✨ SAML integration prototype (#1475)

* 🔨 Add `AUTH_TYPE` field to `ConfigMap` * 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap` * 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret` * 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret` * 🔨 Mount SAML X.509 key pair into `hub` * 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front` * 🔧 Add Nginx path rewrite for `/saml` * 🔧 Raise request size to accept big SAML responses * 🔨 Add `REACT_APP_AUTH_TYPE` environment default value * 📝 Update `README.md` * 📝 Update `README.md` * 🔨 Add `AUTH_TYPE` config map key * 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key * ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig` * ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig` * ✨ Create `SamlConfig` in `TapConfig.AuthConfig` * 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field * 📝 Update `README.md` * 🔨 Add `tap.insgress.enabled/host` to `ConfigMap` * 🔨 Add `tap.proxy.front.port` to `ConfigMap` * 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front` * 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml` * 🐛 Fix indentation for X.509 secrets * 📝 Provide SAML setup docs * 📝 Update SAML setup docs * 📝 Update SAML setup docs * Added callback URL indication * 💥 Disable standard `Descope` auth --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
2026-02-14 18:09:51 +00:00 · 2024-01-24 02:47:29 +08:00
parent 8e5df14f49
commit a8dd332ff8
10 changed files with 196 additions and 26 deletions
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -82,11 +82,19 @@ type ResourcesConfig struct {
 	Tracer  ResourceRequirements `yaml:"tracer" json:"tracer"`
 }

+type SamlConfig struct {
+	IdpMetadataUrl string `yaml:"idpMetadataUrl" json:"idpMetadataUrl"`
+	X509crt        string `yaml:"x509crt" json:"x509crt"`
+	X509key        string `yaml:"x509key" json:"x509key"`
+}
+
 type AuthConfig struct {
-	Enabled         bool     `yaml:"enabled" json:"enabled" default:"false"`
-	ApprovedEmails  []string `yaml:"approvedEmails" json:"approvedEmails"  default:"[]"`
-	ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains"  default:"[]"`
-	ApprovedTenants []string `yaml:"approvedTenants" json:"approvedTenants"  default:"[]"`
+	Enabled         bool       `yaml:"enabled" json:"enabled" default:"false"`
+	Type            string     `yaml:"type" json:"type" default:"saml"`
+	ApprovedEmails  []string   `yaml:"approvedEmails" json:"approvedEmails"  default:"[]"`
+	ApprovedDomains []string   `yaml:"approvedDomains" json:"approvedDomains"  default:"[]"`
+	ApprovedTenants []string   `yaml:"approvedTenants" json:"approvedTenants"  default:"[]"`
+	Saml            SamlConfig `yaml:"saml" json:"saml"`
 }

 type IngressConfig struct {