Skip to content

Commit a8ca662

Browse files
psauvage0psauvage0
committed
improve documentation
1 parent 7d18e25 commit a8ca662

File tree

1 file changed

+19
-13
lines changed

1 file changed

+19
-13
lines changed

website/docs/r/me_identity_provider.html.markdown

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ subcategory : "Account Management"
44

55
# ovh_me_identity_provider
66

7-
Configure SAML Fedration (SSO) to an identity provider.
7+
Configure SAML Federation (SSO) to an identity provider.
88

99
## Example Usage
1010

@@ -29,19 +29,25 @@ resource "ovh_me_identity_provider" "sso" {
2929
</EntityDescriptor>
3030
EOT
3131
32+
# Local users will still be able to login if set to false.
33+
# Administrator can always login regardless of this value.
3234
disable_users = false
3335
36+
# The assertion must contain the attribute "https://example.org/attributes/role"
37+
# with the allowed values being "user" or "administrator"
3438
requested_attributes {
35-
is_required = false
36-
name = "group"
37-
name_format = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
38-
values = ["test"]
39+
is_required = true
40+
name = "https://example.org/attributes/role"
41+
name_format = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
42+
values = ["user", administrator]
3943
}
44+
# If the attribute "https://example.org/attributes/group" is available,
45+
# we want the IdP to provide it
4046
requested_attributes {
4147
is_required = false
42-
name = "email"
43-
name_format = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
44-
values = ["[email protected]"]
48+
name = "https://example.org/attributes/group"
49+
name_format = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
50+
values = []
4551
}
4652
}
4753
```
@@ -50,12 +56,12 @@ EOT
5056

5157
* `group_attribute_name` - The name of the attribute containing the information of which group the connecting users belong to.
5258
* `metadata` - The SAML xml metadata of the Identity Provider to federate to.
53-
* `disable_users` - Whether account users should still be usable as a login method or not (optional, defaults to true).
54-
* `requested_attributes` A SAML 2.0 requested attribute that should be added to SAML requests when using this provider (optional).
55-
* `is_required` Expresses that this RequestedAttribute is mandatory.
56-
* `name` Name of the SAML RequestedAttribute.
59+
* `disable_users` - Whether local users should still be usable as a login method or not (optional, defaults to true). Administrator will always be able to login, regardless of this value.
60+
* `requested_attributes` A SAML 2.0 requested attribute as defined in [SAML-ReqAttrExt-v1.0](http://docs.oasis-open.org/security/saml-protoc-req-attr-req/v1.0/cs01/saml-protoc-req-attr-req-v1.0-cs01.pdf). A RequestedAttribute object will indicate that the Identity Provider should add the described attribute to the SAML assertions that will be given to the Service Provider (OVH).
61+
* `is_required` Expresses that this Attribute is mandatory. If the requested attribute is not present in the assertion, the user won't be allowed to log in.
62+
* `name` Name of the SAML Attribute that is required.
5763
* `name_format` NameFormat of the SAML RequestedAttribute.
58-
* `values` List of AttributeValues allowed for this RequestedAttribute
64+
* `values` List of AttributeValues allowed for this RequestedAttribute.
5965

6066
## Attributes Reference
6167

0 commit comments

Comments
 (0)