New example: Setting up SSO to PingDirectory from PingOne #12
Conversation
| | `PINGDIRECTORY_PROVIDER_USERNAME` | [PingDirectory - username](https://registry.terraform.io/providers/pingidentity/pingdirectory/latest/docs#username) | Required | | ||
| | `PINGDIRECTORY_PROVIDER_PASSWORD` | [PingDirectory - password](https://registry.terraform.io/providers/pingidentity/pingdirectory/latest/docs#password) | Required | | ||
| | `PINGDIRECTORY_PROVIDER_HTTPS_HOST` | [PingDirectory - http_host](https://registry.terraform.io/providers/pingidentity/pingdirectory/latest/docs#https_host) | Required | | ||
| | `PINGDIRECTORY_PROVIDER_INSECURE_TRUST_ALL_TLS` | [PingDirectory - insecure_trust_all_tls](https://registry.terraform.io/providers/pingidentity/pingdirectory/latest/docs#insecure_trust_all_tls) | Optional | |
There was a problem hiding this comment.
I suppose since it is just an example it is fine to recommend this, but maybe we could mention that this is just for testing and you should use actual cert configuration (https://registry.terraform.io/providers/pingidentity/pingdirectory/latest/docs#ca_certificate_pem_files) in production
There was a problem hiding this comment.
Good point - I'll add that in to the next draft
| |----------------------------------|----------|-----------|--------------------------| | ||
| | `pingdirectory_console_base_url` | No | String | `https://localhost:8443` | | ||
| | `pingdirectory_ldap_host` | No | String | *no default* | | ||
| | `pingdirectory_ldap_port` | No | Number | *no default* | |
There was a problem hiding this comment.
If you want to provide defaults here, 1636 would be a good default for the port (it's the default LDAPS port for PD). And if we are using localhost as the default for the console, we could use localhost as the default for the PD server.
| email_address = pingone_user.demo_admin.email | ||
|
|
||
| inherit_default_root_privileges = true | ||
| search_result_entry_limit = 0 |
There was a problem hiding this comment.
Are these attribute required for SSO?
There was a problem hiding this comment.
To be confirmed - once we have the remaining pieces in the PD provider then I'll do a full end-to-end test and if they're optional I'll likely remove them
2 participants
ref: https://docs.pingidentity.com/r/en-us/pingone/pd_ds_set_up_sso_pingdir_pingone