementType() reflect.Type

func (IdentityProviderMapOutput) MapIndex

func (IdentityProviderMapOutput) ToIdentityProviderMapOutput

func (o IdentityProviderMapOutput) ToIdentityProviderMapOutput() IdentityProviderMapOutput

func (IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext

func (o IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput

type IdentityProviderOutput

type IdentityProviderOutput struct{ *pulumi.OutputState }

func (IdentityProviderOutput) AddReadTokenRoleOnCreate

func (o IdentityProviderOutput) AddReadTokenRoleOnCreate() pulumi.BoolPtrOutput

When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.

func (IdentityProviderOutput) Alias

The unique name of identity provider.

func (IdentityProviderOutput) AuthenticateByDefault

func (o IdentityProviderOutput) AuthenticateByDefault() pulumi.BoolPtrOutput

Authenticate users by default. Defaults to `false`.

func (IdentityProviderOutput) AuthnContextClassRefs

func (o IdentityProviderOutput) AuthnContextClassRefs() pulumi.StringArrayOutput

Ordered list of requested AuthnContext ClassRefs.

func (IdentityProviderOutput) AuthnContextComparisonType

func (o IdentityProviderOutput) AuthnContextComparisonType() pulumi.StringPtrOutput

Specifies the comparison method used to evaluate the requested context classes or statements.

func (IdentityProviderOutput) AuthnContextDeclRefs

func (o IdentityProviderOutput) AuthnContextDeclRefs() pulumi.StringArrayOutput

Ordered list of requested AuthnContext DeclRefs.

func (IdentityProviderOutput) BackchannelSupported

func (o IdentityProviderOutput) BackchannelSupported() pulumi.BoolPtrOutput

Does the external IDP support backchannel logout?. Defaults to `false`.

func (IdentityProviderOutput) DisplayName

The display name for the realm that is shown when logging in to the admin console.

func (IdentityProviderOutput) ElementType

func (IdentityProviderOutput) ElementType() reflect.Type

func (IdentityProviderOutput) Enabled

When `false`, users and clients will not be able to access this realm. Defaults to `true`.

func (IdentityProviderOutput) EntityId

The Entity ID that will be used to uniquely identify this SAML Service Provider.

func (IdentityProviderOutput) ExtraConfig

func (IdentityProviderOutput) FirstBrokerLoginFlowAlias

func (o IdentityProviderOutput) FirstBrokerLoginFlowAlias() pulumi.StringPtrOutput

Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.

func (IdentityProviderOutput) ForceAuthn

Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.

func (IdentityProviderOutput) GuiOrder

A number defining the order of this identity provider in the GUI.

func (IdentityProviderOutput) HideOnLoginPage

func (o IdentityProviderOutput) HideOnLoginPage() pulumi.BoolPtrOutput

If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.

func (IdentityProviderOutput) InternalId

Internal Identity Provider Id

func (IdentityProviderOutput) LinkOnly

When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.

func (IdentityProviderOutput) LoginHint added in v5.2.0

Login Hint.

func (IdentityProviderOutput) NameIdPolicyFormat

func (o IdentityProviderOutput) NameIdPolicyFormat() pulumi.StringPtrOutput

Specifies the URI reference corresponding to a name identifier format. Defaults to empty.

func (IdentityProviderOutput) PostBindingAuthnRequest

func (o IdentityProviderOutput) PostBindingAuthnRequest() pulumi.BoolPtrOutput

Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.

func (IdentityProviderOutput) PostBindingLogout

func (o IdentityProviderOutput) PostBindingLogout() pulumi.BoolPtrOutput

Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.

func (IdentityProviderOutput) PostBindingResponse

func (o IdentityProviderOutput) PostBindingResponse() pulumi.BoolPtrOutput

Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..

func (IdentityProviderOutput) PostBrokerLoginFlowAlias

func (o IdentityProviderOutput) PostBrokerLoginFlowAlias() pulumi.StringPtrOutput

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.

func (IdentityProviderOutput) PrincipalAttribute

func (o IdentityProviderOutput) PrincipalAttribute() pulumi.StringPtrOutput

The principal attribute.

func (IdentityProviderOutput) PrincipalType

func (o IdentityProviderOutput) PrincipalType() pulumi.StringPtrOutput

The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.

func (IdentityProviderOutput) ProviderId

The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.

func (IdentityProviderOutput) Realm

The name of the realm. This is unique across Keycloak.

func (IdentityProviderOutput) SignatureAlgorithm

func (o IdentityProviderOutput) SignatureAlgorithm() pulumi.StringPtrOutput

Signing Algorithm. Defaults to empty.

func (IdentityProviderOutput) SigningCertificate

func (o IdentityProviderOutput) SigningCertificate() pulumi.StringPtrOutput

Signing Certificate.

func (IdentityProviderOutput) SingleLogoutServiceUrl

func (o IdentityProviderOutput) SingleLogoutServiceUrl() pulumi.StringPtrOutput

The Url that must be used to send logout requests.

func (IdentityProviderOutput) SingleSignOnServiceUrl

func (o IdentityProviderOutput) SingleSignOnServiceUrl() pulumi.StringOutput

The Url that must be used to send authentication requests (SAML AuthnRequest).

func (IdentityProviderOutput) StoreToken

When `true`, tokens will be stored after authenticating users. Defaults to `true`.

func (IdentityProviderOutput) SyncMode

The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.

func (IdentityProviderOutput) ToIdentityProviderOutput

func (o IdentityProviderOutput) ToIdentityProviderOutput() IdentityProviderOutput

func (IdentityProviderOutput) ToIdentityProviderOutputWithContext

func (o IdentityProviderOutput) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput

func (IdentityProviderOutput) TrustEmail

When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.

func (IdentityProviderOutput) ValidateSignature

func (o IdentityProviderOutput) ValidateSignature() pulumi.BoolPtrOutput

Enable/disable signature validation of SAML responses.

func (IdentityProviderOutput) WantAssertionsEncrypted

func (o IdentityProviderOutput) WantAssertionsEncrypted() pulumi.BoolPtrOutput

Indicates whether this service provider expects an encrypted Assertion.

