IdentityPropagationTrust

class oci.identity_domains.models.IdentityPropagationTrust(**kwargs)

Bases: object

Schema used for Identity Propagation Trust.

Attributes

IDCS_PREVENTED_OPERATIONS_DELETE A constant which can be used with the idcs_prevented_operations property of a IdentityPropagationTrust.
IDCS_PREVENTED_OPERATIONS_REPLACE A constant which can be used with the idcs_prevented_operations property of a IdentityPropagationTrust.
IDCS_PREVENTED_OPERATIONS_UPDATE A constant which can be used with the idcs_prevented_operations property of a IdentityPropagationTrust.
SUBJECT_TYPE_APP A constant which can be used with the subject_type property of a IdentityPropagationTrust.
SUBJECT_TYPE_USER A constant which can be used with the subject_type property of a IdentityPropagationTrust.
TYPE_AWS A constant which can be used with the type property of a IdentityPropagationTrust.
TYPE_JWT A constant which can be used with the type property of a IdentityPropagationTrust.
TYPE_SAML A constant which can be used with the type property of a IdentityPropagationTrust.
TYPE_SPNEGO A constant which can be used with the type property of a IdentityPropagationTrust.
account_id Gets the account_id of this IdentityPropagationTrust.
active Gets the active of this IdentityPropagationTrust.
allow_impersonation Gets the allow_impersonation of this IdentityPropagationTrust.
client_claim_name Gets the client_claim_name of this IdentityPropagationTrust.
client_claim_values Gets the client_claim_values of this IdentityPropagationTrust.
clock_skew_seconds Gets the clock_skew_seconds of this IdentityPropagationTrust.
compartment_ocid Gets the compartment_ocid of this IdentityPropagationTrust.
delete_in_progress Gets the delete_in_progress of this IdentityPropagationTrust.
description Gets the description of this IdentityPropagationTrust.
domain_ocid Gets the domain_ocid of this IdentityPropagationTrust.
id Gets the id of this IdentityPropagationTrust.
idcs_created_by Gets the idcs_created_by of this IdentityPropagationTrust.
idcs_last_modified_by Gets the idcs_last_modified_by of this IdentityPropagationTrust.
idcs_last_upgraded_in_release Gets the idcs_last_upgraded_in_release of this IdentityPropagationTrust.
idcs_prevented_operations Gets the idcs_prevented_operations of this IdentityPropagationTrust.
impersonation_service_users Gets the impersonation_service_users of this IdentityPropagationTrust.
issuer [Required] Gets the issuer of this IdentityPropagationTrust.
keytab Gets the keytab of this IdentityPropagationTrust.
meta Gets the meta of this IdentityPropagationTrust.
name [Required] Gets the name of this IdentityPropagationTrust.
oauth_clients Gets the oauth_clients of this IdentityPropagationTrust.
ocid Gets the ocid of this IdentityPropagationTrust.
public_certificate Gets the public_certificate of this IdentityPropagationTrust.
public_key_endpoint Gets the public_key_endpoint of this IdentityPropagationTrust.
schemas [Required] Gets the schemas of this IdentityPropagationTrust.
service_principals Gets the service_principals of this IdentityPropagationTrust.
subject_claim_name Gets the subject_claim_name of this IdentityPropagationTrust.
subject_mapping_attribute Gets the subject_mapping_attribute of this IdentityPropagationTrust.
subject_type Gets the subject_type of this IdentityPropagationTrust.
tags Gets the tags of this IdentityPropagationTrust.
tenancy_ocid Gets the tenancy_ocid of this IdentityPropagationTrust.
type [Required] Gets the type of this IdentityPropagationTrust.

Methods

__init__(**kwargs) Initializes a new IdentityPropagationTrust object with values from keyword arguments.
IDCS_PREVENTED_OPERATIONS_DELETE = 'delete'

A constant which can be used with the idcs_prevented_operations property of a IdentityPropagationTrust. This constant has a value of “delete”

IDCS_PREVENTED_OPERATIONS_REPLACE = 'replace'

A constant which can be used with the idcs_prevented_operations property of a IdentityPropagationTrust. This constant has a value of “replace”

IDCS_PREVENTED_OPERATIONS_UPDATE = 'update'

A constant which can be used with the idcs_prevented_operations property of a IdentityPropagationTrust. This constant has a value of “update”

SUBJECT_TYPE_APP = 'App'

A constant which can be used with the subject_type property of a IdentityPropagationTrust. This constant has a value of “App”

SUBJECT_TYPE_USER = 'User'

A constant which can be used with the subject_type property of a IdentityPropagationTrust. This constant has a value of “User”

TYPE_AWS = 'AWS'

