Class: AWSCDK::ElasticLoadBalancingv2::CfnListener::AuthenticateOidcConfigProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::ElasticLoadBalancingv2::CfnListener::AuthenticateOidcConfigProperty
- Defined in:
- elastic_load_balancingv2/cfn_listener.rb
Overview
Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.
Instance Attribute Summary collapse
-
#authentication_request_extra_params ⇒ AWSCDK::IResolvable, ...
readonly
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
-
#authorization_endpoint ⇒ String
readonly
The authorization endpoint of the IdP.
-
#client_id ⇒ String
readonly
The OAuth 2.0 client identifier.
-
#client_secret ⇒ String?
readonly
The OAuth 2.0 client secret.
-
#issuer ⇒ String
readonly
The OIDC issuer identifier of the IdP.
-
#on_unauthenticated_request ⇒ String?
readonly
The behavior if the user is not authenticated.
-
#scope ⇒ String?
readonly
The set of user claims to be requested from the IdP.
-
#session_cookie_name ⇒ String?
readonly
The name of the cookie used to maintain session information.
-
#session_timeout ⇒ String?
readonly
The maximum duration of the authentication session, in seconds.
-
#token_endpoint ⇒ String
readonly
The token endpoint of the IdP.
-
#use_existing_client_secret ⇒ Boolean, ...
readonly
Indicates whether to use the existing client secret when modifying a rule.
-
#user_info_endpoint ⇒ String
readonly
The user info endpoint of the IdP.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(authorization_endpoint:, client_id:, issuer:, token_endpoint:, user_info_endpoint:, authentication_request_extra_params: nil, client_secret: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil, use_existing_client_secret: nil) ⇒ AuthenticateOidcConfigProperty
constructor
A new instance of AuthenticateOidcConfigProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(authorization_endpoint:, client_id:, issuer:, token_endpoint:, user_info_endpoint:, authentication_request_extra_params: nil, client_secret: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil, use_existing_client_secret: nil) ⇒ AuthenticateOidcConfigProperty
Returns a new instance of AuthenticateOidcConfigProperty.
867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 867 def initialize(authorization_endpoint:, client_id:, issuer:, token_endpoint:, user_info_endpoint:, authentication_request_extra_params: nil, client_secret: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil, use_existing_client_secret: nil) @authorization_endpoint = Jsii::Type.check_type(@authorization_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "authorizationEndpoint") @client_id = client_id Jsii::Type.check_type(@client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientId") @issuer = issuer Jsii::Type.check_type(@issuer, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "issuer") @token_endpoint = token_endpoint Jsii::Type.check_type(@token_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "tokenEndpoint") @user_info_endpoint = user_info_endpoint Jsii::Type.check_type(@user_info_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userInfoEndpoint") @authentication_request_extra_params = authentication_request_extra_params Jsii::Type.check_type(@authentication_request_extra_params, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsicHJpbWl0aXZlIjoic3RyaW5nIn0sImtpbmQiOiJtYXAifX1dfX0=")), "authenticationRequestExtraParams") unless @authentication_request_extra_params.nil? @client_secret = client_secret Jsii::Type.check_type(@client_secret, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientSecret") unless @client_secret.nil? @on_unauthenticated_request = on_unauthenticated_request Jsii::Type.check_type(@on_unauthenticated_request, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "onUnauthenticatedRequest") unless @on_unauthenticated_request.nil? @scope = scope Jsii::Type.check_type(@scope, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless @scope.nil? @session_cookie_name = Jsii::Type.check_type(@session_cookie_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionCookieName") unless @session_cookie_name.nil? @session_timeout = session_timeout Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionTimeout") unless @session_timeout.nil? @use_existing_client_secret = use_existing_client_secret Jsii::Type.check_type(@use_existing_client_secret, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "useExistingClientSecret") unless @use_existing_client_secret.nil? end |
Instance Attribute Details
#authentication_request_extra_params ⇒ AWSCDK::IResolvable, ... (readonly)
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
931 932 933 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 931 def authentication_request_extra_params @authentication_request_extra_params end |
#authorization_endpoint ⇒ String (readonly)
The authorization endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
900 901 902 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 900 def @authorization_endpoint end |
#client_id ⇒ String (readonly)
The OAuth 2.0 client identifier.
905 906 907 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 905 def client_id @client_id end |
#client_secret ⇒ String? (readonly)
The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
936 937 938 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 936 def client_secret @client_secret end |
#issuer ⇒ String (readonly)
The OIDC issuer identifier of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
912 913 914 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 912 def issuer @issuer end |
#on_unauthenticated_request ⇒ String? (readonly)
The behavior if the user is not authenticated. The following are possible values:.
- deny `` - Return an HTTP 401 Unauthorized error.
- allow `` - Allow the request to be forwarded to the target.
- authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.
945 946 947 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 945 def on_unauthenticated_request @on_unauthenticated_request end |
#scope ⇒ String? (readonly)
The set of user claims to be requested from the IdP. The default is openid .
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
952 953 954 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 952 def scope @scope end |
#session_cookie_name ⇒ String? (readonly)
The name of the cookie used to maintain session information.
The default is AWSELBAuthSessionCookie.
959 960 961 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 959 def @session_cookie_name end |
#session_timeout ⇒ String? (readonly)
The maximum duration of the authentication session, in seconds.
The default is 604800 seconds (7 days).
966 967 968 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 966 def session_timeout @session_timeout end |
#token_endpoint ⇒ String (readonly)
The token endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
919 920 921 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 919 def token_endpoint @token_endpoint end |
#use_existing_client_secret ⇒ Boolean, ... (readonly)
Indicates whether to use the existing client secret when modifying a rule.
If you are creating a rule, you can omit this parameter or set it to false.
973 974 975 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 973 def use_existing_client_secret @use_existing_client_secret end |
#user_info_endpoint ⇒ String (readonly)
The user info endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
926 927 928 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 926 def user_info_endpoint @user_info_endpoint end |
Class Method Details
.jsii_properties ⇒ Object
975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 975 def self.jsii_properties { :authorization_endpoint => "authorizationEndpoint", :client_id => "clientId", :issuer => "issuer", :token_endpoint => "tokenEndpoint", :user_info_endpoint => "userInfoEndpoint", :authentication_request_extra_params => "authenticationRequestExtraParams", :client_secret => "clientSecret", :on_unauthenticated_request => "onUnauthenticatedRequest", :scope => "scope", :session_cookie_name => "sessionCookieName", :session_timeout => "sessionTimeout", :use_existing_client_secret => "useExistingClientSecret", } end |
Instance Method Details
#to_jsii ⇒ Object
992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 |
# File 'elastic_load_balancingv2/cfn_listener.rb', line 992 def to_jsii result = {} result.merge!({ "authorizationEndpoint" => @authorization_endpoint, "clientId" => @client_id, "issuer" => @issuer, "tokenEndpoint" => @token_endpoint, "userInfoEndpoint" => @user_info_endpoint, "authenticationRequestExtraParams" => @authentication_request_extra_params, "clientSecret" => @client_secret, "onUnauthenticatedRequest" => @on_unauthenticated_request, "scope" => @scope, "sessionCookieName" => @session_cookie_name, "sessionTimeout" => @session_timeout, "useExistingClientSecret" => @use_existing_client_secret, }) result.compact end |