authentik 2025.2.0, Mar 24 25

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

authentik.SourceSaml

Explore with Pulumi AI

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as authentik from "@pulumi/authentik";

const default_source_pre_authentication = authentik.getFlow({
    slug: "default-source-pre-authentication",
});
const default_source_authentication = authentik.getFlow({
    slug: "default-source-authentication",
});
const default_source_enrollment = authentik.getFlow({
    slug: "default-source-enrollment",
});
const name = new authentik.SourceSaml("name", {
    slug: "test-source",
    authenticationFlow: default_source_authentication.then(default_source_authentication => default_source_authentication.id),
    enrollmentFlow: default_source_enrollment.then(default_source_enrollment => default_source_enrollment.id),
    preAuthenticationFlow: default_source_pre_authentication.then(default_source_pre_authentication => default_source_pre_authentication.id),
    ssoUrl: "http://localhost",
});

import pulumi
import pulumi_authentik as authentik

default_source_pre_authentication = authentik.get_flow(slug="default-source-pre-authentication")
default_source_authentication = authentik.get_flow(slug="default-source-authentication")
default_source_enrollment = authentik.get_flow(slug="default-source-enrollment")
name = authentik.SourceSaml("name",
    slug="test-source",
    authentication_flow=default_source_authentication.id,
    enrollment_flow=default_source_enrollment.id,
    pre_authentication_flow=default_source_pre_authentication.id,
    sso_url="http://localhost")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/authentik/v2025/authentik"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		default_source_pre_authentication, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-source-pre-authentication"),
		}, nil)
		if err != nil {
			return err
		}
		default_source_authentication, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-source-authentication"),
		}, nil)
		if err != nil {
			return err
		}
		default_source_enrollment, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-source-enrollment"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = authentik.NewSourceSaml(ctx, "name", &authentik.SourceSamlArgs{
			Slug:                  pulumi.String("test-source"),
			AuthenticationFlow:    pulumi.String(default_source_authentication.Id),
			EnrollmentFlow:        pulumi.String(default_source_enrollment.Id),
			PreAuthenticationFlow: pulumi.String(default_source_pre_authentication.Id),
			SsoUrl:                pulumi.String("http://localhost"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Authentik = Pulumi.Authentik;

return await Deployment.RunAsync(() => 
{
    var default_source_pre_authentication = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-source-pre-authentication",
    });

    var default_source_authentication = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-source-authentication",
    });

    var default_source_enrollment = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-source-enrollment",
    });

    var name = new Authentik.SourceSaml("name", new()
    {
        Slug = "test-source",
        AuthenticationFlow = default_source_authentication.Apply(default_source_authentication => default_source_authentication.Apply(getFlowResult => getFlowResult.Id)),
        EnrollmentFlow = default_source_enrollment.Apply(default_source_enrollment => default_source_enrollment.Apply(getFlowResult => getFlowResult.Id)),
        PreAuthenticationFlow = default_source_pre_authentication.Apply(default_source_pre_authentication => default_source_pre_authentication.Apply(getFlowResult => getFlowResult.Id)),
        SsoUrl = "http://localhost",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.authentik.AuthentikFunctions;
import com.pulumi.authentik.inputs.GetFlowArgs;
import com.pulumi.authentik.SourceSaml;
import com.pulumi.authentik.SourceSamlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var default-source-pre-authentication = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-source-pre-authentication")
            .build());

        final var default-source-authentication = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-source-authentication")
            .build());

        final var default-source-enrollment = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-source-enrollment")
            .build());

        var name = new SourceSaml("name", SourceSamlArgs.builder()
            .slug("test-source")
            .authenticationFlow(default_source_authentication.id())
            .enrollmentFlow(default_source_enrollment.id())
            .preAuthenticationFlow(default_source_pre_authentication.id())
            .ssoUrl("http://localhost")
            .build());

    }
}

resources:
  name:
    type: authentik:SourceSaml
    properties:
      slug: test-source
      authenticationFlow: ${["default-source-authentication"].id}
      enrollmentFlow: ${["default-source-enrollment"].id}
      preAuthenticationFlow: ${["default-source-pre-authentication"].id}
      ssoUrl: http://localhost
variables:
  default-source-pre-authentication:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-source-pre-authentication
  default-source-authentication:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-source-authentication
  default-source-enrollment:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-source-enrollment

