variable "name" {
  description = "Name of the SAML provider"
  type        = string
}

variable "app_name" {
  description = "Name of the application"
  type        = string
}

variable "app_slug" {
  description = "Slug of the application"
  type        = string
}

variable "app_group" {
  description = "Group of the application"
  type        = string
  default     = ""
}

variable "authorization_flow" {
  description = "Authorization flow ID"
  type        = string
}

variable "invalidation_flow" {
  description = "Invalidation flow ID"
  type        = string
}

variable "acs_url" {
  description = "Assertion Consumer Service URL"
  type        = string
}

variable "issuer" {
  description = "SAML Issuer"
  type        = string
}

variable "audience" {
  description = "SAML Audience"
  type        = string
}

variable "sp_binding" {
  description = "Service Provider binding (post or redirect)"
  type        = string
  default     = "post"
}

variable "signing_key" {
  description = "Certificate key pair ID for signing"
  type        = string
  default     = null
}

variable "property_mappings" {
  description = "List of property mapping IDs"
  type        = list(string)
  default     = []
}

variable "name_id_mapping" {
  description = "Property mapping ID for NameID"
  type        = string
  default     = null
}

variable "assertion_valid_not_before" {
  description = "Assertion valid not before"
  type        = string
  default     = "minutes=-5"
}

variable "assertion_valid_not_on_or_after" {
  description = "Assertion valid not on or after"
  type        = string
  default     = "minutes=5"
}

variable "session_valid_not_on_or_after" {
  description = "Session valid not on or after"
  type        = string
  default     = "minutes=86400"
}

variable "policy_engine_mode" {
  description = "Policy engine mode"
  type        = string
  default     = "all"
}

variable "meta_description" {
  description = "Application description"
  type        = string
  default     = ""
}

variable "meta_launch_url" {
  description = "Application launch URL"
  type        = string
  default     = ""
}

variable "meta_icon" {
  description = "Application icon URL"
  type        = string
  default     = ""
}

variable "access_policies" {
  description = "Access policies for the application"
  type = map(object({
    policy_id      = string
    order          = number
    enabled        = optional(bool, true)
    timeout        = optional(number, 30)
    negate         = optional(bool, false)
    failure_result = optional(bool, true)
  }))
  default = {}
}