1. Docs
  2. Reference
  3. API
  4. pulumi_keycloak
  5. saml

This page documents the language specification for the keycloak package. If you're looking for help working with the inputs, outputs, or functions of keycloak resources in a Pulumi program, please see the resource documentation for examples and API reference.

saml

class pulumi_keycloak.saml.AwaitableGetClientInstallationProviderResult(client_id=None, id=None, provider_id=None, realm_id=None, value=None)
class pulumi_keycloak.saml.Client(resource_name, opts=None, assertion_consumer_post_url=None, assertion_consumer_redirect_url=None, base_url=None, client_id=None, client_signature_required=None, description=None, enabled=None, force_name_id_format=None, force_post_binding=None, front_channel_logout=None, full_scope_allowed=None, idp_initiated_sso_relay_state=None, idp_initiated_sso_url_name=None, include_authn_statement=None, logout_service_post_binding_url=None, logout_service_redirect_binding_url=None, master_saml_processing_url=None, name=None, name_id_format=None, realm_id=None, root_url=None, sign_assertions=None, sign_documents=None, signing_certificate=None, signing_private_key=None, valid_redirect_uris=None, __props__=None, __name__=None, __opts__=None)

Allows for creating and managing Keycloak clients that use the SAML protocol.

Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak’s user sessions for SSO.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
saml_client = keycloak.saml.Client("samlClient",
    client_id="test-saml-client",
    include_authn_statement=True,
    realm_id=realm.id,
    sign_assertions=True,
    sign_documents=False,
    signing_certificate=(lambda path: open(path).read())("saml-cert.pem"),
    signing_private_key=(lambda path: open(path).read())("saml-key.pem"))

The following arguments are supported:

  • realm_id - (Required) The realm this client is attached to.

  • client_id - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.

  • name - (Optional) The display name of this client in the GUI.

  • enabled - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true.

  • description - (Optional) The description of this client in the GUI.

  • include_authn_statement - (Optional) When true, an AuthnStatement will be included in the SAML response.

  • sign_documents - (Optional) When true, the SAML document will be signed by Keycloak using the realm’s private key.

  • sign_assertions - (Optional) When true, the SAML assertions will be signed by Keycloak using the realm’s private key, and embedded within the SAML XML Auth response.

  • client_signature_required - (Optional) When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key.

  • force_post_binding - (Optional) When true, Keycloak will always respond to an authentication request via the SAML POST Binding.

  • front_channel_logout - (Optional) When true, this client will require a browser redirect in order to perform a logout.

  • name_id_format - (Optional) Sets the Name ID format for the subject.

  • root_url - (Optional) When specified, this value is prepended to all relative URLs.

  • valid_redirect_uris - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.

  • base_url - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client.

  • master_saml_processing_url - (Optional) When specified, this URL will be used for all SAML requests.

  • signing_certificate - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature.

  • signing_private_key - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature.

  • idp_initiated_sso_url_name - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO.

  • idp_initiated_sso_relay_state - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO.

  • assertion_consumer_post_url - (Optional) SAML POST Binding URL for the client’s assertion consumer service (login responses).

  • assertion_consumer_redirect_url - (Optional) SAML Redirect Binding URL for the client’s assertion consumer service (login responses).

  • logout_service_post_binding_url - (Optional) SAML POST Binding URL for the client’s single logout service.

  • logout_service_redirect_binding_url - (Optional) SAML Redirect Binding URL for the client’s single logout service.

  • full_scope_allowed - (Optional) - Allow to include all roles mappings in the access token

Parameters
static get(resource_name, id, opts=None, assertion_consumer_post_url=None, assertion_consumer_redirect_url=None, base_url=None, client_id=None, client_signature_required=None, description=None, enabled=None, force_name_id_format=None, force_post_binding=None, front_channel_logout=None, full_scope_allowed=None, idp_initiated_sso_relay_state=None, idp_initiated_sso_url_name=None, include_authn_statement=None, logout_service_post_binding_url=None, logout_service_redirect_binding_url=None, master_saml_processing_url=None, name=None, name_id_format=None, realm_id=None, root_url=None, sign_assertions=None, sign_documents=None, signing_certificate=None, signing_private_key=None, valid_redirect_uris=None)

Get an existing Client resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.saml.GetClientInstallationProviderResult(client_id=None, id=None, provider_id=None, realm_id=None, value=None)

A collection of values returned by getClientInstallationProvider.

id = None

The provider-assigned unique ID for this managed resource.

