Class: AWSCDK::ElasticLoadBalancingv2::CfnListener::AuthenticateOidcConfigProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
elastic_load_balancingv2/cfn_listener.rb

Overview

Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(authorization_endpoint:, client_id:, issuer:, token_endpoint:, user_info_endpoint:, authentication_request_extra_params: nil, client_secret: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil, use_existing_client_secret: nil) ⇒ AuthenticateOidcConfigProperty

Returns a new instance of AuthenticateOidcConfigProperty.

Parameters:

  • authorization_endpoint (String)

    The authorization endpoint of the IdP.

  • client_id (String)

    The OAuth 2.0 client identifier.

  • issuer (String)

    The OIDC issuer identifier of the IdP.

  • token_endpoint (String)

    The token endpoint of the IdP.

  • user_info_endpoint (String)

    The user info endpoint of the IdP.

  • authentication_request_extra_params (AWSCDK::IResolvable, Hash{String => String}, nil) (defaults to: nil)

    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

  • client_secret (String, nil) (defaults to: nil)

    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

  • on_unauthenticated_request (String, nil) (defaults to: nil)

    The behavior if the user is not authenticated. The following are possible values:.

  • scope (String, nil) (defaults to: nil)

    The set of user claims to be requested from the IdP. The default is openid .

  • session_cookie_name (String, nil) (defaults to: nil)

    The name of the cookie used to maintain session information.

  • session_timeout (String, nil) (defaults to: nil)

    The maximum duration of the authentication session, in seconds.

  • use_existing_client_secret (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    Indicates whether to use the existing client secret when modifying a rule.



867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
# File 'elastic_load_balancingv2/cfn_listener.rb', line 867

def initialize(authorization_endpoint:, client_id:, issuer:, token_endpoint:, user_info_endpoint:, authentication_request_extra_params: nil, client_secret: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil, use_existing_client_secret: nil)
  @authorization_endpoint = authorization_endpoint
  Jsii::Type.check_type(@authorization_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "authorizationEndpoint")
  @client_id = client_id
  Jsii::Type.check_type(@client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientId")
  @issuer = issuer
  Jsii::Type.check_type(@issuer, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "issuer")
  @token_endpoint = token_endpoint
  Jsii::Type.check_type(@token_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "tokenEndpoint")
  @user_info_endpoint = 
  Jsii::Type.check_type(@user_info_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userInfoEndpoint")
  @authentication_request_extra_params = authentication_request_extra_params
  Jsii::Type.check_type(@authentication_request_extra_params, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsicHJpbWl0aXZlIjoic3RyaW5nIn0sImtpbmQiOiJtYXAifX1dfX0=")), "authenticationRequestExtraParams") unless @authentication_request_extra_params.nil?
  @client_secret = client_secret
  Jsii::Type.check_type(@client_secret, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientSecret") unless @client_secret.nil?
  @on_unauthenticated_request = on_unauthenticated_request
  Jsii::Type.check_type(@on_unauthenticated_request, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "onUnauthenticatedRequest") unless @on_unauthenticated_request.nil?
  @scope = scope
  Jsii::Type.check_type(@scope, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless @scope.nil?
  @session_cookie_name = session_cookie_name
  Jsii::Type.check_type(@session_cookie_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionCookieName") unless @session_cookie_name.nil?
  @session_timeout = session_timeout
  Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionTimeout") unless @session_timeout.nil?
  @use_existing_client_secret = use_existing_client_secret
  Jsii::Type.check_type(@use_existing_client_secret, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "useExistingClientSecret") unless @use_existing_client_secret.nil?
end

Instance Attribute Details

#authentication_request_extra_paramsAWSCDK::IResolvable, ... (readonly)

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.



931
932
933
# File 'elastic_load_balancingv2/cfn_listener.rb', line 931

def authentication_request_extra_params
  @authentication_request_extra_params
end

#authorization_endpointString (readonly)

The authorization endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.



