Terraform Provider
Infrastructure as Code for JOSSO EE
Overview
The JOSSO Terraform Provider enables you to manage your identity infrastructure using Infrastructure as Code (IaC). Define your identity appliances, service providers, and configurations in declarative Terraform files for reproducible, version-controlled deployments.
Key Benefits
Version Control
Track all configuration changes in Git
Reproducible
Deploy identical environments every time
Automation
Integrate with CI/CD pipelines
Compliance
Audit trail for all changes
Installation
Provider Configuration
terraform {
required_providers {
josso = {
source = "atricore/josso"
version = "~> 2.6"
}
}
}
provider "josso" {
endpoint = "https://your-josso-server:8443"
username = var.josso_username
password = var.josso_password
} Available Resources
| Resource | Description |
|---|---|
| josso_identity_appliance | Create and manage identity appliances |
| josso_identity_source | Configure LDAP, AD, or database identity sources |
| josso_service_provider | Register SAML/OAuth/OIDC service providers |
| josso_identity_provider | Configure external identity providers |
| josso_user | Manage user accounts |
| josso_group | Manage groups and memberships |
Data Sources
| Data Source | Description |
|---|---|
| data.josso_appliance | Read existing identity appliance data |
| data.josso_user | Look up user information |
| data.josso_group | Look up group information |
Example Configuration
Create an Identity Appliance with SAML SP
resource "josso_identity_appliance" "main" {
name = "production-idp"
description = "Production Identity Provider"
identity_source {
type = "ldap"
config = {
url = "ldaps://ldap.example.com:636"
base_dn = "dc=example,dc=com"
bind_dn = var.ldap_bind_dn
bind_pass = var.ldap_bind_pass
}
}
}
resource "josso_service_provider" "app1" {
appliance_id = josso_identity_appliance.main.id
name = "my-application"
protocol = "saml2"
saml_config {
entity_id = "https://app.example.com/saml"
acs_url = "https://app.example.com/saml/acs"
sign_assertions = true
name_id_format = "email"
}
}