authentik 2025.2.0, Mar 24 25

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

authentik.ProviderSaml

Explore with Pulumi AI

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as authentik from "@pulumi/authentik";

const default_authorization_flow = authentik.getFlow({
    slug: "default-provider-authorization-implicit-consent",
});
const nameProviderSaml = new authentik.ProviderSaml("nameProviderSaml", {
    authorizationFlow: default_authorization_flow.then(default_authorization_flow => default_authorization_flow.id),
    acsUrl: "http://localhost",
});
const nameApplication = new authentik.Application("nameApplication", {
    slug: "test-app",
    protocolProvider: nameProviderSaml.providerSamlId,
});

import pulumi
import pulumi_authentik as authentik

default_authorization_flow = authentik.get_flow(slug="default-provider-authorization-implicit-consent")
name_provider_saml = authentik.ProviderSaml("nameProviderSaml",
    authorization_flow=default_authorization_flow.id,
    acs_url="http://localhost")
name_application = authentik.Application("nameApplication",
    slug="test-app",
    protocol_provider=name_provider_saml.provider_saml_id)

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/authentik/v2025/authentik"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		default_authorization_flow, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-provider-authorization-implicit-consent"),
		}, nil)
		if err != nil {
			return err
		}
		nameProviderSaml, err := authentik.NewProviderSaml(ctx, "nameProviderSaml", &authentik.ProviderSamlArgs{
			AuthorizationFlow: pulumi.String(default_authorization_flow.Id),
			AcsUrl:            pulumi.String("http://localhost"),
		})
		if err != nil {
			return err
		}
		_, err = authentik.NewApplication(ctx, "nameApplication", &authentik.ApplicationArgs{
			Slug:             pulumi.String("test-app"),
			ProtocolProvider: nameProviderSaml.ProviderSamlId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Authentik = Pulumi.Authentik;

return await Deployment.RunAsync(() => 
{
    var default_authorization_flow = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-provider-authorization-implicit-consent",
    });

    var nameProviderSaml = new Authentik.ProviderSaml("nameProviderSaml", new()
    {
        AuthorizationFlow = default_authorization_flow.Apply(default_authorization_flow => default_authorization_flow.Apply(getFlowResult => getFlowResult.Id)),
        AcsUrl = "http://localhost",
    });

    var nameApplication = new Authentik.Application("nameApplication", new()
    {
        Slug = "test-app",
        ProtocolProvider = nameProviderSaml.ProviderSamlId,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.authentik.AuthentikFunctions;
import com.pulumi.authentik.inputs.GetFlowArgs;
import com.pulumi.authentik.ProviderSaml;
import com.pulumi.authentik.ProviderSamlArgs;
import com.pulumi.authentik.Application;
import com.pulumi.authentik.ApplicationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var default-authorization-flow = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-provider-authorization-implicit-consent")
            .build());

        var nameProviderSaml = new ProviderSaml("nameProviderSaml", ProviderSamlArgs.builder()
            .authorizationFlow(default_authorization_flow.id())
            .acsUrl("http://localhost")
            .build());

        var nameApplication = new Application("nameApplication", ApplicationArgs.builder()
            .slug("test-app")
            .protocolProvider(nameProviderSaml.providerSamlId())
            .build());

    }
}

resources:
  nameProviderSaml:
    type: authentik:ProviderSaml
    properties:
      authorizationFlow: ${["default-authorization-flow"].id}
      acsUrl: http://localhost
  nameApplication:
    type: authentik:Application
    properties:
      slug: test-app
      protocolProvider: ${nameProviderSaml.providerSamlId}
variables:
  default-authorization-flow:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-provider-authorization-implicit-consent

Create ProviderSaml Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ProviderSaml(name: string, args: ProviderSamlArgs, opts?: CustomResourceOptions);

