cyral.getSamlConfiguration

Start a Neo task

Explain and create a cyral.getSamlConfiguration resource

cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc

cyralinc/terraform-provider-cyral

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cyral from "@pulumi/cyral";

const someDataSourceName = cyral.getSamlConfiguration({
    samlMetadataUrl: "some_metadata_url",
});

import pulumi
import pulumi_cyral as cyral

some_data_source_name = cyral.get_saml_configuration(saml_metadata_url="some_metadata_url")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cyral.GetSamlConfiguration(ctx, &cyral.GetSamlConfigurationArgs{
			SamlMetadataUrl: pulumi.StringRef("some_metadata_url"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cyral = Pulumi.Cyral;

return await Deployment.RunAsync(() => 
{
    var someDataSourceName = Cyral.GetSamlConfiguration.Invoke(new()
    {
        SamlMetadataUrl = "some_metadata_url",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cyral.CyralFunctions;
import com.pulumi.cyral.inputs.GetSamlConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var someDataSourceName = CyralFunctions.getSamlConfiguration(GetSamlConfigurationArgs.builder()
            .samlMetadataUrl("some_metadata_url")
            .build());

    }
}

variables:
  someDataSourceName:
    fn::invoke:
      function: cyral:getSamlConfiguration
      arguments:
        samlMetadataUrl: some_metadata_url

Using getSamlConfiguration

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSamlConfiguration(args: GetSamlConfigurationArgs, opts?: InvokeOptions): Promise<GetSamlConfigurationResult>
function getSamlConfigurationOutput(args: GetSamlConfigurationOutputArgs, opts?: InvokeOptions): Output<GetSamlConfigurationResult>

def get_saml_configuration(base64_saml_metadata_document: Optional[str] = None,
                           saml_metadata_url: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetSamlConfigurationResult
def get_saml_configuration_output(base64_saml_metadata_document: Optional[pulumi.Input[str]] = None,
                           saml_metadata_url: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetSamlConfigurationResult]

func GetSamlConfiguration(ctx *Context, args *GetSamlConfigurationArgs, opts ...InvokeOption) (*GetSamlConfigurationResult, error)
func GetSamlConfigurationOutput(ctx *Context, args *GetSamlConfigurationOutputArgs, opts ...InvokeOption) GetSamlConfigurationResultOutput

> Note: This function is named GetSamlConfiguration in the Go SDK.

public static class GetSamlConfiguration 
{
    public static Task<GetSamlConfigurationResult> InvokeAsync(GetSamlConfigurationArgs args, InvokeOptions? opts = null)
    public static Output<GetSamlConfigurationResult> Invoke(GetSamlConfigurationInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSamlConfigurationResult> getSamlConfiguration(GetSamlConfigurationArgs args, InvokeOptions options)
public static Output<GetSamlConfigurationResult> getSamlConfiguration(GetSamlConfigurationArgs args, InvokeOptions options)

fn::invoke:
  function: cyral:index/getSamlConfiguration:getSamlConfiguration
  arguments:
    # arguments dictionary

The following arguments are supported:

Base64SamlMetadataDocument string: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
SamlMetadataUrl string: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

Base64SamlMetadataDocument string: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
SamlMetadataUrl string: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

base64SamlMetadataDocument String: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
samlMetadataUrl String: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

base64SamlMetadataDocument string: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
samlMetadataUrl string: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

base64_saml_metadata_document str: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
saml_metadata_url str: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

base64SamlMetadataDocument String: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
samlMetadataUrl String: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

getSamlConfiguration Result

The following output properties are available:

AllowedClockSkew double: Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is 0.
BackChannelSupported bool: Defaults to false if unset.
DisableForceAuthentication bool: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
DisablePostBindingAuthnRequest bool: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
DisablePostBindingLogout bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
DisablePostBindingResponse bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
DisableUsingJwksUrl bool: By default, the jwks URL is used for all SAML connections.
DisableValidateSignature bool: Enable/Disable signature validation of SAML responses. Highly recommended for minimum security.
DisableWantAssertionsSigned bool: Indicates whether the service provider expects a signed Assertion.
DisableWantAuthnRequestsSigned bool: Indicates whether the identity provider expects a signed AuthnRequest.
GuiOrder string: GUI order.
HideOnLoginPage bool: Defaults to false if unset.
Id string
LdapGroupAttribute string: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
NameIdPolicyFormat string: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
PrincipalType string: Defaults to SUBJECT if unset.
SamlXmlKeyNameTranformer string: Defaults to KEY_ID if unset.
SignatureType string: Defaults to RSA_SHA256 if unset.
SigningCertificate string: Signing certificate used to validate signatures. Required if signature validation is enabled.
SingleLogoutServiceUrl string: URL that must be used to send logout requests.
SingleSignOnServiceUrl string: URL that must be used to send authentication requests (SAML AuthnRequest).
SyncMode string: Defaults to FORCE if unset.
WantAssertionsEncrypted bool: Indicates whether the service provider expects an encrypted Assertion.
XmlSigKeyInfoKeyNameTransformer string: Defaults to KEY_ID if unset.
Base64SamlMetadataDocument string: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
SamlMetadataUrl string: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

