feat: add SAML as identity provider (#6454)

* feat: first implementation for saml sp * fix: add command side instance and org for saml provider * fix: add query side instance and org for saml provider * fix: request handling in event and retrieval of finished intent * fix: add review changes and integration tests * fix: add integration tests for saml idp * fix: correct unit tests with review changes * fix: add saml session unit test * fix: add saml session unit test * fix: add saml session unit test * fix: changes from review * fix: changes from review * fix: proto build error * fix: proto build error * fix: proto build error * fix: proto require metadata oneof * fix: login with saml provider * fix: integration test for saml assertion * lint client.go * fix json tag * fix: linting * fix import * fix: linting * fix saml idp query * fix: linting * lint: try all issues * revert linting config * fix: add regenerate endpoints * fix: translations * fix mk.yaml * ignore acs path for user agent cookie * fix: add AuthFromProvider test for saml * fix: integration test for saml retrieve information --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 08:57:35 +00:00 · 2023-09-29 11:26:14 +02:00
parent 2e99d0fe1b
commit 15fd3045e0
82 changed files with 6301 additions and 245 deletions
--- a/internal/idp/providers/saml/requesttracker/request_tracker.go
+++ b/internal/idp/providers/saml/requesttracker/request_tracker.go
@@ -0,0 +1,58 @@
+package requesttracker
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/crewjam/saml/samlsp"
+)
+
+type GetRequest func(ctx context.Context, intentID string) (*samlsp.TrackedRequest, error)
+type AddRequest func(ctx context.Context, intentID, requestID string) error
+
+type RequestTracker struct {
+	addRequest AddRequest
+	getRequest GetRequest
+}
+
+func New(addRequestF AddRequest, getRequestF GetRequest) samlsp.RequestTracker {
+	return &RequestTracker{
+		addRequest: addRequestF,
+		getRequest: getRequestF,
+	}
+}
+
+func (rt *RequestTracker) TrackRequest(w http.ResponseWriter, r *http.Request, samlRequestID string) (index string, err error) {
+	// intentID is stored in r.URL
+	intentID := r.URL.String()
+	if err := rt.addRequest(r.Context(), intentID, samlRequestID); err != nil {
+		return "", err
+	}
+	return intentID, nil
+}
+
+func (rt *RequestTracker) StopTrackingRequest(w http.ResponseWriter, r *http.Request, index string) error {
+	// error is not handled in SP logic
+	return nil
+}
+
+func (rt *RequestTracker) GetTrackedRequests(r *http.Request) []samlsp.TrackedRequest {
+	// RelayState is the context of the auth flow and as such contains the intentID
+	intentID := r.FormValue("RelayState")
+
+	request, err := rt.getRequest(r.Context(), intentID)
+	if err != nil {
+		return nil
+	}
+	return []samlsp.TrackedRequest{
+		{
+			Index:         request.Index,
+			SAMLRequestID: request.SAMLRequestID,
+			URI:           request.URI,
+		},
+	}
+}
+
+func (rt *RequestTracker) GetTrackedRequest(r *http.Request, index string) (*samlsp.TrackedRequest, error) {
+	return rt.getRequest(r.Context(), index)
+}