@overload
def ProviderSaml(resource_name: str,
                 args: ProviderSamlArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def ProviderSaml(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 authorization_flow: Optional[str] = None,
                 acs_url: Optional[str] = None,
                 invalidation_flow: Optional[str] = None,
                 name_id_mapping: Optional[str] = None,
                 provider_saml_id: Optional[str] = None,
                 audience: Optional[str] = None,
                 default_relay_state: Optional[str] = None,
                 digest_algorithm: Optional[str] = None,
                 encryption_kp: Optional[str] = None,
                 assertion_valid_not_on_or_after: Optional[str] = None,
                 issuer: Optional[str] = None,
                 name: Optional[str] = None,
                 assertion_valid_not_before: Optional[str] = None,
                 property_mappings: Optional[Sequence[str]] = None,
                 authentication_flow: Optional[str] = None,
                 session_valid_not_on_or_after: Optional[str] = None,
                 sign_assertion: Optional[bool] = None,
                 sign_response: Optional[bool] = None,
                 signature_algorithm: Optional[str] = None,
                 signing_kp: Optional[str] = None,
                 sp_binding: Optional[str] = None,
                 url_slo_post: Optional[str] = None,
                 url_slo_redirect: Optional[str] = None,
                 url_sso_init: Optional[str] = None,
                 url_sso_post: Optional[str] = None,
                 url_sso_redirect: Optional[str] = None,
                 verification_kp: Optional[str] = None)

func NewProviderSaml(ctx *Context, name string, args ProviderSamlArgs, opts ...ResourceOption) (*ProviderSaml, error)

public ProviderSaml(string name, ProviderSamlArgs args, CustomResourceOptions? opts = null)

public ProviderSaml(String name, ProviderSamlArgs args)
public ProviderSaml(String name, ProviderSamlArgs args, CustomResourceOptions options)

type: authentik:ProviderSaml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ProviderSamlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ProviderSamlArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ProviderSamlArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ProviderSamlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ProviderSamlArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var providerSamlResource = new Authentik.ProviderSaml("providerSamlResource", new()
{
    AuthorizationFlow = "string",
    AcsUrl = "string",
    InvalidationFlow = "string",
    NameIdMapping = "string",
    ProviderSamlId = "string",
    Audience = "string",
    DefaultRelayState = "string",
    DigestAlgorithm = "string",
    EncryptionKp = "string",
    AssertionValidNotOnOrAfter = "string",
    Issuer = "string",
    Name = "string",
    AssertionValidNotBefore = "string",
    PropertyMappings = new[]
    {
        "string",
    },
    AuthenticationFlow = "string",
    SessionValidNotOnOrAfter = "string",
    SignAssertion = false,
    SignResponse = false,
    SignatureAlgorithm = "string",
    SigningKp = "string",
    SpBinding = "string",
    UrlSloPost = "string",
    UrlSloRedirect = "string",
    UrlSsoInit = "string",
    UrlSsoPost = "string",
    UrlSsoRedirect = "string",
    VerificationKp = "string",
});

example, err := authentik.NewProviderSaml(ctx, "providerSamlResource", &authentik.ProviderSamlArgs{
	AuthorizationFlow:          pulumi.String("string"),
	AcsUrl:                     pulumi.String("string"),
	InvalidationFlow:           pulumi.String("string"),
	NameIdMapping:              pulumi.String("string"),
	ProviderSamlId:             pulumi.String("string"),
	Audience:                   pulumi.String("string"),
	DefaultRelayState:          pulumi.String("string"),
	DigestAlgorithm:            pulumi.String("string"),
	EncryptionKp:               pulumi.String("string"),
	AssertionValidNotOnOrAfter: pulumi.String("string"),
	Issuer:                     pulumi.String("string"),
	Name:                       pulumi.String("string"),
	AssertionValidNotBefore:    pulumi.String("string"),
	PropertyMappings: pulumi.StringArray{
		pulumi.String("string"),
	},
	AuthenticationFlow:       pulumi.String("string"),
	SessionValidNotOnOrAfter: pulumi.String("string"),
	SignAssertion:            pulumi.Bool(false),
	SignResponse:             pulumi.Bool(false),
	SignatureAlgorithm:       pulumi.String("string"),
	SigningKp:                pulumi.String("string"),
	SpBinding:                pulumi.String("string"),
	UrlSloPost:               pulumi.String("string"),
	UrlSloRedirect:           pulumi.String("string"),
	UrlSsoInit:               pulumi.String("string"),
	UrlSsoPost:               pulumi.String("string"),
	UrlSsoRedirect:           pulumi.String("string"),
	VerificationKp:           pulumi.String("string"),
})

