Class CfnSAMLProvider

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

Inheritance
object
CfnElement
CfnRefElement
CfnResource
CfnSAMLProvider
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnSAMLProvider : CfnResource, IInspectable, ITaggable
Syntax (vb)
Public Class CfnSAMLProvider Inherits CfnResource Implements IInspectable, ITaggable
Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

Examples
// The code below shows an example of how to instantiate this type.
             // The values are placeholders you should change.
             using Amazon.CDK.AWS.IAM;

             var cfnSAMLProvider = new CfnSAMLProvider(this, "MyCfnSAMLProvider", new CfnSAMLProviderProps {
                 AddPrivateKey = "addPrivateKey",
                 AssertionEncryptionMode = "assertionEncryptionMode",
                 Name = "name",
                 PrivateKeyList = new [] { new SAMLPrivateKeyProperty {
                     KeyId = "keyId",
                     Timestamp = "timestamp"
                 } },
                 RemovePrivateKey = "removePrivateKey",
                 SamlMetadataDocument = "samlMetadataDocument",
                 Tags = new [] { new CfnTag {
                     Key = "key",
                     Value = "value"
                 } }
             });

Synopsis

Constructors

CfnSAMLProvider(Construct, string, ICfnSAMLProviderProps?)

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

Properties

AddPrivateKey

Specifies the new private key from your external identity provider.
AssertionEncryptionMode

Specifies the encryption setting for the SAML provider.
AttrArn

Returns the Amazon Resource Name (ARN) for the specified AWS::IAM::SAMLProvider resource.
AttrSamlProviderUuid

The unique identifier assigned to the SAML provider.
CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.
CfnProperties

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
Name

The name of the provider to create.
PrivateKeyList

The private key metadata for the SAML provider.
RemovePrivateKey

The Key ID of the private key to remove.
SamlMetadataDocument

An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
Tags

Tag Manager which manages the tags for this resource.
TagsRaw

A list of tags that you want to attach to the new IAM SAML provider.

Methods

Inspect(TreeInspector)

Examines the CloudFormation resource and discloses attributes.
RenderProperties(IDictionary<string, object>)

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

Constructors

CfnSAMLProvider(Construct, string, ICfnSAMLProviderProps?)

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

public CfnSAMLProvider(Construct scope, string id, ICfnSAMLProviderProps? props = null)
Parameters
scope Construct

Scope in which this resource is defined.

id string

Construct identifier for this resource (unique in its scope).

props ICfnSAMLProviderProps

Resource properties.

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

Properties

AddPrivateKey

Specifies the new private key from your external identity provider.

public virtual string? AddPrivateKey { get; set; }
Property Value

string

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

AssertionEncryptionMode

Specifies the encryption setting for the SAML provider.

public virtual string? AssertionEncryptionMode { get; set; }
Property Value

string

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

AttrArn

Returns the Amazon Resource Name (ARN) for the specified AWS::IAM::SAMLProvider resource.

public virtual string AttrArn { get; }
Property Value

string

Remarks

CloudformationAttribute: Arn

AttrSamlProviderUuid

The unique identifier assigned to the SAML provider.

public virtual string AttrSamlProviderUuid { get; }
Property Value

string

Remarks

CloudformationAttribute: SamlProviderUUID

CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

public static string CFN_RESOURCE_TYPE_NAME { get; }
Property Value

string

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

CfnProperties

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

protected override IDictionary<string, object> CfnProperties { get; }
Property Value

IDictionary<string, object>

Overrides
Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

Name

The name of the provider to create.

public virtual string? Name { get; set; }
Property Value

string

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

PrivateKeyList

The private key metadata for the SAML provider.

public virtual object? PrivateKeyList { get; set; }
Property Value

object

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

RemovePrivateKey

The Key ID of the private key to remove.

public virtual string? RemovePrivateKey { get; set; }
Property Value

string

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

SamlMetadataDocument

An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.

public virtual string? SamlMetadataDocument { get; set; }
Property Value

string

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

Tags

Tag Manager which manages the tags for this resource.

public virtual TagManager Tags { get; }
Property Value

TagManager

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

TagsRaw

A list of tags that you want to attach to the new IAM SAML provider.

public virtual ICfnTag[]? TagsRaw { get; set; }
Property Value

ICfnTag[]

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

Methods

Inspect(TreeInspector)

Examines the CloudFormation resource and discloses attributes.

public virtual void Inspect(TreeInspector inspector)
Parameters
inspector TreeInspector

tree inspector to collect and process attributes.

Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

RenderProperties(IDictionary<string, object>)

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)
Parameters
props IDictionary<string, object>
Returns

IDictionary<string, object>

Overrides
Remarks

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a> .

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-samlprovider.html

CloudformationResource: AWS::IAM::SAMLProvider

ExampleMetadata: fixture=_generated

Implements