Docs Home
konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong
konnect.GatewayPluginSaml
Explore with Pulumi AI
GatewayPluginSaml Resource
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.konnect.GatewayPluginSaml;
import com.pulumi.konnect.GatewayPluginSamlArgs;
import com.pulumi.konnect.inputs.GatewayPluginSamlConfigArgs;
import com.pulumi.konnect.inputs.GatewayPluginSamlConfigRedisArgs;
import com.pulumi.konnect.inputs.GatewayPluginSamlOrderingArgs;
import com.pulumi.konnect.inputs.GatewayPluginSamlOrderingAfterArgs;
import com.pulumi.konnect.inputs.GatewayPluginSamlOrderingBeforeArgs;
import com.pulumi.konnect.inputs.GatewayPluginSamlRouteArgs;
import com.pulumi.konnect.inputs.GatewayPluginSamlServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myGatewaypluginsaml = new GatewayPluginSaml("myGatewaypluginsaml", GatewayPluginSamlArgs.builder()
.config(GatewayPluginSamlConfigArgs.builder()
.anonymous("...my_anonymous...")
.assertion_consumer_path("...my_assertion_consumer_path...")
.idp_certificate("...my_idp_certificate...")
.idp_sso_url("...my_idp_sso_url...")
.issuer("...my_issuer...")
.nameid_format("EmailAddress")
.redis(GatewayPluginSamlConfigRedisArgs.builder()
.clusterMaxRedirections(0)
.clusterNodes(GatewayPluginSamlConfigRedisClusterNodeArgs.builder()
.ip("...my_ip...")
.port(21415)
.build())
.connectTimeout(1914874679)
.connectionIsProxied(true)
.database(7)
.host("...my_host...")
.keepaliveBacklog(2023529059)
.keepalivePoolSize(1633101853)
.password("...my_password...")
.port(6907)
.prefix("...my_prefix...")
.readTimeout(1468960257)
.sendTimeout(1619402496)
.sentinelMaster("...my_sentinel_master...")
.sentinelNodes(GatewayPluginSamlConfigRedisSentinelNodeArgs.builder()
.host("...my_host...")
.port(44971)
.build())
.sentinelPassword("...my_sentinel_password...")
.sentinelRole("any")
.sentinelUsername("...my_sentinel_username...")
.serverName("...my_server_name...")
.socket("...my_socket...")
.ssl(true)
.sslVerify(false)
.username("...my_username...")
.build())
.request_digest_algorithm("SHA256")
.request_signature_algorithm("SHA384")
.request_signing_certificate("...my_request_signing_certificate...")
.request_signing_key("...my_request_signing_key...")
.response_digest_algorithm("SHA256")
.response_encryption_key("...my_response_encryption_key...")
.response_signature_algorithm("SHA384")
.session_absolute_timeout(8.17)
.session_audience("...my_session_audience...")
.session_cookie_domain("...my_session_cookie_domain...")
.session_cookie_http_only(true)
.session_cookie_name("...my_session_cookie_name...")
.session_cookie_path("...my_session_cookie_path...")
.session_cookie_same_site("None")
.session_cookie_secure(true)
.session_enforce_same_subject(true)
.session_hash_storage_key(false)
.session_hash_subject(false)
.session_idling_timeout(3.44)
.session_memcached_host("...my_session_memcached_host...")
.session_memcached_port(59429)
.session_memcached_prefix("...my_session_memcached_prefix...")
.session_memcached_socket("...my_session_memcached_socket...")
.session_remember(false)
.session_remember_absolute_timeout(4.84)
.session_remember_cookie_name("...my_session_remember_cookie_name...")
.session_remember_rolling_timeout(7.93)
.session_request_headers("absolute-timeout")
.session_response_headers("absolute-timeout")
.session_rolling_timeout(5.35)
.session_secret("...my_session_secret...")
.session_storage("cookie")
.session_store_metadata(false)
.validate_assertion_signature(true)
.build())
.controlPlaneId("9524ec7d-36d9-465d-a8c5-83a3c9390458")
.enabled(true)
.gatewayPluginSamlId("...my_id...")
.instanceName("...my_instance_name...")
.ordering(GatewayPluginSamlOrderingArgs.builder()
.after(GatewayPluginSamlOrderingAfterArgs.builder()
.access("...")
.build())
.before(GatewayPluginSamlOrderingBeforeArgs.builder()
.access("...")
.build())
.build())
.protocols("grpc")
.route(GatewayPluginSamlRouteArgs.builder()
.id("...my_id...")
.build())
.service(GatewayPluginSamlServiceArgs.builder()
.id("...my_id...")
.build())
.tags("...")
.build());
}
}
resources:
myGatewaypluginsaml:
type: konnect:GatewayPluginSaml
properties:
config:
anonymous: '...my_anonymous...'
assertion_consumer_path: '...my_assertion_consumer_path...'
idp_certificate: '...my_idp_certificate...'
idp_sso_url: '...my_idp_sso_url...'
issuer: '...my_issuer...'
nameid_format: EmailAddress
redis:
clusterMaxRedirections: 0
clusterNodes:
- ip: '...my_ip...'
port: 21415
connectTimeout: 1.914874679e+09
connectionIsProxied: true
database: 7
host: '...my_host...'
keepaliveBacklog: 2.023529059e+09
keepalivePoolSize: 1.633101853e+09
password: '...my_password...'
port: 6907
prefix: '...my_prefix...'
readTimeout: 1.468960257e+09
sendTimeout: 1.619402496e+09
sentinelMaster: '...my_sentinel_master...'
sentinelNodes:
- host: '...my_host...'
port: 44971
sentinelPassword: '...my_sentinel_password...'
sentinelRole: any
sentinelUsername: '...my_sentinel_username...'
serverName: '...my_server_name...'
socket: '...my_socket...'
ssl: true
sslVerify: false
username: '...my_username...'
request_digest_algorithm: SHA256
request_signature_algorithm: SHA384
request_signing_certificate: '...my_request_signing_certificate...'
request_signing_key: '...my_request_signing_key...'
response_digest_algorithm: SHA256
response_encryption_key: '...my_response_encryption_key...'
response_signature_algorithm: SHA384
session_absolute_timeout: 8.17
session_audience: '...my_session_audience...'
session_cookie_domain: '...my_session_cookie_domain...'
session_cookie_http_only: true
session_cookie_name: '...my_session_cookie_name...'
session_cookie_path: '...my_session_cookie_path...'
session_cookie_same_site: None
session_cookie_secure: true
session_enforce_same_subject: true
session_hash_storage_key: false
session_hash_subject: false
session_idling_timeout: 3.44
session_memcached_host: '...my_session_memcached_host...'
session_memcached_port: 59429
session_memcached_prefix: '...my_session_memcached_prefix...'
session_memcached_socket: '...my_session_memcached_socket...'
session_remember: false
session_remember_absolute_timeout: 4.84
session_remember_cookie_name: '...my_session_remember_cookie_name...'
session_remember_rolling_timeout: 7.93
session_request_headers:
- absolute-timeout
session_response_headers:
- absolute-timeout
session_rolling_timeout: 5.35
session_secret: '...my_session_secret...'
session_storage: cookie
session_store_metadata: false
validate_assertion_signature: true
controlPlaneId: 9524ec7d-36d9-465d-a8c5-83a3c9390458
enabled: true
gatewayPluginSamlId: '...my_id...'
instanceName: '...my_instance_name...'
ordering:
after:
access:
- '...'
before:
access:
- '...'
protocols:
- grpc
route:
id: '...my_id...'
service:
id: '...my_id...'
tags:
- '...'
