ALIYUN::CloudSSO::SAMLIdentityProvider

ALIYUN::CloudSSO::SAMLIdentityProvider类型用于配置SAML身份提供商(IdP)信息。

语法

{
  "Type": "ALIYUN::CloudSSO::SAMLIdentityProvider",
  "Properties": {
    "EntityId": String,
    "SSOStatus": String,
    "DirectoryId": String,
    "EncodedMetadataDocument": String,
    "WantRequestSigned": Boolean,
    "LoginUrl": String,
    "X509Certificate": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

DirectoryId

String

目录ID。

EncodedMetadataDocument

String

IdP元数据文档(Base64编码)。

由支持SAML 2.0协议的IdP提供。

EntityId

String

IdP标识。

LoginUrl

String

IdP的登录地址。

SSOStatus

String

SSO登录的启用状态。

取值:

  • Enabled:启用。

  • Disabled(默认值):禁用。

WantRequestSigned

Boolean

在用户访问云SSO登录页面发起SAML SSO时,是否要求云SSO发送签名的SAML请求。

取值:

  • true:要求云SSO发送签名的SAML请求。

  • false(默认值):不要求云SSO发送签名的SAML请求。

X509Certificate

String

PEM格式的X509证书。

指定该参数会替换所有已经存在的证书。

返回值

Fn::GetAtt

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  DirectoryId:
    Description:
      en: The ID of the directory.
    Required: true
    Type: String
  EncodedMetadataDocument:
    Description:
      en: 'The metadata file of the IdP. The value of this parameter is Base64-encoded.

        The file is provided by the IdP that supports SAML 2.0.'
    Required: false
    Type: String
  EntityId:
    Description:
      en: The entity ID of the IdP.
    Required: false
    Type: String
  LoginUrl:
    Description:
      en: The logon URL of the IdP.
    Required: false
    Type: String
  SSOStatus:
    AllowedValues:
    - Enabled
    - Disabled
    Description:
      en: 'The status of SSO logon. Valid values:

        - Enabled

        - Disabled (default)'
    Required: false
    Type: String
  WantRequestSigned:
    Description:
      en: 'Specifies whether CloudSSO needs to sign SAML requests. The requests are
        sent when users log on to the CloudSSO user portal to initiate SAML-based
        SSO. Valid values:

        - true: yes

        - false: no (default)'
    Required: false
    Type: Boolean
  X509Certificate:
    Description:
      en: The X.509 certificate n the PEM format. If you specify this parameter, all
        existing certificates are replaced.
    Required: false
    Type: String
Resources:
  SAMLIdentityProvider:
    Properties:
      DirectoryId:
        Ref: DirectoryId
      EncodedMetadataDocument:
        Ref: EncodedMetadataDocument
      EntityId:
        Ref: EntityId
      LoginUrl:
        Ref: LoginUrl
      SSOStatus:
        Ref: SSOStatus
      WantRequestSigned:
        Ref: WantRequestSigned
      X509Certificate:
        Ref: X509Certificate
    Type: ALIYUN::CloudSSO::SAMLIdentityProvider
                        

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "EntityId": {
      "Type": "String",
      "Description": {
        "en": "The entity ID of the IdP."
      },
      "Required": false
    },
    "SSOStatus": {
      "Type": "String",
      "Description": {
        "en": "The status of SSO logon. Valid values:\n- Enabled\n- Disabled (default)"
      },
      "AllowedValues": [
        "Enabled",
        "Disabled"
      ],
      "Required": false
    },
    "DirectoryId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the directory."
      },
      "Required": true
    },
    "EncodedMetadataDocument": {
      "Type": "String",
      "Description": {
        "en": "The metadata file of the IdP. The value of this parameter is Base64-encoded.\nThe file is provided by the IdP that supports SAML 2.0."
      },
      "Required": false
    },
    "WantRequestSigned": {
      "Type": "Boolean",
      "Description": {
        "en": "Specifies whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:\n- true: yes\n- false: no (default)"
      },
      "Required": false
    },
    "LoginUrl": {
      "Type": "String",
      "Description": {
        "en": "The logon URL of the IdP."
      },
      "Required": false
    },
    "X509Certificate": {
      "Type": "String",
      "Description": {
        "en": "The X.509 certificate n the PEM format. If you specify this parameter, all existing certificates are replaced."
      },
      "Required": false
    }
  },
  "Resources": {
    "SAMLIdentityProvider": {
      "Type": "ALIYUN::CloudSSO::SAMLIdentityProvider",
      "Properties": {
        "EntityId": {
          "Ref": "EntityId"
        },
        "SSOStatus": {
          "Ref": "SSOStatus"
        },
        "DirectoryId": {
          "Ref": "DirectoryId"
        },
        "EncodedMetadataDocument": {
          "Ref": "EncodedMetadataDocument"
        },
        "WantRequestSigned": {
          "Ref": "WantRequestSigned"
        },
        "LoginUrl": {
          "Ref": "LoginUrl"
        },
        "X509Certificate": {
          "Ref": "X509Certificate"
        }
      }
    }
  }
}