Commit 5c76e0e
authored
Support for SAML as a Silo IdP, part 1 (#1139)
Add the db schemas, models, and some endpoints to support configuring a
SAML IdP for a Silo. Enough functionality is here to support the first
step of SP-initiated SAML login flow: concretely, created a signed SAML
request, and sending that to the IdP. More work is required to support
receiving the SAML IdP's response, and actually creating and logging in
the user.
Two tables were added here: one that relates a silo to a list of typed
identity providers, and one for SAML configuration. The order of columns
in the silo table was corrected to match the DB model's field order.
Support for serializing and deserializing SAML XML is provided by the
samael crate, but for now use Cargo patch to get a specific branch from
an oxidecomputer fork. A PR was made upstream so follow up will be
required after that is merged.
Accept a SAML IDP descriptor document as a base64 encoded string, or
fetch it from a URL.1 parent 3d0f731 commit 5c76e0e
File tree
35 files changed
+3106
-57
lines changed- .github/workflows
- common/src
- api/external
- sql
- nexus
- src
- app
- authn
- authz
- db
- model
- external_api
- tests
- integration_tests
- data
- output
- openapi
- smf/nexus
- tools
35 files changed
+3106
-57
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
34 | 38 | | |
35 | 39 | | |
36 | 40 | | |
| |||
45 | 49 | | |
46 | 50 | | |
47 | 51 | | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
48 | 56 | | |
49 | 57 | | |
50 | 58 | | |
| |||
64 | 72 | | |
65 | 73 | | |
66 | 74 | | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
67 | 79 | | |
68 | 80 | | |
69 | 81 | | |
| |||
0 commit comments