Create SourceSaml Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SourceSaml(name: string, args: SourceSamlArgs, opts?: CustomResourceOptions);

@overload
def SourceSaml(resource_name: str,
               args: SourceSamlArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def SourceSaml(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               sso_url: Optional[str] = None,
               pre_authentication_flow: Optional[str] = None,
               slug: Optional[str] = None,
               enrollment_flow: Optional[str] = None,
               digest_algorithm: Optional[str] = None,
               encryption_kp: Optional[str] = None,
               authentication_flow: Optional[str] = None,
               group_matching_mode: Optional[str] = None,
               issuer: Optional[str] = None,
               name: Optional[str] = None,
               verification_kp: Optional[str] = None,
               user_path_template: Optional[str] = None,
               signing_kp: Optional[str] = None,
               signature_algorithm: Optional[str] = None,
               enabled: Optional[bool] = None,
               slo_url: Optional[str] = None,
               binding_type: Optional[str] = None,
               source_saml_id: Optional[str] = None,
               allow_idp_initiated: Optional[bool] = None,
               temporary_user_delete_after: Optional[str] = None,
               user_matching_mode: Optional[str] = None,
               policy_engine_mode: Optional[str] = None,
               uuid: Optional[str] = None,
               name_id_policy: Optional[str] = None)

func NewSourceSaml(ctx *Context, name string, args SourceSamlArgs, opts ...ResourceOption) (*SourceSaml, error)

public SourceSaml(string name, SourceSamlArgs args, CustomResourceOptions? opts = null)

public SourceSaml(String name, SourceSamlArgs args)
public SourceSaml(String name, SourceSamlArgs args, CustomResourceOptions options)

type: authentik:SourceSaml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SourceSamlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SourceSamlArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SourceSamlArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SourceSamlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SourceSamlArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var sourceSamlResource = new Authentik.SourceSaml("sourceSamlResource", new()
{
    SsoUrl = "string",
    PreAuthenticationFlow = "string",
    Slug = "string",
    EnrollmentFlow = "string",
    DigestAlgorithm = "string",
    EncryptionKp = "string",
    AuthenticationFlow = "string",
    GroupMatchingMode = "string",
    Issuer = "string",
    Name = "string",
    VerificationKp = "string",
    UserPathTemplate = "string",
    SigningKp = "string",
    SignatureAlgorithm = "string",
    Enabled = false,
    SloUrl = "string",
    BindingType = "string",
    SourceSamlId = "string",
    AllowIdpInitiated = false,
    TemporaryUserDeleteAfter = "string",
    UserMatchingMode = "string",
    PolicyEngineMode = "string",
    Uuid = "string",
    NameIdPolicy = "string",
});

example, err := authentik.NewSourceSaml(ctx, "sourceSamlResource", &authentik.SourceSamlArgs{
	SsoUrl:                   pulumi.String("string"),
	PreAuthenticationFlow:    pulumi.String("string"),
	Slug:                     pulumi.String("string"),
	EnrollmentFlow:           pulumi.String("string"),
	DigestAlgorithm:          pulumi.String("string"),
	EncryptionKp:             pulumi.String("string"),
	AuthenticationFlow:       pulumi.String("string"),
	GroupMatchingMode:        pulumi.String("string"),
	Issuer:                   pulumi.String("string"),
	Name:                     pulumi.String("string"),
	VerificationKp:           pulumi.String("string"),
	UserPathTemplate:         pulumi.String("string"),
	SigningKp:                pulumi.String("string"),
	SignatureAlgorithm:       pulumi.String("string"),
	Enabled:                  pulumi.Bool(false),
	SloUrl:                   pulumi.String("string"),
	BindingType:              pulumi.String("string"),
	SourceSamlId:             pulumi.String("string"),
	AllowIdpInitiated:        pulumi.Bool(false),
	TemporaryUserDeleteAfter: pulumi.String("string"),
	UserMatchingMode:         pulumi.String("string"),
	PolicyEngineMode:         pulumi.String("string"),
	Uuid:                     pulumi.String("string"),
	NameIdPolicy:             pulumi.String("string"),
})

