Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DXCDT-493: Add support for DecryptionKey on SAML Connection Options #755

Merged
merged 2 commits into from
Jul 28, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions docs/data-sources/connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ Read-Only:
- `configuration` (Map of String)
- `custom_scripts` (Map of String)
- `debug` (Boolean)
- `decryption_key` (List of Object) (see [below for nested schema](#nestedobjatt--options--decryption_key))
- `digest_algorithm` (String)
- `disable_cache` (Boolean)
- `disable_self_service_change_password` (Boolean)
Expand Down Expand Up @@ -134,6 +135,15 @@ Read-Only:
- `waad_common_endpoint` (Boolean)
- `waad_protocol` (String)

<a id="nestedobjatt--options--decryption_key"></a>
### Nested Schema for `options.decryption_key`

Read-Only:

- `cert` (String)
- `key` (String)


<a id="nestedobjatt--options--gateway_authentication"></a>
### Nested Schema for `options.gateway_authentication`

Expand Down
22 changes: 20 additions & 2 deletions docs/resources/connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -484,17 +484,25 @@ resource "auth0_connection" "samlp" {
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
EOF
metadata_url = "https://saml.provider/imi/ns/FederationMetadata.xml" # Use either metadata_url or metadata_xml but not simultanteously
EOF
metadata_url = "https://saml.provider/imi/ns/FederationMetadata.xml" # Use either metadata_url or metadata_xml, but not both.
fields_map = jsonencode({
"name" : ["name", "nameidentifier"]
"email" : ["emailaddress", "nameidentifier"]
"family_name" : "surname"
})
signing_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}
decryption_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}
idp_initiated {
client_id = "client_id"
client_protocol = "samlp"
Expand Down Expand Up @@ -629,6 +637,7 @@ Optional:
- `configuration` (Map of String, Sensitive) A case-sensitive map of key value pairs used as configuration variables for the `custom_script`.
- `custom_scripts` (Map of String) A map of scripts used to integrate with a custom database.
- `debug` (Boolean) When enabled, additional debug information will be generated.
- `decryption_key` (Block List, Max: 1) The key used to decrypt encrypted responses from the connection. Uses the `key` and `cert` properties to provide the private key and certificate respectively. (see [below for nested schema](#nestedblock--options--decryption_key))
- `digest_algorithm` (String) Sign Request Algorithm Digest.
- `disable_cache` (Boolean) Indicates whether to disable the cache or not.
- `disable_self_service_change_password` (Boolean) Indicates whether to remove the forgot password link within the New Universal Login.
Expand Down Expand Up @@ -703,6 +712,15 @@ Optional:
- `waad_common_endpoint` (Boolean) Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- `waad_protocol` (String) Protocol to use.

<a id="nestedblock--options--decryption_key"></a>
### Nested Schema for `options.decryption_key`

Required:

- `cert` (String)
- `key` (String)


<a id="nestedblock--options--gateway_authentication"></a>
### Nested Schema for `options.gateway_authentication`

Expand Down
12 changes: 10 additions & 2 deletions examples/resources/auth0_connection/resource_with_saml.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,25 @@ resource "auth0_connection" "samlp" {
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
EOF
metadata_url = "https://saml.provider/imi/ns/FederationMetadata.xml" # Use either metadata_url or metadata_xml but not simultanteously
EOF
metadata_url = "https://saml.provider/imi/ns/FederationMetadata.xml" # Use either metadata_url or metadata_xml, but not both.

fields_map = jsonencode({
"name" : ["name", "nameidentifier"]
"email" : ["emailaddress", "nameidentifier"]
"family_name" : "surname"
})

