feat: add SAML as identity provider (#6454)

* feat: first implementation for saml sp * fix: add command side instance and org for saml provider * fix: add query side instance and org for saml provider * fix: request handling in event and retrieval of finished intent * fix: add review changes and integration tests * fix: add integration tests for saml idp * fix: correct unit tests with review changes * fix: add saml session unit test * fix: add saml session unit test * fix: add saml session unit test * fix: changes from review * fix: changes from review * fix: proto build error * fix: proto build error * fix: proto build error * fix: proto require metadata oneof * fix: login with saml provider * fix: integration test for saml assertion * lint client.go * fix json tag * fix: linting * fix import * fix: linting * fix saml idp query * fix: linting * lint: try all issues * revert linting config * fix: add regenerate endpoints * fix: translations * fix mk.yaml * ignore acs path for user agent cookie * fix: add AuthFromProvider test for saml * fix: integration test for saml retrieve information --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:37:32 +00:00 · 2023-09-29 11:26:14 +02:00
parent 2e99d0fe1b
commit 15fd3045e0
82 changed files with 6301 additions and 245 deletions
--- a/internal/repository/idpintent/intent.go
+++ b/internal/repository/idpintent/intent.go
@@ -14,6 +14,8 @@ import (
 const (
 	StartedEventType       = instanceEventTypePrefix + "started"
 	SucceededEventType     = instanceEventTypePrefix + "succeeded"
+	SAMLSucceededEventType = instanceEventTypePrefix + "saml.succeeded"
+	SAMLRequestEventType   = instanceEventTypePrefix + "saml.requested"
 	LDAPSucceededEventType = instanceEventTypePrefix + "ldap.succeeded"
 	FailedEventType        = instanceEventTypePrefix + "failed"
 )
@@ -124,6 +126,103 @@ func SucceededEventMapper(event *repository.Event) (eventstore.Event, error) {
 	return e, nil
 }

+type SAMLSucceededEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IDPUser     []byte `json:"idpUser"`
+	IDPUserID   string `json:"idpUserId,omitempty"`
+	IDPUserName string `json:"idpUserName,omitempty"`
+	UserID      string `json:"userId,omitempty"`
+
+	Assertion *crypto.CryptoValue `json:"assertion,omitempty"`
+}
+
+func NewSAMLSucceededEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpUser []byte,
+	idpUserID,
+	idpUserName,
+	userID string,
+	assertion *crypto.CryptoValue,
+) *SAMLSucceededEvent {
+	return &SAMLSucceededEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			SAMLSucceededEventType,
+		),
+		IDPUser:     idpUser,
+		IDPUserID:   idpUserID,
+		IDPUserName: idpUserName,
+		UserID:      userID,
+		Assertion:   assertion,
+	}
+}
+
+func (e *SAMLSucceededEvent) Data() interface{} {
+	return e
+}
+
+func (e *SAMLSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func SAMLSucceededEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &SAMLSucceededEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-l4tw23y6lq", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
+
+type SAMLRequestEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	RequestID string `json:"requestId"`
+}
+
+func NewSAMLRequestEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	requestID string,
+) *SAMLRequestEvent {
+	return &SAMLRequestEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			SAMLRequestEventType,
+		),
+		RequestID: requestID,
+	}
+}
+
+func (e *SAMLRequestEvent) Data() interface{} {
+	return e
+}
+
+func (e *SAMLRequestEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func SAMLRequestEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &SAMLRequestEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-l85678vwlf", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
+
 type LDAPSucceededEvent struct {
 	eventstore.BaseEvent `json:"-"`