var providerSamlResource = new ProviderSaml("providerSamlResource", ProviderSamlArgs.builder()
    .authorizationFlow("string")
    .acsUrl("string")
    .invalidationFlow("string")
    .nameIdMapping("string")
    .providerSamlId("string")
    .audience("string")
    .defaultRelayState("string")
    .digestAlgorithm("string")
    .encryptionKp("string")
    .assertionValidNotOnOrAfter("string")
    .issuer("string")
    .name("string")
    .assertionValidNotBefore("string")
    .propertyMappings("string")
    .authenticationFlow("string")
    .sessionValidNotOnOrAfter("string")
    .signAssertion(false)
    .signResponse(false)
    .signatureAlgorithm("string")
    .signingKp("string")
    .spBinding("string")
    .urlSloPost("string")
    .urlSloRedirect("string")
    .urlSsoInit("string")
    .urlSsoPost("string")
    .urlSsoRedirect("string")
    .verificationKp("string")
    .build());

provider_saml_resource = authentik.ProviderSaml("providerSamlResource",
    authorization_flow="string",
    acs_url="string",
    invalidation_flow="string",
    name_id_mapping="string",
    provider_saml_id="string",
    audience="string",
    default_relay_state="string",
    digest_algorithm="string",
    encryption_kp="string",
    assertion_valid_not_on_or_after="string",
    issuer="string",
    name="string",
    assertion_valid_not_before="string",
    property_mappings=["string"],
    authentication_flow="string",
    session_valid_not_on_or_after="string",
    sign_assertion=False,
    sign_response=False,
    signature_algorithm="string",
    signing_kp="string",
    sp_binding="string",
    url_slo_post="string",
    url_slo_redirect="string",
    url_sso_init="string",
    url_sso_post="string",
    url_sso_redirect="string",
    verification_kp="string")

const providerSamlResource = new authentik.ProviderSaml("providerSamlResource", {
    authorizationFlow: "string",
    acsUrl: "string",
    invalidationFlow: "string",
    nameIdMapping: "string",
    providerSamlId: "string",
    audience: "string",
    defaultRelayState: "string",
    digestAlgorithm: "string",
    encryptionKp: "string",
    assertionValidNotOnOrAfter: "string",
    issuer: "string",
    name: "string",
    assertionValidNotBefore: "string",
    propertyMappings: ["string"],
    authenticationFlow: "string",
    sessionValidNotOnOrAfter: "string",
    signAssertion: false,
    signResponse: false,
    signatureAlgorithm: "string",
    signingKp: "string",
    spBinding: "string",
    urlSloPost: "string",
    urlSloRedirect: "string",
    urlSsoInit: "string",
    urlSsoPost: "string",
    urlSsoRedirect: "string",
    verificationKp: "string",
});

type: authentik:ProviderSaml
properties:
    acsUrl: string
    assertionValidNotBefore: string
    assertionValidNotOnOrAfter: string
    audience: string
    authenticationFlow: string
    authorizationFlow: string
    defaultRelayState: string
    digestAlgorithm: string
    encryptionKp: string
    invalidationFlow: string
    issuer: string
    name: string
    nameIdMapping: string
    propertyMappings:
        - string
    providerSamlId: string
    sessionValidNotOnOrAfter: string
    signAssertion: false
    signResponse: false
    signatureAlgorithm: string
    signingKp: string
    spBinding: string
    urlSloPost: string
    urlSloRedirect: string
    urlSsoInit: string
    urlSsoPost: string
    urlSsoRedirect: string
    verificationKp: string

ProviderSaml Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ProviderSaml resource accepts the following input properties:

AcsUrl string
AuthorizationFlow string
InvalidationFlow string
AssertionValidNotBefore string: Defaults to minutes=-5.
AssertionValidNotOnOrAfter string: Defaults to minutes=5.
Audience string: Defaults to ``.
AuthenticationFlow string
DefaultRelayState string: Defaults to ``.
DigestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
EncryptionKp string
Issuer string: Defaults to authentik.
Name string
NameIdMapping string
PropertyMappings List<string>
ProviderSamlId string
SessionValidNotOnOrAfter string: Defaults to minutes=86400.
SignAssertion bool: Defaults to true.
SignResponse bool: Defaults to false.
SignatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SpBinding string: Allowed values: - redirect - post Defaults to redirect.
UrlSloPost string: Generated.
UrlSloRedirect string: Generated.
UrlSsoInit string: Generated.
UrlSsoPost string: Generated.
UrlSsoRedirect string: Generated.
VerificationKp string

