-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IDP-initiated sso REST handler #51830
IDP-initiated sso REST handler #51830
Conversation
Necessary rest handler and transport action for consuming an SP EntityID and producing a SAML response for the authenticating user. TransportSamlInitiateSingleSignOnAction needs to be adjusted to take advantage of the secondary authentication handling logic once this is available. TODO: add tests for TransportSamlInitiateSingleSignOnAction
Pinging @elastic/es-security (:Security/Security) |
@elasticmachine run elasticsearch-ci/2 please |
...ugin/identity-provider/src/main/java/org/elasticsearch/xpack/idp/IdentityProviderPlugin.java
Outdated
Show resolved
Hide resolved
...rovider/src/main/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnAction.java
Outdated
Show resolved
Hide resolved
...ovider/src/main/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnRequest.java
Outdated
Show resolved
Hide resolved
...rc/main/java/org/elasticsearch/xpack/idp/action/TransportSamlInitiateSingleSignOnAction.java
Outdated
Show resolved
Hide resolved
...rc/main/java/org/elasticsearch/xpack/idp/rest/action/RestSamlInitiateSingleSignOnAction.java
Outdated
Show resolved
Hide resolved
...y-provider/src/main/java/org/elasticsearch/xpack/idp/saml/sp/CloudKibanaServiceProvider.java
Outdated
Show resolved
Hide resolved
serializer.transform(new DOMSource(element), new StreamResult(writer)); | ||
} | ||
|
||
public static String samlObjectToString(SAMLObject object) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
public static String samlObjectToString(SAMLObject object) { | |
public static String getXmlContent(SAMLObject object) { |
I think we should be more explict that this is used to get the object in XML, not just for printing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is marked resolved, but it doesn't seem to have changed.
|
||
public static String samlObjectToString(SAMLObject object) { | ||
try { | ||
return toString(XMLObjectSupport.marshall(object), true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think for the case where this is used (Rest response) we don't want to pretty print by default (maybe if the pretty
parameter is set, but not otherwise).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this has been resolved
...ugin/identity-provider/src/main/java/org/elasticsearch/xpack/idp/saml/support/SamlUtils.java
Show resolved
Hide resolved
...rc/main/java/org/elasticsearch/xpack/idp/action/TransportSamlInitiateSingleSignOnAction.java
Show resolved
Hide resolved
@tvernum I addressed your comments and added a couple of tests for the Transport action, ready to take another look |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of my previous comments were marked as resolved, but I don't see any change that related.
|
||
@Override | ||
public String getName() { | ||
return "idp_init_sso_action"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's minor, but I think this name should reference SAML since it's a SAML specific endpoint.
Apologies, somehow lost track of these. I resolve comments as I fix them in code so that I don't miss any but apparently this didn't help much either way. I left then unresolved now so that you can resolve them while verifying, that should probably be a better workflow. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Necessary rest handler and transport action for consuming an SP
EntityID and producing a SAML response for the authenticating user.
TransportSamlInitiateSingleSignOnAction needs to be adjusted to
take advantage of the secondary authentication handling logic once
this is available.