FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity
fusionauth.FusionAuthIdpSamlv2
# SAML v2 Identity Provider Resource
SAML v2 identity providers connect to external SAML v2 login systems. This type of login will optionally provide a Login with … button on FusionAuth’s login page. This button is customizable by using different properties of the identity provider.
Optionally, this identity provider can define one or more domains it is associated with. This is useful for allowing employees to log in with their corporate credentials. As long as the company has an identity solution that provides SAML v2, you can leverage this feature. This is referred to as a Domain Based Identity Provider. If you enable domains for an identity provider, the Login with … button will not be displayed. Instead, only the email form field will be displayed initially on the FusionAuth login page. Once the user types in their email address, FusionAuth will determine if the user is logging in locally or if they should be redirected to this identity provider. This is determined by extracting the domain from their email address and comparing it to the domains associated with the identity provider.
FusionAuth will locate the user’s email address in the SAML assertion which will be used to create or lookup the existing user. Additional claims from the SAML response can be used to reconcile the User to FusionAuth by using a SAML v2 Reconcile Lambda. Unless you assign a reconcile lambda to this provider, on the email address will be used from the available assertions returned by the SAML v2 identity provider.
SAML v2 Connect Identity Providers API
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fusionauth from "pulumi-fusionauth";
const saml = new fusionauth.FusionAuthIdpSamlv2("saml", {
applicationConfigurations: [{
applicationId: fusionauth_application.myapp.id,
buttonText: "Login with SAML (app text)",
createRegistration: true,
enabled: true,
}],
buttonText: "Login with SAML",
debug: false,
emailClaim: "email",
idpEndpoint: "https://www.example.com/login",
postRequest: true,
requestSigningKey: "3168129b-91fa-46f4-9676-947f5509fdce",
signRequest: true,
useNameForEmail: true,
});
import pulumi
import theogravity_pulumi_fusionauth as fusionauth
saml = fusionauth.FusionAuthIdpSamlv2("saml",
application_configurations=[{
"application_id": fusionauth_application["myapp"]["id"],
"button_text": "Login with SAML (app text)",
"create_registration": True,
"enabled": True,
}],
button_text="Login with SAML",
debug=False,
email_claim="email",
idp_endpoint="https://www.example.com/login",
post_request=True,
request_signing_key="3168129b-91fa-46f4-9676-947f5509fdce",
sign_request=True,
use_name_for_email=True)
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fusionauth.NewFusionAuthIdpSamlv2(ctx, "saml", &fusionauth.FusionAuthIdpSamlv2Args{
ApplicationConfigurations: fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArray{
&fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArgs{
ApplicationId: pulumi.Any(fusionauth_application.Myapp.Id),
ButtonText: pulumi.String("Login with SAML (app text)"),
CreateRegistration: pulumi.Bool(true),
Enabled: pulumi.Bool(true),
},
},
ButtonText: pulumi.String("Login with SAML"),
Debug: pulumi.Bool(false),
EmailClaim: pulumi.String("email"),
IdpEndpoint: pulumi.String("https://www.example.com/login"),
PostRequest: pulumi.Bool(true),
RequestSigningKey: pulumi.String("3168129b-91fa-46f4-9676-947f5509fdce"),
SignRequest: pulumi.Bool(true),
UseNameForEmail: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fusionauth = theogravity.Fusionauth;
return await Deployment.RunAsync(() =>
{
var saml = new Fusionauth.FusionAuthIdpSamlv2("saml", new()
{
ApplicationConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthIdpSamlv2ApplicationConfigurationArgs
{
ApplicationId = fusionauth_application.Myapp.Id,
ButtonText = "Login with SAML (app text)",
CreateRegistration = true,
Enabled = true,
},
},
ButtonText = "Login with SAML",
Debug = false,
EmailClaim = "email",
IdpEndpoint = "https://www.example.com/login",
PostRequest = true,
RequestSigningKey = "3168129b-91fa-46f4-9676-947f5509fdce",
SignRequest = true,
UseNameForEmail = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fusionauth.FusionAuthIdpSamlv2;
import com.pulumi.fusionauth.FusionAuthIdpSamlv2Args;
import com.pulumi.fusionauth.inputs.FusionAuthIdpSamlv2ApplicationConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var saml = new FusionAuthIdpSamlv2("saml", FusionAuthIdpSamlv2Args.builder()
.applicationConfigurations(FusionAuthIdpSamlv2ApplicationConfigurationArgs.builder()
.applicationId(fusionauth_application.myapp().id())
.buttonText("Login with SAML (app text)")
.createRegistration(true)
.enabled(true)
.build())
.buttonText("Login with SAML")
.debug(false)
.emailClaim("email")
.idpEndpoint("https://www.example.com/login")
.postRequest(true)
.requestSigningKey("3168129b-91fa-46f4-9676-947f5509fdce")
.signRequest(true)
.useNameForEmail(true)
.build());
}
}
resources:
saml:
type: fusionauth:FusionAuthIdpSamlv2
properties:
applicationConfigurations:
- applicationId: ${fusionauth_application.myapp.id}
buttonText: Login with SAML (app text)
createRegistration: true
enabled: true
buttonText: Login with SAML
debug: false
emailClaim: email
idpEndpoint: https://www.example.com/login
postRequest: true
