Oidc

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2020 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type IdentityProvider 

type IdentityProvider struct {
	// contains filtered or unexported fields
}

func GetIdentityProvider 

func GetIdentityProvider(ctx *pulumi.Context,
	name string, id pulumi.ID, state *IdentityProviderState, opts ...pulumi.ResourceOpt) (*IdentityProvider, error)

GetIdentityProvider gets an existing IdentityProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIdentityProvider 

func NewIdentityProvider(ctx *pulumi.Context,
	name string, args *IdentityProviderArgs, opts ...pulumi.ResourceOpt) (*IdentityProvider, error)

NewIdentityProvider registers a new resource with the given unique name, arguments, and options.

func (*IdentityProvider) AddReadTokenRoleOnCreate 

func (r *IdentityProvider) AddReadTokenRoleOnCreate() pulumi.BoolOutput

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

func (*IdentityProvider) Alias 

func (r *IdentityProvider) Alias() pulumi.StringOutput

The alias uniquely identifies an identity provider and it is also used to build the redirect uri.

func (*IdentityProvider) AuthenticateByDefault 

func (r *IdentityProvider) AuthenticateByDefault() pulumi.BoolOutput

Enable/disable authenticate users by default.

func (*IdentityProvider) AuthorizationUrl 

func (r *IdentityProvider) AuthorizationUrl() pulumi.StringOutput

OIDC authorization URL.

func (*IdentityProvider) BackchannelSupported 

func (r *IdentityProvider) BackchannelSupported() pulumi.BoolOutput

Does the external IDP support backchannel logout?

func (*IdentityProvider) ClientId 

func (r *IdentityProvider) ClientId() pulumi.StringOutput

Client ID.

func (*IdentityProvider) ClientSecret 

func (r *IdentityProvider) ClientSecret() pulumi.StringOutput

Client Secret.

func (*IdentityProvider) DisplayName 

func (r *IdentityProvider) DisplayName() pulumi.StringOutput

Friendly name for Identity Providers.

func (*IdentityProvider) Enabled 

func (r *IdentityProvider) Enabled() pulumi.BoolOutput

Enable/disable this identity provider.

func (*IdentityProvider) ExtraConfig 

func (r *IdentityProvider) ExtraConfig() pulumi.MapOutput

func (*IdentityProvider) FirstBrokerLoginFlowAlias 

func (r *IdentityProvider) FirstBrokerLoginFlowAlias() pulumi.StringOutput

Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

func (*IdentityProvider) HideOnLoginPage 

func (r *IdentityProvider) HideOnLoginPage() pulumi.BoolOutput

Hide On Login Page.

func (*IdentityProvider) ID 

func (r *IdentityProvider) ID() pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*IdentityProvider) InternalId 

func (r *IdentityProvider) InternalId() pulumi.StringOutput

Internal Identity Provider Id

func (*IdentityProvider) JwksUrl 

func (r *IdentityProvider) JwksUrl() pulumi.StringOutput

JSON Web Key Set URL

func (*IdentityProvider) LinkOnly 

func (r *IdentityProvider) LinkOnly() pulumi.BoolOutput

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider

func (*IdentityProvider) LoginHint 

func (r *IdentityProvider) LoginHint() pulumi.StringOutput

Login Hint.

func (*IdentityProvider) LogoutUrl 

func (r *IdentityProvider) LogoutUrl() pulumi.StringOutput

Logout URL

func (*IdentityProvider) PostBrokerLoginFlowAlias 

func (r *IdentityProvider) PostBrokerLoginFlowAlias() pulumi.StringOutput

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

func (*IdentityProvider) ProviderId 

func (r *IdentityProvider) ProviderId() pulumi.StringOutput

provider id, is always oidc, unless you have a custom implementation

func (*IdentityProvider) Realm 

func (r *IdentityProvider) Realm() pulumi.StringOutput

Realm Name

func (*IdentityProvider) StoreToken 

func (r *IdentityProvider) StoreToken() pulumi.BoolOutput

Enable/disable if tokens must be stored after authenticating users.

func (*IdentityProvider) TokenUrl 

func (r *IdentityProvider) TokenUrl() pulumi.StringOutput

Token URL.