Create GatewayPluginSaml Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GatewayPluginSaml(name: string, args: GatewayPluginSamlArgs, opts?: CustomResourceOptions);@overload
def GatewayPluginSaml(resource_name: str,
args: GatewayPluginSamlArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GatewayPluginSaml(resource_name: str,
opts: Optional[ResourceOptions] = None,
config: Optional[GatewayPluginSamlConfigArgs] = None,
control_plane_id: Optional[str] = None,
enabled: Optional[bool] = None,
gateway_plugin_saml_id: Optional[str] = None,
instance_name: Optional[str] = None,
ordering: Optional[GatewayPluginSamlOrderingArgs] = None,
protocols: Optional[Sequence[str]] = None,
route: Optional[GatewayPluginSamlRouteArgs] = None,
service: Optional[GatewayPluginSamlServiceArgs] = None,
tags: Optional[Sequence[str]] = None)func NewGatewayPluginSaml(ctx *Context, name string, args GatewayPluginSamlArgs, opts ...ResourceOption) (*GatewayPluginSaml, error)public GatewayPluginSaml(string name, GatewayPluginSamlArgs args, CustomResourceOptions? opts = null)
public GatewayPluginSaml(String name, GatewayPluginSamlArgs args)
public GatewayPluginSaml(String name, GatewayPluginSamlArgs args, CustomResourceOptions options)
type: konnect:GatewayPluginSaml
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GatewayPluginSamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GatewayPluginSamlArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GatewayPluginSamlArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GatewayPluginSamlArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GatewayPluginSamlArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gatewayPluginSamlResource = new Konnect.GatewayPluginSaml("gatewayPluginSamlResource", new()
{
Config = new Konnect.Inputs.GatewayPluginSamlConfigArgs
{
Anonymous = "string",
AssertionConsumerPath = "string",
IdpCertificate = "string",
IdpSsoUrl = "string",
Issuer = "string",
NameidFormat = "string",
Redis = new Konnect.Inputs.GatewayPluginSamlConfigRedisArgs
{
ClusterMaxRedirections = 0,
ClusterNodes = new[]
{
new Konnect.Inputs.GatewayPluginSamlConfigRedisClusterNodeArgs
{
Ip = "string",
Port = 0,
},
},
ConnectTimeout = 0,
ConnectionIsProxied = false,
Database = 0,
Host = "string",
KeepaliveBacklog = 0,
KeepalivePoolSize = 0,
Password = "string",
Port = 0,
Prefix = "string",
ReadTimeout = 0,
SendTimeout = 0,
SentinelMaster = "string",
SentinelNodes = new[]
{
new Konnect.Inputs.GatewayPluginSamlConfigRedisSentinelNodeArgs
{
Host = "string",
Port = 0,
},
},
SentinelPassword = "string",
SentinelRole = "string",
SentinelUsername = "string",
ServerName = "string",
Socket = "string",
Ssl = false,
SslVerify = false,
Username = "string",
},
RequestDigestAlgorithm = "string",
RequestSignatureAlgorithm = "string",
RequestSigningCertificate = "string",
RequestSigningKey = "string",
ResponseDigestAlgorithm = "string",
ResponseEncryptionKey = "string",
ResponseSignatureAlgorithm = "string",
SessionAbsoluteTimeout = 0,
SessionAudience = "string",
SessionCookieDomain = "string",
SessionCookieHttpOnly = false,
SessionCookieName = "string",
SessionCookiePath = "string",
SessionCookieSameSite = "string",
SessionCookieSecure = false,
SessionEnforceSameSubject = false,
SessionHashStorageKey = false,
SessionHashSubject = false,
SessionIdlingTimeout = 0,
SessionMemcachedHost = "string",
SessionMemcachedPort = 0,
SessionMemcachedPrefix = "string",
SessionMemcachedSocket = "string",
SessionRemember = false,
SessionRememberAbsoluteTimeout = 0,
SessionRememberCookieName = "string",
SessionRememberRollingTimeout = 0,
SessionRequestHeaders = new[]
{
"string",
},
SessionResponseHeaders = new[]
{
"string",
},
SessionRollingTimeout = 0,
SessionSecret = "string",
SessionStorage = "string",
SessionStoreMetadata = false,
ValidateAssertionSignature = false,
},
ControlPlaneId = "string",
Enabled = false,
GatewayPluginSamlId = "string",
InstanceName = "string",
Ordering = new Konnect.Inputs.GatewayPluginSamlOrderingArgs
{
After = new Konnect.Inputs.GatewayPluginSamlOrderingAfterArgs
{
Accesses = new[]
{
"string",
},
},
Before = new Konnect.Inputs.GatewayPluginSamlOrderingBeforeArgs
{
Accesses = new[]
{
"string",
},
},
},
Protocols = new[]
{
"string",
},
Route = new Konnect.Inputs.GatewayPluginSamlRouteArgs
{
Id = "string",
},
Service = new Konnect.Inputs.GatewayPluginSamlServiceArgs
{
Id = "string",
},
Tags = new[]
{
"string",
},
});
example, err := konnect.NewGatewayPluginSaml(ctx, "gatewayPluginSamlResource", &konnect.GatewayPluginSamlArgs{
Config: &.GatewayPluginSamlConfigArgs{
Anonymous: pulumi.String("string"),
AssertionConsumerPath: pulumi.String("string"),
IdpCertificate: pulumi.String("string"),
IdpSsoUrl: pulumi.String("string"),
Issuer: pulumi.String("string"),
NameidFormat: pulumi.String("string"),
Redis: &.GatewayPluginSamlConfigRedisArgs{
ClusterMaxRedirections: pulumi.Float64(0),
ClusterNodes: .GatewayPluginSamlConfigRedisClusterNodeArray{
&.GatewayPluginSamlConfigRedisClusterNodeArgs{
Ip: pulumi.String("string"),
Port: pulumi.Float64(0),
},
},
ConnectTimeout: pulumi.Float64(0),
ConnectionIsProxied: pulumi.Bool(false),
Database: pulumi.Float64(0),
Host: pulumi.String("string"),
KeepaliveBacklog: pulumi.Float64(0),
KeepalivePoolSize: pulumi.Float64(0),
Password: pulumi.String("string"),
Port: pulumi.Float64(0),
Prefix: pulumi.String("string"),
ReadTimeout: pulumi.Float64(0),
SendTimeout: pulumi.Float64(0),
SentinelMaster: pulumi.String("string"),
SentinelNodes: .GatewayPluginSamlConfigRedisSentinelNodeArray{
&.GatewayPluginSamlConfigRedisSentinelNodeArgs{
Host: pulumi.String("string"),
Port: pulumi.Float64(0),
},
},
SentinelPassword: pulumi.String("string"),
SentinelRole: pulumi.String("string"),
SentinelUsername: pulumi.String("string"),
ServerName: pulumi.String("string"),
Socket: pulumi.String("string"),
Ssl: pulumi.Bool(false),
SslVerify: pulumi.Bool(false),
Username: pulumi.String("string"),
},
RequestDigestAlgorithm: pulumi.String("string"),
RequestSignatureAlgorithm: pulumi.String("string"),
RequestSigningCertificate: pulumi.String("string"),
RequestSigningKey: pulumi.String("string"),
ResponseDigestAlgorithm: pulumi.String("string"),
ResponseEncryptionKey: pulumi.String("string"),
ResponseSignatureAlgorithm: pulumi.String("string"),
SessionAbsoluteTimeout: pulumi.Float64(0),
SessionAudience: pulumi.String("string"),
SessionCookieDomain: pulumi.String("string"),
SessionCookieHttpOnly: pulumi.Bool(false),
SessionCookieName: pulumi.String("string"),
SessionCookiePath: pulumi.String("string"),
SessionCookieSameSite: pulumi.String("string"),
SessionCookieSecure: pulumi.Bool(false),
SessionEnforceSameSubject: pulumi.Bool(false),
SessionHashStorageKey: pulumi.Bool(false),
SessionHashSubject: pulumi.Bool(false),
SessionIdlingTimeout: pulumi.Float64(0),
SessionMemcachedHost: pulumi.String("string"),
SessionMemcachedPort: pulumi.Float64(0),
SessionMemcachedPrefix: pulumi.String("string"),
SessionMemcachedSocket: pulumi.String("string"),
SessionRemember: pulumi.Bool(false),
SessionRememberAbsoluteTimeout: pulumi.Float64(0),
SessionRememberCookieName: pulumi.String("string"),
SessionRememberRollingTimeout: pulumi.Float64(0),
SessionRequestHeaders: pulumi.StringArray{
pulumi.String("string"),
},
SessionResponseHeaders: pulumi.StringArray{
pulumi.String("string"),
},
SessionRollingTimeout: pulumi.Float64(0),
SessionSecret: pulumi.String("string"),
SessionStorage: pulumi.String("string"),
SessionStoreMetadata: pulumi.Bool(false),
ValidateAssertionSignature: pulumi.Bool(false),
},
ControlPlaneId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
GatewayPluginSamlId: pulumi.String("string"),
InstanceName: pulumi.String("string"),
Ordering: &.GatewayPluginSamlOrderingArgs{
After: &.GatewayPluginSamlOrderingAfterArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
