Skip to content

Commit 067b5a3

Browse files
nfouchaUnicornChance
authored and
docandrew
committed
feat: add support for keycloak saml attributes (#806)
## Description Adds SAML fine grained attributes: `saml_assertion_consumer_url_redirect` `saml_single_logout_service_url_post` `saml_single_logout_service_url_redirect` ## Related Issue Fixes #805 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed Co-authored-by: Chance <[email protected]>
1 parent 4de50e5 commit 067b5a3

File tree

3 files changed

+9
-0
lines changed

3 files changed

+9
-0
lines changed

docs/configuration/uds-operator.md

+3
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,9 @@ The SSO spec supports a subset of the Keycloak attributes for clients, but does
220220
- saml.assertion.signature
221221
- saml.client.signature
222222
- saml_assertion_consumer_url_post
223+
- saml_assertion_consumer_url_redirect
224+
- saml_single_logout_service_url_post
225+
- saml_single_logout_service_url_redirect
223226

224227
## Exemption
225228

src/pepr/operator/crd/validators/package-validator.spec.ts

+3
Original file line numberDiff line numberDiff line change
@@ -474,6 +474,9 @@ describe("Test Allowed SSO Client Attributes", () => {
474474
"saml.assertion.signature": "false",
475475
"saml.client.signature": "false",
476476
saml_assertion_consumer_url_post: "https://nexus.uds.dev/saml",
477+
saml_assertion_consumer_url_redirect: "https://nexus.uds.dev/saml",
478+
saml_single_logout_service_url_post: "https://nexus.uds.dev/saml/single-logout",
479+
saml_single_logout_service_url_redirect: "https://nexus.uds.dev/saml/single-logout",
477480
},
478481
},
479482
],

src/pepr/operator/crd/validators/package-validator.ts

+3
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,9 @@ export async function validator(req: PeprValidateRequest<UDSPackage>) {
117117
"saml.assertion.signature",
118118
"saml.client.signature",
119119
"saml_assertion_consumer_url_post",
120+
"saml_assertion_consumer_url_redirect",
121+
"saml_single_logout_service_url_post",
122+
"saml_single_logout_service_url_redirect",
120123
]);
121124

122125
for (const client of ssoClients) {

0 commit comments

Comments
 (0)