This data source provides details about a specific Identity Provider resource in Oracle Cloud Infrastructure Identity Domains service.
Get an Identity Provider
data "oci_identity_domains_identity_provider" "test_identity_provider" {
#Required
idcs_endpoint = data.oci_identity_domain.test_domain.url
identity_provider_id = oci_identity_identity_provider.test_identity_provider.id
#Optional
attribute_sets = []
attributes = ""
authorization = var.identity_provider_authorization
resource_type_schema_version = var.identity_provider_resource_type_schema_version
}
The following arguments are supported:
attribute_sets
- (Optional) A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.attributes
- (Optional) A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.authorization
- (Optional) The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.idcs_endpoint
- (Required) The basic endpoint for the identity domainidentity_provider_id
- (Required) ID of the resourceresource_type_schema_version
- (Optional) An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.The following attributes are exported:
assertion_attribute
- Assertion attribute name.
Deprecated Since: 20.1.3
SCIM++ Properties:
authn_request_binding
- HTTP binding to use for authentication requests.
SCIM++ Properties:
compartment_ocid
- Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
SCIM++ Properties:
correlation_policy
- Correlation policy
Added In: 20.1.3
SCIM++ Properties:
display
- Policy display name
Added In: 20.1.3
SCIM++ Properties:
ref
- Policy URI
Added In: 20.1.3
SCIM++ Properties:
type
- A label that indicates the type that this references.
Added In: 20.1.3
SCIM++ Properties:
value
- Policy identifier
Added In: 20.1.3
SCIM++ Properties:
delete_in_progress
- A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
SCIM++ Properties:
description
- Description
SCIM++ Properties:
domain_ocid
- Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
SCIM++ Properties:
enabled
- Set to true to indicate Partner enabled.
SCIM++ Properties:
encryption_certificate
- Encryption certificate
SCIM++ Properties:
external_id
- An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer's tenant.
SCIM++ Properties:
icon_url
- Identity Provider Icon URL.
SCIM++ Properties:
id
- Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
SCIM++ Properties:
idcs_created_by
- The User or App who created the Resource
SCIM++ Properties:
display
- The displayName of the User or App who created this Resource
SCIM++ Properties:
ocid
- The OCID of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
ref
- The URI of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
type
- The type of resource, User or App, that created this Resource
SCIM++ Properties:
value
- The ID of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
idcs_last_modified_by
- The User or App who modified the Resource
SCIM++ Properties:
display
- The displayName of the User or App who modified this Resource
SCIM++ Properties:
ocid
- The OCID of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
ref
- The URI of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
type
- The type of resource, User or App, that modified this Resource
SCIM++ Properties:
value
- The ID of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
idcs_last_upgraded_in_release
- The release number when the resource was upgraded.
SCIM++ Properties:
idcs_prevented_operations
- Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
SCIM++ Properties:
idp_sso_url
- Identity Provider SSO URL
SCIM++ Properties:
include_signing_cert_in_signature
- Set to true to include the signing certificate in the signature.
SCIM++ Properties:
jit_user_prov_assigned_groups
- Refers to every group of which a JIT-provisioned User should be a member. Just-in-Time user-provisioning applies this static list when jitUserProvGroupStaticListEnabled:true.
Added In: 20.1.3
SCIM++ Properties:
display
- A human readable name, primarily used for display purposes. READ-ONLY.
Added In: 20.1.3
SCIM++ Properties:
ref
- Group URI
Added In: 20.1.3
SCIM++ Properties:
value
- Group identifier
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_attribute_update_enabled
- Set to true to indicate JIT User Creation is enabled
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_attributes
- Assertion To User Mapping
Added In: 20.1.3
SCIM++ Properties:
ref
- Mapped Attribute URI
Added In: 20.1.3
SCIM++ Properties:
value
- Mapped Attribute identifier
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_create_user_enabled
- Set to true to indicate JIT User Creation is enabled
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_enabled
- Set to true to indicate JIT User Provisioning is enabled
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_group_assertion_attribute_enabled
- Set to true to indicate JIT User Provisioning Groups should be assigned based on assertion attribute
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_group_assignment_method
- The default value is 'Overwrite', which tells Just-In-Time user-provisioning to replace any current group-assignments for a User with those assigned by assertions and/or those assigned statically. Specify 'Merge' if you want Just-In-Time user-provisioning to combine its group-assignments with those the user already has.
