/*
* Copyright 2010-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the iam-2010-05-08.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.IdentityManagement.Model
{
///
/// Container for the parameters to the CreateOpenIDConnectProvider operation.
/// Creates an IAM entity to describe an identity provider (IdP) that supports OpenID
/// Connect (OIDC).
///
///
///
/// The OIDC provider that you create with this operation can be used as a principal in
/// a role's trust policy. Such a policy establishes a trust relationship between AWS
/// and the OIDC provider.
///
///
///
/// When you create the IAM OIDC provider, you specify the following:
///
/// -
///
/// The URL of the OIDC identity provider (IdP) to trust
///
///
-
///
/// A list of client IDs (also known as audiences) that identify the application or applications
/// that are allowed to authenticate using the OIDC provider
///
///
-
///
/// A list of thumbprints of one or more server certificates that the IdP uses
///
///
///
/// You get all of this information from the OIDC IdP that you want to use to access AWS.
///
///
///
/// The trust for the OIDC provider is derived from the IAM provider that this operation
/// creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider
/// operation to highly privileged users.
///
///
///
public partial class CreateOpenIDConnectProviderRequest : AmazonIdentityManagementServiceRequest
{
private List _clientIDList = new List();
private List _thumbprintList = new List();
private string _url;
///
/// Gets and sets the property ClientIDList.
///
/// A list of client IDs (also known as audiences). When a mobile or web app registers
/// with an OpenID Connect provider, they establish a value that identifies the application.
/// (This is the value that's sent as the client_id parameter on OAuth requests.)
///
///
///
/// You can register multiple client IDs with the same provider. For example, you might
/// have multiple applications that use the same OIDC provider. You cannot register more
/// than 100 client IDs with a single IAM OIDC provider.
///
///
///
/// There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest
/// operation accepts client IDs up to 255 characters long.
///
///
public List ClientIDList
{
get { return this._clientIDList; }
set { this._clientIDList = value; }
}
// Check to see if ClientIDList property is set
internal bool IsSetClientIDList()
{
return this._clientIDList != null && this._clientIDList.Count > 0;
}
///
/// Gets and sets the property ThumbprintList.
///
/// A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's
/// server certificates. Typically this list includes only one entry. However, IAM lets
/// you have up to five thumbprints for an OIDC provider. This lets you maintain multiple
/// thumbprints if the identity provider is rotating certificates.
///
///
///
/// The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509
/// certificate used by the domain where the OpenID Connect provider makes its keys available.
/// It is always a 40-character string.
///
///
///
/// You must provide at least one thumbprint when creating an IAM OIDC provider. For example,
/// assume that the OIDC provider is server.example.com and the provider
/// stores its keys at https://keys.server.example.com/openid-connect. In that case, the
/// thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used
/// by https://keys.server.example.com.
///
///
///
/// For more information about obtaining the OIDC provider's thumbprint, see Obtaining
/// the Thumbprint for an OpenID Connect Provider in the IAM User Guide.
///
///
[AWSProperty(Required=true)]
public List ThumbprintList
{
get { return this._thumbprintList; }
set { this._thumbprintList = value; }
}
// Check to see if ThumbprintList property is set
internal bool IsSetThumbprintList()
{
return this._thumbprintList != null && this._thumbprintList.Count > 0;
}
///
/// Gets and sets the property Url.
///
/// The URL of the identity provider. The URL must begin with https:// and
/// should correspond to the iss claim in the provider's OpenID Connect ID
/// tokens. Per the OIDC standard, path components are allowed but query parameters are
/// not. Typically the URL consists of only a hostname, like https://server.example.org
/// or https://example.com.
///
///
///
/// You cannot register the same provider multiple times in a single AWS account. If you
/// try to submit a URL that has already been used for an OpenID Connect provider in the
/// AWS account, you will get an error.
///
///
[AWSProperty(Required=true, Min=1, Max=255)]
public string Url
{
get { return this._url; }
set { this._url = value; }
}
// Check to see if Url property is set
internal bool IsSetUrl()
{
return this._url != null;
}
}
}