Closed GaretJax closed 1 year ago
Not the author, but as a workaround for the metadata not being available in the app resource we use this:
data "http" "saml_metadata" {
url = onelogin_saml_apps.app.sso.metadata_url
}
resource "aws_iam_saml_provider" "onelogin_saml_app" {
name = "app-name"
saml_metadata_document = data.http.saml_metadata.body
}
Thanks @mikkoc, that's indeed nice.
@GaretJax
did you get the configuration setup and the parameters to work for "Aws Multi-Account"? I am having issue setting parameter, configuration values like:
configuration = { audience = "something" consumer = "something_else" }
It completes but the WebUI won't show them....
I also noticed that it completes, but successive apply
runs identify new state changes and I don't know if it actually works.
@GaretJax - thx. I also noticed that when I use curl with the API directly I need 2 retries until all the parameters are set correctly.
@GaretJax I am about to start doing something similar are you able to share any of your Terraform as I can't quite see all the parameters I need to set. In my case I generate the RoleName, ExternalID and can "guess" the SAML provider as I know all the account ids upfront and dictate the name of the SAML provider.
Just to make it clear: I am not able to get it to work, hence this issue. :-)
The new terraform provider onelogin should allow this. Please let me know if the issue continues
My apologies if this is already covered elsewhere.
What I'm trying to achieve: configure AWS and OneLogin to use the "Aws Multi-Account" app fully in terraform.
In my case, I need to be able to configure the "External Role Name", "External ID", and the "List of SAML providers" configuration values. Ideally, these would be exposed as additional resources, as otherwise, we would introduce circular dependencies (AWS SAML provider depends on app metadata, but the app configuration depends on the external role name).
Regarding the app metadata, it would be a nice bonus if that's exposed via an attribute so that we can directly use it with the "aws_iam_saml_provider" resource.