Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. FusionAuth
  3. API Docs
  4. FusionAuthIdpSamlv2
FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity
theogravity/pulumi-fusionauth

fusionauth.FusionAuthIdpSamlv2

Explore with Pulumi AI

FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity
theogravity/pulumi-fusionauth

# SAML v2 Identity Provider Resource

SAML v2 identity providers connect to external SAML v2 login systems. This type of login will optionally provide a Login with …​ button on FusionAuth’s login page. This button is customizable by using different properties of the identity provider.

Optionally, this identity provider can define one or more domains it is associated with. This is useful for allowing employees to log in with their corporate credentials. As long as the company has an identity solution that provides SAML v2, you can leverage this feature. This is referred to as a Domain Based Identity Provider. If you enable domains for an identity provider, the Login with …​ button will not be displayed. Instead, only the email form field will be displayed initially on the FusionAuth login page. Once the user types in their email address, FusionAuth will determine if the user is logging in locally or if they should be redirected to this identity provider. This is determined by extracting the domain from their email address and comparing it to the domains associated with the identity provider.

FusionAuth will locate the user’s email address in the SAML assertion which will be used to create or lookup the existing user. Additional claims from the SAML response can be used to reconcile the User to FusionAuth by using a SAML v2 Reconcile Lambda. Unless you assign a reconcile lambda to this provider, on the email address will be used from the available assertions returned by the SAML v2 identity provider.

SAML v2 Connect Identity Providers API

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fusionauth from "pulumi-fusionauth";

const saml = new fusionauth.FusionAuthIdpSamlv2("saml", {
    applicationConfigurations: [{
        applicationId: fusionauth_application.myapp.id,
        buttonText: "Login with SAML (app text)",
        createRegistration: true,
        enabled: true,
    }],
    buttonText: "Login with SAML",
    debug: false,
    emailClaim: "email",
    idpEndpoint: "https://www.example.com/login",
    postRequest: true,
    requestSigningKey: "3168129b-91fa-46f4-9676-947f5509fdce",
    signRequest: true,
    useNameForEmail: true,
});
Copy
import pulumi
import theogravity_pulumi_fusionauth as fusionauth

saml = fusionauth.FusionAuthIdpSamlv2("saml",
    application_configurations=[{
        "application_id": fusionauth_application["myapp"]["id"],
        "button_text": "Login with SAML (app text)",
        "create_registration": True,
        "enabled": True,
    }],
    button_text="Login with SAML",
    debug=False,
    email_claim="email",
    idp_endpoint="https://www.example.com/login",
    post_request=True,
    request_signing_key="3168129b-91fa-46f4-9676-947f5509fdce",
    sign_request=True,
    use_name_for_email=True)
Copy
package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := fusionauth.NewFusionAuthIdpSamlv2(ctx, "saml", &fusionauth.FusionAuthIdpSamlv2Args{
			ApplicationConfigurations: fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArray{
				&fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArgs{
					ApplicationId:      pulumi.Any(fusionauth_application.Myapp.Id),
					ButtonText:         pulumi.String("Login with SAML (app text)"),
					CreateRegistration: pulumi.Bool(true),
					Enabled:            pulumi.Bool(true),
				},
			},
			ButtonText:        pulumi.String("Login with SAML"),
			Debug:             pulumi.Bool(false),
			EmailClaim:        pulumi.String("email"),
			IdpEndpoint:       pulumi.String("https://www.example.com/login"),
			PostRequest:       pulumi.Bool(true),
			RequestSigningKey: pulumi.String("3168129b-91fa-46f4-9676-947f5509fdce"),
			SignRequest:       pulumi.Bool(true),
			UseNameForEmail:   pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fusionauth = theogravity.Fusionauth;

return await Deployment.RunAsync(() => 
{
    var saml = new Fusionauth.FusionAuthIdpSamlv2("saml", new()
    {
        ApplicationConfigurations = new[]
        {
            new Fusionauth.Inputs.FusionAuthIdpSamlv2ApplicationConfigurationArgs
            {
                ApplicationId = fusionauth_application.Myapp.Id,
                ButtonText = "Login with SAML (app text)",
                CreateRegistration = true,
                Enabled = true,
            },
        },
        ButtonText = "Login with SAML",
        Debug = false,
        EmailClaim = "email",
        IdpEndpoint = "https://www.example.com/login",
        PostRequest = true,
        RequestSigningKey = "3168129b-91fa-46f4-9676-947f5509fdce",
        SignRequest = true,
        UseNameForEmail = true,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fusionauth.FusionAuthIdpSamlv2;
import com.pulumi.fusionauth.FusionAuthIdpSamlv2Args;
import com.pulumi.fusionauth.inputs.FusionAuthIdpSamlv2ApplicationConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var saml = new FusionAuthIdpSamlv2("saml", FusionAuthIdpSamlv2Args.builder()
            .applicationConfigurations(FusionAuthIdpSamlv2ApplicationConfigurationArgs.builder()
                .applicationId(fusionauth_application.myapp().id())
                .buttonText("Login with SAML (app text)")
                .createRegistration(true)
                .enabled(true)
                .build())
            .buttonText("Login with SAML")
            .debug(false)
            .emailClaim("email")
            .idpEndpoint("https://www.example.com/login")
            .postRequest(true)
            .requestSigningKey("3168129b-91fa-46f4-9676-947f5509fdce")
            .signRequest(true)
            .useNameForEmail(true)
            .build());

    }
}
Copy
resources:
  saml:
    type: fusionauth:FusionAuthIdpSamlv2
    properties:
      applicationConfigurations:
        - applicationId: ${fusionauth_application.myapp.id}
          buttonText: Login with SAML (app text)
          createRegistration: true
          enabled: true
      buttonText: Login with SAML
      debug: false
      emailClaim: email
      idpEndpoint: https://www.example.com/login
      postRequest: true
      requestSigningKey: 3168129b-91fa-46f4-9676-947f5509fdce
      signRequest: true
      useNameForEmail: true
Copy

