Skip to content

Commit

Permalink
Add support for DecryptionKey on SAML Connection Options
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiught committed Jul 25, 2023
1 parent b3afba9 commit 93b6a2a
Show file tree
Hide file tree
Showing 10 changed files with 176 additions and 69 deletions.
10 changes: 10 additions & 0 deletions docs/data-sources/connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ Read-Only:
- `configuration` (Map of String)
- `custom_scripts` (Map of String)
- `debug` (Boolean)
- `decryption_key` (List of Object) (see [below for nested schema](#nestedobjatt--options--decryption_key))
- `digest_algorithm` (String)
- `disable_cache` (Boolean)
- `disable_self_service_change_password` (Boolean)
Expand Down Expand Up @@ -134,6 +135,15 @@ Read-Only:
- `waad_common_endpoint` (Boolean)
- `waad_protocol` (String)

<a id="nestedobjatt--options--decryption_key"></a>
### Nested Schema for `options.decryption_key`

Read-Only:

- `cert` (String)
- `key` (String)


<a id="nestedobjatt--options--gateway_authentication"></a>
### Nested Schema for `options.gateway_authentication`

Expand Down
22 changes: 20 additions & 2 deletions docs/resources/connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -484,17 +484,25 @@ resource "auth0_connection" "samlp" {
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
EOF
metadata_url = "https://saml.provider/imi/ns/FederationMetadata.xml" # Use either metadata_url or metadata_xml but not simultanteously
EOF
metadata_url = "https://saml.provider/imi/ns/FederationMetadata.xml" # Use either metadata_url or metadata_xml, but not both.
fields_map = jsonencode({
"name" : ["name", "nameidentifier"]
"email" : ["emailaddress", "nameidentifier"]
"family_name" : "surname"
})
signing_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}
decryption_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}
idp_initiated {
client_id = "client_id"
client_protocol = "samlp"
Expand Down Expand Up @@ -629,6 +637,7 @@ Optional:
- `configuration` (Map of String, Sensitive) A case-sensitive map of key value pairs used as configuration variables for the `custom_script`.
- `custom_scripts` (Map of String) A map of scripts used to integrate with a custom database.
- `debug` (Boolean) When enabled, additional debug information will be generated.
- `decryption_key` (Block List, Max: 1) The key used to decrypt encrypted responses from the connection. Uses the `key` and `cert` properties to provide the private key and certificate respectively. (see [below for nested schema](#nestedblock--options--decryption_key))
- `digest_algorithm` (String) Sign Request Algorithm Digest.
- `disable_cache` (Boolean) Indicates whether to disable the cache or not.
- `disable_self_service_change_password` (Boolean) Indicates whether to remove the forgot password link within the New Universal Login.
Expand Down Expand Up @@ -703,6 +712,15 @@ Optional:
- `waad_common_endpoint` (Boolean) Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- `waad_protocol` (String) Protocol to use.

<a id="nestedblock--options--decryption_key"></a>
### Nested Schema for `options.decryption_key`

Required:

- `cert` (String)
- `key` (String)


<a id="nestedblock--options--gateway_authentication"></a>
### Nested Schema for `options.gateway_authentication`

Expand Down
12 changes: 10 additions & 2 deletions examples/resources/auth0_connection/resource_with_saml.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,25 @@ resource "auth0_connection" "samlp" {
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
EOF
metadata_url = "https://saml.provider/imi/ns/FederationMetadata.xml" # Use either metadata_url or metadata_xml but not simultanteously
EOF
metadata_url = "https://saml.provider/imi/ns/FederationMetadata.xml" # Use either metadata_url or metadata_xml, but not both.

fields_map = jsonencode({
"name" : ["name", "nameidentifier"]
"email" : ["emailaddress", "nameidentifier"]
"family_name" : "surname"
})

signing_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}

decryption_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}

idp_initiated {
client_id = "client_id"
client_protocol = "samlp"
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/auth0/terraform-provider-auth0
go 1.20