Before: &.GatewayPluginSamlOrderingBeforeArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Route: &.GatewayPluginSamlRouteArgs{
Id: pulumi.String("string"),
},
Service: &.GatewayPluginSamlServiceArgs{
Id: pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})
var gatewayPluginSamlResource = new GatewayPluginSaml("gatewayPluginSamlResource", GatewayPluginSamlArgs.builder()
.config(GatewayPluginSamlConfigArgs.builder()
.anonymous("string")
.assertionConsumerPath("string")
.idpCertificate("string")
.idpSsoUrl("string")
.issuer("string")
.nameidFormat("string")
.redis(GatewayPluginSamlConfigRedisArgs.builder()
.clusterMaxRedirections(0)
.clusterNodes(GatewayPluginSamlConfigRedisClusterNodeArgs.builder()
.ip("string")
.port(0)
.build())
.connectTimeout(0)
.connectionIsProxied(false)
.database(0)
.host("string")
.keepaliveBacklog(0)
.keepalivePoolSize(0)
.password("string")
.port(0)
.prefix("string")
.readTimeout(0)
.sendTimeout(0)
.sentinelMaster("string")
.sentinelNodes(GatewayPluginSamlConfigRedisSentinelNodeArgs.builder()
.host("string")
.port(0)
.build())
.sentinelPassword("string")
.sentinelRole("string")
.sentinelUsername("string")
.serverName("string")
.socket("string")
.ssl(false)
.sslVerify(false)
.username("string")
.build())
.requestDigestAlgorithm("string")
.requestSignatureAlgorithm("string")
.requestSigningCertificate("string")
.requestSigningKey("string")
.responseDigestAlgorithm("string")
.responseEncryptionKey("string")
.responseSignatureAlgorithm("string")
.sessionAbsoluteTimeout(0)
.sessionAudience("string")
.sessionCookieDomain("string")
.sessionCookieHttpOnly(false)
.sessionCookieName("string")
.sessionCookiePath("string")
.sessionCookieSameSite("string")
.sessionCookieSecure(false)
.sessionEnforceSameSubject(false)
.sessionHashStorageKey(false)
.sessionHashSubject(false)
.sessionIdlingTimeout(0)
.sessionMemcachedHost("string")
.sessionMemcachedPort(0)
.sessionMemcachedPrefix("string")
.sessionMemcachedSocket("string")
.sessionRemember(false)
.sessionRememberAbsoluteTimeout(0)
.sessionRememberCookieName("string")
.sessionRememberRollingTimeout(0)
.sessionRequestHeaders("string")
.sessionResponseHeaders("string")
.sessionRollingTimeout(0)
.sessionSecret("string")
.sessionStorage("string")
.sessionStoreMetadata(false)
.validateAssertionSignature(false)
.build())
.controlPlaneId("string")
.enabled(false)
.gatewayPluginSamlId("string")
.instanceName("string")
.ordering(GatewayPluginSamlOrderingArgs.builder()
.after(GatewayPluginSamlOrderingAfterArgs.builder()
.accesses("string")
.build())
.before(GatewayPluginSamlOrderingBeforeArgs.builder()
.accesses("string")
.build())
.build())
.protocols("string")
.route(GatewayPluginSamlRouteArgs.builder()
.id("string")
.build())
.service(GatewayPluginSamlServiceArgs.builder()
.id("string")
.build())
.tags("string")
.build());
gateway_plugin_saml_resource = konnect.GatewayPluginSaml("gatewayPluginSamlResource",
config={
"anonymous": "string",
"assertion_consumer_path": "string",
"idp_certificate": "string",
"idp_sso_url": "string",
"issuer": "string",
"nameid_format": "string",
"redis": {
"cluster_max_redirections": 0,
"cluster_nodes": [{
"ip": "string",
"port": 0,
}],
"connect_timeout": 0,
"connection_is_proxied": False,
"database": 0,
"host": "string",
"keepalive_backlog": 0,
"keepalive_pool_size": 0,
"password": "string",
"port": 0,
"prefix": "string",
"read_timeout": 0,
"send_timeout": 0,
"sentinel_master": "string",
"sentinel_nodes": [{
"host": "string",
"port": 0,
}],
"sentinel_password": "string",
"sentinel_role": "string",
"sentinel_username": "string",
"server_name": "string",
"socket": "string",
"ssl": False,
"ssl_verify": False,
"username": "string",
},
"request_digest_algorithm": "string",
"request_signature_algorithm": "string",
"request_signing_certificate": "string",
"request_signing_key": "string",
"response_digest_algorithm": "string",
"response_encryption_key": "string",
"response_signature_algorithm": "string",
"session_absolute_timeout": 0,
"session_audience": "string",
"session_cookie_domain": "string",
"session_cookie_http_only": False,
"session_cookie_name": "string",
"session_cookie_path": "string",
"session_cookie_same_site": "string",
"session_cookie_secure": False,
"session_enforce_same_subject": False,
"session_hash_storage_key": False,
"session_hash_subject": False,
"session_idling_timeout": 0,
"session_memcached_host": "string",
"session_memcached_port": 0,
"session_memcached_prefix": "string",
"session_memcached_socket": "string",
"session_remember": False,
"session_remember_absolute_timeout": 0,
"session_remember_cookie_name": "string",
"session_remember_rolling_timeout": 0,
"session_request_headers": ["string"],
"session_response_headers": ["string"],
"session_rolling_timeout": 0,
"session_secret": "string",
"session_storage": "string",
"session_store_metadata": False,
"validate_assertion_signature": False,
},
control_plane_id="string",
enabled=False,
gateway_plugin_saml_id="string",
instance_name="string",
ordering={
"after": {
"accesses": ["string"],
},
"before": {
"accesses": ["string"],
},
},
protocols=["string"],
route={
"id": "string",
},
service={
"id": "string",
},
tags=["string"])
const gatewayPluginSamlResource = new konnect.GatewayPluginSaml("gatewayPluginSamlResource", {
config: {
anonymous: "string",
assertionConsumerPath: "string",
idpCertificate: "string",
idpSsoUrl: "string",
issuer: "string",
nameidFormat: "string",
redis: {
clusterMaxRedirections: 0,
clusterNodes: [{
ip: "string",
port: 0,
}],
connectTimeout: 0,
connectionIsProxied: false,
database: 0,
host: "string",
keepaliveBacklog: 0,
keepalivePoolSize: 0,
password: "string",
port: 0,
prefix: "string",
readTimeout: 0,
sendTimeout: 0,
sentinelMaster: "string",
sentinelNodes: [{
host: "string",
port: 0,
}],
sentinelPassword: "string",
sentinelRole: "string",
sentinelUsername: "string",
serverName: "string",
socket: "string",
ssl: false,
sslVerify: false,
username: "string",
},
requestDigestAlgorithm: "string",
requestSignatureAlgorithm: "string",
requestSigningCertificate: "string",
requestSigningKey: "string",
responseDigestAlgorithm: "string",
responseEncryptionKey: "string",
responseSignatureAlgorithm: "string",
sessionAbsoluteTimeout: 0,
sessionAudience: "string",
sessionCookieDomain: "string",
sessionCookieHttpOnly: false,
sessionCookieName: "string",
sessionCookiePath: "string",
sessionCookieSameSite: "string",
sessionCookieSecure: false,
sessionEnforceSameSubject: false,
sessionHashStorageKey: false,
sessionHashSubject: false,
sessionIdlingTimeout: 0,
sessionMemcachedHost: "string",
sessionMemcachedPort: 0,
sessionMemcachedPrefix: "string",
sessionMemcachedSocket: "string",
sessionRemember: false,
sessionRememberAbsoluteTimeout: 0,
sessionRememberCookieName: "string",
sessionRememberRollingTimeout: 0,
sessionRequestHeaders: ["string"],
sessionResponseHeaders: ["string"],
sessionRollingTimeout: 0,
sessionSecret: "string",
sessionStorage: "string",
sessionStoreMetadata: false,
validateAssertionSignature: false,
},
controlPlaneId: "string",
enabled: false,
gatewayPluginSamlId: "string",
instanceName: "string",
ordering: {
after: {
accesses: ["string"],
},
before: {
accesses: ["string"],
},
},
protocols: ["string"],
route: {
id: "string",
},
service: {
id: "string",
},
tags: ["string"],
});
type: konnect:GatewayPluginSaml
properties:
config:
anonymous: string
assertionConsumerPath: string
idpCertificate: string
idpSsoUrl: string
issuer: string
nameidFormat: string
redis:
clusterMaxRedirections: 0
clusterNodes:
- ip: string
port: 0
connectTimeout: 0
connectionIsProxied: false
database: 0
host: string
keepaliveBacklog: 0
keepalivePoolSize: 0
password: string
port: 0
prefix: string
readTimeout: 0
sendTimeout: 0
sentinelMaster: string
sentinelNodes:
- host: string
port: 0
sentinelPassword: string
sentinelRole: string
sentinelUsername: string
serverName: string
socket: string
ssl: false
sslVerify: false
