diff --git a/REFERENCE.md b/REFERENCE.md index b637f3722..5b43bcb8e 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -11306,113 +11306,149 @@ Alias of ```puppet Struct[{ - Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], - Optional['CryptoPassphrase'] => String, - Optional['MetadataDir'] => String, - Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, - Optional['ProviderIssuer'] => String, - Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, - Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'], - Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, - Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], - Optional['ProviderRegistrationEndpointJson'] => String, - Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], - Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['SSLValidateServer'] => Enum['On', 'Off'], - Optional['UserInfoRefreshInterval'] => Integer, - Optional['JWKSRefreshInterval'] => Integer, - Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], - Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST'], - Optional['PublicKeyFiles'] => String, - Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], - Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], - Optional['ClientID'] => String, - Optional['ClientSecret'] => String, - Optional['ClientTokenEndpointCert'] => String, - Optional['ClientTokenEndpointKey'] => String, - Optional['ClientName'] => String, - Optional['ClientContact'] => String, - Optional['PKCDMethod'] => Enum['plain', 'S256', 'referred_tb'], - Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, - Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], - Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], - Optional['UserInfoSignedResposeAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], - Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], - Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, - Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, - Optional['OAuthClientID'] => String, - Optional['OAuthClientSecret'] => String, - Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], - Optional['OAuthIntrospectionClientAuthBearerToken'] => String, - Optional['OAuthIntrospectionEndpointCert'] => String, - Optional['OAuthIntrospectionEndpointKey'] => String, - Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], - Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['OAuthIntrospectionTokenParamName'] => String, - Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/], - Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], - Optional['OAuthVerifySharedKeys'] => String, - Optional['OAuthVerifyCertFiles'] => String, - Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, - Optional['OAuthRemoteUserClaim'] => String, - Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], - Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['Cookie'] => String, - Optional['SessionCookieChunkSize'] => Integer, - Optional['CookieHTTPOnly'] => Enum['On', 'Off'], - Optional['CookieSameSite'] => Enum['On', 'Off'], - Optional['PassCookies'] => String, - Optional['StripCookies'] => String, - Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\s(false|true)$/], - Optional['SessionInactivityTimeout'] => Integer, - Optional['SessionMaxDuration'] => Integer, - Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/], - Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], - Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], - Optional['CacheEncrypt'] => Enum['On', 'Off'], - Optional['CacheShmMax'] => Integer, - Optional['CacheShmEntrySizeMax'] => Integer, - Optional['CacheFileCleanInterval'] => Integer, - Optional['MemCacheServers'] => String, - Optional['RedisCacheServer'] => String, - Optional['RedisCachePassword'] => String, - Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['HTMLErrorTemplate'] => String, - Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], - Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['IDTokenIatSlack'] => Integer, - Optional['ClaimPrefix'] => String, - Optional['ClaimDelimiter'] => Pattern[/^.$/], - Optional['RemoteUserClaim'] => String, - Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], - Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\s?)+$/], - Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], - Optional['AuthNHeader'] => String, - Optional['HTTPTimeoutLong'] => Integer, - Optional['HTTPTimeoutShort'] => Integer, - Optional['StateTimeout'] => Integer, - Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], - Optional['OutgoingProxy'] => String, - Optional['UnAuthAction'] => Enum['auth', 'pass', '401', '410'], - Optional['UnAuthzAction'] => Enum['401', '403', 'auth'], - Optional['PreservePost'] => Enum['On', 'Off'], - Optional['PassRefreshToken'] => Enum['On', 'Off'], - Optional['RequestObject'] => String, - Optional['ProviderMetadataRefreshInterval'] => Integer, - Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/], - Optional['BlackListedClaims'] => String, - Optional['WhiteListedClaims'] => String, - Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/], + Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], + Optional['CryptoPassphrase'] => String, + Optional['MetadataDir'] => String, + Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, + Optional['ProviderIssuer'] => String, + Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, + Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'], + Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, + Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], + Optional['ProviderRegistrationEndpointJson'] => String, + Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], + Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['SSLValidateServer'] => Enum['On', 'Off'], + Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s?