1. Packages
  2. Keycloak Provider
  3. API Docs
  4. saml
  5. getClient
Viewing docs for Keycloak v6.10.0
published on Saturday, Feb 21, 2026 by Pulumi
Schema (JSON)
pulumi/pulumi-keycloak

keycloak.saml.getClient

keycloak logo
Viewing docs for Keycloak v6.10.0
published on Saturday, Feb 21, 2026 by Pulumi
Schema (JSON)
pulumi/pulumi-keycloak

    This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realmManagement = keycloak.saml.getClient({
    realmId: "my-realm",
    clientId: "realm-management",
});
// use the data source
const admin = realmManagement.then(realmManagement => keycloak.getRole({
    realmId: "my-realm",
    clientId: realmManagement.id,
    name: "realm-admin",
}));

    import pulumi
import pulumi_keycloak as keycloak

realm_management = keycloak.saml.get_client(realm_id="my-realm",
    client_id="realm-management")
# use the data source
admin = keycloak.get_role(realm_id="my-realm",
    client_id=realm_management.id,
    name="realm-admin")

    package main

import (
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realmManagement, err := saml.LookupClient(ctx, &saml.LookupClientArgs{
			RealmId:  "my-realm",
			ClientId: "realm-management",
		}, nil)
		if err != nil {
			return err
		}
		// use the data source
		_, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{
			RealmId:  "my-realm",
			ClientId: pulumi.StringRef(realmManagement.Id),
			Name:     "realm-admin",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;

return await Deployment.RunAsync(() => 
{
    var realmManagement = Keycloak.Saml.GetClient.Invoke(new()
    {
        RealmId = "my-realm",
        ClientId = "realm-management",
    });

    // use the data source
    var admin = Keycloak.GetRole.Invoke(new()
    {
        RealmId = "my-realm",
        ClientId = realmManagement.Apply(getClientResult => getClientResult.Id),
        Name = "realm-admin",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.saml.SamlFunctions;
import com.pulumi.keycloak.saml.inputs.GetClientArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var realmManagement = SamlFunctions.getClient(GetClientArgs.builder()
            .realmId("my-realm")
            .clientId("realm-management")
            .build());

        // use the data source
        final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()
            .realmId("my-realm")
            .clientId(realmManagement.id())
            .name("realm-admin")
            .build());

    }
}

    variables:
  realmManagement:
    fn::invoke:
      function: keycloak:saml:getClient
      arguments:
        realmId: my-realm
        clientId: realm-management
  # use the data source
  admin:
    fn::invoke:
      function: keycloak:getRole
      arguments:
        realmId: my-realm
        clientId: ${realmManagement.id}
        name: realm-admin

    Using getClient

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getClient(args: GetClientArgs, opts?: InvokeOptions): Promise<GetClientResult>
function getClientOutput(args: GetClientOutputArgs, opts?: InvokeOptions): Output<GetClientResult>
    def get_client(client_id: Optional[str] = None,
               realm_id: Optional[str] = None,
               opts: Optional[InvokeOptions] = None) -> GetClientResult
def get_client_output(client_id: Optional[pulumi.Input[str]] = None,
               realm_id: Optional[pulumi.Input[str]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetClientResult]
    func LookupClient(ctx *Context, args *LookupClientArgs, opts ...InvokeOption) (*LookupClientResult, error)
func LookupClientOutput(ctx *Context, args *LookupClientOutputArgs, opts ...InvokeOption) LookupClientResultOutput

    > Note: This function is named LookupClient in the Go SDK.

    public static class GetClient 
{
    public static Task<GetClientResult> InvokeAsync(GetClientArgs args, InvokeOptions? opts = null)
    public static Output<GetClientResult> Invoke(GetClientInvokeArgs args, InvokeOptions? opts = null)
}
    public static CompletableFuture<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
public static Output<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)

    fn::invoke:
  function: keycloak:saml/getClient:getClient
  arguments:
    # arguments dictionary

    The following arguments are supported:

    ClientId string
    The client id (not its unique ID).
    RealmId string
    The realm id.
    ClientId string
    The client id (not its unique ID).
    RealmId string
    The realm id.
    clientId String
    The client id (not its unique ID).
    realmId String
    The realm id.
    clientId string
    The client id (not its unique ID).
    realmId string
    The realm id.
    client_id str
    The client id (not its unique ID).
    realm_id str
    The realm id.
    clientId String
    The client id (not its unique ID).
    realmId String
    The realm id.

    getClient Result

    The following output properties are available:

