FusionAuth v6.0.2, Feb 9 25

FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity

fusionauth.FusionAuthIdpSamlV2IdpInitiated

Explore with Pulumi AI

FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity

Create FusionAuthIdpSamlV2IdpInitiated Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FusionAuthIdpSamlV2IdpInitiated(name: string, args: FusionAuthIdpSamlV2IdpInitiatedArgs, opts?: CustomResourceOptions);

@overload
def FusionAuthIdpSamlV2IdpInitiated(resource_name: str,
                                    args: FusionAuthIdpSamlV2IdpInitiatedArgs,
                                    opts: Optional[ResourceOptions] = None)

@overload
def FusionAuthIdpSamlV2IdpInitiated(resource_name: str,
                                    opts: Optional[ResourceOptions] = None,
                                    issuer: Optional[str] = None,
                                    key_id: Optional[str] = None,
                                    email_claim: Optional[str] = None,
                                    application_configurations: Optional[Sequence[FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs]] = None,
                                    enabled: Optional[bool] = None,
                                    idp_id: Optional[str] = None,
                                    debug: Optional[bool] = None,
                                    assertion_configuration: Optional[FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs] = None,
                                    lambda_reconcile_id: Optional[str] = None,
                                    linking_strategy: Optional[str] = None,
                                    name: Optional[str] = None,
                                    tenant_configurations: Optional[Sequence[FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs]] = None,
                                    unique_id_claim: Optional[str] = None,
                                    use_name_for_email: Optional[bool] = None,
                                    username_claim: Optional[str] = None)

func NewFusionAuthIdpSamlV2IdpInitiated(ctx *Context, name string, args FusionAuthIdpSamlV2IdpInitiatedArgs, opts ...ResourceOption) (*FusionAuthIdpSamlV2IdpInitiated, error)

public FusionAuthIdpSamlV2IdpInitiated(string name, FusionAuthIdpSamlV2IdpInitiatedArgs args, CustomResourceOptions? opts = null)

public FusionAuthIdpSamlV2IdpInitiated(String name, FusionAuthIdpSamlV2IdpInitiatedArgs args)
public FusionAuthIdpSamlV2IdpInitiated(String name, FusionAuthIdpSamlV2IdpInitiatedArgs args, CustomResourceOptions options)

type: fusionauth:FusionAuthIdpSamlV2IdpInitiated
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FusionAuthIdpSamlV2IdpInitiatedArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FusionAuthIdpSamlV2IdpInitiatedArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FusionAuthIdpSamlV2IdpInitiatedArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FusionAuthIdpSamlV2IdpInitiatedArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FusionAuthIdpSamlV2IdpInitiatedArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var fusionAuthIdpSamlV2IdpInitiatedResource = new Fusionauth.FusionAuthIdpSamlV2IdpInitiated("fusionAuthIdpSamlV2IdpInitiatedResource", new()
{
    Issuer = "string",
    KeyId = "string",
    EmailClaim = "string",
    ApplicationConfigurations = new[]
    {
        new Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs
        {
            ApplicationId = "string",
            CreateRegistration = false,
            Enabled = false,
        },
    },
    Enabled = false,
    IdpId = "string",
    Debug = false,
    AssertionConfiguration = new Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs
    {
        Decryption = new Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryptionArgs
        {
            KeyTransportDecryptionKeyId = "string",
            Enabled = false,
        },
    },
    LambdaReconcileId = "string",
    LinkingStrategy = "string",
    Name = "string",
    TenantConfigurations = new[]
    {
        new Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs
        {
            LimitUserLinkCountEnabled = false,
            LimitUserLinkCountMaximumLinks = 0,
            TenantId = "string",
        },
    },
    UniqueIdClaim = "string",
    UseNameForEmail = false,
    UsernameClaim = "string",
});

