Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding sso_integration as valid app type + documentation for SSO integrations via SAMLP clients #221

Merged
merged 6 commits into from
Jul 7, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion auth0/resource_auth0_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func newClient() *schema.Resource {
"native", "spa", "regular_web", "non_interactive", "rms",
"box", "cloudbees", "concur", "dropbox", "mscrm", "echosign",
"egnyte", "newrelic", "office365", "salesforce", "sentry",
"sharepoint", "slack", "springcm", "zendesk", "zoom",
"sharepoint", "slack", "springcm", "sso_integration", "zendesk", "zoom",
}, false),
},
"logo_uri": {
Expand Down
70 changes: 70 additions & 0 deletions auth0/resource_auth0_client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -593,3 +593,73 @@ resource "auth0_client" "my_client" {
}
}
`

func TestAccClientSSOIntegration(t *testing.T) {
httpRecorder := configureHTTPRecorder(t)

resource.Test(t, resource.TestCase{
ProviderFactories: testProviders(httpRecorder),
Steps: []resource.TestStep{
{
Config: template.ParseTestName(testAccClientSSOIntegrationCreate, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "http://tableau-server-test.domain.eu.com/audience"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.recipient", "http://tableau-server-test.domain.eu.com/recipient"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "http://tableau-server-test.domain.eu.com/destination"),
),
},
{
Config: template.ParseTestName(testAccClientSSOIntegrationUpdate, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "sso_integration"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.audience", "http://tableau-server-test.domain.eu.com/audience-different"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.recipient", "http://tableau-server-test.domain.eu.com/recipient-different"),
resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.destination", "http://tableau-server-test.domain.eu.com/destination"),
),
},
},
})
}

const testAccClientSSOIntegrationCreate = `
resource "auth0_client" "my_client" {
name = "Acceptance Test - SSO Integration - {{.testName}}"
app_type = "sso_integration"
addons{
samlp {
audience= "http://tableau-server-test.domain.eu.com/audience"
destination= "http://tableau-server-test.domain.eu.com/destination"
digest_algorithm= "sha256"
lifetime_in_seconds= 3600
mappings= {
email= "username"
}
name_identifier_format= "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
passthrough_claims_with_no_mapping= false
recipient= "http://tableau-server-test.domain.eu.com/recipient"
}
}
}
`
Comment on lines +625 to +644
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sweeet! 👍🏻


const testAccClientSSOIntegrationUpdate = `
resource "auth0_client" "my_client" {
name = "Acceptance Test - SSO Integration - {{.testName}}"
app_type = "sso_integration"
addons{
samlp {
audience= "http://tableau-server-test.domain.eu.com/audience-different"
destination= "http://tableau-server-test.domain.eu.com/destination"
digest_algorithm= "sha256"
lifetime_in_seconds= 3600
mappings= {
email= "username"
}
name_identifier_format= "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
passthrough_claims_with_no_mapping= false
recipient= "http://tableau-server-test.domain.eu.com/recipient-different"
}
}
}
`
154 changes: 154 additions & 0 deletions auth0/testdata/recordings/TestAccClientSSOIntegration.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
---
version: 1
interactions:
- request:
body: |
{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","app_type":"sso_integration","addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}}}
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients
method: POST
response:
body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 201 Created
code: 201
duration: 1ms
- request:
body: |
null
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
method: GET
response:
body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 200 OK
code: 200
duration: 1ms
- request:
body: |
null
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
method: GET
response:
body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 200 OK
code: 200
duration: 1ms
- request:
body: |
null
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
method: GET
response:
body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient","signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 200 OK
code: 200
duration: 1ms
- request:
body: |
{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"lifetime_in_seconds":36000},"sso":false,"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience-different","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient-different","signResponse":false,"signatureAlgorithm":"rsa-sha1","typedAttributes":true}}}
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
method: PATCH
response:
body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso":false,"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience-different","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient-different","signResponse":false,"signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 200 OK
code: 200
duration: 1ms
- request:
body: |
null
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
method: GET
response:
body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso":false,"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience-different","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient-different","signResponse":false,"signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 200 OK
code: 200
duration: 1ms
- request:
body: |
null
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
method: GET
response:
body: '{"name":"Acceptance Test - SSO Integration - TestAccClientSSOIntegration","client_id":"j6quWJi3UeGHcagWnYafQJh4udgAaZCf","client_secret":"[REDACTED]","app_type":"sso_integration","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso":false,"sso_disabled":false,"cross_origin_auth":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"addons":{"samlp":{"audience":"http://tableau-server-test.domain.eu.com/audience-different","createUpnClaim":true,"destination":"http://tableau-server-test.domain.eu.com/destination","digestAlgorithm":"sha256","includeAttributeNameFormat":true,"lifetimeInSeconds":3600,"logout":{},"mapIdentities":true,"mapUnknownClaimsAsIs":false,"mappings":{"email":"username"},"nameIdentifierFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic","passthroughClaimsWithNoMapping":false,"recipient":"http://tableau-server-test.domain.eu.com/recipient-different","signResponse":false,"signatureAlgorithm":"rsa-sha1","typedAttributes":true}},"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 200 OK
code: 200
duration: 1ms
- request:
body: ""
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/j6quWJi3UeGHcagWnYafQJh4udgAaZCf
method: DELETE
response:
body: ""
headers:
Content-Type:
- application/json; charset=utf-8
status: 204 No Content
code: 204
duration: 1ms
4 changes: 3 additions & 1 deletion docs/resources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ Arguments accepted by this resource include:
* `name` - (Required) String. Name of the client.
* `description` - (Optional) String, (Max length = 140 characters). Description of the purpose of the client.
* `client_secret_rotation_trigger` - (Optional) Map. Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
* `app_type` - (Optional) String. Type of application the client represents. Options include `native`, `spa`, `regular_web`, `non_interactive`, `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`.
* `app_type` - (Optional) String. Type of application the client represents. Options include `native`, `spa`, `regular_web`, `non_interactive`, `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `sso_integration`, `zendesk`, `zoom`.
* `logo_uri` - (Optional) String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
* `is_first_party` - (Optional) Boolean. Indicates whether or not this client is a first-party client.
* `is_token_endpoint_ip_header_trusted` - (Optional) Boolean. Indicates whether or not the token endpoint IP header is trusted.
Expand Down Expand Up @@ -180,6 +180,8 @@ Arguments accepted by this resource include:

### SAML

SAML apps facilitate the configurations for various Single Sign-on (SSO) integrations including the following types: G Suite, Hosted Graphite, Litmos, Cisco Webex, Sprout Video, FreshDesk, Tableau Online, Tableau Server, Datadog, Egencia, Github Cloud, Github Server, Heroku, Workday, Pluralsight and Workpath.

`samlp` supports the following arguments:

* `audience` - (Optional) String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
Expand Down