keycloak.saml.getClientInstallationProvider
Explore with Pulumi AI
This data source can be used to retrieve Installation Provider of a SAML Client.
Example Usage
In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.
using System.Collections.Generic;
using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var samlClient = new Keycloak.Saml.Client("samlClient", new()
{
RealmId = realm.Id,
ClientId = "test-saml-client",
SignDocuments = false,
SignAssertions = true,
IncludeAuthnStatement = true,
SigningCertificate = File.ReadAllText("saml-cert.pem"),
SigningPrivateKey = File.ReadAllText("saml-key.pem"),
});
var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()
{
RealmId = realm.Id,
ClientId = samlClient.Id,
ProviderId = "saml-idp-descriptor",
});
var @default = new Aws.Iam.SamlProvider("default", new()
{
SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult => getClientInstallationProviderResult.Value),
});
});
package main
import (
"os"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("test-saml-client"),
SignDocuments: pulumi.Bool(false),
SignAssertions: pulumi.Bool(true),
IncludeAuthnStatement: pulumi.Bool(true),
SigningCertificate: readFileOrPanic("saml-cert.pem"),
SigningPrivateKey: readFileOrPanic("saml-key.pem"),
})
if err != nil {
return err
}
samlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{
RealmId: realm.ID(),
ClientId: samlClient.ID(),
ProviderId: pulumi.String("saml-idp-descriptor"),
}, nil)
_, err = iam.NewSamlProvider(ctx, "default", &iam.SamlProviderArgs{
SamlMetadataDocument: samlIdpDescriptor.ApplyT(func(samlIdpDescriptor saml.GetClientInstallationProviderResult) (*string, error) {
return &samlIdpDescriptor.Value, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.saml.Client;
import com.pulumi.keycloak.saml.ClientArgs;
import com.pulumi.keycloak.saml.SamlFunctions;
import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;
import com.pulumi.aws.iam.SamlProvider;
import com.pulumi.aws.iam.SamlProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var samlClient = new Client("samlClient", ClientArgs.builder()
.realmId(realm.id())
.clientId("test-saml-client")
.signDocuments(false)
.signAssertions(true)
.includeAuthnStatement(true)
.signingCertificate(Files.readString(Paths.get("saml-cert.pem")))
.signingPrivateKey(Files.readString(Paths.get("saml-key.pem")))
.build());
final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()
.realmId(realm.id())
.clientId(samlClient.id())
.providerId("saml-idp-descriptor")
.build());
var default_ = new SamlProvider("default", SamlProviderArgs.builder()
.samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult).applyValue(samlIdpDescriptor -> samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult.value())))
.build());
}
}
import pulumi
import pulumi_aws as aws
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
saml_client = keycloak.saml.Client("samlClient",
realm_id=realm.id,
client_id="test-saml-client",
sign_documents=False,
sign_assertions=True,
include_authn_statement=True,
signing_certificate=(lambda path: open(path).read())("saml-cert.pem"),
signing_private_key=(lambda path: open(path).read())("saml-key.pem"))
saml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,
client_id=saml_client.id,
provider_id="saml-idp-descriptor")
default = aws.iam.SamlProvider("default", saml_metadata_document=saml_idp_descriptor.value)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const samlClient = new keycloak.saml.Client("samlClient", {
realmId: realm.id,
clientId: "test-saml-client",
signDocuments: false,
signAssertions: true,
includeAuthnStatement: true,
signingCertificate: fs.readFileSync("saml-cert.pem"),
signingPrivateKey: fs.readFileSync("saml-key.pem"),
});
const samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({
realmId: realm.id,
clientId: samlClient.id,
providerId: "saml-idp-descriptor",
});
const _default = new aws.iam.SamlProvider("default", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor => samlIdpDescriptor.value)});
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
samlClient:
type: keycloak:saml:Client
properties:
realmId: ${realm.id}
clientId: test-saml-client
signDocuments: false
signAssertions: true
includeAuthnStatement: true
signingCertificate:
fn::readFile: saml-cert.pem
signingPrivateKey:
fn::readFile: saml-key.pem
default:
type: aws:iam:SamlProvider
properties:
samlMetadataDocument: ${samlIdpDescriptor.value}
variables:
samlIdpDescriptor:
fn::invoke:
Function: keycloak:saml:getClientInstallationProvider
Arguments:
realmId: ${realm.id}
clientId: ${samlClient.id}
providerId: saml-idp-descriptor
Using getClientInstallationProvider
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getClientInstallationProvider(args: GetClientInstallationProviderArgs, opts?: InvokeOptions): Promise<GetClientInstallationProviderResult>
function getClientInstallationProviderOutput(args: GetClientInstallationProviderOutputArgs, opts?: InvokeOptions): Output<GetClientInstallationProviderResult>
def get_client_installation_provider(client_id: Optional[str] = None,
provider_id: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetClientInstallationProviderResult
def get_client_installation_provider_output(client_id: Optional[pulumi.Input[str]] = None,
provider_id: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetClientInstallationProviderResult]
func GetClientInstallationProvider(ctx *Context, args *GetClientInstallationProviderArgs, opts ...InvokeOption) (*GetClientInstallationProviderResult, error)
func GetClientInstallationProviderOutput(ctx *Context, args *GetClientInstallationProviderOutputArgs, opts ...InvokeOption) GetClientInstallationProviderResultOutput
> Note: This function is named GetClientInstallationProvider
in the Go SDK.