A constant which can be used with the type property of a IdentityPropagationTrust. This constant has a value of “AWS”

TYPE_JWT = 'JWT'

A constant which can be used with the type property of a IdentityPropagationTrust. This constant has a value of “JWT”

TYPE_SAML = 'SAML'

A constant which can be used with the type property of a IdentityPropagationTrust. This constant has a value of “SAML”

TYPE_SPNEGO = 'SPNEGO'

A constant which can be used with the type property of a IdentityPropagationTrust. This constant has a value of “SPNEGO”

__init__(**kwargs)

Initializes a new IdentityPropagationTrust object with values from keyword arguments. The following keyword arguments are supported (corresponding to the getters/setters of this class):

Parameters:
  • id (str) – The value to assign to the id property of this IdentityPropagationTrust.
  • ocid (str) – The value to assign to the ocid property of this IdentityPropagationTrust.
  • schemas (list[str]) – The value to assign to the schemas property of this IdentityPropagationTrust.
  • meta (oci.identity_domains.models.Meta) – The value to assign to the meta property of this IdentityPropagationTrust.
  • idcs_created_by (oci.identity_domains.models.IdcsCreatedBy) – The value to assign to the idcs_created_by property of this IdentityPropagationTrust.
  • idcs_last_modified_by (oci.identity_domains.models.IdcsLastModifiedBy) – The value to assign to the idcs_last_modified_by property of this IdentityPropagationTrust.
  • idcs_prevented_operations (list[str]) – The value to assign to the idcs_prevented_operations property of this IdentityPropagationTrust. Allowed values for items in this list are: “replace”, “update”, “delete”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
  • tags (list[oci.identity_domains.models.Tags]) – The value to assign to the tags property of this IdentityPropagationTrust.
  • delete_in_progress (bool) – The value to assign to the delete_in_progress property of this IdentityPropagationTrust.
  • idcs_last_upgraded_in_release (str) – The value to assign to the idcs_last_upgraded_in_release property of this IdentityPropagationTrust.
  • domain_ocid (str) – The value to assign to the domain_ocid property of this IdentityPropagationTrust.
  • compartment_ocid (str) – The value to assign to the compartment_ocid property of this IdentityPropagationTrust.
  • tenancy_ocid (str) – The value to assign to the tenancy_ocid property of this IdentityPropagationTrust.
  • name (str) – The value to assign to the name property of this IdentityPropagationTrust.
  • description (str) – The value to assign to the description property of this IdentityPropagationTrust.
  • type (str) – The value to assign to the type property of this IdentityPropagationTrust. Allowed values for this property are: “JWT”, “SAML”, “SPNEGO”, “AWS”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
  • issuer (str) – The value to assign to the issuer property of this IdentityPropagationTrust.
  • account_id (str) – The value to assign to the account_id property of this IdentityPropagationTrust.
  • subject_claim_name (str) – The value to assign to the subject_claim_name property of this IdentityPropagationTrust.
  • subject_mapping_attribute (str) – The value to assign to the subject_mapping_attribute property of this IdentityPropagationTrust.
  • subject_type (str) – The value to assign to the subject_type property of this IdentityPropagationTrust. Allowed values for this property are: “User”, “App”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
  • client_claim_name (str) – The value to assign to the client_claim_name property of this IdentityPropagationTrust.
  • client_claim_values (list[str]) – The value to assign to the client_claim_values property of this IdentityPropagationTrust.
  • active (bool) – The value to assign to the active property of this IdentityPropagationTrust.
  • public_key_endpoint (str) – The value to assign to the public_key_endpoint property of this IdentityPropagationTrust.
  • public_certificate (str) – The value to assign to the public_certificate property of this IdentityPropagationTrust.
  • oauth_clients (list[str]) – The value to assign to the oauth_clients property of this IdentityPropagationTrust.
  • service_principals (list[str]) – The value to assign to the service_principals property of this IdentityPropagationTrust.
  • allow_impersonation (bool) – The value to assign to the allow_impersonation property of this IdentityPropagationTrust.
  • clock_skew_seconds (int) – The value to assign to the clock_skew_seconds property of this IdentityPropagationTrust.
  • impersonation_service_users (list[oci.identity_domains.models.IdentityPropagationTrustImpersonationServiceUsers]) – The value to assign to the impersonation_service_users property of this IdentityPropagationTrust.
  • keytab (oci.identity_domains.models.IdentityPropagationTrustKeytab) – The value to assign to the keytab property of this IdentityPropagationTrust.
account_id

Gets the account_id of this IdentityPropagationTrust. The Identity cloud provider service identifier, for example, the Azure Tenancy ID, AWS Account ID, or GCP Project ID.

