keycloak.oidc.OpenshiftV4IdentityProvider

Keycloak v6.12.0, Jun 6 26

Viewing docs for Keycloak v6.12.0
published on Saturday, Jun 6, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-keycloak

Viewing docs for Keycloak v6.12.0
published on Saturday, Jun 6, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-keycloak

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const openshiftV4 = new keycloak.oidc.OpenshiftV4IdentityProvider("openshift_v4", {
    realm: realm.id,
    clientId: openshiftClientId,
    clientSecret: openshiftClientSecret,
    baseUrl: "https://openshift.example.com:8443",
    defaultScopes: "user:full",
    trustEmail: true,
    syncMode: "IMPORT",
    extraConfig: {
        myCustomConfigKey: "myValue",
    },
});

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
openshift_v4 = keycloak.oidc.OpenshiftV4IdentityProvider("openshift_v4",
    realm=realm.id,
    client_id=openshift_client_id,
    client_secret=openshift_client_secret,
    base_url="https://openshift.example.com:8443",
    default_scopes="user:full",
    trust_email=True,
    sync_mode="IMPORT",
    extra_config={
        "myCustomConfigKey": "myValue",
    })

package main

import (
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = oidc.NewOpenshiftV4IdentityProvider(ctx, "openshift_v4", &oidc.OpenshiftV4IdentityProviderArgs{
			Realm:         realm.ID(),
			ClientId:      pulumi.Any(openshiftClientId),
			ClientSecret:  pulumi.Any(openshiftClientSecret),
			BaseUrl:       pulumi.String("https://openshift.example.com:8443"),
			DefaultScopes: pulumi.String("user:full"),
			TrustEmail:    pulumi.Bool(true),
			SyncMode:      pulumi.String("IMPORT"),
			ExtraConfig: pulumi.StringMap{
				"myCustomConfigKey": pulumi.String("myValue"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;

return await Deployment.RunAsync(() => 
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
    });

    var openshiftV4 = new Keycloak.Oidc.OpenshiftV4IdentityProvider("openshift_v4", new()
    {
        Realm = realm.Id,
        ClientId = openshiftClientId,
        ClientSecret = openshiftClientSecret,
        BaseUrl = "https://openshift.example.com:8443",
        DefaultScopes = "user:full",
        TrustEmail = true,
        SyncMode = "IMPORT",
        ExtraConfig = 
        {
            { "myCustomConfigKey", "myValue" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.oidc.OpenshiftV4IdentityProvider;
import com.pulumi.keycloak.oidc.OpenshiftV4IdentityProviderArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()
            .realm("my-realm")
            .enabled(true)
            .build());

        var openshiftV4 = new OpenshiftV4IdentityProvider("openshiftV4", OpenshiftV4IdentityProviderArgs.builder()
            .realm(realm.id())
            .clientId(openshiftClientId)
            .clientSecret(openshiftClientSecret)
            .baseUrl("https://openshift.example.com:8443")
            .defaultScopes("user:full")
            .trustEmail(true)
            .syncMode("IMPORT")
            .extraConfig(Map.of("myCustomConfigKey", "myValue"))
            .build());

    }
}

resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  openshiftV4:
    type: keycloak:oidc:OpenshiftV4IdentityProvider
    name: openshift_v4
    properties:
      realm: ${realm.id}
      clientId: ${openshiftClientId}
      clientSecret: ${openshiftClientSecret}
      baseUrl: https://openshift.example.com:8443
      defaultScopes: user:full
      trustEmail: true
      syncMode: IMPORT
      extraConfig:
        myCustomConfigKey: myValue

pulumi {
  required_providers {
    keycloak = {
      source = "pulumi/keycloak"
    }
  }
}

resource "keycloak_realm" "realm" {
  realm   = "my-realm"
  enabled = true
}
resource "keycloak_oidc_openshiftv4identityprovider" "openshift_v4" {
  realm          = keycloak_realm.realm.id
  client_id      = openshiftClientId
  client_secret  = openshiftClientSecret
  base_url       = "https://openshift.example.com:8443"
  default_scopes = "user:full"
  trust_email    = true
  sync_mode      = "IMPORT"
  extra_config = {
    "myCustomConfigKey" = "myValue"
  }
}

