import { ITenantLoginOption } from '@c8y/client';
export declare enum TemplateType {
    CUSTOM = "CUSTOM",
    AZURE = "AZURE",
    KEYCLOAK = "KEYCLOAK"
}
export declare const templateTypeConfig: {
    CUSTOM: {
        name: string;
        value: string;
        label: "Custom";
    };
    AZURE: {
        name: string;
        value: string;
        label: "Azure AD";
    };
    KEYCLOAK: {
        name: string;
        value: string;
        label: "Keycloak";
    };
};
export declare enum ValidationMethod {
    USERINFO = "USERINFO",
    INTROSPECTION = "INTROSPECTION"
}
export interface AccessTokenToUserDataMappings {
    firstNameClaimName?: string;
    lastNameClaimName?: string;
    emailClaimName?: string;
    phoneNumberClaimName?: string;
}
export interface SSORequestParams {
    [key: string]: string;
}
export interface Headers {
    [key: string]: string;
}
export interface OnNewUser {
    dynamicMapping: DynamicMapping;
}
export interface Configuration {
    mapRolesOnlyForNewUser: boolean;
    manageRolesOnlyFromAccessMapping: boolean;
    mapFromIdToken: boolean;
}
export interface ChildPredicate {
    operator: 'EQ' | 'NEQ' | 'GT' | 'LT' | 'GTE' | 'LTE' | 'IN';
    parameterPath: string;
    value: string;
}
export interface WhenItemsAreMapped {
    childPredicates: ChildPredicate[];
    operator: 'AND';
}
export interface AccessMapping {
    thenApplications: number[];
    thenGroups: number[];
    when: WhenItemsAreMapped;
}
export interface DynamicMapping {
    configuration?: Configuration;
    mappings: AccessMapping[];
    inventoryMappings: InventoryMapping[];
}
export interface InventoryMapping {
    when: WhenItemsAreMapped;
    thenInventoryRoles: InventoryRole[];
}
export interface InventoryRole {
    roleIds: number[];
    managedObject: string;
}
export interface MapRolesOnlyForNewUser {
    configuration: Configuration;
}
export interface CustomSignatureVerificationConfig {
    certIdFromField: boolean;
    certIdField?: string;
    certificates?: {
        [certIdValue: string]: Certificate;
    };
}
export interface Certificate {
    alg: 'PCKS' | 'RSA';
    publicKey: string;
    validFrom?: Date;
    validTill?: Date;
}
export interface AadSignatureVerificationConfig {
    publicKeyDiscoveryUrl: string;
}
export interface JwksSignatureVerificationConfig {
    jwksUri: string;
}
export interface AdfsSignatureVerificationConfig {
    manifestUrl: string;
}
export interface SignatureVerificationConfig {
    manual?: CustomSignatureVerificationConfig;
    aad?: AadSignatureVerificationConfig;
    jwks?: JwksSignatureVerificationConfig;
    adfsManifest?: AdfsSignatureVerificationConfig;
    template?: string;
}
export interface SSORequest {
    body?: string;
    headers: Headers;
    method: string;
    operation: string;
    requestParams: SSORequestParams;
    url?: string;
}
export interface UserIdConfig {
    jwtField?: string;
    constantValue?: string;
    useConstantValue: boolean;
}
export interface ExternalTokenConfig {
    enabled: boolean;
    userOrAppIdConfig?: UserIdConfig;
    validationMethod?: ValidationMethod;
    validationRequired?: boolean;
    tokenValidationRequest?: SSORequest;
    accessTokenValidityCheckIntervalInMinutes?: number;
}
export interface SsoConfiguration extends ITenantLoginOption {
    accessTokenToUserDataMappings: AccessTokenToUserDataMappings;
    audience: string;
    authorizationRequest: SSORequest;
    buttonName: string;
    clientId: string;
    id?: string;
    issuer: string;
    logoutRequest: SSORequest;
    onNewUser: OnNewUser;
    providerName: string;
    redirectToPlatform: string;
    refreshRequest: SSORequest;
    self?: string;
    signatureVerificationConfig: SignatureVerificationConfig;
    template: TemplateType;
    tokenRequest: SSORequest;
    userIdConfig: UserIdConfig;
    visibleOnLoginPage: boolean;
    externalTokenConfig?: ExternalTokenConfig;
    useIdToken: boolean;
}
//# sourceMappingURL=sso-configuration.model.d.ts.map