Simplifying Zero Trust Security for AWS with Teleport
Jan 23
Virtual
Register Now
Teleport logoTry For Free
Fork me on GitHub

Teleport

Reference for the teleport_saml_connector Terraform data-source

Schema

Required

  • spec (Attributes) Spec is an SAML connector specification. (see below for nested schema)
  • version (String) Version is the resource version. It must be specified. Supported values are: v2.

Optional

  • metadata (Attributes) Metadata holds resource metadata. (see below for nested schema)
  • sub_kind (String) SubKind is an optional resource sub kind, used in some resources.

Nested Schema for spec

Required:

  • acs (String) AssertionConsumerService is a URL for assertion consumer service on the service provider (Teleport's side).
  • attributes_to_roles (Attributes List) AttributesToRoles is a list of mappings of attribute statements to roles. (see below for nested schema)

Optional:

  • allow_idp_initiated (Boolean) AllowIDPInitiated is a flag that indicates if the connector can be used for IdP-initiated logins.
  • assertion_key_pair (Attributes) EncryptionKeyPair is a key pair used for decrypting SAML assertions. (see below for nested schema)
  • audience (String) Audience uniquely identifies our service provider.
  • cert (String, Sensitive) Cert is the identity provider certificate PEM. IDP signs <Response> responses using this certificate.
  • client_redirect_settings (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see below for nested schema)
  • display (String) Display controls how this connector is displayed.
  • entity_descriptor (String, Sensitive) EntityDescriptor is XML with descriptor. It can be used to supply configuration parameters in one XML file rather than supplying them in the individual elements.
  • entity_descriptor_url (String) EntityDescriptorURL is a URL that supplies a configuration XML.
  • issuer (String) Issuer is the identity provider issuer.
  • provider (String) Provider is the external identity provider.
  • service_provider_issuer (String) ServiceProviderIssuer is the issuer of the service provider (Teleport).
  • signing_key_pair (Attributes) SigningKeyPair is an x509 key pair used to sign AuthnRequest. (see below for nested schema)
  • single_logout_url (String) SingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out). If this is not provided, SLO is disabled.
  • sso (String) SSO is the URL of the identity provider's SSO service.

Nested Schema for spec.attributes_to_roles

Optional:

  • name (String) Name is an attribute statement name.
  • roles (List of String) Roles is a list of static teleport roles to map to.
  • value (String) Value is an attribute statement value to match.

Nested Schema for spec.assertion_key_pair

Optional:

  • cert (String) Cert is a PEM-encoded x509 certificate.
  • private_key (String, Sensitive) PrivateKey is a PEM encoded x509 private key.

Nested Schema for spec.client_redirect_settings

Optional:

  • allowed_https_hostnames (List of String) a list of hostnames allowed for https client redirect URLs
  • insecure_allowed_cidr_ranges (List of String) a list of CIDRs allowed for HTTP or HTTPS client redirect URLs

Nested Schema for spec.signing_key_pair

Optional:

  • cert (String) Cert is a PEM-encoded x509 certificate.
  • private_key (String, Sensitive) PrivateKey is a PEM encoded x509 private key.

Nested Schema for metadata

Required:

  • name (String) Name is an object name

Optional:

  • description (String) Description is object description
  • expires (String) Expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) Labels is a set of labels