Create FusionAuthIdpSamlv2 Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FusionAuthIdpSamlv2(name: string, args: FusionAuthIdpSamlv2Args, opts?: CustomResourceOptions);
@overload
def FusionAuthIdpSamlv2(resource_name: str,
                        args: FusionAuthIdpSamlv2Args,
                        opts: Optional[ResourceOptions] = None)

@overload
def FusionAuthIdpSamlv2(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        button_text: Optional[str] = None,
                        key_id: Optional[str] = None,
                        lambda_reconcile_id: Optional[str] = None,
                        idp_initiated_configuration: Optional[FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs] = None,
                        debug: Optional[bool] = None,
                        domains: Optional[Sequence[str]] = None,
                        email_claim: Optional[str] = None,
                        enabled: Optional[bool] = None,
                        idp_endpoint: Optional[str] = None,
                        login_hint_configuration: Optional[FusionAuthIdpSamlv2LoginHintConfigurationArgs] = None,
                        linking_strategy: Optional[str] = None,
                        assertion_configuration: Optional[FusionAuthIdpSamlv2AssertionConfigurationArgs] = None,
                        button_image_url: Optional[str] = None,
                        application_configurations: Optional[Sequence[FusionAuthIdpSamlv2ApplicationConfigurationArgs]] = None,
                        idp_id: Optional[str] = None,
                        name: Optional[str] = None,
                        name_id_format: Optional[str] = None,
                        post_request: Optional[bool] = None,
                        request_signing_key: Optional[str] = None,
                        sign_request: Optional[bool] = None,
                        tenant_configurations: Optional[Sequence[FusionAuthIdpSamlv2TenantConfigurationArgs]] = None,
                        unique_id_claim: Optional[str] = None,
                        use_name_for_email: Optional[bool] = None,
                        username_claim: Optional[str] = None,
                        xml_signature_canonicalization_method: Optional[str] = None)
func NewFusionAuthIdpSamlv2(ctx *Context, name string, args FusionAuthIdpSamlv2Args, opts ...ResourceOption) (*FusionAuthIdpSamlv2, error)
public FusionAuthIdpSamlv2(string name, FusionAuthIdpSamlv2Args args, CustomResourceOptions? opts = null)
public FusionAuthIdpSamlv2(String name, FusionAuthIdpSamlv2Args args)
public FusionAuthIdpSamlv2(String name, FusionAuthIdpSamlv2Args args, CustomResourceOptions options)