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_group_mapping_mode
- Property to indicate the mode of group mapping
Added In: 2205120021
SCIM++ Properties:
jit_user_prov_group_mappings
- The list of mappings between the Identity Domain Group and the IDP group.
Added In: 2205120021
SCIM++ Properties:
idp_group
- IDP Group Name
Added In: 2205120021
SCIM++ Properties:
ref
- Group URI
Added In: 2205120021
SCIM++ Properties:
value
- Domain Group
Added In: 2205120021
SCIM++ Properties:
jit_user_prov_group_saml_attribute_name
- Name of the assertion attribute containing the users groups
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_group_static_list_enabled
- Set to true to indicate JIT User Provisioning Groups should be assigned from a static list
Added In: 20.1.3
SCIM++ Properties:
jit_user_prov_ignore_error_on_absent_groups
- Set to true to indicate ignoring absence of group while provisioning
Added In: 2111112015
SCIM++ Properties:
last_notification_sent_time
- Records the notification timestamp for the IdP whose signing certificate is about to expire
Added In: 2302092332
SCIM++ Properties:
logout_binding
- HTTP binding to use for logout.
SCIM++ Properties:
logout_enabled
- Set to true to enable logout.
SCIM++ Properties:
logout_request_url
- Logout request URL
SCIM++ Properties:
logout_response_url
- Logout response URL
SCIM++ Properties:
meta
- A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
SCIM++ Properties:
created
- The DateTime the Resource was added to the Service Provider
SCIM++ Properties:
last_modified
- The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
SCIM++ Properties:
location
- The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
SCIM++ Properties:
resource_type
- Name of the resource type of the resource--for example, Users or Groups
SCIM++ Properties:
version
- The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
SCIM++ Properties:
metadata
- Metadata
SCIM++ Properties:
name_id_format
- Default authentication request name ID format.
SCIM++ Properties:
ocid
- Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
SCIM++ Properties:
partner_name
- Unique name of the trusted Identity Provider.
SCIM++ Properties:
partner_provider_id
- Provider ID
SCIM++ Properties:
requested_authentication_context
- SAML SP authentication type.
Added In: 2102181953
SCIM++ Properties:
require_force_authn
- This SP requires requests SAML IdP to enforce re-authentication.
Added In: 2102181953
SCIM++ Properties:
requires_encrypted_assertion
- SAML SP must accept encrypted assertion only.
Added In: 2102181953
SCIM++ Properties:
saml_ho_krequired
- SAML SP HoK Enabled.
Added In: 2102181953
SCIM++ Properties:
schemas
- REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
SCIM++ Properties:
service_instance_identifier
- The serviceInstanceIdentifier of the App that hosts this IdP. This value will match the opcServiceInstanceGUID of any service-instance that the IdP represents.
Added In: 18.2.6
SCIM++ Properties:
shown_on_login_page
- Set to true to indicate whether to show IdP in login page or not.
SCIM++ Properties:
signature_hash_algorithm
- Signature hash algorithm.
SCIM++ Properties:
signing_certificate
- Signing certificate
SCIM++ Properties:
succinct_id
- Succinct ID
SCIM++ Properties:
tags
- A list of tags on this resource.
SCIM++ Properties:
key
- Key or name of the tag.
SCIM++ Properties:
value
- Value of the tag.
SCIM++ Properties:
tenancy_ocid
- Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
SCIM++ Properties:
tenant_provider_id
- The alternate Provider ID to be used as the Oracle Identity Cloud Service providerID (instead of the one in SamlSettings) when interacting with this IdP.
Added In: 19.2.1
SCIM++ Properties:
type
- Identity Provider Type
Added In: 20.1.3
SCIM++ Properties:
urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider
- Social Identity Provider Extension Schema
access_token_url
- Social IDP Access token URL
Added In: 20.1.3
SCIM++ Properties:
account_linking_enabled
- Whether account linking is enabled
Added In: 20.1.3
SCIM++ Properties:
admin_scope
- Admin scope to request
Added In: 20.1.3
SCIM++ Properties:
authz_url
- Social IDP Authorization URL
Added In: 20.1.3
SCIM++ Properties:
client_credential_in_payload
- Whether the client credential is contained in payload
Added In: 20.1.3
SCIM++ Properties:
clock_skew_in_seconds
- Social IDP allowed clock skew time
Added In: 20.1.3
SCIM++ Properties:
consumer_key
- Social IDP Client Application Client ID
Added In: 20.1.3
SCIM++ Properties:
consumer_secret
- Social IDP Client Application Client Secret
Added In: 20.1.3
SCIM++ Properties:
discovery_url
- Discovery URL
Added In: 20.1.3
SCIM++ Properties:
id_attribute
- Id attribute used for account linking
Added In: 20.1.3
SCIM++ Properties:
profile_url
- Social IDP User profile URL
Added In: 20.1.3
SCIM++ Properties:
redirect_url
- redirect URL for social idp
Added In: 20.1.3
SCIM++ Properties:
registration_enabled
- Whether registration is enabled
Added In: 20.1.3
SCIM++ Properties:
scope
- Scope to request
Added In: 20.1.3
SCIM++ Properties:
service_provider_name
- Service Provider Name
Added In: 20.1.3
SCIM++ Properties:
status
- Status
Added In: 20.1.3
SCIM++ Properties:
urnietfparamsscimschemasoracleidcsextensionx509identity_provider
- X509 Identity Provider Extension Schema
cert_match_attribute
- X509 Certificate Matching Attribute
Added In: 2010242156
SCIM++ Properties:
crl_check_on_ocsp_failure_enabled
- Fallback on CRL Validation if OCSP fails.
Added In: 2010242156
SCIM++ Properties:
crl_enabled
- Set to true to enable CRL Validation
Added In: 2010242156
SCIM++ Properties:
crl_location
- CRL Location URL
Added In: 2010242156
SCIM++ Properties:
crl_reload_duration
- Fetch the CRL contents every X minutes
Added In: 2010242156
SCIM++ Properties:
eku_validation_enabled
- Set to true to enable EKU Validation
Added In: 2304270343
SCIM++ Properties:
eku_values
- List of EKU which needs to be validated
Added In: 2304270343
SCIM++ Properties:
ocsp_allow_unknown_response_status
- Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration
Added In: 2010242156
SCIM++ Properties:
ocsp_enable_signed_response
- Describes if the OCSP response is signed
Added In: 2010242156
SCIM++ Properties:
ocsp_enabled
- Set to true to enable OCSP Validation
Added In: 2010242156
SCIM++ Properties:
ocsp_responder_url
- This property specifies OCSP Responder URL.
Added In: 2010242156
SCIM++ Properties:
ocsp_revalidate_time
- Revalidate OCSP status for user after X hours
Added In: 2010242156
SCIM++ Properties:
ocsp_server_name
- This property specifies the OCSP Server alias name
Added In: 2010242156
SCIM++ Properties:
ocsp_trust_cert_chain
- OCSP Trusted Certificate Chain
Added In: 2010242156
SCIM++ Properties:
other_cert_match_attribute
- Check for specific conditions of other certificate attributes
Added In: 2010242156
SCIM++ Properties:
signing_certificate_chain
- Certificate alias list to create a chain for the incoming client certificate
Added In: 2010242156
SCIM++ Properties:
user_match_attribute
- This property specifies the userstore attribute value that must match the incoming certificate attribute.
Added In: 2010242156
SCIM++ Properties:
user_mapping_method
- User mapping method.
Deprecated Since: 20.1.3
SCIM++ Properties:
user_mapping_store_attribute
- This property specifies the userstore attribute value that must match the incoming assertion attribute value or the incoming nameid attribute value in order to identify the user during SSO.
You can construct the userMappingStoreAttribute value by specifying attributes from the Oracle Identity Cloud Service Core Users schema. For examples of how to construct the userMappingStoreAttribute value, see the Example of a Request Body section of the Examples tab for the POST and PUT methods of the /IdentityProviders endpoint.
Deprecated Since: 20.1.3
SCIM++ Properties: