From 8c8956da371688c75e4e4158e69251cdd7ff2b98 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 26 Sep 2024 16:04:27 -0400 Subject: [PATCH] [PM-12630] support for ping identity SCIM provisioning (#4804) * support for ping identity SCIM provisioning * mark ping ip list static --- .../src/Scim/Context/ScimContext.cs | 35 +++++++++++++++++++ .../src/Scim/Groups/PutGroupCommand.cs | 3 +- .../src/Scim/Users/GetUsersListQuery.cs | 7 ++-- .../AdminConsole/Enums/ScimProviderType.cs | 1 + 4 files changed, 42 insertions(+), 4 deletions(-) diff --git a/bitwarden_license/src/Scim/Context/ScimContext.cs b/bitwarden_license/src/Scim/Context/ScimContext.cs index 71ea27df4..efcc8dbde 100644 --- a/bitwarden_license/src/Scim/Context/ScimContext.cs +++ b/bitwarden_license/src/Scim/Context/ScimContext.cs @@ -4,6 +4,7 @@ using Bit.Core.AdminConsole.Models.OrganizationConnectionConfigs; using Bit.Core.Enums; using Bit.Core.Repositories; using Bit.Core.Settings; +using Bit.Core.Utilities; namespace Bit.Scim.Context; @@ -11,6 +12,32 @@ public class ScimContext : IScimContext { private bool _builtHttpContext; + // See IP list from Ping in docs: https://support.pingidentity.com/s/article/PingOne-IP-Addresses + private static readonly HashSet _pingIpAddresses = + [ + "18.217.152.87", + "52.14.10.143", + "13.58.49.148", + "34.211.92.81", + "54.214.158.219", + "34.218.98.164", + "15.223.133.47", + "3.97.84.38", + "15.223.19.71", + "3.97.98.120", + "52.60.115.173", + "3.97.202.223", + "18.184.65.93", + "52.57.244.92", + "18.195.7.252", + "108.128.67.71", + "34.246.158.102", + "108.128.250.27", + "52.63.103.92", + "13.54.131.18", + "52.62.204.36" + ]; + public ScimProviderType RequestScimProvider { get; set; } = ScimProviderType.Default; public ScimConfig ScimConfiguration { get; set; } public Guid? OrganizationId { get; set; } @@ -55,10 +82,18 @@ public class ScimContext : IScimContext RequestScimProvider = ScimProviderType.Okta; } } + if (RequestScimProvider == ScimProviderType.Default && httpContext.Request.Headers.ContainsKey("Adscimversion")) { RequestScimProvider = ScimProviderType.AzureAd; } + + var ipAddress = CoreHelpers.GetIpAddress(httpContext, globalSettings); + if (RequestScimProvider == ScimProviderType.Default && + _pingIpAddresses.Contains(ipAddress)) + { + RequestScimProvider = ScimProviderType.Ping; + } } } diff --git a/bitwarden_license/src/Scim/Groups/PutGroupCommand.cs b/bitwarden_license/src/Scim/Groups/PutGroupCommand.cs index d9cfc0d86..2503380a0 100644 --- a/bitwarden_license/src/Scim/Groups/PutGroupCommand.cs +++ b/bitwarden_license/src/Scim/Groups/PutGroupCommand.cs @@ -43,7 +43,8 @@ public class PutGroupCommand : IPutGroupCommand private async Task UpdateGroupMembersAsync(Group group, ScimGroupRequestModel model) { - if (_scimContext.RequestScimProvider != ScimProviderType.Okta) + if (_scimContext.RequestScimProvider != ScimProviderType.Okta && + _scimContext.RequestScimProvider != ScimProviderType.Ping) { return; } diff --git a/bitwarden_license/src/Scim/Users/GetUsersListQuery.cs b/bitwarden_license/src/Scim/Users/GetUsersListQuery.cs index 51250250f..1bea930f1 100644 --- a/bitwarden_license/src/Scim/Users/GetUsersListQuery.cs +++ b/bitwarden_license/src/Scim/Users/GetUsersListQuery.cs @@ -20,15 +20,16 @@ public class GetUsersListQuery : IGetUsersListQuery string externalIdFilter = null; if (!string.IsNullOrWhiteSpace(filter)) { - if (filter.StartsWith("userName eq ")) + var filterLower = filter.ToLowerInvariant(); + if (filterLower.StartsWith("username eq ")) { - usernameFilter = filter.Substring(12).Trim('"').ToLowerInvariant(); + usernameFilter = filterLower.Substring(12).Trim('"'); if (usernameFilter.Contains("@")) { emailFilter = usernameFilter; } } - else if (filter.StartsWith("externalId eq ")) + else if (filterLower.StartsWith("externalid eq ")) { externalIdFilter = filter.Substring(14).Trim('"'); } diff --git a/src/Core/AdminConsole/Enums/ScimProviderType.cs b/src/Core/AdminConsole/Enums/ScimProviderType.cs index 3f3fa7e6a..0ad11f54d 100644 --- a/src/Core/AdminConsole/Enums/ScimProviderType.cs +++ b/src/Core/AdminConsole/Enums/ScimProviderType.cs @@ -9,4 +9,5 @@ public enum ScimProviderType : byte JumpCloud = 4, GoogleWorkspace = 5, Rippling = 6, + Ping = 7, }