All Products
Search

This Product

    Resource Orchestration Service:ALIYUN::CloudSSO::SAMLIdentityProvider

    Document Center

    Resource Orchestration Service:ALIYUN::CloudSSO::SAMLIdentityProvider

    Last Updated:Aug 14, 2024

    ALIYUN::CloudSSO::SAMLIdentityProvider is used to configure the information about a Security Assertion Markup Language (SAML) identity provider (IdP).

    Syntax

    {
  "Type": "ALIYUN::CloudSSO::SAMLIdentityProvider",
  "Properties": {
    "EntityId": String,
    "SSOStatus": String,
    "DirectoryId": String,
    "EncodedMetadataDocument": String,
    "WantRequestSigned": Boolean,
    "LoginUrl": String,
    "X509Certificate": String
  }
}

    Properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    DirectoryId

    String

    Yes

    No

    The directory ID.

    None.

    EncodedMetadataDocument

    String

    No

    No

    The metadata file of the IdP. The value of this property is Base64-encoded.

    The file is provided by the IdP that supports SAML 2.0.

    EntityId

    String

    No

    No

    The entity ID of the IdP.

    None.

    LoginUrl

    String

    No

    No

    The logon URL of the IdP.

    None.

    SSOStatus

    String

    No

    No

    The status of single sign-on (SSO) logon.

    Valid values:

    • Enabled

    • Disabled (default)

    WantRequestSigned

    Boolean

    No

    No

    Specifies whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO.

    Valid values:

    • true

    • false (default)

    X509Certificate

    String

    No

    No

    The X.509 certificate in the Privacy Enhanced Mail (PEM) format.

    If you specify this property, all existing certificates are replaced.

    Return values

    Fn::GetAtt

    None.

    Examples

    YAML format

    ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  DirectoryId:
    Description:
      en: The ID of the directory.
    Required: true
    Type: String
  EncodedMetadataDocument:
    Description:
      en: 'The metadata file of the IdP. The value of this parameter is Base64-encoded.

        The file is provided by the IdP that supports SAML 2.0.'
    Required: false
    Type: String
  EntityId:
    Description:
      en: The entity ID of the IdP.
    Required: false
    Type: String
  LoginUrl:
    Description:
      en: The logon URL of the IdP.
    Required: false
    Type: String
  SSOStatus:
    AllowedValues:
    - Enabled
    - Disabled
    Description:
      en: 'The status of SSO logon. Valid values:

        - Enabled

        - Disabled (default)'
    Required: false
    Type: String
  WantRequestSigned:
    Description:
      en: 'Specifies whether CloudSSO needs to sign SAML requests. The requests are
        sent when users log on to the CloudSSO user portal to initiate SAML-based
        SSO. Valid values:

        - true: yes

        - false: no (default)'
    Required: false
    Type: Boolean
  X509Certificate:
    Description:
      en: The X.509 certificate n the PEM format. If you specify this parameter, all
        existing certificates are replaced.
    Required: false
    Type: String
Resources:
  SAMLIdentityProvider:
    Properties:
      DirectoryId:
        Ref: DirectoryId
      EncodedMetadataDocument:
        Ref: EncodedMetadataDocument
      EntityId:
        Ref: EntityId
      LoginUrl:
        Ref: LoginUrl
      SSOStatus:
        Ref: SSOStatus
      WantRequestSigned:
        Ref: WantRequestSigned
      X509Certificate:
        Ref: X509Certificate
    Type: ALIYUN::CloudSSO::SAMLIdentityProvider

    JSON format

    {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "EntityId": {
      "Type": "String",
      "Description": {
        "en": "The entity ID of the IdP."
      },
      "Required": false
    },
    "SSOStatus": {
      "Type": "String",
      "Description": {
        "en": "The status of SSO logon. Valid values:\n- Enabled\n- Disabled (default)"
      },
      "AllowedValues": [
        "Enabled",
        "Disabled"
      ],
      "Required": false
    },
    "DirectoryId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the directory."
      },
      "Required": true
    },
    "EncodedMetadataDocument": {
      "Type": "String",
      "Description": {
        "en": "The metadata file of the IdP. The value of this parameter is Base64-encoded.\nThe file is provided by the IdP that supports SAML 2.0."
      },
      "Required": false
    },
    "WantRequestSigned": {
      "Type": "Boolean",
      "Description": {
        "en": "Specifies whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:\n- true: yes\n- false: no (default)"
      },
      "Required": false
    },
    "LoginUrl": {
      "Type": "String",
      "Description": {
        "en": "The logon URL of the IdP."
      },
      "Required": false
    },
    "X509Certificate": {
      "Type": "String",
      "Description": {
        "en": "The X.509 certificate n the PEM format. If you specify this parameter, all existing certificates are replaced."
      },
      "Required": false
    }
  },
  "Resources": {
    "SAMLIdentityProvider": {
      "Type": "ALIYUN::CloudSSO::SAMLIdentityProvider",
      "Properties": {
        "EntityId": {
          "Ref": "EntityId"
        },
        "SSOStatus": {
          "Ref": "SSOStatus"
        },
        "DirectoryId": {
          "Ref": "DirectoryId"
        },
        "EncodedMetadataDocument": {
          "Ref": "EncodedMetadataDocument"
        },
        "WantRequestSigned": {
          "Ref": "WantRequestSigned"
        },
        "LoginUrl": {
          "Ref": "LoginUrl"
        },
        "X509Certificate": {
          "Ref": "X509Certificate"
        }
      }
    }
  }
}