Docs Home
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortimanager.ObjectUserSaml
Explore with Pulumi AI
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
SAML server entry configuration.
The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
dynamic_mapping:fortimanager.ObjectUserSamlDynamicMapping
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";
const trname = new fortimanager.ObjectUserSaml("trname", {userName: "admin"});
import pulumi
import pulumi_fortimanager as fortimanager
trname = fortimanager.ObjectUserSaml("trname", user_name="admin")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fortimanager.NewObjectUserSaml(ctx, "trname", &fortimanager.ObjectUserSamlArgs{
UserName: pulumi.String("admin"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;
return await Deployment.RunAsync(() =>
{
var trname = new Fortimanager.ObjectUserSaml("trname", new()
{
UserName = "admin",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectUserSaml;
import com.pulumi.fortimanager.ObjectUserSamlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new ObjectUserSaml("trname", ObjectUserSamlArgs.builder()
.userName("admin")
.build());
}
}
resources:
trname:
type: fortimanager:ObjectUserSaml
properties:
userName: admin
Create ObjectUserSaml Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectUserSaml(name: string, args?: ObjectUserSamlArgs, opts?: CustomResourceOptions);@overload
def ObjectUserSaml(resource_name: str,
args: Optional[ObjectUserSamlArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectUserSaml(resource_name: str,
opts: Optional[ResourceOptions] = None,
adfs_claim: Optional[str] = None,
adom: Optional[str] = None,
auth_url: Optional[str] = None,
cert: Optional[str] = None,
clock_tolerance: Optional[float] = None,
digest_method: Optional[str] = None,
dynamic_mappings: Optional[Sequence[ObjectUserSamlDynamicMappingArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
entity_id: Optional[str] = None,
group_claim_type: Optional[str] = None,
group_name: Optional[str] = None,
idp_cert: Optional[str] = None,
idp_entity_id: Optional[str] = None,
idp_single_logout_url: Optional[str] = None,
idp_single_sign_on_url: Optional[str] = None,
limit_relaystate: Optional[str] = None,
name: Optional[str] = None,
object_user_saml_id: Optional[str] = None,
reauth: Optional[str] = None,
scim_clients: Optional[Sequence[str]] = None,
scopetype: Optional[str] = None,
single_logout_url: Optional[str] = None,
single_sign_on_url: Optional[str] = None,
user_claim_type: Optional[str] = None,
user_name: Optional[str] = None)func NewObjectUserSaml(ctx *Context, name string, args *ObjectUserSamlArgs, opts ...ResourceOption) (*ObjectUserSaml, error)public ObjectUserSaml(string name, ObjectUserSamlArgs? args = null, CustomResourceOptions? opts = null)public ObjectUserSaml(String name, ObjectUserSamlArgs args)
public ObjectUserSaml(String name, ObjectUserSamlArgs args, CustomResourceOptions options)
type: fortimanager:ObjectUserSaml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args ObjectUserSamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args ObjectUserSamlArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args ObjectUserSamlArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args ObjectUserSamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ObjectUserSamlArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectUserSamlResource = new Fortimanager.ObjectUserSaml("objectUserSamlResource", new()
{
AdfsClaim = "string",
Adom = "string",
AuthUrl = "string",
Cert = "string",
ClockTolerance = 0,
DigestMethod = "string",
DynamicMappings = new[]
{
new Fortimanager.Inputs.ObjectUserSamlDynamicMappingArgs
{
_scopes = new[]
{
new Fortimanager.Inputs.ObjectUserSamlDynamicMapping_ScopeArgs
{
Name = "string",
Vdom = "string",
},
},
AdfsClaim = "string",
AuthUrl = "string",
Cert = "string",