type: fusionauth:FusionAuthIdpSamlv2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FusionAuthIdpSamlv2Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FusionAuthIdpSamlv2Args
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FusionAuthIdpSamlv2Args
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FusionAuthIdpSamlv2Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FusionAuthIdpSamlv2Args
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var fusionAuthIdpSamlv2Resource = new Fusionauth.FusionAuthIdpSamlv2("fusionAuthIdpSamlv2Resource", new()
{
    ButtonText = "string",
    KeyId = "string",
    LambdaReconcileId = "string",
    IdpInitiatedConfiguration = new Fusionauth.Inputs.FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs
    {
        Enabled = false,
        Issuer = "string",
    },
    Debug = false,
    Domains = new[]
    {
        "string",
    },
    EmailClaim = "string",
    Enabled = false,
    IdpEndpoint = "string",
    LoginHintConfiguration = new Fusionauth.Inputs.FusionAuthIdpSamlv2LoginHintConfigurationArgs
    {
        Enabled = false,
        ParameterName = "string",
    },
    LinkingStrategy = "string",
    AssertionConfiguration = new Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfigurationArgs
    {
        Decryption = new Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfigurationDecryptionArgs
        {
            KeyTransportDecryptionKeyId = "string",
            Enabled = false,
        },
        Destination = new Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfigurationDestinationArgs
        {
            Alternates = new[]
            {
                "string",
            },
            Policy = "string",
        },
    },
    ButtonImageUrl = "string",
    ApplicationConfigurations = new[]
    {
        new Fusionauth.Inputs.FusionAuthIdpSamlv2ApplicationConfigurationArgs
        {
            ApplicationId = "string",
            ButtonImageUrl = "string",
            ButtonText = "string",
            CreateRegistration = false,
            Enabled = false,
        },
    },
    IdpId = "string",
    Name = "string",
    NameIdFormat = "string",
    PostRequest = false,
    RequestSigningKey = "string",
    SignRequest = false,
    TenantConfigurations = new[]
    {
        new Fusionauth.Inputs.FusionAuthIdpSamlv2TenantConfigurationArgs
        {
            LimitUserLinkCountEnabled = false,
            LimitUserLinkCountMaximumLinks = 0,
            TenantId = "string",
        },
    },
    UniqueIdClaim = "string",
    UseNameForEmail = false,
    UsernameClaim = "string",
    XmlSignatureCanonicalizationMethod = "string",
});
Copy
example, err := fusionauth.NewFusionAuthIdpSamlv2(ctx, "fusionAuthIdpSamlv2Resource", &fusionauth.FusionAuthIdpSamlv2Args{
	ButtonText:        pulumi.String("string"),
	KeyId:             pulumi.String("string"),
	LambdaReconcileId: pulumi.String("string"),
	IdpInitiatedConfiguration: &fusionauth.FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs{
		Enabled: pulumi.Bool(false),
		Issuer:  pulumi.String("string"),
	},
	Debug: pulumi.Bool(false),
	Domains: pulumi.StringArray{
		pulumi.String("string"),
	},
	EmailClaim:  pulumi.String("string"),
	Enabled:     pulumi.Bool(false),
	IdpEndpoint: pulumi.String("string"),
	LoginHintConfiguration: &fusionauth.FusionAuthIdpSamlv2LoginHintConfigurationArgs{
		Enabled:       pulumi.Bool(false),
		ParameterName: pulumi.String("string"),
	},
	LinkingStrategy: pulumi.String("string"),
	AssertionConfiguration: &fusionauth.FusionAuthIdpSamlv2AssertionConfigurationArgs{
		Decryption: &fusionauth.FusionAuthIdpSamlv2AssertionConfigurationDecryptionArgs{
			KeyTransportDecryptionKeyId: pulumi.String("string"),
			Enabled:                     pulumi.Bool(false),
		},
		Destination: &fusionauth.FusionAuthIdpSamlv2AssertionConfigurationDestinationArgs{
			Alternates: pulumi.StringArray{
				pulumi.String("string"),
			},
			Policy: pulumi.String("string"),
		},
	},
	ButtonImageUrl: pulumi.String("string"),
	ApplicationConfigurations: fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArray{
		&fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArgs{
			ApplicationId:      pulumi.String("string"),
			ButtonImageUrl:     pulumi.String("string"),
			ButtonText:         pulumi.String("string"),
			CreateRegistration: pulumi.Bool(false),
			Enabled:            pulumi.Bool(false),
		},
	},
	IdpId:             pulumi.String("string"),
	Name:              pulumi.String("string"),
	NameIdFormat:      pulumi.String("string"),
	PostRequest:       pulumi.Bool(false),
	RequestSigningKey: pulumi.String("string"),
	SignRequest:       pulumi.Bool(false),
	TenantConfigurations: fusionauth.FusionAuthIdpSamlv2TenantConfigurationArray{
		&fusionauth.FusionAuthIdpSamlv2TenantConfigurationArgs{
			LimitUserLinkCountEnabled:      pulumi.Bool(false),
			LimitUserLinkCountMaximumLinks: pulumi.Int(0),
			TenantId:                       pulumi.String("string"),
		},
	},
	UniqueIdClaim:                      pulumi.String("string"),
	UseNameForEmail:                    pulumi.Bool(false),
	UsernameClaim:                      pulumi.String("string"),
	XmlSignatureCanonicalizationMethod: pulumi.String("string"),
})
Copy
var fusionAuthIdpSamlv2Resource = new FusionAuthIdpSamlv2("fusionAuthIdpSamlv2Resource", FusionAuthIdpSamlv2Args.builder()
    .buttonText("string")
    .keyId("string")
    .lambdaReconcileId("string")
    .idpInitiatedConfiguration(FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs.builder()
        .enabled(false)
        .issuer("string")
        .build())
    .debug(false)
    .domains("string")
    .emailClaim("string")