var sourceSamlResource = new SourceSaml("sourceSamlResource", SourceSamlArgs.builder()
    .ssoUrl("string")
    .preAuthenticationFlow("string")
    .slug("string")
    .enrollmentFlow("string")
    .digestAlgorithm("string")
    .encryptionKp("string")
    .authenticationFlow("string")
    .groupMatchingMode("string")
    .issuer("string")
    .name("string")
    .verificationKp("string")
    .userPathTemplate("string")
    .signingKp("string")
    .signatureAlgorithm("string")
    .enabled(false)
    .sloUrl("string")
    .bindingType("string")
    .sourceSamlId("string")
    .allowIdpInitiated(false)
    .temporaryUserDeleteAfter("string")
    .userMatchingMode("string")
    .policyEngineMode("string")
    .uuid("string")
    .nameIdPolicy("string")
    .build());

source_saml_resource = authentik.SourceSaml("sourceSamlResource",
    sso_url="string",
    pre_authentication_flow="string",
    slug="string",
    enrollment_flow="string",
    digest_algorithm="string",
    encryption_kp="string",
    authentication_flow="string",
    group_matching_mode="string",
    issuer="string",
    name="string",
    verification_kp="string",
    user_path_template="string",
    signing_kp="string",
    signature_algorithm="string",
    enabled=False,
    slo_url="string",
    binding_type="string",
    source_saml_id="string",
    allow_idp_initiated=False,
    temporary_user_delete_after="string",
    user_matching_mode="string",
    policy_engine_mode="string",
    uuid="string",
    name_id_policy="string")

const sourceSamlResource = new authentik.SourceSaml("sourceSamlResource", {
    ssoUrl: "string",
    preAuthenticationFlow: "string",
    slug: "string",
    enrollmentFlow: "string",
    digestAlgorithm: "string",
    encryptionKp: "string",
    authenticationFlow: "string",
    groupMatchingMode: "string",
    issuer: "string",
    name: "string",
    verificationKp: "string",
    userPathTemplate: "string",
    signingKp: "string",
    signatureAlgorithm: "string",
    enabled: false,
    sloUrl: "string",
    bindingType: "string",
    sourceSamlId: "string",
    allowIdpInitiated: false,
    temporaryUserDeleteAfter: "string",
    userMatchingMode: "string",
    policyEngineMode: "string",
    uuid: "string",
    nameIdPolicy: "string",
});

type: authentik:SourceSaml
properties:
    allowIdpInitiated: false
    authenticationFlow: string
    bindingType: string
    digestAlgorithm: string
    enabled: false
    encryptionKp: string
    enrollmentFlow: string
    groupMatchingMode: string
    issuer: string
    name: string
    nameIdPolicy: string
    policyEngineMode: string
    preAuthenticationFlow: string
    signatureAlgorithm: string
    signingKp: string
    sloUrl: string
    slug: string
    sourceSamlId: string
    ssoUrl: string
    temporaryUserDeleteAfter: string
    userMatchingMode: string
    userPathTemplate: string
    uuid: string
    verificationKp: string

SourceSaml Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SourceSaml resource accepts the following input properties:

PreAuthenticationFlow string
Slug string
SsoUrl string
AllowIdpInitiated bool: Defaults to false.
AuthenticationFlow string
BindingType string: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
DigestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
Enabled bool: Defaults to true.
EncryptionKp string
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Issuer string
Name string
NameIdPolicy string: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
SignatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SloUrl string
SourceSamlId string
TemporaryUserDeleteAfter string: Defaults to days=1.
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.
VerificationKp string

PreAuthenticationFlow string
Slug string
SsoUrl string
AllowIdpInitiated bool: Defaults to false.
AuthenticationFlow string
BindingType string: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
DigestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
Enabled bool: Defaults to true.
EncryptionKp string
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Issuer string
Name string
NameIdPolicy string: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
SignatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SloUrl string
SourceSamlId string
TemporaryUserDeleteAfter string: Defaults to days=1.
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.
VerificationKp string

preAuthenticationFlow String
slug String
ssoUrl String
allowIdpInitiated Boolean: Defaults to false.
authenticationFlow String
bindingType String: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
digestAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
enabled Boolean: Defaults to true.
encryptionKp String
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
issuer String
name String
nameIdPolicy String: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
policyEngineMode String: Allowed values: - all - any Defaults to any.
signatureAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
sloUrl String
sourceSamlId String
temporaryUserDeleteAfter String: Defaults to days=1.
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.
verificationKp String

