Class Client

# keycloak.saml.Client

Allows for creating and managing Keycloak clients that use the SAML protocol.

Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO.

Example Usage

using System.IO;
using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var samlClient = new Keycloak.Saml.Client("samlClient", new Keycloak.Saml.ClientArgs
    {
        ClientId = "test-saml-client",
        IncludeAuthnStatement = true,
        RealmId = realm.Id,
        SignAssertions = true,
        SignDocuments = false,
        SigningCertificate = File.ReadAllText("saml-cert.pem"),
        SigningPrivateKey = File.ReadAllText("saml-key.pem"),
    });
}

}

Argument Reference

The following arguments are supported:

  • realm_id - (Required) The realm this client is attached to.
  • client_id - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.
  • name - (Optional) The display name of this client in the GUI.
  • enabled - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true.
  • description - (Optional) The description of this client in the GUI.
  • include_authn_statement - (Optional) When true, an AuthnStatement will be included in the SAML response.
  • sign_documents - (Optional) When true, the SAML document will be signed by Keycloak using the realm's private key.
  • sign_assertions - (Optional) When true, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response.
  • client_signature_required - (Optional) When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key.
  • force_post_binding - (Optional) When true, Keycloak will always respond to an authentication request via the SAML POST Binding.
  • front_channel_logout - (Optional) When true, this client will require a browser redirect in order to perform a logout.
  • name_id_format - (Optional) Sets the Name ID format for the subject.
  • root_url - (Optional) When specified, this value is prepended to all relative URLs.
  • valid_redirect_uris - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.
  • base_url - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client.
  • master_saml_processing_url - (Optional) When specified, this URL will be used for all SAML requests.
  • signing_certificate - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature.
  • signing_private_key - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature.
  • idp_initiated_sso_url_name - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO.
  • idp_initiated_sso_relay_state - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO.
  • assertion_consumer_post_url - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses).
  • assertion_consumer_redirect_url - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses).
  • logout_service_post_binding_url - (Optional) SAML POST Binding URL for the client's single logout service.
  • logout_service_redirect_binding_url - (Optional) SAML Redirect Binding URL for the client's single logout service.
  • full_scope_allowed - (Optional) - Allow to include all roles mappings in the access token
Inheritance
System.Object
Resource
CustomResource
Client
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Keycloak.Saml
Assembly: Pulumi.Keycloak.dll
Syntax
public class Client : CustomResource

Constructors

View Source

Client(String, ClientArgs, CustomResourceOptions)

Create a Client resource with the given unique name, arguments, and options.

Declaration
public Client(string name, ClientArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
ClientArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AssertionConsumerPostUrl

Declaration
public Output<string> AssertionConsumerPostUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

AssertionConsumerRedirectUrl

Declaration
public Output<string> AssertionConsumerRedirectUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

BaseUrl

Declaration
public Output<string> BaseUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientId

Declaration
public Output<string> ClientId { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientSignatureRequired

Declaration
public Output<bool> ClientSignatureRequired { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

Description

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

Enabled

Declaration
public Output<bool?> Enabled { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

ForceNameIdFormat

Declaration
public Output<bool> ForceNameIdFormat { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

ForcePostBinding

Declaration
public Output<bool> ForcePostBinding { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

FrontChannelLogout

Declaration
public Output<bool> FrontChannelLogout { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

FullScopeAllowed

Declaration
public Output<bool?> FullScopeAllowed { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

IdpInitiatedSsoRelayState

Declaration
public Output<string> IdpInitiatedSsoRelayState { get; }
Property Value
Type Description
Output<System.String>
View Source

IdpInitiatedSsoUrlName

Declaration
public Output<string> IdpInitiatedSsoUrlName { get; }
Property Value
Type Description
Output<System.String>
View Source

IncludeAuthnStatement

Declaration
public Output<bool> IncludeAuthnStatement { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

LogoutServicePostBindingUrl

Declaration
public Output<string> LogoutServicePostBindingUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

LogoutServiceRedirectBindingUrl

Declaration
public Output<string> LogoutServiceRedirectBindingUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

MasterSamlProcessingUrl

Declaration
public Output<string> MasterSamlProcessingUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

NameIdFormat

Declaration
public Output<string> NameIdFormat { get; }
Property Value
Type Description
Output<System.String>
View Source

RealmId

Declaration
public Output<string> RealmId { get; }
Property Value
Type Description
Output<System.String>
View Source

RootUrl

Declaration
public Output<string> RootUrl { get; }
Property Value
Type Description
Output<System.String>
View Source

SignAssertions

Declaration
public Output<bool> SignAssertions { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

SignDocuments

Declaration
public Output<bool> SignDocuments { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

SigningCertificate

Declaration
public Output<string> SigningCertificate { get; }
Property Value
Type Description
Output<System.String>
View Source

SigningPrivateKey

Declaration
public Output<string> SigningPrivateKey { get; }
Property Value
Type Description
Output<System.String>
View Source

ValidRedirectUris

Declaration
public Output<ImmutableArray<string>> ValidRedirectUris { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>

Methods

View Source

Get(String, Input<String>, ClientState, CustomResourceOptions)

Get an existing Client resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static Client Get(string name, Input<string> id, ClientState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
ClientState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
Client