class pulumi_keycloak.saml.IdentityProvider(resource_name, opts=None, add_read_token_role_on_create=None, alias=None, authenticate_by_default=None, backchannel_supported=None, display_name=None, enabled=None, first_broker_login_flow_alias=None, force_authn=None, hide_on_login_page=None, link_only=None, name_id_policy_format=None, post_binding_authn_request=None, post_binding_logout=None, post_binding_response=None, post_broker_login_flow_alias=None, realm=None, signature_algorithm=None, signing_certificate=None, single_logout_service_url=None, single_sign_on_service_url=None, store_token=None, trust_email=None, validate_signature=None, want_assertions_encrypted=None, want_assertions_signed=None, xml_sign_key_info_key_name_transformer=None, __props__=None, __name__=None, __opts__=None)

Allows to create and manage SAML Identity Providers within Keycloak.

SAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard.

import pulumi
import pulumi_keycloak as keycloak

realm_identity_provider = keycloak.saml.IdentityProvider("realmIdentityProvider",
    alias="my-idp",
    backchannel_supported=True,
    force_authn=True,
    post_binding_authn_request=True,
    post_binding_logout=True,
    post_binding_response=True,
    realm="my-realm",
    single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0",
    single_sign_on_service_url="https://domain.com/adfs/ls/",
    store_token=False,
    trust_email=True)

The following arguments are supported:

  • realm - (Required) The name of the realm. This is unique across Keycloak.

  • alias - (Optional) The uniq name of identity provider.

  • enabled - (Optional) When false, users and clients will not be able to access this realm. Defaults to true.

  • display_name - (Optional) The display name for the realm that is shown when logging in to the admin console.

  • store_token - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to true.

  • add_read_token_role_on_create - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to false.

  • trust_email - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to false.

  • link_only - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider. Defaults to false.

  • hide_on_login_page - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the ‘kc_idp_hint’ parameter.

  • first_broker_login_flow_alias - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to first broker login.

  • post_broker_login_flow_alias - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.

  • authenticate_by_default - (Optional) Authenticate users by default. Defaults to false.

  • single_sign_on_service_url - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest).

  • single_logout_service_url - (Optional) The Url that must be used to send logout requests.

  • backchannel_supported - (Optional) Does the external IDP support back-channel logout ?.

  • name_id_policy_format - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty.

  • post_binding_response - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..

  • post_binding_authn_request - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.

  • post_binding_logout - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.

  • want_assertions_signed - (Optional) Indicates whether this service provider expects a signed Assertion.

  • want_assertions_encrypted - (Optional) Indicates whether this service provider expects an encrypted Assertion.

  • force_authn - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.

  • validate_signature - (Optional) Enable/disable signature validation of SAML responses.

  • signing_certificate - (Optional) Signing Certificate.

  • signature_algorithm - (Optional) Signing Algorithm. Defaults to empty.

  • xml_sign_key_info_key_name_transformer - (Optional) Sign Key Transformer. Defaults to empty.

Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • add_read_token_role_on_create (pulumi.Input[bool]) – Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

  • alias (pulumi.Input[str]) – The alias uniquely identifies an identity provider and it is also used to build the redirect uri.

  • authenticate_by_default (pulumi.Input[bool]) – Enable/disable authenticate users by default.

  • backchannel_supported (pulumi.Input[bool]) – Does the external IDP support backchannel logout?

  • display_name (pulumi.Input[str]) – Friendly name for Identity Providers.

  • enabled (pulumi.Input[bool]) – Enable/disable this identity provider.

  • first_broker_login_flow_alias (pulumi.Input[str]) – Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

  • force_authn (pulumi.Input[bool]) – Require Force Authn.

  • hide_on_login_page (pulumi.Input[bool]) – Hide On Login Page.

  • link_only (pulumi.Input[bool]) – If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

  • name_id_policy_format (pulumi.Input[str]) – Name ID Policy Format.

  • post_binding_authn_request (pulumi.Input[bool]) – Post Binding Authn Request.

  • post_binding_logout (pulumi.Input[bool]) – Post Binding Logout.

  • post_binding_response (pulumi.Input[bool]) – Post Binding Response.

  • post_broker_login_flow_alias (pulumi.Input[str]) – Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

  • realm (pulumi.Input[str]) – Realm Name

  • signature_algorithm (pulumi.Input[str]) – Signing Algorithm.

  • signing_certificate (pulumi.Input[str]) – Signing Certificate.

  • single_logout_service_url (pulumi.Input[str]) – Logout URL.

  • single_sign_on_service_url (pulumi.Input[str]) – SSO Logout URL.

  • store_token (pulumi.Input[bool]) – Enable/disable if tokens must be stored after authenticating users.

