Viewing docs for Keycloak v6.10.0
published on Saturday, Feb 21, 2026 by Pulumi
published on Saturday, Feb 21, 2026 by Pulumi
Viewing docs for Keycloak v6.10.0
published on Saturday, Feb 21, 2026 by Pulumi
published on Saturday, Feb 21, 2026 by Pulumi
This data source can be used to retrieve Installation Provider of a SAML Client.
Example Usage
In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as keycloak from "@pulumi/keycloak";
import * as std from "@pulumi/std";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const samlClient = new keycloak.saml.Client("saml_client", {
realmId: realm.id,
clientId: "test-saml-client",
name: "test-saml-client",
signDocuments: false,
signAssertions: true,
includeAuthnStatement: true,
signingCertificate: std.index.file({
input: "saml-cert.pem",
}).result,
signingPrivateKey: std.index.file({
input: "saml-key.pem",
}).result,
});
const samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({
realmId: realm.id,
clientId: samlClient.id,
providerId: "saml-idp-descriptor",
});
const _default = new aws.index.IamSamlProvider("default", {
name: "myprovider",
samlMetadataDocument: samlIdpDescriptor.value,
});
import pulumi
import pulumi_aws as aws
import pulumi_keycloak as keycloak
import pulumi_std as std
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
saml_client = keycloak.saml.Client("saml_client",
realm_id=realm.id,
client_id="test-saml-client",
name="test-saml-client",
sign_documents=False,
sign_assertions=True,
include_authn_statement=True,
signing_certificate=std.index.file(input="saml-cert.pem")["result"],
signing_private_key=std.index.file(input="saml-key.pem")["result"])
saml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,
client_id=saml_client.id,
provider_id="saml-idp-descriptor")
default = aws.index.IamSamlProvider("default",
name=myprovider,
saml_metadata_document=saml_idp_descriptor.value)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
invokeFile, err := std.File(ctx, map[string]interface{}{
"input": "saml-cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, map[string]interface{}{
"input": "saml-key.pem",
}, nil)
if err != nil {
return err
}
samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("test-saml-client"),
Name: pulumi.String("test-saml-client"),
SignDocuments: pulumi.Bool(false),
SignAssertions: pulumi.Bool(true),
IncludeAuthnStatement: pulumi.Bool(true),
SigningCertificate: invokeFile.Result,
SigningPrivateKey: invokeFile1.Result,
})
if err != nil {
return err
}
samlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{
RealmId: realm.ID(),
ClientId: samlClient.ID(),
ProviderId: pulumi.String("saml-idp-descriptor"),
}, nil)
_, err = aws.NewIamSamlProvider(ctx, "default", &aws.IamSamlProviderArgs{
Name: "myprovider",
SamlMetadataDocument: samlIdpDescriptor.Value,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Keycloak = Pulumi.Keycloak;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var samlClient = new Keycloak.Saml.Client("saml_client", new()
{
RealmId = realm.Id,
ClientId = "test-saml-client",
Name = "test-saml-client",
SignDocuments = false,
SignAssertions = true,
IncludeAuthnStatement = true,
SigningCertificate = Std.Index.File.Invoke(new()
{
Input = "saml-cert.pem",
}).Result,
SigningPrivateKey = Std.Index.File.Invoke(new()
{
Input = "saml-key.pem",
}).Result,
});
var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()
{
RealmId = realm.Id,
ClientId = samlClient.Id,
ProviderId = "saml-idp-descriptor",
});
var @default = new Aws.Index.IamSamlProvider("default", new()
{
Name = "myprovider",
SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult => getClientInstallationProviderResult.Value),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.saml.Client;
import com.pulumi.keycloak.saml.ClientArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.keycloak.saml.SamlFunctions;
import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;
import com.pulumi.aws.IamSamlProvider;
import com.pulumi.aws.IamSamlProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var samlClient = new Client("samlClient", ClientArgs.builder()
.realmId(realm.id())
.clientId("test-saml-client")
.name("test-saml-client")
.signDocuments(false)
.signAssertions(true)
.includeAuthnStatement(true)
.signingCertificate(StdFunctions.file(Map.of("input", "saml-cert.pem")).result())
.signingPrivateKey(StdFunctions.file(Map.of("input", "saml-key.pem")).result())
.build());
final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()
.realmId(realm.id())
.clientId(samlClient.id())
.providerId("saml-idp-descriptor")
.build());
var default_ = new IamSamlProvider("default", IamSamlProviderArgs.builder()
.name("myprovider")
.samlMetadataDocument(samlIdpDescriptor.value())
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
samlClient:
type: keycloak:saml:Client
name: saml_client
properties:
realmId: ${realm.id}
clientId: test-saml-client
name: test-saml-client
signDocuments: false
signAssertions: true
includeAuthnStatement: true
signingCertificate:
fn::invoke:
function: std:file
arguments:
input: saml-cert.pem
