Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Authentik Provider
  3. API Docs
  4. ProviderSaml
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
goauthentik/terraform-provider-authentik

authentik.ProviderSaml

Explore with Pulumi AI

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
goauthentik/terraform-provider-authentik

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as authentik from "@pulumi/authentik";

const default_authorization_flow = authentik.getFlow({
    slug: "default-provider-authorization-implicit-consent",
});
const nameProviderSaml = new authentik.ProviderSaml("nameProviderSaml", {
    authorizationFlow: default_authorization_flow.then(default_authorization_flow => default_authorization_flow.id),
    acsUrl: "http://localhost",
});
const nameApplication = new authentik.Application("nameApplication", {
    slug: "test-app",
    protocolProvider: nameProviderSaml.providerSamlId,
});
Copy
import pulumi
import pulumi_authentik as authentik

default_authorization_flow = authentik.get_flow(slug="default-provider-authorization-implicit-consent")
name_provider_saml = authentik.ProviderSaml("nameProviderSaml",
    authorization_flow=default_authorization_flow.id,
    acs_url="http://localhost")
name_application = authentik.Application("nameApplication",
    slug="test-app",
    protocol_provider=name_provider_saml.provider_saml_id)
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/authentik/v2025/authentik"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		default_authorization_flow, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-provider-authorization-implicit-consent"),
		}, nil)
		if err != nil {
			return err
		}
		nameProviderSaml, err := authentik.NewProviderSaml(ctx, "nameProviderSaml", &authentik.ProviderSamlArgs{
			AuthorizationFlow: pulumi.String(default_authorization_flow.Id),
			AcsUrl:            pulumi.String("http://localhost"),
		})
		if err != nil {
			return err
		}
		_, err = authentik.NewApplication(ctx, "nameApplication", &authentik.ApplicationArgs{
			Slug:             pulumi.String("test-app"),
			ProtocolProvider: nameProviderSaml.ProviderSamlId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Authentik = Pulumi.Authentik;

return await Deployment.RunAsync(() => 
{
    var default_authorization_flow = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-provider-authorization-implicit-consent",
    });

    var nameProviderSaml = new Authentik.ProviderSaml("nameProviderSaml", new()
    {
        AuthorizationFlow = default_authorization_flow.Apply(default_authorization_flow => default_authorization_flow.Apply(getFlowResult => getFlowResult.Id)),
        AcsUrl = "http://localhost",
    });

    var nameApplication = new Authentik.Application("nameApplication", new()
    {
        Slug = "test-app",
        ProtocolProvider = nameProviderSaml.ProviderSamlId,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.authentik.AuthentikFunctions;
import com.pulumi.authentik.inputs.GetFlowArgs;
import com.pulumi.authentik.ProviderSaml;
import com.pulumi.authentik.ProviderSamlArgs;
import com.pulumi.authentik.Application;
import com.pulumi.authentik.ApplicationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var default-authorization-flow = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-provider-authorization-implicit-consent")
            .build());

        var nameProviderSaml = new ProviderSaml("nameProviderSaml", ProviderSamlArgs.builder()
            .authorizationFlow(default_authorization_flow.id())
            .acsUrl("http://localhost")
            .build());

        var nameApplication = new Application("nameApplication", ApplicationArgs.builder()
            .slug("test-app")
            .protocolProvider(nameProviderSaml.providerSamlId())
            .build());

    }
}
Copy
resources:
  nameProviderSaml:
    type: authentik:ProviderSaml
    properties:
      authorizationFlow: ${["default-authorization-flow"].id}
      acsUrl: http://localhost
  nameApplication:
    type: authentik:Application
    properties:
      slug: test-app
      protocolProvider: ${nameProviderSaml.providerSamlId}
variables:
  default-authorization-flow:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-provider-authorization-implicit-consent
Copy

