Docs Packages
  1. Packages
  2. Keycloak
  3. API Docs
  4. saml
  5. getClientInstallationProvider
Keycloak v5.3.1 published on Monday, Mar 11, 2024 by Pulumi
pulumi/pulumi-keycloak

keycloak.saml.getClientInstallationProvider

Explore with Pulumi AI

keycloak logo
Keycloak v5.3.1 published on Monday, Mar 11, 2024 by Pulumi
pulumi/pulumi-keycloak

    This data source can be used to retrieve Installation Provider of a SAML Client.

    Example Usage

    In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const samlClient = new keycloak.saml.Client("samlClient", {
    realmId: realm.id,
    clientId: "test-saml-client",
    signDocuments: false,
    signAssertions: true,
    includeAuthnStatement: true,
    signingCertificate: fs.readFileSync("saml-cert.pem", "utf8"),
    signingPrivateKey: fs.readFileSync("saml-key.pem", "utf8"),
});
const samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({
    realmId: realm.id,
    clientId: samlClient.id,
    providerId: "saml-idp-descriptor",
});
const _default = new aws.iam.SamlProvider("default", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor => samlIdpDescriptor.value)});

    import pulumi
import pulumi_aws as aws
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
saml_client = keycloak.saml.Client("samlClient",
    realm_id=realm.id,
    client_id="test-saml-client",
    sign_documents=False,
    sign_assertions=True,
    include_authn_statement=True,
    signing_certificate=(lambda path: open(path).read())("saml-cert.pem"),
    signing_private_key=(lambda path: open(path).read())("saml-key.pem"))
saml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,
    client_id=saml_client.id,
    provider_id="saml-idp-descriptor")
default = aws.iam.SamlProvider("default", saml_metadata_document=saml_idp_descriptor.value)

    package main

import (
	"os"

	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{
			RealmId:               realm.ID(),
			ClientId:              pulumi.String("test-saml-client"),
			SignDocuments:         pulumi.Bool(false),
			SignAssertions:        pulumi.Bool(true),
			IncludeAuthnStatement: pulumi.Bool(true),
			SigningCertificate:    readFileOrPanic("saml-cert.pem"),
			SigningPrivateKey:     readFileOrPanic("saml-key.pem"),
		})
		if err != nil {
			return err
		}
		samlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{
			RealmId:    realm.ID(),
			ClientId:   samlClient.ID(),
			ProviderId: pulumi.String("saml-idp-descriptor"),
		}, nil)
		_, err = iam.NewSamlProvider(ctx, "default", &iam.SamlProviderArgs{
			SamlMetadataDocument: samlIdpDescriptor.ApplyT(func(samlIdpDescriptor saml.GetClientInstallationProviderResult) (*string, error) {
				return &samlIdpDescriptor.Value, nil
			}).(pulumi.StringPtrOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Keycloak = Pulumi.Keycloak;

return await Deployment.RunAsync(() => 
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
    });

    var samlClient = new Keycloak.Saml.Client("samlClient", new()
    {
        RealmId = realm.Id,
        ClientId = "test-saml-client",
        SignDocuments = false,
        SignAssertions = true,
        IncludeAuthnStatement = true,
        SigningCertificate = File.ReadAllText("saml-cert.pem"),
        SigningPrivateKey = File.ReadAllText("saml-key.pem"),
    });

    var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()
    {
        RealmId = realm.Id,
        ClientId = samlClient.Id,
        ProviderId = "saml-idp-descriptor",
    });

    var @default = new Aws.Iam.SamlProvider("default", new()
    {
        SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult => getClientInstallationProviderResult.Value),
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.saml.Client;
import com.pulumi.keycloak.saml.ClientArgs;
import com.pulumi.keycloak.saml.SamlFunctions;
import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;
import com.pulumi.aws.iam.SamlProvider;
import com.pulumi.aws.iam.SamlProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()        
            .realm("my-realm")
            .enabled(true)
            .build());

        var samlClient = new Client("samlClient", ClientArgs.builder()        
            .realmId(realm.id())
            .clientId("test-saml-client")
            .signDocuments(false)
            .signAssertions(true)
            .includeAuthnStatement(true)
            .signingCertificate(Files.readString(Paths.get("saml-cert.pem")))
            .signingPrivateKey(Files.readString(Paths.get("saml-key.pem")))
            .build());

        final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()
            .realmId(realm.id())
            .clientId(samlClient.id())
            .providerId("saml-idp-descriptor")
            .build());

        var default_ = new SamlProvider("default", SamlProviderArgs.builder()        
            .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult).applyValue(samlIdpDescriptor -> samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult.value())))
            .build());