preAuthenticationFlow string
slug string
ssoUrl string
allowIdpInitiated boolean: Defaults to false.
authenticationFlow string
bindingType string: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
digestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
enabled boolean: Defaults to true.
encryptionKp string
enrollmentFlow string
groupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
issuer string
name string
nameIdPolicy string: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
policyEngineMode string: Allowed values: - all - any Defaults to any.
signatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp string
sloUrl string
sourceSamlId string
temporaryUserDeleteAfter string: Defaults to days=1.
userMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
uuid string: Generated.
verificationKp string

pre_authentication_flow str
slug str
sso_url str
allow_idp_initiated bool: Defaults to false.
authentication_flow str
binding_type str: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
digest_algorithm str: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
enabled bool: Defaults to true.
encryption_kp str
enrollment_flow str
group_matching_mode str: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
issuer str
name str
name_id_policy str: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
policy_engine_mode str: Allowed values: - all - any Defaults to any.
signature_algorithm str: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signing_kp str
slo_url str
source_saml_id str
temporary_user_delete_after str: Defaults to days=1.
user_matching_mode str: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
user_path_template str: Defaults to goauthentik.io/sources/%(slug)s.
uuid str: Generated.
verification_kp str

preAuthenticationFlow String
slug String
ssoUrl String
allowIdpInitiated Boolean: Defaults to false.
authenticationFlow String
bindingType String: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
digestAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
enabled Boolean: Defaults to true.
encryptionKp String
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
issuer String
name String
nameIdPolicy String: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
policyEngineMode String: Allowed values: - all - any Defaults to any.
signatureAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
sloUrl String
sourceSamlId String
temporaryUserDeleteAfter String: Defaults to days=1.
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.
verificationKp String

Outputs

All input properties are implicitly available as output properties. Additionally, the SourceSaml resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Metadata string: SAML Metadata Generated.

Id string: The provider-assigned unique ID for this managed resource.
Metadata string: SAML Metadata Generated.

id String: The provider-assigned unique ID for this managed resource.
metadata String: SAML Metadata Generated.

id string: The provider-assigned unique ID for this managed resource.
metadata string: SAML Metadata Generated.

id str: The provider-assigned unique ID for this managed resource.
metadata str: SAML Metadata Generated.

id String: The provider-assigned unique ID for this managed resource.
metadata String: SAML Metadata Generated.

Look up Existing SourceSaml Resource

Get an existing SourceSaml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SourceSamlState, opts?: CustomResourceOptions): SourceSaml

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_idp_initiated: Optional[bool] = None,
        authentication_flow: Optional[str] = None,
        binding_type: Optional[str] = None,
        digest_algorithm: Optional[str] = None,
        enabled: Optional[bool] = None,
        encryption_kp: Optional[str] = None,
        enrollment_flow: Optional[str] = None,
        group_matching_mode: Optional[str] = None,
        issuer: Optional[str] = None,
        metadata: Optional[str] = None,
        name: Optional[str] = None,
        name_id_policy: Optional[str] = None,
        policy_engine_mode: Optional[str] = None,
        pre_authentication_flow: Optional[str] = None,
        signature_algorithm: Optional[str] = None,
        signing_kp: Optional[str] = None,
        slo_url: Optional[str] = None,
        slug: Optional[str] = None,
        source_saml_id: Optional[str] = None,
        sso_url: Optional[str] = None,
        temporary_user_delete_after: Optional[str] = None,
        user_matching_mode: Optional[str] = None,
        user_path_template: Optional[str] = None,
        uuid: Optional[str] = None,
        verification_kp: Optional[str] = None) -> SourceSaml

func GetSourceSaml(ctx *Context, name string, id IDInput, state *SourceSamlState, opts ...ResourceOption) (*SourceSaml, error)

public static SourceSaml Get(string name, Input<string> id, SourceSamlState? state, CustomResourceOptions? opts = null)

public static SourceSaml get(String name, Output<String> id, SourceSamlState state, CustomResourceOptions options)

resources:  _:    type: authentik:SourceSaml    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowIdpInitiated bool: Defaults to false.
AuthenticationFlow string
BindingType string: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
DigestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
Enabled bool: Defaults to true.
EncryptionKp string
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Issuer string
Metadata string: SAML Metadata Generated.
Name string
NameIdPolicy string: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
PreAuthenticationFlow string
SignatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SloUrl string
Slug string
SourceSamlId string
SsoUrl string
TemporaryUserDeleteAfter string: Defaults to days=1.
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.
VerificationKp string