requestSigningKey: 3168129b-91fa-46f4-9676-947f5509fdce
signRequest: true
useNameForEmail: true
Create FusionAuthIdpSamlv2 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FusionAuthIdpSamlv2(name: string, args: FusionAuthIdpSamlv2Args, opts?: CustomResourceOptions);@overload
def FusionAuthIdpSamlv2(resource_name: str,
args: FusionAuthIdpSamlv2Args,
opts: Optional[ResourceOptions] = None)
@overload
def FusionAuthIdpSamlv2(resource_name: str,
opts: Optional[ResourceOptions] = None,
button_text: Optional[str] = None,
key_id: Optional[str] = None,
lambda_reconcile_id: Optional[str] = None,
idp_initiated_configuration: Optional[FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs] = None,
debug: Optional[bool] = None,
domains: Optional[Sequence[str]] = None,
email_claim: Optional[str] = None,
enabled: Optional[bool] = None,
idp_endpoint: Optional[str] = None,
login_hint_configuration: Optional[FusionAuthIdpSamlv2LoginHintConfigurationArgs] = None,
linking_strategy: Optional[str] = None,
assertion_configuration: Optional[FusionAuthIdpSamlv2AssertionConfigurationArgs] = None,
button_image_url: Optional[str] = None,
application_configurations: Optional[Sequence[FusionAuthIdpSamlv2ApplicationConfigurationArgs]] = None,
idp_id: Optional[str] = None,
name: Optional[str] = None,
name_id_format: Optional[str] = None,
post_request: Optional[bool] = None,
request_signing_key: Optional[str] = None,
sign_request: Optional[bool] = None,
tenant_configurations: Optional[Sequence[FusionAuthIdpSamlv2TenantConfigurationArgs]] = None,
unique_id_claim: Optional[str] = None,
use_name_for_email: Optional[bool] = None,
username_claim: Optional[str] = None,
xml_signature_canonicalization_method: Optional[str] = None)func NewFusionAuthIdpSamlv2(ctx *Context, name string, args FusionAuthIdpSamlv2Args, opts ...ResourceOption) (*FusionAuthIdpSamlv2, error)public FusionAuthIdpSamlv2(string name, FusionAuthIdpSamlv2Args args, CustomResourceOptions? opts = null)
public FusionAuthIdpSamlv2(String name, FusionAuthIdpSamlv2Args args)
public FusionAuthIdpSamlv2(String name, FusionAuthIdpSamlv2Args args, CustomResourceOptions options)
type: fusionauth:FusionAuthIdpSamlv2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FusionAuthIdpSamlv2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FusionAuthIdpSamlv2Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FusionAuthIdpSamlv2Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FusionAuthIdpSamlv2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FusionAuthIdpSamlv2Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var fusionAuthIdpSamlv2Resource = new Fusionauth.FusionAuthIdpSamlv2("fusionAuthIdpSamlv2Resource", new()
{
ButtonText = "string",
KeyId = "string",
LambdaReconcileId = "string",
IdpInitiatedConfiguration = new Fusionauth.Inputs.FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs
{
Enabled = false,
Issuer = "string",
},
Debug = false,
Domains = new[]
{
"string",
},
EmailClaim = "string",
Enabled = false,
IdpEndpoint = "string",
LoginHintConfiguration = new Fusionauth.Inputs.FusionAuthIdpSamlv2LoginHintConfigurationArgs
{
Enabled = false,
ParameterName = "string",
},
LinkingStrategy = "string",
AssertionConfiguration = new Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfigurationArgs
{
Decryption = new Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfigurationDecryptionArgs
{
KeyTransportDecryptionKeyId = "string",
Enabled = false,
},
Destination = new Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfigurationDestinationArgs
{
Alternates = new[]
{
"string",
},
Policy = "string",
},
},
ButtonImageUrl = "string",
ApplicationConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthIdpSamlv2ApplicationConfigurationArgs
{
ApplicationId = "string",
ButtonImageUrl = "string",
ButtonText = "string",
CreateRegistration = false,
Enabled = false,
},
},
IdpId = "string",
Name = "string",
NameIdFormat = "string",
PostRequest = false,
RequestSigningKey = "string",
SignRequest = false,
TenantConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthIdpSamlv2TenantConfigurationArgs
{
LimitUserLinkCountEnabled = false,
LimitUserLinkCountMaximumLinks = 0,
TenantId = "string",
},
},
UniqueIdClaim = "string",
UseNameForEmail = false,
UsernameClaim = "string",
XmlSignatureCanonicalizationMethod = "string",
});
example, err := fusionauth.NewFusionAuthIdpSamlv2(ctx, "fusionAuthIdpSamlv2Resource", &fusionauth.FusionAuthIdpSamlv2Args{
ButtonText: pulumi.String("string"),
KeyId: pulumi.String("string"),
LambdaReconcileId: pulumi.String("string"),
IdpInitiatedConfiguration: &fusionauth.FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs{
Enabled: pulumi.Bool(false),
Issuer: pulumi.String("string"),
},
Debug: pulumi.Bool(false),
Domains: pulumi.StringArray{
pulumi.String("string"),
},
EmailClaim: pulumi.String("string"),
Enabled: pulumi.Bool(false),
IdpEndpoint: pulumi.String("string"),
LoginHintConfiguration: &fusionauth.FusionAuthIdpSamlv2LoginHintConfigurationArgs{
Enabled: pulumi.Bool(false),
ParameterName: pulumi.String("string"),
},
LinkingStrategy: pulumi.String("string"),
AssertionConfiguration: &fusionauth.FusionAuthIdpSamlv2AssertionConfigurationArgs{
Decryption: &fusionauth.FusionAuthIdpSamlv2AssertionConfigurationDecryptionArgs{
KeyTransportDecryptionKeyId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
