Skip to content

Commit

Permalink
docs: adding Trusted Issuer Schema format in docs #9784 (#9785)
Browse files Browse the repository at this point in the history 
* docs: adding Trusted Issuer Schema format in docs #9784

Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>

* docs: correct the changes

Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>

---------

Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>
Former-commit-id: 8da1542
  • Loading branch information
@duttarnab
duttarnab authored Oct 17, 2024
1 parent 4e5b7c3 commit a11711a
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions docs/cedarling/cedarling-policy-store.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,38 @@ The JSON schema looks like this:
}
```

## Trusted Issuer Schema

- **name** : (String, no spaces) The name of the trusted issuer.
- **description** : (String) A brief description of the issuer, providing context for administrators.
- **openid_configuration_endpoint** : (String) The HTTPS URL for the OpenID Connect configuration endpoint (usually found under /.well-known/openid-configuration).
- **access_tokens** : (Object with claims)
- **trusted**: (True | False) Indicates whether the issuer's access token are trusted.
- **id_tokens** : (Object with claims)
- **trusted**: (True | False) Indicates whether the issuer's id_token are trusted.
- **principal_identifier**: the token claim used to identify the User entity (in SAML jargon it's the "NameID format"). This claim is optional--it may be present in the Userinfo token. Defaults to sub.
- **role_mapping**: A list of the User's roles
- **userinfo_tokens** :
- **trusted**: (True | False) Indicates whether the issuer's userinfo_tokens are trusted.
- **principal_identifier**: the token claim used to identify the User entity (in SAML jargon it's the "NameID format"). This claim is optional--it may be present in the Userinfo token. Defaults to sub.
- **role_mapping**: A list of the User's roles
- **tx_tokens** : (Object with claims)
- **trusted**: (True | False)

```
[
{"name": "Google",
"Description": "Consumer IDP",
"openid_configuration_endpoint": "https://accounts.google.com/.well-known/openid-configuration",
"access_tokens": {"trusted": True},
"id_tokens": {"trusted":True, "principal_identifier": "email"},
"userinfo_tokens": {"trusted": True, "role_mapping": "role"},
"tx_tokens": {"trusted": True}
},
{IDP-2},
{IDP-3}...
]
```

## Policy and Schema Authoring

Expand Down

0 comments on commit a11711a

Please sign in to comment.