Create OpenshiftV4IdentityProvider Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new OpenshiftV4IdentityProvider(name: string, args: OpenshiftV4IdentityProviderArgs, opts?: CustomResourceOptions);

@overload
def OpenshiftV4IdentityProvider(resource_name: str,
                                args: OpenshiftV4IdentityProviderArgs,
                                opts: Optional[ResourceOptions] = None)

@overload
def OpenshiftV4IdentityProvider(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                client_id: Optional[str] = None,
                                realm: Optional[str] = None,
                                client_secret: Optional[str] = None,
                                base_url: Optional[str] = None,
                                first_broker_login_flow_alias: Optional[str] = None,
                                link_only: Optional[bool] = None,
                                default_scopes: Optional[str] = None,
                                display_name: Optional[str] = None,
                                enabled: Optional[bool] = None,
                                extra_config: Optional[Mapping[str, str]] = None,
                                add_read_token_role_on_create: Optional[bool] = None,
                                gui_order: Optional[str] = None,
                                hide_on_login_page: Optional[bool] = None,
                                authenticate_by_default: Optional[bool] = None,
                                org_domain: Optional[str] = None,
                                org_redirect_mode_email_matches: Optional[bool] = None,
                                organization_id: Optional[str] = None,
                                post_broker_login_flow_alias: Optional[str] = None,
                                provider_id: Optional[str] = None,
                                alias: Optional[str] = None,
                                store_token: Optional[bool] = None,
                                sync_mode: Optional[str] = None,
                                trust_email: Optional[bool] = None)

func NewOpenshiftV4IdentityProvider(ctx *Context, name string, args OpenshiftV4IdentityProviderArgs, opts ...ResourceOption) (*OpenshiftV4IdentityProvider, error)

public OpenshiftV4IdentityProvider(string name, OpenshiftV4IdentityProviderArgs args, CustomResourceOptions? opts = null)

public OpenshiftV4IdentityProvider(String name, OpenshiftV4IdentityProviderArgs args)
public OpenshiftV4IdentityProvider(String name, OpenshiftV4IdentityProviderArgs args, CustomResourceOptions options)

type: keycloak:oidc:OpenshiftV4IdentityProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "keycloak_oidc_openshiftv4identityprovider" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args OpenshiftV4IdentityProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args OpenshiftV4IdentityProviderArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OpenshiftV4IdentityProviderArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OpenshiftV4IdentityProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args OpenshiftV4IdentityProviderArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var openshiftV4IdentityProviderResource = new Keycloak.Oidc.OpenshiftV4IdentityProvider("openshiftV4IdentityProviderResource", new()
{
    ClientId = "string",
    Realm = "string",
    ClientSecret = "string",
    BaseUrl = "string",
    FirstBrokerLoginFlowAlias = "string",
    LinkOnly = false,
    DefaultScopes = "string",
    DisplayName = "string",
    Enabled = false,
    ExtraConfig = 
    {
        { "string", "string" },
    },
    AddReadTokenRoleOnCreate = false,
    GuiOrder = "string",
    HideOnLoginPage = false,
    AuthenticateByDefault = false,
    OrgDomain = "string",
    OrgRedirectModeEmailMatches = false,
    OrganizationId = "string",
    PostBrokerLoginFlowAlias = "string",
    ProviderId = "string",
    Alias = "string",
    StoreToken = false,
    SyncMode = "string",
    TrustEmail = false,
});