Destination: &fusionauth.FusionAuthIdpSamlv2AssertionConfigurationDestinationArgs{
Alternates: pulumi.StringArray{
pulumi.String("string"),
},
Policy: pulumi.String("string"),
},
},
ButtonImageUrl: pulumi.String("string"),
ApplicationConfigurations: fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArray{
&fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArgs{
ApplicationId: pulumi.String("string"),
ButtonImageUrl: pulumi.String("string"),
ButtonText: pulumi.String("string"),
CreateRegistration: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
},
},
IdpId: pulumi.String("string"),
Name: pulumi.String("string"),
NameIdFormat: pulumi.String("string"),
PostRequest: pulumi.Bool(false),
RequestSigningKey: pulumi.String("string"),
SignRequest: pulumi.Bool(false),
TenantConfigurations: fusionauth.FusionAuthIdpSamlv2TenantConfigurationArray{
&fusionauth.FusionAuthIdpSamlv2TenantConfigurationArgs{
LimitUserLinkCountEnabled: pulumi.Bool(false),
LimitUserLinkCountMaximumLinks: pulumi.Int(0),
TenantId: pulumi.String("string"),
},
},
UniqueIdClaim: pulumi.String("string"),
UseNameForEmail: pulumi.Bool(false),
UsernameClaim: pulumi.String("string"),
XmlSignatureCanonicalizationMethod: pulumi.String("string"),
})
var fusionAuthIdpSamlv2Resource = new FusionAuthIdpSamlv2("fusionAuthIdpSamlv2Resource", FusionAuthIdpSamlv2Args.builder()
.buttonText("string")
.keyId("string")
.lambdaReconcileId("string")
.idpInitiatedConfiguration(FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs.builder()
.enabled(false)
.issuer("string")
.build())
.debug(false)
.domains("string")
.emailClaim("string")
.enabled(false)
.idpEndpoint("string")
.loginHintConfiguration(FusionAuthIdpSamlv2LoginHintConfigurationArgs.builder()
.enabled(false)
.parameterName("string")
.build())
.linkingStrategy("string")
.assertionConfiguration(FusionAuthIdpSamlv2AssertionConfigurationArgs.builder()
.decryption(FusionAuthIdpSamlv2AssertionConfigurationDecryptionArgs.builder()
.keyTransportDecryptionKeyId("string")
.enabled(false)
.build())
.destination(FusionAuthIdpSamlv2AssertionConfigurationDestinationArgs.builder()
.alternates("string")
.policy("string")
.build())
.build())
.buttonImageUrl("string")
.applicationConfigurations(FusionAuthIdpSamlv2ApplicationConfigurationArgs.builder()
.applicationId("string")
.buttonImageUrl("string")
.buttonText("string")
.createRegistration(false)
.enabled(false)
.build())
.idpId("string")
.name("string")
.nameIdFormat("string")
.postRequest(false)
.requestSigningKey("string")
.signRequest(false)
.tenantConfigurations(FusionAuthIdpSamlv2TenantConfigurationArgs.builder()
.limitUserLinkCountEnabled(false)
.limitUserLinkCountMaximumLinks(0)
.tenantId("string")
.build())
.uniqueIdClaim("string")
.useNameForEmail(false)
.usernameClaim("string")
.xmlSignatureCanonicalizationMethod("string")
.build());
fusion_auth_idp_samlv2_resource = fusionauth.FusionAuthIdpSamlv2("fusionAuthIdpSamlv2Resource",
button_text="string",
key_id="string",
lambda_reconcile_id="string",
idp_initiated_configuration={
"enabled": False,
"issuer": "string",
},
debug=False,
domains=["string"],
email_claim="string",
enabled=False,
idp_endpoint="string",
login_hint_configuration={
"enabled": False,
"parameter_name": "string",
},
linking_strategy="string",
assertion_configuration={
"decryption": {
"key_transport_decryption_key_id": "string",
"enabled": False,
},
"destination": {
"alternates": ["string"],
"policy": "string",
},
},
button_image_url="string",
application_configurations=[{
"application_id": "string",
"button_image_url": "string",
"button_text": "string",
"create_registration": False,
"enabled": False,
}],
idp_id="string",
name="string",
name_id_format="string",
post_request=False,
request_signing_key="string",
sign_request=False,
tenant_configurations=[{
"limit_user_link_count_enabled": False,
"limit_user_link_count_maximum_links": 0,
"tenant_id": "string",
}],
unique_id_claim="string",
use_name_for_email=False,
username_claim="string",
xml_signature_canonicalization_method="string")
const fusionAuthIdpSamlv2Resource = new fusionauth.FusionAuthIdpSamlv2("fusionAuthIdpSamlv2Resource", {
buttonText: "string",
keyId: "string",
lambdaReconcileId: "string",
idpInitiatedConfiguration: {
enabled: false,
issuer: "string",
},
debug: false,
domains: ["string"],
emailClaim: "string",
enabled: false,
idpEndpoint: "string",
loginHintConfiguration: {
enabled: false,
parameterName: "string",
},
linkingStrategy: "string",
assertionConfiguration: {
decryption: {
keyTransportDecryptionKeyId: "string",
enabled: false,
},
destination: {
alternates: ["string"],
policy: "string",
},
},
buttonImageUrl: "string",
applicationConfigurations: [{
applicationId: "string",
buttonImageUrl: "string",
buttonText: "string",
createRegistration: false,
enabled: false,
}],
idpId: "string",
name: "string",
nameIdFormat: "string",
postRequest: false,
requestSigningKey: "string",
signRequest: false,
tenantConfigurations: [{
limitUserLinkCountEnabled: false,
limitUserLinkCountMaximumLinks: 0,
tenantId: "string",
}],
uniqueIdClaim: "string",
useNameForEmail: false,
usernameClaim: "string",
xmlSignatureCanonicalizationMethod: "string",
});
type: fusionauth:FusionAuthIdpSamlv2
properties:
applicationConfigurations:
- applicationId: string
buttonImageUrl: string
buttonText: string
createRegistration: false
enabled: false
assertionConfiguration:
decryption:
