iamtf_app_agent

app_location

application location. Base application URL, i.e. https://myapp.com

  • type: String
  • required

app_slo_location

Application single logout location

  • type: String
  • optional: true

dashboard_url

Application URL used to display error information (combined with error_binding)

  • type: String
  • optional: true

default_resource

application default resource (after SSO/SLO) i.e. https://myapp.com/home

  • type: String
  • optional: true

description

Application description

  • type: String
  • optional: true
  • computed: true

error_binding

how errors are displayed to users (combined with dashboard_url)

  • type: String
  • optional: true

exec_env

name of the execution environment resource

  • type: String
  • required

ida

Identity appliance name

  • type: String
  • required

idp

SP to IDP SAML 2 settings

  • type: List
  • optional: true
  • computed: true

is_preferred

identifies this IdP as the preferred one (only one IdP must be set to preferred)

  • type: Bool
  • optional: true

name

name of the trusted IdP

  • type: String
  • required

saml2

SP SAML 2 settings

  • type: List
  • optional: true
  • computed: true

account_linkage

account linkage: which attribute to use as UID from the IdP.

  • type: String
  • optional: true
  • computed: true

account_linkage_name

account linkage name, only valid when account_linkage is set to CUSTOM

  • type: String
  • optional: true

bindings

enabled SAML bindings

  • type: List
  • optional: true
  • computed: true
artifact

use Artifact binding

  • type: Bool
  • optional: true
http_post

use HTTP POST binding

  • type: Bool
  • optional: true
http_redirect

use HTTP REDIRECT binding

  • type: Bool
  • optional: true
local

use LOCAL binding

  • type: Bool
  • optional: true
soap

use SOAP binding

  • type: Bool
  • optional: true

identity_mapping

how the user identity should be mapped for this SP. LOCAL means that the user claims will be retrieved from an identity source connected to the SP. REMOTE means that claims from the IdP will be used. MERGE is a mix of both claim sets (LOCAL and REMOTE)

  • type: String
  • optional: true
  • computed: true

identity_mapping_localid

Use local SP user identifier even when REMOTE is configured

  • type: Bool
  • optional: true

identiyt_mapping_name

identity mapping name, only valid when identity_mapping is set to CUSTOM

  • type: String
  • optional: true

message_ttl

SAML message time to live

  • type: Int
  • optional: true
  • computed: true

message_ttl_tolerance

SAML message time to live tolerance

  • type: Int
  • optional: true
  • computed: true

sign_authentication_requests

sign authentication requests issued to IdPs

  • type: Bool
  • optional: true
  • computed: true

sign_requests

sign requests issued to IdPs

  • type: Bool
  • optional: true
  • computed: true

signature_hash

saml signature hash algorithm

  • type: String
  • optional: true
  • computed: true

want_assertion_signed

require signed assertions from IdPs

  • type: Bool
  • optional: true
  • computed: true

ignored_web_resources

list of URL patterns not subject to SSO control (space sperated)

  • type: Set
  • optional: true

keystore

Keystore configuration. A single keystore containing the private key and certificate is supported.

  • type: List
  • required

alias

Certificate and private key alias (optional)

  • type: String
  • optional: true

key_password

PKCS12 private key password (optional, the store password is used if not present)

  • type: String
  • optional: true

password

PKCS12 keystore password

  • type: String
  • required

resource

PKCS12 keystore in base64 format

  • type: String
  • required

name

Application name

  • type: String
  • required

saml2

SP SAML 2 settings

  • type: List
  • optional: true
  • computed: true

account_linkage

account linkage: which attribute to use as UID from the IdP.

  • type: String
  • optional: true
  • computed: true

account_linkage_name

account linkage name, only valid when account_linkage is set to CUSTOM

  • type: String
  • optional: true

bindings

enabled SAML bindings

  • type: List
  • optional: true
  • computed: true

artifact

use Artifact binding

  • type: Bool
  • optional: true

http_post

use HTTP POST binding

  • type: Bool
  • optional: true

http_redirect

use HTTP REDIRECT binding

  • type: Bool
  • optional: true

local

use LOCAL binding

  • type: Bool
  • optional: true

soap

use SOAP binding

  • type: Bool
  • optional: true

identity_mapping

how the user identity should be mapped for this SP. LOCAL means that the user claims will be retrieved from an identity source connected to the SP. REMOTE means that claims from the IdP will be used. MERGE is a mix of both claim sets (LOCAL and REMOTE)

  • type: String
  • optional: true
  • computed: true

identity_mapping_localid

Use local SP user identifier even when REMOTE is configured

  • type: Bool
  • optional: true

identiyt_mapping_name

identity mapping name, only valid when identity_mapping is set to CUSTOM

  • type: String
  • optional: true

message_ttl

SAML message time to live

  • type: Int
  • optional: true
  • computed: true

message_ttl_tolerance

SAML message time to live tolerance

  • type: Int
  • optional: true
  • computed: true

sign_authentication_requests

sign authentication requests issued to IdPs

  • type: Bool
  • optional: true
  • computed: true

sign_requests

sign requests issued to IdPs

  • type: Bool
  • optional: true
  • computed: true

signature_hash

saml signature hash algorithm

  • type: String
  • optional: true
  • computed: true

want_assertion_signed

require signed assertions from IdPs

  • type: Bool
  • optional: true
  • computed: true

sp_id

Service provider ID. The name of the SP that will be associated with the application

  • type: String
  • computed: true
Last Updated:
Contributors: Sebastian