IapSettings

IapSettings

JSON representation
AccessSettings
- JSON representation
GcipSettings
- JSON representation
CorsSettings
- JSON representation
OAuthSettings
- JSON representation
ApplicationSettings
- JSON representation
CsmSettings
- JSON representation

The IAP configurable settings.

JSON representation
{ "name": string, "accessSettings": { object (`AccessSettings`) }, "applicationSettings": { object (`ApplicationSettings`) } }

Fields

Fields
`name`	`string` Required. The resource name of the IAP protected resource.
`accessSettings`	`object (AccessSettings)` Top level wrapper for all access related setting in IAP
`applicationSettings`	`object (ApplicationSettings)` Top level wrapper for all application related settings in IAP

name

string

Required. The resource name of the IAP protected resource.

accessSettings

object (AccessSettings)

Top level wrapper for all access related setting in IAP

applicationSettings

object (ApplicationSettings)

Top level wrapper for all application related settings in IAP

AccessSettings

Access related settings for IAP protected apps.

JSON representation
{ "gcipSettings": { object (`GcipSettings`) }, "corsSettings": { object (`CorsSettings`) }, "oauthSettings": { object (`OAuthSettings`) } }

Fields

Fields
`gcipSettings`	`object (GcipSettings)` GCIP claims and endpoint configurations for 3p identity providers.
`corsSettings`	`object (CorsSettings)` Configuration to allow cross-origin requests via IAP.
`oauthSettings`	`object (OAuthSettings)` Settings to configure IAP's OAuth behavior.

gcipSettings

object (GcipSettings)

GCIP claims and endpoint configurations for 3p identity providers.

corsSettings

object (CorsSettings)

Configuration to allow cross-origin requests via IAP.

oauthSettings

object (OAuthSettings)

Settings to configure IAP's OAuth behavior.

GcipSettings

Allows customers to configure tenant_id for GCIP instance per-app.

JSON representation
{ "tenantIds": [ string ], "loginPageUri": string }

Fields

Fields
`tenantIds[]`	`string` GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenantIds should only contain one single element, while for tenant flow, tenantIds can contain multiple elements.
`loginPageUri`	`string` Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.

tenantIds[]

string

GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenantIds should only contain one single element, while for tenant flow, tenantIds can contain multiple elements.

loginPageUri

string

Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.

CorsSettings

Allows customers to configure HTTP request paths that'll allow HTTP OPTIONS call to bypass authentication and authorization.

JSON representation
{ "allowHttpOptions": boolean }

Fields

Fields
`allowHttpOptions`	`boolean` Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.

allowHttpOptions

boolean

Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.

OAuthSettings

Configuration for OAuth login&consent flow behavior.

JSON representation
{ "loginHint": string }

Fields

Fields
`loginHint`	`string` Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. https://developers.google.com/identity/protocols/OpenIDConnect#hd-param Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.

loginHint

string

Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. https://developers.google.com/identity/protocols/OpenIDConnect#hd-param Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.

ApplicationSettings

Wrapper over application specific settings for IAP.

JSON representation
{ "csmSettings": { object (`CsmSettings`) } }

Fields

Fields
`csmSettings`	`object (CsmSettings)` Settings to configure IAP's behavior for a CSM mesh.

csmSettings

object (CsmSettings)

Settings to configure IAP's behavior for a CSM mesh.

CsmSettings

Configuration for RCTokens generated for CSM workloads protected by IAP. RCTokens are IAP generated JWTs that can be verified at the application. The RCToken is primarily used for ISTIO deployments, and can be scoped to a single mesh by configuring the audience field accordingly

JSON representation
{ "rctokenAud": string }

Fields

Fields
`rctokenAud`	`string` Audience claim set in the generated RCToken. This value is not validated by IAP.

rctokenAud

string

Audience claim set in the generated RCToken. This value is not validated by IAP.

Was this page helpful? Let us know how we did:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated December 4, 2019.

AccessSettings

GcipSettings

CorsSettings

OAuthSettings

ApplicationSettings

CsmSettings

Send feedback about...