    .enabled(false)
    .idpEndpoint("string")
    .loginHintConfiguration(FusionAuthIdpSamlv2LoginHintConfigurationArgs.builder()
        .enabled(false)
        .parameterName("string")
        .build())
    .linkingStrategy("string")
    .assertionConfiguration(FusionAuthIdpSamlv2AssertionConfigurationArgs.builder()
        .decryption(FusionAuthIdpSamlv2AssertionConfigurationDecryptionArgs.builder()
            .keyTransportDecryptionKeyId("string")
            .enabled(false)
            .build())
        .destination(FusionAuthIdpSamlv2AssertionConfigurationDestinationArgs.builder()
            .alternates("string")
            .policy("string")
            .build())
        .build())
    .buttonImageUrl("string")
    .applicationConfigurations(FusionAuthIdpSamlv2ApplicationConfigurationArgs.builder()
        .applicationId("string")
        .buttonImageUrl("string")
        .buttonText("string")
        .createRegistration(false)
        .enabled(false)
        .build())
    .idpId("string")
    .name("string")
    .nameIdFormat("string")
    .postRequest(false)
    .requestSigningKey("string")
    .signRequest(false)
    .tenantConfigurations(FusionAuthIdpSamlv2TenantConfigurationArgs.builder()
        .limitUserLinkCountEnabled(false)
        .limitUserLinkCountMaximumLinks(0)
        .tenantId("string")
        .build())
    .uniqueIdClaim("string")
    .useNameForEmail(false)
    .usernameClaim("string")
    .xmlSignatureCanonicalizationMethod("string")
    .build());
Copy
fusion_auth_idp_samlv2_resource = fusionauth.FusionAuthIdpSamlv2("fusionAuthIdpSamlv2Resource",
    button_text="string",
    key_id="string",
    lambda_reconcile_id="string",
    idp_initiated_configuration={
        "enabled": False,
        "issuer": "string",
    },
    debug=False,
    domains=["string"],
    email_claim="string",
    enabled=False,
    idp_endpoint="string",
    login_hint_configuration={
        "enabled": False,
        "parameter_name": "string",
    },
    linking_strategy="string",
    assertion_configuration={
        "decryption": {
            "key_transport_decryption_key_id": "string",
            "enabled": False,
        },
        "destination": {
            "alternates": ["string"],
            "policy": "string",
        },
    },
    button_image_url="string",
    application_configurations=[{
        "application_id": "string",
        "button_image_url": "string",
        "button_text": "string",
        "create_registration": False,
        "enabled": False,
    }],
    idp_id="string",
    name="string",
    name_id_format="string",
    post_request=False,
    request_signing_key="string",
    sign_request=False,
    tenant_configurations=[{
        "limit_user_link_count_enabled": False,
        "limit_user_link_count_maximum_links": 0,
        "tenant_id": "string",
    }],
    unique_id_claim="string",
    use_name_for_email=False,
    username_claim="string",
    xml_signature_canonicalization_method="string")
Copy
const fusionAuthIdpSamlv2Resource = new fusionauth.FusionAuthIdpSamlv2("fusionAuthIdpSamlv2Resource", {
    buttonText: "string",
    keyId: "string",
    lambdaReconcileId: "string",
    idpInitiatedConfiguration: {
        enabled: false,
        issuer: "string",
    },
    debug: false,
    domains: ["string"],
    emailClaim: "string",
    enabled: false,
    idpEndpoint: "string",
    loginHintConfiguration: {
        enabled: false,
        parameterName: "string",
    },
    linkingStrategy: "string",
    assertionConfiguration: {
        decryption: {
            keyTransportDecryptionKeyId: "string",
            enabled: false,
        },
        destination: {
            alternates: ["string"],
            policy: "string",
        },
    },
    buttonImageUrl: "string",
    applicationConfigurations: [{
        applicationId: "string",
        buttonImageUrl: "string",
        buttonText: "string",
        createRegistration: false,
        enabled: false,
    }],
    idpId: "string",
    name: "string",
    nameIdFormat: "string",
    postRequest: false,
    requestSigningKey: "string",
    signRequest: false,
    tenantConfigurations: [{
        limitUserLinkCountEnabled: false,
        limitUserLinkCountMaximumLinks: 0,
        tenantId: "string",
    }],
    uniqueIdClaim: "string",
    useNameForEmail: false,
    usernameClaim: "string",
    xmlSignatureCanonicalizationMethod: "string",
});
Copy
type: fusionauth:FusionAuthIdpSamlv2
properties:
    applicationConfigurations:
        - applicationId: string
          buttonImageUrl: string
          buttonText: string
          createRegistration: false
          enabled: false
    assertionConfiguration:
        decryption:
            enabled: false
            keyTransportDecryptionKeyId: string
        destination:
            alternates:
                - string
            policy: string
    buttonImageUrl: string
    buttonText: string
    debug: false
    domains:
        - string
    emailClaim: string
    enabled: false
    idpEndpoint: string
    idpId: string
    idpInitiatedConfiguration:
        enabled: false
        issuer: string
    keyId: string
    lambdaReconcileId: string
    linkingStrategy: string
    loginHintConfiguration:
        enabled: false
        parameterName: string
    name: string
    nameIdFormat: string
    postRequest: false
    requestSigningKey: string
    signRequest: false
    tenantConfigurations:
        - limitUserLinkCountEnabled: false
          limitUserLinkCountMaximumLinks: 0
          tenantId: string
    uniqueIdClaim: string
    useNameForEmail: false
    usernameClaim: string
    xmlSignatureCanonicalizationMethod: string
Copy

