ALIYUN::RAM::OIDCProvider is used to create an OpenID Connect (OIDC) identity provider (IdP).
Syntax
{
"Type": "ALIYUN::RAM::OIDCProvider",
"Properties": {
"Fingerprints": List,
"IssuerUrl": String,
"OIDCProviderName": String,
"ClientIds": List,
"Description": String,
"IssuanceLimitTime": Integer
}
}Properties
Property | Type | Required | Editable | Description | Constraint |
Fingerprints | List | Yes | No | The fingerprints of the HTTPS certification authority (CA) certificate. | The fingerprints are provided by an external IdP. You can specify up to five fingerprints. |
IssuerUrl | String | Yes | No | The URL of the issuer. | None. |
OIDCProviderName | String | Yes | No | The name of the OIDC IdP. | None. |
ClientIds | List | No | Yes | The IDs of the clients. | None. |
Description | String | No | Yes | The description of the OIDC IdP. | None. |
IssuanceLimitTime | Integer | No | Yes | The earliest time period during which an external IdP can issue an ID token. | If the time range from the time point specified by the iat field in the ID token to the current time point is longer than the value of this property, the request is rejected. Unit: hour. Valid values: 1 to 168. |
Return values
Fn::GetAtt
OIDCProviderName: the name of the OIDC IdP.
Examples
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
OIDCProviderName:
Type: String
Description:
en: |-
The name of the OIDC IdP.
The name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are periods, (.), hyphens (-), and underscores (_).``
The name can be up to 128 characters in length.
AllowedPattern: ^[a-zA-Z0-9][a-zA-Z0-9._-]{0,126}[a-zA-Z0-9]$
Required: true
MaxLength: 128
Fingerprints:
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: |-
The fingerprint of the HTTPS certificate, which is provided by the external IdP Okta. If you want to specify multiple fingerprints, separate the fingerprints with commas (,).
The fingerprint can contain letters and digits.
The fingerprint can be up to 40 characters in length.
Required: false
AllowedPattern: ^[a-zA-Z0-9]{0,40}$
MaxLength: 40
AssociationProperty: List[Parameter]
Type: Json
Description:
en: The list of the fingerprints, max length is 5
Required: true
MinLength: 1
MaxLength: 5
IssuerUrl:
Type: String
Description:
en: |-
The URL of the issuer, which is provided by the external IdP. The URL of the issuer must be unique within an Alibaba Cloud account.
The URL of the issuer must start with https and be in the valid URL format. The URL cannot contain query parameters that follow a question mark (?) or logon information that is identified by at signs (@). The URL cannot be a fragment URL that contains number signs (#).
The URL can be up to 255 characters in length.
Required: true
MaxLength: 255
Resources:
OIDCProvider:
Type: ALIYUN::RAM::OIDCProvider
Properties:
OIDCProviderName:
Ref: OIDCProviderName
Fingerprints:
Ref: Fingerprints
IssuerUrl:
Ref: IssuerUrl
Outputs:
OIDCProviderName:
Description: |-
The name of the OIDC IdP.
The name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are periods, (.), hyphens (-), and underscores (_).``
The name can be up to 128 characters in length.
Value:
Fn::GetAtt:
- OIDCProvider
- OIDCProviderName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"OIDCProviderName": {
"Type": "String",
"Description": {
"en": "The name of the OIDC IdP.\nThe name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are periods, (.), hyphens (-), and underscores (_).``\nThe name can be up to 128 characters in length."
},
"AllowedPattern": "^[a-zA-Z0-9][a-zA-Z0-9._-]{0,126}[a-zA-Z0-9]$",
"Required": true,
"MaxLength": 128
},
"Fingerprints": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The fingerprint of the HTTPS certificate, which is provided by the external IdP Okta. If you want to specify multiple fingerprints, separate the fingerprints with commas (,).\nThe fingerprint can contain letters and digits.\nThe fingerprint can be up to 40 characters in length."
},
"Required": false,
"AllowedPattern": "^[a-zA-Z0-9]{0,40}$",
"MaxLength": 40
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The list of the fingerprints, max length is 5"
},
"Required": true,
"MinLength": 1,
"MaxLength": 5
},
"IssuerUrl": {
"Type": "String",
"Description": {
"en": "The URL of the issuer, which is provided by the external IdP. The URL of the issuer must be unique within an Alibaba Cloud account.\nThe URL of the issuer must start with https and be in the valid URL format. The URL cannot contain query parameters that follow a question mark (?) or logon information that is identified by at signs (@). The URL cannot be a fragment URL that contains number signs (#).\nThe URL can be up to 255 characters in length."
},
"Required": true,
"MaxLength": 255
}
},
"Resources": {
"OIDCProvider": {
"Type": "ALIYUN::RAM::OIDCProvider",
"Properties": {
"OIDCProviderName": {
"Ref": "OIDCProviderName"
},
"Fingerprints": {
"Ref": "Fingerprints"
},
"IssuerUrl": {
"Ref": "IssuerUrl"
}
}
}
},
"Outputs": {
"OIDCProviderName": {
"Description": "The name of the OIDC IdP.\nThe name can contain letters, digits, and special characters and cannot start or end with the special characters. The special characters are periods, (.), hyphens (-), and underscores (_).``\nThe name can be up to 128 characters in length.",
"Value": {
"Fn::GetAtt": [
"OIDCProvider",
"OIDCProviderName"
]
}
}
}
}