username: string
requestDigestAlgorithm: string
requestSignatureAlgorithm: string
requestSigningCertificate: string
requestSigningKey: string
responseDigestAlgorithm: string
responseEncryptionKey: string
responseSignatureAlgorithm: string
sessionAbsoluteTimeout: 0
sessionAudience: string
sessionCookieDomain: string
sessionCookieHttpOnly: false
sessionCookieName: string
sessionCookiePath: string
sessionCookieSameSite: string
sessionCookieSecure: false
sessionEnforceSameSubject: false
sessionHashStorageKey: false
sessionHashSubject: false
sessionIdlingTimeout: 0
sessionMemcachedHost: string
sessionMemcachedPort: 0
sessionMemcachedPrefix: string
sessionMemcachedSocket: string
sessionRemember: false
sessionRememberAbsoluteTimeout: 0
sessionRememberCookieName: string
sessionRememberRollingTimeout: 0
sessionRequestHeaders:
- string
sessionResponseHeaders:
- string
sessionRollingTimeout: 0
sessionSecret: string
sessionStorage: string
sessionStoreMetadata: false
validateAssertionSignature: false
controlPlaneId: string
enabled: false
gatewayPluginSamlId: string
instanceName: string
ordering:
after:
accesses:
- string
before:
accesses:
- string
protocols:
- string
route:
id: string
service:
id: string
tags:
- string
GatewayPluginSaml Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GatewayPluginSaml resource accepts the following input properties:
- Config
Gateway
Plugin Saml Config - Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Enabled bool
- Whether the plugin is applied.
- Gateway
Plugin stringSaml Id - The ID of this resource.
- Instance
Name string - Ordering
Gateway
Plugin Saml Ordering - Protocols List<string>
- A set of strings representing HTTP protocols.
- Route
Gateway
Plugin Saml Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Saml Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<string>
- An optional set of strings associated with the Plugin for grouping and filtering.
- Config
Gateway
Plugin Saml Config Args - Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Enabled bool
- Whether the plugin is applied.
- Gateway
Plugin stringSaml Id - The ID of this resource.
- Instance
Name string - Ordering
Gateway
Plugin Saml Ordering Args - Protocols []string
- A set of strings representing HTTP protocols.
- Route
Gateway
Plugin Saml Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Saml Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- []string
- An optional set of strings associated with the Plugin for grouping and filtering.
- config
Gateway
Plugin Saml Config - control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- enabled Boolean
- Whether the plugin is applied.
- gateway
Plugin StringSaml Id - The ID of this resource.
- instance
Name String - ordering
Gateway
Plugin Saml Ordering - protocols List<String>
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Saml Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Saml Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- config
Gateway
Plugin Saml Config - control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- enabled boolean
- Whether the plugin is applied.
- gateway
Plugin stringSaml Id - The ID of this resource.
- instance
Name string - ordering
Gateway
Plugin Saml Ordering - protocols string[]
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Saml Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Saml Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- string[]
- An optional set of strings associated with the Plugin for grouping and filtering.
- config
Gateway
Plugin Saml Config Args - control_
plane_ strid - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- enabled bool
- Whether the plugin is applied.
- gateway_
plugin_ strsaml_ id - The ID of this resource.
- instance_
name str - ordering
Gateway
Plugin Saml Ordering Args - protocols Sequence[str]
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Saml Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Saml Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- Sequence[str]
- An optional set of strings associated with the Plugin for grouping and filtering.
- config Property Map
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- enabled Boolean
- Whether the plugin is applied.
- gateway
Plugin StringSaml Id - The ID of this resource.
- instance
Name String - ordering Property Map
- protocols List<String>
- A set of strings representing HTTP protocols.
- route Property Map
- If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service Property Map
- If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
Outputs
All input properties are implicitly available as output properties. Additionally, the GatewayPluginSaml resource produces the following output properties:
- created_
at float - Unix epoch when the resource was created.
- id str
- The provider-assigned unique ID for this managed resource.
- updated_
at float - Unix epoch when the resource was last updated.
Look up Existing GatewayPluginSaml Resource
Get an existing GatewayPluginSaml resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GatewayPluginSamlState, opts?: CustomResourceOptions): GatewayPluginSaml@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[GatewayPluginSamlConfigArgs] = None,
control_plane_id: Optional[str] = None,
created_at: Optional[float] = None,
enabled: Optional[bool] = None,
gateway_plugin_saml_id: Optional[str] = None,
instance_name: Optional[str] = None,
ordering: Optional[GatewayPluginSamlOrderingArgs] = None,
protocols: Optional[Sequence[str]] = None,
route: Optional[GatewayPluginSamlRouteArgs] = None,
service: Optional[GatewayPluginSamlServiceArgs] = None,
tags: Optional[Sequence[str]] = None,
updated_at: Optional[float] = None) -> GatewayPluginSamlfunc GetGatewayPluginSaml(ctx *Context, name string, id IDInput, state *GatewayPluginSamlState, opts ...ResourceOption) (*GatewayPluginSaml, error)public static GatewayPluginSaml Get(string name, Input<string> id, GatewayPluginSamlState? state, CustomResourceOptions? opts = null)public static GatewayPluginSaml get(String name, Output<String> id, GatewayPluginSamlState state, CustomResourceOptions options)resources: _: type: konnect:GatewayPluginSaml get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config
Gateway
Plugin Saml Config - Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Created
At double - Unix epoch when the resource was created.
- Enabled bool
- Whether the plugin is applied.
- Gateway
Plugin stringSaml Id - The ID of this resource.
- Instance
Name string - Ordering
Gateway
Plugin Saml Ordering - Protocols List<string>
- A set of strings representing HTTP protocols.
- Route
Gateway
Plugin Saml Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Saml Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<string>
- An optional set of strings associated with the Plugin for grouping and filtering.
- Updated
At double - Unix epoch when the resource was last updated.
- Config
Gateway
Plugin Saml Config Args - Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Created
At float64 - Unix epoch when the resource was created.
- Enabled bool
- Whether the plugin is applied.
- Gateway
Plugin stringSaml Id - The ID of this resource.
- Instance
Name string - Ordering
Gateway
Plugin Saml Ordering Args - Protocols []string
- A set of strings representing HTTP protocols.
- Route
Gateway
Plugin Saml Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Saml Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- []string
- An optional set of strings associated with the Plugin for grouping and filtering.
- Updated
At float64 - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Saml Config - control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At Double - Unix epoch when the resource was created.
- enabled Boolean
- Whether the plugin is applied.
- gateway
Plugin StringSaml Id - The ID of this resource.
