Class IdentityProvider
Inherited Members
Namespace: Pulumi.Keycloak.Oidc
Assembly: Pulumi.Keycloak.dll
Syntax
public class IdentityProvider : CustomResourceConstructors
View SourceIdentityProvider(String, IdentityProviderArgs, CustomResourceOptions)
Create a IdentityProvider resource with the given unique name, arguments, and options.
Declaration
public IdentityProvider(string name, IdentityProviderArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| IdentityProviderArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceAcceptsPromptNoneForwardFromClient
This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
Declaration
public Output<bool?> AcceptsPromptNoneForwardFromClient { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
AddReadTokenRoleOnCreate
Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
Declaration
public Output<bool?> AddReadTokenRoleOnCreate { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Alias
The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
Declaration
public Output<string> Alias { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
AuthenticateByDefault
Enable/disable authenticate users by default.
Declaration
public Output<bool?> AuthenticateByDefault { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
AuthorizationUrl
OIDC authorization URL.
Declaration
public Output<string> AuthorizationUrl { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
BackchannelSupported
Does the external IDP support backchannel logout?
Declaration
public Output<bool?> BackchannelSupported { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
ClientId
Client ID.
Declaration
public Output<string> ClientId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ClientSecret
Client Secret.
Declaration
public Output<string> ClientSecret { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
DefaultScopes
The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.
Declaration
public Output<string> DefaultScopes { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
DisplayName
Friendly name for Identity Providers.
Declaration
public Output<string> DisplayName { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Enabled
Enable/disable this identity provider.
Declaration
public Output<bool?> Enabled { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
ExtraConfig
Declaration
public Output<ImmutableDictionary<string, object>> ExtraConfig { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>> |
FirstBrokerLoginFlowAlias
Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
Declaration
public Output<string> FirstBrokerLoginFlowAlias { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
HideOnLoginPage
Hide On Login Page.
Declaration
public Output<bool?> HideOnLoginPage { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
InternalId
Internal Identity Provider Id
Declaration
public Output<string> InternalId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
JwksUrl
JSON Web Key Set URL
Declaration
public Output<string> JwksUrl { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
LinkOnly
If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider
Declaration
public Output<bool?> LinkOnly { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
LoginHint
Login Hint.
Declaration
public Output<string> LoginHint { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
LogoutUrl
Logout URL
Declaration
public Output<string> LogoutUrl { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
PostBrokerLoginFlowAlias
Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
Declaration
public Output<string> PostBrokerLoginFlowAlias { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ProviderId
provider id, is always oidc, unless you have a custom implementation
Declaration
public Output<string> ProviderId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Realm
Realm Name
Declaration
public Output<string> Realm { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
StoreToken
Enable/disable if tokens must be stored after authenticating users.
Declaration
public Output<bool?> StoreToken { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
TokenUrl
Token URL.
Declaration
public Output<string> TokenUrl { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
TrustEmail
If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
Declaration
public Output<bool?> TrustEmail { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
UiLocales
Pass current locale to identity provider
Declaration
public Output<bool?> UiLocales { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
UserInfoUrl
User Info URL
Declaration
public Output<string> UserInfoUrl { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ValidateSignature
Enable/disable signature validation of external IDP signatures.
Declaration
public Output<bool?> ValidateSignature { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Methods
View SourceGet(String, Input<String>, IdentityProviderState, CustomResourceOptions)
Get an existing IdentityProvider resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static IdentityProvider Get(string name, Input<string> id, IdentityProviderState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| IdentityProviderState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| IdentityProvider |