public static class GetClientInstallationProvider
{
public static Task<GetClientInstallationProviderResult> InvokeAsync(GetClientInstallationProviderArgs args, InvokeOptions? opts = null)
public static Output<GetClientInstallationProviderResult> Invoke(GetClientInstallationProviderInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetClientInstallationProviderResult> getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: keycloak:saml/getClientInstallationProvider:getClientInstallationProvider
arguments:
# arguments dictionary
The following arguments are supported:
- Client
Id string The ID of the SAML client. The
id
attribute of akeycloak_client
resource should be used here.- Provider
Id string The ID of the SAML installation provider. Could be one of
saml-idp-descriptor
,keycloak-saml
,saml-sp-descriptor
,keycloak-saml-subsystem
,mod-auth-mellon
, etc.- Realm
Id string The realm that the SAML client exists within.
- Client
Id string The ID of the SAML client. The
id
attribute of akeycloak_client
resource should be used here.- Provider
Id string The ID of the SAML installation provider. Could be one of
saml-idp-descriptor
,keycloak-saml
,saml-sp-descriptor
,keycloak-saml-subsystem
,mod-auth-mellon
, etc.- Realm
Id string The realm that the SAML client exists within.
- client
Id String The ID of the SAML client. The
id
attribute of akeycloak_client
resource should be used here.- provider
Id String The ID of the SAML installation provider. Could be one of
saml-idp-descriptor
,keycloak-saml
,saml-sp-descriptor
,keycloak-saml-subsystem
,mod-auth-mellon
, etc.- realm
Id String The realm that the SAML client exists within.
- client
Id string The ID of the SAML client. The
id
attribute of akeycloak_client
resource should be used here.- provider
Id string The ID of the SAML installation provider. Could be one of
saml-idp-descriptor
,keycloak-saml
,saml-sp-descriptor
,keycloak-saml-subsystem
,mod-auth-mellon
, etc.- realm
Id string The realm that the SAML client exists within.
- client_
id str The ID of the SAML client. The
id
attribute of akeycloak_client
resource should be used here.- provider_
id str The ID of the SAML installation provider. Could be one of
saml-idp-descriptor
,keycloak-saml
,saml-sp-descriptor
,keycloak-saml-subsystem
,mod-auth-mellon
, etc.- realm_
id str The realm that the SAML client exists within.
- client
Id String The ID of the SAML client. The
id
attribute of akeycloak_client
resource should be used here.- provider
Id String The ID of the SAML installation provider. Could be one of
saml-idp-descriptor
,keycloak-saml
,saml-sp-descriptor
,keycloak-saml-subsystem
,mod-auth-mellon
, etc.- realm
Id String The realm that the SAML client exists within.
getClientInstallationProvider Result
The following output properties are available:
- Client
Id string - Id string
The provider-assigned unique ID for this managed resource.
- Provider
Id string - Realm
Id string - Value string
(Computed) The returned document needed for SAML installation.
- Client
Id string - Id string
The provider-assigned unique ID for this managed resource.
- Provider
Id string - Realm
Id string - Value string
(Computed) The returned document needed for SAML installation.
- client
Id String - id String
The provider-assigned unique ID for this managed resource.
- provider
Id String - realm
Id String - value String
(Computed) The returned document needed for SAML installation.
- client
Id string - id string
The provider-assigned unique ID for this managed resource.
- provider
Id string - realm
Id string - value string
(Computed) The returned document needed for SAML installation.
- client_
id str - id str
The provider-assigned unique ID for this managed resource.
- provider_
id str - realm_
id str - value str
(Computed) The returned document needed for SAML installation.
- client
Id String - id String
The provider-assigned unique ID for this managed resource.
- provider
Id String - realm
Id String - value String
(Computed) The returned document needed for SAML installation.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
keycloak
Terraform Provider.