- instance
Name String - ordering
Gateway
Plugin Saml Ordering - protocols List<String>
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Saml Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Saml Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At Double - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Saml Config - control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At number - Unix epoch when the resource was created.
- enabled boolean
- Whether the plugin is applied.
- gateway
Plugin stringSaml Id - The ID of this resource.
- instance
Name string - ordering
Gateway
Plugin Saml Ordering - protocols string[]
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Saml Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Saml Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- string[]
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At number - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Saml Config Args - control_
plane_ strid - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created_
at float - Unix epoch when the resource was created.
- enabled bool
- Whether the plugin is applied.
- gateway_
plugin_ strsaml_ id - The ID of this resource.
- instance_
name str - ordering
Gateway
Plugin Saml Ordering Args - protocols Sequence[str]
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Saml Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Saml Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- Sequence[str]
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated_
at float - Unix epoch when the resource was last updated.
- config Property Map
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At Number - Unix epoch when the resource was created.
- enabled Boolean
- Whether the plugin is applied.
- gateway
Plugin StringSaml Id - The ID of this resource.
- instance
Name String - ordering Property Map
- protocols List<String>
- A set of strings representing HTTP protocols.
- route Property Map
- If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service Property Map
- If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At Number - Unix epoch when the resource was last updated.
Supporting Types
GatewayPluginSamlConfig, GatewayPluginSamlConfigArgs
- Anonymous string
- An optional string (consumer UUID or username) value to use as an “anonymous” consumer. If not set, a Kong Consumer must exist for the SAML IdP user credentials, mapping the username format to the Kong Consumer username.
- Assertion
Consumer stringPath - A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- Idp
Certificate string - The public certificate provided by the IdP. This is used to validate responses from the IdP. Only include the contents of the certificate. Do not include the header (
BEGIN CERTIFICATE) and footer (END CERTIFICATE) lines. - Idp
Sso stringUrl - A string representing a URL, such as https://example.com/path/to/resource?q=search.
- Issuer string
- The unique identifier of the IdP application. Formatted as a URL containing information about the IdP so the SP can validate that the SAML assertions it receives are issued from the correct IdP.
- Nameid
Format string - The requested
NameIdformat. Options available are: -Unspecified-EmailAddress-Persistent-Transient. must be one of ["EmailAddress", "Persistent", "Transient", "Unspecified"] - Redis
Gateway
Plugin Saml Config Redis - Request
Digest stringAlgorithm - The digest algorithm for Authn requests: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - Request
Signature stringAlgorithm - The signature algorithm for signing Authn requests. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - Request
Signing stringCertificate - The certificate for signing requests.
- Request
Signing stringKey - The private key for signing requests. If this parameter is set, requests sent to the IdP are signed. The
request_signing_certificateparameter must be set as well. - Response
Digest stringAlgorithm - The algorithm for verifying digest in SAML responses: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - Response
Encryption stringKey - The private encryption key required to decrypt encrypted assertions.
- Response
Signature stringAlgorithm - The algorithm for validating signatures in SAML responses. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - Session
Absolute doubleTimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- Session
Audience string - The session audience, for example "my-application"
- string
- The session cookie domain flag.
- bool
- Forbids JavaScript from accessing the cookie, for example, through the
Document.cookieproperty. - string
- The session cookie name.
- string
- A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- string
- Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. must be one of ["Default", "Lax", "None", "Strict"]
- bool
- The cookie is only sent to the server when a request is made with the https:scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.
- Session
Enforce boolSame Subject - When set to
true, audiences are forced to share the same subject. - Session
Hash boolStorage Key - When set to
true, the storage key (session ID) is hashed for extra security. Hashing the storage key means it is impossible to decrypt data from the storage without a cookie. - Session
Hash boolSubject - When set to
true, the value of subject is hashed before being stored. Only applies whensession_store_metadatais enabled. - Session
Idling doubleTimeout - The session cookie idle time in seconds.
- Session
Memcached stringHost - The memcached host.
- Session
Memcached doublePort - An integer representing a port number between 0 and 65535, inclusive.
- Session
Memcached stringPrefix - The memcached session key prefix.
- Session
Memcached stringSocket - The memcached unix socket path.
- Session
Remember bool - Enables or disables persistent sessions
- Session
Remember doubleAbsolute Timeout - Persistent session absolute timeout in seconds.
- string
- Persistent session cookie name
- Session
Remember doubleRolling Timeout - Persistent session rolling timeout in seconds.
- Session
Request List<string>Headers - Session
Response List<string>Headers - Session
Rolling doubleTimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- Session
Secret string - The session secret. This must be a random string of 32 characters from the base64 alphabet (letters, numbers,
/,_and+). It is used as the secret key for encrypting session data as well as state information that is sent to the IdP in the authentication exchange. - Session
Storage string - The session storage for session data: -
cookie: stores session data with the session cookie. The session cannot be invalidated or revoked without changing the session secret, but is stateless, and doesn't require a database. -memcached: stores session data in memcached -redis: stores session data in Redis. must be one of ["cookie", "memcache", "memcached", "redis"] - Session
Store boolMetadata - Configures whether or not session metadata should be stored. This includes information about the active sessions for the
specific_audiencebelonging to a specific subject. - Validate
Assertion boolSignature - Enable signature validation for SAML responses.
- Anonymous string
- An optional string (consumer UUID or username) value to use as an “anonymous” consumer. If not set, a Kong Consumer must exist for the SAML IdP user credentials, mapping the username format to the Kong Consumer username.
- Assertion
Consumer stringPath - A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- Idp
Certificate string - The public certificate provided by the IdP. This is used to validate responses from the IdP. Only include the contents of the certificate. Do not include the header (
BEGIN CERTIFICATE) and footer (END CERTIFICATE) lines. - Idp
Sso stringUrl - A string representing a URL, such as https://example.com/path/to/resource?q=search.
- Issuer string
- The unique identifier of the IdP application. Formatted as a URL containing information about the IdP so the SP can validate that the SAML assertions it receives are issued from the correct IdP.
- Nameid
Format string - The requested
NameIdformat. Options available are: -Unspecified-EmailAddress-Persistent-Transient. must be one of ["EmailAddress", "Persistent", "Transient", "Unspecified"] - Redis
Gateway
Plugin Saml Config Redis - Request
Digest stringAlgorithm - The digest algorithm for Authn requests: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - Request
Signature stringAlgorithm - The signature algorithm for signing Authn requests. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - Request
Signing stringCertificate - The certificate for signing requests.
- Request
Signing stringKey - The private key for signing requests. If this parameter is set, requests sent to the IdP are signed. The
request_signing_certificateparameter must be set as well. - Response
Digest stringAlgorithm - The algorithm for verifying digest in SAML responses: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - Response
Encryption stringKey - The private encryption key required to decrypt encrypted assertions.
- Response
Signature stringAlgorithm - The algorithm for validating signatures in SAML responses. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - Session
Absolute float64Timeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- Session
Audience string - The session audience, for example "my-application"
- string
- The session cookie domain flag.
- bool
- Forbids JavaScript from accessing the cookie, for example, through the
Document.cookieproperty. - string
- The session cookie name.
- string
- A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- string
- Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. must be one of ["Default", "Lax", "None", "Strict"]
- bool
- The cookie is only sent to the server when a request is made with the https:scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.
- Session
Enforce boolSame Subject - When set to
true, audiences are forced to share the same subject. - Session
Hash boolStorage Key - When set to
true, the storage key (session ID) is hashed for extra security. Hashing the storage key means it is impossible to decrypt data from the storage without a cookie. - Session
Hash boolSubject - When set to
true, the value of subject is hashed before being stored. Only applies whensession_store_metadatais enabled. - Session
Idling float64Timeout - The session cookie idle time in seconds.
- Session
Memcached stringHost - The memcached host.
- Session
Memcached float64Port - An integer representing a port number between 0 and 65535, inclusive.
- Session
Memcached stringPrefix - The memcached session key prefix.
- Session
Memcached stringSocket - The memcached unix socket path.
- Session
Remember bool - Enables or disables persistent sessions
- Session
Remember float64Absolute Timeout - Persistent session absolute timeout in seconds.
