Merge branch 'yvovandoorn-yvovandoorn/addSAMLmappings/1' into master

Alex Kalyvitis · Alex Kalyvitis · commit 29f3e2f463b6 · 2020-09-25T09:07:23.000+02:00
diff --git a/auth0/resource_auth0_connection.go b/auth0/resource_auth0_connection.go
@@ -435,6 +435,7 @@ var connectionSchema = map[string]*schema.Schema{
 					Optional:    true,
 					Description: "",
 				},
+				// SAML options
 				"debug": {
 					Type:        schema.TypeBool,
 					Optional:    true,
@@ -454,6 +455,16 @@ var connectionSchema = map[string]*schema.Schema{
 						"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
 					}, true),
 				},
+				"request_template": {
+					Type:        schema.TypeString,
+					Optional:    true,
+					Description: "Template that formats the SAML request.",
+				},
+				"user_id_attribute": {
+					Type:        schema.TypeString,
+					Optional:    true,
+					Description: "Attribute in the SAML token that will be mapped to the user_id property in Auth0.",
+				},
 				"idp_initiated": {
 					Type:     schema.TypeList,
 					MaxItems: 1,
diff --git a/auth0/resource_auth0_connection_test.go b/auth0/resource_auth0_connection_test.go
@@ -1139,11 +1139,14 @@ yE+vPxsiUkvQHdO2fojCkY8jg70jxM+gu59tPDNbw3Uh/2Ij310FgTHsnGQMyA==
 EOF
 		sign_in_endpoint = "https://saml.provider/sign_in"
 		sign_out_endpoint = "https://saml.provider/sign_out"
+		user_id_attribute = "https://saml.provider/imi/ns/identity-200810"
 		tenant_domain = "example.com"
 		domain_aliases = ["example.com", "example.coz"]
 		protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post"
+		request_template = "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n@@AssertServiceURLAndDestination@@\n    ID=\"@@ID@@\"\n    IssueInstant=\"@@IssueInstant@@\"\n    ProtocolBinding=\"@@ProtocolBinding@@\" Version=\"2.0\">\n    <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@@Issuer@@</saml:Issuer>\n</samlp:AuthnRequest>"
 		signature_algorithm = "rsa-sha256"
 		digest_algorithm = "sha256"
+		icon_url = "https://example.com/logo.svg"
 		fields_map = {
 			foo = "bar"
 			baz = "baa"
diff --git a/auth0/structure_auth0_connection.go b/auth0/structure_auth0_connection.go
@@ -233,6 +233,9 @@ func flattenConnectionOptionsSAML(o *management.ConnectionOptionsSAML) interface
 		"digest_algorithm":    o.GetDigestAglorithm(),
 		"fields_map":          o.FieldsMap,
 		"sign_saml_request":   o.GetSignSAMLRequest(),
+		"icon_url":            o.GetLogoURL(),
+		"request_template":    o.GetRequestTemplate(),
+		"user_id_attribute":   o.GetUserIDAttribute(),
 	}
 }
 
@@ -552,6 +555,9 @@ func expandConnectionOptionsSAML(d ResourceData) *management.ConnectionOptionsSA
 		DigestAglorithm:    String(d, "digest_algorithm"),
 		FieldsMap:          Map(d, "fields_map"),
 		SignSAMLRequest:    Bool(d, "sign_saml_request"),
+		RequestTemplate:    String(d, "request_template"),
+		UserIDAttribute:    String(d, "user_id_attribute"),
+		LogoURL:            String(d, "icon_url"),
 	}
 
 	List(d, "idp_initiated").Elem(func(d ResourceData) {
diff --git a/docs/resources/connection.md b/docs/resources/connection.md
@@ -374,6 +374,8 @@ With the `samlp` connection strategy, `options` supports the following arguments
 * `sign_saml_request` - (Optional) (Boolean) When enabled, the SAML authentication request will be signed.
 * `signature_algorithm` - (Optional) Sign Request Algorithm
 * `digest_algorithm` - (Optional) Sign Request Algorithm Digest
+* `request_template` - (Optional) Template that formats the SAML request
+* `user_id_attribute` - (Optional) Attribute in the SAML token that will be mapped to the user_id property in Auth0.
 
 **Example**:
 ```hcl
@@ -387,6 +389,8 @@ resource "auth0_connection" "samlp" {
 		tenant_domain = "example.com"
 		domain_aliases = ["example.com", "alias.example.com"]
 		binding_method = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post"
+    request_template = "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n@@AssertServiceURLAndDestination@@\n    ID=\"@@ID@@\"\n    IssueInstant=\"@@IssueInstant@@\"\n    ProtocolBinding=\"@@ProtocolBinding@@\" Version=\"2.0\">\n    <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@@Issuer@@</saml:Issuer>\n</samlp:AuthnRequest>"
+    user_id_attribute = "https://saml.provider/imi/ns/identity-200810"
 		signature_algorithm = "rsa-sha256"
 		digest_algorithm = "sha256"
 		fields_map = {

Original file line number	Diff line number	Diff line change
`@@ -233,6 +233,9 @@ func flattenConnectionOptionsSAML(o *management.ConnectionOptionsSAML) interface`
`233`	`233`	`"digest_algorithm": o.GetDigestAglorithm(),`
`234`	`234`	`"fields_map": o.FieldsMap,`
`235`	`235`	`"sign_saml_request": o.GetSignSAMLRequest(),`
	`236`	`+ "icon_url": o.GetLogoURL(),`
	`237`	`+ "request_template": o.GetRequestTemplate(),`
	`238`	`+ "user_id_attribute": o.GetUserIDAttribute(),`
`236`	`239`	`}`
`237`	`240`	`}`
`238`	`241`
`@@ -552,6 +555,9 @@ func expandConnectionOptionsSAML(d ResourceData) *management.ConnectionOptionsSA`
`552`	`555`	`DigestAglorithm: String(d, "digest_algorithm"),`
`553`	`556`	`FieldsMap: Map(d, "fields_map"),`
`554`	`557`	`SignSAMLRequest: Bool(d, "sign_saml_request"),`
	`558`	`+ RequestTemplate: String(d, "request_template"),`
	`559`	`+ UserIDAttribute: String(d, "user_id_attribute"),`
	`560`	`+ LogoURL: String(d, "icon_url"),`
`555`	`561`	`}`
`556`	`562`
`557`	`563`	`List(d, "idp_initiated").Elem(func(d ResourceData) {`