googleIdentityPlatformTenantInboundSamlConfig
Inbound SAML configuration for a Identity Toolkit tenant.
You must enable the Google Identity Platform in the marketplace prior to using this resource.
Example Usage - Identity Platform Tenant Inbound Saml Config Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleIdentityPlatformTenantTenant =
new google.identityPlatformTenant.IdentityPlatformTenant(this, "tenant", {
display_name: "tenant",
});
new google.identityPlatformTenantInboundSamlConfig.IdentityPlatformTenantInboundSamlConfig(
this,
"tenant_saml_config",
{
display_name: "Display Name",
idp_config: [
{
idp_certificates: [
{
x509_certificate: '${file("test-fixtures/rsa_cert.pem")}',
},
],
idp_entity_id: "tf-idp",
sign_request: true,
sso_url: "https://example.com",
},
],
name: "saml.tf-config",
sp_config: [
{
callback_uri: "https://example.com",
sp_entity_id: "tf-sp",
},
],
tenant: googleIdentityPlatformTenantTenant.name,
}
);
Argument Reference
The following arguments are supported:
-
name- (Required) The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an alphanumeric character, and have at least 2 characters. -
tenant- (Required) The name of the tenant where this inbound SAML config resource exists -
displayName- (Required) Human friendly display name. -
idpConfig- (Required) SAML IdP configuration when the project acts as the relying party Structure is documented below. -
spConfig- (Required) SAML SP (Service Provider) configuration when the project acts as the relying party to receive and accept an authentication assertion issued by a SAML identity provider. Structure is documented below.
-
idpEntityId- (Required) Unique identifier for all SAML entities -
ssoUrl- (Required) URL to send Authentication request to. -
signRequest- (Optional) Indicates if outbounding SAMLRequest should be signed. -
idpCertificates- (Required) The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. Structure is documented below.
The idpCertificates block supports:
x509Certificate- (Optional) The x509 certificate
-
spEntityId- (Required) Unique identifier for all SAML entities. -
callbackUri- (Required) Callback URI where responses from IDP are handled. Must start withhttps://. -
spCertificates- (Output) The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. Structure is documented below.
The spCertificates block contains:
x509Certificate- (Output) The x509 certificate
-
enabled- (Optional) If this config allows users to sign in with the provider. -
project- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
id- an identifier for the resource with formatprojects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 20 minutes.update- Default is 20 minutes.delete- Default is 20 minutes.
Import
TenantInboundSamlConfig can be imported using any of these accepted formats:
$ terraform import google_identity_platform_tenant_inbound_saml_config.default projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}
$ terraform import google_identity_platform_tenant_inbound_saml_config.default {{project}}/{{tenant}}/{{name}}
$ terraform import google_identity_platform_tenant_inbound_saml_config.default {{tenant}}/{{name}}
User Project Overrides
This resource supports User Project Overrides.