signing_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}

decryption_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}

idp_initiated {
client_id = "client_id"
client_protocol = "samlp"
Expand Down
7 changes: 7 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
Expand Down Expand Up @@ -112,6 +113,7 @@ github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
Expand All @@ -120,6 +122,7 @@ github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
Expand All @@ -136,6 +139,7 @@ github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2c
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
Expand All @@ -156,6 +160,7 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
Expand Down Expand Up @@ -183,6 +188,7 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0=
github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=
github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
Expand Down Expand Up @@ -242,6 +248,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/dnaeon/go-vcr.v3 v3.1.2 h1:F1smfXBqQqwpVifDfUBQG6zzaGjzT+EnVZakrOdr5wA=
gopkg.in/dnaeon/go-vcr.v3 v3.1.2/go.mod h1:2IMOnnlx9I6u9x+YBsM3tAMx6AlOxnJ0pWxQAzZ79Ag=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
Expand Down
9 changes: 9 additions & 0 deletions internal/auth0/connection/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -701,6 +701,15 @@ func expandConnectionOptionsSAML(config cty.Value) (*management.ConnectionOption
return stop
})

config.GetAttr("decryption_key").ForEachElement(func(_ cty.Value, key cty.Value) (stop bool) {
options.DecryptionKey = &management.ConnectionOptionsSAMLDecryptionKey{
Cert: value.String(key.GetAttr("cert")),
Key: value.String(key.GetAttr("key")),
}

return stop
})

var err error

options.FieldsMap, err = value.MapFromJSON(config.GetAttr("fields_map"))
Expand Down
13 changes: 11 additions & 2 deletions internal/auth0/connection/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -643,8 +643,17 @@ func flattenConnectionOptionsSAML(
if options.SigningKey != nil {
m["signing_key"] = []interface{}{
map[string]interface{}{
"key": options.SigningKey.GetKey(),
"cert": options.SigningKey.GetCert(),
"key": options.GetSigningKey().GetKey(),
"cert": options.GetSigningKey().GetCert(),
},
}
}

if options.DecryptionKey != nil {
m["decryption_key"] = []interface{}{
map[string]interface{}{
"key": options.GetDecryptionKey().GetKey(),
"cert": options.GetDecryptionKey().GetCert(),
},
}
}
Expand Down
79 changes: 52 additions & 27 deletions internal/auth0/connection/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1712,6 +1712,9 @@ func TestAccConnectionSAML(t *testing.T) {
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.signing_key.#", "1"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.signing_key.0.cert", "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.signing_key.0.key", "-----BEGIN PRIVATE KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.#", "1"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.0.key", "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.0.cert", "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.set_user_root_attributes", "on_each_login"),
),
Expand All @@ -1733,6 +1736,9 @@ func TestAccConnectionSAML(t *testing.T) {
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.signing_key.#", "0"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.upstream_params", ""),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.set_user_root_attributes", "on_first_login"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.#", "1"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.0.key", "-----BEGIN PRIVATE KEY-----\n...{your updated private key here}...\n-----END PRIVATE KEY-----"),
resource.TestCheckResourceAttr("auth0_connection.my_connection", "options.0.decryption_key.0.cert", "-----BEGIN CERTIFICATE-----\n...{your updated public key cert here}...\n-----END CERTIFICATE-----"),
),
},
},
Expand All @@ -1741,40 +1747,51 @@ func TestAccConnectionSAML(t *testing.T) {