FusionAuthIdpSamlv2 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FusionAuthIdpSamlv2 resource accepts the following input properties:

ButtonText This property is required. string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
KeyId This property is required. string
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
ApplicationConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2ApplicationConfiguration>
The configuration for each Application that the identity provider is enabled for.
AssertionConfiguration theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfiguration
The configuration for the SAML assertion.
ButtonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
Debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
Domains List<string>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
EmailClaim string
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
Enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpEndpoint string
The SAML v2 login page of the identity provider.
IdpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
IdpInitiatedConfiguration theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2IdpInitiatedConfiguration
The configuration for the IdP initiated login.
LambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
LinkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
LoginHintConfiguration theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2LoginHintConfiguration
The configuration for the login hint.
Name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
NameIdFormat string
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
PostRequest bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
RequestSigningKey string
The key pair Id to use to sign the SAML request. Required when sign_request is true.
SignRequest bool
When true authentication requests sent to the identity provider will be signed.
TenantConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2TenantConfiguration>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
UniqueIdClaim string
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
UseNameForEmail bool
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
UsernameClaim string
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
XmlSignatureCanonicalizationMethod string
The XML signature canonicalization method used when digesting and signing the SAML request.
ButtonText This property is required. string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
KeyId This property is required. string
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
ApplicationConfigurations []FusionAuthIdpSamlv2ApplicationConfigurationArgs
The configuration for each Application that the identity provider is enabled for.
AssertionConfiguration FusionAuthIdpSamlv2AssertionConfigurationArgs
The configuration for the SAML assertion.
ButtonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
Debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
Domains []string
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
EmailClaim string
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
Enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpEndpoint string
The SAML v2 login page of the identity provider.
IdpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
IdpInitiatedConfiguration FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs
The configuration for the IdP initiated login.
LambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
LinkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
LoginHintConfiguration FusionAuthIdpSamlv2LoginHintConfigurationArgs
The configuration for the login hint.
Name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
NameIdFormat string
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
PostRequest bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
RequestSigningKey string
The key pair Id to use to sign the SAML request. Required when sign_request is true.
SignRequest bool
When true authentication requests sent to the identity provider will be signed.
TenantConfigurations []FusionAuthIdpSamlv2TenantConfigurationArgs
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
UniqueIdClaim string
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
UseNameForEmail bool
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
UsernameClaim string
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
XmlSignatureCanonicalizationMethod string
The XML signature canonicalization method used when digesting and signing the SAML request.
buttonText This property is required. String
The top-level button text to use on the FusionAuth login page for this Identity Provider.
keyId This property is required. String
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
applicationConfigurations List<FusionAuthIdpSamlv2ApplicationConfiguration>
The configuration for each Application that the identity provider is enabled for.
assertionConfiguration FusionAuthIdpSamlv2AssertionConfiguration
The configuration for the SAML assertion.
buttonImageUrl String
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
debug Boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains List<String>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
emailClaim String
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled Boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpEndpoint String
The SAML v2 login page of the identity provider.
idpId Changes to this property will trigger replacement. String
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
idpInitiatedConfiguration FusionAuthIdpSamlv2IdpInitiatedConfiguration
The configuration for the IdP initiated login.
lambdaReconcileId String
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy String
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
loginHintConfiguration FusionAuthIdpSamlv2LoginHintConfiguration
The configuration for the login hint.
name String
The name of this OpenID Connect identity provider. This is only used for display purposes.
nameIdFormat String
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
postRequest Boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
requestSigningKey String
The key pair Id to use to sign the SAML request. Required when sign_request is true.
signRequest Boolean
When true authentication requests sent to the identity provider will be signed.
tenantConfigurations List<FusionAuthIdpSamlv2TenantConfiguration>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim String
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail Boolean
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim String
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
xmlSignatureCanonicalizationMethod String
The XML signature canonicalization method used when digesting and signing the SAML request.
buttonText This property is required. string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
keyId This property is required. string
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
applicationConfigurations FusionAuthIdpSamlv2ApplicationConfiguration[]
The configuration for each Application that the identity provider is enabled for.
assertionConfiguration FusionAuthIdpSamlv2AssertionConfiguration
The configuration for the SAML assertion.
buttonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
debug boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains string[]
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
emailClaim string
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpEndpoint string
The SAML v2 login page of the identity provider.
idpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
idpInitiatedConfiguration FusionAuthIdpSamlv2IdpInitiatedConfiguration
The configuration for the IdP initiated login.
lambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
loginHintConfiguration FusionAuthIdpSamlv2LoginHintConfiguration
The configuration for the login hint.
name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
nameIdFormat string
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
postRequest boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
requestSigningKey string
The key pair Id to use to sign the SAML request. Required when sign_request is true.
signRequest boolean
When true authentication requests sent to the identity provider will be signed.
tenantConfigurations FusionAuthIdpSamlv2TenantConfiguration[]
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim string
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail boolean
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim string
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
xmlSignatureCanonicalizationMethod string
The XML signature canonicalization method used when digesting and signing the SAML request.
button_text This property is required. str
The top-level button text to use on the FusionAuth login page for this Identity Provider.
key_id This property is required. str
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
application_configurations Sequence[FusionAuthIdpSamlv2ApplicationConfigurationArgs]
The configuration for each Application that the identity provider is enabled for.
assertion_configuration FusionAuthIdpSamlv2AssertionConfigurationArgs
The configuration for the SAML assertion.
button_image_url str
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains Sequence[str]
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
email_claim str
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
idp_endpoint str
The SAML v2 login page of the identity provider.
idp_id Changes to this property will trigger replacement. str
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
idp_initiated_configuration FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs
The configuration for the IdP initiated login.
lambda_reconcile_id str
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linking_strategy str
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
login_hint_configuration FusionAuthIdpSamlv2LoginHintConfigurationArgs
The configuration for the login hint.
name str
The name of this OpenID Connect identity provider. This is only used for display purposes.
name_id_format str
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
post_request bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
request_signing_key str
The key pair Id to use to sign the SAML request. Required when sign_request is true.
sign_request bool
When true authentication requests sent to the identity provider will be signed.
tenant_configurations Sequence[FusionAuthIdpSamlv2TenantConfigurationArgs]
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
unique_id_claim str
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
use_name_for_email bool
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
username_claim str
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
xml_signature_canonicalization_method str
The XML signature canonicalization method used when digesting and signing the SAML request.
buttonText This property is required. String
The top-level button text to use on the FusionAuth login page for this Identity Provider.
keyId This property is required. String
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
applicationConfigurations List<Property Map>
The configuration for each Application that the identity provider is enabled for.
assertionConfiguration Property Map
The configuration for the SAML assertion.
buttonImageUrl String
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
debug Boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains List<String>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
emailClaim String
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled Boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpEndpoint String
The SAML v2 login page of the identity provider.
idpId Changes to this property will trigger replacement. String
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
idpInitiatedConfiguration Property Map
The configuration for the IdP initiated login.
lambdaReconcileId String
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy String
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
loginHintConfiguration Property Map
The configuration for the login hint.
name String
The name of this OpenID Connect identity provider. This is only used for display purposes.
nameIdFormat String
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
postRequest Boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
requestSigningKey String
The key pair Id to use to sign the SAML request. Required when sign_request is true.
signRequest Boolean
When true authentication requests sent to the identity provider will be signed.
tenantConfigurations List<Property Map>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim String
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail Boolean
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim String
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
xmlSignatureCanonicalizationMethod String
The XML signature canonicalization method used when digesting and signing the SAML request.

Outputs

All input properties are implicitly available as output properties. Additionally, the FusionAuthIdpSamlv2 resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing FusionAuthIdpSamlv2 Resource