Create ProviderSaml Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ProviderSaml(name: string, args: ProviderSamlArgs, opts?: CustomResourceOptions);
@overload
def ProviderSaml(resource_name: str,
                 args: ProviderSamlArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def ProviderSaml(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 authorization_flow: Optional[str] = None,
                 acs_url: Optional[str] = None,
                 invalidation_flow: Optional[str] = None,
                 name_id_mapping: Optional[str] = None,
                 provider_saml_id: Optional[str] = None,
                 audience: Optional[str] = None,
                 default_relay_state: Optional[str] = None,
                 digest_algorithm: Optional[str] = None,
                 encryption_kp: Optional[str] = None,
                 assertion_valid_not_on_or_after: Optional[str] = None,
                 issuer: Optional[str] = None,
                 name: Optional[str] = None,
                 assertion_valid_not_before: Optional[str] = None,
                 property_mappings: Optional[Sequence[str]] = None,
                 authentication_flow: Optional[str] = None,
                 session_valid_not_on_or_after: Optional[str] = None,
                 sign_assertion: Optional[bool] = None,
                 sign_response: Optional[bool] = None,
                 signature_algorithm: Optional[str] = None,
                 signing_kp: Optional[str] = None,
                 sp_binding: Optional[str] = None,
                 url_slo_post: Optional[str] = None,
                 url_slo_redirect: Optional[str] = None,
                 url_sso_init: Optional[str] = None,
                 url_sso_post: Optional[str] = None,
                 url_sso_redirect: Optional[str] = None,
                 verification_kp: Optional[str] = None)
func NewProviderSaml(ctx *Context, name string, args ProviderSamlArgs, opts ...ResourceOption) (*ProviderSaml, error)
public ProviderSaml(string name, ProviderSamlArgs args, CustomResourceOptions? opts = null)
public ProviderSaml(String name, ProviderSamlArgs args)
public ProviderSaml(String name, ProviderSamlArgs args, CustomResourceOptions options)

type: authentik:ProviderSaml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. ProviderSamlArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. ProviderSamlArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. ProviderSamlArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. ProviderSamlArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. ProviderSamlArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var providerSamlResource = new Authentik.ProviderSaml("providerSamlResource", new()
{
    AuthorizationFlow = "string",
    AcsUrl = "string",
    InvalidationFlow = "string",
    NameIdMapping = "string",
    ProviderSamlId = "string",
    Audience = "string",
    DefaultRelayState = "string",
    DigestAlgorithm = "string",
    EncryptionKp = "string",
    AssertionValidNotOnOrAfter = "string",
    Issuer = "string",
    Name = "string",
    AssertionValidNotBefore = "string",
    PropertyMappings = new[]
    {
        "string",
    },
    AuthenticationFlow = "string",
    SessionValidNotOnOrAfter = "string",
    SignAssertion = false,
    SignResponse = false,
    SignatureAlgorithm = "string",
    SigningKp = "string",
    SpBinding = "string",
    UrlSloPost = "string",
    UrlSloRedirect = "string",
    UrlSsoInit = "string",
    UrlSsoPost = "string",
    UrlSsoRedirect = "string",
    VerificationKp = "string",
});
Copy
example, err := authentik.NewProviderSaml(ctx, "providerSamlResource", &authentik.ProviderSamlArgs{
	AuthorizationFlow:          pulumi.String("string"),
	AcsUrl:                     pulumi.String("string"),
	InvalidationFlow:           pulumi.String("string"),
	NameIdMapping:              pulumi.String("string"),
	ProviderSamlId:             pulumi.String("string"),
	Audience:                   pulumi.String("string"),
	DefaultRelayState:          pulumi.String("string"),
	DigestAlgorithm:            pulumi.String("string"),
	EncryptionKp:               pulumi.String("string"),
	AssertionValidNotOnOrAfter: pulumi.String("string"),
	Issuer:                     pulumi.String("string"),
	Name:                       pulumi.String("string"),
	AssertionValidNotBefore:    pulumi.String("string"),
	PropertyMappings: pulumi.StringArray{
		pulumi.String("string"),
	},
	AuthenticationFlow:       pulumi.String("string"),
	SessionValidNotOnOrAfter: pulumi.String("string"),
	SignAssertion:            pulumi.Bool(false),
	SignResponse:             pulumi.Bool(false),
	SignatureAlgorithm:       pulumi.String("string"),
	SigningKp:                pulumi.String("string"),
	SpBinding:                pulumi.String("string"),
	UrlSloPost:               pulumi.String("string"),
	UrlSloRedirect:           pulumi.String("string"),
	UrlSsoInit:               pulumi.String("string"),
	UrlSsoPost:               pulumi.String("string"),
	UrlSsoRedirect:           pulumi.String("string"),
	VerificationKp:           pulumi.String("string"),
})
Copy
var providerSamlResource = new ProviderSaml("providerSamlResource", ProviderSamlArgs.builder()
    .authorizationFlow("string")
    .acsUrl("string")
    .invalidationFlow("string")
    .nameIdMapping("string")
    .providerSamlId("string")
    .audience("string")
    .defaultRelayState("string")
    .digestAlgorithm("string")
    .encryptionKp("string")
    .assertionValidNotOnOrAfter("string")
    .issuer("string")
    .name("string")
    .assertionValidNotBefore("string")
    .propertyMappings("string")
    .authenticationFlow("string")
    .sessionValidNotOnOrAfter("string")
    .signAssertion(false)
    .signResponse(false)
    .signatureAlgorithm("string")
    .signingKp("string")
    .spBinding("string")
    .urlSloPost("string")
    .urlSloRedirect("string")
    .urlSsoInit("string")
    .urlSsoPost("string")
    .urlSsoRedirect("string")
    .verificationKp("string")
    .build());
Copy
provider_saml_resource = authentik.ProviderSaml("providerSamlResource",
    authorization_flow="string",
    acs_url="string",
    invalidation_flow="string",
    name_id_mapping="string",
    provider_saml_id="string",
    audience="string",
    default_relay_state="string",
    digest_algorithm="string",
    encryption_kp="string",
    assertion_valid_not_on_or_after="string",
    issuer="string",
    name="string",
    assertion_valid_not_before="string",
    property_mappings=["string"],
    authentication_flow="string",
    session_valid_not_on_or_after="string",
    sign_assertion=False,
    sign_response=False,
    signature_algorithm="string",
    signing_kp="string",
    sp_binding="string",
    url_slo_post="string",
    url_slo_redirect="string",
    url_sso_init="string",
    url_sso_post="string",
    url_sso_redirect="string",
    verification_kp="string")
Copy
const providerSamlResource = new authentik.ProviderSaml("providerSamlResource", {
    authorizationFlow: "string",
    acsUrl: "string",
    invalidationFlow: "string",
    nameIdMapping: "string",
    providerSamlId: "string",
    audience: "string",
    defaultRelayState: "string",
    digestAlgorithm: "string",
    encryptionKp: "string",
    assertionValidNotOnOrAfter: "string",
    issuer: "string",
    name: "string",
    assertionValidNotBefore: "string",
    propertyMappings: ["string"],
    authenticationFlow: "string",
    sessionValidNotOnOrAfter: "string",
    signAssertion: false,
    signResponse: false,
    signatureAlgorithm: "string",
    signingKp: "string",
    spBinding: "string",
    urlSloPost: "string",
    urlSloRedirect: "string",
    urlSsoInit: "string",
    urlSsoPost: "string",
    urlSsoRedirect: "string",
    verificationKp: "string",
});
Copy
type: authentik:ProviderSaml
properties:
    acsUrl: string
    assertionValidNotBefore: string
    assertionValidNotOnOrAfter: string
    audience: string
    authenticationFlow: string
    authorizationFlow: string
    defaultRelayState: string
    digestAlgorithm: string
    encryptionKp: string
    invalidationFlow: string
    issuer: string
    name: string
    nameIdMapping: string
    propertyMappings:
        - string
    providerSamlId: string
    sessionValidNotOnOrAfter: string
    signAssertion: false
    signResponse: false
    signatureAlgorithm: string
    signingKp: string
    spBinding: string
    urlSloPost: string
    urlSloRedirect: string
    urlSsoInit: string
    urlSsoPost: string
    urlSsoRedirect: string
    verificationKp: string
Copy

ProviderSaml Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ProviderSaml resource accepts the following input properties:

AcsUrl This property is required. string
AuthorizationFlow This property is required. string
InvalidationFlow This property is required. string
AssertionValidNotBefore string
Defaults to minutes=-5.
AssertionValidNotOnOrAfter string
Defaults to minutes=5.
Audience string
Defaults to ``.
AuthenticationFlow string
DefaultRelayState string
Defaults to ``.
DigestAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
EncryptionKp string
Issuer string
Defaults to authentik.
Name string
NameIdMapping string
PropertyMappings List<string>
ProviderSamlId string
SessionValidNotOnOrAfter string
Defaults to minutes=86400.
SignAssertion bool
Defaults to true.
SignResponse bool
Defaults to false.
SignatureAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SpBinding string
Allowed values: - redirect - post Defaults to redirect.
UrlSloPost string
Generated.
UrlSloRedirect string
Generated.
UrlSsoInit string
Generated.
UrlSsoPost string
Generated.
UrlSsoRedirect string
Generated.
VerificationKp string
AcsUrl This property is required. string
AuthorizationFlow This property is required. string
InvalidationFlow This property is required. string
AssertionValidNotBefore string
Defaults to minutes=-5.
AssertionValidNotOnOrAfter string
Defaults to minutes=5.
Audience string
Defaults to ``.
AuthenticationFlow string
DefaultRelayState string
Defaults to ``.
DigestAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
EncryptionKp string
Issuer string
Defaults to authentik.
Name string
NameIdMapping string
PropertyMappings []string
ProviderSamlId string
SessionValidNotOnOrAfter string
Defaults to minutes=86400.
SignAssertion bool
Defaults to true.
SignResponse bool
Defaults to false.
SignatureAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SpBinding string
Allowed values: - redirect - post Defaults to redirect.
UrlSloPost string
Generated.
UrlSloRedirect string
Generated.
UrlSsoInit string
Generated.
UrlSsoPost string
Generated.
UrlSsoRedirect string
Generated.
VerificationKp string
acsUrl This property is required. String
authorizationFlow This property is required. String
invalidationFlow This property is required. String
assertionValidNotBefore String
Defaults to minutes=-5.
assertionValidNotOnOrAfter String
Defaults to minutes=5.
audience String
Defaults to ``.
authenticationFlow String
defaultRelayState String
Defaults to ``.
digestAlgorithm String
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp String
issuer String
Defaults to authentik.
name String
nameIdMapping String
propertyMappings List<String>
providerSamlId String
sessionValidNotOnOrAfter String
Defaults to minutes=86400.
signAssertion Boolean
Defaults to true.
signResponse Boolean
Defaults to false.
signatureAlgorithm String
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
spBinding String
Allowed values: - redirect - post Defaults to redirect.
urlSloPost String
Generated.
urlSloRedirect String
Generated.
urlSsoInit String
Generated.
urlSsoPost String
Generated.
urlSsoRedirect String
Generated.
verificationKp String
acsUrl This property is required. string
authorizationFlow This property is required. string
invalidationFlow This property is required. string
assertionValidNotBefore string
Defaults to minutes=-5.
assertionValidNotOnOrAfter string
Defaults to minutes=5.
audience string
Defaults to ``.
authenticationFlow string
defaultRelayState string
Defaults to ``.
digestAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp string
issuer string
Defaults to authentik.
name string
nameIdMapping string
propertyMappings string[]
providerSamlId string
sessionValidNotOnOrAfter string
Defaults to minutes=86400.
signAssertion boolean
Defaults to true.
signResponse boolean
Defaults to false.
signatureAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp string
spBinding string
Allowed values: - redirect - post Defaults to redirect.
urlSloPost string
Generated.
urlSloRedirect string
Generated.
urlSsoInit string
Generated.
urlSsoPost string
Generated.
urlSsoRedirect string
Generated.
verificationKp string
acs_url This property is required. str
authorization_flow This property is required. str
invalidation_flow This property is required. str
assertion_valid_not_before str
Defaults to minutes=-5.
assertion_valid_not_on_or_after str
Defaults to minutes=5.
audience str
Defaults to ``.
authentication_flow str
default_relay_state str
Defaults to ``.
digest_algorithm str
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryption_kp str
issuer str
Defaults to authentik.
name str
name_id_mapping str
property_mappings Sequence[str]
provider_saml_id str
session_valid_not_on_or_after str
Defaults to minutes=86400.
sign_assertion bool
Defaults to true.
sign_response bool
Defaults to false.
signature_algorithm str
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signing_kp str
sp_binding str
Allowed values: - redirect - post Defaults to redirect.
url_slo_post str
Generated.
url_slo_redirect str
Generated.
url_sso_init str
Generated.
url_sso_post str
Generated.
url_sso_redirect str
Generated.
verification_kp str
acsUrl This property is required. String
authorizationFlow This property is required. String
invalidationFlow This property is required. String
assertionValidNotBefore String
Defaults to minutes=-5.
assertionValidNotOnOrAfter String
Defaults to minutes=5.
audience String
Defaults to ``.
authenticationFlow String
defaultRelayState String
Defaults to ``.
digestAlgorithm String
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp String
issuer String
Defaults to authentik.
name String
nameIdMapping String
propertyMappings List<String>
providerSamlId String
sessionValidNotOnOrAfter String
Defaults to minutes=86400.
signAssertion Boolean
Defaults to true.
signResponse Boolean
Defaults to false.
signatureAlgorithm String
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
spBinding String
Allowed values: - redirect - post Defaults to redirect.
urlSloPost String
Generated.
urlSloRedirect String
Generated.
urlSsoInit String
Generated.
urlSsoPost String
Generated.
urlSsoRedirect String
Generated.
verificationKp String

