Skip to content

support configuration of saml connection configuration for an org#57

Merged
mrmauer merged 3 commits intomainfrom
feat/973
Nov 14, 2024
Merged

support configuration of saml connection configuration for an org#57
mrmauer merged 3 commits intomainfrom
feat/973

Conversation

@mrmauer
Copy link
Contributor

@mrmauer mrmauer commented Nov 7, 2024
edited
Loading

depends on BE PR

After PR

let org = auth.org().fetch_org(org_id.clone()).await.expect("Unabled to fetch org.");

if !org.is_saml_configured {
    log::info!("Org does not have SAML configured. Setting up SAML...");

    let mut update_org_request = UpdateOrgRequest::new();
    update_org_request.can_setup_saml = Some(true);
    auth.org().update_org(
        org_id.clone(),
        update_org_request
    ).await.expect("Unable to update org.");

    let saml_sp_metadata = auth
        .org()
        .fetch_saml_sp_metadata(org.org_id.clone())
        .await
        .expect("Unable to fetch SAML SP metadata.");

    log::info!("SAML SP Metadata: {:?}", saml_sp_metadata);

    // example response...
    // FetchSamlSpMetadataResponse {
    //  entity_id: "https://auth.your.domain/saml/ORGS-URL-SLUG/metadata",
    //  acs_url: "https://auth.your.domain/saml/ORGS-URL-SLUG/acs",
    //  logout_url: "https://auth.your.domain/saml/ORGS-URL-SLUG/logout",
    // }

    // NOT IMPLEMENTED: Upsert this SP metadata to the IdP
    // NOT IMPLEMENTED: Get the metadata needed from the IdP

    let set_saml_idp_metadata_request = SetSamlIdpMetadataRequest {
        org_id: org.org_id.clone(),
        idp_entity_id: "https://sts.windows.net/SOME-UUID/".to_string(),
        idp_sso_url: "https://login.microsoftonline.com/SOME-UUID/saml2".to_string(),
        idp_certificate: r#"-----BEGIN CERTIFICATE-----
MyCertificateHere
-----END CERTIFICATE-----"#.to_string(),
        provider: SamlIdpProvider::Azure
    };
    
    auth
        .org()
        .set_saml_idp_metadata(set_saml_idp_metadata_request)
        .await
        .expect("Unable to set SAML IDP metadata.");
    
    auth
        .org()
        .saml_go_live(org.org_id.clone())
        .await
        .expect("Unable to set SAML IDP metadata.");
} else {
    log::info!("Org already has SAML configured. Deleting the connection...");

    auth
        .org()
        .delete_saml_connection(org.org_id.clone())
        .await
        .expect("Unable to delete SAML connection.");
}

Tests

Built a modified version of the above proof-of-concept within an example app.

pfvatterott
pfvatterott approved these changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@pfvatterott pfvatterott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mrmauer mrmauer merged commit 42a5b3b into main Nov 14, 2024
@mrmauer mrmauer deleted the feat/973 branch November 14, 2024 18:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pfvatterott pfvatterott pfvatterott approved these changes

@andrew-propelauth andrew-propelauth Awaiting requested review from andrew-propelauth

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrmauer @pfvatterott