github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/skymarshal/skycmd/saml_flags.go (about) 1 package skycmd 2 3 import ( 4 "encoding/json" 5 "errors" 6 7 "github.com/concourse/dex/connector/saml" 8 "github.com/concourse/flag" 9 multierror "github.com/hashicorp/go-multierror" 10 ) 11 12 func init() { 13 RegisterConnector(&Connector{ 14 id: "saml", 15 config: &SAMLFlags{}, 16 teamConfig: &SAMLTeamFlags{}, 17 }) 18 } 19 20 type SAMLFlags struct { 21 DisplayName string `long:"display-name" description:"The auth provider name displayed to users on the login page"` 22 SsoURL string `long:"sso-url" description:"(Required) SSO URL used for POST value"` 23 CACert flag.File `long:"ca-cert" description:"(Required) CA Certificate"` 24 EntityIssuer string `long:"entity-issuer" description:"Manually specify dex's Issuer value."` 25 SsoIssuer string `long:"sso-issuer" description:"Issuer value expected in the SAML response."` 26 UsernameAttr string `long:"username-attr" default:"name" description:"The user name indicates which claim to use to map an external user name to a Concourse user name."` 27 EmailAttr string `long:"email-attr" default:"email" description:"The email indicates which claim to use to map an external user email to a Concourse user email."` 28 GroupsAttr string `long:"groups-attr" default:"groups" description:"The groups key indicates which attribute to use to map external groups to Concourse teams."` 29 GroupsDelim string `long:"groups-delim" description:"If specified, groups are returned as string, this delimiter will be used to split the group string."` 30 NameIDPolicyFormat string `long:"name-id-policy-format" description:"Requested format of the NameID. The NameID value is is mapped to the ID Token 'sub' claim."` 31 InsecureSkipVerify bool `long:"skip-ssl-validation" description:"Skip SSL validation"` 32 } 33 34 func (flag *SAMLFlags) Name() string { 35 if flag.DisplayName != "" { 36 return flag.DisplayName 37 } 38 return "SAML" 39 } 40 41 func (flag *SAMLFlags) Validate() error { 42 var errs *multierror.Error 43 44 if flag.SsoURL == "" { 45 errs = multierror.Append(errs, errors.New("Missing sso-url")) 46 } 47 48 if flag.CACert == "" { 49 errs = multierror.Append(errs, errors.New("Missing ca-cert")) 50 } 51 52 return errs.ErrorOrNil() 53 } 54 55 func (flag *SAMLFlags) Serialize(redirectURI string) ([]byte, error) { 56 if err := flag.Validate(); err != nil { 57 return nil, err 58 } 59 60 return json.Marshal(saml.Config{ 61 SSOURL: flag.SsoURL, 62 CA: flag.CACert.Path(), 63 EntityIssuer: flag.EntityIssuer, 64 SSOIssuer: flag.SsoIssuer, 65 InsecureSkipSignatureValidation: flag.InsecureSkipVerify, 66 UsernameAttr: flag.UsernameAttr, 67 EmailAttr: flag.EmailAttr, 68 GroupsAttr: flag.GroupsAttr, 69 GroupsDelim: flag.GroupsDelim, 70 NameIDPolicyFormat: flag.NameIDPolicyFormat, 71 RedirectURI: redirectURI, 72 }) 73 } 74 75 type SAMLTeamFlags struct { 76 Users []string `json:"users" long:"user" description:"A whitelisted SAML user" value-name:"USERNAME"` 77 Groups []string `json:"groups" long:"group" description:"A whitelisted SAML group" value-name:"GROUP_NAME"` 78 } 79 80 func (flag *SAMLTeamFlags) GetUsers() []string { 81 return flag.Users 82 } 83 84 func (flag *SAMLTeamFlags) GetGroups() []string { 85 return flag.Groups 86 }