example, err := fusionauth.NewFusionAuthIdpSamlV2IdpInitiated(ctx, "fusionAuthIdpSamlV2IdpInitiatedResource", &fusionauth.FusionAuthIdpSamlV2IdpInitiatedArgs{
	Issuer:     pulumi.String("string"),
	KeyId:      pulumi.String("string"),
	EmailClaim: pulumi.String("string"),
	ApplicationConfigurations: fusionauth.FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArray{
		&fusionauth.FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs{
			ApplicationId:      pulumi.String("string"),
			CreateRegistration: pulumi.Bool(false),
			Enabled:            pulumi.Bool(false),
		},
	},
	Enabled: pulumi.Bool(false),
	IdpId:   pulumi.String("string"),
	Debug:   pulumi.Bool(false),
	AssertionConfiguration: &fusionauth.FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs{
		Decryption: &fusionauth.FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryptionArgs{
			KeyTransportDecryptionKeyId: pulumi.String("string"),
			Enabled:                     pulumi.Bool(false),
		},
	},
	LambdaReconcileId: pulumi.String("string"),
	LinkingStrategy:   pulumi.String("string"),
	Name:              pulumi.String("string"),
	TenantConfigurations: fusionauth.FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArray{
		&fusionauth.FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs{
			LimitUserLinkCountEnabled:      pulumi.Bool(false),
			LimitUserLinkCountMaximumLinks: pulumi.Int(0),
			TenantId:                       pulumi.String("string"),
		},
	},
	UniqueIdClaim:   pulumi.String("string"),
	UseNameForEmail: pulumi.Bool(false),
	UsernameClaim:   pulumi.String("string"),
})

var fusionAuthIdpSamlV2IdpInitiatedResource = new FusionAuthIdpSamlV2IdpInitiated("fusionAuthIdpSamlV2IdpInitiatedResource", FusionAuthIdpSamlV2IdpInitiatedArgs.builder()
    .issuer("string")
    .keyId("string")
    .emailClaim("string")
    .applicationConfigurations(FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs.builder()
        .applicationId("string")
        .createRegistration(false)
        .enabled(false)
        .build())
    .enabled(false)
    .idpId("string")
    .debug(false)
    .assertionConfiguration(FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs.builder()
        .decryption(FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryptionArgs.builder()
            .keyTransportDecryptionKeyId("string")
            .enabled(false)
            .build())
        .build())
    .lambdaReconcileId("string")
    .linkingStrategy("string")
    .name("string")
    .tenantConfigurations(FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs.builder()
        .limitUserLinkCountEnabled(false)
        .limitUserLinkCountMaximumLinks(0)
        .tenantId("string")
        .build())
    .uniqueIdClaim("string")
    .useNameForEmail(false)
    .usernameClaim("string")
    .build());

fusion_auth_idp_saml_v2_idp_initiated_resource = fusionauth.FusionAuthIdpSamlV2IdpInitiated("fusionAuthIdpSamlV2IdpInitiatedResource",
    issuer="string",
    key_id="string",
    email_claim="string",
    application_configurations=[{
        "application_id": "string",
        "create_registration": False,
        "enabled": False,
    }],
    enabled=False,
    idp_id="string",
    debug=False,
    assertion_configuration={
        "decryption": {
            "key_transport_decryption_key_id": "string",
            "enabled": False,
        },
    },
    lambda_reconcile_id="string",
    linking_strategy="string",
    name="string",
    tenant_configurations=[{
        "limit_user_link_count_enabled": False,
        "limit_user_link_count_maximum_links": 0,
        "tenant_id": "string",
    }],
    unique_id_claim="string",
    use_name_for_email=False,
    username_claim="string")

const fusionAuthIdpSamlV2IdpInitiatedResource = new fusionauth.FusionAuthIdpSamlV2IdpInitiated("fusionAuthIdpSamlV2IdpInitiatedResource", {
    issuer: "string",
    keyId: "string",
    emailClaim: "string",
    applicationConfigurations: [{
        applicationId: "string",
        createRegistration: false,
        enabled: false,
    }],
    enabled: false,
    idpId: "string",
    debug: false,
    assertionConfiguration: {
        decryption: {
            keyTransportDecryptionKeyId: "string",
            enabled: false,
        },
    },
    lambdaReconcileId: "string",
    linkingStrategy: "string",
    name: "string",
    tenantConfigurations: [{
        limitUserLinkCountEnabled: false,
        limitUserLinkCountMaximumLinks: 0,
        tenantId: "string",
    }],
    uniqueIdClaim: "string",
    useNameForEmail: false,
    usernameClaim: "string",
});

type: fusionauth:FusionAuthIdpSamlV2IdpInitiated
properties:
    applicationConfigurations:
        - applicationId: string
          createRegistration: false
          enabled: false
    assertionConfiguration:
        decryption:
            enabled: false
            keyTransportDecryptionKeyId: string
    debug: false
    emailClaim: string
    enabled: false
    idpId: string
    issuer: string
    keyId: string
    lambdaReconcileId: string
    linkingStrategy: string
    name: string
    tenantConfigurations:
        - limitUserLinkCountEnabled: false
          limitUserLinkCountMaximumLinks: 0
          tenantId: string
    uniqueIdClaim: string
    useNameForEmail: false
    usernameClaim: string

