Class: SmplkitGeneratedClient::App::SSOConnection

Inherits:

ApiModelBase

• Object
• ApiModelBase
• SmplkitGeneratedClient::App::SSOConnection

Defined in:

lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb

Overview

An account’s Single Sign-On connection to a customer-controlled identity provider. Configuring a connection lets the account federate authentication to its own SAML or OIDC IdP; with ‘enforced` enabled, password and social sign-in are disabled for users on the account’s verified domains. Each account has at most one SSO connection. The Service Provider metadata fields (‘sp_entity_id`, `acs_url`, `slo_url`) are computed on every read from the connection identifier and never stored.

Defined Under Namespace

Classes: EnumAttributeValidator

Instance Attribute Summary

• #acs_url ⇒ Object

  Assertion Consumer Service URL (SAML) or redirect URI (OIDC) to register with the IdP.

• #created_at ⇒ Object

  When the connection was created.

• #default_role ⇒ Object

  Role granted to a user provisioned just-in-time on their first SSO login when no group mapping applies.

• #enforced ⇒ Object

  When ‘true`, password and social sign-in are rejected for users whose email domain matches one of the account’s verified domains.

• #group_role_mappings ⇒ Object

  Mapping of IdP group claim values to smplkit roles.

• #oidc_client_id ⇒ Object

  OIDC client identifier issued by the IdP for smplkit.

• #oidc_client_secret ⇒ Object

  OIDC client secret.

• #oidc_issuer ⇒ Object

  OIDC issuer URL — the base from which ‘.well-known/openid-configuration` is discovered.

• #protocol ⇒ Object

  Federation protocol.

• #saml_idp_entity_id ⇒ Object

  SAML IdP EntityID (typically a URI).

• #saml_idp_slo_url ⇒ Object

  SAML IdP single logout URL.

• #saml_idp_sso_url ⇒ Object

  SAML IdP single sign-on URL (HTTP-Redirect or HTTP-POST endpoint).

• #saml_idp_x509_cert ⇒ Object

  SAML IdP X.509 signing certificate (PEM-encoded).

• #slo_url ⇒ Object

  Single Logout URL to register with the IdP.

• #sp_entity_id ⇒ Object

  Service Provider EntityID to register with the IdP.

• #updated_at ⇒ Object

  When the connection was last modified.

Class Method Summary

• .acceptable_attribute_map ⇒ Object

  Returns attribute mapping this model knows about.

• .acceptable_attributes ⇒ Object

  Returns all the JSON keys this model knows about.

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• .openapi_nullable ⇒ Object

  List of attributes with nullable: true.

• .openapi_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Integer

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ SSOConnection constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Methods inherited from ApiModelBase

_deserialize, #_to_hash, #to_body, #to_s

Constructor Details

#initialize(attributes = {}) ⇒ SSOConnection

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 163

def initialize(attributes = {})
  if (!attributes.is_a?(Hash))
    fail ArgumentError, "The input argument (attributes) must be a hash in `SmplkitGeneratedClient::App::SSOConnection` initialize method"
  end

  # check to see if the attribute exists and convert string to symbol for hash key
  acceptable_attribute_map = self.class.acceptable_attribute_map
  attributes = attributes.each_with_object({}) { |(k, v), h|
    if (!acceptable_attribute_map.key?(k.to_sym))
      fail ArgumentError, "`#{k}` is not a valid attribute in `SmplkitGeneratedClient::App::SSOConnection`. Please check the name to make sure it's valid. List of attributes: " + acceptable_attribute_map.keys.inspect
    end
    h[k.to_sym] = v
  }

  if attributes.key?(:'protocol')
    self.protocol = attributes[:'protocol']
  else
    self.protocol = nil
  end

  if attributes.key?(:'oidc_issuer')
    self.oidc_issuer = attributes[:'oidc_issuer']
  end

  if attributes.key?(:'oidc_client_id')
    self.oidc_client_id = attributes[:'oidc_client_id']
  end

  if attributes.key?(:'oidc_client_secret')
    self.oidc_client_secret = attributes[:'oidc_client_secret']
  end

