TeleportSAMLConnector
This guide is a comprehensive reference to the fields in the TeleportSAMLConnector
resource, which you can apply after installing the Teleport Kubernetes operator.
resources.teleport.dev/v2
apiVersion: resources.teleport.dev/v2
Field | Type | Description |
---|---|---|
apiVersion | string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
kind | string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
metadata | object | |
spec | object | SAMLConnector resource definition v2 from Teleport |
spec
Field | Type | Description |
---|---|---|
acs | string | AssertionConsumerService is a URL for assertion consumer service on the service provider (Teleport's side). |
allow_idp_initiated | boolean | AllowIDPInitiated is a flag that indicates if the connector can be used for IdP-initiated logins. |
assertion_key_pair | object | EncryptionKeyPair is a key pair used for decrypting SAML assertions. |
attributes_to_roles | []object | AttributesToRoles is a list of mappings of attribute statements to roles. |
audience | string | Audience uniquely identifies our service provider. |
cert | string | Cert is the identity provider certificate PEM. IDP signs <Response> responses using this certificate. |
client_redirect_settings | object | ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. |
display | string | Display controls how this connector is displayed. |
entity_descriptor | string | EntityDescriptor is XML with descriptor. It can be used to supply configuration parameters in one XML file rather than supplying them in the individual elements. |
entity_descriptor_url | string | EntityDescriptorURL is a URL that supplies a configuration XML. |
issuer | string | Issuer is the identity provider issuer. |
provider | string | Provider is the external identity provider. |
service_provider_issuer | string | ServiceProviderIssuer is the issuer of the service provider (Teleport). |
signing_key_pair | object | SigningKeyPair is an x509 key pair used to sign AuthnRequest. |
single_logout_url | string | SingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out). If this is not provided, SLO is disabled. |
sso | string | SSO is the URL of the identity provider's SSO service. |
spec.assertion_key_pair
Field | Type | Description |
---|---|---|
cert | string | Cert is a PEM-encoded x509 certificate. |
private_key | string | PrivateKey is a PEM encoded x509 private key. |
spec.attributes_to_roles items
Field | Type | Description |
---|---|---|
name | string | Name is an attribute statement name. |
roles | []string | Roles is a list of static teleport roles to map to. |
value | string | Value is an attribute statement value to match. |
spec.client_redirect_settings
Field | Type | Description |
---|---|---|
allowed_https_hostnames | []string | a list of hostnames allowed for https client redirect URLs |
insecure_allowed_cidr_ranges | []string | a list of CIDRs allowed for HTTP or HTTPS client redirect URLs |
spec.signing_key_pair
Field | Type | Description |
---|---|---|
cert | string | Cert is a PEM-encoded x509 certificate. |
private_key | string | PrivateKey is a PEM encoded x509 private key. |