Name | Type | Description | Notes |
---|---|---|---|
name | String | Source's display Name. | [optional] |
slug | String | Internal source name, used in URLs. | [optional] |
enabled | Bool | [optional] | |
authenticationFlow | UUID | Flow to use when authenticating existing users. | [optional] |
enrollmentFlow | UUID | Flow to use when enrolling new users. | [optional] |
policyEngineMode | PolicyEngineMode | [optional] | |
userMatchingMode | UserMatchingModeEnum | How the source determines if an existing user should be authenticated or a new user enrolled. * `identifier` - Use the source-specific identifier * `email_link` - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses. * `email_deny` - Use the user's email address, but deny enrollment when the email address already exists. * `username_link` - Link to a user with identical username. Can have security implications when a username is used with another source. * `username_deny` - Use the user's username, but deny enrollment when the username already exists. | [optional] |
userPathTemplate | String | [optional] | |
preAuthenticationFlow | UUID | Flow used before authentication. | [optional] |
issuer | String | Also known as Entity ID. Defaults the Metadata URL. | [optional] |
ssoUrl | String | URL that the initial Login request is sent to. | [optional] |
sloUrl | String | Optional URL if your IDP supports Single-Logout. | [optional] |
allowIdpInitiated | Bool | Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. | [optional] |
nameIdPolicy | NameIdPolicyEnum | NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent. * `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` - Email * `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` - Persistent * `urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName` - X509 * `urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName` - Windows * `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` - Transient | [optional] |
bindingType | BindingTypeEnum | [optional] | |
verificationKp | UUID | When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. | [optional] |
signingKp | UUID | Keypair used to sign outgoing Responses going to the Identity Provider. | [optional] |
digestAlgorithm | DigestAlgorithmEnum | [optional] | |
signatureAlgorithm | SignatureAlgorithmEnum | [optional] | |
temporaryUserDeleteAfter | String | Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3). | [optional] |
This repository has been archived by the owner on Apr 17, 2024. It is now read-only.