require (
github.com/auth0/go-auth0 v1.0.0-beta.0
github.com/auth0/go-auth0 v0.0.0-20230725103029-dbbff32236a1
github.com/google/go-cmp v0.5.9
github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
github.com/hashicorp/go-multierror v1.1.1
Expand Down
9 changes: 9 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkE
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/auth0/go-auth0 v0.0.0-20230725103029-dbbff32236a1 h1:5UAS3lTJwvsHw85kFb7vBVhKC58/FoMymc9l6q5aXm4=
github.com/auth0/go-auth0 v0.0.0-20230725103029-dbbff32236a1/go.mod h1:7OZQ4Jq33xbeMHI1ohaC8BKOW71kkaWWREILoh9vu+0=
github.com/auth0/go-auth0 v1.0.0-beta.0 h1:D6yfH9kI4oU++7uvGZfpCe4UA8ria8e7dBcv470x6p8=
github.com/auth0/go-auth0 v1.0.0-beta.0/go.mod h1:7OZQ4Jq33xbeMHI1ohaC8BKOW71kkaWWREILoh9vu+0=
github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48=
Expand All @@ -41,6 +43,7 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
Expand Down Expand Up @@ -112,6 +115,7 @@ github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
Expand All @@ -120,6 +124,7 @@ github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
Expand All @@ -136,6 +141,7 @@ github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2c
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
Expand All @@ -156,6 +162,7 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
Expand Down Expand Up @@ -183,6 +190,7 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0=
github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=
github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
Expand Down Expand Up @@ -242,6 +250,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/dnaeon/go-vcr.v3 v3.1.2 h1:F1smfXBqQqwpVifDfUBQG6zzaGjzT+EnVZakrOdr5wA=
gopkg.in/dnaeon/go-vcr.v3 v3.1.2/go.mod h1:2IMOnnlx9I6u9x+YBsM3tAMx6AlOxnJ0pWxQAzZ79Ag=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
Expand Down
9 changes: 9 additions & 0 deletions internal/auth0/connection/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -701,6 +701,15 @@ func expandConnectionOptionsSAML(config cty.Value) (*management.ConnectionOption
return stop
})

config.GetAttr("decryption_key").ForEachElement(func(_ cty.Value, key cty.Value) (stop bool) {
options.DecryptionKey = &management.ConnectionOptionsSAMLDecryptionKey{
Cert: value.String(key.GetAttr("cert")),
Key: value.String(key.GetAttr("key")),
}

return stop
})

var err error

options.FieldsMap, err = value.MapFromJSON(config.GetAttr("fields_map"))
Expand Down
13 changes: 11 additions & 2 deletions internal/auth0/connection/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -643,8 +643,17 @@ func flattenConnectionOptionsSAML(
if options.SigningKey != nil {
m["signing_key"] = []interface{}{
map[string]interface{}{
"key": options.SigningKey.GetKey(),
"cert": options.SigningKey.GetCert(),
"key": options.GetSigningKey().GetKey(),
"cert": options.GetSigningKey().GetCert(),
},
}
}

if options.DecryptionKey != nil {
m["decryption_key"] = []interface{}{
map[string]interface{}{
"key": options.GetDecryptionKey().GetKey(),
"cert": options.GetDecryptionKey().GetCert(),
},
}
}
Expand Down
79 changes: 52 additions & 27 deletions internal/auth0/connection/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1712,6 +1712,9 @@ func TestAccConnectionSAML(t *testing.T) {
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.signing_key.#", "1"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.signing_key.0.cert", "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.signing_key.0.key", "-----BEGIN PRIVATE KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.#", "1"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.0.key", "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.0.cert", "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.set_user_root_attributes", "on_each_login"),
),
Expand All @@ -1733,6 +1736,9 @@ func TestAccConnectionSAML(t *testing.T) {
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.signing_key.#", "0"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.upstream_params", ""),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.set_user_root_attributes", "on_first_login"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.#", "1"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.0.key", "-----BEGIN PRIVATE KEY-----\n...{your updated private key here}...\n-----END PRIVATE KEY-----"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.0.cert", "-----BEGIN CERTIFICATE-----\n...{your updated public key cert here}...\n-----END CERTIFICATE-----"),
),
},
},
Expand All @@ -1741,40 +1747,51 @@ func TestAccConnectionSAML(t *testing.T) {