  if attributes.key?(:'saml_idp_entity_id')
    self.saml_idp_entity_id = attributes[:'saml_idp_entity_id']
  end

  if attributes.key?(:'saml_idp_sso_url')
    self.saml_idp_sso_url = attributes[:'saml_idp_sso_url']
  end

  if attributes.key?(:'saml_idp_slo_url')
    self.saml_idp_slo_url = attributes[:'saml_idp_slo_url']
  end

  if attributes.key?(:'saml_idp_x509_cert')
    self.saml_idp_x509_cert = attributes[:'saml_idp_x509_cert']
  end

  if attributes.key?(:'default_role')
    self.default_role = attributes[:'default_role']
  else
    self.default_role = 'MEMBER'
  end

  if attributes.key?(:'group_role_mappings')
    if (value = attributes[:'group_role_mappings']).is_a?(Hash)
      self.group_role_mappings = value
    end
  end

  if attributes.key?(:'enforced')
    self.enforced = attributes[:'enforced']
  else
    self.enforced = false
  end

  if attributes.key?(:'sp_entity_id')
    self.sp_entity_id = attributes[:'sp_entity_id']
  end

  if attributes.key?(:'acs_url')
    self.acs_url = attributes[:'acs_url']
  end

  if attributes.key?(:'slo_url')
    self.slo_url = attributes[:'slo_url']
  end

  if attributes.key?(:'created_at')
    self.created_at = attributes[:'created_at']
  end

  if attributes.key?(:'updated_at')
    self.updated_at = attributes[:'updated_at']
  end
end

Instance Attribute Details

#acs_url ⇒ Object

Assertion Consumer Service URL (SAML) or redirect URI (OIDC) to register with the IdP. Computed.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 56

def acs_url
  @acs_url
end

#created_at ⇒ Object

When the connection was created.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 62

def created_at
  @created_at
end

#default_role ⇒ Object

Role granted to a user provisioned just-in-time on their first SSO login when no group mapping applies. ‘OWNER` values are downgraded to `ADMIN` for JIT — owner promotion remains an explicit account action.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 44

def default_role
  @default_role
end

#enforced ⇒ Object

When ‘true`, password and social sign-in are rejected for users whose email domain matches one of the account’s verified domains. The account owner is exempt (break-glass).

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 50

def enforced
  @enforced
end

#group_role_mappings ⇒ Object

Mapping of IdP group claim values to smplkit roles. The first key matching the user’s group claims (in declaration order) decides the JIT role; if none match, ‘default_role` applies. Example: `"ADMIN"`.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 47

def group_role_mappings
  @group_role_mappings
end

#oidc_client_id ⇒ Object

OIDC client identifier issued by the IdP for smplkit. Required when ‘protocol` is `oidc`; ignored otherwise.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 26

def oidc_client_id
  @oidc_client_id
end

#oidc_client_secret ⇒ Object

OIDC client secret. Write-only — supplied on PUT, never returned by the API. Stored envelope-encrypted at rest. Required on first creation of an OIDC connection; on subsequent PUTs, omit to retain the existing value.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 29

def oidc_client_secret
  @oidc_client_secret
end

#oidc_issuer ⇒ Object

OIDC issuer URL — the base from which ‘.well-known/openid-configuration` is discovered. Required when `protocol` is `oidc`; ignored when `protocol` is `saml`.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 23

def oidc_issuer
  @oidc_issuer
end

#protocol ⇒ Object

Federation protocol. ‘oidc` for OpenID Connect; `saml` for SAML 2.0. Determines which set of IdP fields below are required.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 20

def protocol
  @protocol
end

#saml_idp_entity_id ⇒ Object

SAML IdP EntityID (typically a URI). Required when ‘protocol` is `saml`; ignored otherwise.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 32

def saml_idp_entity_id
  @saml_idp_entity_id
end

#saml_idp_slo_url ⇒ Object

SAML IdP single logout URL. Optional — when present, smplkit will issue LogoutRequests on user sign-out.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 38