enabled: false
keyTransportDecryptionKeyId: string
destination:
alternates:
- string
policy: string
buttonImageUrl: string
buttonText: string
debug: false
domains:
- string
emailClaim: string
enabled: false
idpEndpoint: string
idpId: string
idpInitiatedConfiguration:
enabled: false
issuer: string
keyId: string
lambdaReconcileId: string
linkingStrategy: string
loginHintConfiguration:
enabled: false
parameterName: string
name: string
nameIdFormat: string
postRequest: false
requestSigningKey: string
signRequest: false
tenantConfigurations:
- limitUserLinkCountEnabled: false
limitUserLinkCountMaximumLinks: 0
tenantId: string
uniqueIdClaim: string
useNameForEmail: false
usernameClaim: string
xmlSignatureCanonicalizationMethod: string
FusionAuthIdpSamlv2 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FusionAuthIdpSamlv2 resource accepts the following input properties:
- string
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- Key
Id string - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- Application
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Idp Samlv2Application Configuration> - The configuration for each Application that the identity provider is enabled for.
- Assertion
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Idp Samlv2Assertion Configuration - The configuration for the SAML assertion.
- string
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- Debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- Domains List<string>
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- Email
Claim string - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - Enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- Idp
Endpoint string - The SAML v2 login page of the identity provider.
- Idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- Idp
Initiated theogravity.Configuration Fusionauth. Inputs. Fusion Auth Idp Samlv2Idp Initiated Configuration - The configuration for the IdP initiated login.
- Lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- Linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- Login
Hint theogravity.Configuration Fusionauth. Inputs. Fusion Auth Idp Samlv2Login Hint Configuration - The configuration for the login hint.
- Name string
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- Name
Id stringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- Post
Request bool - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- Request
Signing stringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - Sign
Request bool - When true authentication requests sent to the identity provider will be signed.
- Tenant
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Idp Samlv2Tenant Configuration> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- Unique
Id stringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - Use
Name boolFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - Username
Claim string - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
- string
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- Key
Id string - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- Application
Configurations []FusionAuth Idp Samlv2Application Configuration Args - The configuration for each Application that the identity provider is enabled for.
- Assertion
Configuration FusionAuth Idp Samlv2Assertion Configuration Args - The configuration for the SAML assertion.
- string
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- Debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- Domains []string
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- Email
Claim string - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - Enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- Idp
Endpoint string - The SAML v2 login page of the identity provider.
- Idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- Idp
Initiated FusionConfiguration Auth Idp Samlv2Idp Initiated Configuration Args - The configuration for the IdP initiated login.
- Lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- Linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- Login
Hint FusionConfiguration Auth Idp Samlv2Login Hint Configuration Args - The configuration for the login hint.
- Name string
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- Name
Id stringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- Post
Request bool - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- Request
Signing stringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - Sign
Request bool - When true authentication requests sent to the identity provider will be signed.
- Tenant
Configurations []FusionAuth Idp Samlv2Tenant Configuration Args - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- Unique
Id stringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - Use
Name boolFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - Username
Claim string - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
- String
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- key
Id String - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- application
Configurations List<FusionAuth Idp Samlv2Application Configuration> - The configuration for each Application that the identity provider is enabled for.
- assertion
Configuration FusionAuth Idp Samlv2Assertion Configuration - The configuration for the SAML assertion.
- String
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- debug Boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains List<String>
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- email
Claim String - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - enabled Boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Endpoint String - The SAML v2 login page of the identity provider.
- idp
Id String - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- idp
Initiated FusionConfiguration Auth Idp Samlv2Idp Initiated Configuration - The configuration for the IdP initiated login.
- lambda
Reconcile StringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy String - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- login
Hint FusionConfiguration Auth Idp Samlv2Login Hint Configuration - The configuration for the login hint.
- name String
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- name
Id StringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- post
Request Boolean - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- request
Signing StringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - sign
Request Boolean - When true authentication requests sent to the identity provider will be signed.
- tenant
Configurations List<FusionAuth Idp Samlv2Tenant Configuration> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Id StringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - use
Name BooleanFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - username
Claim String - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
- string
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- key
Id string - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- application
Configurations FusionAuth Idp Samlv2Application Configuration[] - The configuration for each Application that the identity provider is enabled for.
- assertion
Configuration FusionAuth Idp Samlv2Assertion Configuration - The configuration for the SAML assertion.
- string
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- debug boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains string[]
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- email
Claim string - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - enabled boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Endpoint string - The SAML v2 login page of the identity provider.
- idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- idp
Initiated FusionConfiguration Auth Idp Samlv2Idp Initiated Configuration - The configuration for the IdP initiated login.
- lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- login
Hint FusionConfiguration Auth Idp Samlv2Login Hint Configuration - The configuration for the login hint.
- name string
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- name
Id stringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- post
Request boolean - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- request
Signing stringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - sign
Request boolean - When true authentication requests sent to the identity provider will be signed.
- tenant
Configurations FusionAuth Idp Samlv2Tenant Configuration[] - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Id stringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - use
Name booleanFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - username
Claim string - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
- str
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- key_
id str - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- application_
configurations Sequence[FusionAuth Idp Samlv2Application Configuration Args] - The configuration for each Application that the identity provider is enabled for.
- assertion_
configuration FusionAuth Idp Samlv2Assertion Configuration Args - The configuration for the SAML assertion.
- str
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains Sequence[str]
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- email_
claim str - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp_
endpoint str - The SAML v2 login page of the identity provider.
- idp_
id str - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- idp_
initiated_ Fusionconfiguration Auth Idp Samlv2Idp Initiated Configuration Args - The configuration for the IdP initiated login.
- lambda_
reconcile_ strid - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking_
strategy str - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- login_
hint_ Fusionconfiguration Auth Idp Samlv2Login Hint Configuration Args - The configuration for the login hint.
- name str
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- name_
id_ strformat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- post_
request bool - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- request_
signing_ strkey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - sign_
request bool - When true authentication requests sent to the identity provider will be signed.
- tenant_
configurations Sequence[FusionAuth Idp Samlv2Tenant Configuration Args] - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique_
id_ strclaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - use_
name_ boolfor_ email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - username_
claim str - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- xml_
signature_ strcanonicalization_ method - The XML signature canonicalization method used when digesting and signing the SAML request.
- String
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- key
Id String - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- application
Configurations List<Property Map> - The configuration for each Application that the identity provider is enabled for.
- assertion
Configuration Property Map - The configuration for the SAML assertion.
- String
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- debug Boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains List<String>
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- email
Claim String - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - enabled Boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Endpoint String - The SAML v2 login page of the identity provider.
- idp
Id String - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- idp
Initiated Property MapConfiguration - The configuration for the IdP initiated login.
- lambda
Reconcile StringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy String - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- login
Hint Property MapConfiguration - The configuration for the login hint.
- name String
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- name
Id StringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- post
Request Boolean - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- request
Signing StringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - sign
Request Boolean - When true authentication requests sent to the identity provider will be signed.
- tenant
Configurations List<Property Map> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Id StringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - use
Name BooleanFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - username
Claim String - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
Outputs
All input properties are implicitly available as output properties. Additionally, the FusionAuthIdpSamlv2 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FusionAuthIdpSamlv2 Resource
Get an existing FusionAuthIdpSamlv2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FusionAuthIdpSamlv2State, opts?: CustomResourceOptions): FusionAuthIdpSamlv2@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_configurations: Optional[Sequence[FusionAuthIdpSamlv2ApplicationConfigurationArgs]] = None,
assertion_configuration: Optional[FusionAuthIdpSamlv2AssertionConfigurationArgs] = None,
button_image_url: Optional[str] = None,
button_text: Optional[str] = None,
debug: Optional[bool] = None,
domains: Optional[Sequence[str]] = None,
email_claim: Optional[str] = None,
enabled: Optional[bool] = None,
idp_endpoint: Optional[str] = None,
idp_id: Optional[str] = None,
idp_initiated_configuration: Optional[FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs] = None,
key_id: Optional[str] = None,
lambda_reconcile_id: Optional[str] = None,
linking_strategy: Optional[str] = None,
login_hint_configuration: Optional[FusionAuthIdpSamlv2LoginHintConfigurationArgs] = None,
name: Optional[str] = None,
name_id_format: Optional[str] = None,
post_request: Optional[bool] = None,
request_signing_key: Optional[str] = None,
sign_request: Optional[bool] = None,
tenant_configurations: Optional[Sequence[FusionAuthIdpSamlv2TenantConfigurationArgs]] = None,
unique_id_claim: Optional[str] = None,
use_name_for_email: Optional[bool] = None,
username_claim: Optional[str] = None,
xml_signature_canonicalization_method: Optional[str] = None) -> FusionAuthIdpSamlv2func GetFusionAuthIdpSamlv2(ctx *Context, name string, id IDInput, state *FusionAuthIdpSamlv2State, opts ...ResourceOption) (*FusionAuthIdpSamlv2, error)public static FusionAuthIdpSamlv2 Get(string name, Input<string> id, FusionAuthIdpSamlv2State? state, CustomResourceOptions? opts = null)public static FusionAuthIdpSamlv2 get(String name, Output<String> id, FusionAuthIdpSamlv2State state, CustomResourceOptions options)resources: _: type: fusionauth:FusionAuthIdpSamlv2 get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Idp Samlv2Application Configuration> - The configuration for each Application that the identity provider is enabled for.
