Open svencan opened 1 year ago
I was able to get this working, and want to document my findings just in case someone else will find it helpful it the future.
Basically, I imported an XML metadata file via the browser and had a look in the network inspector. The following structure is sent to the server:
alwaysDisplayInConsole
attributes
saml.assertion.signature
saml.authnstatement
saml.client.signature
saml.encrypt
saml.encryption.certificate
saml.server.signature
saml.server.signature.keyinfo.ext
saml.signature.algorithm
saml.signing.certificate
saml_artifact_binding_url
saml_assertion_consumer_url_post
saml_name_id_format
saml_single_logout_service_url_post
saml_single_logout_service_url_redirect
clientId
description
fullScopeAllowed
name
protocol
protocolMappers
redirectUris
I assumed that this structure is also the JSON output of the converter endpoint, so I access the arbitrary attributes like this in my terraform file:
data "keycloak_client_description_converter" "admin_client" {
realm_id = data.keycloak_realm.engine.id
body = data.aws_s3_object.admin_metadata.body
}
resource "keycloak_saml_client" "admin_client" {
realm_id = data.keycloak_realm.engine.id
client_id = data.keycloak_client_description_converter.admin_client.client_id
name = "admin-webapp for engine-engine-build"
sign_assertions = true
encrypt_assertions = true
name_id_format = "username"
valid_redirect_uris = data.keycloak_client_description_converter.admin_client.redirect_uris
signature_algorithm = "RSA_SHA256"
encryption_certificate = data.keycloak_client_description_converter.admin_client.attributes["saml.encryption.certificate"]
signing_certificate = data.keycloak_client_description_converter.admin_client.attributes["saml.signing.certificate"]
assertion_consumer_post_url = data.keycloak_client_description_converter.admin_client.attributes["saml_assertion_consumer_url_post"]
logout_service_post_binding_url = data.keycloak_client_description_converter.admin_client.attributes["saml_single_logout_service_url_post"]
logout_service_redirect_binding_url = data.keycloak_client_description_converter.admin_client.attributes["saml_single_logout_service_url_redirect"]
}
This creates the SAML client just how I need it.
I'll leave this open if the author wants to document this somewhere or make it easier to create clients from XML metadata.
Hello! I'm very happy I found this provider for terraform.
However I'm having issues trying to create clients based on SAML metadata which is present in XML format. The documentation for
keycloak_client_description_converter
states "The exported attributes for this data source are a combination of the attributes for the keycloak_openid_client and keycloak_saml_client resources."Thinking this would be easy, I tried:
But terraform gives me the following:
Is this a missing feature, or is there any other way to quickly create SAML clients based on XML metadata?
Thanks, Sven