FusionAuthIdpSamlV2IdpInitiated Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FusionAuthIdpSamlV2IdpInitiated resource accepts the following input properties:

Issuer string: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
KeyId string: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
ApplicationConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration>: The configuration for each Application that the identity provider is enabled for.
AssertionConfiguration theogravity.Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration: The assertion configuration for the SAML v2 identity provider.
Debug bool: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
EmailClaim string: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
Enabled bool: Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpId string: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
LambdaReconcileId string: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
LinkingStrategy string: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
Name string: The name of this SAML v2 identity provider. This is only used for display purposes.
TenantConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration>: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
UniqueIdClaim string: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
UseNameForEmail bool: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
UsernameClaim string: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

Issuer string: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
KeyId string: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
ApplicationConfigurations []FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs: The configuration for each Application that the identity provider is enabled for.
AssertionConfiguration FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs: The assertion configuration for the SAML v2 identity provider.
Debug bool: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
EmailClaim string: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
Enabled bool: Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpId string: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
LambdaReconcileId string: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
LinkingStrategy string: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
Name string: The name of this SAML v2 identity provider. This is only used for display purposes.
TenantConfigurations []FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
UniqueIdClaim string: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
UseNameForEmail bool: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
UsernameClaim string: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

issuer String: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
keyId String: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
applicationConfigurations List<FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration>: The configuration for each Application that the identity provider is enabled for.
assertionConfiguration FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration: The assertion configuration for the SAML v2 identity provider.
debug Boolean: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
emailClaim String: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled Boolean: Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId String: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId String: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
linkingStrategy String: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name String: The name of this SAML v2 identity provider. This is only used for display purposes.
tenantConfigurations List<FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration>: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim String: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail Boolean: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim String: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

issuer string: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
keyId string: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
applicationConfigurations FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration[]: The configuration for each Application that the identity provider is enabled for.
assertionConfiguration FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration: The assertion configuration for the SAML v2 identity provider.
debug boolean: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
emailClaim string: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled boolean: Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId string: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId string: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
linkingStrategy string: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name string: The name of this SAML v2 identity provider. This is only used for display purposes.
tenantConfigurations FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration[]: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim string: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail boolean: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim string: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

issuer str: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
key_id str: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
application_configurations Sequence[FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs]: The configuration for each Application that the identity provider is enabled for.
assertion_configuration FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs: The assertion configuration for the SAML v2 identity provider.
debug bool: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
email_claim str: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled bool: Determines if this provider is enabled. If it is false then it will be disabled globally.
idp_id str: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambda_reconcile_id str: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
linking_strategy str: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name str: The name of this SAML v2 identity provider. This is only used for display purposes.
tenant_configurations Sequence[FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs]: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
unique_id_claim str: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
use_name_for_email bool: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
username_claim str: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

issuer String: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
keyId String: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
applicationConfigurations List<Property Map>: The configuration for each Application that the identity provider is enabled for.
assertionConfiguration Property Map: The assertion configuration for the SAML v2 identity provider.
debug Boolean: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
emailClaim String: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled Boolean: Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId String: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId String: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
linkingStrategy String: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name String: The name of this SAML v2 identity provider. This is only used for display purposes.
tenantConfigurations List<Property Map>: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim String: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail Boolean: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim String: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

Outputs

All input properties are implicitly available as output properties. Additionally, the FusionAuthIdpSamlV2IdpInitiated resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing FusionAuthIdpSamlV2IdpInitiated Resource

Get an existing FusionAuthIdpSamlV2IdpInitiated resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FusionAuthIdpSamlV2IdpInitiatedState, opts?: CustomResourceOptions): FusionAuthIdpSamlV2IdpInitiated

