This data source provides the list of Identity Propagation Trusts in Oracle Cloud Infrastructure Identity Domains service.
List the Identity Propagation Trust configurations.
data "oci_identity_domains_identity_propagation_trusts" "test_identity_propagation_trusts" {
#Required
idcs_endpoint = data.oci_identity_domain.test_domain.url
#Optional
identity_propagation_trust_count = var.identity_propagation_trust_identity_propagation_trust_count
identity_propagation_trust_filter = var.identity_propagation_trust_identity_propagation_trust_filter
attribute_sets = ["all"]
attributes = ""
authorization = var.identity_propagation_trust_authorization
resource_type_schema_version = var.identity_propagation_trust_resource_type_schema_version
start_index = var.identity_propagation_trust_start_index
}
The following arguments are supported:
identity_propagation_trust_count
- (Optional) OPTIONAL. An integer that indicates the desired maximum number of query results per page. 1000 is the largest value that you can use. See the Pagination section of the System for Cross-Domain Identity Management Protocol specification for more information. (Section 3.4.2.4).identity_propagation_trust_filter
- (Optional) OPTIONAL. The filter string that is used to request a subset of resources. The filter string MUST be a valid filter expression. See the Filtering section of the SCIM specification for more information (Section 3.4.2.2). The string should contain at least one condition that each item must match in order to be returned in the search results. Each condition specifies an attribute, an operator, and a value. Conditions within a filter can be connected by logical operators (such as AND and OR). Sets of conditions can be grouped together using parentheses.attribute_sets
- (Optional) A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.attributes
- (Optional) A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.authorization
- (Optional) The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.idcs_endpoint
- (Required) The basic endpoint for the identity domainresource_type_schema_version
- (Optional) An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.start_index
- (Optional) OPTIONAL. An integer that indicates the 1-based index of the first query result. See the Pagination section of the SCIM specification for more information. (Section 3.4.2.4). The number of results pages to return. The first page is 1. Specify 2 to access the second page of results, and so on.The following attributes are exported:
identity_propagation_trusts
- The list of identity_propagation_trusts.The following attributes are exported:
account_id
- The Identity cloud provider service identifier, for example, the Azure Tenancy ID, AWS Account ID, or GCP Project ID.
SCIM++ Properties:
active
- If true, specifies that this Identity Propagation Trust is in an enabled state. The default value is false.
SCIM++ Properties:
allow_impersonation
- Allow customers to define whether the resulting token should contain the authenticated user as the subject or whether the token should impersonate another Application Principal in IAM.
SCIM++ Properties:
client_claim_name
- The claim name that identifies to whom the JWT/SAML token is issued. If AWS, then \"aud\" or \"client_id\". If Azure, then \"appid\". If GCP, then \"aud\".
SCIM++ Properties:
client_claim_values
- The value that corresponds to the client claim name used to identify to whom the token is issued.
SCIM++ Properties:
clock_skew_seconds
- The clock skew (in secs) that's allowed for the token issue and expiry time.
Added In: 2308181911
SCIM++ Properties:
compartment_ocid
- Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
SCIM++ Properties:
delete_in_progress
- A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
SCIM++ Properties:
description
- The description of the Identity Propagation Trust.
SCIM++ Properties:
domain_ocid
- Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
SCIM++ Properties:
id
- Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
SCIM++ Properties:
idcs_created_by
- The User or App who created the Resource
SCIM++ Properties:
_ref
- The URI of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
display
- The displayName of the User or App who created this Resource
SCIM++ Properties:
ocid
- The OCID of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
type
- The type of resource, User or App, that created this Resource
SCIM++ Properties:
value
- The ID of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
idcs_last_modified_by
- The User or App who modified the Resource
SCIM++ Properties:
_ref
- The URI of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
display
- The displayName of the User or App who modified this Resource
SCIM++ Properties:
ocid
- The OCID of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
type
- The type of resource, User or App, that modified this Resource
SCIM++ Properties:
value
- The ID of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
idcs_last_upgraded_in_release
- The release number when the resource was upgraded.
SCIM++ Properties:
idcs_prevented_operations
- Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
SCIM++ Properties:
impersonation_service_users
- The Impersonating Principal.
SCIM++ Properties:
_ref
- The URI that corresponds to the Service User.
SCIM++ Properties:
ocid
- The OCID of the Service User.
SCIM++ Properties:
rule
- The rule expression to be used for matching the inbound token for impersonation.
SCIM++ Properties:
value
- The ID of the Service User.
SCIM++ Properties:
issuer
- The issuer claim of the Identity provider.
SCIM++ Properties:
keytab
- The keytab stored in the tenancy's Vault. This is required if the identity propagation type is 'SPNEGO'.
SCIM++ Properties:
secret_ocid
- The OCID of the secret. The secret content corresponding to the OCID is expected to be in Base64 encoded content type.
SCIM++ Properties:
secret_version
- The version of the secret. When the version is not specified, then the latest secret version is used during runtime.
SCIM++ Properties:
meta
- A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
SCIM++ Properties:
created
- The DateTime the Resource was added to the Service Provider
SCIM++ Properties:
last_modified
- The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
SCIM++ Properties:
location
- The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
SCIM++ Properties:
resource_type
- Name of the resource type of the resource--for example, Users or Groups
SCIM++ Properties:
version
- The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
SCIM++ Properties:
name
- The name of the the Identity Propagation Trust.
SCIM++ Properties:
oauth_clients
- The value of all the authorized OAuth Clients.
SCIM++ Properties:
ocid
- Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
SCIM++ Properties:
public_certificate
- Store the public key if public key cert.
SCIM++ Properties:
public_key_endpoint
- The cloud provider's public key API of SAML and OIDC providers for signature validation.
SCIM++ Properties:
schemas
- REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
SCIM++ Properties:
subject_claim_name
- Used for locating the subject claim from the incoming token.
SCIM++ Properties:
subject_mapping_attribute
- Subject Mapping Attribute to which the value from subject claim name value would be used for identity lookup.
SCIM++ Properties:
subject_type
- The type of the resource against which lookup will be made in the identity domain in IAM for the incoming subject claim value.
SCIM++ Properties:
tags
- A list of tags on this resource.
SCIM++ Properties:
key
- Key or name of the tag.
SCIM++ Properties:
value
- Value of the tag.
SCIM++ Properties:
tenancy_ocid
- Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
SCIM++ Properties:
type
- The type of the inbound token from the Identity cloud provider.
SCIM++ Properties: