Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML IdP attribute mapping types and config handler #35584

Merged
merged 11 commits into from Dec 14, 2023
Merged

SAML IdP attribute mapping types and config handler #35584

merged 11 commits into from Dec 14, 2023

Conversation

flyinghermit
Copy link
Contributor

@flyinghermit flyinghermit commented Dec 8, 2023
edited

Supports attribute mapping configuration in saml_idp_service_provider spec.

 attribute_mapping:
  - name: string
    name_format: string
    value: string # predicate expression

value of name_format can be one of the following:

  • unspecified or urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified. Used as a default value.
  • uri or urn:oasis:names:tc:SAML:2.0:attrname-format:uri.
  • basic or urn:oasis:names:tc:SAML:2.0:attrname-format:basic.

Reference spec file:

sp.yml
kind: saml_idp_service_provider
metadata:
  name: sp
  revision: 54eec4e0-1483-4b3e-807f-8421abd331de
spec:
  attribute_mapping:
  - name: displayname
    value: user.spec.traits.firstname
  - name: email
     name_format: urn
     value: user.spec.traits.email
  - name: firstname
    name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    value: user.spec.traits.firstname
  entity_descriptor: |-
    <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2023-12-10T16:26:51.083Z" entityID="https://example.com/saml/metadata">
      <SPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2023-12-10T16:26:51.083029Z" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false" WantAssertionsSigned="true">
        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/saml/acs" index="1"></AssertionConsumerService>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://example.com/saml/acs" index="2"></AssertionConsumerService>
      </SPSSODescriptor>
    </EntityDescriptor>
  entity_id: https://example.com/saml/metadata
version: v1

RFD: https://github.com/gravitational/teleport.e/pull/2801
see #34725, https://github.com/gravitational/teleport.e/issues/2692

changelog: attribute mapping in saml_idp_service_provider spec.

@flyinghermit flyinghermit marked this pull request as ready for review December 12, 2023 21:08
@github-actions GitHub Actions
Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@github-actions GitHub Actions
Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@flyinghermit
Copy link
Contributor Author

flyinghermit commented Dec 13, 2023
edited

Friendly ping

r0mant
r0mant reviewed Dec 14, 2023
View reviewed changes
Copy link
Collaborator

@r0mant r0mant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few stylistic nitpicks.

api/types/saml_idp_service_provider.go Show resolved Hide resolved
api/types/saml_idp_service_provider.go Show resolved Hide resolved
api/types/saml_idp_service_provider.go Outdated Show resolved Hide resolved
api/types/saml_idp_service_provider.go Outdated Show resolved Hide resolved
api/types/saml_idp_service_provider.go Outdated Show resolved Hide resolved
@flyinghermit
- CheckAndSetDefaults() for SAMLAttributeMapping type
50d6feb 
- use map instead of slice for finding duplicate names
@flyinghermit
Copy link
Contributor Author

Friendly ping @xacrimon @fspmarshall @mdwn

@flyinghermit flyinghermit added this pull request to the merge queue Dec 14, 2023
Merged via the queue into master with commit b4e5e91 Dec 14, 2023
36 checks passed
@flyinghermit flyinghermit deleted the sshah/attribute-mapping-types branch December 14, 2023 19:59
@public-teleport-github-review-bot
Copy link

@flyinghermit See the table below for backport results.

Branch Result
branch/v14 Failed

flyinghermit added a commit that referenced this pull request Dec 18, 2023
@flyinghermit
backport #35584 to branch/v14
be48b3a
@flyinghermit flyinghermit mentioned this pull request Dec 18, 2023
Merged
github-merge-queue bot pushed a commit that referenced this pull request Dec 19, 2023
@flyinghermit
backport #35584 to branch/v14 (#35873)
7104170
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r0mant r0mant r0mant approved these changes

@mdwn mdwn mdwn approved these changes

Assignees
No one assigned
Labels
backport/branch/v14 size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@flyinghermit @r0mant @mdwn