ClockTolerance = 0,
DigestMethod = "string",
EntityId = "string",
GroupClaimType = "string",
GroupName = "string",
IdpCert = "string",
IdpEntityId = "string",
IdpSingleLogoutUrl = "string",
IdpSingleSignOnUrl = "string",
LimitRelaystate = "string",
Reauth = "string",
ScimClients = new[]
{
"string",
},
SingleLogoutUrl = "string",
SingleSignOnUrl = "string",
UserClaimType = "string",
UserName = "string",
},
},
DynamicSortSubtable = "string",
EntityId = "string",
GroupClaimType = "string",
GroupName = "string",
IdpCert = "string",
IdpEntityId = "string",
IdpSingleLogoutUrl = "string",
IdpSingleSignOnUrl = "string",
LimitRelaystate = "string",
Name = "string",
ObjectUserSamlId = "string",
Reauth = "string",
ScimClients = new[]
{
"string",
},
Scopetype = "string",
SingleLogoutUrl = "string",
SingleSignOnUrl = "string",
UserClaimType = "string",
UserName = "string",
});
example, err := fortimanager.NewObjectUserSaml(ctx, "objectUserSamlResource", &fortimanager.ObjectUserSamlArgs{
AdfsClaim: pulumi.String("string"),
Adom: pulumi.String("string"),
AuthUrl: pulumi.String("string"),
Cert: pulumi.String("string"),
ClockTolerance: pulumi.Float64(0),
DigestMethod: pulumi.String("string"),
DynamicMappings: .ObjectUserSamlDynamicMappingTypeArray{
&.ObjectUserSamlDynamicMappingTypeArgs{
_scopes: .ObjectUserSamlDynamicMapping_ScopeArray{
&.ObjectUserSamlDynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AdfsClaim: pulumi.String("string"),
AuthUrl: pulumi.String("string"),
Cert: pulumi.String("string"),
ClockTolerance: pulumi.Float64(0),
DigestMethod: pulumi.String("string"),
EntityId: pulumi.String("string"),
GroupClaimType: pulumi.String("string"),
GroupName: pulumi.String("string"),
IdpCert: pulumi.String("string"),
IdpEntityId: pulumi.String("string"),
IdpSingleLogoutUrl: pulumi.String("string"),
IdpSingleSignOnUrl: pulumi.String("string"),
LimitRelaystate: pulumi.String("string"),
Reauth: pulumi.String("string"),
ScimClients: pulumi.StringArray{
pulumi.String("string"),
},
SingleLogoutUrl: pulumi.String("string"),
SingleSignOnUrl: pulumi.String("string"),
UserClaimType: pulumi.String("string"),
UserName: pulumi.String("string"),
},
},
DynamicSortSubtable: pulumi.String("string"),
EntityId: pulumi.String("string"),
GroupClaimType: pulumi.String("string"),
GroupName: pulumi.String("string"),
IdpCert: pulumi.String("string"),
IdpEntityId: pulumi.String("string"),
IdpSingleLogoutUrl: pulumi.String("string"),
IdpSingleSignOnUrl: pulumi.String("string"),
LimitRelaystate: pulumi.String("string"),
Name: pulumi.String("string"),
ObjectUserSamlId: pulumi.String("string"),
Reauth: pulumi.String("string"),
ScimClients: pulumi.StringArray{
pulumi.String("string"),
},
Scopetype: pulumi.String("string"),
SingleLogoutUrl: pulumi.String("string"),
SingleSignOnUrl: pulumi.String("string"),
UserClaimType: pulumi.String("string"),
UserName: pulumi.String("string"),
})
var objectUserSamlResource = new ObjectUserSaml("objectUserSamlResource", ObjectUserSamlArgs.builder()
.adfsClaim("string")
.adom("string")
.authUrl("string")
.cert("string")
.clockTolerance(0)
.digestMethod("string")
.dynamicMappings(ObjectUserSamlDynamicMappingArgs.builder()
._scopes(ObjectUserSamlDynamicMapping_ScopeArgs.builder()
.name("string")
.vdom("string")
.build())
.adfsClaim("string")
.authUrl("string")
.cert("string")
.clockTolerance(0)
.digestMethod("string")
.entityId("string")
.groupClaimType("string")
.groupName("string")
.idpCert("string")
.idpEntityId("string")
.idpSingleLogoutUrl("string")
.idpSingleSignOnUrl("string")
.limitRelaystate("string")
.reauth("string")
.scimClients("string")
.singleLogoutUrl("string")
.singleSignOnUrl("string")
.userClaimType("string")
.userName("string")
.build())
.dynamicSortSubtable("string")
.entityId("string")
.groupClaimType("string")
.groupName("string")
.idpCert("string")
.idpEntityId("string")
