Class: Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig

Inherits:

Struct

• Object
• Struct
• Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig

Includes:

Structure

Defined in:

lib/aws-sdk-elasticloadbalancingv2/types.rb

Overview

Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #authentication_request_extra_params ⇒ Hash<String,String>

  The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

• #authorization_endpoint ⇒ String

  The authorization endpoint of the IdP.

• #client_id ⇒ String

  The OAuth 2.0 client identifier.

• #client_secret ⇒ String

  The OAuth 2.0 client secret.

• #issuer ⇒ String

  The OIDC issuer identifier of the IdP.

• #on_unauthenticated_request ⇒ String

  The behavior if the user is not authenticated.

• #scope ⇒ String

  The set of user claims to be requested from the IdP.

• #session_cookie_name ⇒ String

  The name of the cookie used to maintain session information.

• #session_timeout ⇒ Integer

  The maximum duration of the authentication session, in seconds.

• #token_endpoint ⇒ String

  The token endpoint of the IdP.

• #use_existing_client_secret ⇒ Boolean

  Indicates whether to use the existing client secret when modifying a rule.

• #user_info_endpoint ⇒ String

  The user info endpoint of the IdP.

Instance Attribute Details

#authentication_request_extra_params ⇒ Hash<String,String>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

Returns:

• (Hash<String,String>)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#authorization_endpoint ⇒ String

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#client_id ⇒ String

The OAuth 2.0 client identifier.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#client_secret ⇒ String

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set ‘UseExistingClientSecret` to true.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#issuer ⇒ String

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#on_unauthenticated_request ⇒ String

The behavior if the user is not authenticated. The following are possible values:

• deny“ - Return an HTTP 401 Unauthorized error.

• allow“ - Allow the request to be forwarded to the target.

• authenticate“ - Redirect the request to the IdP authorization endpoint. This is the default value.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#scope ⇒ String

The set of user claims to be requested from the IdP. The default is ‘openid`.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#session_cookie_name ⇒ String

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#session_timeout ⇒ Integer

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

Returns:

• (Integer)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#token_endpoint ⇒ String

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#use_existing_client_secret ⇒ Boolean

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

Returns:

• (Boolean)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end

#user_info_endpoint ⇒ String

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

• (String)

# File 'lib/aws-sdk-elasticloadbalancingv2/types.rb', line 337

class AuthenticateOidcActionConfig < Struct.new(
  :issuer,
  :authorization_endpoint,
  :token_endpoint,
  :user_info_endpoint,
  :client_id,
  :client_secret,
  :session_cookie_name,
  :scope,
  :session_timeout,
  :authentication_request_extra_params,
  :on_unauthenticated_request,
  :use_existing_client_secret)
  SENSITIVE = []
  include Aws::Structure
end