- Assertion
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Idp Samlv2Assertion Configuration - The configuration for the SAML assertion.
- string
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- string
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- Debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- Domains List<string>
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- Email
Claim string - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - Enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- Idp
Endpoint string - The SAML v2 login page of the identity provider.
- Idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- Idp
Initiated theogravity.Configuration Fusionauth. Inputs. Fusion Auth Idp Samlv2Idp Initiated Configuration - The configuration for the IdP initiated login.
- Key
Id string - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- Lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- Linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- Login
Hint theogravity.Configuration Fusionauth. Inputs. Fusion Auth Idp Samlv2Login Hint Configuration - The configuration for the login hint.
- Name string
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- Name
Id stringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- Post
Request bool - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- Request
Signing stringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - Sign
Request bool - When true authentication requests sent to the identity provider will be signed.
- Tenant
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Idp Samlv2Tenant Configuration> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- Unique
Id stringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - Use
Name boolFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - Username
Claim string - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
- Application
Configurations []FusionAuth Idp Samlv2Application Configuration Args - The configuration for each Application that the identity provider is enabled for.
- Assertion
Configuration FusionAuth Idp Samlv2Assertion Configuration Args - The configuration for the SAML assertion.
- string
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- string
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- Debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- Domains []string
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- Email
Claim string - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - Enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- Idp
Endpoint string - The SAML v2 login page of the identity provider.
- Idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- Idp
Initiated FusionConfiguration Auth Idp Samlv2Idp Initiated Configuration Args - The configuration for the IdP initiated login.
- Key
Id string - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- Lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- Linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- Login
Hint FusionConfiguration Auth Idp Samlv2Login Hint Configuration Args - The configuration for the login hint.
- Name string
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- Name
Id stringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- Post
Request bool - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- Request
Signing stringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - Sign
Request bool - When true authentication requests sent to the identity provider will be signed.
- Tenant
Configurations []FusionAuth Idp Samlv2Tenant Configuration Args - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- Unique
Id stringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - Use
Name boolFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - Username
Claim string - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
- application
Configurations List<FusionAuth Idp Samlv2Application Configuration> - The configuration for each Application that the identity provider is enabled for.
- assertion
Configuration FusionAuth Idp Samlv2Assertion Configuration - The configuration for the SAML assertion.
- String
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- String
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- debug Boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains List<String>
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- email
Claim String - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - enabled Boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Endpoint String - The SAML v2 login page of the identity provider.
- idp
Id String - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- idp
Initiated FusionConfiguration Auth Idp Samlv2Idp Initiated Configuration - The configuration for the IdP initiated login.
- key
Id String - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- lambda
Reconcile StringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy String - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- login
Hint FusionConfiguration Auth Idp Samlv2Login Hint Configuration - The configuration for the login hint.
- name String
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- name
Id StringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- post
Request Boolean - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- request
Signing StringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - sign
Request Boolean - When true authentication requests sent to the identity provider will be signed.
- tenant
Configurations List<FusionAuth Idp Samlv2Tenant Configuration> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Id StringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - use
Name BooleanFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - username
Claim String - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
- application
Configurations FusionAuth Idp Samlv2Application Configuration[] - The configuration for each Application that the identity provider is enabled for.
- assertion
Configuration FusionAuth Idp Samlv2Assertion Configuration - The configuration for the SAML assertion.
- string
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- string
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- debug boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains string[]
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- email
Claim string - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - enabled boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Endpoint string - The SAML v2 login page of the identity provider.
- idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- idp
Initiated FusionConfiguration Auth Idp Samlv2Idp Initiated Configuration - The configuration for the IdP initiated login.
- key
Id string - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- login
Hint FusionConfiguration Auth Idp Samlv2Login Hint Configuration - The configuration for the login hint.
- name string
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- name
Id stringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- post
Request boolean - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- request
Signing stringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - sign
Request boolean - When true authentication requests sent to the identity provider will be signed.
- tenant
Configurations FusionAuth Idp Samlv2Tenant Configuration[] - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Id stringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - use
Name booleanFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - username
Claim string - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
- application_
configurations Sequence[FusionAuth Idp Samlv2Application Configuration Args] - The configuration for each Application that the identity provider is enabled for.