- string
- Persistent session cookie name
- Session
Remember float64Rolling Timeout - Persistent session rolling timeout in seconds.
- Session
Request []stringHeaders - Session
Response []stringHeaders - Session
Rolling float64Timeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- Session
Secret string - The session secret. This must be a random string of 32 characters from the base64 alphabet (letters, numbers,
/,_and+). It is used as the secret key for encrypting session data as well as state information that is sent to the IdP in the authentication exchange. - Session
Storage string - The session storage for session data: -
cookie: stores session data with the session cookie. The session cannot be invalidated or revoked without changing the session secret, but is stateless, and doesn't require a database. -memcached: stores session data in memcached -redis: stores session data in Redis. must be one of ["cookie", "memcache", "memcached", "redis"] - Session
Store boolMetadata - Configures whether or not session metadata should be stored. This includes information about the active sessions for the
specific_audiencebelonging to a specific subject. - Validate
Assertion boolSignature - Enable signature validation for SAML responses.
- anonymous String
- An optional string (consumer UUID or username) value to use as an “anonymous” consumer. If not set, a Kong Consumer must exist for the SAML IdP user credentials, mapping the username format to the Kong Consumer username.
- assertion
Consumer StringPath - A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- idp
Certificate String - The public certificate provided by the IdP. This is used to validate responses from the IdP. Only include the contents of the certificate. Do not include the header (
BEGIN CERTIFICATE) and footer (END CERTIFICATE) lines. - idp
Sso StringUrl - A string representing a URL, such as https://example.com/path/to/resource?q=search.
- issuer String
- The unique identifier of the IdP application. Formatted as a URL containing information about the IdP so the SP can validate that the SAML assertions it receives are issued from the correct IdP.
- nameid
Format String - The requested
NameIdformat. Options available are: -Unspecified-EmailAddress-Persistent-Transient. must be one of ["EmailAddress", "Persistent", "Transient", "Unspecified"] - redis
Gateway
Plugin Saml Config Redis - request
Digest StringAlgorithm - The digest algorithm for Authn requests: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - request
Signature StringAlgorithm - The signature algorithm for signing Authn requests. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - request
Signing StringCertificate - The certificate for signing requests.
- request
Signing StringKey - The private key for signing requests. If this parameter is set, requests sent to the IdP are signed. The
request_signing_certificateparameter must be set as well. - response
Digest StringAlgorithm - The algorithm for verifying digest in SAML responses: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - response
Encryption StringKey - The private encryption key required to decrypt encrypted assertions.
- response
Signature StringAlgorithm - The algorithm for validating signatures in SAML responses. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - session
Absolute DoubleTimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- session
Audience String - The session audience, for example "my-application"
- String
- The session cookie domain flag.
- Boolean
- Forbids JavaScript from accessing the cookie, for example, through the
Document.cookieproperty. - String
- The session cookie name.
- String
- A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- String
- Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. must be one of ["Default", "Lax", "None", "Strict"]
- Boolean
- The cookie is only sent to the server when a request is made with the https:scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.
- session
Enforce BooleanSame Subject - When set to
true, audiences are forced to share the same subject. - session
Hash BooleanStorage Key - When set to
true, the storage key (session ID) is hashed for extra security. Hashing the storage key means it is impossible to decrypt data from the storage without a cookie. - session
Hash BooleanSubject - When set to
true, the value of subject is hashed before being stored. Only applies whensession_store_metadatais enabled. - session
Idling DoubleTimeout - The session cookie idle time in seconds.
- session
Memcached StringHost - The memcached host.
- session
Memcached DoublePort - An integer representing a port number between 0 and 65535, inclusive.
- session
Memcached StringPrefix - The memcached session key prefix.
- session
Memcached StringSocket - The memcached unix socket path.
- session
Remember Boolean - Enables or disables persistent sessions
- session
Remember DoubleAbsolute Timeout - Persistent session absolute timeout in seconds.
- String
- Persistent session cookie name
- session
Remember DoubleRolling Timeout - Persistent session rolling timeout in seconds.
- session
Request List<String>Headers - session
Response List<String>Headers - session
Rolling DoubleTimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- session
Secret String - The session secret. This must be a random string of 32 characters from the base64 alphabet (letters, numbers,
/,_and+). It is used as the secret key for encrypting session data as well as state information that is sent to the IdP in the authentication exchange. - session
Storage String - The session storage for session data: -
cookie: stores session data with the session cookie. The session cannot be invalidated or revoked without changing the session secret, but is stateless, and doesn't require a database. -memcached: stores session data in memcached -redis: stores session data in Redis. must be one of ["cookie", "memcache", "memcached", "redis"] - session
Store BooleanMetadata - Configures whether or not session metadata should be stored. This includes information about the active sessions for the
specific_audiencebelonging to a specific subject. - validate
Assertion BooleanSignature - Enable signature validation for SAML responses.
- anonymous string
- An optional string (consumer UUID or username) value to use as an “anonymous” consumer. If not set, a Kong Consumer must exist for the SAML IdP user credentials, mapping the username format to the Kong Consumer username.
- assertion
Consumer stringPath - A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- idp
Certificate string - The public certificate provided by the IdP. This is used to validate responses from the IdP. Only include the contents of the certificate. Do not include the header (
BEGIN CERTIFICATE) and footer (END CERTIFICATE) lines. - idp
Sso stringUrl - A string representing a URL, such as https://example.com/path/to/resource?q=search.
- issuer string
- The unique identifier of the IdP application. Formatted as a URL containing information about the IdP so the SP can validate that the SAML assertions it receives are issued from the correct IdP.
- nameid
Format string - The requested
NameIdformat. Options available are: -Unspecified-EmailAddress-Persistent-Transient. must be one of ["EmailAddress", "Persistent", "Transient", "Unspecified"] - redis
Gateway
Plugin Saml Config Redis - request
Digest stringAlgorithm - The digest algorithm for Authn requests: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - request
Signature stringAlgorithm - The signature algorithm for signing Authn requests. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - request
Signing stringCertificate - The certificate for signing requests.
- request
Signing stringKey - The private key for signing requests. If this parameter is set, requests sent to the IdP are signed. The
request_signing_certificateparameter must be set as well. - response
Digest stringAlgorithm - The algorithm for verifying digest in SAML responses: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - response
Encryption stringKey - The private encryption key required to decrypt encrypted assertions.
- response
Signature stringAlgorithm - The algorithm for validating signatures in SAML responses. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - session
Absolute numberTimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- session
Audience string - The session audience, for example "my-application"
- string
- The session cookie domain flag.
- boolean
- Forbids JavaScript from accessing the cookie, for example, through the
Document.cookieproperty. - string
- The session cookie name.
- string
- A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- string
- Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. must be one of ["Default", "Lax", "None", "Strict"]
- boolean
- The cookie is only sent to the server when a request is made with the https:scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.
- session
Enforce booleanSame Subject - When set to
true, audiences are forced to share the same subject. - session
Hash booleanStorage Key - When set to
true, the storage key (session ID) is hashed for extra security. Hashing the storage key means it is impossible to decrypt data from the storage without a cookie. - session
Hash booleanSubject - When set to
true, the value of subject is hashed before being stored. Only applies whensession_store_metadatais enabled. - session
Idling numberTimeout - The session cookie idle time in seconds.
- session
Memcached stringHost - The memcached host.
- session
Memcached numberPort - An integer representing a port number between 0 and 65535, inclusive.
- session
Memcached stringPrefix - The memcached session key prefix.
- session
Memcached stringSocket - The memcached unix socket path.
- session
Remember boolean - Enables or disables persistent sessions
- session
Remember numberAbsolute Timeout - Persistent session absolute timeout in seconds.
- string
- Persistent session cookie name
- session
Remember numberRolling Timeout - Persistent session rolling timeout in seconds.