.idpSingleLogoutUrl("string")
.idpSingleSignOnUrl("string")
.limitRelaystate("string")
.name("string")
.objectUserSamlId("string")
.reauth("string")
.scimClients("string")
.scopetype("string")
.singleLogoutUrl("string")
.singleSignOnUrl("string")
.userClaimType("string")
.userName("string")
.build());
object_user_saml_resource = fortimanager.ObjectUserSaml("objectUserSamlResource",
adfs_claim="string",
adom="string",
auth_url="string",
cert="string",
clock_tolerance=0,
digest_method="string",
dynamic_mappings=[{
"_scopes": [{
"name": "string",
"vdom": "string",
}],
"adfs_claim": "string",
"auth_url": "string",
"cert": "string",
"clock_tolerance": 0,
"digest_method": "string",
"entity_id": "string",
"group_claim_type": "string",
"group_name": "string",
"idp_cert": "string",
"idp_entity_id": "string",
"idp_single_logout_url": "string",
"idp_single_sign_on_url": "string",
"limit_relaystate": "string",
"reauth": "string",
"scim_clients": ["string"],
"single_logout_url": "string",
"single_sign_on_url": "string",
"user_claim_type": "string",
"user_name": "string",
}],
dynamic_sort_subtable="string",
entity_id="string",
group_claim_type="string",
group_name="string",
idp_cert="string",
idp_entity_id="string",
idp_single_logout_url="string",
idp_single_sign_on_url="string",
limit_relaystate="string",
name="string",
object_user_saml_id="string",
reauth="string",
scim_clients=["string"],
scopetype="string",
single_logout_url="string",
single_sign_on_url="string",
user_claim_type="string",
user_name="string")
const objectUserSamlResource = new fortimanager.ObjectUserSaml("objectUserSamlResource", {
adfsClaim: "string",
adom: "string",
authUrl: "string",
cert: "string",
clockTolerance: 0,
digestMethod: "string",
dynamicMappings: [{
_scopes: [{
name: "string",
vdom: "string",
}],
adfsClaim: "string",
authUrl: "string",
cert: "string",
clockTolerance: 0,
digestMethod: "string",
entityId: "string",
groupClaimType: "string",
groupName: "string",
idpCert: "string",
idpEntityId: "string",
idpSingleLogoutUrl: "string",
idpSingleSignOnUrl: "string",
limitRelaystate: "string",
reauth: "string",
scimClients: ["string"],
singleLogoutUrl: "string",
singleSignOnUrl: "string",
userClaimType: "string",
userName: "string",
}],
dynamicSortSubtable: "string",
entityId: "string",
groupClaimType: "string",
groupName: "string",
idpCert: "string",
idpEntityId: "string",
idpSingleLogoutUrl: "string",
idpSingleSignOnUrl: "string",
limitRelaystate: "string",
name: "string",
objectUserSamlId: "string",
reauth: "string",
scimClients: ["string"],
scopetype: "string",
singleLogoutUrl: "string",
singleSignOnUrl: "string",
userClaimType: "string",
userName: "string",
});
type: fortimanager:ObjectUserSaml
properties:
adfsClaim: string
adom: string
authUrl: string
cert: string
clockTolerance: 0
digestMethod: string
dynamicMappings:
- _scopes:
- name: string
vdom: string
adfsClaim: string
authUrl: string
cert: string
clockTolerance: 0
digestMethod: string
entityId: string
groupClaimType: string
groupName: string
idpCert: string
idpEntityId: string
idpSingleLogoutUrl: string
idpSingleSignOnUrl: string
limitRelaystate: string
reauth: string
scimClients:
- string
singleLogoutUrl: string
singleSignOnUrl: string
userClaimType: string
userName: string
dynamicSortSubtable: string
entityId: string
groupClaimType: string
groupName: string
idpCert: string
idpEntityId: string
idpSingleLogoutUrl: string
idpSingleSignOnUrl: string
limitRelaystate: string
name: string
objectUserSamlId: string
reauth: string
scimClients:
- string
scopetype: string
singleLogoutUrl: string
singleSignOnUrl: string
userClaimType: string
userName: string
ObjectUserSaml Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectUserSaml resource accepts the following input properties:
- Adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Auth
Url string - URL to verify authentication.
