googleIdentityPlatformInboundSamlConfig
Inbound SAML configuration for a Identity Toolkit project.
You must enable the Google Identity Platform in the marketplace prior to using this resource.
Example Usage - Identity Platform Inbound Saml Config Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.identityPlatformInboundSamlConfig.IdentityPlatformInboundSamlConfig(
this,
"saml_config",
{
display_name: "Display Name",
idp_config: [
{
idp_certificates: [
{
x509_certificate: '${file("test-fixtures/rsa_cert.pem")}',
},
],
idp_entity_id: "tf-idp",
sign_request: true,
sso_url: "https://example.com",
},
],
name: "saml.tf-config",
sp_config: [
{
callback_uri: "https://example.com",
sp_entity_id: "tf-sp",
},
],
}
);
Argument Reference
The following arguments are supported:
-
name
- (Required) The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an alphanumeric character, and have at least 2 characters. -
displayName
- (Required) Human friendly display name. -
idpConfig
- (Required) SAML IdP configuration when the project acts as the relying party Structure is documented below. -
spConfig
- (Required) SAML SP (Service Provider) configuration when the project acts as the relying party to receive and accept an authentication assertion issued by a SAML identity provider. Structure is documented below.
-
idpEntityId
- (Required) Unique identifier for all SAML entities -
ssoUrl
- (Required) URL to send Authentication request to. -
signRequest
- (Optional) Indicates if outbounding SAMLRequest should be signed. -
idpCertificates
- (Required) The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP. Structure is documented below.
The idpCertificates
block supports:
x509Certificate
- (Optional) The IdP's x509 certificate.
-
spEntityId
- (Optional) Unique identifier for all SAML entities. -
callbackUri
- (Optional) Callback URI where responses from IDP are handled. Must start withhttps://
. -
spCertificates
- (Output) The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. Structure is documented below.
The spCertificates
block contains:
x509Certificate
- (Output) The x509 certificate
-
enabled
- (Optional) If this config allows users to sign in with the provider. -
project
- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with formatprojects/{{project}}/inboundSamlConfigs/{{name}}
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
Import
InboundSamlConfig can be imported using any of these accepted formats:
$ terraform import google_identity_platform_inbound_saml_config.default projects/{{project}}/inboundSamlConfigs/{{name}}
$ terraform import google_identity_platform_inbound_saml_config.default {{project}}/{{name}}
$ terraform import google_identity_platform_inbound_saml_config.default {{name}}
User Project Overrides
This resource supports User Project Overrides.