example, err := oidc.NewOpenshiftV4IdentityProvider(ctx, "openshiftV4IdentityProviderResource", &oidc.OpenshiftV4IdentityProviderArgs{
	ClientId:                  pulumi.String("string"),
	Realm:                     pulumi.String("string"),
	ClientSecret:              pulumi.String("string"),
	BaseUrl:                   pulumi.String("string"),
	FirstBrokerLoginFlowAlias: pulumi.String("string"),
	LinkOnly:                  pulumi.Bool(false),
	DefaultScopes:             pulumi.String("string"),
	DisplayName:               pulumi.String("string"),
	Enabled:                   pulumi.Bool(false),
	ExtraConfig: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	AddReadTokenRoleOnCreate:    pulumi.Bool(false),
	GuiOrder:                    pulumi.String("string"),
	HideOnLoginPage:             pulumi.Bool(false),
	AuthenticateByDefault:       pulumi.Bool(false),
	OrgDomain:                   pulumi.String("string"),
	OrgRedirectModeEmailMatches: pulumi.Bool(false),
	OrganizationId:              pulumi.String("string"),
	PostBrokerLoginFlowAlias:    pulumi.String("string"),
	ProviderId:                  pulumi.String("string"),
	Alias:                       pulumi.String("string"),
	StoreToken:                  pulumi.Bool(false),
	SyncMode:                    pulumi.String("string"),
	TrustEmail:                  pulumi.Bool(false),
})

resource "keycloak_oidc_openshiftv4identityprovider" "openshiftV4IdentityProviderResource" {
  client_id                     = "string"
  realm                         = "string"
  client_secret                 = "string"
  base_url                      = "string"
  first_broker_login_flow_alias = "string"
  link_only                     = false
  default_scopes                = "string"
  display_name                  = "string"
  enabled                       = false
  extra_config = {
    "string" = "string"
  }
  add_read_token_role_on_create   = false
  gui_order                       = "string"
  hide_on_login_page              = false
  authenticate_by_default         = false
  org_domain                      = "string"
  org_redirect_mode_email_matches = false
  organization_id                 = "string"
  post_broker_login_flow_alias    = "string"
  provider_id                     = "string"
  alias                           = "string"
  store_token                     = false
  sync_mode                       = "string"
  trust_email                     = false
}

var openshiftV4IdentityProviderResource = new OpenshiftV4IdentityProvider("openshiftV4IdentityProviderResource", OpenshiftV4IdentityProviderArgs.builder()
    .clientId("string")
    .realm("string")
    .clientSecret("string")
    .baseUrl("string")
    .firstBrokerLoginFlowAlias("string")
    .linkOnly(false)
    .defaultScopes("string")
    .displayName("string")
    .enabled(false)
    .extraConfig(Map.of("string", "string"))
    .addReadTokenRoleOnCreate(false)
    .guiOrder("string")
    .hideOnLoginPage(false)
    .authenticateByDefault(false)
    .orgDomain("string")
    .orgRedirectModeEmailMatches(false)
    .organizationId("string")
    .postBrokerLoginFlowAlias("string")
    .providerId("string")
    .alias("string")
    .storeToken(false)
    .syncMode("string")
    .trustEmail(false)
    .build());

openshift_v4_identity_provider_resource = keycloak.oidc.OpenshiftV4IdentityProvider("openshiftV4IdentityProviderResource",
    client_id="string",
    realm="string",
    client_secret="string",
    base_url="string",
    first_broker_login_flow_alias="string",
    link_only=False,
    default_scopes="string",
    display_name="string",
    enabled=False,
    extra_config={
        "string": "string",
    },
    add_read_token_role_on_create=False,
    gui_order="string",
    hide_on_login_page=False,
    authenticate_by_default=False,
    org_domain="string",
    org_redirect_mode_email_matches=False,
    organization_id="string",
    post_broker_login_flow_alias="string",
    provider_id="string",
    alias="string",
    store_token=False,
    sync_mode="string",
    trust_email=False)

const openshiftV4IdentityProviderResource = new keycloak.oidc.OpenshiftV4IdentityProvider("openshiftV4IdentityProviderResource", {
    clientId: "string",
    realm: "string",
    clientSecret: "string",
    baseUrl: "string",
    firstBrokerLoginFlowAlias: "string",
    linkOnly: false,
    defaultScopes: "string",
    displayName: "string",
    enabled: false,
    extraConfig: {
        string: "string",
    },
    addReadTokenRoleOnCreate: false,
    guiOrder: "string",
    hideOnLoginPage: false,
    authenticateByDefault: false,
    orgDomain: "string",
    orgRedirectModeEmailMatches: false,
    organizationId: "string",
    postBrokerLoginFlowAlias: "string",
    providerId: "string",
    alias: "string",
    storeToken: false,
    syncMode: "string",
    trustEmail: false,
});

