TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-24 00:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
da63abd1ad2bb922208c38d91f9d0384b3ece25c
zitadel/internal/api/grpc/admin/idp_converter_test.go
Gayathri Vijayan 255d42da65 feat(saml): add SignatureMethod config for SAML IDP (#10520) 
# Which Problems Are Solved
When a SAML IDP is created, the signing algorithm defaults to
`RSA-SHA1`.
This PR adds the functionality to configure the signing algorithm while
creating or updating a SAML IDP. When nothing is specified, `RSA-SHA1`
is the default.

Available options:
* RSA_SHA1
* RSA_SHA256
* RSA_SHA512


# How the Problems Are Solved

By introducing a new optional config to specify the Signing Algorithm. 

# Additional Changes
N/A

# Additional Context
- Closes #9842 

An existing bug in the UpdateSAMLProvider API will be fixed as a
followup in a different
[PR](https://github.com/zitadel/zitadel/pull/10557).

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-27 09:07:13 +00:00

199 lines
4.8 KiB
Go
Raw Blame History

package admin
import (
"testing"
"github.com/stretchr/testify/require"
"github.com/zitadel/zitadel/internal/test"
admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin"
"github.com/zitadel/zitadel/pkg/grpc/idp"
)
func Test_addOIDCIDPRequestToDomain(t *testing.T) {
type args struct {
req *admin_pb.AddOIDCIDPRequest
}
tests := []struct {
name string
args args
}{
{
name: "all fields filled",
args: args{
req: &admin_pb.AddOIDCIDPRequest{
Name: "ZITADEL",
StylingType: idp.IDPStylingType_STYLING_TYPE_GOOGLE,
ClientId: "test1234",
ClientSecret: "test4321",
Issuer: "zitadel.ch",
Scopes: []string{"email", "profile"},
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
AutoRegister: true,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := addOIDCIDPRequestToDomain(tt.args.req)
test.AssertFieldsMapped(t, got,
"ObjectRoot",
"OIDCConfig.ClientSecret",
"OIDCConfig.ObjectRoot",
"OIDCConfig.IDPConfigID",
"IDPConfigID",
"State",
"OIDCConfig.AuthorizationEndpoint",
"OIDCConfig.TokenEndpoint",
"Type",
"JWTConfig",
)
})
}
}
func Test_addOIDCIDPRequestToDomainOIDCIDPConfig(t *testing.T) {
type args struct {
req *admin_pb.AddOIDCIDPRequest
}
tests := []struct {
name string
args args
}{
{
name: "all fields filled",
args: args{
req: &admin_pb.AddOIDCIDPRequest{
ClientId: "test1234",
ClientSecret: "test4321",
Issuer: "zitadel.ch",
Scopes: []string{"email", "profile"},
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := addOIDCIDPRequestToDomainOIDCIDPConfig(tt.args.req)
test.AssertFieldsMapped(t, got,
"ObjectRoot",
"ClientSecret",
"IDPConfigID",
"AuthorizationEndpoint",
"TokenEndpoint",
)
})
}
}
func Test_updateIDPToDomain(t *testing.T) {
type args struct {
req *admin_pb.UpdateIDPRequest
}
tests := []struct {
name string
args args
}{
{
name: "all fields filled",
args: args{
req: &admin_pb.UpdateIDPRequest{
IdpId: "13523",
Name: "new name",
StylingType: idp.IDPStylingType_STYLING_TYPE_GOOGLE,
AutoRegister: true,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := updateIDPToDomain(tt.args.req)
test.AssertFieldsMapped(t, got,
"ObjectRoot",
"OIDCConfig",
"JWTConfig",
"State",
"Type",
)
})
}
}
func Test_updateOIDCConfigToDomain(t *testing.T) {
type args struct {
req *admin_pb.UpdateIDPOIDCConfigRequest
}
tests := []struct {
name string
args args
}{
{
name: "all fields filled",
args: args{
req: &admin_pb.UpdateIDPOIDCConfigRequest{
IdpId: "4208",
Issuer: "zitadel.ch",
ClientId: "ZITEADEL",
ClientSecret: "i'm so secret",
Scopes: []string{"profile"},
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := updateOIDCConfigToDomain(tt.args.req)
test.AssertFieldsMapped(t, got,
"ObjectRoot",
"ClientSecret",
"AuthorizationEndpoint",
"TokenEndpoint",
)
})
}
}
func Test_signatureAlgorithmToCommand(t *testing.T) {
t.Parallel()
tests := []struct {
name string
signatureAlgorithm idp.SAMLSignatureAlgorithm
wantSignatureAlgorithm string
}{
{
name: "signature algorithm default value",
signatureAlgorithm: 11,
wantSignatureAlgorithm: "",
},
{
name: "RSA_SHA1",
signatureAlgorithm: idp.SAMLSignatureAlgorithm_SAML_SIGNATURE_RSA_SHA1,
wantSignatureAlgorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
},
{
name: "RSA_SHA256",
signatureAlgorithm: idp.SAMLSignatureAlgorithm_SAML_SIGNATURE_RSA_SHA256,
wantSignatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
},
{
name: "RSA_SHA512",
signatureAlgorithm: idp.SAMLSignatureAlgorithm_SAML_SIGNATURE_RSA_SHA512,
wantSignatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
got := signatureAlgorithmToCommand(tt.signatureAlgorithm)
require.Equal(t, tt.wantSignatureAlgorithm, got)
})
}
}
Reference in New Issue View Git Blame Copy Permalink