Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support importing SAML metadata xml to configure SSO #5071

Open
knolleary opened this issue Jan 31, 2025 · 0 comments
Open

Support importing SAML metadata xml to configure SSO #5071

knolleary opened this issue Jan 31, 2025 · 0 comments
Labels
feature-request New feature or request that needs to be turned into Epic/Story details needs-triage Needs looking at to decide what to do priority:low Low Priority

Comments

@knolleary
Copy link
Member

Description

To setup SAML SSO requires three pieces of configuration from the IdentityProvider; the entityID, the SSO url and the public certificate.

Whilst these can be individually copied into the configuration, there is a standard XML metadata format that many IdPs provide that includes this information.

It would be a small paper-cut improvement to support importing this metadata when setting up an SSO configuration.

Here's an example from OKTA:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.example.com/secret/id">
   <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <md:KeyDescriptor use="signing">
         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:X509Data>
               <ds:X509Certificate>... a certificate ... </ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </md:KeyDescriptor>
      <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/secret/sso/saml"/>
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/secret/sso/saml"/>
   </md:IDPSSODescriptor>
</md:EntityDescriptor>

Which customers would this be available to

Enterprise Tier Only (EE)

Have you provided an initial effort estimate for this issue?

I have provided an initial effort estimate
@knolleary knolleary added feature-request New feature or request that needs to be turned into Epic/Story details needs-triage Needs looking at to decide what to do priority:low Low Priority labels Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request New feature or request that needs to be turned into Epic/Story details needs-triage Needs looking at to decide what to do priority:low Low Priority
Projects
☁️ Product Planning
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@knolleary