Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/saml #1041

Merged
merged 3 commits into from
Oct 18, 2023
Merged

Feature/saml #1041

merged 3 commits into from
Oct 18, 2023

Conversation

shentschel
Copy link
Contributor

Description

This PR introduces the enterprise feature SAML SSO to allow users to use their own Identity Provider.

Implementation

The PR implements gosaml2 to allow communication between IDP and Hanko. The authentication flow itself reuses the third-party auth flow and reuses the same error and cookie structure.

Tests

Add the config from saml.mdx (and configure it to your applications needs) and use auth0 with an SAML APP. Exchange Metadata between hanko and auth0. When starting quickstart with this config you can login with auth0 when using an email address which correlates with a user in auth0 and where the domain of this address is in the domain tag for the identity provider

Todo

I did a go mod tidy and now the go.mod and go.sum do not match with hanko/main. I think that needs to be fixed manually

lfleischmann
lfleischmann reviewed Oct 6, 2023
View reviewed changes
backend/Dockerfile Outdated Show resolved Hide resolved
backend/persistence/saml_certificate_persister.go Outdated Show resolved Hide resolved
backend/ee/saml/handler.go Outdated Show resolved Hide resolved
backend/ee/saml/config/saml.go Outdated Show resolved Hide resolved
backend/ee/saml/config/saml.go Outdated Show resolved Hide resolved
backend/ee/saml/provider/saml.go Outdated Show resolved Hide resolved
@shentschel
Copy link
Contributor Author

I fixed the merge conflicts in go.mod, go.sum and the doc files with a rebase which lead to the force push (to keep the commit history clean)

Stefan Jacobi added 3 commits October 17, 2023 15:37
feat(saml): implement enterprise saml feature
b724eba 
* add feature to /ee/saml/
* Implement SAML logic with gosaml2
* provide endpoint for metadata and cert download
* provide endpoint for authentication and callback
* provide endpoint to fetch provider
* map SAML attributes to thirdparty claims
* map unknown claim - attribute mappings to custom claims
* add default claims for generic client and auth0
* implement saml certificate generation
* implement saml state generation and persistence
(POST request does not get a cookie back and post body was to big for GET Redirect)
* expose if an enterprise connection can be used in config dto
* add frontend implementation
* add docs (First Draft)
feat(saml): add frontend doc for enterprise client
e0de27c
fix(saml): fix review issues
2c6a679 
* fix typos in config
* fix defaults for auth0 -> add schema
* change error message in saml certificate db entity creation
* change redirectError to use StatusSeeOther (303) to switch from POST to GET request
@lfleischmann lfleischmann merged commit 724013e into teamhanko:main Oct 18, 2023
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lfleischmann lfleischmann lfleischmann approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Hanko
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shentschel @lfleischmann