def saml_idp_slo_url
  @saml_idp_slo_url
end

#saml_idp_sso_url ⇒ Object

SAML IdP single sign-on URL (HTTP-Redirect or HTTP-POST endpoint). Required when ‘protocol` is `saml`.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 35

def saml_idp_sso_url
  @saml_idp_sso_url
end

#saml_idp_x509_cert ⇒ Object

SAML IdP X.509 signing certificate (PEM-encoded). Required when ‘protocol` is `saml`.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 41

def saml_idp_x509_cert
  @saml_idp_x509_cert
end

#slo_url ⇒ Object

Single Logout URL to register with the IdP. Computed; smplkit accepts logout requests here for the SAML case.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 59

def slo_url
  @slo_url
end

#sp_entity_id ⇒ Object

Service Provider EntityID to register with the IdP. Computed from the connection — paste this value into the IdP’s smplkit configuration.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 53

def sp_entity_id
  @sp_entity_id
end

#updated_at ⇒ Object

When the connection was last modified.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 65

def updated_at
  @updated_at
end

Class Method Details

.acceptable_attribute_map ⇒ Object

Returns attribute mapping this model knows about

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 112

def self.acceptable_attribute_map
  attribute_map
end

.acceptable_attributes ⇒ Object

Returns all the JSON keys this model knows about

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 117

def self.acceptable_attributes
  acceptable_attribute_map.values
end

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 90

def self.attribute_map
  {
    :'protocol' => :'protocol',
    :'oidc_issuer' => :'oidc_issuer',
    :'oidc_client_id' => :'oidc_client_id',
    :'oidc_client_secret' => :'oidc_client_secret',
    :'saml_idp_entity_id' => :'saml_idp_entity_id',
    :'saml_idp_sso_url' => :'saml_idp_sso_url',
    :'saml_idp_slo_url' => :'saml_idp_slo_url',
    :'saml_idp_x509_cert' => :'saml_idp_x509_cert',
    :'default_role' => :'default_role',
    :'group_role_mappings' => :'group_role_mappings',
    :'enforced' => :'enforced',
    :'sp_entity_id' => :'sp_entity_id',
    :'acs_url' => :'acs_url',
    :'slo_url' => :'slo_url',
    :'created_at' => :'created_at',
    :'updated_at' => :'updated_at'
  }
end

.build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 407

def self.build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  attributes = attributes.transform_keys(&:to_sym)
  transformed_hash = {}
  openapi_types.each_pair do |key, type|
    if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
      transformed_hash["#{key}"] = nil
    elsif type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[attribute_map[key]].is_a?(Array)
        transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
      end
    elsif !attributes[attribute_map[key]].nil?
      transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
    end
  end
  new(transformed_hash)
end

.openapi_nullable ⇒ Object

List of attributes with nullable: true

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 144

def self.openapi_nullable
  Set.new([
    :'oidc_issuer',
    :'oidc_client_id',
    :'oidc_client_secret',
    :'saml_idp_entity_id',
    :'saml_idp_sso_url',
    :'saml_idp_slo_url',
    :'saml_idp_x509_cert',
    :'sp_entity_id',
    :'acs_url',
    :'slo_url',
    :'created_at',
    :'updated_at'
  ])
end

.openapi_types ⇒ Object

Attribute type mapping.

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 122

def self.openapi_types
  {
    :'protocol' => :'String',
    :'oidc_issuer' => :'String',
    :'oidc_client_id' => :'String',
    :'oidc_client_secret' => :'String',
    :'saml_idp_entity_id' => :'String',
    :'saml_idp_sso_url' => :'String',
    :'saml_idp_slo_url' => :'String',
    :'saml_idp_x509_cert' => :'String',
    :'default_role' => :'String',
    :'group_role_mappings' => :'Hash<String, String>',
    :'enforced' => :'Boolean',
    :'sp_entity_id' => :'String',
    :'acs_url' => :'String',
    :'slo_url' => :'String',
    :'created_at' => :'Time',
    :'updated_at' => :'Time'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• Object (Object) —

