Docs Home
Keycloak v6.4.0 published on Wednesday, Apr 16, 2025 by Pulumi
keycloak.saml.getClient
Explore with Pulumi AI
This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realmManagement = keycloak.saml.getClient({
realmId: "my-realm",
clientId: "realm-management",
});
// use the data source
const admin = realmManagement.then(realmManagement => keycloak.getRole({
realmId: "my-realm",
clientId: realmManagement.id,
name: "realm-admin",
}));
import pulumi
import pulumi_keycloak as keycloak
realm_management = keycloak.saml.get_client(realm_id="my-realm",
client_id="realm-management")
# use the data source
admin = keycloak.get_role(realm_id="my-realm",
client_id=realm_management.id,
name="realm-admin")
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realmManagement, err := saml.LookupClient(ctx, &saml.LookupClientArgs{
RealmId: "my-realm",
ClientId: "realm-management",
}, nil)
if err != nil {
return err
}
// use the data source
_, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{
RealmId: "my-realm",
ClientId: pulumi.StringRef(realmManagement.Id),
Name: "realm-admin",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realmManagement = Keycloak.Saml.GetClient.Invoke(new()
{
RealmId = "my-realm",
ClientId = "realm-management",
});
// use the data source
var admin = Keycloak.GetRole.Invoke(new()
{
RealmId = "my-realm",
ClientId = realmManagement.Apply(getClientResult => getClientResult.Id),
Name = "realm-admin",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.saml.SamlFunctions;
import com.pulumi.keycloak.saml.inputs.GetClientArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var realmManagement = SamlFunctions.getClient(GetClientArgs.builder()
.realmId("my-realm")
.clientId("realm-management")
.build());
// use the data source
final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()
.realmId("my-realm")
.clientId(realmManagement.id())
.name("realm-admin")
.build());
}
}
variables:
realmManagement:
fn::invoke:
function: keycloak:saml:getClient
arguments:
realmId: my-realm
clientId: realm-management
# use the data source
admin:
fn::invoke:
function: keycloak:getRole
arguments:
realmId: my-realm
clientId: ${realmManagement.id}
name: realm-admin
Using getClient
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getClient(args: GetClientArgs, opts?: InvokeOptions): Promise<GetClientResult>
function getClientOutput(args: GetClientOutputArgs, opts?: InvokeOptions): Output<GetClientResult>def get_client(client_id: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetClientResult
def get_client_output(client_id: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetClientResult]func LookupClient(ctx *Context, args *LookupClientArgs, opts ...InvokeOption) (*LookupClientResult, error)
func LookupClientOutput(ctx *Context, args *LookupClientOutputArgs, opts ...InvokeOption) LookupClientResultOutput> Note: This function is named LookupClient in the Go SDK.
public static class GetClient
{
public static Task<GetClientResult> InvokeAsync(GetClientArgs args, InvokeOptions? opts = null)
public static Output<GetClientResult> Invoke(GetClientInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
public static Output<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
fn::invoke:
function: keycloak:saml/getClient:getClient
arguments:
# arguments dictionaryThe following arguments are supported:
getClient Result
The following output properties are available:
- Always
Display boolIn Console - Assertion
Consumer stringPost Url - Assertion
Consumer stringRedirect Url - Authentication
Flow List<GetBinding Overrides Client Authentication Flow Binding Override> - Base
Url string - Canonicalization
Method string - Client
Id string - Client
Signature boolRequired - Consent
Required bool - Description string
- Enabled bool
- Encrypt
Assertions bool - Encryption
Certificate string - Encryption
Certificate stringSha1 - Extra
Config Dictionary<string, string> - Force
Name boolId Format - Force
Post boolBinding - Front
Channel boolLogout - Full
Scope boolAllowed - Id string
- The provider-assigned unique ID for this managed resource.
- Idp
Initiated stringSso Relay State - Idp
Initiated stringSso Url Name - Include
Authn boolStatement - Login
Theme string - Logout
Service stringPost Binding Url - Logout
Service stringRedirect Binding Url - Master
Saml stringProcessing Url - Name string
- Name
Id stringFormat - Realm
Id string - Root
Url string - Saml
Signature stringKey Name - Sign
Assertions bool - Sign
Documents bool - Signature
Algorithm string - Signature
Key stringName - Signing
Certificate string - Signing
Certificate stringSha1 - Signing
Private stringKey - Signing
Private stringKey Sha1 - Valid
Redirect List<string>Uris
- Always
Display boolIn Console - Assertion
Consumer stringPost Url - Assertion
Consumer stringRedirect Url - Authentication
Flow []GetBinding Overrides Client Authentication Flow Binding Override - Base
Url string - Canonicalization
Method string - Client
Id string - Client
Signature boolRequired - Consent
Required bool - Description string
- Enabled bool
- Encrypt
Assertions bool - Encryption
Certificate string - Encryption
Certificate stringSha1 - Extra
Config map[string]string - Force
Name boolId Format - Force
Post boolBinding - Front
Channel boolLogout - Full
Scope boolAllowed - Id string
- The provider-assigned unique ID for this managed resource.