AcsUrl string
AuthorizationFlow string
InvalidationFlow string
AssertionValidNotBefore string: Defaults to minutes=-5.
AssertionValidNotOnOrAfter string: Defaults to minutes=5.
Audience string: Defaults to ``.
AuthenticationFlow string
DefaultRelayState string: Defaults to ``.
DigestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
EncryptionKp string
Issuer string: Defaults to authentik.
Name string
NameIdMapping string
PropertyMappings []string
ProviderSamlId string
SessionValidNotOnOrAfter string: Defaults to minutes=86400.
SignAssertion bool: Defaults to true.
SignResponse bool: Defaults to false.
SignatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SpBinding string: Allowed values: - redirect - post Defaults to redirect.
UrlSloPost string: Generated.
UrlSloRedirect string: Generated.
UrlSsoInit string: Generated.
UrlSsoPost string: Generated.
UrlSsoRedirect string: Generated.
VerificationKp string

acsUrl String
authorizationFlow String
invalidationFlow String
assertionValidNotBefore String: Defaults to minutes=-5.
assertionValidNotOnOrAfter String: Defaults to minutes=5.
audience String: Defaults to ``.
authenticationFlow String
defaultRelayState String: Defaults to ``.
digestAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp String
issuer String: Defaults to authentik.
name String
nameIdMapping String
propertyMappings List<String>
providerSamlId String
sessionValidNotOnOrAfter String: Defaults to minutes=86400.
signAssertion Boolean: Defaults to true.
signResponse Boolean: Defaults to false.
signatureAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
spBinding String: Allowed values: - redirect - post Defaults to redirect.
urlSloPost String: Generated.
urlSloRedirect String: Generated.
urlSsoInit String: Generated.
urlSsoPost String: Generated.
urlSsoRedirect String: Generated.
verificationKp String

acsUrl string
authorizationFlow string
invalidationFlow string
assertionValidNotBefore string: Defaults to minutes=-5.
assertionValidNotOnOrAfter string: Defaults to minutes=5.
audience string: Defaults to ``.
authenticationFlow string
defaultRelayState string: Defaults to ``.
digestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp string
issuer string: Defaults to authentik.
name string
nameIdMapping string
propertyMappings string[]
providerSamlId string
sessionValidNotOnOrAfter string: Defaults to minutes=86400.
signAssertion boolean: Defaults to true.
signResponse boolean: Defaults to false.
signatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp string
spBinding string: Allowed values: - redirect - post Defaults to redirect.
urlSloPost string: Generated.
urlSloRedirect string: Generated.
urlSsoInit string: Generated.
urlSsoPost string: Generated.
urlSsoRedirect string: Generated.
verificationKp string

acs_url str
authorization_flow str
invalidation_flow str
assertion_valid_not_before str: Defaults to minutes=-5.
assertion_valid_not_on_or_after str: Defaults to minutes=5.
audience str: Defaults to ``.
authentication_flow str
default_relay_state str: Defaults to ``.
digest_algorithm str: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryption_kp str
issuer str: Defaults to authentik.
name str
name_id_mapping str
property_mappings Sequence[str]
provider_saml_id str
session_valid_not_on_or_after str: Defaults to minutes=86400.
sign_assertion bool: Defaults to true.
sign_response bool: Defaults to false.
signature_algorithm str: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signing_kp str
sp_binding str: Allowed values: - redirect - post Defaults to redirect.
url_slo_post str: Generated.
url_slo_redirect str: Generated.
url_sso_init str: Generated.
url_sso_post str: Generated.
url_sso_redirect str: Generated.
verification_kp str

acsUrl String
authorizationFlow String
invalidationFlow String
assertionValidNotBefore String: Defaults to minutes=-5.
assertionValidNotOnOrAfter String: Defaults to minutes=5.
audience String: Defaults to ``.
authenticationFlow String
defaultRelayState String: Defaults to ``.
digestAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp String
issuer String: Defaults to authentik.
name String
nameIdMapping String
propertyMappings List<String>
providerSamlId String
sessionValidNotOnOrAfter String: Defaults to minutes=86400.
signAssertion Boolean: Defaults to true.
signResponse Boolean: Defaults to false.
signatureAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
spBinding String: Allowed values: - redirect - post Defaults to redirect.
urlSloPost String: Generated.
urlSloRedirect String: Generated.
urlSsoInit String: Generated.
urlSsoPost String: Generated.
urlSsoRedirect String: Generated.
verificationKp String