type: keycloak:oidc:OpenshiftV4IdentityProvider
properties:
    addReadTokenRoleOnCreate: false
    alias: string
    authenticateByDefault: false
    baseUrl: string
    clientId: string
    clientSecret: string
    defaultScopes: string
    displayName: string
    enabled: false
    extraConfig:
        string: string
    firstBrokerLoginFlowAlias: string
    guiOrder: string
    hideOnLoginPage: false
    linkOnly: false
    orgDomain: string
    orgRedirectModeEmailMatches: false
    organizationId: string
    postBrokerLoginFlowAlias: string
    providerId: string
    realm: string
    storeToken: false
    syncMode: string
    trustEmail: false

OpenshiftV4IdentityProvider Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The OpenshiftV4IdentityProvider resource accepts the following input properties:

BaseUrl string: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
ClientId string: The client or client identifier registered within the identity provider.
ClientSecret string: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
Realm string: The name of the realm. This is unique across Keycloak.
AddReadTokenRoleOnCreate bool: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
Alias string: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
AuthenticateByDefault bool: Enable/disable authenticate users by default.
DefaultScopes string: The scopes to be sent when asking for authorization. Defaults to user:full.
DisplayName string: Display name for the OpenShift v4 identity provider in the GUI.
Enabled bool: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
ExtraConfig Dictionary<string, string>: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
FirstBrokerLoginFlowAlias string: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
GuiOrder string: A number defining the order of this identity provider in the GUI.
HideOnLoginPage bool: When true, this identity provider will be hidden on the login page. Defaults to false.
LinkOnly bool: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
OrgDomain string
OrgRedirectModeEmailMatches bool
OrganizationId string: ID of organization with which this identity is linked.
PostBrokerLoginFlowAlias string: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
ProviderId string: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
StoreToken bool: When true, tokens will be stored after authenticating users. Defaults to true.
SyncMode string: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
TrustEmail bool: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

BaseUrl string: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
ClientId string: The client or client identifier registered within the identity provider.
ClientSecret string: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
Realm string: The name of the realm. This is unique across Keycloak.
AddReadTokenRoleOnCreate bool: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
Alias string: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
AuthenticateByDefault bool: Enable/disable authenticate users by default.
DefaultScopes string: The scopes to be sent when asking for authorization. Defaults to user:full.
DisplayName string: Display name for the OpenShift v4 identity provider in the GUI.
Enabled bool: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
ExtraConfig map[string]string: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
FirstBrokerLoginFlowAlias string: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
GuiOrder string: A number defining the order of this identity provider in the GUI.
HideOnLoginPage bool: When true, this identity provider will be hidden on the login page. Defaults to false.
LinkOnly bool: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
OrgDomain string
OrgRedirectModeEmailMatches bool
OrganizationId string: ID of organization with which this identity is linked.
PostBrokerLoginFlowAlias string: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
ProviderId string: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
StoreToken bool: When true, tokens will be stored after authenticating users. Defaults to true.
SyncMode string: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
TrustEmail bool: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

base_url string: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
client_id string: The client or client identifier registered within the identity provider.
client_secret string: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
realm string: The name of the realm. This is unique across Keycloak.
add_read_token_role_on_create bool: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias string: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticate_by_default bool: Enable/disable authenticate users by default.
default_scopes string: The scopes to be sent when asking for authorization. Defaults to user:full.
display_name string: Display name for the OpenShift v4 identity provider in the GUI.
enabled bool: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extra_config map(string): A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
first_broker_login_flow_alias string: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
gui_order string: A number defining the order of this identity provider in the GUI.
hide_on_login_page bool: When true, this identity provider will be hidden on the login page. Defaults to false.
link_only bool: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
org_domain string
org_redirect_mode_email_matches bool
organization_id string: ID of organization with which this identity is linked.
post_broker_login_flow_alias string: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
provider_id string: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
store_token bool: When true, tokens will be stored after authenticating users. Defaults to true.
sync_mode string: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trust_email bool: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

