SAML ID provider cleanup (#1170)

* most fields fixed * small issues * all but one value working * all SAML fields working * add fixes from jon review
2021-09-17 13:51:43 -04:00 · 2021-09-17 13:51:43 -04:00 · e89a69047f
commit e89a69047f
parent 6063c8db96
5 changed files with 78 additions and 25 deletions
--- a/src/identity-providers/add/AdvancedSettings.tsx
+++ b/src/identity-providers/add/AdvancedSettings.tsx
@ -30,7 +30,7 @@ const LoginFlow = ({
  useFetch(
    () => adminClient.authenticationManagement.getFlows(),
    (flows) =>
-      setFlows(flows?.filter((flow) => flow.providerId === "basic-flow")),
+      setFlows(flows.filter((flow) => flow.providerId === "basic-flow")),
    []
  );

@ -108,8 +108,9 @@ export const AdvancedSettings = ({ isOIDC, isSAML }: AdvancedSettingsProps) => {
      <SwitchField field="storeToken" label="storeTokens" fieldType="boolean" />
      {isSAML && (
        <SwitchField
-          field="config.addReadTokenRoleOnCreate"
+          field="addReadTokenRoleOnCreate"
          label="storedTokensReadable"
+          fieldType="boolean"
        />
      )}
      {!isOIDC && !isSAML && (
--- a/src/identity-providers/add/DescriptorSettings.tsx
+++ b/src/identity-providers/add/DescriptorSettings.tsx
@ -45,6 +45,12 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
    name: "config.validateSignature",
  });

+  const principalType = useWatch({
+    control,
+    name: "config.principalType",
+    defaultValue: "",
+  });
+
  return (
    <div className="pf-c-form pf-m-horizontal">
      <FormGroup
@ -79,7 +85,6 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
          isReadOnly={readOnly}
        />
      </FormGroup>
-
      <FormGroup
        label={t("singleLogoutServiceUrl")}
        labelIcon={
@ -101,16 +106,15 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
          type="text"
          id="single-logout-service-url"
          name="config.singleLogoutServiceUrl"
+          ref={register}
          isReadOnly={readOnly}
        />
      </FormGroup>
-
      <SwitchField
        field="config.backchannelSupported"
        label="backchannelLogout"
        isReadOnly={readOnly}
      />
-
      <FormGroup
        label={t("nameIdPolicyFormat")}
        labelIcon={
@ -141,27 +145,50 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
            >
              <SelectOption
                data-testid="persistent-option"
-                value={t("persistent")}
+                value={"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}
                isPlaceholder
-              />
+              >
+                {t("persistent")}
+              </SelectOption>
              <SelectOption
                data-testid="transient-option"
-                value={t("transient")}
-              />
-              <SelectOption data-testid="email-option" value={t("email")} />
+                value="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+              >
+                {t("transient")}
+              </SelectOption>
+              <SelectOption
+                data-testid="email-option"
+                value="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+              >
+                {t("email")}
+              </SelectOption>
              <SelectOption
                data-testid="kerberos-option"
-                value={t("kerberos")}
-              />
-              <SelectOption data-testid="x509-option" value={t("x509")} />
+                value="urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"
+              >
+                {t("kerberos")}
+              </SelectOption>
+
+              <SelectOption
+                data-testid="x509-option"
+                value="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
+              >
+                {t("x509")}
+              </SelectOption>
+
              <SelectOption
                data-testid="windowsDomainQN-option"
-                value={t("windowsDomainQN")}
-              />
+                value="urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName"
+              >
+                {t("windowsDomainQN")}
+              </SelectOption>
+
              <SelectOption
                data-testid="unspecified-option"
-                value={t("unspecified")}
-              />
+                value={"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"}
+              >
+                {t("unspecified")}
+              </SelectOption>
            </Select>
          )}
        ></Controller>
@ -215,6 +242,27 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
        ></Controller>
      </FormGroup>

