Add support for prompting user account at each login (#538)

Co-authored-by: Brandon Hartshorn <bhartshorn@umass.edu>

src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java

@@ -123,6 +123,7 @@ public class AzureSecurityRealm extends SecurityRealm {
     private static final int BAD_REQUEST = 400;
     public static final String CONVERTER_DISABLE_GRAPH_INTEGRATION = "disableGraphIntegration";
     public static final String CONVERTER_SINGLE_LOGOUT = "singleLogout";
+    public static final String CONVERTER_PROMPT_ACCOUNT = "promptAccount";
     public static final String CONVERTER_ENVIRONMENT_NAME = "environmentName";
 
     private Cache<String, AzureAdUser> caches;
@@ -132,6 +133,7 @@ public class AzureSecurityRealm extends SecurityRealm {
     private Secret tenant;
     private int cacheDuration;
     private boolean fromRequest = false;
+    private boolean promptAccount;
     private boolean singleLogout;
     private boolean disableGraphIntegration;
     private String azureEnvironmentName = "Azure";
@@ -162,6 +164,14 @@ ClientSecretCredential getClientSecretCredential() {
                 .build();
     }
 
+    public boolean isPromptAccount() {
+        return promptAccount;
+    }
+
+    @DataBoundSetter
+    public void setPromptAccount(boolean promptAccount) {
+        this.promptAccount = promptAccount;
+    }
 
     public boolean isSingleLogout() {
         return singleLogout;
@@ -317,6 +327,9 @@ public HttpResponse doCommenceLogin(StaplerRequest request, @Header("Referer") f
         Map<String, String> additionalParams = new HashMap<>();
         additionalParams.put("nonce", nonce);
         additionalParams.put("response_mode", "form_post");
+        if (promptAccount) {
+            additionalParams.put("prompt", "select_account");
+        }
 
         return new HttpRedirect(service.getAuthorizationUrl(additionalParams));
     }
@@ -631,6 +644,10 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC
             writer.setValue(String.valueOf(realm.isDisableGraphIntegration()));
             writer.endNode();
 
+            writer.startNode(CONVERTER_PROMPT_ACCOUNT);
+            writer.setValue(String.valueOf(realm.isPromptAccount()));
+            writer.endNode();
+
             writer.startNode(CONVERTER_SINGLE_LOGOUT);
             writer.setValue(String.valueOf(realm.isSingleLogout()));
             writer.endNode();
@@ -665,6 +682,9 @@ public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext co
                     case CONVERTER_DISABLE_GRAPH_INTEGRATION:
                         realm.setDisableGraphIntegration(Boolean.parseBoolean(value));
                         break;
+                    case CONVERTER_PROMPT_ACCOUNT:
+                        realm.setPromptAccount(Boolean.parseBoolean(value));
+                        break;
                     case CONVERTER_SINGLE_LOGOUT:
                         realm.setSingleLogout(Boolean.parseBoolean(value));
                         break;

src/main/resources/com/microsoft/jenkins/azuread/AzureSecurityRealm/config.jelly

@@ -30,6 +30,10 @@
             <f:checkbox />
         </f:entry>
 
+        <f:entry title="${%Prompt for user account on each login}" field="promptAccount">
+            <f:checkbox />
+        </f:entry>
+
         <f:entry title="${%Enable Single Logout}" field="singleLogout">
             <f:checkbox />
         </f:entry>