baseUrl String: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
clientId String: The client or client identifier registered within the identity provider.
clientSecret String: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
realm String: The name of the realm. This is unique across Keycloak.
addReadTokenRoleOnCreate Boolean: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias String: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticateByDefault Boolean: Enable/disable authenticate users by default.
defaultScopes String: The scopes to be sent when asking for authorization. Defaults to user:full.
displayName String: Display name for the OpenShift v4 identity provider in the GUI.
enabled Boolean: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extraConfig Map<String,String>: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
firstBrokerLoginFlowAlias String: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
guiOrder String: A number defining the order of this identity provider in the GUI.
hideOnLoginPage Boolean: When true, this identity provider will be hidden on the login page. Defaults to false.
linkOnly Boolean: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
orgDomain String
orgRedirectModeEmailMatches Boolean
organizationId String: ID of organization with which this identity is linked.
postBrokerLoginFlowAlias String: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
providerId String: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
storeToken Boolean: When true, tokens will be stored after authenticating users. Defaults to true.
syncMode String: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trustEmail Boolean: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

baseUrl string: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
clientId string: The client or client identifier registered within the identity provider.
clientSecret string: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
realm string: The name of the realm. This is unique across Keycloak.
addReadTokenRoleOnCreate boolean: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias string: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticateByDefault boolean: Enable/disable authenticate users by default.
defaultScopes string: The scopes to be sent when asking for authorization. Defaults to user:full.
displayName string: Display name for the OpenShift v4 identity provider in the GUI.
enabled boolean: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extraConfig {[key: string]: string}: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
firstBrokerLoginFlowAlias string: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
guiOrder string: A number defining the order of this identity provider in the GUI.
hideOnLoginPage boolean: When true, this identity provider will be hidden on the login page. Defaults to false.
linkOnly boolean: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
orgDomain string
orgRedirectModeEmailMatches boolean
organizationId string: ID of organization with which this identity is linked.
postBrokerLoginFlowAlias string: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
providerId string: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
storeToken boolean: When true, tokens will be stored after authenticating users. Defaults to true.
syncMode string: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trustEmail boolean: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

base_url str: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
client_id str: The client or client identifier registered within the identity provider.
client_secret str: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
realm str: The name of the realm. This is unique across Keycloak.
add_read_token_role_on_create bool: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias str: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticate_by_default bool: Enable/disable authenticate users by default.
default_scopes str: The scopes to be sent when asking for authorization. Defaults to user:full.
display_name str: Display name for the OpenShift v4 identity provider in the GUI.
enabled bool: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extra_config Mapping[str, str]: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
first_broker_login_flow_alias str: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
gui_order str: A number defining the order of this identity provider in the GUI.
hide_on_login_page bool: When true, this identity provider will be hidden on the login page. Defaults to false.
link_only bool: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
org_domain str
org_redirect_mode_email_matches bool
organization_id str: ID of organization with which this identity is linked.
post_broker_login_flow_alias str: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
provider_id str: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
store_token bool: When true, tokens will be stored after authenticating users. Defaults to true.
sync_mode str: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trust_email bool: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

baseUrl String: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
clientId String: The client or client identifier registered within the identity provider.
clientSecret String: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
realm String: The name of the realm. This is unique across Keycloak.
addReadTokenRoleOnCreate Boolean: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias String: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticateByDefault Boolean: Enable/disable authenticate users by default.
defaultScopes String: The scopes to be sent when asking for authorization. Defaults to user:full.
displayName String: Display name for the OpenShift v4 identity provider in the GUI.
enabled Boolean: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extraConfig Map<String>: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
firstBrokerLoginFlowAlias String: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
guiOrder String: A number defining the order of this identity provider in the GUI.
hideOnLoginPage Boolean: When true, this identity provider will be hidden on the login page. Defaults to false.
linkOnly Boolean: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
orgDomain String
orgRedirectModeEmailMatches Boolean
organizationId String: ID of organization with which this identity is linked.
postBrokerLoginFlowAlias String: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
providerId String: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
storeToken Boolean: When true, tokens will be stored after authenticating users. Defaults to true.
syncMode String: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trustEmail Boolean: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