  • trust_email (pulumi.Input[bool]) – If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

  • validate_signature (pulumi.Input[bool]) – Enable/disable signature validation of SAML responses.

  • want_assertions_encrypted (pulumi.Input[bool]) – Want Assertions Encrypted.

  • want_assertions_signed (pulumi.Input[bool]) – Want Assertions Signed.

  • xml_sign_key_info_key_name_transformer (pulumi.Input[str]) – Sign Key Transformer.

add_read_token_role_on_create: pulumi.Output[bool] = None

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

alias: pulumi.Output[str] = None

The alias uniquely identifies an identity provider and it is also used to build the redirect uri.

authenticate_by_default: pulumi.Output[bool] = None

Enable/disable authenticate users by default.

backchannel_supported: pulumi.Output[bool] = None

Does the external IDP support backchannel logout?

display_name: pulumi.Output[str] = None

Friendly name for Identity Providers.

enabled: pulumi.Output[bool] = None

Enable/disable this identity provider.

first_broker_login_flow_alias: pulumi.Output[str] = None

Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

force_authn: pulumi.Output[bool] = None

Require Force Authn.

hide_on_login_page: pulumi.Output[bool] = None

Hide On Login Page.

internal_id: pulumi.Output[str] = None

Internal Identity Provider Id

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

name_id_policy_format: pulumi.Output[str] = None

Name ID Policy Format.

post_binding_authn_request: pulumi.Output[bool] = None

Post Binding Authn Request.

post_binding_logout: pulumi.Output[bool] = None

Post Binding Logout.

post_binding_response: pulumi.Output[bool] = None

Post Binding Response.

post_broker_login_flow_alias: pulumi.Output[str] = None

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

realm: pulumi.Output[str] = None

Realm Name

signature_algorithm: pulumi.Output[str] = None

Signing Algorithm.

signing_certificate: pulumi.Output[str] = None

Signing Certificate.

single_logout_service_url: pulumi.Output[str] = None

Logout URL.

single_sign_on_service_url: pulumi.Output[str] = None

SSO Logout URL.

store_token: pulumi.Output[bool] = None

Enable/disable if tokens must be stored after authenticating users.

trust_email: pulumi.Output[bool] = None

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

validate_signature: pulumi.Output[bool] = None

Enable/disable signature validation of SAML responses.

want_assertions_encrypted: pulumi.Output[bool] = None

Want Assertions Encrypted.

want_assertions_signed: pulumi.Output[bool] = None

Want Assertions Signed.

xml_sign_key_info_key_name_transformer: pulumi.Output[str] = None

Sign Key Transformer.

static get(resource_name, id, opts=None, add_read_token_role_on_create=None, alias=None, authenticate_by_default=None, backchannel_supported=None, display_name=None, enabled=None, first_broker_login_flow_alias=None, force_authn=None, hide_on_login_page=None, internal_id=None, link_only=None, name_id_policy_format=None, post_binding_authn_request=None, post_binding_logout=None, post_binding_response=None, post_broker_login_flow_alias=None, realm=None, signature_algorithm=None, signing_certificate=None, single_logout_service_url=None, single_sign_on_service_url=None, store_token=None, trust_email=None, validate_signature=None, want_assertions_encrypted=None, want_assertions_signed=None, xml_sign_key_info_key_name_transformer=None)

Get an existing IdentityProvider resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • add_read_token_role_on_create (pulumi.Input[bool]) – Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

  • alias (pulumi.Input[str]) – The alias uniquely identifies an identity provider and it is also used to build the redirect uri.

  • authenticate_by_default (pulumi.Input[bool]) – Enable/disable authenticate users by default.

  • backchannel_supported (pulumi.Input[bool]) – Does the external IDP support backchannel logout?

  • display_name (pulumi.Input[str]) – Friendly name for Identity Providers.

  • enabled (pulumi.Input[bool]) – Enable/disable this identity provider.

  • first_broker_login_flow_alias (pulumi.Input[str]) – Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

  • force_authn (pulumi.Input[bool]) – Require Force Authn.

  • hide_on_login_page (pulumi.Input[bool]) – Hide On Login Page.

  • internal_id (pulumi.Input[str]) – Internal Identity Provider Id

  • link_only (pulumi.Input[bool]) – If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

  • name_id_policy_format (pulumi.Input[str]) – Name ID Policy Format.

  • post_binding_authn_request (pulumi.Input[bool]) – Post Binding Authn Request.

  • post_binding_logout (pulumi.Input[bool]) – Post Binding Logout.

  • post_binding_response (pulumi.Input[bool]) – Post Binding Response.