- Idp
Initiated stringSso Relay State - Idp
Initiated stringSso Url Name - Include
Authn boolStatement - Login
Theme string - Logout
Service stringPost Binding Url - Logout
Service stringRedirect Binding Url - Master
Saml stringProcessing Url - Name string
- Name
Id stringFormat - Realm
Id string - Root
Url string - Saml
Signature stringKey Name - Sign
Assertions bool - Sign
Documents bool - Signature
Algorithm string - Signature
Key stringName - Signing
Certificate string - Signing
Certificate stringSha1 - Signing
Private stringKey - Signing
Private stringKey Sha1 - Valid
Redirect []stringUris
- always
Display BooleanIn Console - assertion
Consumer StringPost Url - assertion
Consumer StringRedirect Url - authentication
Flow List<GetBinding Overrides Client Authentication Flow Binding Override> - base
Url String - canonicalization
Method String - client
Id String - client
Signature BooleanRequired - consent
Required Boolean - description String
- enabled Boolean
- encrypt
Assertions Boolean - encryption
Certificate String - encryption
Certificate StringSha1 - extra
Config Map<String,String> - force
Name BooleanId Format - force
Post BooleanBinding - front
Channel BooleanLogout - full
Scope BooleanAllowed - id String
- The provider-assigned unique ID for this managed resource.
- idp
Initiated StringSso Relay State - idp
Initiated StringSso Url Name - include
Authn BooleanStatement - login
Theme String - logout
Service StringPost Binding Url - logout
Service StringRedirect Binding Url - master
Saml StringProcessing Url - name String
- name
Id StringFormat - realm
Id String - root
Url String - saml
Signature StringKey Name - sign
Assertions Boolean - sign
Documents Boolean - signature
Algorithm String - signature
Key StringName - signing
Certificate String - signing
Certificate StringSha1 - signing
Private StringKey - signing
Private StringKey Sha1 - valid
Redirect List<String>Uris
- always
Display booleanIn Console - assertion
Consumer stringPost Url - assertion
Consumer stringRedirect Url - authentication
Flow GetBinding Overrides Client Authentication Flow Binding Override[] - base
Url string - canonicalization
Method string - client
Id string - client
Signature booleanRequired - consent
Required boolean - description string
- enabled boolean
- encrypt
Assertions boolean - encryption
Certificate string - encryption
Certificate stringSha1 - extra
Config {[key: string]: string} - force
Name booleanId Format - force
Post booleanBinding - front
Channel booleanLogout - full
Scope booleanAllowed - id string
- The provider-assigned unique ID for this managed resource.
- idp
Initiated stringSso Relay State - idp
Initiated stringSso Url Name - include
Authn booleanStatement - login
Theme string - logout
Service stringPost Binding Url - logout
Service stringRedirect Binding Url - master
Saml stringProcessing Url - name string
- name
Id stringFormat - realm
Id string - root
Url string - saml
Signature stringKey Name - sign
Assertions boolean - sign
Documents boolean - signature
Algorithm string - signature
Key stringName - signing
Certificate string - signing
Certificate stringSha1 - signing
Private stringKey - signing
Private stringKey Sha1 - valid
Redirect string[]Uris
- always_
display_ boolin_ console - assertion_
consumer_ strpost_ url - assertion_
consumer_ strredirect_ url - authentication_
flow_ Sequence[Getbinding_ overrides Client Authentication Flow Binding Override] - base_
url str - canonicalization_
method str - client_
id str - client_
signature_ boolrequired - consent_
required bool - description str
- enabled bool
- encrypt_
assertions bool - encryption_
certificate str - encryption_
certificate_ strsha1 - extra_
config Mapping[str, str] - force_
name_ boolid_ format - force_
post_ boolbinding - front_
channel_ boollogout - full_
scope_ boolallowed - id str
- The provider-assigned unique ID for this managed resource.
- idp_
initiated_ strsso_ relay_ state - idp_
initiated_ strsso_ url_ name - include_
authn_ boolstatement - login_
theme str - logout_
service_ strpost_ binding_ url - logout_
service_ strredirect_ binding_ url - master_
saml_ strprocessing_ url - name str
- name_
id_ strformat - realm_
id str - root_
url str - saml_
signature_ strkey_ name - sign_
assertions bool - sign_
documents bool - signature_
algorithm str - signature_
key_ strname - signing_
certificate str - signing_
certificate_ strsha1 - signing_
private_ strkey - signing_
private_ strkey_ sha1 - valid_
redirect_ Sequence[str]uris
- always
Display BooleanIn Console - assertion
Consumer StringPost Url - assertion
Consumer StringRedirect Url - authentication
Flow List<Property Map>Binding Overrides - base
Url String - canonicalization
Method String - client
Id String - client
Signature BooleanRequired - consent
Required Boolean - description String
- enabled Boolean
- encrypt
Assertions Boolean - encryption
Certificate String - encryption
Certificate StringSha1 - extra
Config Map<String> - force
Name BooleanId Format - force
Post BooleanBinding - front
Channel BooleanLogout - full
Scope BooleanAllowed - id String
- The provider-assigned unique ID for this managed resource.
- idp
Initiated StringSso Relay State - idp
Initiated StringSso Url Name - include
Authn BooleanStatement - login
Theme String - logout
Service StringPost Binding Url - logout
Service StringRedirect Binding Url - master
Saml StringProcessing Url - name String
- name
Id StringFormat - realm
Id String - root
Url String - saml
Signature StringKey Name - sign
Assertions Boolean - sign
Documents Boolean - signature
Algorithm String - signature
Key StringName - signing
Certificate String - signing
Certificate StringSha1 - signing
Private StringKey - signing
Private StringKey Sha1 - valid
Redirect List<String>Uris
Supporting Types
GetClientAuthenticationFlowBindingOverride
- Browser
Id string - Direct
Grant stringId
- Browser
Id string - Direct
Grant stringId
- browser
Id String - direct
Grant StringId
- browser
Id string - direct
Grant stringId
- browser_
id str - direct_
grant_ strid
- browser
Id String - direct
Grant StringId
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.