- Cert string
- Certificate to sign SAML messages.
- Clock
Tolerance double - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- Digest
Method string - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - Dynamic
Mappings List<ObjectUser Saml Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Entity
Id string - SP entity ID.
- Group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - Group
Name string - Group name in assertion statement.
- Idp
Cert string - IDP Certificate name.
- Idp
Entity stringId - IDP entity ID.
- Idp
Single stringLogout Url - IDP single logout url.
- Idp
Single stringSign On Url - IDP single sign-on URL.
- Limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - Name string
- SAML server entry name.
- Object
User stringSaml Id - an identifier for the resource with format {{name}}.
- Reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - Scim
Clients List<string> - SCIM client name.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Single
Logout stringUrl - SP single logout URL.
- Single
Sign stringOn Url - SP single sign-on URL.
- User
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - User
Name string - User name in assertion statement.
- Adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Auth
Url string - URL to verify authentication.
- Cert string
- Certificate to sign SAML messages.
- Clock
Tolerance float64 - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- Digest
Method string - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - Dynamic
Mappings []ObjectUser Saml Dynamic Mapping Type Args - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Entity
Id string - SP entity ID.
- Group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - Group
Name string - Group name in assertion statement.
- Idp
Cert string - IDP Certificate name.
- Idp
Entity stringId - IDP entity ID.
- Idp
Single stringLogout Url - IDP single logout url.
- Idp
Single stringSign On Url - IDP single sign-on URL.
- Limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - Name string
- SAML server entry name.
- Object
User stringSaml Id - an identifier for the resource with format {{name}}.
- Reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - Scim
Clients []string - SCIM client name.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Single
Logout stringUrl - SP single logout URL.
- Single
Sign stringOn Url - SP single sign-on URL.
- User
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - User
Name string - User name in assertion statement.
- adfs
Claim String - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - auth
Url String - URL to verify authentication.
- cert String
- Certificate to sign SAML messages.
- clock
Tolerance Double - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method String - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - dynamic
Mappings List<ObjectUser Saml Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- entity
Id String - SP entity ID.
- group
Claim StringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name String - Group name in assertion statement.
- idp
Cert String - IDP Certificate name.
- idp
Entity StringId - IDP entity ID.
- idp
Single StringLogout Url - IDP single logout url.
- idp
Single StringSign On Url - IDP single sign-on URL.
- limit
Relaystate String - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - name String
- SAML server entry name.
- object
User StringSaml Id - an identifier for the resource with format {{name}}.
- reauth String
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients List<String> - SCIM client name.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - single
Logout StringUrl - SP single logout URL.
- single
Sign StringOn Url - SP single sign-on URL.
- user
Claim StringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name String - User name in assertion statement.
- adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - auth
Url string - URL to verify authentication.
- cert string
- Certificate to sign SAML messages.
- clock
Tolerance number - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method string - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - dynamic
Mappings ObjectUser Saml Dynamic Mapping[] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- entity
Id string - SP entity ID.
- group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name string - Group name in assertion statement.
- idp
Cert string - IDP Certificate name.
- idp
Entity stringId - IDP entity ID.
- idp
Single stringLogout Url - IDP single logout url.
- idp
Single stringSign On Url - IDP single sign-on URL.
- limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - name string
- SAML server entry name.
- object
User stringSaml Id - an identifier for the resource with format {{name}}.
- reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients string[] - SCIM client name.
- scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - single
Logout stringUrl - SP single logout URL.
- single
Sign stringOn Url - SP single sign-on URL.
- user
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name string - User name in assertion statement.
- adfs_
claim str - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - auth_
url str - URL to verify authentication.
- cert str
- Certificate to sign SAML messages.
- clock_
tolerance float - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest_
method str - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - dynamic_
mappings Sequence[ObjectUser Saml Dynamic Mapping Args] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- entity_
id str - SP entity ID.
- group_
claim_ strtype - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group_
name str - Group name in assertion statement.
- idp_
cert str - IDP Certificate name.
- idp_
entity_ strid - IDP entity ID.
- idp_
single_ strlogout_ url - IDP single logout url.
- idp_
single_ strsign_ on_ url - IDP single sign-on URL.
- limit_
relaystate str - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - name str
- SAML server entry name.
- object_
user_ strsaml_ id - an identifier for the resource with format {{name}}.
- reauth str
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim_
clients Sequence[str] - SCIM client name.
- scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - single_
logout_ strurl - SP single logout URL.
- single_
sign_ stron_ url - SP single sign-on URL.
- user_
claim_ strtype - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user_
name str - User name in assertion statement.
- adfs
Claim String - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - auth
Url String - URL to verify authentication.
- cert String
- Certificate to sign SAML messages.
- clock
Tolerance Number - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method String - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - dynamic
Mappings List<Property Map> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- entity
Id String - SP entity ID.
- group
Claim StringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name String - Group name in assertion statement.
- idp
Cert String - IDP Certificate name.
- idp
Entity StringId - IDP entity ID.
- idp
Single StringLogout Url - IDP single logout url.
- idp
Single StringSign On Url - IDP single sign-on URL.
- limit
Relaystate String - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - name String
- SAML server entry name.
- object
User StringSaml Id - an identifier for the resource with format {{name}}.
- reauth String
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients List<String> - SCIM client name.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - single
Logout StringUrl - SP single logout URL.
- single
Sign StringOn Url - SP single sign-on URL.
- user
Claim StringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name String - User name in assertion statement.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectUserSaml resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectUserSaml Resource
Get an existing ObjectUserSaml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectUserSamlState, opts?: CustomResourceOptions): ObjectUserSaml@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
adfs_claim: Optional[str] = None,
adom: Optional[str] = None,
auth_url: Optional[str] = None,
cert: Optional[str] = None,
clock_tolerance: Optional[float] = None,
digest_method: Optional[str] = None,
dynamic_mappings: Optional[Sequence[ObjectUserSamlDynamicMappingArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
entity_id: Optional[str] = None,
group_claim_type: Optional[str] = None,
group_name: Optional[str] = None,
idp_cert: Optional[str] = None,
idp_entity_id: Optional[str] = None,
idp_single_logout_url: Optional[str] = None,
idp_single_sign_on_url: Optional[str] = None,
limit_relaystate: Optional[str] = None,
name: Optional[str] = None,
object_user_saml_id: Optional[str] = None,
reauth: Optional[str] = None,
scim_clients: Optional[Sequence[str]] = None,
scopetype: Optional[str] = None,
single_logout_url: Optional[str] = None,
single_sign_on_url: Optional[str] = None,
user_claim_type: Optional[str] = None,
user_name: Optional[str] = None) -> ObjectUserSamlfunc GetObjectUserSaml(ctx *Context, name string, id IDInput, state *ObjectUserSamlState, opts ...ResourceOption) (*ObjectUserSaml, error)public static ObjectUserSaml Get(string name, Input<string> id, ObjectUserSamlState? state, CustomResourceOptions? opts = null)public static ObjectUserSaml get(String name, Output<String> id, ObjectUserSamlState state, CustomResourceOptions options)resources: _: type: fortimanager:ObjectUserSaml get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Auth
Url string - URL to verify authentication.
