mirror of
https://github.com/bitwarden/server.git
synced 2024-11-22 12:15:36 +01:00
Add SAML 2.0 metadata export for dynamic SPs (#1094)
This commit is contained in:
Chad Scharf
GitHub
parent
bc1a20101a
commit
85edc03461
@ -31,6 +31,7 @@ namespace Bit.Portal.Models
|
||||
RedirectBehavior = configurationData.RedirectBehavior;
|
||||
GetClaimsFromUserInfoEndpoint = configurationData.GetClaimsFromUserInfoEndpoint;
|
||||
SpEntityId = configurationData.BuildSaml2ModulePath(globalSettings.BaseServiceUri.Sso);
|
||||
SpMetadataUrl = configurationData.BuildSaml2MetadataUrl(globalSettings.BaseServiceUri.Sso, organizationId.ToString());
|
||||
SpAcsUrl = configurationData.BuildSaml2AcsUrl(globalSettings.BaseServiceUri.Sso, organizationId.ToString());
|
||||
IdpEntityId = configurationData.IdpEntityId;
|
||||
IdpBindingType = configurationData.IdpBindingType;
|
||||
@ -75,6 +76,8 @@ namespace Bit.Portal.Models
|
||||
// SAML2 SP
|
||||
[Display(Name = "SpEntityId")]
|
||||
public string SpEntityId { get; set; }
|
||||
[Display(Name = "SpMetadataUrl")]
|
||||
public string SpMetadataUrl { get; set; }
|
||||
[Display(Name = "SpAcsUrl")]
|
||||
public string SpAcsUrl { get; set; }
|
||||
[Display(Name = "NameIdFormat")]
|
||||
|
||||
@ -156,6 +156,30 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-7 form-group">
|
||||
<label asp-for="Data.SpMetadataUrl">@i18nService.T("SpMetadataUrl")</label>
|
||||
<div class="input-group">
|
||||
<input asp-for="Data.SpMetadataUrl" class="form-control" readonly>
|
||||
<div class="input-group-append">
|
||||
<a class="btn btn-outline-secondary launch-button"
|
||||
href="@Model.Data.SpMetadataUrl"
|
||||
target="_blank"
|
||||
aria-label="@i18nService.T("LaunchSpMetadataUrl")" title="@i18nService.T("LaunchSpMetadataUrl")"
|
||||
tabindex="-1">
|
||||
<i class="fa fa-lg fa-external-link" aria-hidden="true"></i>
|
||||
</a>
|
||||
<button type="button" class="btn btn-outline-secondary copy-button"
|
||||
aria-label="@i18nService.T("CopySpMetadataUrl")" title="@i18nService.T("CopySpMetadataUrl")"
|
||||
tabindex="-1">
|
||||
<i class="fa fa-lg fa-clone" aria-hidden="true"></i>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-1">
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-7 form-group">
|
||||
<label asp-for="Data.SpAcsUrl">@i18nService.T("SpAcsUrl")</label>
|
||||
|
||||
72
bitwarden_license/src/Sso/Controllers/MetadataController.cs
Normal file
72
bitwarden_license/src/Sso/Controllers/MetadataController.cs
Normal file
@ -0,0 +1,72 @@
|
||||
using System;
|
||||
using System.Threading.Tasks;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Sso.Utilities;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Sustainsys.Saml2.AspNetCore2;
|
||||
using Sustainsys.Saml2.WebSso;
|
||||
|
||||
namespace Bit.Sso.Controllers
|
||||
{
|
||||
public class MetadataController : Controller
|
||||
{
|
||||
private readonly IAuthenticationSchemeProvider _schemeProvider;
|
||||
|
||||
public MetadataController(
|
||||
IAuthenticationSchemeProvider schemeProvider)
|
||||
{
|
||||
_schemeProvider = schemeProvider;
|
||||
}
|
||||
|
||||
[HttpGet("saml2/{scheme}")]
|
||||
public async Task<IActionResult> ViewAsync(string scheme)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(scheme))
|
||||
{
|
||||
return NotFound();
|
||||
}
|
||||
|
||||
var authScheme = await _schemeProvider.GetSchemeAsync(scheme);
|
||||
if (authScheme == null ||
|
||||
!(authScheme is DynamicAuthenticationScheme dynamicAuthScheme) ||
|
||||
dynamicAuthScheme?.SsoType != SsoType.Saml2)
|
||||
{
|
||||
return NotFound();
|
||||
}
|
||||
|
||||
if (!(dynamicAuthScheme.Options is Saml2Options options))
|
||||
{
|
||||
return NotFound();
|
||||
}
|
||||
|
||||
var uri = new Uri(
|
||||
Request.Scheme
|
||||
+ "://"
|
||||
+ Request.Host
|
||||
+ Request.Path
|
||||
+ Request.QueryString);
|
||||
|
||||
var pathBase = Request.PathBase.Value;
|
||||
pathBase = string.IsNullOrEmpty(pathBase) ? "/" : pathBase;
|
||||
|
||||
var requestdata = new HttpRequestData(
|
||||
Request.Method,
|
||||
uri,
|
||||
pathBase,
|
||||
null,
|
||||
Request.Cookies,
|
||||
(data) => data);
|
||||
|
||||
var metadataResult = CommandFactory
|
||||
.GetCommand(CommandFactory.MetadataCommand)
|
||||
.Run(requestdata, options);
|
||||
//Response.Headers.Add("Content-Disposition", $"filename= bitwarden-saml2-meta-{scheme}.xml");
|
||||
return new ContentResult
|
||||
{
|
||||
Content = metadataResult.Content,
|
||||
ContentType = "text/xml",
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -62,6 +62,11 @@ namespace Bit.Core.Models.Data
|
||||
return string.Concat(BuildSaml2ModulePath(ssoUri, scheme), "/Acs");
|
||||
}
|
||||
|
||||
public string BuildSaml2MetadataUrl(string ssoUri = null, string scheme = null)
|
||||
{
|
||||
return BuildSaml2ModulePath(ssoUri, scheme);
|
||||
}
|
||||
|
||||
private string BuildSsoUrl(string relativePath, string ssoUri)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(ssoUri) ||
|
||||
|
||||
@ -265,6 +265,9 @@
|
||||
<data name="SpEntityId" xml:space="preserve">
|
||||
<value>SP Entity ID</value>
|
||||
</data>
|
||||
<data name="SpMetadataUrl" xml:space="preserve">
|
||||
<value>SAML 2.0 Metadata URL</value>
|
||||
</data>
|
||||
<data name="SpAcsUrl" xml:space="preserve">
|
||||
<value>Assertion Consumer Service (ACS) URL</value>
|
||||
</data>
|
||||
@ -475,6 +478,12 @@
|
||||
<data name="CopySpEntityId">
|
||||
<value>Copy the SP Entity Id to your clipboard</value>
|
||||
</data>
|
||||
<data name="CopySpMetadataUrl">
|
||||
<value>Copy the SAML 2.0 Metadata URL to your clipboard</value>
|
||||
</data>
|
||||
<data name="LaunchSpMetadataUrl">
|
||||
<value>View the SAML 2.0 Metadata (opens in a new window)</value>
|
||||
</data>
|
||||
<data name="CopySpAcsUrl">
|
||||
<value>Copy the Assertion Consumer Service (ACS) URL to your clipboard</value>
|
||||
</data>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user