feat(core): Add SAML login setup (#5515)

* initial commit with sample data * basic saml setup * cleanup console logs * limit saml endpoints through middleware * basic login and token issue * saml service and cleanup * refactor and create user * get/set saml prefs * fix authentication issue * redirect to user details * merge fix * add generated password to saml user * update user from attributes where possible * refactor and fix creating new user * rename saml prefs key * minor cleanup * Update packages/cli/src/config/schema.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * Update packages/cli/src/config/schema.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * Update packages/cli/src/controllers/auth.controller.ts Co-authored-by: Omar Ajoue <krynble@gmail.com> * code review changes * fix default saml enabled * remove console.log * fix isSamlLicensed --------- Co-authored-by: Omar Ajoue <krynble@gmail.com>
2025-12-20 19:32:15 +00:00 · 2023-02-24 20:37:19 +01:00
parent d09ca875ec
commit 40a934bbb4
24 changed files with 745 additions and 21 deletions
--- a/packages/cli/src/Server.ts
+++ b/packages/cli/src/Server.ts
@@ -142,10 +142,13 @@ import { setupBasicAuth } from './middlewares/basicAuth';
 import { setupExternalJWTAuth } from './middlewares/externalJWTAuth';
 import { PostHogClient } from './posthog';
 import { eventBus } from './eventbus';
-import { isSamlEnabled } from './Saml/helpers';
 import { Container } from 'typedi';
 import { InternalHooks } from './InternalHooks';
 import { getStatusUsingPreviousExecutionStatusMethod } from './executions/executionHelpers';
+import { isSamlLicensed } from './sso/saml/samlHelpers';
+import { samlControllerPublic } from './sso/saml/routes/saml.controller.public.ee';
+import { SamlService } from './sso/saml/saml.service.ee';
+import { samlControllerProtected } from './sso/saml/routes/saml.controller.protected.ee';

 const exec = promisify(callbackExec);

@@ -318,7 +321,7 @@ class Server extends AbstractServer {
 			sharing: isSharingEnabled(),
 			logStreaming: isLogStreamingEnabled(),
 			ldap: isLdapEnabled(),
-			saml: isSamlEnabled(),
+			saml: isSamlLicensed(),
 		});

 		if (isLdapEnabled()) {
@@ -495,6 +498,19 @@ class Server extends AbstractServer {
 			this.app.use(`/${this.restEndpoint}/ldap`, ldapController);
 		}

+		// ----------------------------------------
+		// SAML
+		// ----------------------------------------
+
+		// initialize SamlService
+		await SamlService.getInstance().init();
+
+		// public SAML endpoints
+		this.app.use(`/${this.restEndpoint}/sso/saml`, samlControllerPublic);
+		this.app.use(`/${this.restEndpoint}/sso/saml`, samlControllerProtected);
+
+		// ----------------------------------------
+
 		// Returns parameter values which normally get loaded from an external API or
 		// get generated dynamically
 		this.app.get(