return: result
signingPrivateKey:
fn::invoke:
function: std:file
arguments:
input: saml-key.pem
return: result
default:
type: aws:IamSamlProvider
properties:
name: myprovider
samlMetadataDocument: ${samlIdpDescriptor.value}
variables:
samlIdpDescriptor:
fn::invoke:
function: keycloak:saml:getClientInstallationProvider
arguments:
realmId: ${realm.id}
clientId: ${samlClient.id}
providerId: saml-idp-descriptor
Using getClientInstallationProvider
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getClientInstallationProvider(args: GetClientInstallationProviderArgs, opts?: InvokeOptions): Promise<GetClientInstallationProviderResult>
function getClientInstallationProviderOutput(args: GetClientInstallationProviderOutputArgs, opts?: InvokeOptions): Output<GetClientInstallationProviderResult>def get_client_installation_provider(client_id: Optional[str] = None,
provider_id: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetClientInstallationProviderResult
def get_client_installation_provider_output(client_id: Optional[pulumi.Input[str]] = None,
provider_id: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetClientInstallationProviderResult]func GetClientInstallationProvider(ctx *Context, args *GetClientInstallationProviderArgs, opts ...InvokeOption) (*GetClientInstallationProviderResult, error)
func GetClientInstallationProviderOutput(ctx *Context, args *GetClientInstallationProviderOutputArgs, opts ...InvokeOption) GetClientInstallationProviderResultOutput> Note: This function is named GetClientInstallationProvider in the Go SDK.
public static class GetClientInstallationProvider
{
public static Task<GetClientInstallationProviderResult> InvokeAsync(GetClientInstallationProviderArgs args, InvokeOptions? opts = null)
public static Output<GetClientInstallationProviderResult> Invoke(GetClientInstallationProviderInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetClientInstallationProviderResult> getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options)
public static Output<GetClientInstallationProviderResult> getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options)
fn::invoke:
function: keycloak:saml/getClientInstallationProvider:getClientInstallationProvider
arguments:
# arguments dictionaryThe following arguments are supported:
- Client
Id string - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - Provider
Id string - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - Realm
Id string - The realm that the SAML client exists within.
- Client
Id string - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - Provider
Id string - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - Realm
Id string - The realm that the SAML client exists within.
- client
Id String - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - provider
Id String - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - realm
Id String - The realm that the SAML client exists within.
- client
Id string - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - provider
Id string - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - realm
Id string - The realm that the SAML client exists within.
- client_
id str - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - provider_
id str - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - realm_
id str - The realm that the SAML client exists within.
- client
Id String - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - provider
Id String - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - realm
Id String - The realm that the SAML client exists within.
getClientInstallationProvider Result
The following output properties are available:
- Client
Id string - Id string
- The provider-assigned unique ID for this managed resource.
- Provider
Id string - Realm
Id string - Value string
- (Computed) The returned document needed for SAML installation.
- Client
Id string - Id string
- The provider-assigned unique ID for this managed resource.
- Provider
Id string - Realm
Id string - Value string
- (Computed) The returned document needed for SAML installation.
- client
Id String - id String
- The provider-assigned unique ID for this managed resource.
- provider
Id String - realm
Id String - value String
- (Computed) The returned document needed for SAML installation.
- client
Id string - id string
- The provider-assigned unique ID for this managed resource.
- provider
Id string - realm
Id string - value string
- (Computed) The returned document needed for SAML installation.
- client_
id str - id str
- The provider-assigned unique ID for this managed resource.
- provider_
id str - realm_
id str - value str
- (Computed) The returned document needed for SAML installation.
- client
Id String - id String
- The provider-assigned unique ID for this managed resource.
- provider
Id String - realm
Id String - value String
- (Computed) The returned document needed for SAML installation.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.
Viewing docs for Keycloak v6.10.0
published on Saturday, Feb 21, 2026 by Pulumi
published on Saturday, Feb 21, 2026 by Pulumi
