ALIYUN::CloudSSO::SAMLIdentityProvider_资源编排(ROS)-阿里云帮助中心

ALIYUN::CloudSSO::SAMLIdentityProvider类型用于配置SAML身份提供商（IdP）信息。

语法

{
  "Type": "ALIYUN::CloudSSO::SAMLIdentityProvider",
  "Properties": {
    "EntityId": String,
    "SSOStatus": String,
    "DirectoryId": String,
    "EncodedMetadataDocument": String,
    "WantRequestSigned": Boolean,
    "LoginUrl": String,
    "X509Certificate": String
  }
}

属性

属性名称	类型	必须	允许更新	描述	约束
EntityId	String	否	否	IdP标识。	无
SSOStatus	String	否	否	SSO登录的启用状态。	取值： Enabled：启用。 Disabled（默认值）：禁用。
DirectoryId	String	是	否	目录ID。	无
EncodedMetadataDocument	String	否	否	IdP元数据文档（Base64编码）。	由支持SAML 2.0协议的IdP提供。
WantRequestSigned	Boolean	否	否	在用户访问云SSO登录页面发起SAML SSO时，是否要求云SSO发送签名的SAML请求。	取值： true：要求云SSO发送签名的SAML请求。 false（默认值）：不要求云SSO发送签名的SAML请求。
LoginUrl	String	否	否	IdP的登录地址。	无
X509Certificate	String	否	否	PEM格式的X509证书。	指定该参数会替换所有已经存在的证书。

返回值

Fn::GetAtt

无

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  DirectoryId:
    Description:
      en: The ID of the directory.
    Required: true
    Type: String
  EncodedMetadataDocument:
    Description:
      en: 'The metadata file of the IdP. The value of this parameter is Base64-encoded.

        The file is provided by the IdP that supports SAML 2.0.'
    Required: false
    Type: String
  EntityId:
    Description:
      en: The entity ID of the IdP.
    Required: false
    Type: String
  LoginUrl:
    Description:
      en: The logon URL of the IdP.
    Required: false
    Type: String
  SSOStatus:
    AllowedValues:
    - Enabled
    - Disabled
    Description:
      en: 'The status of SSO logon. Valid values:

        - Enabled

        - Disabled (default)'
    Required: false
    Type: String
  WantRequestSigned:
    Description:
      en: 'Specifies whether CloudSSO needs to sign SAML requests. The requests are
        sent when users log on to the CloudSSO user portal to initiate SAML-based
        SSO. Valid values:

        - true: yes

        - false: no (default)'
    Required: false
    Type: Boolean
  X509Certificate:
    Description:
      en: The X.509 certificate n the PEM format. If you specify this parameter, all
        existing certificates are replaced.
    Required: false
    Type: String
Resources:
  SAMLIdentityProvider:
    Properties:
      DirectoryId:
        Ref: DirectoryId
      EncodedMetadataDocument:
        Ref: EncodedMetadataDocument
      EntityId:
        Ref: EntityId
      LoginUrl:
        Ref: LoginUrl
      SSOStatus:
        Ref: SSOStatus
      WantRequestSigned:
        Ref: WantRequestSigned
      X509Certificate:
        Ref: X509Certificate
    Type: ALIYUN::CloudSSO::SAMLIdentityProvider

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "EntityId": {
      "Type": "String",
      "Description": {
        "en": "The entity ID of the IdP."
      },
      "Required": false
    },
    "SSOStatus": {
      "Type": "String",
      "Description": {
        "en": "The status of SSO logon. Valid values:\n- Enabled\n- Disabled (default)"
      },
      "AllowedValues": [
        "Enabled",
        "Disabled"
      ],
      "Required": false
    },
    "DirectoryId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the directory."
      },
      "Required": true
    },
    "EncodedMetadataDocument": {
      "Type": "String",
      "Description": {
        "en": "The metadata file of the IdP. The value of this parameter is Base64-encoded.\nThe file is provided by the IdP that supports SAML 2.0."
      },
      "Required": false
    },
    "WantRequestSigned": {
      "Type": "Boolean",
      "Description": {
        "en": "Specifies whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:\n- true: yes\n- false: no (default)"
      },
      "Required": false
    },
    "LoginUrl": {
      "Type": "String",
      "Description": {
        "en": "The logon URL of the IdP."
      },
      "Required": false
    },
    "X509Certificate": {
      "Type": "String",
      "Description": {
        "en": "The X.509 certificate n the PEM format. If you specify this parameter, all existing certificates are replaced."
      },
      "Required": false
    }
  },
  "Resources": {
    "SAMLIdentityProvider": {
      "Type": "ALIYUN::CloudSSO::SAMLIdentityProvider",
      "Properties": {
        "EntityId": {
          "Ref": "EntityId"
        },
        "SSOStatus": {
          "Ref": "SSOStatus"
        },
        "DirectoryId": {
          "Ref": "DirectoryId"
        },
        "EncodedMetadataDocument": {
          "Ref": "EncodedMetadataDocument"
        },
        "WantRequestSigned": {
          "Ref": "WantRequestSigned"
        },
        "LoginUrl": {
          "Ref": "LoginUrl"
        },
        "X509Certificate": {
          "Ref": "X509Certificate"
        }
      }
    }
  }
}