SAMLOptionsProperty

class aws_cdk.aws_opensearchservice.SAMLOptionsProperty(*, idp_entity_id, idp_metadata_content, master_backend_role=None, master_user_name=None, roles_key=None, session_timeout_minutes=None, subject_key=None)

Bases: object

Container for information about the SAML configuration for OpenSearch Dashboards.

Parameters:

  • idp_entity_id (str) – The unique entity ID of the application in the SAML identity provider.

  • idp_metadata_content (str) – The metadata of the SAML application, in XML format.

  • master_backend_role (Optional[str]) – The backend role that the SAML master user is mapped to. Any users with this backend role receives full permission in OpenSearch Dashboards/Kibana. To use a SAML master backend role, configure the rolesKey property. Default: - The master user is not mapped to a backend role

  • master_user_name (Optional[str]) – The SAML master username, which is stored in the domain’s internal user database. This SAML user receives full permission in OpenSearch Dashboards/Kibana. Creating a new master username does not delete any existing master usernames. Default: - No master user name is configured

  • roles_key (Optional[str]) – Element of the SAML assertion to use for backend roles. Default: - roles

  • session_timeout_minutes (Union[int, float, None]) – The duration, in minutes, after which a user session becomes inactive. Default: - 60

  • subject_key (Optional[str]) – Element of the SAML assertion to use for the user name. Default: - NameID element of the SAML assertion fot the user name

ExampleMetadata:

infused

Example:

domain = Domain(self, "Domain",
    version=EngineVersion.OPENSEARCH_1_0,
    enforce_https=True,
    node_to_node_encryption=True,
    encryption_at_rest=EncryptionAtRestOptions(
        enabled=True
    ),
    fine_grained_access_control=AdvancedSecurityOptions(
        master_user_name="master-user",
        saml_authentication_enabled=True,
        saml_authentication_options=SAMLOptionsProperty(
            idp_entity_id="entity-id",
            idp_metadata_content="metadata-content-with-quotes-escaped"
        )
    )
)

Attributes

idp_entity_id

The unique entity ID of the application in the SAML identity provider.

idp_metadata_content

The metadata of the SAML application, in XML format.

master_backend_role

The backend role that the SAML master user is mapped to.

Any users with this backend role receives full permission in OpenSearch Dashboards/Kibana. To use a SAML master backend role, configure the rolesKey property.

Default:

  • The master user is not mapped to a backend role

master_user_name

The SAML master username, which is stored in the domain’s internal user database.

This SAML user receives full permission in OpenSearch Dashboards/Kibana. Creating a new master username does not delete any existing master usernames.

Default:

  • No master user name is configured

roles_key

Element of the SAML assertion to use for backend roles.

Default:

  • roles

session_timeout_minutes

The duration, in minutes, after which a user session becomes inactive.

Default:

  • 60

subject_key

Element of the SAML assertion to use for the user name.

Default:

  • NameID element of the SAML assertion fot the user name