ignition_identity_provider Resource

ignition_identity_provider (Resource)

Manages an Identity Provider in Ignition.

Example Usage

resource "ignition_identity_provider" "oidc" {
  name = "AzureAD"
  type = "oidc"
  config = {
    client_id                   = "my-client-id"
    client_secret               = "my-client-secret"
    provider_id                 = "azure-ad"
    authorization_endpoint      = "https://login.microsoftonline.com/.../oauth2/v2.0/authorize"
    token_endpoint              = "https://login.microsoftonline.com/.../oauth2/v2.0/token"
    json_web_keys_endpoint      = "https://login.microsoftonline.com/.../discovery/v2.0/keys"
    json_web_keys_endpoint_enabled = true
  }
}

Schema

Required

• name (String) The name of the identity provider.
• type (String) The type of the identity provider (internal, oidc, saml).

Optional

• acs_binding (String) The expected binding used by the IdP (HTTP-Redirect, HTTP-POST).
• assertion_signatures_required (Boolean)
• authorization_endpoint (String) URL of the OP’s OAuth 2.0 Authorization Endpoint.
• client_id (String) The client identifier registered within the identity provider.
• client_secret (String, Sensitive) The client secret registered within the identity provider.
• description (String) The description of the identity provider.
• enabled (Boolean) Whether the identity provider is enabled.
• force_authn (Boolean)
• idp_entity_id (String) The Identity Provider’s Entity ID.
• idp_metadata_url (String)
• idp_metadata_url_enabled (Boolean)
• jwk_endpoint (String) URL of the OP’s JSON Web Key Set document.
• jwk_endpoint_enabled (Boolean) If true, then identity provider public keys will be automatically downloaded.
• logout_endpoint (String) URL at the OP to which an RP can perform a redirect to request that the End-User be logged out.
• name_id_format (String) The expected name ID format.
• provider_id (String) The issuer URL of the identity provider.
• remember_me_expiration (Number) Maximum hours a user will be remembered.
• response_signatures_required (Boolean)
• session_expiration (Number) Maximum minutes a session may exist before it is expired.
• session_inactivity_timeout (Number) Minutes before expiring a session due to user inactivity.
• sp_entity_id (String) The Service Provider’s Entity ID.
• sp_entity_id_enabled (Boolean) True if the SP Entity ID setting should be used.
• sso_service_config (Attributes) The Identity Provider’s SSO Service Configuration. (see below for nested schema)
• token_endpoint (String) URL of the OP’s OAuth 2.0 Token Endpoint.
• user_info_endpoint (String) URL to retrieve UserInfo claims from the provider.
• user_source (String) The name of the User Source Profile used to authenticate users (for ‘internal’ type).

Read-Only

• id (String) The ID of this resource.
• signature (String) The signature of the resource.

Nested Schema for sso_service_config

Required:

• binding (String)
• uri (String)