Merge pull request #221 from auth0/samlp-sso-clients-documentation

Adding `sso_integration` as valid app type + documentation for SSO integrations via SAMLP clients

auth0/resource_auth0_client.go

@@ -54,7 +54,7 @@ func newClient() *schema.Resource {
 					"native", "spa", "regular_web", "non_interactive", "rms",
 					"box", "cloudbees", "concur", "dropbox", "mscrm", "echosign",
 					"egnyte", "newrelic", "office365", "salesforce", "sentry",
-					"sharepoint", "slack", "springcm", "zendesk", "zoom",
+					"sharepoint", "slack", "springcm", "sso_integration", "zendesk", "zoom",
 				}, false),
 			},
 			"logo_uri": {

auth0/resource_auth0_client_test.go

@@ -593,3 +593,73 @@ resource "auth0_client" "my_client" {
 	}
   }
 `
+
+func TestAccClientSSOIntegration(t *testing.T) {
+	httpRecorder := configureHTTPRecorder(t)
+
+	resource.Test(t, resource.TestCase{
+		ProviderFactories: testProviders(httpRecorder),
+		Steps: []resource.TestStep{
+			{
+				Config: template.ParseTestName(testAccClientSSOIntegrationCreate, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "http://tableau-server-test.domain.eu.com/audience"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.recipient", "http://tableau-server-test.domain.eu.com/recipient"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "http://tableau-server-test.domain.eu.com/destination"),
+				),
+			},
+			{
+				Config: template.ParseTestName(testAccClientSSOIntegrationUpdate, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "http://tableau-server-test.domain.eu.com/audience-different"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.recipient", "http://tableau-server-test.domain.eu.com/recipient-different"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "http://tableau-server-test.domain.eu.com/destination"),
+				),
+			},
+		},
+	})
+}
+
+const testAccClientSSOIntegrationCreate = `
+resource "auth0_client" "my_client" {
+  name = "Acceptance Test - SSO Integration - {{.testName}}"
+  app_type = "sso_integration"
+  addons{
+	samlp {
+		audience= "http://tableau-server-test.domain.eu.com/audience"
+		destination= "http://tableau-server-test.domain.eu.com/destination"
+		digest_algorithm= "sha256"
+		lifetime_in_seconds= 3600
+		mappings= {
+			email= "username"
+		}
+		name_identifier_format= "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+		passthrough_claims_with_no_mapping= false
+		recipient= "http://tableau-server-test.domain.eu.com/recipient"
+	}
+  }
+}
+`
+
+const testAccClientSSOIntegrationUpdate = `
+resource "auth0_client" "my_client" {
+	name = "Acceptance Test - SSO Integration - {{.testName}}"
+	app_type = "sso_integration"
+	addons{
+	  samlp {
+		audience= "http://tableau-server-test.domain.eu.com/audience-different"
+		destination= "http://tableau-server-test.domain.eu.com/destination"
+		digest_algorithm= "sha256"
+		lifetime_in_seconds= 3600
+		mappings= {
+			email= "username"
+		}
+		name_identifier_format= "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+		passthrough_claims_with_no_mapping= false
+		recipient= "http://tableau-server-test.domain.eu.com/recipient-different"
+	  }
+	}
+  }
+`