func (IdentityProviderOutput) WantAssertionsSigned

func (o IdentityProviderOutput) WantAssertionsSigned() pulumi.BoolPtrOutput

Indicates whether this service provider expects a signed Assertion.

func (IdentityProviderOutput) XmlSignKeyInfoKeyNameTransformer

func (o IdentityProviderOutput) XmlSignKeyInfoKeyNameTransformer() pulumi.StringPtrOutput

The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.

type IdentityProviderState

type IdentityProviderState struct {
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrInput
	// The unique name of identity provider.
	Alias pulumi.StringPtrInput
	// Authenticate users by default. Defaults to `false`.
	AuthenticateByDefault pulumi.BoolPtrInput
	// Ordered list of requested AuthnContext ClassRefs.
	AuthnContextClassRefs pulumi.StringArrayInput
	// Specifies the comparison method used to evaluate the requested context classes or statements.
	AuthnContextComparisonType pulumi.StringPtrInput
	// Ordered list of requested AuthnContext DeclRefs.
	AuthnContextDeclRefs pulumi.StringArrayInput
	// Does the external IDP support backchannel logout?. Defaults to `false`.
	BackchannelSupported pulumi.BoolPtrInput
	// The display name for the realm that is shown when logging in to the admin console.
	DisplayName pulumi.StringPtrInput
	// When `false`, users and clients will not be able to access this realm. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The Entity ID that will be used to uniquely identify this SAML Service Provider.
	EntityId    pulumi.StringPtrInput
	ExtraConfig pulumi.StringMapInput
	// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrInput
	// Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
	ForceAuthn pulumi.BoolPtrInput
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrInput
	// If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.
	HideOnLoginPage pulumi.BoolPtrInput
	// Internal Identity Provider Id
	InternalId pulumi.StringPtrInput
	// When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrInput
	// Login Hint.
	LoginHint pulumi.StringPtrInput
	// Specifies the URI reference corresponding to a name identifier format. Defaults to empty.
	NameIdPolicyFormat pulumi.StringPtrInput
	// Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingAuthnRequest pulumi.BoolPtrInput
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.
	PostBindingLogout pulumi.BoolPtrInput
	// Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..
	PostBindingResponse pulumi.BoolPtrInput
	// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.
	PostBrokerLoginFlowAlias pulumi.StringPtrInput
	// The principal attribute.
	PrincipalAttribute pulumi.StringPtrInput
	// The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.
	PrincipalType pulumi.StringPtrInput
	// The ID of the identity provider to use. Defaults to `saml`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrInput
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringPtrInput
	// Signing Algorithm. Defaults to empty.
	SignatureAlgorithm pulumi.StringPtrInput
	// Signing Certificate.
	SigningCertificate pulumi.StringPtrInput
	// The Url that must be used to send logout requests.
	SingleLogoutServiceUrl pulumi.StringPtrInput
	// The Url that must be used to send authentication requests (SAML AuthnRequest).
	SingleSignOnServiceUrl pulumi.StringPtrInput
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrInput
	// The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrInput
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrInput
	// Enable/disable signature validation of SAML responses.
	ValidateSignature pulumi.BoolPtrInput
	// Indicates whether this service provider expects an encrypted Assertion.
	WantAssertionsEncrypted pulumi.BoolPtrInput
	// Indicates whether this service provider expects a signed Assertion.
	WantAssertionsSigned pulumi.BoolPtrInput
	// The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.
	XmlSignKeyInfoKeyNameTransformer pulumi.StringPtrInput
}

func (IdentityProviderState) ElementType

func (IdentityProviderState) ElementType() reflect.Type

type LookupClientArgs

type LookupClientArgs struct {
	// The client id (not its unique ID).
	ClientId string `pulumi:"clientId"`
	// The realm id.
	RealmId string `pulumi:"realmId"`
}

A collection of arguments for invoking getClient.

type LookupClientOutputArgs

type LookupClientOutputArgs struct {
	// The client id (not its unique ID).
	ClientId pulumi.StringInput `pulumi:"clientId"`
	// The realm id.
	RealmId pulumi.StringInput `pulumi:"realmId"`
}

A collection of arguments for invoking getClient.

func (LookupClientOutputArgs) ElementType

func (LookupClientOutputArgs) ElementType() reflect.Type

type LookupClientResult

type LookupClientResult struct {
	AssertionConsumerPostUrl           string                                       `pulumi:"assertionConsumerPostUrl"`
	AssertionConsumerRedirectUrl       string                                       `pulumi:"assertionConsumerRedirectUrl"`
	AuthenticationFlowBindingOverrides []GetClientAuthenticationFlowBindingOverride `pulumi:"authenticationFlowBindingOverrides"`
	BaseUrl                            string                                       `pulumi:"baseUrl"`
	CanonicalizationMethod             string                                       `pulumi:"canonicalizationMethod"`
	ClientId                           string                                       `pulumi:"clientId"`
	ClientSignatureRequired            bool                                         `pulumi:"clientSignatureRequired"`
	Description                        string                                       `pulumi:"description"`
	Enabled                            bool                                         `pulumi:"enabled"`
	EncryptAssertions                  bool                                         `pulumi:"encryptAssertions"`
	EncryptionCertificate              string                                       `pulumi:"encryptionCertificate"`
	EncryptionCertificateSha1          string                                       `pulumi:"encryptionCertificateSha1"`
	ExtraConfig                        map[string]string                            `pulumi:"extraConfig"`
	ForceNameIdFormat                  bool                                         `pulumi:"forceNameIdFormat"`
	ForcePostBinding                   bool                                         `pulumi:"forcePostBinding"`
	FrontChannelLogout                 bool                                         `pulumi:"frontChannelLogout"`
	FullScopeAllowed                   bool                                         `pulumi:"fullScopeAllowed"`
	// The provider-assigned unique ID for this managed resource.
	Id                              string   `pulumi:"id"`
	IdpInitiatedSsoRelayState       string   `pulumi:"idpInitiatedSsoRelayState"`
	IdpInitiatedSsoUrlName          string   `pulumi:"idpInitiatedSsoUrlName"`
	IncludeAuthnStatement           bool     `pulumi:"includeAuthnStatement"`
	LoginTheme                      string   `pulumi:"loginTheme"`
	LogoutServicePostBindingUrl     string   `pulumi:"logoutServicePostBindingUrl"`
	LogoutServiceRedirectBindingUrl string   `pulumi:"logoutServiceRedirectBindingUrl"`
	MasterSamlProcessingUrl         string   `pulumi:"masterSamlProcessingUrl"`
	Name                            string   `pulumi:"name"`
	NameIdFormat                    string   `pulumi:"nameIdFormat"`
	RealmId                         string   `pulumi:"realmId"`
	RootUrl                         string   `pulumi:"rootUrl"`
	SamlSignatureKeyName            string   `pulumi:"samlSignatureKeyName"`
	SignAssertions                  bool     `pulumi:"signAssertions"`
	SignDocuments                   bool     `pulumi:"signDocuments"`
	SignatureAlgorithm              string   `pulumi:"signatureAlgorithm"`
	SignatureKeyName                string   `pulumi:"signatureKeyName"`
	SigningCertificate              string   `pulumi:"signingCertificate"`
	SigningCertificateSha1          string   `pulumi:"signingCertificateSha1"`
	SigningPrivateKey               string   `pulumi:"signingPrivateKey"`
	SigningPrivateKeySha1           string   `pulumi:"signingPrivateKeySha1"`
	ValidRedirectUris               []string `pulumi:"validRedirectUris"`
}