Get an existing FusionAuthIdpSamlv2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FusionAuthIdpSamlv2State, opts?: CustomResourceOptions): FusionAuthIdpSamlv2
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        application_configurations: Optional[Sequence[FusionAuthIdpSamlv2ApplicationConfigurationArgs]] = None,
        assertion_configuration: Optional[FusionAuthIdpSamlv2AssertionConfigurationArgs] = None,
        button_image_url: Optional[str] = None,
        button_text: Optional[str] = None,
        debug: Optional[bool] = None,
        domains: Optional[Sequence[str]] = None,
        email_claim: Optional[str] = None,
        enabled: Optional[bool] = None,
        idp_endpoint: Optional[str] = None,
        idp_id: Optional[str] = None,
        idp_initiated_configuration: Optional[FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs] = None,
        key_id: Optional[str] = None,
        lambda_reconcile_id: Optional[str] = None,
        linking_strategy: Optional[str] = None,
        login_hint_configuration: Optional[FusionAuthIdpSamlv2LoginHintConfigurationArgs] = None,
        name: Optional[str] = None,
        name_id_format: Optional[str] = None,
        post_request: Optional[bool] = None,
        request_signing_key: Optional[str] = None,
        sign_request: Optional[bool] = None,
        tenant_configurations: Optional[Sequence[FusionAuthIdpSamlv2TenantConfigurationArgs]] = None,
        unique_id_claim: Optional[str] = None,
        use_name_for_email: Optional[bool] = None,
        username_claim: Optional[str] = None,
        xml_signature_canonicalization_method: Optional[str] = None) -> FusionAuthIdpSamlv2
func GetFusionAuthIdpSamlv2(ctx *Context, name string, id IDInput, state *FusionAuthIdpSamlv2State, opts ...ResourceOption) (*FusionAuthIdpSamlv2, error)
public static FusionAuthIdpSamlv2 Get(string name, Input<string> id, FusionAuthIdpSamlv2State? state, CustomResourceOptions? opts = null)
public static FusionAuthIdpSamlv2 get(String name, Output<String> id, FusionAuthIdpSamlv2State state, CustomResourceOptions options)
resources:  _:    type: fusionauth:FusionAuthIdpSamlv2    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ApplicationConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2ApplicationConfiguration>
The configuration for each Application that the identity provider is enabled for.
AssertionConfiguration theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfiguration
The configuration for the SAML assertion.
ButtonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
ButtonText string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
Debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
Domains List<string>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
EmailClaim string
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
Enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpEndpoint string
The SAML v2 login page of the identity provider.
IdpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
IdpInitiatedConfiguration theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2IdpInitiatedConfiguration
The configuration for the IdP initiated login.
KeyId string
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
LambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
LinkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
LoginHintConfiguration theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2LoginHintConfiguration
The configuration for the login hint.
Name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
NameIdFormat string
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
PostRequest bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
RequestSigningKey string
The key pair Id to use to sign the SAML request. Required when sign_request is true.
SignRequest bool
When true authentication requests sent to the identity provider will be signed.
TenantConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2TenantConfiguration>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
UniqueIdClaim string
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
UseNameForEmail bool
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
UsernameClaim string
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
XmlSignatureCanonicalizationMethod string
The XML signature canonicalization method used when digesting and signing the SAML request.
ApplicationConfigurations []FusionAuthIdpSamlv2ApplicationConfigurationArgs
The configuration for each Application that the identity provider is enabled for.
AssertionConfiguration FusionAuthIdpSamlv2AssertionConfigurationArgs
The configuration for the SAML assertion.
ButtonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
ButtonText string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
Debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
Domains []string
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
EmailClaim string
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
Enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpEndpoint string
The SAML v2 login page of the identity provider.
IdpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
IdpInitiatedConfiguration FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs
The configuration for the IdP initiated login.
KeyId string
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
LambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
LinkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
LoginHintConfiguration FusionAuthIdpSamlv2LoginHintConfigurationArgs
The configuration for the login hint.
Name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
NameIdFormat string
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
PostRequest bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
RequestSigningKey string
The key pair Id to use to sign the SAML request. Required when sign_request is true.
SignRequest bool
When true authentication requests sent to the identity provider will be signed.
TenantConfigurations []FusionAuthIdpSamlv2TenantConfigurationArgs
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
UniqueIdClaim string
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
UseNameForEmail bool
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
UsernameClaim string
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
XmlSignatureCanonicalizationMethod string
The XML signature canonicalization method used when digesting and signing the SAML request.
applicationConfigurations List<FusionAuthIdpSamlv2ApplicationConfiguration>
The configuration for each Application that the identity provider is enabled for.
assertionConfiguration FusionAuthIdpSamlv2AssertionConfiguration
The configuration for the SAML assertion.
buttonImageUrl String
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
buttonText String
The top-level button text to use on the FusionAuth login page for this Identity Provider.
debug Boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains List<String>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
emailClaim String
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled Boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpEndpoint String
The SAML v2 login page of the identity provider.
idpId Changes to this property will trigger replacement. String
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
idpInitiatedConfiguration FusionAuthIdpSamlv2IdpInitiatedConfiguration
The configuration for the IdP initiated login.
keyId String
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
lambdaReconcileId String
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy String
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
loginHintConfiguration FusionAuthIdpSamlv2LoginHintConfiguration
The configuration for the login hint.
name String
The name of this OpenID Connect identity provider. This is only used for display purposes.
nameIdFormat String
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
postRequest Boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
requestSigningKey String
The key pair Id to use to sign the SAML request. Required when sign_request is true.
signRequest Boolean
When true authentication requests sent to the identity provider will be signed.
tenantConfigurations List<FusionAuthIdpSamlv2TenantConfiguration>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim String
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail Boolean
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim String
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
xmlSignatureCanonicalizationMethod String
The XML signature canonicalization method used when digesting and signing the SAML request.
applicationConfigurations FusionAuthIdpSamlv2ApplicationConfiguration[]
The configuration for each Application that the identity provider is enabled for.
assertionConfiguration FusionAuthIdpSamlv2AssertionConfiguration
The configuration for the SAML assertion.
buttonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
buttonText string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
debug boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains string[]
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
emailClaim string
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpEndpoint string
The SAML v2 login page of the identity provider.
idpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
idpInitiatedConfiguration FusionAuthIdpSamlv2IdpInitiatedConfiguration
The configuration for the IdP initiated login.
keyId string
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
lambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
loginHintConfiguration FusionAuthIdpSamlv2LoginHintConfiguration
The configuration for the login hint.
name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
nameIdFormat string
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
postRequest boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
requestSigningKey string
The key pair Id to use to sign the SAML request. Required when sign_request is true.
signRequest boolean
When true authentication requests sent to the identity provider will be signed.
tenantConfigurations FusionAuthIdpSamlv2TenantConfiguration[]
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim string
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail boolean
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim string
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
xmlSignatureCanonicalizationMethod string
The XML signature canonicalization method used when digesting and signing the SAML request.
application_configurations Sequence[FusionAuthIdpSamlv2ApplicationConfigurationArgs]
The configuration for each Application that the identity provider is enabled for.
assertion_configuration FusionAuthIdpSamlv2AssertionConfigurationArgs
The configuration for the SAML assertion.
button_image_url str
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
button_text str
The top-level button text to use on the FusionAuth login page for this Identity Provider.
debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains Sequence[str]
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
email_claim str
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
idp_endpoint str
The SAML v2 login page of the identity provider.
idp_id Changes to this property will trigger replacement. str
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
idp_initiated_configuration FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs
The configuration for the IdP initiated login.
key_id str
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
lambda_reconcile_id str
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linking_strategy str
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
login_hint_configuration FusionAuthIdpSamlv2LoginHintConfigurationArgs
The configuration for the login hint.
name str
The name of this OpenID Connect identity provider. This is only used for display purposes.
name_id_format str
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
post_request bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
request_signing_key str
The key pair Id to use to sign the SAML request. Required when sign_request is true.
sign_request bool
When true authentication requests sent to the identity provider will be signed.
tenant_configurations Sequence[FusionAuthIdpSamlv2TenantConfigurationArgs]
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
unique_id_claim str
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
use_name_for_email bool
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
username_claim str
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
xml_signature_canonicalization_method str
The XML signature canonicalization method used when digesting and signing the SAML request.
applicationConfigurations List<Property Map>
The configuration for each Application that the identity provider is enabled for.
assertionConfiguration Property Map
The configuration for the SAML assertion.
buttonImageUrl String
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
buttonText String
The top-level button text to use on the FusionAuth login page for this Identity Provider.
debug Boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains List<String>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
emailClaim String
The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the use_name_for_email flag must be true.
enabled Boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpEndpoint String
The SAML v2 login page of the identity provider.
idpId Changes to this property will trigger replacement. String
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
idpInitiatedConfiguration Property Map
The configuration for the IdP initiated login.
keyId String
The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).
lambdaReconcileId String
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy String
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
loginHintConfiguration Property Map
The configuration for the login hint.
name String
The name of this OpenID Connect identity provider. This is only used for display purposes.
nameIdFormat String
Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.
postRequest Boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
requestSigningKey String
The key pair Id to use to sign the SAML request. Required when sign_request is true.
signRequest Boolean
When true authentication requests sent to the identity provider will be signed.
tenantConfigurations List<Property Map>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
uniqueIdClaim String
The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, the email_claim will be used when linking user.
useNameForEmail Boolean
Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the email_claim property must be set.
usernameClaim String
The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.
xmlSignatureCanonicalizationMethod String
The XML signature canonicalization method used when digesting and signing the SAML request.