- session
Request string[]Headers - session
Response string[]Headers - session
Rolling numberTimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- session
Secret string - The session secret. This must be a random string of 32 characters from the base64 alphabet (letters, numbers,
/,_and+). It is used as the secret key for encrypting session data as well as state information that is sent to the IdP in the authentication exchange. - session
Storage string - The session storage for session data: -
cookie: stores session data with the session cookie. The session cannot be invalidated or revoked without changing the session secret, but is stateless, and doesn't require a database. -memcached: stores session data in memcached -redis: stores session data in Redis. must be one of ["cookie", "memcache", "memcached", "redis"] - session
Store booleanMetadata - Configures whether or not session metadata should be stored. This includes information about the active sessions for the
specific_audiencebelonging to a specific subject. - validate
Assertion booleanSignature - Enable signature validation for SAML responses.
- anonymous str
- An optional string (consumer UUID or username) value to use as an “anonymous” consumer. If not set, a Kong Consumer must exist for the SAML IdP user credentials, mapping the username format to the Kong Consumer username.
- assertion_
consumer_ strpath - A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- idp_
certificate str - The public certificate provided by the IdP. This is used to validate responses from the IdP. Only include the contents of the certificate. Do not include the header (
BEGIN CERTIFICATE) and footer (END CERTIFICATE) lines. - idp_
sso_ strurl - A string representing a URL, such as https://example.com/path/to/resource?q=search.
- issuer str
- The unique identifier of the IdP application. Formatted as a URL containing information about the IdP so the SP can validate that the SAML assertions it receives are issued from the correct IdP.
- nameid_
format str - The requested
NameIdformat. Options available are: -Unspecified-EmailAddress-Persistent-Transient. must be one of ["EmailAddress", "Persistent", "Transient", "Unspecified"] - redis
Gateway
Plugin Saml Config Redis - request_
digest_ stralgorithm - The digest algorithm for Authn requests: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - request_
signature_ stralgorithm - The signature algorithm for signing Authn requests. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - request_
signing_ strcertificate - The certificate for signing requests.
- request_
signing_ strkey - The private key for signing requests. If this parameter is set, requests sent to the IdP are signed. The
request_signing_certificateparameter must be set as well. - response_
digest_ stralgorithm - The algorithm for verifying digest in SAML responses: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - response_
encryption_ strkey - The private encryption key required to decrypt encrypted assertions.
- response_
signature_ stralgorithm - The algorithm for validating signatures in SAML responses. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - session_
absolute_ floattimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- session_
audience str - The session audience, for example "my-application"
- str
- The session cookie domain flag.
- bool
- Forbids JavaScript from accessing the cookie, for example, through the
Document.cookieproperty. - str
- The session cookie name.
- str
- A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- str
- Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. must be one of ["Default", "Lax", "None", "Strict"]
- bool
- The cookie is only sent to the server when a request is made with the https:scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.
- session_
enforce_ boolsame_ subject - When set to
true, audiences are forced to share the same subject. - session_
hash_ boolstorage_ key - When set to
true, the storage key (session ID) is hashed for extra security. Hashing the storage key means it is impossible to decrypt data from the storage without a cookie. - session_
hash_ boolsubject - When set to
true, the value of subject is hashed before being stored. Only applies whensession_store_metadatais enabled. - session_
idling_ floattimeout - The session cookie idle time in seconds.
- session_
memcached_ strhost - The memcached host.
- session_
memcached_ floatport - An integer representing a port number between 0 and 65535, inclusive.
- session_
memcached_ strprefix - The memcached session key prefix.
- session_
memcached_ strsocket - The memcached unix socket path.
- session_
remember bool - Enables or disables persistent sessions
- session_
remember_ floatabsolute_ timeout - Persistent session absolute timeout in seconds.
- str
- Persistent session cookie name
- session_
remember_ floatrolling_ timeout - Persistent session rolling timeout in seconds.
- session_
request_ Sequence[str]headers - session_
response_ Sequence[str]headers - session_
rolling_ floattimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- session_
secret str - The session secret. This must be a random string of 32 characters from the base64 alphabet (letters, numbers,
/,_and+). It is used as the secret key for encrypting session data as well as state information that is sent to the IdP in the authentication exchange. - session_
storage str - The session storage for session data: -
cookie: stores session data with the session cookie. The session cannot be invalidated or revoked without changing the session secret, but is stateless, and doesn't require a database. -memcached: stores session data in memcached -redis: stores session data in Redis. must be one of ["cookie", "memcache", "memcached", "redis"] - session_
store_ boolmetadata - Configures whether or not session metadata should be stored. This includes information about the active sessions for the
specific_audiencebelonging to a specific subject. - validate_
assertion_ boolsignature - Enable signature validation for SAML responses.
- anonymous String
- An optional string (consumer UUID or username) value to use as an “anonymous” consumer. If not set, a Kong Consumer must exist for the SAML IdP user credentials, mapping the username format to the Kong Consumer username.
- assertion
Consumer StringPath - A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- idp
Certificate String - The public certificate provided by the IdP. This is used to validate responses from the IdP. Only include the contents of the certificate. Do not include the header (
BEGIN CERTIFICATE) and footer (END CERTIFICATE) lines. - idp
Sso StringUrl - A string representing a URL, such as https://example.com/path/to/resource?q=search.
- issuer String
- The unique identifier of the IdP application. Formatted as a URL containing information about the IdP so the SP can validate that the SAML assertions it receives are issued from the correct IdP.
- nameid
Format String - The requested
NameIdformat. Options available are: -Unspecified-EmailAddress-Persistent-Transient. must be one of ["EmailAddress", "Persistent", "Transient", "Unspecified"] - redis Property Map
- request
Digest StringAlgorithm - The digest algorithm for Authn requests: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - request
Signature StringAlgorithm - The signature algorithm for signing Authn requests. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - request
Signing StringCertificate - The certificate for signing requests.
- request
Signing StringKey - The private key for signing requests. If this parameter is set, requests sent to the IdP are signed. The
request_signing_certificateparameter must be set as well. - response
Digest StringAlgorithm - The algorithm for verifying digest in SAML responses: -
SHA256-SHA1. must be one of ["SHA1", "SHA256"] - response
Encryption StringKey - The private encryption key required to decrypt encrypted assertions.
- response
Signature StringAlgorithm - The algorithm for validating signatures in SAML responses. Options available are: -
SHA256-SHA384-SHA512. must be one of ["SHA256", "SHA384", "SHA512"] - session
Absolute NumberTimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- session
Audience String - The session audience, for example "my-application"
- String
- The session cookie domain flag.
- Boolean
- Forbids JavaScript from accessing the cookie, for example, through the
Document.cookieproperty. - String
- The session cookie name.
- String
- A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).
- String
- Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. must be one of ["Default", "Lax", "None", "Strict"]
- Boolean
- The cookie is only sent to the server when a request is made with the https:scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.
- session
Enforce BooleanSame Subject - When set to
true, audiences are forced to share the same subject. - session
Hash BooleanStorage Key - When set to
true, the storage key (session ID) is hashed for extra security. Hashing the storage key means it is impossible to decrypt data from the storage without a cookie. - session
Hash BooleanSubject - When set to
true, the value of subject is hashed before being stored. Only applies whensession_store_metadatais enabled. - session
Idling NumberTimeout - The session cookie idle time in seconds.
- session
Memcached StringHost - The memcached host.
- session
Memcached NumberPort - An integer representing a port number between 0 and 65535, inclusive.
- session
Memcached StringPrefix - The memcached session key prefix.
- session
Memcached StringSocket - The memcached unix socket path.
- session
Remember Boolean - Enables or disables persistent sessions
- session
Remember NumberAbsolute Timeout - Persistent session absolute timeout in seconds.
- String
- Persistent session cookie name
- session
Remember NumberRolling Timeout - Persistent session rolling timeout in seconds.
- session
Request List<String>Headers - session
Response List<String>Headers - session
Rolling NumberTimeout - The session cookie absolute timeout in seconds. Specifies how long the session can be used until it is no longer valid.
- session
Secret String - The session secret. This must be a random string of 32 characters from the base64 alphabet (letters, numbers,
/,_and+). It is used as the secret key for encrypting session data as well as state information that is sent to the IdP in the authentication exchange. - session
Storage String - The session storage for session data: -
cookie: stores session data with the session cookie. The session cannot be invalidated or revoked without changing the session secret, but is stateless, and doesn't require a database. -memcached: stores session data in memcached -redis: stores session data in Redis. must be one of ["cookie", "memcache", "memcached", "redis"] - session
Store BooleanMetadata - Configures whether or not session metadata should be stored. This includes information about the active sessions for the
specific_audiencebelonging to a specific subject. - validate
Assertion BooleanSignature - Enable signature validation for SAML responses.
