Class: Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig

Inherits:

Struct

• Object
• Struct
• Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig

Defined in:

gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb

Overview

Note:

When making an API call, you may pass AuthenticateOidcActionConfig data as a hash:

{
  issuer: "AuthenticateOidcActionIssuer", # required
  authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
  token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
  user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
  client_id: "AuthenticateOidcActionClientId", # required
  client_secret: "AuthenticateOidcActionClientSecret",
  session_cookie_name: "AuthenticateOidcActionSessionCookieName",
  scope: "AuthenticateOidcActionScope",
  session_timeout: 1,
  authentication_request_extra_params: {
    "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
  },
  on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
  use_existing_client_secret: false,
}

Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #authentication_request_extra_params ⇒ Hash<String,String>

  The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

• #authorization_endpoint ⇒ String

  The authorization endpoint of the IdP.

• #client_id ⇒ String

  The OAuth 2.0 client identifier.

• #client_secret ⇒ String

  The OAuth 2.0 client secret.

• #issuer ⇒ String

  The OIDC issuer identifier of the IdP.

• #on_unauthenticated_request ⇒ String

  The behavior if the user is not authenticated.

• #scope ⇒ String

  The set of user claims to be requested from the IdP.

• #session_cookie_name ⇒ String

  The name of the cookie used to maintain session information.

• #session_timeout ⇒ Integer

  The maximum duration of the authentication session, in seconds.

• #token_endpoint ⇒ String

  The token endpoint of the IdP.

• #use_existing_client_secret ⇒ Boolean

  Indicates whether to use the existing client secret when modifying a rule.

• #user_info_endpoint ⇒ String

  The user info endpoint of the IdP.

Instance Attribute Details

#authentication_request_extra_params ⇒ Hash<String,String>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

Returns:

• (Hash<String,String>)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#authorization_endpoint ⇒ String

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#client_id ⇒ String

The OAuth 2.0 client identifier.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#client_secret ⇒ String

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#issuer ⇒ String

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#on_unauthenticated_request ⇒ String

The behavior if the user is not authenticated. The following are possible values:

• deny`` - Return an HTTP 401 Unauthorized error.

• allow`` - Allow the request to be forwarded to the target.

• authenticate`` - Redirect the request to the IdP authorization endpoint. This is the default value.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#scope ⇒ String

The set of user claims to be requested from the IdP. The default is openid.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#session_cookie_name ⇒ String

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#session_timeout ⇒ Integer

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

Returns:

• (Integer)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#token_endpoint ⇒ String

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#use_existing_client_secret ⇒ Boolean

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

Returns:

• (Boolean)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#user_info_endpoint ⇒ String

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

• (String)

# File 'gems/aws-sdk-elasticloadbalancingv2/lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end