Resource Type: aem_saml

Defined in:
lib/puppet/type/aem_saml.rb
Providers:
aem

Overview

Title

Properties

  • ensure

    The basic property that the resource should be in.

    Supported values:
    • archived
    • present
    • exists
    • absent

Parameters

  • add_group_memberships

    Whether or not a user should be automatically added to CRX groups after successful authentication.

  • aem_id (namevar)

    AEM instance ID

  • aem_password

    AEM password

  • aem_username

    AEM username

  • assertion_consumer_service_url

    The (optional) AssertionConsumerServiceURL attribute of an Authn request specifies the location to which a <Response> message MUST be sent to the requester.

  • clock_tolerance

    Time tolerance in seconds to compensate clock skew between IDP and SP when validating Assertions.

  • config_node_name (defaults to: com.adobe.granite.auth.saml.SamlAuthenticationHandler.config)

    AEM node name

  • config_node_path (defaults to: /apps/system/config)

    AEM Node Path

  • create_user

    Whether or not to autocreate nonexisting users in the repository.

  • default_groups

    A list of default CRX groups users are added to after successful authentication.

  • default_redirect_url

    The default location to redirect to after successful authentication.

  • digest_method

    The digest algorithm to use when signing a SAML message.

  • file

    File path to the SAML certification.

  • force

    Force Enabling SAML

  • group_membership_attribute

    The name of the attribute containing a list of CRX groups this user should be added to.

  • handle_logout

    Whether or not logout (dropCredentials) requests will be processed by this handler.

  • idp_cert_alias

    The alias of the IdPs certificate in the global truststore. If this property is empty the authentication handler is disabled.

  • idp_http_redirect

    Use an HTTP Redirect to the IDP URL instead of sending an AuthnRequest-message to request credentials. Use this for IDP initiated authentication.

  • idp_url

    URL of the IDP where the SAML Authentication Request should be sent to. If this property is empty the authentication handler is disabled. (idpUrl)

  • key_store_password

    The password of the key-store of the authentication-service system user.

  • logout_url

    URL of the IDP where the SAML Logout Request should be sent to. If this property is empty the authentication handler wont handle logouts.

  • name (namevar)

    Title

  • name_id_format

    The value of the NameIDPolicy format parameter to send in the AuthnRequest message.

  • node_type (defaults to: sling:OsgiConfig)

    AEM node type

  • path

    Repository path for which this authentication handler should be used by Sling.

  • provider

    The specific backend to use for this ‘aem_saml` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • retries_base_sleep_seconds

    Starting sleep duration in seconds

  • retries_max_sleep_seconds

    Maximum sleep duration in seconds

  • retries_max_tries

    Maximum number of tries

  • serial

    Serial number of the SAML certificate in the AEM Truststore

  • service_provider_entity_id

    ID which uniquely identifies this service provider with the identity provider. If this property is empty the authentication handler is disabled.

  • service_ranking

    OSGi Framework Service Ranking value to indicate the order in which to call this service. This is an int value where higher values designate higher precedence. Default value is 0.

  • signature_method

    The signature algorithm to use when signing a SAML message.

  • sp_private_key_alias

    The alias of the SPs private key in the key-store of the authentication-service system user. If this property is empty the handler will not be able to sign or decrypt messages.

  • synchronize_attributes

    A list of attribute mappings (in the format “attributename=path/relative/to/user/node”) which should be stored in the repository on user-synchronization.

  • use_encryption

    Whether or not this authentication handler expects encrypted SAML assertions. If this is enabled the SPs private key must be provided in the key-store of the authentication-service system user (see SP Private Key Alias above).

  • user_id_attribute

    The name of the attribute containing the user ID used to authenticate and create the user in the CRX repository. Leave empty to use the Subject:NameId.

  • user_intermediate_path

    User intermediate path to store created users.