Outputs

All input properties are implicitly available as output properties. Additionally, the ProviderSaml resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing ProviderSaml Resource

Get an existing ProviderSaml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ProviderSamlState, opts?: CustomResourceOptions): ProviderSaml

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acs_url: Optional[str] = None,
        assertion_valid_not_before: Optional[str] = None,
        assertion_valid_not_on_or_after: Optional[str] = None,
        audience: Optional[str] = None,
        authentication_flow: Optional[str] = None,
        authorization_flow: Optional[str] = None,
        default_relay_state: Optional[str] = None,
        digest_algorithm: Optional[str] = None,
        encryption_kp: Optional[str] = None,
        invalidation_flow: Optional[str] = None,
        issuer: Optional[str] = None,
        name: Optional[str] = None,
        name_id_mapping: Optional[str] = None,
        property_mappings: Optional[Sequence[str]] = None,
        provider_saml_id: Optional[str] = None,
        session_valid_not_on_or_after: Optional[str] = None,
        sign_assertion: Optional[bool] = None,
        sign_response: Optional[bool] = None,
        signature_algorithm: Optional[str] = None,
        signing_kp: Optional[str] = None,
        sp_binding: Optional[str] = None,
        url_slo_post: Optional[str] = None,
        url_slo_redirect: Optional[str] = None,
        url_sso_init: Optional[str] = None,
        url_sso_post: Optional[str] = None,
        url_sso_redirect: Optional[str] = None,
        verification_kp: Optional[str] = None) -> ProviderSaml

func GetProviderSaml(ctx *Context, name string, id IDInput, state *ProviderSamlState, opts ...ResourceOption) (*ProviderSaml, error)

public static ProviderSaml Get(string name, Input<string> id, ProviderSamlState? state, CustomResourceOptions? opts = null)

public static ProviderSaml get(String name, Output<String> id, ProviderSamlState state, CustomResourceOptions options)

resources:  _:    type: authentik:ProviderSaml    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AcsUrl string
AssertionValidNotBefore string: Defaults to minutes=-5.
AssertionValidNotOnOrAfter string: Defaults to minutes=5.
Audience string: Defaults to ``.
AuthenticationFlow string
AuthorizationFlow string
DefaultRelayState string: Defaults to ``.
DigestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
EncryptionKp string
InvalidationFlow string
Issuer string: Defaults to authentik.
Name string
NameIdMapping string
PropertyMappings List<string>
ProviderSamlId string
SessionValidNotOnOrAfter string: Defaults to minutes=86400.
SignAssertion bool: Defaults to true.
SignResponse bool: Defaults to false.
SignatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SpBinding string: Allowed values: - redirect - post Defaults to redirect.
UrlSloPost string: Generated.
UrlSloRedirect string: Generated.
UrlSsoInit string: Generated.
UrlSsoPost string: Generated.
UrlSsoRedirect string: Generated.
VerificationKp string

AcsUrl string
AssertionValidNotBefore string: Defaults to minutes=-5.
AssertionValidNotOnOrAfter string: Defaults to minutes=5.
Audience string: Defaults to ``.
AuthenticationFlow string
AuthorizationFlow string
DefaultRelayState string: Defaults to ``.
DigestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
EncryptionKp string
InvalidationFlow string
Issuer string: Defaults to authentik.
Name string
NameIdMapping string
PropertyMappings []string
ProviderSamlId string
SessionValidNotOnOrAfter string: Defaults to minutes=86400.
SignAssertion bool: Defaults to true.
SignResponse bool: Defaults to false.
SignatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SpBinding string: Allowed values: - redirect - post Defaults to redirect.
UrlSloPost string: Generated.
UrlSloRedirect string: Generated.
UrlSsoInit string: Generated.
UrlSsoPost string: Generated.
UrlSsoRedirect string: Generated.
VerificationKp string