Outputs

All input properties are implicitly available as output properties. Additionally, the OpenshiftV4IdentityProvider resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
InternalId string: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

Id string: The provider-assigned unique ID for this managed resource.
InternalId string: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

id string: The provider-assigned unique ID for this managed resource.
internal_id string: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

id String: The provider-assigned unique ID for this managed resource.
internalId String: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

id string: The provider-assigned unique ID for this managed resource.
internalId string: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

id str: The provider-assigned unique ID for this managed resource.
internal_id str: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

id String: The provider-assigned unique ID for this managed resource.
internalId String: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

Look up Existing OpenshiftV4IdentityProvider Resource

Get an existing OpenshiftV4IdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OpenshiftV4IdentityProviderState, opts?: CustomResourceOptions): OpenshiftV4IdentityProvider

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        add_read_token_role_on_create: Optional[bool] = None,
        alias: Optional[str] = None,
        authenticate_by_default: Optional[bool] = None,
        base_url: Optional[str] = None,
        client_id: Optional[str] = None,
        client_secret: Optional[str] = None,
        default_scopes: Optional[str] = None,
        display_name: Optional[str] = None,
        enabled: Optional[bool] = None,
        extra_config: Optional[Mapping[str, str]] = None,
        first_broker_login_flow_alias: Optional[str] = None,
        gui_order: Optional[str] = None,
        hide_on_login_page: Optional[bool] = None,
        internal_id: Optional[str] = None,
        link_only: Optional[bool] = None,
        org_domain: Optional[str] = None,
        org_redirect_mode_email_matches: Optional[bool] = None,
        organization_id: Optional[str] = None,
        post_broker_login_flow_alias: Optional[str] = None,
        provider_id: Optional[str] = None,
        realm: Optional[str] = None,
        store_token: Optional[bool] = None,
        sync_mode: Optional[str] = None,
        trust_email: Optional[bool] = None) -> OpenshiftV4IdentityProvider

func GetOpenshiftV4IdentityProvider(ctx *Context, name string, id IDInput, state *OpenshiftV4IdentityProviderState, opts ...ResourceOption) (*OpenshiftV4IdentityProvider, error)

public static OpenshiftV4IdentityProvider Get(string name, Input<string> id, OpenshiftV4IdentityProviderState? state, CustomResourceOptions? opts = null)

public static OpenshiftV4IdentityProvider get(String name, Output<String> id, OpenshiftV4IdentityProviderState state, CustomResourceOptions options)

resources:  _:    type: keycloak:oidc:OpenshiftV4IdentityProvider    get:      id: ${id}

import {
  to = keycloak_oidc_openshiftv4identityprovider.example
  id = "${id}"
}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AddReadTokenRoleOnCreate bool: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
Alias string: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
AuthenticateByDefault bool: Enable/disable authenticate users by default.
BaseUrl string: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
ClientId string: The client or client identifier registered within the identity provider.
ClientSecret string: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
DefaultScopes string: The scopes to be sent when asking for authorization. Defaults to user:full.
DisplayName string: Display name for the OpenShift v4 identity provider in the GUI.
Enabled bool: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
ExtraConfig Dictionary<string, string>: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
FirstBrokerLoginFlowAlias string: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
GuiOrder string: A number defining the order of this identity provider in the GUI.
HideOnLoginPage bool: When true, this identity provider will be hidden on the login page. Defaults to false.
InternalId string: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
LinkOnly bool: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
OrgDomain string
OrgRedirectModeEmailMatches bool
OrganizationId string: ID of organization with which this identity is linked.
PostBrokerLoginFlowAlias string: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
ProviderId string: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
Realm string: The name of the realm. This is unique across Keycloak.
StoreToken bool: When true, tokens will be stored after authenticating users. Defaults to true.
SyncMode string: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
TrustEmail bool: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

