Class: AWSCDK::ElasticLoadBalancingv2::CfnListenerRule::AuthenticateOidcConfigProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
elastic_load_balancingv2/cfn_listener_rule.rb

Overview

Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(authorization_endpoint:, client_id:, issuer:, token_endpoint:, user_info_endpoint:, authentication_request_extra_params: nil, client_secret: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil, use_existing_client_secret: nil) ⇒ AuthenticateOidcConfigProperty

Returns a new instance of AuthenticateOidcConfigProperty.

Parameters:

  • authorization_endpoint (String)

    The authorization endpoint of the IdP.

  • client_id (String)

    The OAuth 2.0 client identifier.

  • issuer (String)

    The OIDC issuer identifier of the IdP.

  • token_endpoint (String)

    The token endpoint of the IdP.

  • user_info_endpoint (String)

    The user info endpoint of the IdP.

  • authentication_request_extra_params (AWSCDK::IResolvable, Hash{String => String}, nil) (defaults to: nil)

    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

  • client_secret (String, nil) (defaults to: nil)

    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

  • on_unauthenticated_request (String, nil) (defaults to: nil)

    The behavior if the user is not authenticated. The following are possible values:.

  • scope (String, nil) (defaults to: nil)

    The set of user claims to be requested from the IdP. The default is openid .

  • session_cookie_name (String, nil) (defaults to: nil)

    The name of the cookie used to maintain session information.

  • session_timeout (Numeric, nil) (defaults to: nil)

    The maximum duration of the authentication session, in seconds.

  • use_existing_client_secret (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    Indicates whether to use the existing client secret when modifying a rule.



817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 817

def initialize(authorization_endpoint:, client_id:, issuer:, token_endpoint:, user_info_endpoint:, authentication_request_extra_params: nil, client_secret: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil, use_existing_client_secret: nil)
  @authorization_endpoint = authorization_endpoint
  Jsii::Type.check_type(@authorization_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "authorizationEndpoint")
  @client_id = client_id
  Jsii::Type.check_type(@client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientId")
  @issuer = issuer
  Jsii::Type.check_type(@issuer, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "issuer")
  @token_endpoint = token_endpoint
  Jsii::Type.check_type(@token_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "tokenEndpoint")
  @user_info_endpoint = 
  Jsii::Type.check_type(@user_info_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userInfoEndpoint")
  @authentication_request_extra_params = authentication_request_extra_params
  Jsii::Type.check_type(@authentication_request_extra_params, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsicHJpbWl0aXZlIjoic3RyaW5nIn0sImtpbmQiOiJtYXAifX1dfX0=")), "authenticationRequestExtraParams") unless @authentication_request_extra_params.nil?
  @client_secret = client_secret
  Jsii::Type.check_type(@client_secret, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientSecret") unless @client_secret.nil?
  @on_unauthenticated_request = on_unauthenticated_request
  Jsii::Type.check_type(@on_unauthenticated_request, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "onUnauthenticatedRequest") unless @on_unauthenticated_request.nil?
  @scope = scope
  Jsii::Type.check_type(@scope, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless @scope.nil?
  @session_cookie_name = session_cookie_name
  Jsii::Type.check_type(@session_cookie_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionCookieName") unless @session_cookie_name.nil?
  @session_timeout = session_timeout
  Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "sessionTimeout") unless @session_timeout.nil?
  @use_existing_client_secret = use_existing_client_secret
  Jsii::Type.check_type(@use_existing_client_secret, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "useExistingClientSecret") unless @use_existing_client_secret.nil?
end

Instance Attribute Details

#authentication_request_extra_paramsAWSCDK::IResolvable, ... (readonly)

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.



881
882
883
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 881

def authentication_request_extra_params
  @authentication_request_extra_params
end

#authorization_endpointString (readonly)

The authorization endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.



850
851
852
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 850

def authorization_endpoint
  @authorization_endpoint
end

#client_idString (readonly)

The OAuth 2.0 client identifier.



855
856
857
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 855

def client_id
  @client_id
end

#client_secretString? (readonly)

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.



886
887
888
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 886

def client_secret
  @client_secret
end

#issuerString (readonly)

The OIDC issuer identifier of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.



862
863
864
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 862

def issuer
  @issuer
end

#on_unauthenticated_requestString? (readonly)

The behavior if the user is not authenticated. The following are possible values:.

  • deny `` - Return an HTTP 401 Unauthorized error.
  • allow `` - Allow the request to be forwarded to the target.
  • authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.


895
896
897
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 895

def on_unauthenticated_request
  @on_unauthenticated_request
end

#scopeString? (readonly)

The set of user claims to be requested from the IdP. The default is openid .

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.



902
903
904
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 902

def scope
  @scope
end

The name of the cookie used to maintain session information.

The default is AWSELBAuthSessionCookie.



909
910
911
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 909

def session_cookie_name
  @session_cookie_name
end

#session_timeoutNumeric? (readonly)

The maximum duration of the authentication session, in seconds.

The default is 604800 seconds (7 days).



916
917
918
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 916

def session_timeout
  @session_timeout
end

#token_endpointString (readonly)

The token endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.



869
870
871
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 869

def token_endpoint
  @token_endpoint
end

#use_existing_client_secretBoolean, ... (readonly)

Indicates whether to use the existing client secret when modifying a rule.

If you are creating a rule, you can omit this parameter or set it to false.



923
924
925
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 923

def use_existing_client_secret
  @use_existing_client_secret
end

#user_info_endpointString (readonly)

The user info endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.



876
877
878
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 876

def 
  @user_info_endpoint
end

Class Method Details

.jsii_propertiesObject



925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 925

def self.jsii_properties
  {
    :authorization_endpoint => "authorizationEndpoint",
    :client_id => "clientId",
    :issuer => "issuer",
    :token_endpoint => "tokenEndpoint",
    :user_info_endpoint => "userInfoEndpoint",
    :authentication_request_extra_params => "authenticationRequestExtraParams",
    :client_secret => "clientSecret",
    :on_unauthenticated_request => "onUnauthenticatedRequest",
    :scope => "scope",
    :session_cookie_name => "sessionCookieName",
    :session_timeout => "sessionTimeout",
    :use_existing_client_secret => "useExistingClientSecret",
  }
end

Instance Method Details

#to_jsiiObject



942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 942

def to_jsii
  result = {}
  result.merge!({
    "authorizationEndpoint" => @authorization_endpoint,
    "clientId" => @client_id,
    "issuer" => @issuer,
    "tokenEndpoint" => @token_endpoint,
    "userInfoEndpoint" => @user_info_endpoint,
    "authenticationRequestExtraParams" => @authentication_request_extra_params,
    "clientSecret" => @client_secret,
    "onUnauthenticatedRequest" => @on_unauthenticated_request,
    "scope" => @scope,
    "sessionCookieName" => @session_cookie_name,
    "sessionTimeout" => @session_timeout,
    "useExistingClientSecret" => @use_existing_client_secret,
  })
  result.compact
end