Skip to content

SAML IdP attribute mapping types and config handler#35584

Merged
flyinghermit merged 11 commits intomasterfrom
sshah/attribute-mapping-types
Dec 14, 2023
Merged

SAML IdP attribute mapping types and config handler#35584
flyinghermit merged 11 commits intomasterfrom
sshah/attribute-mapping-types

Conversation

@flyinghermit
Copy link
Copy Markdown
Contributor

@flyinghermit flyinghermit commented Dec 8, 2023
edited
Loading

Supports attribute mapping configuration in saml_idp_service_provider spec.

 attribute_mapping:
  - name: string
    name_format: string
    value: string # predicate expression

value of name_format can be one of the following:

  • unspecified or urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified. Used as a default value.
  • uri or urn:oasis:names:tc:SAML:2.0:attrname-format:uri.
  • basic or urn:oasis:names:tc:SAML:2.0:attrname-format:basic.

Reference spec file:

sp.yml
kind: saml_idp_service_provider
metadata:
  name: sp
  revision: 54eec4e0-1483-4b3e-807f-8421abd331de
spec:
  attribute_mapping:
  - name: displayname
    value: user.spec.traits.firstname
  - name: email
     name_format: urn
     value: user.spec.traits.email
  - name: firstname
    name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    value: user.spec.traits.firstname
  entity_descriptor: |-
    <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2023-12-10T16:26:51.083Z" entityID="https://example.com/saml/metadata">
      <SPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2023-12-10T16:26:51.083029Z" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false" WantAssertionsSigned="true">
        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/saml/acs" index="1"></AssertionConsumerService>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://example.com/saml/acs" index="2"></AssertionConsumerService>
      </SPSSODescriptor>
    </EntityDescriptor>
  entity_id: https://example.com/saml/metadata
version: v1

RFD: https://github.com/gravitational/teleport.e/pull/2801
see #34725, https://github.com/gravitational/teleport.e/issues/2692

changelog: attribute mapping in saml_idp_service_provider spec.

@flyinghermit flyinghermit marked this pull request as ready for review December 12, 2023 21:08
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 12, 2023

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 12, 2023

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

flyinghermit
flyinghermit commented Dec 12, 2023
View reviewed changes
Comment thread api/types/saml_idp_service_provider.go
@flyinghermit flyinghermit requested review from mdwn and r0mant December 12, 2023 21:21
@flyinghermit
Copy link
Copy Markdown
Contributor Author

flyinghermit commented Dec 13, 2023
edited
Loading

Friendly ping

r0mant
r0mant reviewed Dec 14, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@r0mant r0mant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few stylistic nitpicks.

Comment thread api/types/saml_idp_service_provider.go
Comment thread api/types/saml_idp_service_provider.go
Comment thread api/types/saml_idp_service_provider.go Outdated
Comment thread api/types/saml_idp_service_provider.go Outdated
Comment thread api/types/saml_idp_service_provider.go Outdated
@flyinghermit
- CheckAndSetDefaults() for SAMLAttributeMapping type
50d6feb 
- use map instead of slice for finding duplicate names
@flyinghermit
Copy link
Copy Markdown
Contributor Author

flyinghermit commented Dec 14, 2023

Friendly ping @xacrimon @fspmarshall @mdwn

@flyinghermit flyinghermit added this pull request to the merge queue Dec 14, 2023
Merged via the queue into master with commit b4e5e91 Dec 14, 2023
@flyinghermit flyinghermit deleted the sshah/attribute-mapping-types branch December 14, 2023 19:59
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Dec 14, 2023

@flyinghermit See the table below for backport results.

Branch Result
branch/v14 Failed

flyinghermit added a commit that referenced this pull request Dec 18, 2023
@flyinghermit
backport #35584 to branch/v14
be48b3a
@flyinghermit flyinghermit mentioned this pull request Dec 18, 2023
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Dec 19, 2023
@flyinghermit
backport #35584 to branch/v14 (#35873)
7104170
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0mant r0mant r0mant approved these changes

+1 more reviewer

@mdwn mdwn mdwn approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@flyinghermit @r0mant @mdwn