const testConnectionSAMLConfigCreate = `
resource "auth0_connection" "my_connection" {
name = "Acceptance-Test-SAML-{{.testName}}"
display_name = "Acceptance-Test-SAML-{{.testName}}"
strategy = "samlp"
name = "Acceptance-Test-SAML-{{.testName}}"
display_name = "Acceptance-Test-SAML-{{.testName}}"
strategy = "samlp"
show_as_button = false
options {
signing_key {
key = "-----BEGIN PRIVATE KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"
cert = "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"
}
disable_sign_out = false
user_id_attribute = "https://saml.provider/imi/ns/identity-200810"
tenant_domain = "example.com"
domain_aliases = ["example.com", "example.coz"]
protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
request_template = "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n@@AssertServiceURLAndDestination@@\n ID=\"@@ID@@\"\n IssueInstant=\"@@IssueInstant@@\"\n ProtocolBinding=\"@@ProtocolBinding@@\" Version=\"2.0\">\n <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@@Issuer@@</saml:Issuer>\n</samlp:AuthnRequest>"
signature_algorithm = "rsa-sha256"
digest_algorithm = "sha256"
icon_url = "https://example.com/logo.svg"
decryption_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"
}
disable_sign_out = false
user_id_attribute = "https://saml.provider/imi/ns/identity-200810"
tenant_domain = "example.com"
domain_aliases = ["example.com", "example.coz"]
protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
request_template = "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n@@AssertServiceURLAndDestination@@\n ID=\"@@ID@@\"\n IssueInstant=\"@@IssueInstant@@\"\n ProtocolBinding=\"@@ProtocolBinding@@\" Version=\"2.0\">\n <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@@Issuer@@</saml:Issuer>\n</samlp:AuthnRequest>"
signature_algorithm = "rsa-sha256"
digest_algorithm = "sha256"
icon_url = "https://example.com/logo.svg"
set_user_root_attributes = "on_each_login"
fields_map = jsonencode({
"name": ["name", "nameidentifier"]
"email": ["emailaddress", "nameidentifier"]
"family_name": "surname"
})
upstream_params = jsonencode({
"screen_name": {
"alias": "login_hint"
}
})
idp_initiated {
client_id = "client_id"
client_protocol = "samlp"
client_id = "client_id"
client_protocol = "samlp"
client_authorize_query = "type=code&timeout=30"
}
metadata_xml = <<EOF
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://example.com">
Expand Down Expand Up @@ -1818,30 +1835,38 @@ resource "auth0_connection" "my_connection" {

const testConnectionSAMLConfigUpdate = `
resource "auth0_connection" "my_connection" {
name = "Acceptance-Test-SAML-{{.testName}}"
display_name = "Acceptance-Test-SAML-{{.testName}}"
strategy = "samlp"
name = "Acceptance-Test-SAML-{{.testName}}"
display_name = "Acceptance-Test-SAML-{{.testName}}"
strategy = "samlp"
show_as_button = true
options {
disable_sign_out = true
tenant_domain = "example.com"
domain_aliases = ["example.com", "example.coz"]
protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
signature_algorithm = "rsa-sha256"
digest_algorithm = "sha256"
entity_id = "example"
disable_sign_out = true
tenant_domain = "example.com"
domain_aliases = ["example.com", "example.coz"]
protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
signature_algorithm = "rsa-sha256"
digest_algorithm = "sha256"
entity_id = "example"
set_user_root_attributes = "on_first_login"
metadata_url = "https://raw.githubusercontent.com/auth0/terraform-provider-auth0/132b28c30dfafbe018db0efe3ce2c98c452d4f9c/test/data/saml_metadata.xml" # dictates 'sign_in_endpoint' and 'sign_in_endpoint'
fields_map = jsonencode({
"name": ["name"]
"email": ["emailaddress", "nameidentifier"]
"family_name": "appelido"
})
idp_initiated {
client_id = "client_id"
client_protocol = "samlp"
client_id = "client_id"
client_protocol = "samlp"
client_authorize_query = "type=code&timeout=60"
}
metadata_url = "https://raw.githubusercontent.com/auth0/terraform-provider-auth0/132b28c30dfafbe018db0efe3ce2c98c452d4f9c/test/data/saml_metadata.xml" # dictates 'sign_in_endpoint' and 'sign_in_endpoint'
decryption_key {
key = "-----BEGIN PRIVATE KEY-----\n...{your updated private key here}...\n-----END PRIVATE KEY-----"
cert = "-----BEGIN CERTIFICATE-----\n...{your updated public key cert here}...\n-----END CERTIFICATE-----"
}
}
}
`
Expand Down
19 changes: 19 additions & 0 deletions internal/auth0/connection/schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -633,6 +633,25 @@ var resourceSchema = map[string]*schema.Schema{
},
},
},
"decryption_key": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Description: "The key used to decrypt encrypted responses from the connection. " +
"Uses the `key` and `cert` properties to provide the private key and certificate respectively.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"key": {
Type: schema.TypeString,
Required: true,
},
"cert": {
Type: schema.TypeString,
Required: true,
},
},
},
},
"protocol_binding": {
Type: schema.TypeString,
Optional: true,
Expand Down
Loading