Auth
Manages a SAML Auth mount in a Vault server. See the [Vault
documentation](https://www.vaultproject.io/docs/auth/saml/) for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.saml.AuthBackend("test", {
path: "saml",
idpMetadataUrl: "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
entityId: "https://my.vault/v1/auth/saml",
acsUrls: ["https://my.vault.primary/v1/auth/saml/callback"],
defaultRole: "admin",
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
test = vault.saml.AuthBackend("test",
path="saml",
idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
entity_id="https://my.vault/v1/auth/saml",
acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
default_role="admin")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var test = new Vault.Saml.AuthBackend("test", new()
{
Path = "saml",
IdpMetadataUrl = "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
EntityId = "https://my.vault/v1/auth/saml",
AcsUrls = new[]
{
"https://my.vault.primary/v1/auth/saml/callback",
},
DefaultRole = "admin",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/saml"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := saml.NewAuthBackend(ctx, "test", &saml.AuthBackendArgs{
Path: pulumi.String("saml"),
IdpMetadataUrl: pulumi.String("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata"),
EntityId: pulumi.String("https://my.vault/v1/auth/saml"),
AcsUrls: pulumi.StringArray{
pulumi.String("https://my.vault.primary/v1/auth/saml/callback"),
},
DefaultRole: pulumi.String("admin"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.saml.AuthBackend;
import com.pulumi.vault.saml.AuthBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new AuthBackend("test", AuthBackendArgs.builder()
.path("saml")
.idpMetadataUrl("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata")
.entityId("https://my.vault/v1/auth/saml")
.acsUrls("https://my.vault.primary/v1/auth/saml/callback")
.defaultRole("admin")
.build());
}
}Content copied to clipboard
resources:
test:
type: vault:saml:AuthBackend
properties:
path: saml
idpMetadataUrl: https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata
entityId: https://my.vault/v1/auth/saml
acsUrls:
- https://my.vault.primary/v1/auth/saml/callback
defaultRole: adminContent copied to clipboard
Import
SAML authentication mounts can be imported using the path, e.g.
$ pulumi import vault:saml/authBackend:AuthBackend example samlContent copied to clipboard
Properties
Link copied to clipboard
The role to use if no role is provided during login.
Link copied to clipboard
If set to true, opts out of mount migration on path updates. See here for more info on Mount Migration
Link copied to clipboard
The entity ID of the identity provider. Mutually exclusive with idp_metadata_url.
Link copied to clipboard
The metadata URL of the identity provider.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
If set to true, logs additional, potentially sensitive information during the SAML exchange according to the current logging level. Not recommended for production.