1. Pulumi Registry
  2. Keycloak
  3. API Docs
  4. saml
  5. getClientInstallationProvider
keycloak logo
Keycloak v5.0.0, Jan 25 23

keycloak.saml.getClientInstallationProvider

This data source can be used to retrieve Installation Provider of a SAML Client.

Example Usage

In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.

using System.Collections.Generic;
using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;
using Keycloak = Pulumi.Keycloak;

return await Deployment.RunAsync(() => 
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
    });

    var samlClient = new Keycloak.Saml.Client("samlClient", new()
    {
        RealmId = realm.Id,
        ClientId = "test-saml-client",
        SignDocuments = false,
        SignAssertions = true,
        IncludeAuthnStatement = true,
        SigningCertificate = File.ReadAllText("saml-cert.pem"),
        SigningPrivateKey = File.ReadAllText("saml-key.pem"),
    });

    var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()
    {
        RealmId = realm.Id,
        ClientId = samlClient.Id,
        ProviderId = "saml-idp-descriptor",
    });

    var @default = new Aws.Iam.SamlProvider("default", new()
    {
        SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult => getClientInstallationProviderResult.Value),
    });

});

package main

import (
	"io/ioutil"

	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := ioutil.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{
			RealmId:               realm.ID(),
			ClientId:              pulumi.String("test-saml-client"),
			SignDocuments:         pulumi.Bool(false),
			SignAssertions:        pulumi.Bool(true),
			IncludeAuthnStatement: pulumi.Bool(true),
			SigningCertificate:    readFileOrPanic("saml-cert.pem"),
			SigningPrivateKey:     readFileOrPanic("saml-key.pem"),
		})
		if err != nil {
			return err
		}
		samlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{
			RealmId:    realm.ID(),
			ClientId:   samlClient.ID(),
			ProviderId: pulumi.String("saml-idp-descriptor"),
		}, nil)
		_, err = iam.NewSamlProvider(ctx, "default", &iam.SamlProviderArgs{
			SamlMetadataDocument: samlIdpDescriptor.ApplyT(func(samlIdpDescriptor saml.GetClientInstallationProviderResult) (*string, error) {
				return &samlIdpDescriptor.Value, nil
			}).(pulumi.StringPtrOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.saml.Client;
import com.pulumi.keycloak.saml.ClientArgs;
import com.pulumi.keycloak.saml.SamlFunctions;
import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;
import com.pulumi.aws.iam.SamlProvider;
import com.pulumi.aws.iam.SamlProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()        
            .realm("my-realm")
            .enabled(true)
            .build());

        var samlClient = new Client("samlClient", ClientArgs.builder()        
            .realmId(realm.id())
            .clientId("test-saml-client")
            .signDocuments(false)
            .signAssertions(true)
            .includeAuthnStatement(true)
            .signingCertificate(Files.readString(Paths.get("saml-cert.pem")))
            .signingPrivateKey(Files.readString(Paths.get("saml-key.pem")))
            .build());

        final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()
            .realmId(realm.id())
            .clientId(samlClient.id())
            .providerId("saml-idp-descriptor")
            .build());

        var default_ = new SamlProvider("default", SamlProviderArgs.builder()        
            .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult).applyValue(samlIdpDescriptor -> samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult.value())))
            .build());

    }
}

import pulumi
import pulumi_aws as aws
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
saml_client = keycloak.saml.Client("samlClient",
    realm_id=realm.id,
    client_id="test-saml-client",
    sign_documents=False,
    sign_assertions=True,
    include_authn_statement=True,
    signing_certificate=(lambda path: open(path).read())("saml-cert.pem"),
    signing_private_key=(lambda path: open(path).read())("saml-key.pem"))
saml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,
    client_id=saml_client.id,
    provider_id="saml-idp-descriptor")
default = aws.iam.SamlProvider("default", saml_metadata_document=saml_idp_descriptor.value)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const samlClient = new keycloak.saml.Client("samlClient", {
    realmId: realm.id,
    clientId: "test-saml-client",
    signDocuments: false,
    signAssertions: true,
    includeAuthnStatement: true,
    signingCertificate: fs.readFileSync("saml-cert.pem"),
    signingPrivateKey: fs.readFileSync("saml-key.pem"),
});
const samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({
    realmId: realm.id,
    clientId: samlClient.id,
    providerId: "saml-idp-descriptor",
});
const _default = new aws.iam.SamlProvider("default", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor => samlIdpDescriptor.value)});

resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  samlClient:
    type: keycloak:saml:Client
    properties:
      realmId: ${realm.id}
      clientId: test-saml-client
      signDocuments: false
      signAssertions: true
      includeAuthnStatement: true
      signingCertificate:
        fn::readFile: saml-cert.pem
      signingPrivateKey:
        fn::readFile: saml-key.pem
  default:
    type: aws:iam:SamlProvider
    properties:
      samlMetadataDocument: ${samlIdpDescriptor.value}
variables:
  samlIdpDescriptor:
    fn::invoke:
      Function: keycloak:saml:getClientInstallationProvider
      Arguments:
        realmId: ${realm.id}
        clientId: ${samlClient.id}
        providerId: saml-idp-descriptor

Using getClientInstallationProvider

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getClientInstallationProvider(args: GetClientInstallationProviderArgs, opts?: InvokeOptions): Promise<GetClientInstallationProviderResult>
function getClientInstallationProviderOutput(args: GetClientInstallationProviderOutputArgs, opts?: InvokeOptions): Output<GetClientInstallationProviderResult>
def get_client_installation_provider(client_id: Optional[str] = None,
                                     provider_id: Optional[str] = None,
                                     realm_id: Optional[str] = None,
                                     opts: Optional[InvokeOptions] = None) -> GetClientInstallationProviderResult
def get_client_installation_provider_output(client_id: Optional[pulumi.Input[str]] = None,
                                     provider_id: Optional[pulumi.Input[str]] = None,
                                     realm_id: Optional[pulumi.Input[str]] = None,
                                     opts: Optional[InvokeOptions] = None) -> Output[GetClientInstallationProviderResult]
func GetClientInstallationProvider(ctx *Context, args *GetClientInstallationProviderArgs, opts ...InvokeOption) (*GetClientInstallationProviderResult, error)
func GetClientInstallationProviderOutput(ctx *Context, args *GetClientInstallationProviderOutputArgs, opts ...InvokeOption) GetClientInstallationProviderResultOutput

> Note: This function is named GetClientInstallationProvider in the Go SDK.

public static class GetClientInstallationProvider 
{
    public static Task<GetClientInstallationProviderResult> InvokeAsync(GetClientInstallationProviderArgs args, InvokeOptions? opts = null)
    public static Output<GetClientInstallationProviderResult> Invoke(GetClientInstallationProviderInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetClientInstallationProviderResult> getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: keycloak:saml/getClientInstallationProvider:getClientInstallationProvider
  arguments:
    # arguments dictionary

The following arguments are supported:

ClientId string

The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.

ProviderId string

The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.

RealmId string

The realm that the SAML client exists within.

ClientId string

The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.

ProviderId string

The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.

RealmId string

The realm that the SAML client exists within.

clientId String

The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.

providerId String

The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.

realmId String

The realm that the SAML client exists within.

clientId string

The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.

providerId string

The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.

realmId string

The realm that the SAML client exists within.

client_id str

The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.

provider_id str

The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.

realm_id str

The realm that the SAML client exists within.

clientId String

The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.

providerId String

The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.

realmId String

The realm that the SAML client exists within.

getClientInstallationProvider Result

The following output properties are available:

ClientId string
Id string

The provider-assigned unique ID for this managed resource.

ProviderId string
RealmId string
Value string

(Computed) The returned document needed for SAML installation.

ClientId string
Id string

The provider-assigned unique ID for this managed resource.

ProviderId string
RealmId string
Value string

(Computed) The returned document needed for SAML installation.

clientId String
id String

The provider-assigned unique ID for this managed resource.

providerId String
realmId String
value String

(Computed) The returned document needed for SAML installation.

clientId string
id string

The provider-assigned unique ID for this managed resource.

providerId string
realmId string
value string

(Computed) The returned document needed for SAML installation.

client_id str
id str

The provider-assigned unique ID for this managed resource.

provider_id str
realm_id str
value str

(Computed) The returned document needed for SAML installation.

clientId String
id String

The provider-assigned unique ID for this managed resource.

providerId String
realmId String
value String

(Computed) The returned document needed for SAML installation.

Package Details

Repository
Keycloak pulumi/pulumi-keycloak
License
Apache-2.0
Notes

This Pulumi package is based on the keycloak Terraform Provider.