feat: add support for keycloak saml attributes

Author: Nigel Foucha

docs/configuration/uds-operator.md

@@ -220,6 +220,9 @@ The SSO spec supports a subset of the Keycloak attributes for clients, but does
 - saml.assertion.signature
 - saml.client.signature
 - saml_assertion_consumer_url_post
+- saml_assertion_consumer_url_redirect
+- saml_single_logout_service_url_post
+- saml_single_logout_service_url_redirect
 
 ## Exemption
 

src/pepr/operator/crd/validators/package-validator.spec.ts

@@ -474,6 +474,9 @@ describe("Test Allowed SSO Client Attributes", () => {
             "saml.assertion.signature": "false",
             "saml.client.signature": "false",
             saml_assertion_consumer_url_post: "https://nexus.uds.dev/saml",
+            saml_assertion_consumer_url_redirect: "https://nexus.uds.dev/saml",
+            saml_single_logout_service_url_post: "https://nexus.uds.dev/saml/single-logout",
+            saml_single_logout_service_url_redirect: "https://nexus.uds.dev/saml/single-logout",
           },
         },
       ],

src/pepr/operator/crd/validators/package-validator.ts

@@ -117,6 +117,9 @@ export async function validator(req: PeprValidateRequest<UDSPackage>) {
     "saml.assertion.signature",
     "saml.client.signature",
     "saml_assertion_consumer_url_post",
+    "saml_assertion_consumer_url_redirect",
+    "saml_single_logout_service_url_post",
+    "saml_single_logout_service_url_redirect",
   ]);
 
   for (const client of ssoClients) {