From 06c7c3fd18d6d65b716aa235a44f57f395758236 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kspearrin@users.noreply.github.com>
Date: Thu, 18 Jan 2024 16:54:31 -0500
Subject: [PATCH] [PM-5149] UI for unique SP entity id on organization sso
 configs (#7117)

* add ui for making sp entity id unique

* pretty

* updates
---
 apps/web/src/locales/en/messages.json         |  6 +++++
 .../src/app/auth/sso/sso.component.html       | 25 ++++++++++++++++++-
 .../bit-web/src/app/auth/sso/sso.component.ts |  3 +++
 .../src/auth/models/api/sso-config.api.ts     |  3 +++
 .../response/organization-sso.response.ts     |  2 ++
 .../src/auth/models/view/sso-config.view.ts   |  2 ++
 6 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 2471681502..11c76c6b24 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -5176,6 +5176,12 @@
   "spValidateCertificates": {
     "message": "Validate certificates"
   },
+  "spUniqueEntityId": {
+    "message": "Set a unique SP entity ID"
+  },
+  "spUniqueEntityIdDesc": {
+    "message": "Generate an identifier that is unique to your organization"
+  },
   "idpEntityId": {
     "message": "Entity ID"
   },
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
index 9109346077..816d09f90b 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
@@ -307,7 +307,18 @@
     <div class="config-section">
       <h2 class="secondary-header">{{ "samlSpConfig" | i18n }}</h2>
 
-      <bit-form-field>
+      <bit-form-control>
+        <bit-label>{{ "spUniqueEntityId" | i18n }}</bit-label>
+        <input
+          bitCheckbox
+          type="checkbox"
+          formControlName="spUniqueEntityId"
+          id="spUniqueEntityId"
+        />
+        <bit-hint>{{ "spUniqueEntityIdDesc" | i18n }}</bit-hint>
+      </bit-form-control>
+
+      <bit-form-field *ngIf="ssoConfigForm.value.saml.spUniqueEntityId">
         <bit-label>{{ "spEntityId" | i18n }}</bit-label>
         <input bitInput disabled [value]="spEntityId" />
         <button
@@ -319,6 +330,18 @@
         ></button>
       </bit-form-field>
 
+      <bit-form-field *ngIf="!ssoConfigForm.value.saml.spUniqueEntityId">
+        <bit-label>{{ "spEntityId" | i18n }}</bit-label>
+        <input bitInput disabled [value]="spEntityIdStatic" />
+        <button
+          bitIconButton="bwi-clone"
+          bitSuffix
+          type="button"
+          [appCopyClick]="spEntityIdStatic"
+          [appA11yTitle]="'copyValue' | i18n"
+        ></button>
+      </bit-form-field>
+
       <bit-form-field>
         <bit-label>{{ "spMetadataUrl" | i18n }}</bit-label>
         <input bitInput disabled [value]="spMetadataUrl" />
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
index d1171aefae..d5a1aebdd8 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
@@ -104,6 +104,7 @@ export class SsoComponent implements OnInit, OnDestroy {
   callbackPath: string;
   signedOutCallbackPath: string;
   spEntityId: string;
+  spEntityIdStatic: string;
   spMetadataUrl: string;
   spAcsUrl: string;
 
@@ -132,6 +133,7 @@ export class SsoComponent implements OnInit, OnDestroy {
 
   protected samlForm = this.formBuilder.group<ControlsOf<SsoConfigView["saml"]>>(
     {
+      spUniqueEntityId: new FormControl(true, { updateOn: "change" }),
       spNameIdFormat: new FormControl(Saml2NameIdFormat.NotConfigured),
       spOutboundSigningAlgorithm: new FormControl(defaultSigningAlgorithm),
       spSigningBehavior: new FormControl(Saml2SigningBehavior.IfIdpWantAuthnRequestsSigned),
@@ -250,6 +252,7 @@ export class SsoComponent implements OnInit, OnDestroy {
     this.callbackPath = ssoSettings.urls.callbackPath;
     this.signedOutCallbackPath = ssoSettings.urls.signedOutCallbackPath;
     this.spEntityId = ssoSettings.urls.spEntityId;
+    this.spEntityIdStatic = ssoSettings.urls.spEntityIdStatic;
     this.spMetadataUrl = ssoSettings.urls.spMetadataUrl;
     this.spAcsUrl = ssoSettings.urls.spAcsUrl;
 
diff --git a/libs/common/src/auth/models/api/sso-config.api.ts b/libs/common/src/auth/models/api/sso-config.api.ts
index 2ab65b32c0..138bd13907 100644
--- a/libs/common/src/auth/models/api/sso-config.api.ts
+++ b/libs/common/src/auth/models/api/sso-config.api.ts
@@ -30,6 +30,7 @@ export class SsoConfigApi extends BaseResponse {
       api.acrValues = view.openId.acrValues;
       api.expectedReturnAcrValue = view.openId.expectedReturnAcrValue;
     } else if (api.configType === SsoType.Saml2) {
+      api.spUniqueEntityId = view.saml.spUniqueEntityId;
       api.spNameIdFormat = view.saml.spNameIdFormat;
       api.spOutboundSigningAlgorithm = view.saml.spOutboundSigningAlgorithm;
       api.spSigningBehavior = view.saml.spSigningBehavior;
@@ -72,6 +73,7 @@ export class SsoConfigApi extends BaseResponse {
   expectedReturnAcrValue: string;
 
   // SAML
+  spUniqueEntityId: boolean;
   spNameIdFormat: Saml2NameIdFormat;
   spOutboundSigningAlgorithm: string;
   spSigningBehavior: Saml2SigningBehavior;
@@ -113,6 +115,7 @@ export class SsoConfigApi extends BaseResponse {
     this.acrValues = this.getResponseProperty("AcrValues");
     this.expectedReturnAcrValue = this.getResponseProperty("ExpectedReturnAcrValue");
 
+    this.spUniqueEntityId = this.getResponseProperty("SpUniqueEntityId");
     this.spNameIdFormat = this.getResponseProperty("SpNameIdFormat");
     this.spOutboundSigningAlgorithm = this.getResponseProperty("SpOutboundSigningAlgorithm");
     this.spSigningBehavior = this.getResponseProperty("SpSigningBehavior");
diff --git a/libs/common/src/auth/models/response/organization-sso.response.ts b/libs/common/src/auth/models/response/organization-sso.response.ts
index 01a45790d9..def1fccf08 100644
--- a/libs/common/src/auth/models/response/organization-sso.response.ts
+++ b/libs/common/src/auth/models/response/organization-sso.response.ts
@@ -23,6 +23,7 @@ class SsoUrls extends BaseResponse {
   callbackPath: string;
   signedOutCallbackPath: string;
   spEntityId: string;
+  spEntityIdStatic: string;
   spMetadataUrl: string;
   spAcsUrl: string;
 
@@ -31,6 +32,7 @@ class SsoUrls extends BaseResponse {
     this.callbackPath = this.getResponseProperty("CallbackPath");
     this.signedOutCallbackPath = this.getResponseProperty("SignedOutCallbackPath");
     this.spEntityId = this.getResponseProperty("SpEntityId");
+    this.spEntityIdStatic = this.getResponseProperty("SpEntityIdStatic");
     this.spMetadataUrl = this.getResponseProperty("SpMetadataUrl");
     this.spAcsUrl = this.getResponseProperty("SpAcsUrl");
   }
diff --git a/libs/common/src/auth/models/view/sso-config.view.ts b/libs/common/src/auth/models/view/sso-config.view.ts
index 4830bad1a2..3524fa0ca6 100644
--- a/libs/common/src/auth/models/view/sso-config.view.ts
+++ b/libs/common/src/auth/models/view/sso-config.view.ts
@@ -34,6 +34,7 @@ export class SsoConfigView extends View {
   };
 
   saml: {
+    spUniqueEntityId: boolean;
     spNameIdFormat: Saml2NameIdFormat;
     spOutboundSigningAlgorithm: string;
     spSigningBehavior: Saml2SigningBehavior;
@@ -88,6 +89,7 @@ export class SsoConfigView extends View {
       };
     } else if (this.configType === SsoType.Saml2) {
       this.saml = {
+        spUniqueEntityId: orgSsoResponse.data.spUniqueEntityId,
         spNameIdFormat: orgSsoResponse.data.spNameIdFormat,
         spOutboundSigningAlgorithm: orgSsoResponse.data.spOutboundSigningAlgorithm,
         spSigningBehavior: orgSsoResponse.data.spSigningBehavior,