- Cert string
- Certificate to sign SAML messages.
- Clock
Tolerance double - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- Digest
Method string - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - Dynamic
Mappings List<ObjectUser Saml Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Entity
Id string - SP entity ID.
- Group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - Group
Name string - Group name in assertion statement.
- Idp
Cert string - IDP Certificate name.
- Idp
Entity stringId - IDP entity ID.
- Idp
Single stringLogout Url - IDP single logout url.
- Idp
Single stringSign On Url - IDP single sign-on URL.
- Limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - Name string
- SAML server entry name.
- Object
User stringSaml Id - an identifier for the resource with format {{name}}.
- Reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - Scim
Clients List<string> - SCIM client name.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Single
Logout stringUrl - SP single logout URL.
- Single
Sign stringOn Url - SP single sign-on URL.
- User
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - User
Name string - User name in assertion statement.
- Adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Auth
Url string - URL to verify authentication.
- Cert string
- Certificate to sign SAML messages.
- Clock
Tolerance float64 - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- Digest
Method string - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - Dynamic
Mappings []ObjectUser Saml Dynamic Mapping Type Args - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Entity
Id string - SP entity ID.
- Group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - Group
Name string - Group name in assertion statement.
- Idp
Cert string - IDP Certificate name.
- Idp
Entity stringId - IDP entity ID.
- Idp
Single stringLogout Url - IDP single logout url.
- Idp
Single stringSign On Url - IDP single sign-on URL.
- Limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - Name string
- SAML server entry name.
- Object
User stringSaml Id - an identifier for the resource with format {{name}}.
- Reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - Scim
Clients []string - SCIM client name.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Single
Logout stringUrl - SP single logout URL.
- Single
Sign stringOn Url - SP single sign-on URL.
- User
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - User
Name string - User name in assertion statement.
- adfs
Claim String - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - auth
Url String - URL to verify authentication.
- cert String
- Certificate to sign SAML messages.
- clock
Tolerance Double - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method String - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - dynamic
Mappings List<ObjectUser Saml Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- entity
Id String - SP entity ID.
- group
Claim StringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name String - Group name in assertion statement.
- idp
Cert String - IDP Certificate name.
- idp
Entity StringId - IDP entity ID.
- idp
Single StringLogout Url - IDP single logout url.
- idp
Single StringSign On Url - IDP single sign-on URL.
- limit
Relaystate String - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - name String
- SAML server entry name.
- object
User StringSaml Id - an identifier for the resource with format {{name}}.
- reauth String
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients List<String> - SCIM client name.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - single
Logout StringUrl - SP single logout URL.
- single
Sign StringOn Url - SP single sign-on URL.
- user
Claim StringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name String - User name in assertion statement.
- adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - auth
Url string - URL to verify authentication.
- cert string
- Certificate to sign SAML messages.
- clock
Tolerance number - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method string - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - dynamic
Mappings ObjectUser Saml Dynamic Mapping[] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- entity
Id string - SP entity ID.
- group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name string - Group name in assertion statement.
- idp
Cert string - IDP Certificate name.
- idp
Entity stringId - IDP entity ID.
- idp
Single stringLogout Url - IDP single logout url.
- idp
Single stringSign On Url - IDP single sign-on URL.
- limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - name string
- SAML server entry name.
- object
User stringSaml Id - an identifier for the resource with format {{name}}.
- reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients string[] - SCIM client name.
- scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - single
Logout stringUrl - SP single logout URL.
- single
Sign stringOn Url - SP single sign-on URL.
- user
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name string - User name in assertion statement.
- adfs_
claim str - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - auth_
url str - URL to verify authentication.
- cert str
- Certificate to sign SAML messages.
- clock_
tolerance float - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest_
method str - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - dynamic_
mappings Sequence[ObjectUser Saml Dynamic Mapping Args] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- entity_
id str - SP entity ID.
- group_
claim_ strtype - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group_
name str - Group name in assertion statement.
