Simplifying Zero Trust Security for AWS with Teleport
Jan 23
Virtual
Register Now
Teleport logoTry For Free
Fork me on GitHub

Teleport

TeleportSAMLConnector

This guide is a comprehensive reference to the fields in the TeleportSAMLConnector resource, which you can apply after installing the Teleport Kubernetes operator.

resources.teleport.dev/v2

apiVersion: resources.teleport.dev/v2

FieldTypeDescription
apiVersionstringAPIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kindstringKind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadataobject
specobjectSAMLConnector resource definition v2 from Teleport

spec

FieldTypeDescription
acsstringAssertionConsumerService is a URL for assertion consumer service on the service provider (Teleport's side).
allow_idp_initiatedbooleanAllowIDPInitiated is a flag that indicates if the connector can be used for IdP-initiated logins.
assertion_key_pairobjectEncryptionKeyPair is a key pair used for decrypting SAML assertions.
attributes_to_roles[]objectAttributesToRoles is a list of mappings of attribute statements to roles.
audiencestringAudience uniquely identifies our service provider.
certstringCert is the identity provider certificate PEM. IDP signs <Response> responses using this certificate.
client_redirect_settingsobjectClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones.
displaystringDisplay controls how this connector is displayed.
entity_descriptorstringEntityDescriptor is XML with descriptor. It can be used to supply configuration parameters in one XML file rather than supplying them in the individual elements.
entity_descriptor_urlstringEntityDescriptorURL is a URL that supplies a configuration XML.
issuerstringIssuer is the identity provider issuer.
providerstringProvider is the external identity provider.
service_provider_issuerstringServiceProviderIssuer is the issuer of the service provider (Teleport).
signing_key_pairobjectSigningKeyPair is an x509 key pair used to sign AuthnRequest.
single_logout_urlstringSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out). If this is not provided, SLO is disabled.
ssostringSSO is the URL of the identity provider's SSO service.

spec.assertion_key_pair

FieldTypeDescription
certstringCert is a PEM-encoded x509 certificate.
private_keystringPrivateKey is a PEM encoded x509 private key.

spec.attributes_to_roles items

FieldTypeDescription
namestringName is an attribute statement name.
roles[]stringRoles is a list of static teleport roles to map to.
valuestringValue is an attribute statement value to match.

spec.client_redirect_settings

FieldTypeDescription
allowed_https_hostnames[]stringa list of hostnames allowed for https client redirect URLs
insecure_allowed_cidr_ranges[]stringa list of CIDRs allowed for HTTP or HTTPS client redirect URLs

spec.signing_key_pair

FieldTypeDescription
certstringCert is a PEM-encoded x509 certificate.
private_keystringPrivateKey is a PEM encoded x509 private key.