SCIM++ Properties:
  • type: string
  • multiValued: false
  • required: false
  • mutability: readWrite
  • returned: default
  • caseExact: true
  • idcsSearchable: true
  • uniqueness: none
Returns:The account_id of this IdentityPropagationTrust.
Return type:str
active

Gets the active of this IdentityPropagationTrust. If true, specifies that this Identity Propagation Trust is in an enabled state. The default value is false.

SCIM++ Properties:
  • type: boolean
  • multiValued: false
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
  • idcsSearchable: true
Returns:The active of this IdentityPropagationTrust.
Return type:bool
allow_impersonation

Gets the allow_impersonation of this IdentityPropagationTrust. Allow customers to define whether the resulting token should contain the authenticated user as the subject or whether the token should impersonate another Application Principal in IAM.

SCIM++ Properties:
  • type: boolean
  • multiValued: false
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
  • idcsSearchable: false
Returns:The allow_impersonation of this IdentityPropagationTrust.
Return type:bool
client_claim_name

Gets the client_claim_name of this IdentityPropagationTrust. The claim name that identifies to whom the JWT/SAML token is issued. If AWS, then “aud” or “client_id”. If Azure, then “appid”. If GCP, then “aud”.

SCIM++ Properties:
  • type: string
  • multiValued: false
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
  • idcsSearchable: false
Returns:The client_claim_name of this IdentityPropagationTrust.
Return type:str
client_claim_values

Gets the client_claim_values of this IdentityPropagationTrust. The value that corresponds to the client claim name used to identify to whom the token is issued.

SCIM++ Properties:
  • type: string
  • multiValued: true
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
  • caseExact: true
  • idcsSearchable: false
Returns:The client_claim_values of this IdentityPropagationTrust.
Return type:list[str]
clock_skew_seconds

Gets the clock_skew_seconds of this IdentityPropagationTrust. The clock skew (in secs) that’s allowed for the token issue and expiry time.

Added In: 2308181911

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: integer
  • uniqueness: none
Returns:The clock_skew_seconds of this IdentityPropagationTrust.
Return type:int
compartment_ocid

Gets the compartment_ocid of this IdentityPropagationTrust. OCI Compartment Id (ocid) in which the resource lives.

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The compartment_ocid of this IdentityPropagationTrust.
Return type:str
delete_in_progress

Gets the delete_in_progress of this IdentityPropagationTrust. A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: boolean
  • uniqueness: none
Returns:The delete_in_progress of this IdentityPropagationTrust.
Return type:bool
description

Gets the description of this IdentityPropagationTrust. The description of the Identity Propagation Trust.

SCIM++ Properties:
  • type: string
  • multiValued: false
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
  • caseExact: false
  • idcsSearchable: false
Returns:The description of this IdentityPropagationTrust.
Return type:str
domain_ocid

Gets the domain_ocid of this IdentityPropagationTrust. OCI Domain Id (ocid) in which the resource lives.

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The domain_ocid of this IdentityPropagationTrust.
Return type:str
id

Gets the id of this IdentityPropagationTrust. Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider’s entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: always
  • type: string
  • uniqueness: global
Returns:The id of this IdentityPropagationTrust.
Return type:str
idcs_created_by

Gets the idcs_created_by of this IdentityPropagationTrust.

Returns:The idcs_created_by of this IdentityPropagationTrust.
Return type:oci.identity_domains.models.IdcsCreatedBy
idcs_last_modified_by

Gets the idcs_last_modified_by of this IdentityPropagationTrust.

Returns:The idcs_last_modified_by of this IdentityPropagationTrust.
Return type:oci.identity_domains.models.IdcsLastModifiedBy
idcs_last_upgraded_in_release

Gets the idcs_last_upgraded_in_release of this IdentityPropagationTrust. The release number when the resource was upgraded.

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: request
  • type: string
  • uniqueness: none
Returns:The idcs_last_upgraded_in_release of this IdentityPropagationTrust.
Return type:str
idcs_prevented_operations

Gets the idcs_prevented_operations of this IdentityPropagationTrust. Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: true
  • mutability: readOnly
  • required: false
  • returned: request
  • type: string
  • uniqueness: none

Allowed values for items in this list are: “replace”, “update”, “delete”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:The idcs_prevented_operations of this IdentityPropagationTrust.
Return type:list[str]
impersonation_service_users

Gets the impersonation_service_users of this IdentityPropagationTrust. The Impersonating Principal.

SCIM++ Properties:
  • idcsCompositeKey: [rule, value]
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
Returns:The impersonation_service_users of this IdentityPropagationTrust.
Return type:list[oci.identity_domains.models.IdentityPropagationTrustImpersonationServiceUsers]
issuer

[Required] Gets the issuer of this IdentityPropagationTrust. The issuer claim of the Identity provider.