    AlwaysDisplayInConsole bool
    AssertionConsumerPostUrl string
    AssertionConsumerRedirectUrl string
    AuthenticationFlowBindingOverrides List<GetClientAuthenticationFlowBindingOverride>
    BaseUrl string
    CanonicalizationMethod string
    ClientId string
    ClientSignatureRequired bool
    ConsentRequired bool
    Description string
    Enabled bool
    EncryptAssertions bool
    EncryptionAlgorithm string
    EncryptionCertificate string
    EncryptionCertificateSha1 string
    EncryptionDigestMethod string
    EncryptionKeyAlgorithm string
    EncryptionMaskGenerationFunction string
    ExtraConfig Dictionary<string, string>
    ForceNameIdFormat bool
    ForcePostBinding bool
    FrontChannelLogout bool
    FullScopeAllowed bool
    Id string
    The provider-assigned unique ID for this managed resource.
    IdpInitiatedSsoRelayState string
    IdpInitiatedSsoUrlName string
    IncludeAuthnStatement bool
    LoginTheme string
    LogoutServicePostBindingUrl string
    LogoutServiceRedirectBindingUrl string
    MasterSamlProcessingUrl string
    Name string
    NameIdFormat string
    RealmId string
    RootUrl string
    SamlSignatureKeyName string
    SignAssertions bool
    SignDocuments bool
    SignatureAlgorithm string
    SignatureKeyName string
    SigningCertificate string
    SigningCertificateSha1 string
    SigningPrivateKey string
    SigningPrivateKeySha1 string
    ValidRedirectUris List<string>
    AlwaysDisplayInConsole bool
    AssertionConsumerPostUrl string
    AssertionConsumerRedirectUrl string
    AuthenticationFlowBindingOverrides []GetClientAuthenticationFlowBindingOverride
    BaseUrl string
    CanonicalizationMethod string
    ClientId string
    ClientSignatureRequired bool
    ConsentRequired bool
    Description string
    Enabled bool
    EncryptAssertions bool
    EncryptionAlgorithm string
    EncryptionCertificate string
    EncryptionCertificateSha1 string
    EncryptionDigestMethod string
    EncryptionKeyAlgorithm string
    EncryptionMaskGenerationFunction string
    ExtraConfig map[string]string
    ForceNameIdFormat bool
    ForcePostBinding bool
    FrontChannelLogout bool
    FullScopeAllowed bool
    Id string
    The provider-assigned unique ID for this managed resource.
    IdpInitiatedSsoRelayState string
    IdpInitiatedSsoUrlName string
    IncludeAuthnStatement bool
    LoginTheme string
    LogoutServicePostBindingUrl string
    LogoutServiceRedirectBindingUrl string
    MasterSamlProcessingUrl string
    Name string
    NameIdFormat string
    RealmId string
    RootUrl string
    SamlSignatureKeyName string
    SignAssertions bool
    SignDocuments bool
    SignatureAlgorithm string
    SignatureKeyName string
    SigningCertificate string
    SigningCertificateSha1 string
    SigningPrivateKey string
    SigningPrivateKeySha1 string
    ValidRedirectUris []string
    alwaysDisplayInConsole Boolean
    assertionConsumerPostUrl String
    assertionConsumerRedirectUrl String
    authenticationFlowBindingOverrides List<GetClientAuthenticationFlowBindingOverride>
    baseUrl String
    canonicalizationMethod String
    clientId String
    clientSignatureRequired Boolean
    consentRequired Boolean
    description String
    enabled Boolean
    encryptAssertions Boolean
    encryptionAlgorithm String
    encryptionCertificate String
    encryptionCertificateSha1 String
    encryptionDigestMethod String
    encryptionKeyAlgorithm String
    encryptionMaskGenerationFunction String
    extraConfig Map<String,String>
    forceNameIdFormat Boolean
    forcePostBinding Boolean
    frontChannelLogout Boolean
    fullScopeAllowed Boolean
    id String
    The provider-assigned unique ID for this managed resource.
    idpInitiatedSsoRelayState String
    idpInitiatedSsoUrlName String
    includeAuthnStatement Boolean
    loginTheme String
    logoutServicePostBindingUrl String
    logoutServiceRedirectBindingUrl String
    masterSamlProcessingUrl String
    name String
    nameIdFormat String
    realmId String
    rootUrl String
    samlSignatureKeyName String
    signAssertions Boolean
    signDocuments Boolean
    signatureAlgorithm String
    signatureKeyName String
    signingCertificate String
    signingCertificateSha1 String
    signingPrivateKey String
    signingPrivateKeySha1 String
    validRedirectUris List<String>
    alwaysDisplayInConsole boolean
    assertionConsumerPostUrl string
    assertionConsumerRedirectUrl string
    authenticationFlowBindingOverrides GetClientAuthenticationFlowBindingOverride[]
    baseUrl string
