libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

SAML ID provider cleanup (#1170)

Browse source 
* most fields fixed

* small issues

* all but one value working

* all SAML fields working

* add fixes from jon review
This commit is contained in:
mfrances17 2021-09-17 13:51:43 -04:00 committed by GitHub
parent 6063c8db96
commit e89a69047f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 78 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/identity-providers/add/AdvancedSettings.tsx
View file

@ -30,7 +30,7 @@ const LoginFlow = ({
useFetch( useFetch(
() => adminClient.authenticationManagement.getFlows(), () => adminClient.authenticationManagement.getFlows(),
(flows) => (flows) =>
setFlows(flows?.filter((flow) => flow.providerId === "basic-flow")), setFlows(flows.filter((flow) => flow.providerId === "basic-flow")),
[] []
); );
@ -108,8 +108,9 @@ export const AdvancedSettings = ({ isOIDC, isSAML }: AdvancedSettingsProps) => {
<SwitchField field="storeToken" label="storeTokens" fieldType="boolean" /> <SwitchField field="storeToken" label="storeTokens" fieldType="boolean" />
{isSAML && ( {isSAML && (
<SwitchField <SwitchField
field="config.addReadTokenRoleOnCreate" field="addReadTokenRoleOnCreate"
label="storedTokensReadable" label="storedTokensReadable"
fieldType="boolean"
/> />
)} )}
{!isOIDC && !isSAML && ( {!isOIDC && !isSAML && (

81
src/identity-providers/add/DescriptorSettings.tsx
View file

@ -45,6 +45,12 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
name: "config.validateSignature", name: "config.validateSignature",
}); });
const principalType = useWatch({
control,
name: "config.principalType",
defaultValue: "",
});
return ( return (
<div className="pf-c-form pf-m-horizontal"> <div className="pf-c-form pf-m-horizontal">
<FormGroup <FormGroup
@ -79,7 +85,6 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
isReadOnly={readOnly} isReadOnly={readOnly}
/> />
</FormGroup> </FormGroup>
<FormGroup <FormGroup
label={t("singleLogoutServiceUrl")} label={t("singleLogoutServiceUrl")}
labelIcon={ labelIcon={
@ -101,16 +106,15 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
type="text" type="text"
id="single-logout-service-url" id="single-logout-service-url"
name="config.singleLogoutServiceUrl" name="config.singleLogoutServiceUrl"
ref={register}
isReadOnly={readOnly} isReadOnly={readOnly}
/> />
</FormGroup> </FormGroup>
<SwitchField <SwitchField
field="config.backchannelSupported" field="config.backchannelSupported"
label="backchannelLogout" label="backchannelLogout"
isReadOnly={readOnly} isReadOnly={readOnly}
/> />
<FormGroup <FormGroup
label={t("nameIdPolicyFormat")} label={t("nameIdPolicyFormat")}
labelIcon={ labelIcon={
@ -141,27 +145,50 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
> >
<SelectOption <SelectOption
data-testid="persistent-option" data-testid="persistent-option"
value={t("persistent")} value={"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}
isPlaceholder isPlaceholder
/> >
{t("persistent")}
</SelectOption>
<SelectOption <SelectOption
data-testid="transient-option" data-testid="transient-option"
value={t("transient")} value="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
/> >
<SelectOption data-testid="email-option" value={t("email")} /> {t("transient")}
</SelectOption>
<SelectOption
data-testid="email-option"
value="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
>
{t("email")}
</SelectOption>
<SelectOption <SelectOption
data-testid="kerberos-option" data-testid="kerberos-option"
value={t("kerberos")} value="urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"
/> >
<SelectOption data-testid="x509-option" value={t("x509")} /> {t("kerberos")}
</SelectOption>
<SelectOption
data-testid="x509-option"
value="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
>
{t("x509")}
</SelectOption>
<SelectOption <SelectOption
data-testid="windowsDomainQN-option" data-testid="windowsDomainQN-option"
value={t("windowsDomainQN")} value="urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName"
/> >
{t("windowsDomainQN")}
</SelectOption>
<SelectOption <SelectOption
data-testid="unspecified-option" data-testid="unspecified-option"
value={t("unspecified")} value={"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"}
/> >
{t("unspecified")}
</SelectOption>
</Select> </Select>
)} )}
></Controller> ></Controller>
@ -215,6 +242,27 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
></Controller> ></Controller>
</FormGroup> </FormGroup>
{principalType.includes("Attribute") && (
<FormGroup
label={t("principalAttribute")}
labelIcon={
<HelpItem
helpText={th("principalAttribute")}
forLabel={t("principalAttribute")}
forID="principalAttribute"
/>
}
fieldId="principalAttribute"
>
<TextInput
type="text"
id="principalAttribute"
name="config.principalAttribute"
ref={register}
isReadOnly={readOnly}
/>
</FormGroup>
)}
<SwitchField <SwitchField
field="config.postBindingResponse" field="config.postBindingResponse"
label="httpPostBindingResponse" label="httpPostBindingResponse"
@ -293,7 +341,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
> >
<Controller <Controller
name="config.xmlSigKeyInfoKeyNameTransformer" name="config.xmlSigKeyInfoKeyNameTransformer"
defaultValue="keyID-option" defaultValue={t("keyID")}
control={control} control={control}
render={({ onChange, value }) => ( render={({ onChange, value }) => (
<Select <Select
@ -375,6 +423,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
type="text" type="text"
id="allowedClockSkew" id="allowedClockSkew"
name="config.allowedClockSkew" name="config.allowedClockSkew"
ref={register}
isReadOnly={readOnly} isReadOnly={readOnly}
/> />
</FormGroup> </FormGroup>