Outputs

All input properties are implicitly available as output properties. Additionally, the ProviderSaml resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing ProviderSaml Resource

Get an existing ProviderSaml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ProviderSamlState, opts?: CustomResourceOptions): ProviderSaml
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acs_url: Optional[str] = None,
        assertion_valid_not_before: Optional[str] = None,
        assertion_valid_not_on_or_after: Optional[str] = None,
        audience: Optional[str] = None,
        authentication_flow: Optional[str] = None,
        authorization_flow: Optional[str] = None,
        default_relay_state: Optional[str] = None,
        digest_algorithm: Optional[str] = None,
        encryption_kp: Optional[str] = None,
        invalidation_flow: Optional[str] = None,
        issuer: Optional[str] = None,
        name: Optional[str] = None,
        name_id_mapping: Optional[str] = None,
        property_mappings: Optional[Sequence[str]] = None,
        provider_saml_id: Optional[str] = None,
        session_valid_not_on_or_after: Optional[str] = None,
        sign_assertion: Optional[bool] = None,
        sign_response: Optional[bool] = None,
        signature_algorithm: Optional[str] = None,
        signing_kp: Optional[str] = None,
        sp_binding: Optional[str] = None,
        url_slo_post: Optional[str] = None,
        url_slo_redirect: Optional[str] = None,
        url_sso_init: Optional[str] = None,
        url_sso_post: Optional[str] = None,
        url_sso_redirect: Optional[str] = None,
        verification_kp: Optional[str] = None) -> ProviderSaml
func GetProviderSaml(ctx *Context, name string, id IDInput, state *ProviderSamlState, opts ...ResourceOption) (*ProviderSaml, error)
public static ProviderSaml Get(string name, Input<string> id, ProviderSamlState? state, CustomResourceOptions? opts = null)
public static ProviderSaml get(String name, Output<String> id, ProviderSamlState state, CustomResourceOptions options)
resources:  _:    type: authentik:ProviderSaml    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AcsUrl string
AssertionValidNotBefore string
Defaults to minutes=-5.
AssertionValidNotOnOrAfter string
Defaults to minutes=5.
Audience string
Defaults to ``.
AuthenticationFlow string
AuthorizationFlow string
DefaultRelayState string
Defaults to ``.
DigestAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
EncryptionKp string
InvalidationFlow string
Issuer string
Defaults to authentik.
Name string
NameIdMapping string
PropertyMappings List<string>
ProviderSamlId string
SessionValidNotOnOrAfter string
Defaults to minutes=86400.
SignAssertion bool
Defaults to true.
SignResponse bool
Defaults to false.
SignatureAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SpBinding string
Allowed values: - redirect - post Defaults to redirect.
UrlSloPost string
Generated.
UrlSloRedirect string
Generated.
UrlSsoInit string
Generated.
UrlSsoPost string
Generated.
UrlSsoRedirect string
Generated.
VerificationKp string
AcsUrl string
AssertionValidNotBefore string
Defaults to minutes=-5.
AssertionValidNotOnOrAfter string
Defaults to minutes=5.
Audience string
Defaults to ``.
AuthenticationFlow string
AuthorizationFlow string
DefaultRelayState string
Defaults to ``.
DigestAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
EncryptionKp string
InvalidationFlow string
Issuer string
Defaults to authentik.
Name string
NameIdMapping string
PropertyMappings []string
ProviderSamlId string
SessionValidNotOnOrAfter string
Defaults to minutes=86400.
SignAssertion bool
Defaults to true.
SignResponse bool
Defaults to false.
SignatureAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SpBinding string
Allowed values: - redirect - post Defaults to redirect.
UrlSloPost string
Generated.
UrlSloRedirect string
Generated.
UrlSsoInit string
Generated.
UrlSsoPost string
Generated.
UrlSsoRedirect string
Generated.
VerificationKp string
acsUrl String
assertionValidNotBefore String
Defaults to minutes=-5.
assertionValidNotOnOrAfter String
Defaults to minutes=5.
audience String
Defaults to ``.
authenticationFlow String
authorizationFlow String
defaultRelayState String
Defaults to ``.
digestAlgorithm String
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp String
invalidationFlow String
issuer String
Defaults to authentik.
name String
nameIdMapping String
propertyMappings List<String>
providerSamlId String
sessionValidNotOnOrAfter String
Defaults to minutes=86400.
signAssertion Boolean
Defaults to true.
signResponse Boolean
Defaults to false.
signatureAlgorithm String
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
spBinding String
Allowed values: - redirect - post Defaults to redirect.
urlSloPost String
Generated.
urlSloRedirect String
Generated.
urlSsoInit String
Generated.
urlSsoPost String
Generated.
urlSsoRedirect String
Generated.
verificationKp String
acsUrl string
assertionValidNotBefore string
Defaults to minutes=-5.
assertionValidNotOnOrAfter string
Defaults to minutes=5.
audience string
Defaults to ``.
authenticationFlow string
authorizationFlow string
defaultRelayState string
Defaults to ``.
digestAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp string
invalidationFlow string
issuer string
Defaults to authentik.
name string
nameIdMapping string
propertyMappings string[]
providerSamlId string
sessionValidNotOnOrAfter string
Defaults to minutes=86400.
signAssertion boolean
Defaults to true.
signResponse boolean
Defaults to false.
signatureAlgorithm string
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp string
spBinding string
Allowed values: - redirect - post Defaults to redirect.
urlSloPost string
Generated.
urlSloRedirect string
Generated.
urlSsoInit string
Generated.
urlSsoPost string
Generated.
urlSsoRedirect string
Generated.
verificationKp string
acs_url str
assertion_valid_not_before str
Defaults to minutes=-5.
assertion_valid_not_on_or_after str
Defaults to minutes=5.
audience str
Defaults to ``.
authentication_flow str
authorization_flow str
default_relay_state str
Defaults to ``.
digest_algorithm str
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryption_kp str
invalidation_flow str
issuer str
Defaults to authentik.
name str
name_id_mapping str
property_mappings Sequence[str]
provider_saml_id str
session_valid_not_on_or_after str
Defaults to minutes=86400.
sign_assertion bool
Defaults to true.
sign_response bool
Defaults to false.
signature_algorithm str
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signing_kp str
sp_binding str
Allowed values: - redirect - post Defaults to redirect.
url_slo_post str
Generated.
url_slo_redirect str
Generated.
url_sso_init str
Generated.
url_sso_post str
Generated.
url_sso_redirect str
Generated.
verification_kp str
acsUrl String
assertionValidNotBefore String
Defaults to minutes=-5.
assertionValidNotOnOrAfter String
Defaults to minutes=5.
audience String
Defaults to ``.
authenticationFlow String
authorizationFlow String
defaultRelayState String
Defaults to ``.
digestAlgorithm String
Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
encryptionKp String
invalidationFlow String
issuer String
Defaults to authentik.
name String
nameIdMapping String
propertyMappings List<String>
providerSamlId String
sessionValidNotOnOrAfter String
Defaults to minutes=86400.
signAssertion Boolean
Defaults to true.
signResponse Boolean
Defaults to false.
signatureAlgorithm String
Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
spBinding String
Allowed values: - redirect - post Defaults to redirect.
urlSloPost String
Generated.
urlSloRedirect String
Generated.
urlSsoInit String
Generated.
urlSsoPost String
Generated.
urlSsoRedirect String
Generated.
verificationKp String

Package Details

Repository
authentik goauthentik/terraform-provider-authentik
License
Notes
This Pulumi package is based on the authentik Terraform Provider.
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
goauthentik/terraform-provider-authentik