AddReadTokenRoleOnCreate bool: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
Alias string: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
AuthenticateByDefault bool: Enable/disable authenticate users by default.
BaseUrl string: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
ClientId string: The client or client identifier registered within the identity provider.
ClientSecret string: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
DefaultScopes string: The scopes to be sent when asking for authorization. Defaults to user:full.
DisplayName string: Display name for the OpenShift v4 identity provider in the GUI.
Enabled bool: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
ExtraConfig map[string]string: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
FirstBrokerLoginFlowAlias string: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
GuiOrder string: A number defining the order of this identity provider in the GUI.
HideOnLoginPage bool: When true, this identity provider will be hidden on the login page. Defaults to false.
InternalId string: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
LinkOnly bool: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
OrgDomain string
OrgRedirectModeEmailMatches bool
OrganizationId string: ID of organization with which this identity is linked.
PostBrokerLoginFlowAlias string: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
ProviderId string: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
Realm string: The name of the realm. This is unique across Keycloak.
StoreToken bool: When true, tokens will be stored after authenticating users. Defaults to true.
SyncMode string: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
TrustEmail bool: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

add_read_token_role_on_create bool: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias string: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticate_by_default bool: Enable/disable authenticate users by default.
base_url string: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
client_id string: The client or client identifier registered within the identity provider.
client_secret string: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
default_scopes string: The scopes to be sent when asking for authorization. Defaults to user:full.
display_name string: Display name for the OpenShift v4 identity provider in the GUI.
enabled bool: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extra_config map(string): A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
first_broker_login_flow_alias string: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
gui_order string: A number defining the order of this identity provider in the GUI.
hide_on_login_page bool: When true, this identity provider will be hidden on the login page. Defaults to false.
internal_id string: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
link_only bool: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
org_domain string
org_redirect_mode_email_matches bool
organization_id string: ID of organization with which this identity is linked.
post_broker_login_flow_alias string: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
provider_id string: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
realm string: The name of the realm. This is unique across Keycloak.
store_token bool: When true, tokens will be stored after authenticating users. Defaults to true.
sync_mode string: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trust_email bool: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

addReadTokenRoleOnCreate Boolean: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias String: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticateByDefault Boolean: Enable/disable authenticate users by default.
baseUrl String: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
clientId String: The client or client identifier registered within the identity provider.
clientSecret String: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
defaultScopes String: The scopes to be sent when asking for authorization. Defaults to user:full.
displayName String: Display name for the OpenShift v4 identity provider in the GUI.
enabled Boolean: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extraConfig Map<String,String>: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
firstBrokerLoginFlowAlias String: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
guiOrder String: A number defining the order of this identity provider in the GUI.
hideOnLoginPage Boolean: When true, this identity provider will be hidden on the login page. Defaults to false.
internalId String: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
linkOnly Boolean: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
orgDomain String
orgRedirectModeEmailMatches Boolean
organizationId String: ID of organization with which this identity is linked.
postBrokerLoginFlowAlias String: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
providerId String: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
realm String: The name of the realm. This is unique across Keycloak.
storeToken Boolean: When true, tokens will be stored after authenticating users. Defaults to true.
syncMode String: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trustEmail Boolean: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

addReadTokenRoleOnCreate boolean: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias string: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticateByDefault boolean: Enable/disable authenticate users by default.
baseUrl string: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
clientId string: The client or client identifier registered within the identity provider.
clientSecret string: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
defaultScopes string: The scopes to be sent when asking for authorization. Defaults to user:full.
displayName string: Display name for the OpenShift v4 identity provider in the GUI.
enabled boolean: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extraConfig {[key: string]: string}: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
firstBrokerLoginFlowAlias string: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
guiOrder string: A number defining the order of this identity provider in the GUI.
hideOnLoginPage boolean: When true, this identity provider will be hidden on the login page. Defaults to false.
internalId string: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
linkOnly boolean: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
orgDomain string
orgRedirectModeEmailMatches boolean
organizationId string: ID of organization with which this identity is linked.
postBrokerLoginFlowAlias string: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
providerId string: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
realm string: The name of the realm. This is unique across Keycloak.
storeToken boolean: When true, tokens will be stored after authenticating users. Defaults to true.
syncMode string: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trustEmail boolean: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

