mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-14 20:08:02 +00:00
e57a9b57c8
# Which Problems Are Solved ZITADEL currently always uses `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` in SAML requests, relying on the IdP to respect that flag and always return a peristent nameid in order to be able to map the external user with an existing user (idp link) in ZITADEL. In case the IdP however returns a `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` (transient) nameid, the attribute will differ between each request and it will not be possible to match existing users. # How the Problems Are Solved This PR adds the following two options on SAML IdP: - **nameIDFormat**: allows to set the nameid-format used in the SAML Request - **transientMappingAttributeName**: allows to set an attribute name, which will be used instead of the nameid itself in case the returned nameid-format is transient # Additional Changes To reduce impact on current installations, the `idp_templates6_saml` table is altered with the two added columns by a setup job. New installations will automatically get the table with the two columns directly. All idp unit tests are updated to use `expectEventstore` instead of the deprecated `eventstoreExpect`. # Additional Context Closes #7483 Closes #7743 --------- Co-authored-by: peintnermax <max@caos.ch> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
---|---|---|
.. | ||
aggregate.go | ||
custom_text.go | ||
debug_notification_file.go | ||
debug_notification_log.go | ||
domain.go | ||
event_default_language.go | ||
event_iam_project_set.go | ||
event_org_set.go | ||
eventstore.go | ||
idp_config.go | ||
idp_jwt_config.go | ||
idp_oidc_config.go | ||
idp.go | ||
instance.go | ||
member.go | ||
oidc_settings.go | ||
policy_domain.go | ||
policy_label.go | ||
policy_login_factors.go | ||
policy_login_identity_provider.go | ||
policy_login.go | ||
policy_mail_template.go | ||
policy_mail_text.go | ||
policy_notification.go | ||
policy_password_age.go | ||
policy_password_complexity.go | ||
policy_password_lockout.go | ||
policy_privacy.go | ||
policy_security.go | ||
secret_generator.go | ||
sms.go | ||
smtp_config.go |