900
901
902
# File 'elastic_load_balancingv2/cfn_listener.rb', line 900

def authorization_endpoint
  @authorization_endpoint
end

#client_idString (readonly)

The OAuth 2.0 client identifier.



905
906
907
# File 'elastic_load_balancingv2/cfn_listener.rb', line 905

def client_id
  @client_id
end

#client_secretString? (readonly)

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.



936
937
938
# File 'elastic_load_balancingv2/cfn_listener.rb', line 936

def client_secret
  @client_secret
end

#issuerString (readonly)

The OIDC issuer identifier of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.



912
913
914
# File 'elastic_load_balancingv2/cfn_listener.rb', line 912

def issuer
  @issuer
end

#on_unauthenticated_requestString? (readonly)

The behavior if the user is not authenticated. The following are possible values:.

  • deny `` - Return an HTTP 401 Unauthorized error.
  • allow `` - Allow the request to be forwarded to the target.
  • authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.


945
946
947
# File 'elastic_load_balancingv2/cfn_listener.rb', line 945

def on_unauthenticated_request
  @on_unauthenticated_request
end

#scopeString? (readonly)

The set of user claims to be requested from the IdP. The default is openid .

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.



952
953
954
# File 'elastic_load_balancingv2/cfn_listener.rb', line 952

def scope
  @scope
end

The name of the cookie used to maintain session information.

The default is AWSELBAuthSessionCookie.



959
960
961
# File 'elastic_load_balancingv2/cfn_listener.rb', line 959

def session_cookie_name
  @session_cookie_name
end

#session_timeoutString? (readonly)

The maximum duration of the authentication session, in seconds.

The default is 604800 seconds (7 days).



966
967
968
# File 'elastic_load_balancingv2/cfn_listener.rb', line 966

def session_timeout
  @session_timeout
end

#token_endpointString (readonly)

The token endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.



919
920
921
# File 'elastic_load_balancingv2/cfn_listener.rb', line 919

def token_endpoint
  @token_endpoint
end

#use_existing_client_secretBoolean, ... (readonly)

Indicates whether to use the existing client secret when modifying a rule.

If you are creating a rule, you can omit this parameter or set it to false.



973
974
975
# File 'elastic_load_balancingv2/cfn_listener.rb', line 973

def use_existing_client_secret
  @use_existing_client_secret
end

#user_info_endpointString (readonly)

The user info endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.



926
927
928
# File 'elastic_load_balancingv2/cfn_listener.rb', line 926

def 
  @user_info_endpoint
end

Class Method Details

.jsii_propertiesObject



975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
# File 'elastic_load_balancingv2/cfn_listener.rb', line 975

def self.jsii_properties
  {
    :authorization_endpoint => "authorizationEndpoint",
    :client_id => "clientId",
    :issuer => "issuer",
    :token_endpoint => "tokenEndpoint",
    :user_info_endpoint => "userInfoEndpoint",
    :authentication_request_extra_params => "authenticationRequestExtraParams",
    :client_secret => "clientSecret",
    :on_unauthenticated_request => "onUnauthenticatedRequest",
    :scope => "scope",
    :session_cookie_name => "sessionCookieName",
    :session_timeout => "sessionTimeout",
    :use_existing_client_secret => "useExistingClientSecret",
  }
end

Instance Method Details

#to_jsiiObject



992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
# File 'elastic_load_balancingv2/cfn_listener.rb', line 992

def to_jsii
  result = {}
  result.merge!({
    "authorizationEndpoint" => @authorization_endpoint,
    "clientId" => @client_id,
    "issuer" => @issuer,
    "tokenEndpoint" => @token_endpoint,
    "userInfoEndpoint" => @user_info_endpoint,
    "authenticationRequestExtraParams" => @authentication_request_extra_params,
    "clientSecret" => @client_secret,
    "onUnauthenticatedRequest" => @on_unauthenticated_request,
    "scope" => @scope,
    "sessionCookieName" => @session_cookie_name,
    "sessionTimeout" => @session_timeout,
    "useExistingClientSecret" => @use_existing_client_secret,
  })
  result.compact
end