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        application_configurations: Optional[Sequence[FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs]] = None,
        assertion_configuration: Optional[FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs] = None,
        debug: Optional[bool] = None,
        email_claim: Optional[str] = None,
        enabled: Optional[bool] = None,
        idp_id: Optional[str] = None,
        issuer: Optional[str] = None,
        key_id: Optional[str] = None,
        lambda_reconcile_id: Optional[str] = None,
        linking_strategy: Optional[str] = None,
        name: Optional[str] = None,
        tenant_configurations: Optional[Sequence[FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs]] = None,
        unique_id_claim: Optional[str] = None,
        use_name_for_email: Optional[bool] = None,
        username_claim: Optional[str] = None) -> FusionAuthIdpSamlV2IdpInitiated

func GetFusionAuthIdpSamlV2IdpInitiated(ctx *Context, name string, id IDInput, state *FusionAuthIdpSamlV2IdpInitiatedState, opts ...ResourceOption) (*FusionAuthIdpSamlV2IdpInitiated, error)

public static FusionAuthIdpSamlV2IdpInitiated Get(string name, Input<string> id, FusionAuthIdpSamlV2IdpInitiatedState? state, CustomResourceOptions? opts = null)

public static FusionAuthIdpSamlV2IdpInitiated get(String name, Output<String> id, FusionAuthIdpSamlV2IdpInitiatedState state, CustomResourceOptions options)

resources:  _:    type: fusionauth:FusionAuthIdpSamlV2IdpInitiated    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ApplicationConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration>: The configuration for each Application that the identity provider is enabled for.
AssertionConfiguration theogravity.Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration: The assertion configuration for the SAML v2 identity provider.
Debug bool: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
EmailClaim string: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
Enabled bool: Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpId string: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
Issuer string: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
KeyId string: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
LambdaReconcileId string: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
LinkingStrategy string: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
Name string: The name of this SAML v2 identity provider. This is only used for display purposes.
TenantConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration>: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
UniqueIdClaim string: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
UseNameForEmail bool: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
UsernameClaim string: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

ApplicationConfigurations []FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs: The configuration for each Application that the identity provider is enabled for.
AssertionConfiguration FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs: The assertion configuration for the SAML v2 identity provider.
Debug bool: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
EmailClaim string: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
Enabled bool: Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpId string: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
Issuer string: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
KeyId string: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
LambdaReconcileId string: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
LinkingStrategy string: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
Name string: The name of this SAML v2 identity provider. This is only used for display purposes.
TenantConfigurations []FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
UniqueIdClaim string: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
UseNameForEmail bool: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
UsernameClaim string: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

applicationConfigurations List<FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration>: The configuration for each Application that the identity provider is enabled for.
assertionConfiguration FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration: The assertion configuration for the SAML v2 identity provider.
debug Boolean: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
emailClaim String: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled Boolean: Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId String: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
issuer String: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
keyId String: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
lambdaReconcileId String: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
linkingStrategy String: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name String: The name of this SAML v2 identity provider. This is only used for display purposes.
tenantConfigurations List<FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration>: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim String: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail Boolean: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim String: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

applicationConfigurations FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration[]: The configuration for each Application that the identity provider is enabled for.
assertionConfiguration FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration: The assertion configuration for the SAML v2 identity provider.
debug boolean: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
emailClaim string: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled boolean: Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId string: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
issuer string: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
keyId string: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
lambdaReconcileId string: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
linkingStrategy string: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name string: The name of this SAML v2 identity provider. This is only used for display purposes.
tenantConfigurations FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration[]: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim string: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail boolean: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim string: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

application_configurations Sequence[FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs]: The configuration for each Application that the identity provider is enabled for.
assertion_configuration FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs: The assertion configuration for the SAML v2 identity provider.
debug bool: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
email_claim str: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled bool: Determines if this provider is enabled. If it is false then it will be disabled globally.
idp_id str: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
issuer str: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
key_id str: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
lambda_reconcile_id str: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
linking_strategy str: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name str: The name of this SAML v2 identity provider. This is only used for display purposes.
tenant_configurations Sequence[FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs]: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
unique_id_claim str: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
use_name_for_email bool: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
username_claim str: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

applicationConfigurations List<Property Map>: The configuration for each Application that the identity provider is enabled for.
assertionConfiguration Property Map: The assertion configuration for the SAML v2 identity provider.
debug Boolean: Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
emailClaim String: The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled Boolean: Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId String: The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
issuer String: The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 this value was required to be a URL.
keyId String: The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
lambdaReconcileId String: The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.
linkingStrategy String: The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name String: The name of this SAML v2 identity provider. This is only used for display purposes.
tenantConfigurations List<Property Map>: The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim String: The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail Boolean: Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim String: The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID value will be used to link a user. This property is required when linking_stategy is set to LinkByUsername or LinkByUsernameForExistingUser