const testConnectionSAMLConfigCreate = `
resource "auth0_connection" "my_connection" {
name = "Acceptance-Test-SAML-{{.testName}}"
display_name = "Acceptance-Test-SAML-{{.testName}}"
strategy = "samlp"
name = "Acceptance-Test-SAML-{{.testName}}"
display_name = "Acceptance-Test-SAML-{{.testName}}"
strategy = "samlp"
show_as_button = false
options {
signing_key {
key = "-----BEGIN PRIVATE KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"
cert = "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"
}
disable_sign_out = false
user_id_attribute = "https://saml.provider/imi/ns/identity-200810"
tenant_domain = "example.com"
domain_aliases = ["example.com", "example.coz"]
protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
request_template = "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n@@AssertServiceURLAndDestination@@\n ID=\"@@ID@@\"\n IssueInstant=\"@@IssueInstant@@\"\n ProtocolBinding=\"@@ProtocolBinding@@\" Version=\"2.0\">\n <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@@Issuer@@</saml:Issuer>\n</samlp:AuthnRequest>"
signature_algorithm = "rsa-sha256"
digest_algorithm = "sha256"
icon_url = "https://example.com/logo.svg"
decryption_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}
disable_sign_out = false
user_id_attribute = "https://saml.provider/imi/ns/identity-200810"
tenant_domain = "example.com"
domain_aliases = ["example.com", "example.coz"]
protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
request_template = "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n@@AssertServiceURLAndDestination@@\n ID=\"@@ID@@\"\n IssueInstant=\"@@IssueInstant@@\"\n ProtocolBinding=\"@@ProtocolBinding@@\" Version=\"2.0\">\n <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@@Issuer@@</saml:Issuer>\n</samlp:AuthnRequest>"
signature_algorithm = "rsa-sha256"
digest_algorithm = "sha256"
icon_url = "https://example.com/logo.svg"
set_user_root_attributes = "on_each_login"
fields_map = jsonencode({
"name": ["name", "nameidentifier"]
"email": ["emailaddress", "nameidentifier"]
"family_name": "surname"
})
upstream_params = jsonencode({
"screen_name": {
"alias": "login_hint"
}
})
idp_initiated {
client_id = "client_id"
client_protocol = "samlp"
client_id = "client_id"
client_protocol = "samlp"
client_authorize_query = "type=code&timeout=30"
}
metadata_xml = <<EOF
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://example.com">
Expand Down Expand Up @@ -1818,30 +1835,38 @@ resource "auth0_connection" "my_connection" {

const testConnectionSAMLConfigUpdate = `
resource "auth0_connection" "my_connection" {
name = "Acceptance-Test-SAML-{{.testName}}"
display_name = "Acceptance-Test-SAML-{{.testName}}"
strategy = "samlp"
name = "Acceptance-Test-SAML-{{.testName}}"
display_name = "Acceptance-Test-SAML-{{.testName}}"
strategy = "samlp"
show_as_button = true
options {
disable_sign_out = true
tenant_domain = "example.com"
domain_aliases = ["example.com", "example.coz"]
protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
signature_algorithm = "rsa-sha256"
digest_algorithm = "sha256"
entity_id = "example"
disable_sign_out = true
tenant_domain = "example.com"
domain_aliases = ["example.com", "example.coz"]
protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
signature_algorithm = "rsa-sha256"
digest_algorithm = "sha256"
entity_id = "example"
set_user_root_attributes = "on_first_login"
metadata_url = "https://raw.githubusercontent.com/auth0/terraform-provider-auth0/132b28c30dfafbe018db0efe3ce2c98c452d4f9c/test/data/saml_metadata.xml" # dictates 'sign_in_endpoint' and 'sign_in_endpoint'
fields_map = jsonencode({
"name": ["name"]
"email": ["emailaddress", "nameidentifier"]
"family_name": "appelido"
})
idp_initiated {
client_id = "client_id"
client_protocol = "samlp"
client_id = "client_id"
client_protocol = "samlp"
client_authorize_query = "type=code&timeout=60"
}
metadata_url = "https://raw.githubusercontent.com/auth0/terraform-provider-auth0/132b28c30dfafbe018db0efe3ce2c98c452d4f9c/test/data/saml_metadata.xml" # dictates 'sign_in_endpoint' and 'sign_in_endpoint'
decryption_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your updated private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your updated public key cert here}...\n-----END CERTIFICATE-----"
}
}
}
`
Expand Down
Loading

0 comments on commit 93b6a2a

Please sign in to comment.