oci_identity_domains_identity_provider

This resource provides the Identity Provider resource in Oracle Cloud Infrastructure Identity Domains service.

Create an Identity Provider

Example Usage

resource "oci_identity_domains_identity_provider" "test_identity_provider" {
    #Required
    enabled = false
    idcs_endpoint = data.oci_identity_domain.test_domain.url
    partner_name = var.identity_provider_partner_name
    schemas = ["urn:ietf:params:scim:schemas:oracle:idcs:IdentityProvider"]

    #Optional
    assertion_attribute = var.identity_provider_assertion_attribute
    attribute_sets = []
    attributes = ""
    authn_request_binding = var.identity_provider_authn_request_binding
    authorization = var.identity_provider_authorization
    correlation_policy {
        #Required
        type = var.identity_provider_correlation_policy_type
        value = var.identity_provider_correlation_policy_value

        #Optional
        display = var.identity_provider_correlation_policy_display
    }
    description = var.identity_provider_description
    encryption_certificate = var.identity_provider_encryption_certificate
    external_id = "externalId"
    icon_url = var.identity_provider_icon_url
    id = var.identity_provider_id
    idp_sso_url = var.identity_provider_idp_sso_url
    include_signing_cert_in_signature = var.identity_provider_include_signing_cert_in_signature
    jit_user_prov_assigned_groups {
        #Required
        value = var.identity_provider_jit_user_prov_assigned_groups_value
    }
    jit_user_prov_attribute_update_enabled = var.identity_provider_jit_user_prov_attribute_update_enabled
    jit_user_prov_attributes {
        #Required
        value = var.identity_provider_jit_user_prov_attributes_value
    }
    jit_user_prov_create_user_enabled = var.identity_provider_jit_user_prov_create_user_enabled
    jit_user_prov_enabled = var.identity_provider_jit_user_prov_enabled
    jit_user_prov_group_assertion_attribute_enabled = var.identity_provider_jit_user_prov_group_assertion_attribute_enabled
    jit_user_prov_group_assignment_method = var.identity_provider_jit_user_prov_group_assignment_method
    jit_user_prov_group_mapping_mode = var.identity_provider_jit_user_prov_group_mapping_mode
    jit_user_prov_group_mappings {
        #Required
        idp_group = var.identity_provider_jit_user_prov_group_mappings_idp_group
        value = var.identity_provider_jit_user_prov_group_mappings_value
    }
    jit_user_prov_group_saml_attribute_name = var.identity_provider_jit_user_prov_group_saml_attribute_name
    jit_user_prov_group_static_list_enabled = var.identity_provider_jit_user_prov_group_static_list_enabled
    jit_user_prov_ignore_error_on_absent_groups = var.identity_provider_jit_user_prov_ignore_error_on_absent_groups
    logout_binding = var.identity_provider_logout_binding
    logout_enabled = var.identity_provider_logout_enabled
    logout_request_url = var.identity_provider_logout_request_url
    logout_response_url = var.identity_provider_logout_response_url
    metadata = var.identity_provider_metadata
    name_id_format = var.identity_provider_name_id_format
    ocid = var.identity_provider_ocid
    partner_provider_id = var.identity_provider_partner_provider_id
    requested_authentication_context = var.identity_provider_requested_authentication_context
    require_force_authn = var.identity_provider_require_force_authn
    requires_encrypted_assertion = var.identity_provider_requires_encrypted_assertion
    resource_type_schema_version = var.identity_provider_resource_type_schema_version
    saml_ho_krequired = var.identity_provider_saml_ho_krequired
    service_instance_identifier = var.identity_provider_service_instance_identifier
    shown_on_login_page = var.identity_provider_shown_on_login_page
    signature_hash_algorithm = var.identity_provider_signature_hash_algorithm
    signing_certificate = var.identity_provider_signing_certificate
    succinct_id = "succinctId"
    tags {
        #Required
        key = var.identity_provider_tags_key
        value = var.identity_provider_tags_value
    }
    type = var.identity_provider_type
    urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider {
        #Required
        account_linking_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_account_linking_enabled
        consumer_key = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_consumer_key
        consumer_secret = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_consumer_secret
        registration_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_registration_enabled
        service_provider_name = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_service_provider_name

        #Optional
        access_token_url = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_access_token_url
        admin_scope = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_admin_scope
        authz_url = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_authz_url
        client_credential_in_payload = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_client_credential_in_payload
        clock_skew_in_seconds = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_clock_skew_in_seconds
        discovery_url = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_discovery_url
        id_attribute = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_id_attribute
        profile_url = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_profile_url
        redirect_url = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_redirect_url
        scope = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_scope
        status = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionsocial_identity_provider_status
    }
    urnietfparamsscimschemasoracleidcsextensionx509identity_provider {
        #Required
        cert_match_attribute = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_cert_match_attribute
        signing_certificate_chain = ["signingCertificateChain"]
        user_match_attribute = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_user_match_attribute

        #Optional
        crl_check_on_ocsp_failure_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_crl_check_on_ocsp_failure_enabled
        crl_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_crl_enabled
        crl_location = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_crl_location
        crl_reload_duration = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_crl_reload_duration
        eku_validation_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_eku_validation_enabled
        eku_values = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_eku_values
        ocsp_allow_unknown_response_status = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_allow_unknown_response_status
        ocsp_enable_signed_response = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_enable_signed_response
        ocsp_enabled = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_enabled
        ocsp_responder_url = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_responder_url
        ocsp_revalidate_time = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_revalidate_time
        ocsp_server_name = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_server_name
        ocsp_trust_cert_chain = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_ocsp_trust_cert_chain
        other_cert_match_attribute = var.identity_provider_urnietfparamsscimschemasoracleidcsextensionx509identity_provider_other_cert_match_attribute
    }
    user_mapping_method = var.identity_provider_user_mapping_method
    user_mapping_store_attribute = var.identity_provider_user_mapping_store_attribute
}

Argument Reference

The following arguments are supported:

* IMPORTANT * Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the Identity Provider * update - (Defaults to 20 minutes), when updating the Identity Provider * delete - (Defaults to 20 minutes), when destroying the Identity Provider

Import

IdentityProviders can be imported using the id, e.g.

$ terraform import oci_identity_domains_identity_provider.test_identity_provider "idcsEndpoint/{idcsEndpoint}/identityProviders/{identityProviderId}"