From a7435bf9073263cd4a7155d7d385735ffb0e5cae Mon Sep 17 00:00:00 2001 From: Rob Ferguson Date: Wed, 21 Aug 2024 18:24:39 -0500 Subject: [PATCH] fix: add additional supported saml attributes (#690) ## Description Adds additional supported client attributes ## Related Issue Fixes # Relates to # ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --- docs/configuration/uds-operator.md | 2 ++ src/pepr/operator/crd/validators/package-validator.spec.ts | 2 ++ src/pepr/operator/crd/validators/package-validator.ts | 2 ++ 3 files changed, 6 insertions(+) diff --git a/docs/configuration/uds-operator.md b/docs/configuration/uds-operator.md index 66d24a58f..7d5e7bb60 100644 --- a/docs/configuration/uds-operator.md +++ b/docs/configuration/uds-operator.md @@ -211,6 +211,8 @@ The SSO spec supports a subset of the Keycloak attributes for clients, but does - oauth2.device.authorization.grant.enabled - pkce.code.challenge.method - client.session.idle.timeout +- saml.client.signature +- saml_assertion_consumer_url_post ## Exemption diff --git a/src/pepr/operator/crd/validators/package-validator.spec.ts b/src/pepr/operator/crd/validators/package-validator.spec.ts index fd1e0e5c5..5ebdd72a0 100644 --- a/src/pepr/operator/crd/validators/package-validator.spec.ts +++ b/src/pepr/operator/crd/validators/package-validator.spec.ts @@ -471,6 +471,8 @@ describe("Test Allowed SSO Client Attributes", () => { "oauth2.device.authorization.grant.enabled": "true", "pkce.code.challenge.method": "S256", "client.session.idle.timeout": "3600", + "saml.client.signature": "false", + saml_assertion_consumer_url_post: "https://nexus.uds.dev/saml", }, }, ], diff --git a/src/pepr/operator/crd/validators/package-validator.ts b/src/pepr/operator/crd/validators/package-validator.ts index 9283f508c..2955409f2 100644 --- a/src/pepr/operator/crd/validators/package-validator.ts +++ b/src/pepr/operator/crd/validators/package-validator.ts @@ -89,6 +89,8 @@ export async function validator(req: PeprValidateRequest) { "oauth2.device.authorization.grant.enabled", "pkce.code.challenge.method", "client.session.idle.timeout", + "saml.client.signature", + "saml_assertion_consumer_url_post", ]); for (const client of ssoClients) {