14
src/identity-providers/add/ReqAuthnConstraintsSettings.tsx
View file

@ -11,12 +11,12 @@ import {
import { TextField } from "../component/TextField"; import { TextField } from "../component/TextField";
import { HelpItem } from "../../components/help-enabler/HelpItem"; import { HelpItem } from "../../components/help-enabler/HelpItem";
const comparisonValues = ["Exact", "Minimum", "Maximum", "Better"]; const comparisonValues = ["exact", "minimum", "maximum", "better"];
export const ReqAuthnConstraints = () => { export const ReqAuthnConstraints = () => {
const { t } = useTranslation("identity-providers"); const { t } = useTranslation("identity-providers");
const { control } = useFormContext(); const { control } = useFormContext();
const [syncModeOpen, setSyncModeOpen] = useState(false); const [comparisonOpen, setComparisonOpen] = useState(false);
return ( return (
<> <>
<FormGroup <FormGroup
@ -31,7 +31,7 @@ export const ReqAuthnConstraints = () => {
fieldId="comparison" fieldId="comparison"
> >
<Controller <Controller
name="config.comparison" name="config.authnContextComparisonType"
defaultValue={comparisonValues[0]} defaultValue={comparisonValues[0]}
control={control} control={control}
render={({ onChange, value }) => ( render={({ onChange, value }) => (
@ -39,15 +39,15 @@ export const ReqAuthnConstraints = () => {
toggleId="comparison" toggleId="comparison"
required required
direction="up" direction="up"
onToggle={() => setSyncModeOpen(!syncModeOpen)} onToggle={(isExpanded) => setComparisonOpen(isExpanded)}
onSelect={(_, value) => { onSelect={(_, value) => {
onChange(value.toString()); onChange(value.toString());
setSyncModeOpen(false); setComparisonOpen(false);
}} }}
selections={value} selections={value}
variant={SelectVariant.single} variant={SelectVariant.single}
aria-label={t("syncMode")} aria-label={t("comparison")}
isOpen={syncModeOpen} isOpen={comparisonOpen}
> >
{comparisonValues.map((option) => ( {comparisonValues.map((option) => (
<SelectOption <SelectOption

2
src/identity-providers/help.ts
View file

@ -73,6 +73,8 @@ export default {
"Specifies the URI reference corresponding to a name identifier format.", "Specifies the URI reference corresponding to a name identifier format.",
principalType: principalType:
"Way to identify and track external users from the assertion. Default is using Subject NameID, alternatively you can set up identifying attribute.", "Way to identify and track external users from the assertion. Default is using Subject NameID, alternatively you can set up identifying attribute.",
principalAttribute:
"Name or Friendly Name of the attribute used to identify external users.",
httpPostBindingResponse: httpPostBindingResponse:
"Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.", "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.",
httpPostBindingAuthnRequest: httpPostBindingAuthnRequest:

1
src/identity-providers/messages.ts
View file

@ -66,6 +66,7 @@ export default {
windowsDomainQN: "Windows Domain Qualified Name", windowsDomainQN: "Windows Domain Qualified Name",
unspecified: "Unspecified", unspecified: "Unspecified",
principalType: "Principal type", principalType: "Principal type",
principalAttribute: "Principal attribute",
subjectNameId: "Subject NameID", subjectNameId: "Subject NameID",
attributeName: "Attribute [Name]", attributeName: "Attribute [Name]",
attributeFriendlyName: "Attribute [Friendly Name]", attributeFriendlyName: "Attribute [Friendly Name]",