SCIM++ Properties:
  • type: string
  • multiValued: false
  • required: true
  • mutability: readWrite
  • returned: always
  • caseExact: true
  • idcsSearchable: true
  • uniqueness: server
Returns:The issuer of this IdentityPropagationTrust.
Return type:str
keytab

Gets the keytab of this IdentityPropagationTrust.

Returns:The keytab of this IdentityPropagationTrust.
Return type:oci.identity_domains.models.IdentityPropagationTrustKeytab
meta

Gets the meta of this IdentityPropagationTrust.

Returns:The meta of this IdentityPropagationTrust.
Return type:oci.identity_domains.models.Meta
name

[Required] Gets the name of this IdentityPropagationTrust. The name of the the Identity Propagation Trust.

SCIM++ Properties:
  • type: string
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • required: true
  • mutability: immutable
  • returned: default
  • uniqueness: none
Returns:The name of this IdentityPropagationTrust.
Return type:str
oauth_clients

Gets the oauth_clients of this IdentityPropagationTrust. The value of all the authorized OAuth Clients.

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The oauth_clients of this IdentityPropagationTrust.
Return type:list[str]
ocid

Gets the ocid of this IdentityPropagationTrust. Unique OCI identifier for the SCIM Resource.

SCIM++ Properties:
  • caseExact: true
  • idcsSearchable: true
  • multiValued: false
  • mutability: immutable
  • required: false
  • returned: default
  • type: string
  • uniqueness: global
Returns:The ocid of this IdentityPropagationTrust.
Return type:str
public_certificate

Gets the public_certificate of this IdentityPropagationTrust. Store the public key if public key cert.

SCIM++ Properties:
  • type: string
  • multiValued: false
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
  • idcsSearchable: false
Returns:The public_certificate of this IdentityPropagationTrust.
Return type:str
public_key_endpoint

Gets the public_key_endpoint of this IdentityPropagationTrust. The cloud provider’s public key API of SAML and OIDC providers for signature validation.

SCIM++ Properties:
  • type: string
  • multiValued: false
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
  • caseExact: false
  • idcsSearchable: false
Returns:The public_key_endpoint of this IdentityPropagationTrust.
Return type:str
schemas

[Required] Gets the schemas of this IdentityPropagationTrust. REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard “enterprise” extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: true
  • returned: default
  • type: string
  • uniqueness: none
Returns:The schemas of this IdentityPropagationTrust.
Return type:list[str]
service_principals

Gets the service_principals of this IdentityPropagationTrust. The value of all the authorized OCI Service Principals.

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The service_principals of this IdentityPropagationTrust.
Return type:list[str]
subject_claim_name

Gets the subject_claim_name of this IdentityPropagationTrust. Used for locating the subject claim from the incoming token.

SCIM++ Properties:
  • type: string
  • multiValued: false
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
  • caseExact: true
  • idcsSearchable: false
Returns:The subject_claim_name of this IdentityPropagationTrust.
Return type:str
subject_mapping_attribute

Gets the subject_mapping_attribute of this IdentityPropagationTrust. Subject Mapping Attribute to which the value from subject claim name value would be used for identity lookup.

SCIM++ Properties:
  • type: string
  • multiValued: false
  • idcsSearchable: false
  • required: false
  • mutability: readWrite
  • returned: default
  • uniqueness: none
Returns:The subject_mapping_attribute of this IdentityPropagationTrust.
Return type:str
subject_type

Gets the subject_type of this IdentityPropagationTrust. The type of the resource against which lookup will be made in the identity domain in IAM for the incoming subject claim value.

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none

Allowed values for this property are: “User”, “App”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:The subject_type of this IdentityPropagationTrust.
Return type:str
tags

Gets the tags of this IdentityPropagationTrust. A list of tags on this resource.

SCIM++ Properties:
  • idcsCompositeKey: [key, value]
  • idcsSearchable: true
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
Returns:The tags of this IdentityPropagationTrust.
Return type:list[oci.identity_domains.models.Tags]
tenancy_ocid

Gets the tenancy_ocid of this IdentityPropagationTrust. OCI Tenant Id (ocid) in which the resource lives.

SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Returns:The tenancy_ocid of this IdentityPropagationTrust.
Return type:str
type

[Required] Gets the type of this IdentityPropagationTrust. The type of the inbound token from the Identity cloud provider.

SCIM++ Properties:
  • caseExact: true
  • idcsSearchable: false
  • required: true
  • mutability: readWrite
  • returned: default
  • type: string
  • multiValued: false
  • uniqueness: none

Allowed values for this property are: “JWT”, “SAML”, “SPNEGO”, “AWS”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:The type of this IdentityPropagationTrust.
Return type:str