(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['JWKSRefreshInterval'] => Integer, + Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], + Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], + Optional['PublicKeyFiles'] => String, + Optional['PrivateKeyFiles'] => String, + Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], + Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], + Optional['ClientID'] => String, + Optional['ClientSecret'] => String, + Optional['ClientTokenEndpointCert'] => String, + Optional['ClientTokenEndpointKey'] => String, + Optional['ClientTokenEndpointKeyPassword'] => String, + Optional['ClientName'] => String, + Optional['ClientContact'] => String, + Optional['PKCEMethod'] => Enum['plain', 'S256', 'referred_tb', 'none'], + Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], + Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, + Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], + Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], + Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['UserInfoSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], + Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], + Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, + Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, + Optional['OAuthClientID'] => String, + Optional['OAuthClientSecret'] => String, + Optional['OAuthIntrospectionEndpoint'] => String, + Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], + Optional['OAuthIntrospectionClientAuthBearerToken'] => String, + Optional['OAuthIntrospectionEndpointCert'] => String, + Optional['OAuthIntrospectionEndpointKey'] => String, + Optional['OAuthIntrospectionEndpointKeyPassword'] => String, + Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], + Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['OAuthIntrospectionTokenParamName'] => String, + Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], + Optional['OAuthTokenIntrospectionInterval'] => Integer, + Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], + Optional['OAuthVerifySharedKeys'] => String, + Optional['OAuthVerifyCertFiles'] => String, + Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, + Optional['OAuthRemoteUserClaim'] => String, + Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], + Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], + Optional['Cookie'] => String, + Optional['CookieDomain'] => String, + Optional['CookiePath'] => String, + Optional['SessionCookieChunkSize'] => Integer, + Optional['CookieHTTPOnly'] => Enum['On', 'Off'], + Optional['CookieSameSite'] => Enum['On', 'Off'], + Optional['PassCookies'] => String, + Optional['StripCookies'] => String, + Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s?(false|true))?$/], + Optional['SessionInactivityTimeout'] => Integer, + Optional['SessionMaxDuration'] => Integer, + Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/], + Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], + Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], + Optional['CacheDir'] => String, + Optional['CacheEncrypt'] => Enum['On', 'Off'], + Optional['CacheShmMax'] => Integer, + Optional['CacheShmEntrySizeMax'] => Integer, + Optional['CacheFileCleanInterval'] => Integer, + Optional['MemCacheServers'] => String, + Optional['MemCacheConnectionsHMax'] => Integer, + Optional['MemCacheConnectionsMin'] => Integer, + Optional['MemCacheConnectionsSMax'] => Integer, + Optional['MemCacheConnectionsTTL'] => Integer, + Optional['RedisCacheServer'] => String, + Optional['RedisCachePassword'] => String, + Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+\s?[0-9]*$/], + Optional['RedisCacheDatabase'] => Integer, + Optional['RedisCacheTimeout'] => Integer, + Optional['RedisCacheUsername'] => String, + Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['HTMLErrorTemplate'] => String, + Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], + Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['IDTokenIatSlack'] => Integer, + Optional['ClaimPrefix'] => String, + Optional['ClaimDelimiter'] => Pattern[/^.$/], + Optional['RemoteUserClaim'] => String, + Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], + Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/], + Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], + Optional['AuthNHeader'] => String, + Optional['HTTPTimeoutLong'] => Integer, + Optional['HTTPTimeoutShort'] => Integer, + Optional['StateTimeout'] => Integer, + Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], + Optional['OutgoingProxy'] => String, + Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)\s.*/], + Optional['UnAutzAction'] => Pattern[/^(none|headers|environment|both)(\s+(latin1|base64url|none)+)?$/], + Optional['PreservePost'] => Enum['On', 'Off'], + Optional['PreservePostTemplates'] => String, + Optional['PassRefreshToken'] => Enum['On', 'Off'], + Optional['RequestObject'] => String, + Optional['ProviderMetadataRefreshInterval'] => Integer, + Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/], + Optional['BlackListedClaims'] => String, + Optional['WhiteListedClaims'] => String, + Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['XForwardedHeaders'] => String, + Optional['CABundlePath'] => String, + Optional['DefaultLoggedOutURL'] => String, + Optional['DPoPMode'] => String, + Optional['FilterClaimsExpr'] => String, + Optional['LogoutRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['LogoutXFrameOptions'] => String, + Optional['MetricsData'] => String, + Optional['MetricsPublish'] => String, + Optional['PassAccessToken'] => Enum['On', 'Off'], + Optional['ProviderPushedAuthorizationRequestEndpoint'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['ProviderSignedJwksUri'] => String, + Optional['ProviderVerifyCertFiles'] => String, + Optional['RedirectURLsAllowed'] => String, + Optional['StateCookiePrefix'] => String, + Optional['StateInputHeaders'] => Enum['user-agent', 'x-forwarded-for', 'both', 'none'], + Optional['TraceParent'] => Enum['off', 'generate', 'propagate'], + Optional['UserInfoClaimsExpr'] => String, + Optional['ValidateIssuer'] => Enum['On', 'Off'], }] ``` diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index