Class: Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-elasticloadbalancingv2/types.rb

Overview

Note:

When making an API call, you may pass AuthenticateOidcActionConfig data as a hash:

{
  issuer: "AuthenticateOidcActionIssuer", # required
  authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
  token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
  user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
  client_id: "AuthenticateOidcActionClientId", # required
  client_secret: "AuthenticateOidcActionClientSecret",
  session_cookie_name: "AuthenticateOidcActionSessionCookieName",
  scope: "AuthenticateOidcActionScope",
  session_timeout: 1,
  authentication_request_extra_params: {
    "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
  },
  on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
  use_existing_client_secret: false,
}

Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#authentication_request_extra_paramsHash<String,String>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

Returns:

  • (Hash<String,String>)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#authorization_endpointString

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#client_idString

The OAuth 2.0 client identifier.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#client_secretString

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set `UseExistingClientSecret` to true.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#issuerString

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#on_unauthenticated_requestString

The behavior if the user is not authenticated. The following are possible values:

  • deny“ - Return an HTTP 401 Unauthorized error.

  • allow“ - Allow the request to be forwarded to the target.

  • authenticate“ - Redirect the request to the IdP authorization endpoint. This is the default value.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#scopeString

The set of user claims to be requested from the IdP. The default is `openid`.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#session_timeoutInteger

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

Returns:

  • (Integer)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#token_endpointString

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#use_existing_client_secretBoolean

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

Returns:

  • (Boolean)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#user_info_endpointString

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 413

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end