TeleportSAMLIdPServiceProviderV1
Report an Issue
Is this page helpful?
This guide is a comprehensive reference to the fields in the TeleportSAMLIdPServiceProviderV1
resource, which you can apply after installing the Teleport Kubernetes operator.
resources.teleport.dev/v1
apiVersion: resources.teleport.dev/v1
| Field | Type | Description |
|---|---|---|
| apiVersion | string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
| kind | string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| metadata | object | |
| spec | object | SAMLIdPServiceProvider resource definition v1 from Teleport |
spec
| Field | Type | Description |
|---|---|---|
| acs_url | string | ACSURL is the endpoint where SAML authentication response will be redirected. |
| attribute_mapping | []object | AttributeMapping is used to map service provider requested attributes to username, role and traits in Teleport. |
| entity_descriptor | string | EntityDescriptor is the entity descriptor for the service provider |
| entity_id | string | EntityID is the entity ID for the entity descriptor. If entity descriptor is provided, this value is checked that it matches the entity ID in the entity descriptor at upsert time to avoid having to parse the XML blob in the entity descriptor every time we need to use this resource. |
| launch_urls | []string | LaunchURLs is used to configure custom landing URLs for service provider. It is useful in the following scenarios: 1. If a service provider does not support IdP initiated authentication, launch url can be configured to launch users directly into the service provider authentication endpoint. 2. If a service provider does support IdP initiated authentication, it can be useful if that service provider acts as a master authentication service provider for internal services. In such case, Teleport administrator can configure launch URL, that lets user pick a specific internal service URL from the Log In tile in the UI, which would take them to that particular service for authentication instead of directly launching to the master service provider. Each launch URL value must be an HTTPs endpoint. |
| preset | string | Preset is used to define service provider profile that will have a custom behavior processed by Teleport. |
| relay_state | string | RelayState is used to add custom value in the SAML response as a relay_state HTTP parameter. The value can contain service provider specific redirect URL, static state token etc. The value is only applied in the IdP initiated SSO flow. |
spec.attribute_mapping items
| Field | Type | Description |
|---|---|---|
| name | string | name is an attribute name. |
| name_format | string | name_format is an attribute name format. |
| value | string | value is an attribute value definable with predicate expression. |
Was this page helpful?