  to be compared

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 371

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      protocol == o.protocol &&
      oidc_issuer == o.oidc_issuer &&
      oidc_client_id == o.oidc_client_id &&
      oidc_client_secret == o.oidc_client_secret &&
      saml_idp_entity_id == o.saml_idp_entity_id &&
      saml_idp_sso_url == o.saml_idp_sso_url &&
      saml_idp_slo_url == o.saml_idp_slo_url &&
      saml_idp_x509_cert == o.saml_idp_x509_cert &&
      default_role == o.default_role &&
      group_role_mappings == o.group_role_mappings &&
      enforced == o.enforced &&
      sp_entity_id == o.sp_entity_id &&
      acs_url == o.acs_url &&
      slo_url == o.slo_url &&
      created_at == o.created_at &&
      updated_at == o.updated_at
end

#eql?(o) ⇒ Boolean

Parameters:

• Object (Object) —

  to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 394

def eql?(o)
  self == o
end

#hash ⇒ Integer

Calculates hash code according to all attributes.

Returns:

• (Integer) —

  Hash code

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 400

def hash
  [protocol, oidc_issuer, oidc_client_id, oidc_client_secret, saml_idp_entity_id, saml_idp_sso_url, saml_idp_slo_url, saml_idp_x509_cert, default_role, group_role_mappings, enforced, sp_entity_id, acs_url, slo_url, created_at, updated_at].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

Returns:

• Array for valid properties with the reasons

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 252

def list_invalid_properties
  warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
  invalid_properties = Array.new
  if @protocol.nil?
    invalid_properties.push('invalid value for "protocol", protocol cannot be nil.')
  end

  if !@oidc_issuer.nil? && @oidc_issuer.to_s.length > 2048
    invalid_properties.push('invalid value for "oidc_issuer", the character length must be smaller than or equal to 2048.')
  end

  if !@oidc_client_id.nil? && @oidc_client_id.to_s.length > 512
    invalid_properties.push('invalid value for "oidc_client_id", the character length must be smaller than or equal to 512.')
  end

  if !@saml_idp_entity_id.nil? && @saml_idp_entity_id.to_s.length > 2048
    invalid_properties.push('invalid value for "saml_idp_entity_id", the character length must be smaller than or equal to 2048.')
  end

  if !@saml_idp_sso_url.nil? && @saml_idp_sso_url.to_s.length > 2048
    invalid_properties.push('invalid value for "saml_idp_sso_url", the character length must be smaller than or equal to 2048.')
  end

  if !@saml_idp_slo_url.nil? && @saml_idp_slo_url.to_s.length > 2048
    invalid_properties.push('invalid value for "saml_idp_slo_url", the character length must be smaller than or equal to 2048.')
  end

  invalid_properties
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 429

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    if value.nil?
      is_nullable = self.class.openapi_nullable.include?(attr)
      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
    end

    hash[param] = _to_hash(value)
  end
  hash
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

Returns:

• (Boolean) —

  true if the model is valid

# File 'lib/smplkit/_generated/app/lib/smplkit_app_client/models/sso_connection.rb', line 284

def valid?
  warn '[DEPRECATED] the `valid?` method is obsolete'
  return false if @protocol.nil?
  protocol_validator = EnumAttributeValidator.new('String', ["saml", "oidc"])
  return false unless protocol_validator.valid?(@protocol)
  return false if !@oidc_issuer.nil? && @oidc_issuer.to_s.length > 2048
  return false if !@oidc_client_id.nil? && @oidc_client_id.to_s.length > 512
  return false if !@saml_idp_entity_id.nil? && @saml_idp_entity_id.to_s.length > 2048
  return false if !@saml_idp_sso_url.nil? && @saml_idp_sso_url.to_s.length > 2048
  return false if !@saml_idp_slo_url.nil? && @saml_idp_slo_url.to_s.length > 2048
  default_role_validator = EnumAttributeValidator.new('String', ["OWNER", "ADMIN", "MEMBER", "VIEWER"])
  return false unless default_role_validator.valid?(@default_role)
  true
end