  • post_broker_login_flow_alias (pulumi.Input[str]) – Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

  • realm (pulumi.Input[str]) – Realm Name

  • signature_algorithm (pulumi.Input[str]) – Signing Algorithm.

  • signing_certificate (pulumi.Input[str]) – Signing Certificate.

  • single_logout_service_url (pulumi.Input[str]) – Logout URL.

  • single_sign_on_service_url (pulumi.Input[str]) – SSO Logout URL.

  • store_token (pulumi.Input[bool]) – Enable/disable if tokens must be stored after authenticating users.

  • trust_email (pulumi.Input[bool]) – If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

  • validate_signature (pulumi.Input[bool]) – Enable/disable signature validation of SAML responses.

  • want_assertions_encrypted (pulumi.Input[bool]) – Want Assertions Encrypted.

  • want_assertions_signed (pulumi.Input[bool]) – Want Assertions Signed.

  • xml_sign_key_info_key_name_transformer (pulumi.Input[str]) – Sign Key Transformer.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.saml.UserAttributeProtocolMapper(resource_name, opts=None, client_id=None, client_scope_id=None, friendly_name=None, name=None, realm_id=None, saml_attribute_name=None, saml_attribute_name_format=None, user_attribute=None, __props__=None, __name__=None, __opts__=None)

Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak.

SAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute in a SAML assertion. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
saml_client = keycloak.saml.Client("samlClient",
    client_id="test-saml-client",
    realm_id=keycloak_realm["test"]["id"])
saml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper("samlUserAttributeMapper",
    client_id=saml_client.id,
    realm_id=keycloak_realm["test"]["id"],
    saml_attribute_name="displayName",
    saml_attribute_name_format="Unspecified",
    user_attribute="displayName")

The following arguments are supported:

  • realm_id - (Required) The realm this protocol mapper exists within.

  • client_id - (Required if client_scope_id is not specified) The SAML client this protocol mapper is attached to.

  • client_scope_id - (Required if client_id is not specified) The SAML client scope this protocol mapper is attached to.

  • name - (Required) The display name of this protocol mapper in the GUI.

  • user_attribute - (Required) The custom user attribute to map.

  • friendly_name - (Optional) An optional human-friendly name for this attribute.

  • saml_attribute_name - (Required) The name of the SAML attribute.

  • saml_attribute_name_format - (Required) The SAML attribute Name Format. Can be one of Unspecified, Basic, or URI Reference.

Parameters
static get(resource_name, id, opts=None, client_id=None, client_scope_id=None, friendly_name=None, name=None, realm_id=None, saml_attribute_name=None, saml_attribute_name_format=None, user_attribute=None)

Get an existing UserAttributeProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.saml.UserPropertyProtocolMapper(resource_name, opts=None, client_id=None, client_scope_id=None, friendly_name=None, name=None, realm_id=None, saml_attribute_name=None, saml_attribute_name_format=None, user_property=None, __props__=None, __name__=None, __opts__=None)

Allows for creating and managing user property protocol mappers for SAML clients within Keycloak.

SAML user property protocol mappers allow you to map properties of the Keycloak user model to an attribute in a SAML assertion. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
saml_client = keycloak.saml.Client("samlClient",
    client_id="test-saml-client",
    realm_id=keycloak_realm["test"]["id"])
saml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper("samlUserPropertyMapper",
    client_id=saml_client.id,
    realm_id=keycloak_realm["test"]["id"],
    saml_attribute_name="email",
    saml_attribute_name_format="Unspecified",
    user_property="email")

The following arguments are supported:

  • realm_id - (Required) The realm this protocol mapper exists within.

  • client_id - (Required if client_scope_id is not specified) The SAML client this protocol mapper is attached to.

  • client_scope_id - (Required if client_id is not specified) The SAML client scope this protocol mapper is attached to.

  • name - (Required) The display name of this protocol mapper in the GUI.

  • user_property - (Required) The property of the Keycloak user model to map.

  • friendly_name - (Optional) An optional human-friendly name for this attribute.

  • saml_attribute_name - (Required) The name of the SAML attribute.

  • saml_attribute_name_format - (Required) The SAML attribute Name Format. Can be one of Unspecified, Basic, or URI Reference.

Parameters
static get(resource_name, id, opts=None, client_id=None, client_scope_id=None, friendly_name=None, name=None, realm_id=None, saml_attribute_name=None, saml_attribute_name_format=None, user_property=None)

Get an existing UserPropertyProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_keycloak.saml.get_client_installation_provider(client_id=None, provider_id=None, realm_id=None, opts=None)

Use this data source to access information about an existing resource.