feat(saml): implementation of saml for ZITADEL v2 (#3618)

2025-08-11 18:17:35 +00:00 · 2022-09-12 17:18:08 +01:00
parent 01a92ba5d9
commit 7a5f7f82cf
134 changed files with 5570 additions and 1293 deletions
--- a/internal/project/model/application.go
+++ b/internal/project/model/application.go
@@ -13,6 +13,7 @@ type Application struct {
 	Type       AppType
 	OIDCConfig *OIDCConfig
 	APIConfig  *APIConfig
+	SAMLConfig *SAMLConfig
 }

 type AppState int32
@@ -45,5 +46,8 @@ func (a *Application) IsValid(includeConfig bool) bool {
 	if a.Type == AppTypeAPI && !a.APIConfig.IsValid() {
 		return false
 	}
+	if a.Type == AppTypeSAML && !a.SAMLConfig.IsValid() {
+		return false
+	}
 	return true
 }
--- a/internal/project/model/saml_config.go
+++ b/internal/project/model/saml_config.go
@@ -0,0 +1,16 @@
+package model
+
+import (
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type SAMLConfig struct {
+	es_models.ObjectRoot
+	AppID       string
+	Metadata    []byte
+	MetadataURL string
+}
+
+func (c *SAMLConfig) IsValid() bool {
+	return !(c.Metadata == nil && c.MetadataURL == "")
+}
--- a/internal/project/repository/eventsourcing/model/application.go
+++ b/internal/project/repository/eventsourcing/model/application.go
@@ -16,6 +16,7 @@ type Application struct {
 	Type       int32       `json:"appType,omitempty"`
 	OIDCConfig *OIDCConfig `json:"-"`
 	APIConfig  *APIConfig  `json:"-"`
+	SAMLConfig *SAMLConfig `json:"-"`
 }

 type ApplicationID struct {
--- a/internal/project/repository/eventsourcing/model/saml_config.go
+++ b/internal/project/repository/eventsourcing/model/saml_config.go
@@ -0,0 +1,25 @@
+package model
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/logging"
+
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type SAMLConfig struct {
+	es_models.ObjectRoot
+	AppID       string `json:"appId"`
+	Metadata    []byte `json:"metadata,omitempty"`
+	MetadataURL string `json:"metadataUrl,omitempty"`
+}
+
+func (o *SAMLConfig) setData(event *es_models.Event) error {
+	o.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, o); err != nil {
+		logging.Log("EVEN-d8e3s").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
--- a/internal/project/repository/view/model/application.go
+++ b/internal/project/repository/view/model/application.go
@@ -57,6 +57,10 @@ type ApplicationView struct {
 	IDTokenUserinfoAssertion   bool                                        `json:"idTokenUserinfoAssertion" gorm:"column:id_token_userinfo_assertion"`
 	ClockSkew                  time.Duration                               `json:"clockSkew" gorm:"column:clock_skew"`

+	IsSAML      bool   `json:"-" gorm:"column:is_saml"`
+	Metadata    []byte `json:"metadata" gorm:"column:metadata"`
+	MetadataURL string `json:"metadata_url" gorm:"column:metadata_url"`
+
 	Sequence uint64 `json:"-" gorm:"sequence"`
 }

@@ -90,7 +94,9 @@ func (a *ApplicationView) AppendEventIfMyApp(event *models.Event) (err error) {
 		project.APIConfigAddedType,
 		project.APIConfigChangedType,
 		project.ApplicationDeactivatedType,
-		project.ApplicationReactivatedType:
+		project.ApplicationReactivatedType,
+		project.SAMLConfigAddedType,
+		project.SAMLConfigChangedType:
 		err = view.SetData(event)
 		if err != nil {
 			return err
@@ -130,6 +136,9 @@ func (a *ApplicationView) AppendEvent(event *models.Event) (err error) {
 		}
 		a.setCompliance()
 		return a.setOriginAllowList()
+	case project.SAMLConfigAddedType:
+		a.IsSAML = true
+		return a.SetData(event)
 	case project.APIConfigAddedType:
 		a.IsOIDC = false
 		return a.SetData(event)
@@ -142,6 +151,8 @@ func (a *ApplicationView) AppendEvent(event *models.Event) (err error) {
 		}
 		a.setCompliance()
 		return a.setOriginAllowList()
+	case project.SAMLConfigChangedType:
+		return a.SetData(event)
 	case project.APIConfigChangedType:
 		return a.SetData(event)
 	case project.ProjectChangedType: