-
-
Notifications
You must be signed in to change notification settings - Fork 963
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(saml): saml 2.0 implementation (#1928)
Signed-off-by: ThibaultHerard <[email protected]> Co-authored-by: sebferrer <[email protected]> Co-authored-by: alexGNX <[email protected]>
- Loading branch information
1 parent
0005f35
commit 6b5b243
Showing
62 changed files
with
3,168 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
package driver | ||
|
||
import "github.com/ory/kratos/selfservice/flow/saml" | ||
|
||
func (m *RegistryDefault) SAMLHandler() *saml.Handler { | ||
if m.selfserviceSAMLHandler == nil { | ||
m.selfserviceSAMLHandler = saml.NewHandler(m) | ||
} | ||
|
||
return m.selfserviceSAMLHandler | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -312,6 +312,225 @@ | |
} | ||
} | ||
}, | ||
"selfServiceSAMLProvider": { | ||
"type": "object", | ||
"properties": { | ||
"id": { | ||
"title":"ID of the IdentityProvider", | ||
"type": "string", | ||
"examples": [ | ||
"activedirectory1" | ||
] | ||
}, | ||
"label": { | ||
"title": "Optional string which will be used when generating labels for UI buttons.", | ||
"type": "string", | ||
"examples": [ | ||
"Microsoft Active Directory" | ||
] | ||
}, | ||
"public_cert_path": { | ||
"title": "Public Certificate Path", | ||
"description": "The Public Certificate for your SAML Messages", | ||
"type": "string", | ||
"format": "uri", | ||
"examples": [ | ||
"file://path/to/cert", | ||
"https://foo.bar.com/path/to/cert" | ||
] | ||
}, | ||
"private_key_path": { | ||
"title": "Private Key Path", | ||
"description": "The Private Key for your SAML Messages", | ||
"type": "string", | ||
"format": "uri", | ||
"examples": [ | ||
"file://path/to/key", | ||
"https://foo.bar.com/path/to/key" | ||
] | ||
}, | ||
"mapper_url": { | ||
"title": "Jsonnet Mapper URL", | ||
"description": "Location for the jsonnet mapping between provider's data and Ory Kratos data", | ||
"type": "string", | ||
"format": "uri", | ||
"examples": [ | ||
"file://path/to/oidc.jsonnet", | ||
"https://foo.bar.com/path/to/oidc.jsonnet", | ||
"base64://bG9jYWwgc3ViamVjdCA9I..." | ||
] | ||
}, | ||
"idp_information": { | ||
"type": "object", | ||
"properties": { | ||
"idp_metadata_url": { | ||
"title": "IDP Metadata URL", | ||
"description": "The URL of the metadata of the IDP", | ||
"type": "string", | ||
"examples": [ | ||
"https://path/to/metadata" | ||
] | ||
}, | ||
"idp_certificate_path": { | ||
"title": "IDP Certificate Path", | ||
"description": "The path to the certificate of the IDP", | ||
"type": "string", | ||
"examples": [ | ||
"file://path/to/certificate", | ||
"https://foo.bar.com/path/to/certificate" | ||
] | ||
}, | ||
"idp_logout_url": { | ||
"title": "IDP Logout URL", | ||
"description": "The URL of the SLO API of the IDP", | ||
"type": "string", | ||
"examples": [ | ||
"https://path/to/logout" | ||
] | ||
}, | ||
"idp_sso_url": { | ||
"title": "IDP SSO URL", | ||
"description": "The URL of the SSO Handler at the IDP", | ||
"type": "string", | ||
"examples": [ | ||
"https://path/to/sso" | ||
] | ||
}, | ||
"idp_entity_id": { | ||
"title": "The EntityID of the IDP", | ||
"description": "It is a unique identifier representing the IDP in saml requests", | ||
"type": "string", | ||
"examples": [ | ||
"https://samltest.id/saml/idp" | ||
] | ||
} | ||
}, | ||
"allOf": [ | ||
{ | ||
"if": { | ||
"properties": { | ||
"idp_metadata_url": { | ||
"const": {} | ||
} | ||
} | ||
}, | ||
"then": { | ||
"required": [ | ||
"idp_logout_url", | ||
"idp_certificate_path", | ||
"idp_entity_id" | ||
] | ||
}, | ||
"else":{ | ||
"properties": { | ||
"idp_certificate_path": { | ||
"const": {} | ||
}, | ||
"idp_logout_url": { | ||
"const": {} | ||
}, | ||
"idp_entity_id":{ | ||
"const":{} | ||
}, | ||
"idp_sso_url":{ | ||
"const":{} | ||
} | ||
} | ||
} | ||
} | ||
] | ||
}, | ||
"attributes_map": { | ||
"type": "object", | ||
"properties": { | ||
"id": { | ||
"title": "ID", | ||
"description": "Name of the IDP attribute representing user ID on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"file://path/to/oidc.jsonnet", | ||
"https://foo.bar.com/path/to/oidc.jsonnet", | ||
"base64://bG9jYWwgc3ViamVjdCA9I..." | ||
] | ||
}, | ||
"firstname": { | ||
"title": "Firstname", | ||
"description": "Name of the IDP attribute representing user firstname on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"John" | ||
] | ||
}, | ||
"lastname": { | ||
"title": "Lastname", | ||
"description": "Name of the IDP attribute representing user lastname on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"Doe" | ||
] | ||
}, | ||
"nickname": { | ||
"title": "Nickname", | ||
"description": "Name of the IDP attribute representing user username on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"JohnDoe1337" | ||
] | ||
}, | ||
"gender": { | ||
"title": "Gender", | ||
"description": "Name of the IDP attribute representing user's gender on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"Male", | ||
"Female", | ||
"Non-binary" | ||
] | ||
}, | ||
"birthdate": { | ||
"title": "Birthdate", | ||
"description": "Name of the IDP attribute representing user birthdate on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"08/23/1978" | ||
] | ||
}, | ||
"picture": { | ||
"title": "Picture", | ||
"description": "Name of the IDP attribute representing user picture on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"https://imagepicture.jpg" | ||
] | ||
}, | ||
"email": { | ||
"title": "Email", | ||
"description": "Name of the IDP attribute representing user email on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"[email protected]" | ||
] | ||
}, | ||
"phone_number": { | ||
"title": "Phone Number", | ||
"description": "Name of the IDP attribute representing user phone number on Kratos", | ||
"type": "string", | ||
"examples": [ | ||
"+33678984320" | ||
] | ||
} | ||
} | ||
} | ||
}, | ||
"additionalProperties": false, | ||
"required": [ | ||
"id", | ||
"label", | ||
"public_cert_path", | ||
"private_key_path", | ||
"mapper_url" | ||
] | ||
}, | ||
"selfServiceOIDCProvider": { | ||
"type": "object", | ||
"properties": { | ||
|
@@ -770,6 +989,9 @@ | |
"oidc": { | ||
"$ref": "#/definitions/selfServiceAfterRegistrationMethod" | ||
}, | ||
"saml": { | ||
"$ref": "#/definitions/selfServiceAfterRegistrationMethod" | ||
}, | ||
"hooks": { | ||
"$ref": "#/definitions/selfServiceHooks" | ||
} | ||
|
@@ -1394,6 +1616,35 @@ | |
] | ||
} | ||
}, | ||
"saml": { | ||
"type": "object", | ||
"title": "Specify SAML configuration", | ||
"showEnvVarBlockForObject": true, | ||
"additionalProperties": false, | ||
"properties": { | ||
"enabled": { | ||
"type": "boolean", | ||
"title": "Enables SAML Authentication Method", | ||
"default": false | ||
}, | ||
"config": { | ||
"type": "object", | ||
"additionalProperties": false, | ||
"properties": { | ||
"providers": { | ||
"title": "SAML Provider", | ||
"description": "All information required to implement a SAML authentication", | ||
"type": "array", | ||
"items": { | ||
"$ref": "#/definitions/selfServiceSAMLProvider" | ||
} | ||
} | ||
} | ||
|
||
|
||
} | ||
} | ||
}, | ||
"oidc": { | ||
"type": "object", | ||
"title": "Specify OpenID Connect and OAuth2 Configuration", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.