acsUrl String
assertionValidNotBefore String: Defaults to minutes=-5.
assertionValidNotOnOrAfter String: Defaults to minutes=5.
audience String: Defaults to ``.
authenticationFlow String
authorizationFlow String
defaultRelayState String: Defaults to ``.
digestAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp String
invalidationFlow String
issuer String: Defaults to authentik.
name String
nameIdMapping String
propertyMappings List<String>
providerSamlId String
sessionValidNotOnOrAfter String: Defaults to minutes=86400.
signAssertion Boolean: Defaults to true.
signResponse Boolean: Defaults to false.
signatureAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
spBinding String: Allowed values: - redirect - post Defaults to redirect.
urlSloPost String: Generated.
urlSloRedirect String: Generated.
urlSsoInit String: Generated.
urlSsoPost String: Generated.
urlSsoRedirect String: Generated.
verificationKp String

acsUrl string
assertionValidNotBefore string: Defaults to minutes=-5.
assertionValidNotOnOrAfter string: Defaults to minutes=5.
audience string: Defaults to ``.
authenticationFlow string
authorizationFlow string
defaultRelayState string: Defaults to ``.
digestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp string
invalidationFlow string
issuer string: Defaults to authentik.
name string
nameIdMapping string
propertyMappings string[]
providerSamlId string
sessionValidNotOnOrAfter string: Defaults to minutes=86400.
signAssertion boolean: Defaults to true.
signResponse boolean: Defaults to false.
signatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp string
spBinding string: Allowed values: - redirect - post Defaults to redirect.
urlSloPost string: Generated.
urlSloRedirect string: Generated.
urlSsoInit string: Generated.
urlSsoPost string: Generated.
urlSsoRedirect string: Generated.
verificationKp string

acs_url str
assertion_valid_not_before str: Defaults to minutes=-5.
assertion_valid_not_on_or_after str: Defaults to minutes=5.
audience str: Defaults to ``.
authentication_flow str
authorization_flow str
default_relay_state str: Defaults to ``.
digest_algorithm str: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryption_kp str
invalidation_flow str
issuer str: Defaults to authentik.
name str
name_id_mapping str
property_mappings Sequence[str]
provider_saml_id str
session_valid_not_on_or_after str: Defaults to minutes=86400.
sign_assertion bool: Defaults to true.
sign_response bool: Defaults to false.
signature_algorithm str: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signing_kp str
sp_binding str: Allowed values: - redirect - post Defaults to redirect.
url_slo_post str: Generated.
url_slo_redirect str: Generated.
url_sso_init str: Generated.
url_sso_post str: Generated.
url_sso_redirect str: Generated.
verification_kp str

acsUrl String
assertionValidNotBefore String: Defaults to minutes=-5.
assertionValidNotOnOrAfter String: Defaults to minutes=5.
audience String: Defaults to ``.
authenticationFlow String
authorizationFlow String
defaultRelayState String: Defaults to ``.
digestAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp String
invalidationFlow String
issuer String: Defaults to authentik.
name String
nameIdMapping String
propertyMappings List<String>
providerSamlId String
sessionValidNotOnOrAfter String: Defaults to minutes=86400.
signAssertion Boolean: Defaults to true.
signResponse Boolean: Defaults to false.
signatureAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
spBinding String: Allowed values: - redirect - post Defaults to redirect.
urlSloPost String: Generated.
urlSloRedirect String: Generated.
urlSsoInit String: Generated.
urlSsoPost String: Generated.
urlSsoRedirect String: Generated.
verificationKp String

Package Details

Repository: authentik goauthentik/terraform-provider-authentik
License
Notes: This Pulumi package is based on the authentik Terraform Provider.

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

authentik.ProviderSaml

On this page

On this page

Example Usage

Create ProviderSaml Resource

Constructor syntax

Parameters

Constructor example

ProviderSaml Resource Properties

Inputs

Outputs

Look up Existing ProviderSaml Resource

Package Details

On this page

On this page