+      {principalType.includes("Attribute") && (
+        <FormGroup
+          label={t("principalAttribute")}
+          labelIcon={
+            <HelpItem
+              helpText={th("principalAttribute")}
+              forLabel={t("principalAttribute")}
+              forID="principalAttribute"
+            />
+          }
+          fieldId="principalAttribute"
+        >
+          <TextInput
+            type="text"
+            id="principalAttribute"
+            name="config.principalAttribute"
+            ref={register}
+            isReadOnly={readOnly}
+          />
+        </FormGroup>
+      )}
      <SwitchField
        field="config.postBindingResponse"
        label="httpPostBindingResponse"
@ -293,7 +341,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
          >
            <Controller
              name="config.xmlSigKeyInfoKeyNameTransformer"
-              defaultValue="keyID-option"
+              defaultValue={t("keyID")}
              control={control}
              render={({ onChange, value }) => (
                <Select
@ -375,6 +423,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
          type="text"
          id="allowedClockSkew"
          name="config.allowedClockSkew"
+          ref={register}
          isReadOnly={readOnly}
        />
      </FormGroup>
--- a/src/identity-providers/add/ReqAuthnConstraintsSettings.tsx
+++ b/src/identity-providers/add/ReqAuthnConstraintsSettings.tsx
@ -11,12 +11,12 @@ import {
 import { TextField } from "../component/TextField";
 import { HelpItem } from "../../components/help-enabler/HelpItem";

-const comparisonValues = ["Exact", "Minimum", "Maximum", "Better"];
+const comparisonValues = ["exact", "minimum", "maximum", "better"];

 export const ReqAuthnConstraints = () => {
  const { t } = useTranslation("identity-providers");
  const { control } = useFormContext();
-  const [syncModeOpen, setSyncModeOpen] = useState(false);
+  const [comparisonOpen, setComparisonOpen] = useState(false);
  return (
    <>
      <FormGroup
@ -31,7 +31,7 @@ export const ReqAuthnConstraints = () => {
        fieldId="comparison"
      >
        <Controller
-          name="config.comparison"
+          name="config.authnContextComparisonType"
          defaultValue={comparisonValues[0]}
          control={control}
          render={({ onChange, value }) => (
@ -39,15 +39,15 @@ export const ReqAuthnConstraints = () => {
              toggleId="comparison"
              required
              direction="up"
-              onToggle={() => setSyncModeOpen(!syncModeOpen)}
+              onToggle={(isExpanded) => setComparisonOpen(isExpanded)}
              onSelect={(_, value) => {
                onChange(value.toString());
-                setSyncModeOpen(false);
+                setComparisonOpen(false);
              }}
              selections={value}
              variant={SelectVariant.single}
-              aria-label={t("syncMode")}
-              isOpen={syncModeOpen}
+              aria-label={t("comparison")}
+              isOpen={comparisonOpen}
            >
              {comparisonValues.map((option) => (
                <SelectOption
--- a/src/identity-providers/help.ts
+++ b/src/identity-providers/help.ts
@ -73,6 +73,8 @@ export default {
      "Specifies the URI reference corresponding to a name identifier format.",
    principalType:
      "Way to identify and track external users from the assertion. Default is using Subject NameID, alternatively you can set up identifying attribute.",
+    principalAttribute:
+      "Name or Friendly Name of the attribute used to identify external users.",
    httpPostBindingResponse:
      "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.",
    httpPostBindingAuthnRequest:
--- a/src/identity-providers/messages.ts
+++ b/src/identity-providers/messages.ts
@ -66,6 +66,7 @@ export default {
    windowsDomainQN: "Windows Domain Qualified Name",
    unspecified: "Unspecified",
    principalType: "Principal type",
+    principalAttribute: "Principal attribute",
    subjectNameId: "Subject NameID",
    attributeName: "Attribute [Name]",
    attributeFriendlyName: "Attribute [Friendly Name]",