AllowedClockSkew float64: Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is 0.
BackChannelSupported bool: Defaults to false if unset.
DisableForceAuthentication bool: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
DisablePostBindingAuthnRequest bool: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
DisablePostBindingLogout bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
DisablePostBindingResponse bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
DisableUsingJwksUrl bool: By default, the jwks URL is used for all SAML connections.
DisableValidateSignature bool: Enable/Disable signature validation of SAML responses. Highly recommended for minimum security.
DisableWantAssertionsSigned bool: Indicates whether the service provider expects a signed Assertion.
DisableWantAuthnRequestsSigned bool: Indicates whether the identity provider expects a signed AuthnRequest.
GuiOrder string: GUI order.
HideOnLoginPage bool: Defaults to false if unset.
Id string
LdapGroupAttribute string: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
NameIdPolicyFormat string: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
PrincipalType string: Defaults to SUBJECT if unset.
SamlXmlKeyNameTranformer string: Defaults to KEY_ID if unset.
SignatureType string: Defaults to RSA_SHA256 if unset.
SigningCertificate string: Signing certificate used to validate signatures. Required if signature validation is enabled.
SingleLogoutServiceUrl string: URL that must be used to send logout requests.
SingleSignOnServiceUrl string: URL that must be used to send authentication requests (SAML AuthnRequest).
SyncMode string: Defaults to FORCE if unset.
WantAssertionsEncrypted bool: Indicates whether the service provider expects an encrypted Assertion.
XmlSigKeyInfoKeyNameTransformer string: Defaults to KEY_ID if unset.
Base64SamlMetadataDocument string: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
SamlMetadataUrl string: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

allowedClockSkew Double: Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is 0.
backChannelSupported Boolean: Defaults to false if unset.
disableForceAuthentication Boolean: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
disablePostBindingAuthnRequest Boolean: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disablePostBindingLogout Boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disablePostBindingResponse Boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disableUsingJwksUrl Boolean: By default, the jwks URL is used for all SAML connections.
disableValidateSignature Boolean: Enable/Disable signature validation of SAML responses. Highly recommended for minimum security.
disableWantAssertionsSigned Boolean: Indicates whether the service provider expects a signed Assertion.
disableWantAuthnRequestsSigned Boolean: Indicates whether the identity provider expects a signed AuthnRequest.
guiOrder String: GUI order.
hideOnLoginPage Boolean: Defaults to false if unset.
id String
ldapGroupAttribute String: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
nameIdPolicyFormat String: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
principalType String: Defaults to SUBJECT if unset.
samlXmlKeyNameTranformer String: Defaults to KEY_ID if unset.
signatureType String: Defaults to RSA_SHA256 if unset.
signingCertificate String: Signing certificate used to validate signatures. Required if signature validation is enabled.
singleLogoutServiceUrl String: URL that must be used to send logout requests.
singleSignOnServiceUrl String: URL that must be used to send authentication requests (SAML AuthnRequest).
syncMode String: Defaults to FORCE if unset.
wantAssertionsEncrypted Boolean: Indicates whether the service provider expects an encrypted Assertion.
xmlSigKeyInfoKeyNameTransformer String: Defaults to KEY_ID if unset.
base64SamlMetadataDocument String: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
samlMetadataUrl String: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

allowedClockSkew number: Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is 0.
backChannelSupported boolean: Defaults to false if unset.
disableForceAuthentication boolean: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
disablePostBindingAuthnRequest boolean: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disablePostBindingLogout boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disablePostBindingResponse boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disableUsingJwksUrl boolean: By default, the jwks URL is used for all SAML connections.
disableValidateSignature boolean: Enable/Disable signature validation of SAML responses. Highly recommended for minimum security.
disableWantAssertionsSigned boolean: Indicates whether the service provider expects a signed Assertion.
disableWantAuthnRequestsSigned boolean: Indicates whether the identity provider expects a signed AuthnRequest.
guiOrder string: GUI order.
hideOnLoginPage boolean: Defaults to false if unset.
id string
ldapGroupAttribute string: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
nameIdPolicyFormat string: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
principalType string: Defaults to SUBJECT if unset.
samlXmlKeyNameTranformer string: Defaults to KEY_ID if unset.
signatureType string: Defaults to RSA_SHA256 if unset.
signingCertificate string: Signing certificate used to validate signatures. Required if signature validation is enabled.
singleLogoutServiceUrl string: URL that must be used to send logout requests.
singleSignOnServiceUrl string: URL that must be used to send authentication requests (SAML AuthnRequest).
syncMode string: Defaults to FORCE if unset.
wantAssertionsEncrypted boolean: Indicates whether the service provider expects an encrypted Assertion.
xmlSigKeyInfoKeyNameTransformer string: Defaults to KEY_ID if unset.
base64SamlMetadataDocument string: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
samlMetadataUrl string: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

allowed_clock_skew float: Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is 0.
back_channel_supported bool: Defaults to false if unset.
disable_force_authentication bool: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
disable_post_binding_authn_request bool: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disable_post_binding_logout bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disable_post_binding_response bool: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disable_using_jwks_url bool: By default, the jwks URL is used for all SAML connections.
disable_validate_signature bool: Enable/Disable signature validation of SAML responses. Highly recommended for minimum security.
disable_want_assertions_signed bool: Indicates whether the service provider expects a signed Assertion.
disable_want_authn_requests_signed bool: Indicates whether the identity provider expects a signed AuthnRequest.
gui_order str: GUI order.
hide_on_login_page bool: Defaults to false if unset.
id str
ldap_group_attribute str: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
name_id_policy_format str: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
principal_type str: Defaults to SUBJECT if unset.
saml_xml_key_name_tranformer str: Defaults to KEY_ID if unset.
signature_type str: Defaults to RSA_SHA256 if unset.
signing_certificate str: Signing certificate used to validate signatures. Required if signature validation is enabled.
single_logout_service_url str: URL that must be used to send logout requests.
single_sign_on_service_url str: URL that must be used to send authentication requests (SAML AuthnRequest).
sync_mode str: Defaults to FORCE if unset.
want_assertions_encrypted bool: Indicates whether the service provider expects an encrypted Assertion.
xml_sig_key_info_key_name_transformer str: Defaults to KEY_ID if unset.
base64_saml_metadata_document str: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
saml_metadata_url str: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

allowedClockSkew Number: Clock skew in seconds that is tolerated when validating identity provider tokens. Default value is 0.
backChannelSupported Boolean: Defaults to false if unset.
disableForceAuthentication Boolean: Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.
disablePostBindingAuthnRequest Boolean: Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disablePostBindingLogout Boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disablePostBindingResponse Boolean: Indicates whether to respond to requests using HTTP-POST binding. If true, HTTP-REDIRECT binding will be used.
disableUsingJwksUrl Boolean: By default, the jwks URL is used for all SAML connections.
disableValidateSignature Boolean: Enable/Disable signature validation of SAML responses. Highly recommended for minimum security.
disableWantAssertionsSigned Boolean: Indicates whether the service provider expects a signed Assertion.
disableWantAuthnRequestsSigned Boolean: Indicates whether the identity provider expects a signed AuthnRequest.
guiOrder String: GUI order.
hideOnLoginPage Boolean: Defaults to false if unset.
id String
ldapGroupAttribute String: Type of LDAP Group RDN that identifies the name of a group within a DN. For example, if an LDAP DN sent in a SAML assertion is cn=Everyone, ou=groups, dc=openam, dc=forgerock, dc=org and the LDAP Group RDN Type is cn Cyral will interpret Everyone as the group name.
nameIdPolicyFormat String: Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified if unset.
principalType String: Defaults to SUBJECT if unset.
samlXmlKeyNameTranformer String: Defaults to KEY_ID if unset.
signatureType String: Defaults to RSA_SHA256 if unset.
signingCertificate String: Signing certificate used to validate signatures. Required if signature validation is enabled.
singleLogoutServiceUrl String: URL that must be used to send logout requests.
singleSignOnServiceUrl String: URL that must be used to send authentication requests (SAML AuthnRequest).
syncMode String: Defaults to FORCE if unset.
wantAssertionsEncrypted Boolean: Indicates whether the service provider expects an encrypted Assertion.
xmlSigKeyInfoKeyNameTransformer String: Defaults to KEY_ID if unset.
base64SamlMetadataDocument String: (Required unless using saml_metadata_url) This is the full SAML metadata document that should be used to parse a SAML configuration, Base64 encoded.
samlMetadataUrl String: (Required unless using base_64_saml_metadata_document) This is the full SAML metadata URL we should use to parse to a SAML configuration.

Package Details

Repository: cyral cyralinc/terraform-provider-cyral
License
Notes: This Pulumi package is based on the cyral Terraform Provider.

cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc

cyralinc/terraform-provider-cyral

cyral.getSamlConfiguration

On this page

On this page

Example Usage

Using getSamlConfiguration

getSamlConfiguration Result

Package Details

On this page

On this page