- idp_
cert str - IDP Certificate name.
- idp_
entity_ strid - IDP entity ID.
- idp_
single_ strlogout_ url - IDP single logout url.
- idp_
single_ strsign_ on_ url - IDP single sign-on URL.
- limit_
relaystate str - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - name str
- SAML server entry name.
- object_
user_ strsaml_ id - an identifier for the resource with format {{name}}.
- reauth str
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim_
clients Sequence[str] - SCIM client name.
- scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - single_
logout_ strurl - SP single logout URL.
- single_
sign_ stron_ url - SP single sign-on URL.
- user_
claim_ strtype - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user_
name str - User name in assertion statement.
- adfs
Claim String - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - auth
Url String - URL to verify authentication.
- cert String
- Certificate to sign SAML messages.
- clock
Tolerance Number - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method String - Digest Method Algorithm. (default = sha1). Valid values:
sha1,sha256. - dynamic
Mappings List<Property Map> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- entity
Id String - SP entity ID.
- group
Claim StringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name String - Group name in assertion statement.
- idp
Cert String - IDP Certificate name.
- idp
Entity StringId - IDP entity ID.
- idp
Single StringLogout Url - IDP single logout url.
- idp
Single StringSign On Url - IDP single sign-on URL.
- limit
Relaystate String - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - name String
- SAML server entry name.
- object
User StringSaml Id - an identifier for the resource with format {{name}}.
- reauth String
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients List<String> - SCIM client name.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - single
Logout StringUrl - SP single logout URL.
- single
Sign StringOn Url - SP single sign-on URL.
- user
Claim StringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name String - User name in assertion statement.
Supporting Types
ObjectUserSamlDynamicMapping, ObjectUserSamlDynamicMappingArgs
, ObjectUserSamlDynamicMappingArgs
- Adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - Auth
Url string - URL to verify authentication.
- Cert string
- Certificate to sign SAML messages.
- Clock
Tolerance double - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- Digest
Method string - Digest method algorithm (default = sha1). Valid values:
sha1,sha256. - Entity
Id string - SP entity ID.
- Group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - Group
Name string - Group name in assertion statement.
- Idp
Cert string - IDP Certificate name.
- Idp
Entity stringId - IDP entity ID.
- Idp
Single stringLogout Url - IDP single logout url.
- Idp
Single stringSign On Url - IDP single sign-on URL.
- Limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - Reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - Scim
Clients List<string> - SCIM client name.
- Single
Logout stringUrl - SP single logout URL.
- Single
Sign stringOn Url - SP single sign-on URL.
- User
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - User
Name string - User name in assertion statement.
- _
scopes List<ObjectUser Saml Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - Auth
Url string - URL to verify authentication.
- Cert string
- Certificate to sign SAML messages.
- Clock
Tolerance float64 - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- Digest
Method string - Digest method algorithm (default = sha1). Valid values:
sha1,sha256. - Entity
Id string - SP entity ID.
- Group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - Group
Name string - Group name in assertion statement.
- Idp
Cert string - IDP Certificate name.
- Idp
Entity stringId - IDP entity ID.
- Idp
Single stringLogout Url - IDP single logout url.
- Idp
Single stringSign On Url - IDP single sign-on URL.
- Limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - Reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - Scim
Clients []string - SCIM client name.
- Single
Logout stringUrl - SP single logout URL.
- Single
Sign stringOn Url - SP single sign-on URL.
- User
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - User
Name string - User name in assertion statement.
- _
scopes []ObjectUser Saml Dynamic Mapping_Scope - _Scope. The structure of
_scopeblock is documented below.
- _
scopes List<ObjectUser Saml Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - adfs
Claim String - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - auth
Url String - URL to verify authentication.
- cert String
- Certificate to sign SAML messages.
- clock
Tolerance Double - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method String - Digest method algorithm (default = sha1). Valid values:
sha1,sha256. - entity
Id String - SP entity ID.
- group
Claim StringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name String - Group name in assertion statement.