- assertion_
configuration FusionAuth Idp Samlv2Assertion Configuration Args - The configuration for the SAML assertion.
- str
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- str
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains Sequence[str]
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- email_
claim str - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp_
endpoint str - The SAML v2 login page of the identity provider.
- idp_
id str - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- idp_
initiated_ Fusionconfiguration Auth Idp Samlv2Idp Initiated Configuration Args - The configuration for the IdP initiated login.
- key_
id str - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- lambda_
reconcile_ strid - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking_
strategy str - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- login_
hint_ Fusionconfiguration Auth Idp Samlv2Login Hint Configuration Args - The configuration for the login hint.
- name str
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- name_
id_ strformat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- post_
request bool - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- request_
signing_ strkey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - sign_
request bool - When true authentication requests sent to the identity provider will be signed.
- tenant_
configurations Sequence[FusionAuth Idp Samlv2Tenant Configuration Args] - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique_
id_ strclaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - use_
name_ boolfor_ email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - username_
claim str - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- xml_
signature_ strcanonicalization_ method - The XML signature canonicalization method used when digesting and signing the SAML request.
- application
Configurations List<Property Map> - The configuration for each Application that the identity provider is enabled for.
- assertion
Configuration Property Map - The configuration for the SAML assertion.
- String
- The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
- String
- The top-level button text to use on the FusionAuth login page for this Identity Provider.
- debug Boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains List<String>
- This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
- email
Claim String - The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the
use_name_for_emailflag must be true. - enabled Boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Endpoint String - The SAML v2 login page of the identity provider.
- idp
Id String - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- idp
Initiated Property MapConfiguration - The configuration for the IdP initiated login.
- key
Id String - The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
- lambda
Reconcile StringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy String - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- login
Hint Property MapConfiguration - The configuration for the login hint.
- name String
- The name of this OpenID Connect identity provider. This is only used for display purposes.
- name
Id StringFormat - Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
- post
Request Boolean - Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
- request
Signing StringKey - The key pair Id to use to sign the SAML request. Required when
sign_requestis true. - sign
Request Boolean - When true authentication requests sent to the identity provider will be signed.
- tenant
Configurations List<Property Map> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Id StringClaim - The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,
the email_claimwill be used when linking user. - use
Name BooleanFor Email - Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the
email_claimproperty must be set. - username
Claim String - The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML request.
Supporting Types
FusionAuthIdpSamlv2ApplicationConfiguration, FusionAuthIdpSamlv2ApplicationConfigurationArgs
- Application
Id string - ID of the Application to apply this configuration to.
- string
- This is an optional Application specific override for the top level button image URL.
- string
- This is an optional Application specific override for the top level button text.
- Create
Registration bool - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- Enabled bool
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- Application
Id string - ID of the Application to apply this configuration to.
- string
- This is an optional Application specific override for the top level button image URL.
- string
- This is an optional Application specific override for the top level button text.
- Create
Registration bool - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- Enabled bool
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- application
Id String - ID of the Application to apply this configuration to.
- String
- This is an optional Application specific override for the top level button image URL.
- String
- This is an optional Application specific override for the top level button text.
- create
Registration Boolean - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- enabled Boolean
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- application
Id string - ID of the Application to apply this configuration to.
- string
- This is an optional Application specific override for the top level button image URL.
- string
- This is an optional Application specific override for the top level button text.
- create
Registration boolean - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- enabled boolean
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- application_
id str - ID of the Application to apply this configuration to.
- str
- This is an optional Application specific override for the top level button image URL.
- str
- This is an optional Application specific override for the top level button text.
- create_
registration bool - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- enabled bool
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- application
Id String - ID of the Application to apply this configuration to.
- String
- This is an optional Application specific override for the top level button image URL.
- String
- This is an optional Application specific override for the top level button text.
- create
Registration Boolean - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- enabled Boolean
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
FusionAuthIdpSamlv2AssertionConfiguration, FusionAuthIdpSamlv2AssertionConfigurationArgs
- Decryption
theogravity.
Fusionauth. Inputs. Fusion Auth Idp Samlv2Assertion Configuration Decryption - The configuration for the SAML assertion decryption.
- Destination
theogravity.
Fusionauth. Inputs. Fusion Auth Idp Samlv2Assertion Configuration Destination - The array of URLs that FusionAuth will accept as SAML login destinations if the
policysetting is AllowAlternates.
- Decryption
Fusion
Auth Idp Samlv2Assertion Configuration Decryption - The configuration for the SAML assertion decryption.
- Destination
Fusion
Auth Idp Samlv2Assertion Configuration Destination - The array of URLs that FusionAuth will accept as SAML login destinations if the
policysetting is AllowAlternates.
- decryption
Fusion
Auth Idp Samlv2Assertion Configuration Decryption - The configuration for the SAML assertion decryption.
- destination
Fusion
Auth Idp Samlv2Assertion Configuration Destination - The array of URLs that FusionAuth will accept as SAML login destinations if the
policysetting is AllowAlternates.
- decryption
Fusion
Auth Idp Samlv2Assertion Configuration Decryption - The configuration for the SAML assertion decryption.
- destination
Fusion
Auth Idp Samlv2Assertion Configuration Destination - The array of URLs that FusionAuth will accept as SAML login destinations if the
policysetting is AllowAlternates.
- decryption
Fusion
Auth Idp Samlv2Assertion Configuration Decryption - The configuration for the SAML assertion decryption.
- destination
Fusion
Auth Idp Samlv2Assertion Configuration Destination - The array of URLs that FusionAuth will accept as SAML login destinations if the
policysetting is AllowAlternates.
- decryption Property Map
- The configuration for the SAML assertion decryption.
- destination Property Map
- The array of URLs that FusionAuth will accept as SAML login destinations if the
policysetting is AllowAlternates.
FusionAuthIdpSamlv2AssertionConfigurationDecryption, FusionAuthIdpSamlv2AssertionConfigurationDecryptionArgs
- Key
Transport stringDecryption Key Id - The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when
enabledis true. - Enabled bool
- Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
- Key
Transport stringDecryption Key Id - The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when
enabledis true. - Enabled bool
- Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
- key
Transport StringDecryption Key Id - The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when
enabledis true. - enabled Boolean
- Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
- key
Transport stringDecryption Key Id - The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when
enabledis true. - enabled boolean
- Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
- key_
transport_ strdecryption_ key_ id - The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when
enabledis true. - enabled bool
- Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
- key
Transport StringDecryption Key Id - The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when
enabledis true. - enabled Boolean
- Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
FusionAuthIdpSamlv2AssertionConfigurationDestination, FusionAuthIdpSamlv2AssertionConfigurationDestinationArgs
- Alternates List<string>
- The alternate destinations of the assertion.
- Policy string
- The policy to use when performing a destination assertion on the SAML login request. The possible values are
Enabled,Disabled, andAllowAlternates.
- Alternates []string
- The alternate destinations of the assertion.
- Policy string
- The policy to use when performing a destination assertion on the SAML login request. The possible values are
Enabled,Disabled, andAllowAlternates.
- alternates List<String>
- The alternate destinations of the assertion.
- policy String
- The policy to use when performing a destination assertion on the SAML login request. The possible values are
Enabled,Disabled, andAllowAlternates.
- alternates string[]
- The alternate destinations of the assertion.
- policy string
- The policy to use when performing a destination assertion on the SAML login request. The possible values are
Enabled,Disabled, andAllowAlternates.
- alternates Sequence[str]
- The alternate destinations of the assertion.
- policy str
- The policy to use when performing a destination assertion on the SAML login request. The possible values are
Enabled,Disabled, andAllowAlternates.
- alternates List<String>
- The alternate destinations of the assertion.
- policy String
- The policy to use when performing a destination assertion on the SAML login request. The possible values are
Enabled,Disabled, andAllowAlternates.
FusionAuthIdpSamlv2IdpInitiatedConfiguration, FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs
FusionAuthIdpSamlv2LoginHintConfiguration, FusionAuthIdpSamlv2LoginHintConfigurationArgs
- Enabled bool
- When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the
parameter_nameto initiate the AuthN request. - Parameter
Name string - The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is
login_hint. Required whenenabledis true.
- Enabled bool
- When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the
parameter_nameto initiate the AuthN request. - Parameter
Name string - The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is
login_hint. Required whenenabledis true.
- enabled Boolean
- When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the
parameter_nameto initiate the AuthN request. - parameter
Name String - The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is
login_hint. Required whenenabledis true.
- enabled boolean
- When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the
parameter_nameto initiate the AuthN request. - parameter
Name string - The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is
login_hint. Required whenenabledis true.
- enabled bool
- When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the
parameter_nameto initiate the AuthN request. - parameter_
name str - The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is
login_hint. Required whenenabledis true.
- enabled Boolean
- When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the
parameter_nameto initiate the AuthN request. - parameter
Name String - The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is
login_hint. Required whenenabledis true.
FusionAuthIdpSamlv2TenantConfiguration, FusionAuthIdpSamlv2TenantConfigurationArgs
- Limit
User boolLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks
- Limit
User intLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- Tenant
Id string - The unique Id of the tenant that this configuration applies to.
- Limit
User boolLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks
- Limit
User intLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- Tenant
Id string - The unique Id of the tenant that this configuration applies to.
- limit
User BooleanLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks
- limit
User IntegerLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- tenant
Id String - The unique Id of the tenant that this configuration applies to.
- limit
User booleanLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks
- limit
User numberLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- tenant
Id string - The unique Id of the tenant that this configuration applies to.
- limit_
user_ boollink_ count_ enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks
- limit_
user_ intlink_ count_ maximum_ links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- tenant_
id str - The unique Id of the tenant that this configuration applies to.
- limit
User BooleanLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks
- limit
User NumberLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- tenant
Id String - The unique Id of the tenant that this configuration applies to.
Package Details
- Repository
- fusionauth theogravity/pulumi-fusionauth
- License
- MIT
- Notes
- This Pulumi package is based on the
fusionauthTerraform Provider.
