Class: Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig
- Inherits:
-
Struct
- Object
- Struct
- Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig
- Defined in:
- gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb
Overview
Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#authentication_request_extra_params ⇒ Hash<String,String>
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
-
#authorization_endpoint ⇒ String
The authorization endpoint of the IdP.
-
#client_id ⇒ String
The OAuth 2.0 client identifier.
-
#client_secret ⇒ String
The OAuth 2.0 client secret.
-
#issuer ⇒ String
The OIDC issuer identifier of the IdP.
-
#on_unauthenticated_request ⇒ String
The behavior if the user is not authenticated.
-
#scope ⇒ String
The set of user claims to be requested from the IdP.
-
#session_cookie_name ⇒ String
The name of the cookie used to maintain session information.
-
#session_timeout ⇒ Integer
The maximum duration of the authentication session, in seconds.
-
#token_endpoint ⇒ String
The token endpoint of the IdP.
-
#use_existing_client_secret ⇒ Boolean
Indicates whether to use the existing client secret when modifying a rule.
-
#user_info_endpoint ⇒ String
The user info endpoint of the IdP.
Instance Attribute Details
#authentication_request_extra_params ⇒ Hash<String,String>
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#authorization_endpoint ⇒ String
The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#client_id ⇒ String
The OAuth 2.0 client identifier.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#client_secret ⇒ String
The OAuth 2.0 client secret. This parameter is required if you are
creating a rule. If you are modifying a rule, you can omit this
parameter if you set UseExistingClientSecret
to true.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#issuer ⇒ String
The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#on_unauthenticated_request ⇒ String
The behavior if the user is not authenticated. The following are possible values:
deny`` - Return an HTTP 401 Unauthorized error.
allow`` - Allow the request to be forwarded to the target.
authenticate`` - Redirect the request to the IdP authorization endpoint. This is the default value.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#scope ⇒ String
The set of user claims to be requested from the IdP. The default is
openid
.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#session_cookie_name ⇒ String
The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#session_timeout ⇒ Integer
The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#token_endpoint ⇒ String
The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#use_existing_client_secret ⇒ Boolean
Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |
#user_info_endpoint ⇒ String
The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 362 class AuthenticateOidcActionConfig < Struct.new( :issuer, :authorization_endpoint, :token_endpoint, :user_info_endpoint, :client_id, :client_secret, :session_cookie_name, :scope, :session_timeout, :authentication_request_extra_params, :on_unauthenticated_request, :use_existing_client_secret) SENSITIVE = [] include Aws::Structure end |