Supporting Types

FusionAuthIdpSamlv2ApplicationConfiguration
, FusionAuthIdpSamlv2ApplicationConfigurationArgs

ApplicationId string
ID of the Application to apply this configuration to.
ButtonImageUrl string
This is an optional Application specific override for the top level button image URL.
ButtonText string
This is an optional Application specific override for the top level button text.
CreateRegistration bool
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
Enabled bool
Determines if this identity provider is enabled for the Application specified by the applicationId key.
ApplicationId string
ID of the Application to apply this configuration to.
ButtonImageUrl string
This is an optional Application specific override for the top level button image URL.
ButtonText string
This is an optional Application specific override for the top level button text.
CreateRegistration bool
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
Enabled bool
Determines if this identity provider is enabled for the Application specified by the applicationId key.
applicationId String
ID of the Application to apply this configuration to.
buttonImageUrl String
This is an optional Application specific override for the top level button image URL.
buttonText String
This is an optional Application specific override for the top level button text.
createRegistration Boolean
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled Boolean
Determines if this identity provider is enabled for the Application specified by the applicationId key.
applicationId string
ID of the Application to apply this configuration to.
buttonImageUrl string
This is an optional Application specific override for the top level button image URL.
buttonText string
This is an optional Application specific override for the top level button text.
createRegistration boolean
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled boolean
Determines if this identity provider is enabled for the Application specified by the applicationId key.
application_id str
ID of the Application to apply this configuration to.
button_image_url str
This is an optional Application specific override for the top level button image URL.
button_text str
This is an optional Application specific override for the top level button text.
create_registration bool
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled bool
Determines if this identity provider is enabled for the Application specified by the applicationId key.
applicationId String
ID of the Application to apply this configuration to.
buttonImageUrl String
This is an optional Application specific override for the top level button image URL.
buttonText String
This is an optional Application specific override for the top level button text.
createRegistration Boolean
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled Boolean
Determines if this identity provider is enabled for the Application specified by the applicationId key.

FusionAuthIdpSamlv2AssertionConfiguration
, FusionAuthIdpSamlv2AssertionConfigurationArgs

Decryption theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfigurationDecryption
The configuration for the SAML assertion decryption.
Destination theogravity.Fusionauth.Inputs.FusionAuthIdpSamlv2AssertionConfigurationDestination
The array of URLs that FusionAuth will accept as SAML login destinations if the policy setting is AllowAlternates.
Decryption FusionAuthIdpSamlv2AssertionConfigurationDecryption
The configuration for the SAML assertion decryption.
Destination FusionAuthIdpSamlv2AssertionConfigurationDestination
The array of URLs that FusionAuth will accept as SAML login destinations if the policy setting is AllowAlternates.
decryption FusionAuthIdpSamlv2AssertionConfigurationDecryption
The configuration for the SAML assertion decryption.
destination FusionAuthIdpSamlv2AssertionConfigurationDestination
The array of URLs that FusionAuth will accept as SAML login destinations if the policy setting is AllowAlternates.
decryption FusionAuthIdpSamlv2AssertionConfigurationDecryption
The configuration for the SAML assertion decryption.
destination FusionAuthIdpSamlv2AssertionConfigurationDestination
The array of URLs that FusionAuth will accept as SAML login destinations if the policy setting is AllowAlternates.
decryption FusionAuthIdpSamlv2AssertionConfigurationDecryption
The configuration for the SAML assertion decryption.
destination FusionAuthIdpSamlv2AssertionConfigurationDestination
The array of URLs that FusionAuth will accept as SAML login destinations if the policy setting is AllowAlternates.
decryption Property Map
The configuration for the SAML assertion decryption.
destination Property Map
The array of URLs that FusionAuth will accept as SAML login destinations if the policy setting is AllowAlternates.

