feat: add SAML as identity provider (#6454)

* feat: first implementation for saml sp * fix: add command side instance and org for saml provider * fix: add query side instance and org for saml provider * fix: request handling in event and retrieval of finished intent * fix: add review changes and integration tests * fix: add integration tests for saml idp * fix: correct unit tests with review changes * fix: add saml session unit test * fix: add saml session unit test * fix: add saml session unit test * fix: changes from review * fix: changes from review * fix: proto build error * fix: proto build error * fix: proto build error * fix: proto require metadata oneof * fix: login with saml provider * fix: integration test for saml assertion * lint client.go * fix json tag * fix: linting * fix import * fix: linting * fix saml idp query * fix: linting * lint: try all issues * revert linting config * fix: add regenerate endpoints * fix: translations * fix mk.yaml * ignore acs path for user agent cookie * fix: add AuthFromProvider test for saml * fix: integration test for saml retrieve information --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:37:32 +00:00 · 2023-09-29 11:26:14 +02:00
parent 2e99d0fe1b
commit 15fd3045e0
82 changed files with 6301 additions and 245 deletions
--- a/internal/repository/idp/saml.go
+++ b/internal/repository/idp/saml.go
@@ -0,0 +1,164 @@
+package idp
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+)
+
+type SAMLIDPAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID                string              `json:"id"`
+	Name              string              `json:"name,omitempty"`
+	Metadata          []byte              `json:"metadata,omitempty"`
+	Key               *crypto.CryptoValue `json:"key,omitempty"`
+	Certificate       []byte              `json:"certificate,omitempty"`
+	Binding           string              `json:"binding,omitempty"`
+	WithSignedRequest bool                `json:"withSignedRequest,omitempty"`
+	Options
+}
+
+func NewSAMLIDPAddedEvent(
+	base *eventstore.BaseEvent,
+	id,
+	name string,
+	metadata []byte,
+	key *crypto.CryptoValue,
+	certificate []byte,
+	binding string,
+	withSignedRequest bool,
+	options Options,
+) *SAMLIDPAddedEvent {
+	return &SAMLIDPAddedEvent{
+		BaseEvent:         *base,
+		ID:                id,
+		Name:              name,
+		Metadata:          metadata,
+		Key:               key,
+		Certificate:       certificate,
+		Binding:           binding,
+		WithSignedRequest: withSignedRequest,
+		Options:           options,
+	}
+}
+
+func (e *SAMLIDPAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *SAMLIDPAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func SAMLIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &SAMLIDPAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-v9uajo3k71", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
+
+type SAMLIDPChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID                string              `json:"id"`
+	Name              *string             `json:"name,omitempty"`
+	Metadata          []byte              `json:"metadata,omitempty"`
+	Key               *crypto.CryptoValue `json:"key,omitempty"`
+	Certificate       []byte              `json:"certificate,omitempty"`
+	Binding           *string             `json:"binding,omitempty"`
+	WithSignedRequest *bool               `json:"withSignedRequest,omitempty"`
+	OptionChanges
+}
+
+func NewSAMLIDPChangedEvent(
+	base *eventstore.BaseEvent,
+	id string,
+	changes []SAMLIDPChanges,
+) (*SAMLIDPChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "IDP-cz6mnf860t", "Errors.NoChangesFound")
+	}
+	changedEvent := &SAMLIDPChangedEvent{
+		BaseEvent: *base,
+		ID:        id,
+	}
+	for _, change := range changes {
+		change(changedEvent)
+	}
+	return changedEvent, nil
+}
+
+type SAMLIDPChanges func(*SAMLIDPChangedEvent)
+
+func ChangeSAMLName(name string) func(*SAMLIDPChangedEvent) {
+	return func(e *SAMLIDPChangedEvent) {
+		e.Name = &name
+	}
+}
+
+func ChangeSAMLMetadata(metadata []byte) func(*SAMLIDPChangedEvent) {
+	return func(e *SAMLIDPChangedEvent) {
+		e.Metadata = metadata
+	}
+}
+
+func ChangeSAMLKey(key *crypto.CryptoValue) func(*SAMLIDPChangedEvent) {
+	return func(e *SAMLIDPChangedEvent) {
+		e.Key = key
+	}
+}
+
+func ChangeSAMLCertificate(certificate []byte) func(*SAMLIDPChangedEvent) {
+	return func(e *SAMLIDPChangedEvent) {
+		e.Certificate = certificate
+	}
+}
+
+func ChangeSAMLBinding(binding string) func(*SAMLIDPChangedEvent) {
+	return func(e *SAMLIDPChangedEvent) {
+		e.Binding = &binding
+	}
+}
+
+func ChangeSAMLWithSignedRequest(withSignedRequest bool) func(*SAMLIDPChangedEvent) {
+	return func(e *SAMLIDPChangedEvent) {
+		e.WithSignedRequest = &withSignedRequest
+	}
+}
+
+func ChangeSAMLOptions(options OptionChanges) func(*SAMLIDPChangedEvent) {
+	return func(e *SAMLIDPChangedEvent) {
+		e.OptionChanges = options
+	}
+}
+
+func (e *SAMLIDPChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *SAMLIDPChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func SAMLIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &SAMLIDPChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-w1t1824tw5", "unable to unmarshal event")
+	}
+
+	return e, nil
+}