- idp
Cert String - IDP Certificate name.
- idp
Entity StringId - IDP entity ID.
- idp
Single StringLogout Url - IDP single logout url.
- idp
Single StringSign On Url - IDP single sign-on URL.
- limit
Relaystate String - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - reauth String
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients List<String> - SCIM client name.
- single
Logout StringUrl - SP single logout URL.
- single
Sign StringOn Url - SP single sign-on URL.
- user
Claim StringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name String - User name in assertion statement.
- _
scopes ObjectUser Saml Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - adfs
Claim string - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - auth
Url string - URL to verify authentication.
- cert string
- Certificate to sign SAML messages.
- clock
Tolerance number - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method string - Digest method algorithm (default = sha1). Valid values:
sha1,sha256. - entity
Id string - SP entity ID.
- group
Claim stringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name string - Group name in assertion statement.
- idp
Cert string - IDP Certificate name.
- idp
Entity stringId - IDP entity ID.
- idp
Single stringLogout Url - IDP single logout url.
- idp
Single stringSign On Url - IDP single sign-on URL.
- limit
Relaystate string - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - reauth string
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients string[] - SCIM client name.
- single
Logout stringUrl - SP single logout URL.
- single
Sign stringOn Url - SP single sign-on URL.
- user
Claim stringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name string - User name in assertion statement.
- _
scopes Sequence[ObjectUser Saml Dynamic Mapping_Scope] - _Scope. The structure of
_scopeblock is documented below. - adfs_
claim str - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - auth_
url str - URL to verify authentication.
- cert str
- Certificate to sign SAML messages.
- clock_
tolerance float - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest_
method str - Digest method algorithm (default = sha1). Valid values:
sha1,sha256. - entity_
id str - SP entity ID.
- group_
claim_ strtype - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group_
name str - Group name in assertion statement.
- idp_
cert str - IDP Certificate name.
- idp_
entity_ strid - IDP entity ID.
- idp_
single_ strlogout_ url - IDP single logout url.
- idp_
single_ strsign_ on_ url - IDP single sign-on URL.
- limit_
relaystate str - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - reauth str
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim_
clients Sequence[str] - SCIM client name.
- single_
logout_ strurl - SP single logout URL.
- single_
sign_ stron_ url - SP single sign-on URL.
- user_
claim_ strtype - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user_
name str - User name in assertion statement.
- _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - adfs
Claim String - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values:
disable,enable. - auth
Url String - URL to verify authentication.
- cert String
- Certificate to sign SAML messages.
- clock
Tolerance Number - Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
- digest
Method String - Digest method algorithm (default = sha1). Valid values:
sha1,sha256. - entity
Id String - SP entity ID.
- group
Claim StringType - Group claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - group
Name String - Group name in assertion statement.
- idp
Cert String - IDP Certificate name.
- idp
Entity StringId - IDP entity ID.
- idp
Single StringLogout Url - IDP single logout url.
- idp
Single StringSign On Url - IDP single sign-on URL.
- limit
Relaystate String - Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values:
disable,enable. - reauth String
- Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values:
disable,enable. - scim
Clients List<String> - SCIM client name.
- single
Logout StringUrl - SP single logout URL.
- single
Sign StringOn Url - SP single sign-on URL.
- user
Claim StringType - User name claim in assertion statement. Valid values:
email,given-name,name,upn,common-name,email-adfs-1x,group,upn-adfs-1x,role,sur-name,ppid,name-identifier,authentication-method,deny-only-group-sid,deny-only-primary-sid,deny-only-primary-group-sid,group-sid,primary-group-sid,primary-sid,windows-account-name. - user
Name String - User name in assertion statement.
ObjectUserSamlDynamicMapping_Scope, ObjectUserSamlDynamicMapping_ScopeArgs
, ObjectUserSamlDynamicMapping_ScopeArgs
Import
ObjectUser Saml can be imported using any of these accepted formats:
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectUserSaml:ObjectUserSaml labelname {{name}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev