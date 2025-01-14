TeleportSAMLConnector
This guide is a comprehensive reference to the fields in the
TeleportSAMLConnector
resource, which you can apply after installing the Teleport Kubernetes operator.
resources.teleport.dev/v2
apiVersion: resources.teleport.dev/v2
|Field
|Type
|Description
|apiVersion
|string
|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|kind
|string
|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|metadata
|object
|spec
|object
|SAMLConnector resource definition v2 from Teleport
spec
|Field
|Type
|Description
|acs
|string
|AssertionConsumerService is a URL for assertion consumer service on the service provider (Teleport's side).
|allow_idp_initiated
|boolean
|AllowIDPInitiated is a flag that indicates if the connector can be used for IdP-initiated logins.
|assertion_key_pair
|object
|EncryptionKeyPair is a key pair used for decrypting SAML assertions.
|attributes_to_roles
|[]object
|AttributesToRoles is a list of mappings of attribute statements to roles.
|audience
|string
|Audience uniquely identifies our service provider.
|cert
|string
|Cert is the identity provider certificate PEM. IDP signs
<Response> responses using this certificate.
|client_redirect_settings
|object
|ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones.
|display
|string
|Display controls how this connector is displayed.
|entity_descriptor
|string
|EntityDescriptor is XML with descriptor. It can be used to supply configuration parameters in one XML file rather than supplying them in the individual elements.
|entity_descriptor_url
|string
|EntityDescriptorURL is a URL that supplies a configuration XML.
|issuer
|string
|Issuer is the identity provider issuer.
|provider
|string
|Provider is the external identity provider.
|service_provider_issuer
|string
|ServiceProviderIssuer is the issuer of the service provider (Teleport).
|signing_key_pair
|object
|SigningKeyPair is an x509 key pair used to sign AuthnRequest.
|single_logout_url
|string
|SingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out). If this is not provided, SLO is disabled.
|sso
|string
|SSO is the URL of the identity provider's SSO service.
spec.assertion_key_pair
|Field
|Type
|Description
|cert
|string
|Cert is a PEM-encoded x509 certificate.
|private_key
|string
|PrivateKey is a PEM encoded x509 private key.
spec.attributes_to_roles items
|Field
|Type
|Description
|name
|string
|Name is an attribute statement name.
|roles
|[]string
|Roles is a list of static teleport roles to map to.
|value
|string
|Value is an attribute statement value to match.
spec.client_redirect_settings
|Field
|Type
|Description
|allowed_https_hostnames
|[]string
|a list of hostnames allowed for https client redirect URLs
|insecure_allowed_cidr_ranges
|[]string
|a list of CIDRs allowed for HTTP or HTTPS client redirect URLs
spec.signing_key_pair
|Field
|Type
|Description
|cert
|string
|Cert is a PEM-encoded x509 certificate.
|private_key
|string
|PrivateKey is a PEM encoded x509 private key.