d3246ccdc..8a1493528 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -1,113 +1,148 @@ # https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf type Apache::OIDCSettings = Struct[ { - Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], - Optional['CryptoPassphrase'] => String, - Optional['MetadataDir'] => String, - Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, - Optional['ProviderIssuer'] => String, - Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, - Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'], - Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, - Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], - Optional['ProviderRegistrationEndpointJson'] => String, - Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], - Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['SSLValidateServer'] => Enum['On', 'Off'], - Optional['UserInfoRefreshInterval'] => Integer, - Optional['JWKSRefreshInterval'] => Integer, - Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], - Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST'], - Optional['PublicKeyFiles'] => String, - Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], - Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], - Optional['ClientID'] => String, - Optional['ClientSecret'] => String, - Optional['ClientTokenEndpointCert'] => String, - Optional['ClientTokenEndpointKey'] => String, - Optional['ClientName'] => String, - Optional['ClientContact'] => String, - Optional['PKCDMethod'] => Enum['plain', 'S256', 'referred_tb'], - Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, - Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], - Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], - Optional['UserInfoSignedResposeAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], - Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], - Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, - Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, - Optional['OAuthClientID'] => String, - Optional['OAuthClientSecret'] => String, - Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], - Optional['OAuthIntrospectionClientAuthBearerToken'] => String, - Optional['OAuthIntrospectionEndpointCert'] => String, - Optional['OAuthIntrospectionEndpointKey'] => String, - Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], - Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['OAuthIntrospectionTokenParamName'] => String, - Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/], - Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], - Optional['OAuthVerifySharedKeys'] => String, - Optional['OAuthVerifyCertFiles'] => String, - Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, - Optional['OAuthRemoteUserClaim'] => String, - Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], - Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['Cookie'] => String, - Optional['SessionCookieChunkSize'] => Integer, - Optional['CookieHTTPOnly'] => Enum['On', 'Off'], - Optional['CookieSameSite'] => Enum['On', 'Off'], - Optional['PassCookies'] => String, - Optional['StripCookies'] => String, - Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\s(false|true)$/], - Optional['SessionInactivityTimeout'] => Integer, - Optional['SessionMaxDuration'] => Integer, - Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/], - Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], - Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], - Optional['CacheEncrypt'] => Enum['On', 'Off'], - Optional['CacheShmMax'] => Integer, - Optional['CacheShmEntrySizeMax'] => Integer, - Optional['CacheFileCleanInterval'] => Integer, - Optional['MemCacheServers'] => String, - Optional['RedisCacheServer'] => String, - Optional['RedisCachePassword'] => String, - Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['HTMLErrorTemplate'] => String, - Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], - Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['IDTokenIatSlack'] => Integer, - Optional['ClaimPrefix'] => String, - Optional['ClaimDelimiter'] => Pattern[/^.$/], - Optional['RemoteUserClaim'] => String, - Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], - Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\s?)+$/], - Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], - Optional['AuthNHeader'] => String, - Optional['HTTPTimeoutLong'] => Integer, - Optional['HTTPTimeoutShort'] => Integer, - Optional['StateTimeout'] => Integer, - Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], - Optional['OutgoingProxy'] => String, - Optional['UnAuthAction'] => Enum['auth', 'pass', '401', '410'], - Optional['UnAuthzAction'] => Enum['401', '403', 'auth'], - Optional['PreservePost'] => Enum['On', 'Off'], - Optional['PassRefreshToken'] => Enum['On', 'Off'], - Optional['RequestObject'] => String, - Optional['ProviderMetadataRefreshInterval'] => Integer, - Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/], - Optional['BlackListedClaims'] => String, - Optional['WhiteListedClaims'] => String, - Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/], - Optional['XForwardedHeaders'] => String, + Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], + Optional['CryptoPassphrase'] => String, + Optional['MetadataDir'] => String, + Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, + Optional['ProviderIssuer'] => String, + Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, + Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'], + Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, + Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], + Optional['ProviderRegistrationEndpointJson'] => String, + Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], + Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['SSLValidateServer'] => Enum['On', 'Off'], + Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s?(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['JWKSRefreshInterval'] => Integer, + Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], + Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], + Optional['PublicKeyFiles'] => String, + Optional['PrivateKeyFiles'] => String, + Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], + Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], + Optional['ClientID'] => String, + Optional['ClientSecret'] => String, + Optional['ClientTokenEndpointCert'] => String, + Optional['ClientTokenEndpointKey'] => String, + Optional['ClientTokenEndpointKeyPassword'] => String, + Optional['ClientName'] => String, + Optional['ClientContact'] => String, + Optional['PKCEMethod'] => Enum['plain', 'S256', 'referred_tb', 'none'], + Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], + Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, + Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], + Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], + Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['UserInfoSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], + Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], + Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, + Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, + Optional['OAuthClientID'] => String, + Optional['OAuthClientSecret'] => String, + Optional['OAuthIntrospectionEndpoint'] => String, + Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], + Optional['OAuthIntrospectionClientAuthBearerToken'] => String, + Optional['OAuthIntrospectionEndpointCert'] => String, + Optional['OAuthIntrospectionEndpointKey'] => String, + Optional['OAuthIntrospectionEndpointKeyPassword'] => String, + Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], + Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['OAuthIntrospectionTokenParamName'] => String, + Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], + Optional['OAuthTokenIntrospectionInterval'] => Integer, + Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], + Optional['OAuthVerifySharedKeys'] => String, + Optional['OAuthVerifyCertFiles'] => String, + Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, + Optional['OAuthRemoteUserClaim'] => String, + Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], + Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], + Optional['Cookie'] => String, + Optional['CookieDomain'] => String, + Optional['CookiePath'] => String, + Optional['SessionCookieChunkSize'] => Integer, + Optional['CookieHTTPOnly'] => Enum['On', 'Off'], + Optional['CookieSameSite'] => Enum['On', 'Off'], + Optional['PassCookies'] => String, + Optional['StripCookies'] => String, + Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s?(false|true))?$/], + Optional['SessionInactivityTimeout'] => Integer, + Optional['SessionMaxDuration'] => Integer, + Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/], + Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], + Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], + Optional['CacheDir'] => String, + Optional['CacheEncrypt'] => Enum['On', 'Off'], + Optional['CacheShmMax'] => Integer, + Optional['CacheShmEntrySizeMax'] => Integer, + Optional['CacheFileCleanInterval'] => Integer, + Optional['MemCacheServers'] => String, + Optional['MemCacheConnectionsHMax'] => Integer, + Optional['MemCacheConnectionsMin'] => Integer, + Optional['MemCacheConnectionsSMax'] => Integer, + Optional['MemCacheConnectionsTTL'] => Integer, + Optional['RedisCacheServer'] => String, + Optional['RedisCachePassword'] => String, + Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+\s?[0-9]*$/], + Optional['RedisCacheDatabase'] => Integer, + Optional['RedisCacheTimeout'] => Integer, + Optional['RedisCacheUsername'] => String, + Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['HTMLErrorTemplate'] => String, + Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], + Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['IDTokenIatSlack'] => Integer, + Optional['ClaimPrefix'] => String, + Optional['ClaimDelimiter'] => Pattern[/^.$/], + Optional['RemoteUserClaim'] => String, + Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], + Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/], + Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], + Optional['AuthNHeader'] => String, + Optional['HTTPTimeoutLong'] => Integer, + Optional['HTTPTimeoutShort'] => Integer, + Optional['StateTimeout'] => Integer, + Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], + Optional['OutgoingProxy'] => String, + Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)\s.*/], + Optional['UnAutzAction'] => Pattern[/^(none|headers|environment|both)(\s+(latin1|base64url|none)+)?$/], + Optional['PreservePost'] => Enum['On', 'Off'], + Optional['PreservePostTemplates'] => String, + Optional['PassRefreshToken'] => Enum['On', 'Off'], + Optional['RequestObject'] => String, + Optional['ProviderMetadataRefreshInterval'] => Integer, + Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/], + Optional['BlackListedClaims'] => String, + Optional['WhiteListedClaims'] => String, + Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['XForwardedHeaders'] => String, + Optional['CABundlePath'] => String, + Optional['DefaultLoggedOutURL'] => String, + Optional['DPoPMode'] => String, + Optional['FilterClaimsExpr'] => String, + Optional['LogoutRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['LogoutXFrameOptions'] => String, + Optional['MetricsData'] => String, + Optional['MetricsPublish'] => String, + Optional['PassAccessToken'] => Enum['On', 'Off'], + Optional['ProviderPushedAuthorizationRequestEndpoint'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['ProviderSignedJwksUri'] => String, + Optional['ProviderVerifyCertFiles'] => String, + Optional['RedirectURLsAllowed'] => String, + Optional['StateCookiePrefix'] => String, + Optional['StateInputHeaders'] => Enum['user-agent', 'x-forwarded-for', 'both', 'none'], + Optional['TraceParent'] => Enum['off', 'generate', 'propagate'], + Optional['UserInfoClaimsExpr'] => String, + Optional['ValidateIssuer'] => Enum['On', 'Off'], } ]