    canonicalizationMethod string
    clientId string
    clientSignatureRequired boolean
    consentRequired boolean
    description string
    enabled boolean
    encryptAssertions boolean
    encryptionAlgorithm string
    encryptionCertificate string
    encryptionCertificateSha1 string
    encryptionDigestMethod string
    encryptionKeyAlgorithm string
    encryptionMaskGenerationFunction string
    extraConfig {[key: string]: string}
    forceNameIdFormat boolean
    forcePostBinding boolean
    frontChannelLogout boolean
    fullScopeAllowed boolean
    id string
    The provider-assigned unique ID for this managed resource.
    idpInitiatedSsoRelayState string
    idpInitiatedSsoUrlName string
    includeAuthnStatement boolean
    loginTheme string
    logoutServicePostBindingUrl string
    logoutServiceRedirectBindingUrl string
    masterSamlProcessingUrl string
    name string
    nameIdFormat string
    realmId string
    rootUrl string
    samlSignatureKeyName string
    signAssertions boolean
    signDocuments boolean
    signatureAlgorithm string
    signatureKeyName string
    signingCertificate string
    signingCertificateSha1 string
    signingPrivateKey string
    signingPrivateKeySha1 string
    validRedirectUris string[]
    always_display_in_console bool
    assertion_consumer_post_url str
    assertion_consumer_redirect_url str
    authentication_flow_binding_overrides Sequence[GetClientAuthenticationFlowBindingOverride]
    base_url str
    canonicalization_method str
    client_id str
    client_signature_required bool
    consent_required bool
    description str
    enabled bool
    encrypt_assertions bool
    encryption_algorithm str
    encryption_certificate str
    encryption_certificate_sha1 str
    encryption_digest_method str
    encryption_key_algorithm str
    encryption_mask_generation_function str
    extra_config Mapping[str, str]
    force_name_id_format bool
    force_post_binding bool
    front_channel_logout bool
    full_scope_allowed bool
    id str
    The provider-assigned unique ID for this managed resource.
    idp_initiated_sso_relay_state str
    idp_initiated_sso_url_name str
    include_authn_statement bool
    login_theme str
    logout_service_post_binding_url str
    logout_service_redirect_binding_url str
    master_saml_processing_url str
    name str
    name_id_format str
    realm_id str
    root_url str
    saml_signature_key_name str
    sign_assertions bool
    sign_documents bool
    signature_algorithm str
    signature_key_name str
    signing_certificate str
    signing_certificate_sha1 str
    signing_private_key str
    signing_private_key_sha1 str
    valid_redirect_uris Sequence[str]
    alwaysDisplayInConsole Boolean
    assertionConsumerPostUrl String
    assertionConsumerRedirectUrl String
    authenticationFlowBindingOverrides List<Property Map>
    baseUrl String
    canonicalizationMethod String
    clientId String
    clientSignatureRequired Boolean
    consentRequired Boolean
    description String
    enabled Boolean
    encryptAssertions Boolean
    encryptionAlgorithm String
    encryptionCertificate String
    encryptionCertificateSha1 String
    encryptionDigestMethod String
    encryptionKeyAlgorithm String
    encryptionMaskGenerationFunction String
    extraConfig Map<String>
    forceNameIdFormat Boolean
    forcePostBinding Boolean
    frontChannelLogout Boolean
    fullScopeAllowed Boolean
    id String
    The provider-assigned unique ID for this managed resource.
    idpInitiatedSsoRelayState String
    idpInitiatedSsoUrlName String
    includeAuthnStatement Boolean
    loginTheme String
    logoutServicePostBindingUrl String
    logoutServiceRedirectBindingUrl String
    masterSamlProcessingUrl String
    name String
    nameIdFormat String
    realmId String
    rootUrl String
    samlSignatureKeyName String
    signAssertions Boolean
    signDocuments Boolean
    signatureAlgorithm String
    signatureKeyName String
    signingCertificate String
    signingCertificateSha1 String
    signingPrivateKey String
    signingPrivateKeySha1 String
    validRedirectUris List<String>

    Supporting Types

    GetClientAuthenticationFlowBindingOverride

    Package Details

    Repository
    Keycloak pulumi/pulumi-keycloak
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the keycloak Terraform Provider.
    keycloak logo
    Viewing docs for Keycloak v6.10.0
    published on Saturday, Feb 21, 2026 by Pulumi
    Schema (JSON)
    pulumi/pulumi-keycloak
      Try Pulumi Cloud free. Your team will thank you.