Puppet Data Type Alias: Apache::OIDCSettings

Defined in:
types/oidcsettings.pp

Overview

Alias of

Struct[{
    Optional['RedirectURI']                             => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]],
    Optional['CryptoPassphrase']                        => String,
    Optional['MetadataDir']                             => String,
    Optional['ProviderMetadataURL']                     => Stdlib::HTTPSUrl,
    Optional['ProviderIssuer']                          => String,
    Optional['ProviderAuthorizationEndpoint']           => Stdlib::HTTPSUrl,
    Optional['ProviderJwksUri']                         => Stdlib::HTTPSUrl,
    Optional['ProviderTokenEndpoint']                   => Stdlib::HTTPSUrl,
    Optional['ProviderTokenEndpointAuth']               => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'],
    Optional['ProviderTokenEndpointParams']             => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
    Optional['ProviderUserInfoEndpoint']                => Stdlib::HTTPSUrl,
    Optional['ProviderCheckSessionIFrame']              => Stdlib::HTTPSUrl,
    Optional['ProviderEndSessionEndpoint']              => Stdlib::HTTPSUrl,
    Optional['ProviderRevocationEndpoint']              => Stdlib::HTTPSUrl,
    Optional['ProviderBackChannelLogoutSupported']      => Enum['On', 'Off'],
    Optional['ProviderRegistrationEndpointJson']        => String,
    Optional['Scope']                                   => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
    Optional['AuthRequestParams']                       => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
    Optional['SSLValidateServer']                       => Enum['On', 'Off'],
    Optional['UserInfoRefreshInterval']                 => Integer,
    Optional['JWKSRefreshInterval']                     => Integer,
    Optional['UserInfoTokenMethod']                     => Enum['authz_header', 'post_param'],
    Optional['ProviderAuthRequestMethod']               => Enum['GET', 'POST'],
    Optional['PublicKeyFiles']                          => String,
    Optional['ResponseType']                            => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'],
    Optional['ResponseMode']                            => Enum['fragment', 'query', 'form_post'],
    Optional['ClientID']                                => String,
    Optional['ClientSecret']                            => String,
    Optional['ClientTokenEndpointCert']                 => String,
    Optional['ClientTokenEndpointKey']                  => String,
    Optional['ClientName']                              => String,
    Optional['ClientContact']                           => String,
    Optional['PKCDMethod']                              => Enum['plain', 'S256', 'referred_tb'],
    Optional['TokenBindingPolicy']                      => Enum['disabled', 'optional', 'required', 'enforced'],
    Optional['ClientJwksUri']                           => Stdlib::HTTPSUrl,
    Optional['IDTokenSignedResponseAlg']                => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
    Optional['IDTokenEncryptedResponseAlg']             => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
    Optional['IDTokenEncryptedResponseAlg']             => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
    Optional['UserInfoSignedResposeAlg']                => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
    Optional['UserInfoEncryptedResponseAlg']            => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
    Optional['UserInfoEncryptedResponseEnc']            => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
    Optional['OAuthServerMetadataURL']                  => Stdlib::HTTPSUrl,
    Optional['AuthIntrospectionEndpoint']               => Stdlib::HTTPSUrl,
    Optional['OAuthClientID']                           => String,
    Optional['OAuthClientSecret']                       => String,
    Optional['OAuthIntrospectionEndpointAuth']          => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'],
    Optional['OAuthIntrospectionClientAuthBearerToken'] => String,
    Optional['OAuthIntrospectionEndpointCert']          => String,
    Optional['OAuthIntrospectionEndpointKey']           => String,
    Optional['OAuthIntrospectionEndpointMethod']        => Enum['POST', 'GET'],
    Optional['OAuthIntrospectionEndpointParams']        => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
    Optional['OAuthIntrospectionTokenParamName']        => String,
    Optional['OAuthTokenExpiryClaim']                   => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/],
    Optional['OAuthSSLValidateServer']                  => Enum['On', 'Off'],
    Optional['OAuthVerifySharedKeys']                   => String,
    Optional['OAuthVerifyCertFiles']                    => String,
    Optional['OAuthVerifyJwksUri']                      => Stdlib::HTTPSUrl,
    Optional['OAuthRemoteUserClaim']                    => String,
    Optional['OAuthAcceptTokenAs']                      => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/],
    Optional['OAuthAccessTokenBindingPolicy']           => Enum['disabled', 'optional', 'required', 'enforced'],
    Optional['Cookie']                                  => String,
    Optional['SessionCookieChunkSize']                  => Integer,
    Optional['CookieHTTPOnly']                          => Enum['On', 'Off'],
    Optional['CookieSameSite']                          => Enum['On', 'Off'],
    Optional['PassCookies']                             => String,
    Optional['StripCookies']                            => String,
    Optional['StateMaxNumberOfCookies']                 => Pattern[/^[0-9]+\s(false|true)$/],
    Optional['SessionInactivityTimeout']                => Integer,
    Optional['SessionMaxDuration']                      => Integer,
    Optional['SessionType']                             => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/],
    Optional['SessionCacheFallbackToCookie']            => Enum['On', 'Off'],
    Optional['CacheType']                               => Enum['shm', 'memcache', 'file', 'redis'],
    Optional['CacheEncrypt']                            => Enum['On', 'Off'],
    Optional['CacheShmMax']                             => Integer,
    Optional['CacheShmEntrySizeMax']                    => Integer,
    Optional['CacheFileCleanInterval']                  => Integer,
    Optional['MemCacheServers']                         => String,
    Optional['RedisCacheServer']                        => String,
    Optional['RedisCachePassword']                      => String,
    Optional['DiscoverURL']                             => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
    Optional['HTMLErrorTemplate']                       => String,
    Optional['DefaultURL']                              => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
    Optional['PathScope']                               => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
    Optional['PathAuthRequestParams']                   => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
    Optional['IDTokenIatSlack']                         => Integer,
    Optional['ClaimPrefix']                             => String,
    Optional['ClaimDelimiter']                          => Pattern[/^.$/],
    Optional['RemoteUserClaim']                         => String,
    Optional['PassIDTokenAs']                           => Pattern[/^((claims|payload|serialized)\s?)+$/],
    Optional['PassUserInfoAs']                          => Pattern[/^((claims|json|jwt)\s?)+$/],
    Optional['PassClaimsAs']                            => Enum['none', 'headers', 'environment', 'both'],
    Optional['AuthNHeader']                             => String,
    Optional['HTTPTimeoutLong']                         => Integer,
    Optional['HTTPTimeoutShort']                        => Integer,
    Optional['StateTimeout']                            => Integer,
    Optional['ScrubRequestHeaders']                     => Enum['On', 'Off'],
    Optional['OutgoingProxy']                           => String,
    Optional['UnAuthAction']                            => Enum['auth', 'pass', '401', '410'],
    Optional['UnAuthzAction']                           => Enum['401', '403', 'auth'],
    Optional['PreservePost']                            => Enum['On', 'Off'],
    Optional['PassRefreshToken']                        => Enum['On', 'Off'],
    Optional['RequestObject']                           => String,
    Optional['ProviderMetadataRefreshInterval']         => Integer,
    Optional['InfoHook']                                => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/],
    Optional['BlackListedClaims']                       => String,
    Optional['WhiteListedClaims']                       => String,
    Optional['RefreshAccessTokenBeforeExpiry']          => Pattern[/^[0-9]+(\slogout_on_error)?$/],
  }]


# File 'types/oidcsettings.pp', line 2