diff --git a/CHANGELOG.md b/CHANGELOG.md index e159883ac..a6be6ef51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## Next release +- improvement: add idp_slo_service_url(logout requests url) to saml provider + ## v6.3.13 2024 February 19 - Fix a bug: missing payment transfer journal code in accouting line diff --git a/app/controllers/api/auth_providers_controller.rb b/app/controllers/api/auth_providers_controller.rb index 379c2a315..642236355 100644 --- a/app/controllers/api/auth_providers_controller.rb +++ b/app/controllers/api/auth_providers_controller.rb @@ -108,7 +108,7 @@ class API::AuthProvidersController < API::APIController elsif params['auth_provider']['providable_type'] == SamlProvider.name params.require(:auth_provider) .permit(:id, :name, :providable_type, - providable_attributes: [:id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert], + providable_attributes: [:id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url], auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type, :_destroy, { transformation: [:type, :format, :true_value, :false_value, { mapping: %i[from to] }] }]) diff --git a/app/frontend/src/javascript/components/authentication-provider/saml-form.tsx b/app/frontend/src/javascript/components/authentication-provider/saml-form.tsx index 5fdbd9221..70a16603a 100644 --- a/app/frontend/src/javascript/components/authentication-provider/saml-form.tsx +++ b/app/frontend/src/javascript/components/authentication-provider/saml-form.tsx @@ -58,6 +58,13 @@ export const SamlForm = ({ register, strategyN tooltip={t('app.admin.authentication.saml_form.profile_edition_url_help')} rules={{ required: true, pattern: ValidationLib.urlRegex }} formState={formState} /> + ); }; diff --git a/app/frontend/src/javascript/models/authentication-provider.ts b/app/frontend/src/javascript/models/authentication-provider.ts index a9e61cd09..f56c94bf8 100644 --- a/app/frontend/src/javascript/models/authentication-provider.ts +++ b/app/frontend/src/javascript/models/authentication-provider.ts @@ -72,6 +72,7 @@ export interface SamlProvider { idp_cert_fingerprint: string, idp_cert: string, profile_url: string, + idp_slo_service_url: string, } export interface MappingFields { diff --git a/app/views/api/auth_providers/show.json.jbuilder b/app/views/api/auth_providers/show.json.jbuilder index 55531d9c6..18a2ab3e0 100644 --- a/app/views/api/auth_providers/show.json.jbuilder +++ b/app/views/api/auth_providers/show.json.jbuilder @@ -22,6 +22,6 @@ end if @provider.providable_type == SamlProvider.name json.providable_attributes do - json.extract! @provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert + json.extract! @provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url end end diff --git a/app/views/auth_provider/provider.json.jbuilder b/app/views/auth_provider/provider.json.jbuilder index efbfbdce8..dda5a9a72 100644 --- a/app/views/auth_provider/provider.json.jbuilder +++ b/app/views/auth_provider/provider.json.jbuilder @@ -23,6 +23,6 @@ end if provider.providable_type == 'SamlProvider' json.providable_attributes do - json.extract! provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert + json.extract! provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url end end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 5b5b71555..716ff45ca 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -250,6 +250,7 @@ Devise.setup do |config| config.omniauth active_provider.strategy_name.to_sym, sp_entity_id: active_provider.providable.sp_entity_id, idp_sso_service_url: active_provider.providable.idp_sso_service_url, + idp_slo_service_url: active_provider.providable.idp_slo_service_url, idp_cert: active_provider.providable.idp_cert, idp_cert_fingerprint: active_provider.providable.idp_cert_fingerprint, strategy_class: OmniAuth::Strategies::SsoSamlProvider diff --git a/config/locales/app.admin.en.yml b/config/locales/app.admin.en.yml index bcbabea7a..ed86a193e 100644 --- a/config/locales/app.admin.en.yml +++ b/config/locales/app.admin.en.yml @@ -1569,6 +1569,8 @@ en: idp_cert: "Identity provider certificate" profile_edition_url: "Profil edition URL" profile_edition_url_help: "The URL of the page where the user can edit his profile." + idp_slo_service_url: "Single logout request URL" + idp_slo_service_url_help: "The URL to which the single logout request and response should be sent. This would be on the identity provider." provider_form: name: "Name" authentication_type: "Authentication type" diff --git a/db/migrate/20240220140225_add_idp_slo_service_url_to_saml_providers.rb b/db/migrate/20240220140225_add_idp_slo_service_url_to_saml_providers.rb new file mode 100644 index 000000000..4eca9b578 --- /dev/null +++ b/db/migrate/20240220140225_add_idp_slo_service_url_to_saml_providers.rb @@ -0,0 +1,5 @@ +class AddIdpSloServiceUrlToSamlProviders < ActiveRecord::Migration[7.0] + def change + add_column :saml_providers, :idp_slo_service_url, :string + end +end diff --git a/db/structure.sql b/db/structure.sql index aad684c7c..edf633649 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -3278,7 +3278,8 @@ CREATE TABLE public.saml_providers ( updated_at timestamp(6) without time zone NOT NULL, profile_url character varying, idp_cert character varying, - idp_cert_fingerprint character varying + idp_cert_fingerprint character varying, + idp_slo_service_url character varying ); @@ -9324,6 +9325,7 @@ INSERT INTO "schema_migrations" (version) VALUES ('20231108094433'), ('20240116163703'), ('20240126145351'), -('20240126192110'); +('20240126192110'), +('20240220140225');