    }
}

    resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  samlClient:
    type: keycloak:saml:Client
    properties:
      realmId: ${realm.id}
      clientId: test-saml-client
      signDocuments: false
      signAssertions: true
      includeAuthnStatement: true
      signingCertificate:
        fn::readFile: saml-cert.pem
      signingPrivateKey:
        fn::readFile: saml-key.pem
  default:
    type: aws:iam:SamlProvider
    properties:
      samlMetadataDocument: ${samlIdpDescriptor.value}
variables:
  samlIdpDescriptor:
    fn::invoke:
      Function: keycloak:saml:getClientInstallationProvider
      Arguments:
        realmId: ${realm.id}
        clientId: ${samlClient.id}
        providerId: saml-idp-descriptor

    Using getClientInstallationProvider

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getClientInstallationProvider(args: GetClientInstallationProviderArgs, opts?: InvokeOptions): Promise<GetClientInstallationProviderResult>
function getClientInstallationProviderOutput(args: GetClientInstallationProviderOutputArgs, opts?: InvokeOptions): Output<GetClientInstallationProviderResult>
    def get_client_installation_provider(client_id: Optional[str] = None,
                                     provider_id: Optional[str] = None,
                                     realm_id: Optional[str] = None,
                                     opts: Optional[InvokeOptions] = None) -> GetClientInstallationProviderResult
def get_client_installation_provider_output(client_id: Optional[pulumi.Input[str]] = None,
                                     provider_id: Optional[pulumi.Input[str]] = None,
                                     realm_id: Optional[pulumi.Input[str]] = None,
                                     opts: Optional[InvokeOptions] = None) -> Output[GetClientInstallationProviderResult]
    func GetClientInstallationProvider(ctx *Context, args *GetClientInstallationProviderArgs, opts ...InvokeOption) (*GetClientInstallationProviderResult, error)
func GetClientInstallationProviderOutput(ctx *Context, args *GetClientInstallationProviderOutputArgs, opts ...InvokeOption) GetClientInstallationProviderResultOutput

    > Note: This function is named GetClientInstallationProvider in the Go SDK.

    public static class GetClientInstallationProvider 
{
    public static Task<GetClientInstallationProviderResult> InvokeAsync(GetClientInstallationProviderArgs args, InvokeOptions? opts = null)
    public static Output<GetClientInstallationProviderResult> Invoke(GetClientInstallationProviderInvokeArgs args, InvokeOptions? opts = null)
}
    public static CompletableFuture<GetClientInstallationProviderResult> getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

    fn::invoke:
  function: keycloak:saml/getClientInstallationProvider:getClientInstallationProvider
  arguments:
    # arguments dictionary

    The following arguments are supported:

    ClientId string
    The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.
    ProviderId string
    The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.
    RealmId string
    The realm that the SAML client exists within.
    ClientId string
    The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.
    ProviderId string
    The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.
    RealmId string
    The realm that the SAML client exists within.
    clientId String
    The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.
    providerId String
    The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.
    realmId String
    The realm that the SAML client exists within.
    clientId string
    The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.
    providerId string
    The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.
    realmId string
    The realm that the SAML client exists within.
    client_id str
    The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.
    provider_id str
    The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.
    realm_id str
    The realm that the SAML client exists within.
    clientId String
    The ID of the SAML client. The id attribute of a keycloak_client resource should be used here.
    providerId String
    The ID of the SAML installation provider. Could be one of saml-idp-descriptor, keycloak-saml, saml-sp-descriptor, keycloak-saml-subsystem, mod-auth-mellon, etc.
    realmId String
    The realm that the SAML client exists within.

    getClientInstallationProvider Result

    The following output properties are available:

    ClientId string
    Id string
    The provider-assigned unique ID for this managed resource.
    ProviderId string
    RealmId string
    Value string
    (Computed) The returned document needed for SAML installation.
    ClientId string
    Id string
    The provider-assigned unique ID for this managed resource.
    ProviderId string
    RealmId string
    Value string
    (Computed) The returned document needed for SAML installation.
    clientId String
    id String
    The provider-assigned unique ID for this managed resource.
    providerId String
    realmId String
    value String
    (Computed) The returned document needed for SAML installation.
    clientId string
    id string
    The provider-assigned unique ID for this managed resource.
    providerId string
    realmId string
    value string
    (Computed) The returned document needed for SAML installation.
    client_id str
    id str
    The provider-assigned unique ID for this managed resource.
    provider_id str
    realm_id str
    value str
    (Computed) The returned document needed for SAML installation.
    clientId String
    id String
    The provider-assigned unique ID for this managed resource.
    providerId String
    realmId String
    value String
    (Computed) The returned document needed for SAML installation.

    Package Details

    Repository
    Keycloak pulumi/pulumi-keycloak
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the keycloak Terraform Provider.
    keycloak logo
    Keycloak v5.3.1 published on Monday, Mar 11, 2024 by Pulumi
    pulumi/pulumi-keycloak