AllowIdpInitiated bool: Defaults to false.
AuthenticationFlow string
BindingType string: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
DigestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
Enabled bool: Defaults to true.
EncryptionKp string
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Issuer string
Metadata string: SAML Metadata Generated.
Name string
NameIdPolicy string: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
PreAuthenticationFlow string
SignatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SigningKp string
SloUrl string
Slug string
SourceSamlId string
SsoUrl string
TemporaryUserDeleteAfter string: Defaults to days=1.
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.
VerificationKp string

allowIdpInitiated Boolean: Defaults to false.
authenticationFlow String
bindingType String: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
digestAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
enabled Boolean: Defaults to true.
encryptionKp String
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
issuer String
metadata String: SAML Metadata Generated.
name String
nameIdPolicy String: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
policyEngineMode String: Allowed values: - all - any Defaults to any.
preAuthenticationFlow String
signatureAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
sloUrl String
slug String
sourceSamlId String
ssoUrl String
temporaryUserDeleteAfter String: Defaults to days=1.
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.
verificationKp String

allowIdpInitiated boolean: Defaults to false.
authenticationFlow string
bindingType string: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
digestAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
enabled boolean: Defaults to true.
encryptionKp string
enrollmentFlow string
groupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
issuer string
metadata string: SAML Metadata Generated.
name string
nameIdPolicy string: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
policyEngineMode string: Allowed values: - all - any Defaults to any.
preAuthenticationFlow string
signatureAlgorithm string: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp string
sloUrl string
slug string
sourceSamlId string
ssoUrl string
temporaryUserDeleteAfter string: Defaults to days=1.
userMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
uuid string: Generated.
verificationKp string

allow_idp_initiated bool: Defaults to false.
authentication_flow str
binding_type str: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
digest_algorithm str: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
enabled bool: Defaults to true.
encryption_kp str
enrollment_flow str
group_matching_mode str: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
issuer str
metadata str: SAML Metadata Generated.
name str
name_id_policy str: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
policy_engine_mode str: Allowed values: - all - any Defaults to any.
pre_authentication_flow str
signature_algorithm str: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signing_kp str
slo_url str
slug str
source_saml_id str
sso_url str
temporary_user_delete_after str: Defaults to days=1.
user_matching_mode str: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
user_path_template str: Defaults to goauthentik.io/sources/%(slug)s.
uuid str: Generated.
verification_kp str

allowIdpInitiated Boolean: Defaults to false.
authenticationFlow String
bindingType String: Allowed values: - REDIRECT - POST - POST_AUTO Defaults to REDIRECT.
digestAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#sha1 - http://www.w3.org/2001/04/xmlenc#sha256 - http://www.w3.org/2001/04/xmldsig-more#sha384 - http://www.w3.org/2001/04/xmlenc#sha512 Defaults to http://www.w3.org/2001/04/xmlenc#sha256.
enabled Boolean: Defaults to true.
encryptionKp String
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
issuer String
metadata String: SAML Metadata Generated.
name String
nameIdPolicy String: Allowed values: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:transient Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
policyEngineMode String: Allowed values: - all - any Defaults to any.
preAuthenticationFlow String
signatureAlgorithm String: Allowed values: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 - http://www.w3.org/2000/09/xmldsig#dsa-sha1 Defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
signingKp String
sloUrl String
slug String
sourceSamlId String
ssoUrl String
temporaryUserDeleteAfter String: Defaults to days=1.
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.
verificationKp String

Package Details

Repository: authentik goauthentik/terraform-provider-authentik
License
Notes: This Pulumi package is based on the authentik Terraform Provider.

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

authentik.SourceSaml

On this page

On this page

Example Usage

Create SourceSaml Resource

Constructor syntax

Parameters

Constructor example

SourceSaml Resource Properties

Inputs

Outputs

Look up Existing SourceSaml Resource

Package Details

On this page

On this page