Inbound SAML configuration for a Identity Toolkit project.
You must enable the Google Identity Platform in the marketplace prior to using this resource.
resource "google_identity_platform_inbound_saml_config" "saml_config" {
name = "saml.tf-config"
display_name = "Display Name"
idp_config {
idp_entity_id = "tf-idp"
sign_request = true
sso_url = "https://example.com"
idp_certificates {
x509_certificate = file("test-fixtures/rsa_cert.pem")
}
}
sp_config {
sp_entity_id = "tf-sp"
callback_uri = "https://example.com"
}
}
The following arguments are supported:
name
-
(Required)
The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,
hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an
alphanumeric character, and have at least 2 characters.
display_name
-
(Required)
Human friendly display name.
idp_config
-
(Required)
SAML IdP configuration when the project acts as the relying party
Structure is documented below.
sp_config
-
(Required)
SAML SP (Service Provider) configuration when the project acts as the relying party to receive
and accept an authentication assertion issued by a SAML identity provider.
Structure is documented below.
The idp_config
block supports:
idp_entity_id
-
(Required)
Unique identifier for all SAML entities
sso_url
-
(Required)
URL to send Authentication request to.
sign_request
-
(Optional)
Indicates if outbounding SAMLRequest should be signed.
idp_certificates
-
(Required)
The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP.
Structure is documented below.
The idp_certificates
block supports:
x509_certificate
-
(Optional)
The IdP's x509 certificate.sp_entity_id
-
(Optional)
Unique identifier for all SAML entities.
callback_uri
-
(Optional)
Callback URI where responses from IDP are handled. Must start with https://
.
sp_certificates
-
(Output)
The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.
Structure is documented below.
The sp_certificates
block contains:
x509_certificate
-
(Output)
The x509 certificateenabled
-
(Optional)
If this config allows users to sign in with the provider.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/inboundSamlConfigs/{{name}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.InboundSamlConfig can be imported using any of these accepted formats:
projects/{{project}}/inboundSamlConfigs/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import InboundSamlConfig using one of the formats above. For example:
import {
id = "projects/{{project}}/inboundSamlConfigs/{{name}}"
to = google_identity_platform_inbound_saml_config.default
}
When using the terraform import
command, InboundSamlConfig can be imported using one of the formats above. For example:
$ terraform import google_identity_platform_inbound_saml_config.default projects/{{project}}/inboundSamlConfigs/{{name}}
$ terraform import google_identity_platform_inbound_saml_config.default {{project}}/{{name}}
$ terraform import google_identity_platform_inbound_saml_config.default {{name}}
This resource supports User Project Overrides.