add_read_token_role_on_create bool: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias str: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticate_by_default bool: Enable/disable authenticate users by default.
base_url str: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
client_id str: The client or client identifier registered within the identity provider.
client_secret str: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
default_scopes str: The scopes to be sent when asking for authorization. Defaults to user:full.
display_name str: Display name for the OpenShift v4 identity provider in the GUI.
enabled bool: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extra_config Mapping[str, str]: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
first_broker_login_flow_alias str: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
gui_order str: A number defining the order of this identity provider in the GUI.
hide_on_login_page bool: When true, this identity provider will be hidden on the login page. Defaults to false.
internal_id str: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
link_only bool: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
org_domain str
org_redirect_mode_email_matches bool
organization_id str: ID of organization with which this identity is linked.
post_broker_login_flow_alias str: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
provider_id str: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
realm str: The name of the realm. This is unique across Keycloak.
store_token bool: When true, tokens will be stored after authenticating users. Defaults to true.
sync_mode str: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trust_email bool: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

addReadTokenRoleOnCreate Boolean: When true, new users will be able to read stored tokens. This will automatically assign the broker.read-token role. Defaults to false.
alias String: The alias for the OpenShift v4 identity provider. Defaults to openshift-v4.
authenticateByDefault Boolean: Enable/disable authenticate users by default.
baseUrl String: Base URL of the OpenShift 4 cluster, e.g. https://openshift.example.com:8443.
clientId String: The client or client identifier registered within the identity provider.
clientSecret String: The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
defaultScopes String: The scopes to be sent when asking for authorization. Defaults to user:full.
displayName String: Display name for the OpenShift v4 identity provider in the GUI.
enabled Boolean: When true, users will be able to log in to this realm using this identity provider. Defaults to true.
extraConfig Map<String>: A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.
firstBrokerLoginFlowAlias String: The authentication flow to use when users log in for the first time through this identity provider. Defaults to first broker login.
guiOrder String: A number defining the order of this identity provider in the GUI.
hideOnLoginPage Boolean: When true, this identity provider will be hidden on the login page. Defaults to false.
internalId String: (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
linkOnly Boolean: When true, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to false.
orgDomain String
orgRedirectModeEmailMatches Boolean
organizationId String: ID of organization with which this identity is linked.
postBrokerLoginFlowAlias String: The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
providerId String: The ID of the identity provider to use. Defaults to openshift-v4, which should be used unless you have extended Keycloak and provided your own implementation.
realm String: The name of the realm. This is unique across Keycloak.
storeToken Boolean: When true, tokens will be stored after authenticating users. Defaults to true.
syncMode String: The default sync mode to use for all mappers attached to this identity provider. Can be one of IMPORT, FORCE, or LEGACY.
trustEmail Boolean: When true, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to false.

Import

OpenShift v4 Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idpAlias is the identity provider alias.

Example:

$ pulumi import keycloak:oidc/openshiftV4IdentityProvider:OpenshiftV4IdentityProvider openshift_v4 my-realm/my-openshift-v4-idp

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Keycloak pulumi/pulumi-keycloak
License: Apache-2.0
Notes: This Pulumi package is based on the keycloak Terraform Provider.

Viewing docs for Keycloak v6.12.0
published on Saturday, Jun 6, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-keycloak

keycloak.oidc.OpenshiftV4IdentityProvider

On this page

On this page

Example Usage

Create OpenshiftV4IdentityProvider Resource

Constructor syntax

Parameters

Constructor example

OpenshiftV4IdentityProvider Resource Properties

Inputs

Outputs

Look up Existing OpenshiftV4IdentityProvider Resource

Import

Package Details

On this page

On this page

Try Pulumi Cloud free.
Your team will thank you.

keycloak.oidc.OpenshiftV4IdentityProvider

On this page

On this page

Example Usage

Create OpenshiftV4IdentityProvider Resource

Constructor syntax

Parameters

Constructor example

OpenshiftV4IdentityProvider Resource Properties

Inputs

Outputs

Look up Existing OpenshiftV4IdentityProvider Resource

Import

Package Details

On this page

On this page

Try Pulumi Cloud free.Your team will thank you.

Try Pulumi Cloud free.
Your team will thank you.