feat: add SAML as identity provider (#6454)

* feat: first implementation for saml sp * fix: add command side instance and org for saml provider * fix: add query side instance and org for saml provider * fix: request handling in event and retrieval of finished intent * fix: add review changes and integration tests * fix: add integration tests for saml idp * fix: correct unit tests with review changes * fix: add saml session unit test * fix: add saml session unit test * fix: add saml session unit test * fix: changes from review * fix: changes from review * fix: proto build error * fix: proto build error * fix: proto build error * fix: proto require metadata oneof * fix: login with saml provider * fix: integration test for saml assertion * lint client.go * fix json tag * fix: linting * fix import * fix: linting * fix saml idp query * fix: linting * lint: try all issues * revert linting config * fix: add regenerate endpoints * fix: translations * fix mk.yaml * ignore acs path for user agent cookie * fix: add AuthFromProvider test for saml * fix: integration test for saml retrieve information --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 03:37:34 +00:00 · 2023-09-29 11:26:14 +02:00
parent 2e99d0fe1b
commit 15fd3045e0
82 changed files with 6301 additions and 245 deletions
--- a/internal/command/idp_intent_model.go
+++ b/internal/command/idp_intent_model.go
@@ -25,6 +25,9 @@ type IDPIntentWriteModel struct {

 	IDPEntryAttributes map[string][]string

+	RequestID string
+	Assertion *crypto.CryptoValue
+
 	State     domain.IDPIntentState
 	aggregate *eventstore.Aggregate
 }
@@ -46,6 +49,10 @@ func (wm *IDPIntentWriteModel) Reduce() error {
 			wm.reduceStartedEvent(e)
 		case *idpintent.SucceededEvent:
 			wm.reduceOAuthSucceededEvent(e)
+		case *idpintent.SAMLSucceededEvent:
+			wm.reduceSAMLSucceededEvent(e)
+		case *idpintent.SAMLRequestEvent:
+			wm.reduceSAMLRequestEvent(e)
 		case *idpintent.LDAPSucceededEvent:
 			wm.reduceLDAPSucceededEvent(e)
 		case *idpintent.FailedEvent:
@@ -64,6 +71,8 @@ func (wm *IDPIntentWriteModel) Query() *eventstore.SearchQueryBuilder {
 		EventTypes(
 			idpintent.StartedEventType,
 			idpintent.SucceededEventType,
+			idpintent.SAMLSucceededEventType,
+			idpintent.SAMLRequestEventType,
 			idpintent.LDAPSucceededEventType,
 			idpintent.FailedEventType,
 		).
@@ -77,6 +86,15 @@ func (wm *IDPIntentWriteModel) reduceStartedEvent(e *idpintent.StartedEvent) {
 	wm.State = domain.IDPIntentStateStarted
 }

+func (wm *IDPIntentWriteModel) reduceSAMLSucceededEvent(e *idpintent.SAMLSucceededEvent) {
+	wm.UserID = e.UserID
+	wm.IDPUser = e.IDPUser
+	wm.IDPUserID = e.IDPUserID
+	wm.IDPUserName = e.IDPUserName
+	wm.Assertion = e.Assertion
+	wm.State = domain.IDPIntentStateSucceeded
+}
+
 func (wm *IDPIntentWriteModel) reduceLDAPSucceededEvent(e *idpintent.LDAPSucceededEvent) {
 	wm.UserID = e.UserID
 	wm.IDPUser = e.IDPUser
@@ -96,6 +114,10 @@ func (wm *IDPIntentWriteModel) reduceOAuthSucceededEvent(e *idpintent.SucceededE
 	wm.State = domain.IDPIntentStateSucceeded
 }

+func (wm *IDPIntentWriteModel) reduceSAMLRequestEvent(e *idpintent.SAMLRequestEvent) {
+	wm.RequestID = e.RequestID
+}
+
 func (wm *IDPIntentWriteModel) reduceFailedEvent(e *idpintent.FailedEvent) {
 	wm.State = domain.IDPIntentStateFailed
 }