Supporting Types

FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration, FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs

ApplicationId string
CreateRegistration bool: Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
Enabled bool: Determines if this identity provider is enabled for the Application specified by the applicationId key.

ApplicationId string
CreateRegistration bool: Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
Enabled bool: Determines if this identity provider is enabled for the Application specified by the applicationId key.

applicationId String
createRegistration Boolean: Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled Boolean: Determines if this identity provider is enabled for the Application specified by the applicationId key.

applicationId string
createRegistration boolean: Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled boolean: Determines if this identity provider is enabled for the Application specified by the applicationId key.

application_id str
create_registration bool: Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled bool: Determines if this identity provider is enabled for the Application specified by the applicationId key.

applicationId String
createRegistration Boolean: Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled Boolean: Determines if this identity provider is enabled for the Application specified by the applicationId key.

FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration, FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs

Decryption theogravity.Fusionauth.Inputs.FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption: The decryption configuration for the SAML v2 identity provider.

Decryption FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption: The decryption configuration for the SAML v2 identity provider.

decryption FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption: The decryption configuration for the SAML v2 identity provider.

decryption FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption: The decryption configuration for the SAML v2 identity provider.

decryption FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption: The decryption configuration for the SAML v2 identity provider.

decryption Property Map: The decryption configuration for the SAML v2 identity provider.

FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption, FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryptionArgs

KeyTransportDecryptionKeyId string: The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when 'enabled is true.
Enabled bool: Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.

KeyTransportDecryptionKeyId string: The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when 'enabled is true.
Enabled bool: Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.

keyTransportDecryptionKeyId String: The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when 'enabled is true.
enabled Boolean: Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.

keyTransportDecryptionKeyId string: The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when 'enabled is true.
enabled boolean: Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.

key_transport_decryption_key_id str: The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when 'enabled is true.
enabled bool: Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.

keyTransportDecryptionKeyId String: The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when 'enabled is true.
enabled Boolean: Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.

FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration, FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs

LimitUserLinkCountEnabled bool: When enabled, the number of identity provider links a user may create is enforced by maximumLinks
LimitUserLinkCountMaximumLinks int: Determines if this provider is enabled. If it is false then it will be disabled globally.
TenantId string

LimitUserLinkCountEnabled bool: When enabled, the number of identity provider links a user may create is enforced by maximumLinks
LimitUserLinkCountMaximumLinks int: Determines if this provider is enabled. If it is false then it will be disabled globally.
TenantId string

limitUserLinkCountEnabled Boolean: When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks Integer: Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId String

limitUserLinkCountEnabled boolean: When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks number: Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId string

limit_user_link_count_enabled bool: When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limit_user_link_count_maximum_links int: Determines if this provider is enabled. If it is false then it will be disabled globally.
tenant_id str

limitUserLinkCountEnabled Boolean: When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks Number: Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId String

Package Details

Repository: fusionauth theogravity/pulumi-fusionauth
License: MIT
Notes: This Pulumi package is based on the fusionauth Terraform Provider.

FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity

theogravity/pulumi-fusionauth

fusionauth.FusionAuthIdpSamlV2IdpInitiated

On this page

On this page

Create FusionAuthIdpSamlV2IdpInitiated Resource

Constructor syntax

Parameters

Constructor example

FusionAuthIdpSamlV2IdpInitiated Resource Properties

Inputs

Outputs

Look up Existing FusionAuthIdpSamlV2IdpInitiated Resource

Supporting Types

FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration, FusionAuthIdpSamlV2IdpInitiatedApplicationConfigurationArgs

FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration, FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationArgs

FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption, FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryptionArgs

FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration, FusionAuthIdpSamlV2IdpInitiatedTenantConfigurationArgs

Package Details

On this page

On this page