FusionAuthIdpSamlv2AssertionConfigurationDecryption
, FusionAuthIdpSamlv2AssertionConfigurationDecryptionArgs

KeyTransportDecryptionKeyId This property is required. string
The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when enabled is true.
Enabled bool
Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
KeyTransportDecryptionKeyId This property is required. string
The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when enabled is true.
Enabled bool
Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
keyTransportDecryptionKeyId This property is required. String
The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when enabled is true.
enabled Boolean
Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
keyTransportDecryptionKeyId This property is required. string
The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when enabled is true.
enabled boolean
Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
key_transport_decryption_key_id This property is required. str
The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when enabled is true.
enabled bool
Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.
keyTransportDecryptionKeyId This property is required. String
The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when enabled is true.
enabled Boolean
Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.

FusionAuthIdpSamlv2AssertionConfigurationDestination
, FusionAuthIdpSamlv2AssertionConfigurationDestinationArgs

Alternates List<string>
The alternate destinations of the assertion.
Policy string
The policy to use when performing a destination assertion on the SAML login request. The possible values are Enabled, Disabled, and AllowAlternates.
Alternates []string
The alternate destinations of the assertion.
Policy string
The policy to use when performing a destination assertion on the SAML login request. The possible values are Enabled, Disabled, and AllowAlternates.
alternates List<String>
The alternate destinations of the assertion.
policy String
The policy to use when performing a destination assertion on the SAML login request. The possible values are Enabled, Disabled, and AllowAlternates.
alternates string[]
The alternate destinations of the assertion.
policy string
The policy to use when performing a destination assertion on the SAML login request. The possible values are Enabled, Disabled, and AllowAlternates.
alternates Sequence[str]
The alternate destinations of the assertion.
policy str
The policy to use when performing a destination assertion on the SAML login request. The possible values are Enabled, Disabled, and AllowAlternates.
alternates List<String>
The alternate destinations of the assertion.
policy String
The policy to use when performing a destination assertion on the SAML login request. The possible values are Enabled, Disabled, and AllowAlternates.

FusionAuthIdpSamlv2IdpInitiatedConfiguration
, FusionAuthIdpSamlv2IdpInitiatedConfigurationArgs

Enabled bool
Determines if FusionAuth will accept IdP initiated login requests from this SAMLv2 Identity Provider.
Issuer string
The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Required when enabled is true.
Enabled bool
Determines if FusionAuth will accept IdP initiated login requests from this SAMLv2 Identity Provider.
Issuer string
The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Required when enabled is true.
enabled Boolean
Determines if FusionAuth will accept IdP initiated login requests from this SAMLv2 Identity Provider.
issuer String
The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Required when enabled is true.
enabled boolean
Determines if FusionAuth will accept IdP initiated login requests from this SAMLv2 Identity Provider.
issuer string
The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Required when enabled is true.
enabled bool
Determines if FusionAuth will accept IdP initiated login requests from this SAMLv2 Identity Provider.
issuer str
The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Required when enabled is true.
enabled Boolean
Determines if FusionAuth will accept IdP initiated login requests from this SAMLv2 Identity Provider.
issuer String
The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Required when enabled is true.

FusionAuthIdpSamlv2LoginHintConfiguration
, FusionAuthIdpSamlv2LoginHintConfigurationArgs

Enabled bool
When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the parameter_name to initiate the AuthN request.
ParameterName string
The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is login_hint. Required when enabled is true.
Enabled bool
When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the parameter_name to initiate the AuthN request.
ParameterName string
The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is login_hint. Required when enabled is true.
enabled Boolean
When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the parameter_name to initiate the AuthN request.
parameterName String
The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is login_hint. Required when enabled is true.
enabled boolean
When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the parameter_name to initiate the AuthN request.
parameterName string
The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is login_hint. Required when enabled is true.
enabled bool
When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the parameter_name to initiate the AuthN request.
parameter_name str
The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is login_hint. Required when enabled is true.
enabled Boolean
When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the parameter_name to initiate the AuthN request.
parameterName String
The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is login_hint. Required when enabled is true.

FusionAuthIdpSamlv2TenantConfiguration
, FusionAuthIdpSamlv2TenantConfigurationArgs

LimitUserLinkCountEnabled bool
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
LimitUserLinkCountMaximumLinks int
Determines if this provider is enabled. If it is false then it will be disabled globally.
TenantId string
The unique Id of the tenant that this configuration applies to.
LimitUserLinkCountEnabled bool
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
LimitUserLinkCountMaximumLinks int
Determines if this provider is enabled. If it is false then it will be disabled globally.
TenantId string
The unique Id of the tenant that this configuration applies to.
limitUserLinkCountEnabled Boolean
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks Integer
Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId String
The unique Id of the tenant that this configuration applies to.
limitUserLinkCountEnabled boolean
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks number
Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId string
The unique Id of the tenant that this configuration applies to.
limit_user_link_count_enabled bool
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limit_user_link_count_maximum_links int
Determines if this provider is enabled. If it is false then it will be disabled globally.
tenant_id str
The unique Id of the tenant that this configuration applies to.
limitUserLinkCountEnabled Boolean
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks Number
Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId String
The unique Id of the tenant that this configuration applies to.

Package Details

Repository
fusionauth theogravity/pulumi-fusionauth
License
MIT
Notes
This Pulumi package is based on the fusionauth Terraform Provider.
FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity
theogravity/pulumi-fusionauth