feat: saml application configuration for login version (#9351)

# Which Problems Are Solved OIDC applications can configure the used login version, which is currently not possible for SAML applications. # How the Problems Are Solved Add the same functionality dependent on the feature-flag for SAML applications. # Additional Changes None # Additional Context Closes #9267 Follow up issue for frontend changes #9354 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 14:47:33 +00:00 · 2025-02-13 17:03:05 +01:00
parent 66296db971
commit 49de5c61b2
40 changed files with 1051 additions and 240 deletions
--- a/proto/zitadel/app.proto
+++ b/proto/zitadel/app.proto
@@ -222,6 +222,11 @@ message SAMLConfig {
        bytes metadata_xml = 1;
        string metadata_url = 2;
    }
+    LoginVersion login_version = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+        }
+    ];
 }

 enum APIAuthMethodType {
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -9850,6 +9850,11 @@ message AddSAMLAppRequest {
      bytes metadata_xml = 3 [(validate.rules).bytes.max_len = 500000];
      string metadata_url = 4 [(validate.rules).string.max_len = 200];
  }
+  zitadel.app.v1.LoginVersion login_version = 5 [
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+          description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+      }
+  ];
 }

 message AddSAMLAppResponse {
@@ -10014,6 +10019,11 @@ message UpdateSAMLAppConfigRequest {
      bytes metadata_xml = 3 [(validate.rules).bytes.max_len = 500000];
      string metadata_url = 4 [(validate.rules).string.max_len = 200];
  }
+  zitadel.app.v1.LoginVersion login_version = 5 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+    }
+  ];
 }

 message UpdateSAMLAppConfigResponse {
@@ -13653,7 +13663,7 @@ message SetTriggerActionsRequest {
    * - Internal Authentication: 3
    * - Complement Token: 2
    * - Complement SAML Response: 4
-    */ 
+    */
    string flow_type = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"1\"";
@@ -13664,11 +13674,11 @@ message SetTriggerActionsRequest {
    * - External Authentication:
    *   - Post Authentication: TRIGGER_TYPE_POST_AUTHENTICATION or 1
    *   - Pre Creation: TRIGGER_TYPE_PRE_CREATION or 2
-    *   - Post Creation: TRIGGER_TYPE_POST_CREATION or 3 
+    *   - Post Creation: TRIGGER_TYPE_POST_CREATION or 3
    * - Internal Authentication:
    *   - Post Authentication: TRIGGER_TYPE_POST_AUTHENTICATION or 1
    *   - Pre Creation: TRIGGER_TYPE_PRE_CREATION or 2
-    *   - Post Creation: TRIGGER_TYPE_POST_CREATION or 3 
+    *   - Post Creation: TRIGGER_TYPE_POST_CREATION or 3
    * - Complement Token:
    *   - Pre Userinfo Creation: 4
    *   - Pre Access Token Creation: 5