(feat) add idp_slo_service_url

2025-01-30 19:52:20 +01:00 · 2024-02-20 15:58:52 +01:00 · 2024-02-20 15:58:52 +01:00 · 5b9bdd2b46
commit 5b9bdd2b46
parent 68251b88b2
10 changed files with 25 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,8 @@

 ## Next release

+- improvement: add idp_slo_service_url(logout requests url) to saml provider
+
 ## v6.3.13 2024 February 19

 - Fix a bug: missing payment transfer journal code in accouting line
--- a/app/controllers/api/auth_providers_controller.rb
+++ b/app/controllers/api/auth_providers_controller.rb
@ -108,7 +108,7 @@ class API::AuthProvidersController < API::APIController
    elsif params['auth_provider']['providable_type'] == SamlProvider.name
      params.require(:auth_provider)
            .permit(:id, :name, :providable_type,
-                    providable_attributes: [:id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert],
+                    providable_attributes: [:id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url],
                    auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
                                                        :_destroy, { transformation: [:type, :format, :true_value, :false_value,
                                                                                      { mapping: %i[from to] }] }])
--- a/app/frontend/src/javascript/components/authentication-provider/saml-form.tsx
+++ b/app/frontend/src/javascript/components/authentication-provider/saml-form.tsx
@ -58,6 +58,13 @@ export const SamlForm = <TFieldValues extends FieldValues>({ register, strategyN
                 tooltip={t('app.admin.authentication.saml_form.profile_edition_url_help')}
                 rules={{ required: true, pattern: ValidationLib.urlRegex }}
                 formState={formState} />
+      <FormInput id="providable_attributes.idp_slo_service_url"
+                 register={register}
+                 placeholder="https://sso.exemple.net..."
+                 label={t('app.admin.authentication.saml_form.idp_slo_service_url')}
+                 tooltip={t('app.admin.authentication.saml_form.idp_slo_service_url_help')}
+                 rules={{ pattern: ValidationLib.urlRegex }}
+                 formState={formState} />
    </div>
  );
 };
--- a/app/frontend/src/javascript/models/authentication-provider.ts
+++ b/app/frontend/src/javascript/models/authentication-provider.ts
@ -72,6 +72,7 @@ export interface SamlProvider {
  idp_cert_fingerprint: string,
  idp_cert: string,
  profile_url: string,
+  idp_slo_service_url: string,
 }

 export interface MappingFields {
--- a/app/views/api/auth_providers/show.json.jbuilder
+++ b/app/views/api/auth_providers/show.json.jbuilder
@ -22,6 +22,6 @@ end

 if @provider.providable_type == SamlProvider.name
  json.providable_attributes do
-    json.extract! @provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert
+    json.extract! @provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url
  end
 end
--- a/app/views/auth_provider/provider.json.jbuilder
+++ b/app/views/auth_provider/provider.json.jbuilder
@ -23,6 +23,6 @@ end

 if provider.providable_type == 'SamlProvider'
  json.providable_attributes do
-    json.extract! provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert
+    json.extract! provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url
  end
 end
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -250,6 +250,7 @@ Devise.setup do |config|
      config.omniauth active_provider.strategy_name.to_sym,
                      sp_entity_id: active_provider.providable.sp_entity_id,
                      idp_sso_service_url: active_provider.providable.idp_sso_service_url,
+                      idp_slo_service_url: active_provider.providable.idp_slo_service_url,
                      idp_cert: active_provider.providable.idp_cert,
                      idp_cert_fingerprint: active_provider.providable.idp_cert_fingerprint,
                      strategy_class: OmniAuth::Strategies::SsoSamlProvider
--- a/config/locales/app.admin.en.yml
+++ b/config/locales/app.admin.en.yml
@ -1569,6 +1569,8 @@ en:
          idp_cert: "Identity provider certificate"
          profile_edition_url: "Profil edition URL"
          profile_edition_url_help: "The URL of the page where the user can edit his profile."
+          idp_slo_service_url: "Single logout request URL"
+          idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider."
        provider_form:
          name: "Name"
          authentication_type: "Authentication type"
--- a/db/migrate/20240220140225_add_idp_slo_service_url_to_saml_providers.rb
+++ b/db/migrate/20240220140225_add_idp_slo_service_url_to_saml_providers.rb
@ -0,0 +1,5 @@
+class AddIdpSloServiceUrlToSamlProviders < ActiveRecord::Migration[7.0]
+  def change
+    add_column :saml_providers, :idp_slo_service_url, :string
+  end
+end
--- a/db/structure.sql
+++ b/db/structure.sql
@ -3278,7 +3278,8 @@ CREATE TABLE public.saml_providers (
    updated_at timestamp(6) without time zone NOT NULL,
    profile_url character varying,
    idp_cert character varying,
-    idp_cert_fingerprint character varying
+    idp_cert_fingerprint character varying,
+    idp_slo_service_url character varying
 );


@ -9324,6 +9325,7 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20231108094433'),
 ('20240116163703'),
 ('20240126145351'),
-('20240126192110');
+('20240126192110'),
+('20240220140225');