GatewayPluginSamlConfigRedis, GatewayPluginSamlConfigRedisArgs
- Cluster
Max doubleRedirections - Maximum retry attempts for redirection.
- Cluster
Nodes List<GatewayPlugin Saml Config Redis Cluster Node> - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - Connect
Timeout double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Connection
Is boolProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - Database double
- Database to use for the Redis connection when using the
redisstrategy - Host string
- A string representing a host name, such as example.com.
- Keepalive
Backlog double - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - Keepalive
Pool doubleSize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - Password string
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- Port double
- An integer representing a port number between 0 and 65535, inclusive.
- Prefix string
- The Redis session key prefix.
- Read
Timeout double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Send
Timeout double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Sentinel
Master string - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- Sentinel
Nodes List<GatewayPlugin Saml Config Redis Sentinel Node> - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - Sentinel
Password string - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- Sentinel
Role string - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - Sentinel
Username string - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- Server
Name string - A string representing an SNI (server name indication) value for TLS.
- Socket string
- The Redis unix socket path.
- Ssl bool
- If set to true, uses SSL to connect to Redis.
- Ssl
Verify bool - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - Username string
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- Cluster
Max float64Redirections - Maximum retry attempts for redirection.
- Cluster
Nodes []GatewayPlugin Saml Config Redis Cluster Node - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - Connect
Timeout float64 - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Connection
Is boolProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - Database float64
- Database to use for the Redis connection when using the
redisstrategy - Host string
- A string representing a host name, such as example.com.
- Keepalive
Backlog float64 - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - Keepalive
Pool float64Size - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - Password string
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- Port float64
- An integer representing a port number between 0 and 65535, inclusive.
- Prefix string
- The Redis session key prefix.
- Read
Timeout float64 - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Send
Timeout float64 - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Sentinel
Master string - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- Sentinel
Nodes []GatewayPlugin Saml Config Redis Sentinel Node - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - Sentinel
Password string - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- Sentinel
Role string - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - Sentinel
Username string - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- Server
Name string - A string representing an SNI (server name indication) value for TLS.
- Socket string
- The Redis unix socket path.
- Ssl bool
- If set to true, uses SSL to connect to Redis.
- Ssl
Verify bool - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - Username string
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- cluster
Max DoubleRedirections - Maximum retry attempts for redirection.
- cluster
Nodes List<GatewayPlugin Saml Config Redis Cluster Node> - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - connect
Timeout Double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- connection
Is BooleanProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - database Double
- Database to use for the Redis connection when using the
redisstrategy - host String
- A string representing a host name, such as example.com.
- keepalive
Backlog Double - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - keepalive
Pool DoubleSize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - password String
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- port Double
- An integer representing a port number between 0 and 65535, inclusive.
- prefix String
- The Redis session key prefix.
- read
Timeout Double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- send
Timeout Double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- sentinel
Master String - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- sentinel
Nodes List<GatewayPlugin Saml Config Redis Sentinel Node> - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - sentinel
Password String - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- sentinel
Role String - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - sentinel
Username String - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- server
Name String - A string representing an SNI (server name indication) value for TLS.
- socket String
- The Redis unix socket path.
- ssl Boolean
- If set to true, uses SSL to connect to Redis.
- ssl
Verify Boolean - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - username String
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- cluster
Max numberRedirections - Maximum retry attempts for redirection.
- cluster
Nodes GatewayPlugin Saml Config Redis Cluster Node[] - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - connect
Timeout number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- connection
Is booleanProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - database number
- Database to use for the Redis connection when using the
redisstrategy - host string
- A string representing a host name, such as example.com.
- keepalive
Backlog number - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - keepalive
Pool numberSize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - password string
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- port number
- An integer representing a port number between 0 and 65535, inclusive.
- prefix string
- The Redis session key prefix.
- read
Timeout number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- send
Timeout number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- sentinel
Master string - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- sentinel
Nodes GatewayPlugin Saml Config Redis Sentinel Node[] - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - sentinel
Password string - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- sentinel
Role string - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - sentinel
Username string - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- server
Name string - A string representing an SNI (server name indication) value for TLS.
- socket string
- The Redis unix socket path.
- ssl boolean
- If set to true, uses SSL to connect to Redis.
- ssl
Verify boolean - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - username string
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- cluster_
max_ floatredirections - Maximum retry attempts for redirection.
- cluster_
nodes Sequence[GatewayPlugin Saml Config Redis Cluster Node] - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - connect_
timeout float - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- connection_
is_ boolproxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - database float
- Database to use for the Redis connection when using the
redisstrategy - host str
- A string representing a host name, such as example.com.
- keepalive_
backlog float - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - keepalive_
pool_ floatsize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - password str
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- port float
- An integer representing a port number between 0 and 65535, inclusive.
- prefix str
- The Redis session key prefix.
- read_
timeout float - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- send_
timeout float - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- sentinel_
master str - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- sentinel_
nodes Sequence[GatewayPlugin Saml Config Redis Sentinel Node] - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - sentinel_
password str - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- sentinel_
role str - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - sentinel_
username str - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- server_
name str - A string representing an SNI (server name indication) value for TLS.
- socket str
- The Redis unix socket path.
- ssl bool
- If set to true, uses SSL to connect to Redis.
- ssl_
verify bool - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - username str
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- cluster
Max NumberRedirections - Maximum retry attempts for redirection.
- cluster
Nodes List<Property Map> - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - connect
Timeout Number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- connection
Is BooleanProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - database Number
- Database to use for the Redis connection when using the
redisstrategy - host String
- A string representing a host name, such as example.com.
- keepalive
Backlog Number - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - keepalive
Pool NumberSize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - password String
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- port Number
- An integer representing a port number between 0 and 65535, inclusive.
- prefix String
- The Redis session key prefix.
- read
Timeout Number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- send
Timeout Number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- sentinel
Master String - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- sentinel
Nodes List<Property Map> - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - sentinel
Password String - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- sentinel
Role String - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - sentinel
Username String - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- server
Name String - A string representing an SNI (server name indication) value for TLS.
- socket String
- The Redis unix socket path.
- ssl Boolean
- If set to true, uses SSL to connect to Redis.
- ssl
Verify Boolean - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - username String
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
GatewayPluginSamlConfigRedisClusterNode, GatewayPluginSamlConfigRedisClusterNodeArgs
GatewayPluginSamlConfigRedisSentinelNode, GatewayPluginSamlConfigRedisSentinelNodeArgs
GatewayPluginSamlOrdering, GatewayPluginSamlOrderingArgs
GatewayPluginSamlOrderingAfter, GatewayPluginSamlOrderingAfterArgs
- Accesses List<string>
- Accesses []string
- accesses List<String>
- accesses string[]
- accesses Sequence[str]
- accesses List<String>
GatewayPluginSamlOrderingBefore, GatewayPluginSamlOrderingBeforeArgs
- Accesses List<string>
- Accesses []string
- accesses List<String>
- accesses string[]
- accesses Sequence[str]
- accesses List<String>
GatewayPluginSamlRoute, GatewayPluginSamlRouteArgs
- Id string
- Id string
- id String
- id string
- id str
- id String
GatewayPluginSamlService, GatewayPluginSamlServiceArgs
- Id string
- Id string
- id String
- id string
- id str
- id String
Import
$ pulumi import konnect:index/gatewayPluginSaml:GatewayPluginSaml my_konnect_gateway_plugin_saml "{ \"control_plane_id\": \"9524ec7d-36d9-465d-a8c5-83a3c9390458\", \"plugin_id\": \"3473c251-5b6c-4f45-b1ff-7ede735a366d\"}"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- konnect kong/terraform-provider-konnect
- License
- Notes
- This Pulumi package is based on the
konnectTerraform Provider.