A collection of values returned by getClient.

func LookupClient

func LookupClient(ctx *pulumi.Context, args *LookupClientArgs, opts ...pulumi.InvokeOption) (*LookupClientResult, error)

This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realmManagement, err := saml.LookupClient(ctx, &saml.LookupClientArgs{
			RealmId:  "my-realm",
			ClientId: "realm-management",
		}, nil)
		if err != nil {
			return err
		}
		// use the data source
		_, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{
			RealmId:  "my-realm",
			ClientId: pulumi.StringRef(realmManagement.Id),
			Name:     "realm-admin",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupClientResultOutput

type LookupClientResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getClient.

func (LookupClientResultOutput) AssertionConsumerPostUrl

func (o LookupClientResultOutput) AssertionConsumerPostUrl() pulumi.StringOutput

func (LookupClientResultOutput) AssertionConsumerRedirectUrl

func (o LookupClientResultOutput) AssertionConsumerRedirectUrl() pulumi.StringOutput

func (LookupClientResultOutput) AuthenticationFlowBindingOverrides

func (LookupClientResultOutput) BaseUrl

func (LookupClientResultOutput) CanonicalizationMethod

func (o LookupClientResultOutput) CanonicalizationMethod() pulumi.StringOutput

func (LookupClientResultOutput) ClientId

func (LookupClientResultOutput) ClientSignatureRequired

func (o LookupClientResultOutput) ClientSignatureRequired() pulumi.BoolOutput

func (LookupClientResultOutput) Description

func (LookupClientResultOutput) ElementType

func (LookupClientResultOutput) ElementType() reflect.Type

func (LookupClientResultOutput) Enabled

func (LookupClientResultOutput) EncryptAssertions

func (o LookupClientResultOutput) EncryptAssertions() pulumi.BoolOutput

func (LookupClientResultOutput) EncryptionCertificate

func (o LookupClientResultOutput) EncryptionCertificate() pulumi.StringOutput

func (LookupClientResultOutput) EncryptionCertificateSha1

func (o LookupClientResultOutput) EncryptionCertificateSha1() pulumi.StringOutput

func (LookupClientResultOutput) ExtraConfig

func (LookupClientResultOutput) ForceNameIdFormat

func (o LookupClientResultOutput) ForceNameIdFormat() pulumi.BoolOutput

func (LookupClientResultOutput) ForcePostBinding

func (o LookupClientResultOutput) ForcePostBinding() pulumi.BoolOutput

func (LookupClientResultOutput) FrontChannelLogout

func (o LookupClientResultOutput) FrontChannelLogout() pulumi.BoolOutput

func (LookupClientResultOutput) FullScopeAllowed

func (o LookupClientResultOutput) FullScopeAllowed() pulumi.BoolOutput

func (LookupClientResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupClientResultOutput) IdpInitiatedSsoRelayState

func (o LookupClientResultOutput) IdpInitiatedSsoRelayState() pulumi.StringOutput

func (LookupClientResultOutput) IdpInitiatedSsoUrlName

func (o LookupClientResultOutput) IdpInitiatedSsoUrlName() pulumi.StringOutput

func (LookupClientResultOutput) IncludeAuthnStatement

func (o LookupClientResultOutput) IncludeAuthnStatement() pulumi.BoolOutput

func (LookupClientResultOutput) LoginTheme

func (LookupClientResultOutput) LogoutServicePostBindingUrl

func (o LookupClientResultOutput) LogoutServicePostBindingUrl() pulumi.StringOutput

func (LookupClientResultOutput) LogoutServiceRedirectBindingUrl

func (o LookupClientResultOutput) LogoutServiceRedirectBindingUrl() pulumi.StringOutput