func (*IdentityProvider) TrustEmail 

func (r *IdentityProvider) TrustEmail() pulumi.BoolOutput

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

func (*IdentityProvider) URN 

func (r *IdentityProvider) URN() pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

func (*IdentityProvider) UiLocales 

func (r *IdentityProvider) UiLocales() pulumi.BoolOutput

Pass current locale to identity provider

func (*IdentityProvider) UserInfoUrl 

func (r *IdentityProvider) UserInfoUrl() pulumi.StringOutput

User Info URL

func (*IdentityProvider) ValidateSignature 

func (r *IdentityProvider) ValidateSignature() pulumi.BoolOutput

Enable/disable signature validation of SAML responses.

type IdentityProviderArgs 

type IdentityProviderArgs struct {
	// Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
	AddReadTokenRoleOnCreate interface{}
	// The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
	Alias interface{}
	// Enable/disable authenticate users by default.
	AuthenticateByDefault interface{}
	// OIDC authorization URL.
	AuthorizationUrl interface{}
	// Does the external IDP support backchannel logout?
	BackchannelSupported interface{}
	// Client ID.
	ClientId interface{}
	// Client Secret.
	ClientSecret interface{}
	// Friendly name for Identity Providers.
	DisplayName interface{}
	// Enable/disable this identity provider.
	Enabled     interface{}
	ExtraConfig interface{}
	// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login'
	// means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
	FirstBrokerLoginFlowAlias interface{}
	// Hide On Login Page.
	HideOnLoginPage interface{}
	// JSON Web Key Set URL
	JwksUrl interface{}
	// If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't
	// want to allow login from the provider, but want to integrate with a provider
	LinkOnly interface{}
	// Login Hint.
	LoginHint interface{}
	// Logout URL
	LogoutUrl interface{}
	// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
	// additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if
	// you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that
	// authenticator implementations must assume that user is already set in ClientSession as identity provider already set
	// it.
	PostBrokerLoginFlowAlias interface{}
	// provider id, is always oidc, unless you have a custom implementation
	ProviderId interface{}
	// Realm Name
	Realm interface{}
	// Enable/disable if tokens must be stored after authenticating users.
	StoreToken interface{}
	// Token URL.
	TokenUrl interface{}
	// If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
	TrustEmail interface{}
	// Pass current locale to identity provider
	UiLocales interface{}
	// User Info URL
	UserInfoUrl interface{}
	// Enable/disable signature validation of SAML responses.
	ValidateSignature interface{}
}

The set of arguments for constructing a IdentityProvider resource.

type IdentityProviderState 

type IdentityProviderState struct {
	// Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
	AddReadTokenRoleOnCreate interface{}
	// The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
	Alias interface{}
	// Enable/disable authenticate users by default.
	AuthenticateByDefault interface{}
	// OIDC authorization URL.
	AuthorizationUrl interface{}
	// Does the external IDP support backchannel logout?
	BackchannelSupported interface{}
	// Client ID.
	ClientId interface{}
	// Client Secret.
	ClientSecret interface{}
	// Friendly name for Identity Providers.
	DisplayName interface{}
	// Enable/disable this identity provider.
	Enabled     interface{}
	ExtraConfig interface{}
	// Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login'
	// means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
	FirstBrokerLoginFlowAlias interface{}
	// Hide On Login Page.
	HideOnLoginPage interface{}
	// Internal Identity Provider Id
	InternalId interface{}
	// JSON Web Key Set URL
	JwksUrl interface{}
	// If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't
	// want to allow login from the provider, but want to integrate with a provider
	LinkOnly interface{}
	// Login Hint.
	LoginHint interface{}
	// Logout URL
	LogoutUrl interface{}
	// Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want
	// additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if
	// you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that
	// authenticator implementations must assume that user is already set in ClientSession as identity provider already set
	// it.
	PostBrokerLoginFlowAlias interface{}
	// provider id, is always oidc, unless you have a custom implementation
	ProviderId interface{}
	// Realm Name
	Realm interface{}
	// Enable/disable if tokens must be stored after authenticating users.
	StoreToken interface{}
	// Token URL.
	TokenUrl interface{}
	// If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
	TrustEmail interface{}
	// Pass current locale to identity provider
	UiLocales interface{}
	// User Info URL
	UserInfoUrl interface{}
	// Enable/disable signature validation of SAML responses.
	ValidateSignature interface{}
}

Input properties used for looking up and filtering IdentityProvider resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.