auth0/testdata/recordings/TestAccClientSSOIntegration.yaml

@@ -0,0 +1,154 @@
+---
+version: 1
+interactions:
+- request:
+    body: |
+      {"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","app_type":"sso_integration","addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}}}
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+      User-Agent:
+      - Go-Auth0-SDK/latest
+    url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients
+    method: POST
+  response:
+    body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+    headers:
+      Content-Type:
+      - application/json; charset=utf-8
+    status: 201 Created
+    code: 201
+    duration: 1ms
+- request:
+    body: |
+      null
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+      User-Agent:
+      - Go-Auth0-SDK/latest
+    url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
+    method: GET
+  response:
+    body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+    headers:
+      Content-Type:
+      - application/json; charset=utf-8
+    status: 200 OK
+    code: 200
+    duration: 1ms
+- request:
+    body: |
+      null
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+      User-Agent:
+      - Go-Auth0-SDK/latest
+    url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
+    method: GET
+  response:
+    body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+    headers:
+      Content-Type:
+      - application/json; charset=utf-8
+    status: 200 OK
+    code: 200
+    duration: 1ms
+- request:
+    body: |
+      null
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+      User-Agent:
+      - Go-Auth0-SDK/latest
+    url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
+    method: GET
+  response:
+    body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+    headers:
+      Content-Type:
+      - application/json; charset=utf-8
+    status: 200 OK
+    code: 200
+    duration: 1ms
+- request:
+    body: |
+      {"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"lifetime_in_seconds":36000},"sso":false,"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience-different","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient-different","signResponse":false,"signatureAlgorithm":"rsa-sha1","typedAttributes":true}}}
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+      User-Agent:
+      - Go-Auth0-SDK/latest
+    url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
+    method: PATCH
+  response:
+    body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso":false,"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience-different","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient-different","signResponse":false,"signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+    headers:
+      Content-Type:
+      - application/json; charset=utf-8
+    status: 200 OK
+    code: 200
+    duration: 1ms
+- request:
+    body: |
+      null
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+      User-Agent:
+      - Go-Auth0-SDK/latest
+    url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
+    method: GET
+  response:
+    body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso":false,"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience-different","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient-different","signResponse":false,"signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+    headers:
+      Content-Type:
+      - application/json; charset=utf-8
+    status: 200 OK
+    code: 200
+    duration: 1ms
+- request:
+    body: |
+      null
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+      User-Agent:
+      - Go-Auth0-SDK/latest
+    url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
+    method: GET
+  response:
+    body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso":false,"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience-different","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient-different","signResponse":false,"signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+    headers:
+      Content-Type:
+      - application/json; charset=utf-8
+    status: 200 OK
+    code: 200
+    duration: 1ms
+- request:
+    body: ""
+    form: {}
+    headers:
+      Content-Type:
+      - application/json
+      User-Agent:
+      - Go-Auth0-SDK/latest
+    url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
+    method: DELETE
+  response:
+    body: ""
+    headers:
+      Content-Type:
+      - application/json; charset=utf-8
+    status: 204 No Content
+    code: 204
+    duration: 1ms

docs/resources/client.md

@@ -94,7 +94,7 @@ Arguments accepted by this resource include:
 * `name` - (Required) String. Name of the client.
 * `description` - (Optional) String, (Max length = 140 characters). Description of the purpose of the client.
 * `client_secret_rotation_trigger` - (Optional) Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
-* `app_type` - (Optional) String. Type of application the client represents. Options include `native`, `spa`, `regular_web`, `non_interactive`, `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`.
+* `app_type` - (Optional) String. Type of application the client represents. Options include `native`, `spa`, `regular_web`, `non_interactive`, `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `sso_integration`, `zendesk`, `zoom`.
 * `logo_uri` - (Optional) String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
 * `is_first_party` - (Optional) Boolean. Indicates whether or not this client is a first-party client.
 * `is_token_endpoint_ip_header_trusted` - (Optional) Boolean. Indicates whether or not the token endpoint IP header is trusted.
@@ -180,6 +180,8 @@ Arguments accepted by this resource include:
 
 ### SAML
 
+SAML apps facilitate the configurations for various Single Sign-on (SSO) integrations including the following types: G Suite, Hosted Graphite, Litmos, Cisco Webex, Sprout Video, FreshDesk, Tableau Online, Tableau Server, Datadog, Egencia, Github Cloud, Github Server, Heroku, Workday, Pluralsight and Workpath.
+
 `samlp` supports the following arguments:
 
 * `audience` - (Optional) String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.