func (LookupClientResultOutput) MasterSamlProcessingUrl

func (o LookupClientResultOutput) MasterSamlProcessingUrl() pulumi.StringOutput

func (LookupClientResultOutput) Name

func (LookupClientResultOutput) NameIdFormat

func (o LookupClientResultOutput) NameIdFormat() pulumi.StringOutput

func (LookupClientResultOutput) RealmId

func (LookupClientResultOutput) RootUrl

func (LookupClientResultOutput) SamlSignatureKeyName

func (o LookupClientResultOutput) SamlSignatureKeyName() pulumi.StringOutput

func (LookupClientResultOutput) SignAssertions

func (o LookupClientResultOutput) SignAssertions() pulumi.BoolOutput

func (LookupClientResultOutput) SignDocuments

func (o LookupClientResultOutput) SignDocuments() pulumi.BoolOutput

func (LookupClientResultOutput) SignatureAlgorithm

func (o LookupClientResultOutput) SignatureAlgorithm() pulumi.StringOutput

func (LookupClientResultOutput) SignatureKeyName

func (o LookupClientResultOutput) SignatureKeyName() pulumi.StringOutput

func (LookupClientResultOutput) SigningCertificate

func (o LookupClientResultOutput) SigningCertificate() pulumi.StringOutput

func (LookupClientResultOutput) SigningCertificateSha1

func (o LookupClientResultOutput) SigningCertificateSha1() pulumi.StringOutput

func (LookupClientResultOutput) SigningPrivateKey

func (o LookupClientResultOutput) SigningPrivateKey() pulumi.StringOutput

func (LookupClientResultOutput) SigningPrivateKeySha1

func (o LookupClientResultOutput) SigningPrivateKeySha1() pulumi.StringOutput

func (LookupClientResultOutput) ToLookupClientResultOutput

func (o LookupClientResultOutput) ToLookupClientResultOutput() LookupClientResultOutput

func (LookupClientResultOutput) ToLookupClientResultOutputWithContext

func (o LookupClientResultOutput) ToLookupClientResultOutputWithContext(ctx context.Context) LookupClientResultOutput

func (LookupClientResultOutput) ValidRedirectUris

func (o LookupClientResultOutput) ValidRedirectUris() pulumi.StringArrayOutput

type ScriptProtocolMapper

type ScriptProtocolMapper struct {
	pulumi.CustomResourceState

	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"`
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"`
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"`
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"`
	// JavaScript code to compute the attribute value.
	Script pulumi.StringOutput `pulumi:"script"`
	// When `true`, all values will be stored under one attribute with multiple attribute values. Defaults to `true`.
	SingleValueAttribute pulumi.BoolPtrOutput `pulumi:"singleValueAttribute"`
}

Allows for creating and managing script protocol mappers for SAML clients within Keycloak.

Script protocol mappers evaluate a JavaScript function to produce an attribute value based on context information.

Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{
			RealmId:  realm.ID(),
			ClientId: pulumi.String("saml-client"),
			Name:     pulumi.String("saml-client"),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewScriptProtocolMapper(ctx, "saml_script_mapper", &saml.ScriptProtocolMapperArgs{
			RealmId:                 realm.ID(),
			ClientId:                samlClient.ID(),
			Name:                    pulumi.String("script-mapper"),
			Script:                  pulumi.String("exports = 'foo';"),
			SamlAttributeName:       pulumi.String("displayName"),
			SamlAttributeNameFormat: pulumi.String("Unspecified"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Protocol mappers can be imported using one of the following formats:

- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`

- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`

Example:

bash

```sh $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 ```

```sh $ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 ```

func GetScriptProtocolMapper

func GetScriptProtocolMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ScriptProtocolMapperState, opts ...pulumi.ResourceOption) (*ScriptProtocolMapper, error)

GetScriptProtocolMapper gets an existing ScriptProtocolMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewScriptProtocolMapper

func NewScriptProtocolMapper(ctx *pulumi.Context,
	name string, args *ScriptProtocolMapperArgs, opts ...pulumi.ResourceOption) (*ScriptProtocolMapper, error)

NewScriptProtocolMapper registers a new resource with the given unique name, arguments, and options.

func (*ScriptProtocolMapper) ElementType

func (*ScriptProtocolMapper) ElementType() reflect.Type

func (*ScriptProtocolMapper) ToScriptProtocolMapperOutput

func (i *ScriptProtocolMapper) ToScriptProtocolMapperOutput() ScriptProtocolMapperOutput

func (*ScriptProtocolMapper) ToScriptProtocolMapperOutputWithContext

func (i *ScriptProtocolMapper) ToScriptProtocolMapperOutputWithContext(ctx context.Context) ScriptProtocolMapperOutput

type ScriptProtocolMapperArgs

type ScriptProtocolMapperArgs struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringInput
	// JavaScript code to compute the attribute value.
	Script pulumi.StringInput
	// When `true`, all values will be stored under one attribute with multiple attribute values. Defaults to `true`.
	SingleValueAttribute pulumi.BoolPtrInput
}

The set of arguments for constructing a ScriptProtocolMapper resource.

func (ScriptProtocolMapperArgs) ElementType

func (ScriptProtocolMapperArgs) ElementType() reflect.Type

type ScriptProtocolMapperArray

type ScriptProtocolMapperArray []ScriptProtocolMapperInput

func (ScriptProtocolMapperArray) ElementType

func (ScriptProtocolMapperArray) ElementType() reflect.Type

func (ScriptProtocolMapperArray) ToScriptProtocolMapperArrayOutput

func (i ScriptProtocolMapperArray) ToScriptProtocolMapperArrayOutput() ScriptProtocolMapperArrayOutput

func (ScriptProtocolMapperArray) ToScriptProtocolMapperArrayOutputWithContext

func (i ScriptProtocolMapperArray) ToScriptProtocolMapperArrayOutputWithContext(ctx context.Context) ScriptProtocolMapperArrayOutput

type ScriptProtocolMapperArrayInput

type ScriptProtocolMapperArrayInput interface {
	pulumi.Input

	ToScriptProtocolMapperArrayOutput() ScriptProtocolMapperArrayOutput
	ToScriptProtocolMapperArrayOutputWithContext(context.Context) ScriptProtocolMapperArrayOutput
}

ScriptProtocolMapperArrayInput is an input type that accepts ScriptProtocolMapperArray and ScriptProtocolMapperArrayOutput values. You can construct a concrete instance of `ScriptProtocolMapperArrayInput` via:

ScriptProtocolMapperArray{ ScriptProtocolMapperArgs{...} }

type ScriptProtocolMapperArrayOutput

type ScriptProtocolMapperArrayOutput struct{ *pulumi.OutputState }

func (ScriptProtocolMapperArrayOutput) ElementType

func (ScriptProtocolMapperArrayOutput) Index

func (ScriptProtocolMapperArrayOutput) ToScriptProtocolMapperArrayOutput

func (o ScriptProtocolMapperArrayOutput) ToScriptProtocolMapperArrayOutput() ScriptProtocolMapperArrayOutput

func (ScriptProtocolMapperArrayOutput) ToScriptProtocolMapperArrayOutputWithContext

func (o ScriptProtocolMapperArrayOutput) ToScriptProtocolMapperArrayOutputWithContext(ctx context.Context) ScriptProtocolMapperArrayOutput

type ScriptProtocolMapperInput

type ScriptProtocolMapperInput interface {
	pulumi.Input

	ToScriptProtocolMapperOutput() ScriptProtocolMapperOutput
	ToScriptProtocolMapperOutputWithContext(ctx context.Context) ScriptProtocolMapperOutput
}

type ScriptProtocolMapperMap

type ScriptProtocolMapperMap map[string]ScriptProtocolMapperInput

func (ScriptProtocolMapperMap) ElementType

func (ScriptProtocolMapperMap) ElementType() reflect.Type

func (ScriptProtocolMapperMap) ToScriptProtocolMapperMapOutput

func (i ScriptProtocolMapperMap) ToScriptProtocolMapperMapOutput() ScriptProtocolMapperMapOutput

func (ScriptProtocolMapperMap) ToScriptProtocolMapperMapOutputWithContext

func (i ScriptProtocolMapperMap) ToScriptProtocolMapperMapOutputWithContext(ctx context.Context) ScriptProtocolMapperMapOutput

type ScriptProtocolMapperMapInput

type ScriptProtocolMapperMapInput interface {
	pulumi.Input

	ToScriptProtocolMapperMapOutput() ScriptProtocolMapperMapOutput
	ToScriptProtocolMapperMapOutputWithContext(context.Context) ScriptProtocolMapperMapOutput
}

ScriptProtocolMapperMapInput is an input type that accepts ScriptProtocolMapperMap and ScriptProtocolMapperMapOutput values. You can construct a concrete instance of `ScriptProtocolMapperMapInput` via:

ScriptProtocolMapperMap{ "key": ScriptProtocolMapperArgs{...} }

type ScriptProtocolMapperMapOutput

type ScriptProtocolMapperMapOutput struct{ *pulumi.OutputState }

func (ScriptProtocolMapperMapOutput) ElementType

func (ScriptProtocolMapperMapOutput) MapIndex

func (ScriptProtocolMapperMapOutput) ToScriptProtocolMapperMapOutput

func (o ScriptProtocolMapperMapOutput) ToScriptProtocolMapperMapOutput() ScriptProtocolMapperMapOutput

func (ScriptProtocolMapperMapOutput) ToScriptProtocolMapperMapOutputWithContext

func (o ScriptProtocolMapperMapOutput) ToScriptProtocolMapperMapOutputWithContext(ctx context.Context) ScriptProtocolMapperMapOutput

type ScriptProtocolMapperOutput

type ScriptProtocolMapperOutput struct{ *pulumi.OutputState }

func (ScriptProtocolMapperOutput) ClientId

The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.

func (ScriptProtocolMapperOutput) ClientScopeId

The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.

func (ScriptProtocolMapperOutput) ElementType

func (ScriptProtocolMapperOutput) ElementType() reflect.Type

func (ScriptProtocolMapperOutput) FriendlyName

An optional human-friendly name for this attribute.

func (ScriptProtocolMapperOutput) Name

The display name of this protocol mapper in the GUI.

func (ScriptProtocolMapperOutput) RealmId

The realm this protocol mapper exists within.

func (ScriptProtocolMapperOutput) SamlAttributeName

func (o ScriptProtocolMapperOutput) SamlAttributeName() pulumi.StringOutput

The name of the SAML attribute.

func (ScriptProtocolMapperOutput) SamlAttributeNameFormat

func (o ScriptProtocolMapperOutput) SamlAttributeNameFormat() pulumi.StringOutput

The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.

func (ScriptProtocolMapperOutput) Script

JavaScript code to compute the attribute value.

func (ScriptProtocolMapperOutput) SingleValueAttribute

func (o ScriptProtocolMapperOutput) SingleValueAttribute() pulumi.BoolPtrOutput

When `true`, all values will be stored under one attribute with multiple attribute values. Defaults to `true`.

func (ScriptProtocolMapperOutput) ToScriptProtocolMapperOutput

func (o ScriptProtocolMapperOutput) ToScriptProtocolMapperOutput() ScriptProtocolMapperOutput

func (ScriptProtocolMapperOutput) ToScriptProtocolMapperOutputWithContext

func (o ScriptProtocolMapperOutput) ToScriptProtocolMapperOutputWithContext(ctx context.Context) ScriptProtocolMapperOutput

type ScriptProtocolMapperState

type ScriptProtocolMapperState struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringPtrInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringPtrInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringPtrInput
	// JavaScript code to compute the attribute value.
	Script pulumi.StringPtrInput
	// When `true`, all values will be stored under one attribute with multiple attribute values. Defaults to `true`.
	SingleValueAttribute pulumi.BoolPtrInput
}

func (ScriptProtocolMapperState) ElementType

func (ScriptProtocolMapperState) ElementType() reflect.Type

type UserAttributeProtocolMapper

type UserAttributeProtocolMapper struct {
	pulumi.CustomResourceState

	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"`
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"`
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"`
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"`
	// The custom user attribute to map.
	UserAttribute pulumi.StringOutput `pulumi:"userAttribute"`
}

Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak.

SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute in a SAML assertion.

Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{
			RealmId:  realm.ID(),
			ClientId: pulumi.String("saml-client"),
			Name:     pulumi.String("saml-client"),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewUserAttributeProtocolMapper(ctx, "saml_user_attribute_mapper", &saml.UserAttributeProtocolMapperArgs{
			RealmId:                 realm.ID(),
			ClientId:                samlClient.ID(),
			Name:                    pulumi.String("displayname-user-attribute-mapper"),
			UserAttribute:           pulumi.String("displayName"),
			SamlAttributeName:       pulumi.String("displayName"),
			SamlAttributeNameFormat: pulumi.String("Unspecified"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Protocol mappers can be imported using one of the following formats:

- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`

- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`

Example:

bash

```sh $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 ```

```sh $ pulumi import keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 ```

func GetUserAttributeProtocolMapper

func GetUserAttributeProtocolMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserAttributeProtocolMapperState, opts ...pulumi.ResourceOption) (*UserAttributeProtocolMapper, error)

GetUserAttributeProtocolMapper gets an existing UserAttributeProtocolMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserAttributeProtocolMapper

func NewUserAttributeProtocolMapper(ctx *pulumi.Context,
	name string, args *UserAttributeProtocolMapperArgs, opts ...pulumi.ResourceOption) (*UserAttributeProtocolMapper, error)

NewUserAttributeProtocolMapper registers a new resource with the given unique name, arguments, and options.

func (*UserAttributeProtocolMapper) ElementType

func (*UserAttributeProtocolMapper) ElementType() reflect.Type

func (*UserAttributeProtocolMapper) ToUserAttributeProtocolMapperOutput

func (i *UserAttributeProtocolMapper) ToUserAttributeProtocolMapperOutput() UserAttributeProtocolMapperOutput

func (*UserAttributeProtocolMapper) ToUserAttributeProtocolMapperOutputWithContext

func (i *UserAttributeProtocolMapper) ToUserAttributeProtocolMapperOutputWithContext(ctx context.Context) UserAttributeProtocolMapperOutput

type UserAttributeProtocolMapperArgs

type UserAttributeProtocolMapperArgs struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringInput
	// The custom user attribute to map.
	UserAttribute pulumi.StringInput
}

The set of arguments for constructing a UserAttributeProtocolMapper resource.

func (UserAttributeProtocolMapperArgs) ElementType

type UserAttributeProtocolMapperArray

type UserAttributeProtocolMapperArray []UserAttributeProtocolMapperInput

func (UserAttributeProtocolMapperArray) ElementType

func (UserAttributeProtocolMapperArray) ToUserAttributeProtocolMapperArrayOutput

func (i UserAttributeProtocolMapperArray) ToUserAttributeProtocolMapperArrayOutput() UserAttributeProtocolMapperArrayOutput

func (UserAttributeProtocolMapperArray) ToUserAttributeProtocolMapperArrayOutputWithContext

func (i UserAttributeProtocolMapperArray) ToUserAttributeProtocolMapperArrayOutputWithContext(ctx context.Context) UserAttributeProtocolMapperArrayOutput

type UserAttributeProtocolMapperArrayInput

type UserAttributeProtocolMapperArrayInput interface {
	pulumi.Input

	ToUserAttributeProtocolMapperArrayOutput() UserAttributeProtocolMapperArrayOutput
	ToUserAttributeProtocolMapperArrayOutputWithContext(context.Context) UserAttributeProtocolMapperArrayOutput
}

UserAttributeProtocolMapperArrayInput is an input type that accepts UserAttributeProtocolMapperArray and UserAttributeProtocolMapperArrayOutput values. You can construct a concrete instance of `UserAttributeProtocolMapperArrayInput` via:

UserAttributeProtocolMapperArray{ UserAttributeProtocolMapperArgs{...} }

type UserAttributeProtocolMapperArrayOutput

type UserAttributeProtocolMapperArrayOutput struct{ *pulumi.OutputState }

func (UserAttributeProtocolMapperArrayOutput) ElementType

func (UserAttributeProtocolMapperArrayOutput) Index

func (UserAttributeProtocolMapperArrayOutput) ToUserAttributeProtocolMapperArrayOutput

func (o UserAttributeProtocolMapperArrayOutput) ToUserAttributeProtocolMapperArrayOutput() UserAttributeProtocolMapperArrayOutput

func (UserAttributeProtocolMapperArrayOutput) ToUserAttributeProtocolMapperArrayOutputWithContext

func (o UserAttributeProtocolMapperArrayOutput) ToUserAttributeProtocolMapperArrayOutputWithContext(ctx context.Context) UserAttributeProtocolMapperArrayOutput

type UserAttributeProtocolMapperInput

type UserAttributeProtocolMapperInput interface {
	pulumi.Input

	ToUserAttributeProtocolMapperOutput() UserAttributeProtocolMapperOutput
	ToUserAttributeProtocolMapperOutputWithContext(ctx context.Context) UserAttributeProtocolMapperOutput
}

type UserAttributeProtocolMapperMap

type UserAttributeProtocolMapperMap map[string]UserAttributeProtocolMapperInput

func (UserAttributeProtocolMapperMap) ElementType

func (UserAttributeProtocolMapperMap) ToUserAttributeProtocolMapperMapOutput

func (i UserAttributeProtocolMapperMap) ToUserAttributeProtocolMapperMapOutput() UserAttributeProtocolMapperMapOutput

func (UserAttributeProtocolMapperMap) ToUserAttributeProtocolMapperMapOutputWithContext

func (i UserAttributeProtocolMapperMap) ToUserAttributeProtocolMapperMapOutputWithContext(ctx context.Context) UserAttributeProtocolMapperMapOutput

type UserAttributeProtocolMapperMapInput

type UserAttributeProtocolMapperMapInput interface {
	pulumi.Input

	ToUserAttributeProtocolMapperMapOutput() UserAttributeProtocolMapperMapOutput
	ToUserAttributeProtocolMapperMapOutputWithContext(context.Context) UserAttributeProtocolMapperMapOutput
}

UserAttributeProtocolMapperMapInput is an input type that accepts UserAttributeProtocolMapperMap and UserAttributeProtocolMapperMapOutput values. You can construct a concrete instance of `UserAttributeProtocolMapperMapInput` via:

UserAttributeProtocolMapperMap{ "key": UserAttributeProtocolMapperArgs{...} }

type UserAttributeProtocolMapperMapOutput

type UserAttributeProtocolMapperMapOutput struct{ *pulumi.OutputState }

func (UserAttributeProtocolMapperMapOutput) ElementType

func (UserAttributeProtocolMapperMapOutput) MapIndex

func (UserAttributeProtocolMapperMapOutput) ToUserAttributeProtocolMapperMapOutput

func (o UserAttributeProtocolMapperMapOutput) ToUserAttributeProtocolMapperMapOutput() UserAttributeProtocolMapperMapOutput

func (UserAttributeProtocolMapperMapOutput) ToUserAttributeProtocolMapperMapOutputWithContext

func (o UserAttributeProtocolMapperMapOutput) ToUserAttributeProtocolMapperMapOutputWithContext(ctx context.Context) UserAttributeProtocolMapperMapOutput

type UserAttributeProtocolMapperOutput

type UserAttributeProtocolMapperOutput struct{ *pulumi.OutputState }

func (UserAttributeProtocolMapperOutput) ClientId

The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.

func (UserAttributeProtocolMapperOutput) ClientScopeId

The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.

func (UserAttributeProtocolMapperOutput) ElementType

func (UserAttributeProtocolMapperOutput) FriendlyName

An optional human-friendly name for this attribute.

func (UserAttributeProtocolMapperOutput) Name

The display name of this protocol mapper in the GUI.

func (UserAttributeProtocolMapperOutput) RealmId

The realm this protocol mapper exists within.

func (UserAttributeProtocolMapperOutput) SamlAttributeName

The name of the SAML attribute.

func (UserAttributeProtocolMapperOutput) SamlAttributeNameFormat

func (o UserAttributeProtocolMapperOutput) SamlAttributeNameFormat() pulumi.StringOutput

The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.

func (UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutput

func (o UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutput() UserAttributeProtocolMapperOutput

func (UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutputWithContext

func (o UserAttributeProtocolMapperOutput) ToUserAttributeProtocolMapperOutputWithContext(ctx context.Context) UserAttributeProtocolMapperOutput

func (UserAttributeProtocolMapperOutput) UserAttribute

The custom user attribute to map.

type UserAttributeProtocolMapperState

type UserAttributeProtocolMapperState struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringPtrInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringPtrInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringPtrInput
	// The custom user attribute to map.
	UserAttribute pulumi.StringPtrInput
}

func (UserAttributeProtocolMapperState) ElementType

type UserPropertyProtocolMapper

type UserPropertyProtocolMapper struct {
	pulumi.CustomResourceState

	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrOutput `pulumi:"clientScopeId"`
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrOutput `pulumi:"friendlyName"`
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringOutput `pulumi:"samlAttributeName"`
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringOutput `pulumi:"samlAttributeNameFormat"`
	// The property of the Keycloak user model to map.
	UserProperty pulumi.StringOutput `pulumi:"userProperty"`
}

Allows for creating and managing user property protocol mappers for SAML clients within Keycloak.

SAML user property protocol mappers allow you to map properties of the Keycloak user model to an attribute in a SAML assertion.

Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{
			RealmId:  realm.ID(),
			ClientId: pulumi.String("saml-client"),
			Name:     pulumi.String("saml-client"),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewUserPropertyProtocolMapper(ctx, "saml_user_property_mapper", &saml.UserPropertyProtocolMapperArgs{
			RealmId:                 realm.ID(),
			ClientId:                samlClient.ID(),
			Name:                    pulumi.String("email-user-property-mapper"),
			UserProperty:            pulumi.String("email"),
			SamlAttributeName:       pulumi.String("email"),
			SamlAttributeNameFormat: pulumi.String("Unspecified"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Protocol mappers can be imported using one of the following formats:

- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`

- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`

Example:

bash

```sh $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4 ```

```sh $ pulumi import keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4 ```

func GetUserPropertyProtocolMapper

func GetUserPropertyProtocolMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserPropertyProtocolMapperState, opts ...pulumi.ResourceOption) (*UserPropertyProtocolMapper, error)

GetUserPropertyProtocolMapper gets an existing UserPropertyProtocolMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserPropertyProtocolMapper

func NewUserPropertyProtocolMapper(ctx *pulumi.Context,
	name string, args *UserPropertyProtocolMapperArgs, opts ...pulumi.ResourceOption) (*UserPropertyProtocolMapper, error)

NewUserPropertyProtocolMapper registers a new resource with the given unique name, arguments, and options.

func (*UserPropertyProtocolMapper) ElementType

func (*UserPropertyProtocolMapper) ElementType() reflect.Type

func (*UserPropertyProtocolMapper) ToUserPropertyProtocolMapperOutput

func (i *UserPropertyProtocolMapper) ToUserPropertyProtocolMapperOutput() UserPropertyProtocolMapperOutput

func (*UserPropertyProtocolMapper) ToUserPropertyProtocolMapperOutputWithContext

func (i *UserPropertyProtocolMapper) ToUserPropertyProtocolMapperOutputWithContext(ctx context.Context) UserPropertyProtocolMapperOutput

type UserPropertyProtocolMapperArgs

type UserPropertyProtocolMapperArgs struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringInput
	// The property of the Keycloak user model to map.
	UserProperty pulumi.StringInput
}

The set of arguments for constructing a UserPropertyProtocolMapper resource.

func (UserPropertyProtocolMapperArgs) ElementType

type UserPropertyProtocolMapperArray

type UserPropertyProtocolMapperArray []UserPropertyProtocolMapperInput

func (UserPropertyProtocolMapperArray) ElementType

func (UserPropertyProtocolMapperArray) ToUserPropertyProtocolMapperArrayOutput

func (i UserPropertyProtocolMapperArray) ToUserPropertyProtocolMapperArrayOutput() UserPropertyProtocolMapperArrayOutput

func (UserPropertyProtocolMapperArray) ToUserPropertyProtocolMapperArrayOutputWithContext

func (i UserPropertyProtocolMapperArray) ToUserPropertyProtocolMapperArrayOutputWithContext(ctx context.Context) UserPropertyProtocolMapperArrayOutput

type UserPropertyProtocolMapperArrayInput

type UserPropertyProtocolMapperArrayInput interface {
	pulumi.Input

	ToUserPropertyProtocolMapperArrayOutput() UserPropertyProtocolMapperArrayOutput
	ToUserPropertyProtocolMapperArrayOutputWithContext(context.Context) UserPropertyProtocolMapperArrayOutput
}

UserPropertyProtocolMapperArrayInput is an input type that accepts UserPropertyProtocolMapperArray and UserPropertyProtocolMapperArrayOutput values. You can construct a concrete instance of `UserPropertyProtocolMapperArrayInput` via:

UserPropertyProtocolMapperArray{ UserPropertyProtocolMapperArgs{...} }

type UserPropertyProtocolMapperArrayOutput

type UserPropertyProtocolMapperArrayOutput struct{ *pulumi.OutputState }

func (UserPropertyProtocolMapperArrayOutput) ElementType

func (UserPropertyProtocolMapperArrayOutput) Index

func (UserPropertyProtocolMapperArrayOutput) ToUserPropertyProtocolMapperArrayOutput

func (o UserPropertyProtocolMapperArrayOutput) ToUserPropertyProtocolMapperArrayOutput() UserPropertyProtocolMapperArrayOutput

func (UserPropertyProtocolMapperArrayOutput) ToUserPropertyProtocolMapperArrayOutputWithContext

func (o UserPropertyProtocolMapperArrayOutput) ToUserPropertyProtocolMapperArrayOutputWithContext(ctx context.Context) UserPropertyProtocolMapperArrayOutput

type UserPropertyProtocolMapperInput

type UserPropertyProtocolMapperInput interface {
	pulumi.Input

	ToUserPropertyProtocolMapperOutput() UserPropertyProtocolMapperOutput
	ToUserPropertyProtocolMapperOutputWithContext(ctx context.Context) UserPropertyProtocolMapperOutput
}

type UserPropertyProtocolMapperMap

type UserPropertyProtocolMapperMap map[string]UserPropertyProtocolMapperInput

func (UserPropertyProtocolMapperMap) ElementType

func (UserPropertyProtocolMapperMap) ToUserPropertyProtocolMapperMapOutput

func (i UserPropertyProtocolMapperMap) ToUserPropertyProtocolMapperMapOutput() UserPropertyProtocolMapperMapOutput

func (UserPropertyProtocolMapperMap) ToUserPropertyProtocolMapperMapOutputWithContext

func (i UserPropertyProtocolMapperMap) ToUserPropertyProtocolMapperMapOutputWithContext(ctx context.Context) UserPropertyProtocolMapperMapOutput

type UserPropertyProtocolMapperMapInput

type UserPropertyProtocolMapperMapInput interface {
	pulumi.Input

	ToUserPropertyProtocolMapperMapOutput() UserPropertyProtocolMapperMapOutput
	ToUserPropertyProtocolMapperMapOutputWithContext(context.Context) UserPropertyProtocolMapperMapOutput
}

UserPropertyProtocolMapperMapInput is an input type that accepts UserPropertyProtocolMapperMap and UserPropertyProtocolMapperMapOutput values. You can construct a concrete instance of `UserPropertyProtocolMapperMapInput` via:

UserPropertyProtocolMapperMap{ "key": UserPropertyProtocolMapperArgs{...} }

type UserPropertyProtocolMapperMapOutput

type UserPropertyProtocolMapperMapOutput struct{ *pulumi.OutputState }

func (UserPropertyProtocolMapperMapOutput) ElementType

func (UserPropertyProtocolMapperMapOutput) MapIndex

func (UserPropertyProtocolMapperMapOutput) ToUserPropertyProtocolMapperMapOutput

func (o UserPropertyProtocolMapperMapOutput) ToUserPropertyProtocolMapperMapOutput() UserPropertyProtocolMapperMapOutput

func (UserPropertyProtocolMapperMapOutput) ToUserPropertyProtocolMapperMapOutputWithContext

func (o UserPropertyProtocolMapperMapOutput) ToUserPropertyProtocolMapperMapOutputWithContext(ctx context.Context) UserPropertyProtocolMapperMapOutput

type UserPropertyProtocolMapperOutput

type UserPropertyProtocolMapperOutput struct{ *pulumi.OutputState }

func (UserPropertyProtocolMapperOutput) ClientId

The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.

func (UserPropertyProtocolMapperOutput) ClientScopeId

The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.

func (UserPropertyProtocolMapperOutput) ElementType

func (UserPropertyProtocolMapperOutput) FriendlyName

An optional human-friendly name for this attribute.

func (UserPropertyProtocolMapperOutput) Name

The display name of this protocol mapper in the GUI.

func (UserPropertyProtocolMapperOutput) RealmId

The realm this protocol mapper exists within.

func (UserPropertyProtocolMapperOutput) SamlAttributeName

The name of the SAML attribute.

func (UserPropertyProtocolMapperOutput) SamlAttributeNameFormat

func (o UserPropertyProtocolMapperOutput) SamlAttributeNameFormat() pulumi.StringOutput

The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.

func (UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutput

func (o UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutput() UserPropertyProtocolMapperOutput

func (UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutputWithContext

func (o UserPropertyProtocolMapperOutput) ToUserPropertyProtocolMapperOutputWithContext(ctx context.Context) UserPropertyProtocolMapperOutput

func (UserPropertyProtocolMapperOutput) UserProperty

The property of the Keycloak user model to map.

type UserPropertyProtocolMapperState

type UserPropertyProtocolMapperState struct {
	// The client this protocol mapper should be attached to. Conflicts with `clientScopeId`. One of `clientId` or `clientScopeId` must be specified.
	ClientId pulumi.StringPtrInput
	// The client scope this protocol mapper should be attached to. Conflicts with `clientId`. One of `clientId` or `clientScopeId` must be specified.
	ClientScopeId pulumi.StringPtrInput
	// An optional human-friendly name for this attribute.
	FriendlyName pulumi.StringPtrInput
	// The display name of this protocol mapper in the GUI.
	Name pulumi.StringPtrInput
	// The realm this protocol mapper exists within.
	RealmId pulumi.StringPtrInput
	// The name of the SAML attribute.
	SamlAttributeName pulumi.StringPtrInput
	// The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.
	SamlAttributeNameFormat pulumi.StringPtrInput
	// The property of the Keycloak user model to map.
	UserProperty pulumi.StringPtrInput
}

func (UserPropertyProtocolMapperState) ElementType

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL