Policy \ Fragment resources - input_user_id_mapping doesn't allow for userIdAuthenticated flag

[cprice-ping]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform 1.2.8

Affected Resource(s)

• pingfederate_authentication_policy_fragment

Terraform Configuration Files

resource "pingfederate_authentication_policy_fragment" "id_first" {
  name        = "IdentityFirst"
  description = "Used for Internal Authentication"
  inputs {
    id = pingfederate_authentication_policy_contract.fragment_subject.id
  }
  outputs {
    id = pingfederate_authentication_policy_contract.fragment_subject.id
  }

  root_node {
    action {
      type = "AUTHN_SOURCE"
      authentication_source {
        type = "IDP_ADAPTER"
        source_ref {
          id = pingfederate_idp_adapter.identifier_first.id
        }
      }
      input_user_id_mapping {
        source {
          type = "INPUTS"
          id   = "Inputs"
        }
        value = "subject"
      }
      # user_id_authenticated = false
    }
    children {
      action {
        type    = "DONE"
        context = "Fail"
      }
    }
    children {
      action {
        type    = "APC_MAPPING"
        context = "Success"
        authentication_policy_contract_ref {
          id = pingfederate_authentication_policy_contract.fragment_subject.id
        }
        attribute_mapping {
          attribute_contract_fulfillment {
            key_name = "subject"
            source {
              type = "ADAPTER"
              id   = pingfederate_idp_adapter.identifier_first.id
            }
            value = "uid"
          }
        }
      }
    }
  }
}

Debug Output

https://gist.github.com/cprice-ping/b836c9365e9c8b4eadb8f49ed7f44478

Panic Output

Expected Behavior

Is User Authenticated checkbox checked (or unchecked)

Actual Behavior

I'm not sure if this is a documentation problem or a provider one.
I can add the Incoming User option, but not check the box for whether the User was previously authenticated. Some of the Adapters need this (PID \ Risk \ Verify) to react accordingly.

I get this error:

│ Error: Unsupported argument
│ 
│   on facile-pingfed-policy.tf line 353, in resource "pingfederate_authentication_policy_fragment" "id_first":
│  353:         user_id_authenticated = false
│ 
│ An argument named "user_id_authenticated" is not expected here.

Documentation for this resource mentions input_user_id_mapping -- but doesn't have the contents of this block

Steps to Reproduce

1. In the action block, added a input_user_id_mapping block2.
2. Added a user_id_authenticated = false line to the block (commented out above)
3. terraform apply

Important Factoids

References

The Admin API itself defines this action as:

"action": {
          "type": "AUTHN_SOURCE",
          "authenticationSource": {
            "type": "IDP_ADAPTER",
            "sourceRef": {
              "id": "IDFirst"
            }
          },
          "inputUserIdMapping": {
            "source": {
              "type": "INPUTS",
              "id": "Inputs"
            },
            "value": "subject"
          },
          "userIdAuthenticated": false
        }

• #0000

[iwarapter]

fixed with https://github.com/iwarapter/terraform-provider-pingfederate/releases/tag/v0.1.0