Docs Home
zitadel v0.2.0 published on Monday, Mar 24, 2025 by pulumiverse
zitadel.IdpSaml
Explore with Pulumi AI
Resource representing a SAML IDP on the instance.
Loading the XML Metadata
If you don’t want to pass the XML metadata inline, you have plenty of options. For example:
- local_file Data Source
- http Data Source
- terracurl_request Data Source
- …
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zitadel = Pulumiverse.Zitadel;
return await Deployment.RunAsync(() =>
{
var @default = new Zitadel.IdpSaml("default", new()
{
Name = "LDAP",
Binding = "SAML_BINDING_POST",
WithSignedRequest = true,
IsLinkingAllowed = false,
IsCreationAllowed = true,
IsAutoCreation = false,
IsAutoUpdate = true,
MetadataXml = @"<?xml version=""1.0"" encoding=""UTF-8"" standalone=""no""?>
<md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" entityID=""https://saml.example.com/entityid"" validUntil=""2034-05-15T14:21:58.979Z"">
<md:IDPSSODescriptor WantAuthnRequestsSigned=""true"" protocolSupportEnumeration=""urn:oasis:names:tc:SAML:2.0:protocol"">
<md:KeyDescriptor use=""signing"">
<ds:KeyInfo xmlns:ds=""http://www.w3.org/2000/09/xmldsig#"">
<ds:X509Data>
<ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://mocksaml.com/api/saml/sso""/>
<md:SingleSignOnService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"" Location=""https://mocksaml.com/api/saml/sso""/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
",
});
});
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-zitadel/sdk/go/zitadel"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := zitadel.NewIdpSaml(ctx, "default", &zitadel.IdpSamlArgs{
Name: pulumi.String("LDAP"),
Binding: pulumi.String("SAML_BINDING_POST"),
WithSignedRequest: pulumi.Bool(true),
IsLinkingAllowed: pulumi.Bool(false),
IsCreationAllowed: pulumi.Bool(true),
IsAutoCreation: pulumi.Bool(false),
IsAutoUpdate: pulumi.Bool(true),
MetadataXml: pulumi.String(`<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
`),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zitadel.IdpSaml;
import com.pulumi.zitadel.IdpSamlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new IdpSaml("default", IdpSamlArgs.builder()
.name("LDAP")
.binding("SAML_BINDING_POST")
.withSignedRequest(true)
.isLinkingAllowed(false)
.isCreationAllowed(true)
.isAutoCreation(false)
.isAutoUpdate(true)
.metadataXml("""
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
""")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as zitadel from "@pulumiverse/zitadel";
const _default = new zitadel.IdpSaml("default", {
name: "LDAP",
binding: "SAML_BINDING_POST",
withSignedRequest: true,
isLinkingAllowed: false,
isCreationAllowed: true,
isAutoCreation: false,
isAutoUpdate: true,
metadataXml: `<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
`,
});
import pulumi
import pulumiverse_zitadel as zitadel
default = zitadel.IdpSaml("default",
name="LDAP",
binding="SAML_BINDING_POST",
with_signed_request=True,
is_linking_allowed=False,
is_creation_allowed=True,
is_auto_creation=False,
is_auto_update=True,
metadata_xml="""<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
""")
resources:
default:
type: zitadel:IdpSaml
properties:
name: LDAP
binding: SAML_BINDING_POST
withSignedRequest: true
isLinkingAllowed: false
isCreationAllowed: true
isAutoCreation: false
isAutoUpdate: true
metadataXml: |
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.example.com/entityid" validUntil="2034-05-15T14:21:58.979Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mocksaml.com/api/saml/sso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mocksaml.com/api/saml/sso"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
Create IdpSaml Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IdpSaml(name: string, args: IdpSamlArgs, opts?: CustomResourceOptions);@overload
def IdpSaml(resource_name: str,
args: IdpSamlArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IdpSaml(resource_name: str,
opts: Optional[ResourceOptions] = None,
is_auto_creation: Optional[bool] = None,
is_auto_update: Optional[bool] = None,
is_creation_allowed: Optional[bool] = None,
is_linking_allowed: Optional[bool] = None,
metadata_xml: Optional[str] = None,
binding: Optional[str] = None,
name: Optional[str] = None,
with_signed_request: Optional[bool] = None)func NewIdpSaml(ctx *Context, name string, args IdpSamlArgs, opts ...ResourceOption) (*IdpSaml, error)public IdpSaml(string name, IdpSamlArgs args, CustomResourceOptions? opts = null)
public IdpSaml(String name, IdpSamlArgs args)
public IdpSaml(String name, IdpSamlArgs args, CustomResourceOptions options)
type: zitadel:IdpSaml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IdpSamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IdpSamlArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IdpSamlArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IdpSamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IdpSamlArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var idpSamlResource = new Zitadel.IdpSaml("idpSamlResource", new()
{
IsAutoCreation = false,
IsAutoUpdate = false,
IsCreationAllowed = false,
IsLinkingAllowed = false,
MetadataXml = "string",
Binding = "string",
Name = "string",
WithSignedRequest = false,
});
example, err := zitadel.NewIdpSaml(ctx, "idpSamlResource", &zitadel.IdpSamlArgs{
IsAutoCreation: pulumi.Bool(false),
IsAutoUpdate: pulumi.Bool(false),
IsCreationAllowed: pulumi.Bool(false),
IsLinkingAllowed: pulumi.Bool(false),
MetadataXml: pulumi.String("string"),
Binding: pulumi.String("string"),
Name: pulumi.String("string"),
WithSignedRequest: pulumi.Bool(false),
})
var idpSamlResource = new IdpSaml("idpSamlResource", IdpSamlArgs.builder()
.isAutoCreation(false)
.isAutoUpdate(false)
.isCreationAllowed(false)
.isLinkingAllowed(false)
.metadataXml("string")
.binding("string")
.name("string")
.withSignedRequest(false)
.build());
idp_saml_resource = zitadel.IdpSaml("idpSamlResource",
is_auto_creation=False,
is_auto_update=False,
is_creation_allowed=False,
is_linking_allowed=False,
metadata_xml="string",
binding="string",
name="string",
with_signed_request=False)
const idpSamlResource = new zitadel.IdpSaml("idpSamlResource", {
isAutoCreation: false,
isAutoUpdate: false,
isCreationAllowed: false,
isLinkingAllowed: false,
metadataXml: "string",
binding: "string",
name: "string",
withSignedRequest: false,
});
type: zitadel:IdpSaml
properties:
binding: string
isAutoCreation: false
isAutoUpdate: false
isCreationAllowed: false
isLinkingAllowed: false
metadataXml: string
name: string
withSignedRequest: false
IdpSaml Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IdpSaml resource accepts the following input properties:
- Is
Auto boolCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- Is
Auto boolUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- Is
Creation boolAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- Is
Linking boolAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- Metadata
Xml string - The metadata XML as plain string
- Binding string
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- Name string
- Name of the IDP
- With
Signed boolRequest - Whether the SAML IDP requires signed requests
- Is
Auto boolCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- Is
Auto boolUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- Is
Creation boolAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- Is
Linking boolAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- Metadata
Xml string - The metadata XML as plain string
- Binding string
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- Name string
- Name of the IDP
- With
Signed boolRequest - Whether the SAML IDP requires signed requests
- is
Auto BooleanCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- is
Auto BooleanUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- is
Creation BooleanAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- is
Linking BooleanAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- metadata
Xml String - The metadata XML as plain string
- binding String
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- name String
- Name of the IDP
- with
Signed BooleanRequest - Whether the SAML IDP requires signed requests
- is
Auto booleanCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- is
Auto booleanUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- is
Creation booleanAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- is
Linking booleanAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- metadata
Xml string - The metadata XML as plain string
- binding string
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- name string
- Name of the IDP
- with
Signed booleanRequest - Whether the SAML IDP requires signed requests
- is_
auto_ boolcreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- is_
auto_ boolupdate - enable if a the ZITADEL account fields should be updated automatically on each login
- is_
creation_ boolallowed - enable if users should be able to create a new account in ZITADEL when using an external account
- is_
linking_ boolallowed - enable if users should be able to link an existing ZITADEL user with an external account
- metadata_
xml str - The metadata XML as plain string
- binding str
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- name str
- Name of the IDP
- with_
signed_ boolrequest - Whether the SAML IDP requires signed requests
- is
Auto BooleanCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- is
Auto BooleanUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- is
Creation BooleanAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- is
Linking BooleanAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- metadata
Xml String - The metadata XML as plain string
- binding String
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- name String
- Name of the IDP
- with
Signed BooleanRequest - Whether the SAML IDP requires signed requests
Outputs
All input properties are implicitly available as output properties. Additionally, the IdpSaml resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing IdpSaml Resource
Get an existing IdpSaml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IdpSamlState, opts?: CustomResourceOptions): IdpSaml@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
binding: Optional[str] = None,
is_auto_creation: Optional[bool] = None,
is_auto_update: Optional[bool] = None,
is_creation_allowed: Optional[bool] = None,
is_linking_allowed: Optional[bool] = None,
metadata_xml: Optional[str] = None,
name: Optional[str] = None,
with_signed_request: Optional[bool] = None) -> IdpSamlfunc GetIdpSaml(ctx *Context, name string, id IDInput, state *IdpSamlState, opts ...ResourceOption) (*IdpSaml, error)public static IdpSaml Get(string name, Input<string> id, IdpSamlState? state, CustomResourceOptions? opts = null)public static IdpSaml get(String name, Output<String> id, IdpSamlState state, CustomResourceOptions options)resources: _: type: zitadel:IdpSaml get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Binding string
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- Is
Auto boolCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- Is
Auto boolUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- Is
Creation boolAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- Is
Linking boolAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- Metadata
Xml string - The metadata XML as plain string
- Name string
- Name of the IDP
- With
Signed boolRequest - Whether the SAML IDP requires signed requests
- Binding string
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- Is
Auto boolCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- Is
Auto boolUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- Is
Creation boolAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- Is
Linking boolAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- Metadata
Xml string - The metadata XML as plain string
- Name string
- Name of the IDP
- With
Signed boolRequest - Whether the SAML IDP requires signed requests
- binding String
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- is
Auto BooleanCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- is
Auto BooleanUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- is
Creation BooleanAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- is
Linking BooleanAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- metadata
Xml String - The metadata XML as plain string
- name String
- Name of the IDP
- with
Signed BooleanRequest - Whether the SAML IDP requires signed requests
- binding string
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- is
Auto booleanCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- is
Auto booleanUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- is
Creation booleanAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- is
Linking booleanAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- metadata
Xml string - The metadata XML as plain string
- name string
- Name of the IDP
- with
Signed booleanRequest - Whether the SAML IDP requires signed requests
- binding str
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- is_
auto_ boolcreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- is_
auto_ boolupdate - enable if a the ZITADEL account fields should be updated automatically on each login
- is_
creation_ boolallowed - enable if users should be able to create a new account in ZITADEL when using an external account
- is_
linking_ boolallowed - enable if users should be able to link an existing ZITADEL user with an external account
- metadata_
xml str - The metadata XML as plain string
- name str
- Name of the IDP
- with_
signed_ boolrequest - Whether the SAML IDP requires signed requests
- binding String
- The binding, supported values: SAMLBINDINGUNSPECIFIED, SAMLBINDINGPOST, SAMLBINDINGREDIRECT, SAMLBINDINGARTIFACT
- is
Auto BooleanCreation - enable if a new account in ZITADEL should be created automatically on login with an external account
- is
Auto BooleanUpdate - enable if a the ZITADEL account fields should be updated automatically on each login
- is
Creation BooleanAllowed - enable if users should be able to create a new account in ZITADEL when using an external account
- is
Linking BooleanAllowed - enable if users should be able to link an existing ZITADEL user with an external account
- metadata
Xml String - The metadata XML as plain string
- name String
- Name of the IDP
- with
Signed BooleanRequest - Whether the SAML IDP requires signed requests
Import
bash The resource can be imported using the ID format <id>, e.g.
$ pulumi import zitadel:index/idpSaml:IdpSaml imported '123456789012345678'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zitadel pulumiverse/pulumi-zitadel
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
zitadelTerraform Provider.