Class: Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb

Overview

Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#authentication_request_extra_paramsHash<String,String>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

Returns:

  • (Hash<String,String>)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#authorization_endpointString

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#client_idString

The OAuth 2.0 client identifier.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#client_secretString

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#issuerString

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#on_unauthenticated_requestString

The behavior if the user is not authenticated. The following are possible values:

  • deny`` - Return an HTTP 401 Unauthorized error.

  • allow`` - Allow the request to be forwarded to the target.

  • authenticate`` - Redirect the request to the IdP authorization endpoint. This is the default value.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#scopeString

The set of user claims to be requested from the IdP. The default is openid.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#session_timeoutInteger

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

Returns:

  • (Integer)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#token_endpointString

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#use_existing_client_secretBoolean

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

Returns:

  • (Boolean)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#user_info_endpointString

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)


289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 289

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end