mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
e57a9b57c8
# Which Problems Are Solved ZITADEL currently always uses `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` in SAML requests, relying on the IdP to respect that flag and always return a peristent nameid in order to be able to map the external user with an existing user (idp link) in ZITADEL. In case the IdP however returns a `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` (transient) nameid, the attribute will differ between each request and it will not be possible to match existing users. # How the Problems Are Solved This PR adds the following two options on SAML IdP: - **nameIDFormat**: allows to set the nameid-format used in the SAML Request - **transientMappingAttributeName**: allows to set an attribute name, which will be used instead of the nameid itself in case the returned nameid-format is transient # Additional Changes To reduce impact on current installations, the `idp_templates6_saml` table is altered with the two added columns by a setup job. New installations will automatically get the table with the two columns directly. All idp unit tests are updated to use `expectEventstore` instead of the deprecated `eventstoreExpect`. # Additional Context Closes #7483 Closes #7743 --------- Co-authored-by: peintnermax <max@caos.ch> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| action | ||
| admin | ||
| auth | ||
| authn | ||
| change | ||
| client/middleware | ||
| event | ||
| feature/v2 | ||
| gerrors | ||
| idp | ||
| instance | ||
| management | ||
| member | ||
| metadata | ||
| object | ||
| oidc/v2 | ||
| org | ||
| policy | ||
| project | ||
| server | ||
| session/v2 | ||
| settings | ||
| system | ||
| text | ||
| user | ||
| config.go | ||
| fields.go | ||
| header_test.go | ||
| header.go | ||
| probes_test.go | ||
| probes.go | ||