ALIYUN::CloudSSO::SAMLIdentityProvider类型用于配置SAML身份提供商(IdP)信息。
语法
{
"Type": "ALIYUN::CloudSSO::SAMLIdentityProvider",
"Properties": {
"EntityId": String,
"SSOStatus": String,
"DirectoryId": String,
"EncodedMetadataDocument": String,
"WantRequestSigned": Boolean,
"LoginUrl": String,
"X509Certificate": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
DirectoryId | String | 是 | 否 | 目录ID。 | 无 |
EncodedMetadataDocument | String | 否 | 否 | IdP元数据文档(Base64编码)。 | 由支持SAML 2.0协议的IdP提供。 |
EntityId | String | 否 | 否 | IdP标识。 | 无 |
LoginUrl | String | 否 | 否 | IdP的登录地址。 | 无 |
SSOStatus | String | 否 | 否 | SSO登录的启用状态。 | 取值:
|
WantRequestSigned | Boolean | 否 | 否 | 在用户访问云SSO登录页面发起SAML SSO时,是否要求云SSO发送签名的SAML请求。 | 取值:
|
X509Certificate | String | 否 | 否 | PEM格式的X509证书。 | 指定该参数会替换所有已经存在的证书。 |
返回值
Fn::GetAtt
无
示例
YAML格式
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
DirectoryId:
Description:
en: The ID of the directory.
Required: true
Type: String
EncodedMetadataDocument:
Description:
en: 'The metadata file of the IdP. The value of this parameter is Base64-encoded.
The file is provided by the IdP that supports SAML 2.0.'
Required: false
Type: String
EntityId:
Description:
en: The entity ID of the IdP.
Required: false
Type: String
LoginUrl:
Description:
en: The logon URL of the IdP.
Required: false
Type: String
SSOStatus:
AllowedValues:
- Enabled
- Disabled
Description:
en: 'The status of SSO logon. Valid values:
- Enabled
- Disabled (default)'
Required: false
Type: String
WantRequestSigned:
Description:
en: 'Specifies whether CloudSSO needs to sign SAML requests. The requests are
sent when users log on to the CloudSSO user portal to initiate SAML-based
SSO. Valid values:
- true: yes
- false: no (default)'
Required: false
Type: Boolean
X509Certificate:
Description:
en: The X.509 certificate n the PEM format. If you specify this parameter, all
existing certificates are replaced.
Required: false
Type: String
Resources:
SAMLIdentityProvider:
Properties:
DirectoryId:
Ref: DirectoryId
EncodedMetadataDocument:
Ref: EncodedMetadataDocument
EntityId:
Ref: EntityId
LoginUrl:
Ref: LoginUrl
SSOStatus:
Ref: SSOStatus
WantRequestSigned:
Ref: WantRequestSigned
X509Certificate:
Ref: X509Certificate
Type: ALIYUN::CloudSSO::SAMLIdentityProvider
JSON格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"EntityId": {
"Type": "String",
"Description": {
"en": "The entity ID of the IdP."
},
"Required": false
},
"SSOStatus": {
"Type": "String",
"Description": {
"en": "The status of SSO logon. Valid values:\n- Enabled\n- Disabled (default)"
},
"AllowedValues": [
"Enabled",
"Disabled"
],
"Required": false
},
"DirectoryId": {
"Type": "String",
"Description": {
"en": "The ID of the directory."
},
"Required": true
},
"EncodedMetadataDocument": {
"Type": "String",
"Description": {
"en": "The metadata file of the IdP. The value of this parameter is Base64-encoded.\nThe file is provided by the IdP that supports SAML 2.0."
},
"Required": false
},
"WantRequestSigned": {
"Type": "Boolean",
"Description": {
"en": "Specifies whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:\n- true: yes\n- false: no (default)"
},
"Required": false
},
"LoginUrl": {
"Type": "String",
"Description": {
"en": "The logon URL of the IdP."
},
"Required": false
},
"X509Certificate": {
"Type": "String",
"Description": {
"en": "The X.509 certificate n the PEM format. If you specify this parameter, all existing certificates are replaced."
},
"Required": false
}
},
"Resources": {
"SAMLIdentityProvider": {
"Type": "ALIYUN::CloudSSO::SAMLIdentityProvider",
"Properties": {
"EntityId": {
"Ref": "EntityId"
},
"SSOStatus": {
"Ref": "SSOStatus"
},
"DirectoryId": {
"Ref": "DirectoryId"
},
"EncodedMetadataDocument": {
"Ref": "EncodedMetadataDocument"
},
"WantRequestSigned": {
"Ref": "WantRequestSigned"
},
"LoginUrl": {
"Ref": "LoginUrl"
},
"X509Certificate": {
"Ref": "X509Certificate"
}
}
}
}
}