Auth/ps 2298 reorg auth (#4564)

* Move auth service factories to Auth team * Move authentication componenets to Auth team * Move auth guard services to Auth team * Move Duo content script to Auth team * Move auth CLI commands to Auth team * Move Desktop Account components to Auth Team * Move Desktop guards to Auth team * Move two-factor provider images to Auth team * Move web Accounts components to Auth Team * Move web settings components to Auth Team * Move web two factor images to Auth Team * Fix missed import changes for Auth Team * Fix Linting errors * Fix missed CLI imports * Fix missed Desktop imports * Revert images move * Fix missed imports in Web * Move angular lib components to Auth Team * Move angular auth guards to Auth team * Move strategy specs to Auth team * Update .eslintignore for new paths * Move lib common abstractions to Auth team * Move services to Auth team * Move common lib enums to Auth team * Move webauthn iframe to Auth team * Move lib common domain models to Auth team * Move common lib requests to Auth team * Move response models to Auth team * Clean up whitelist * Move bit web components to Auth team * Move SSO and SCIM files to Auth team * Revert move SCIM to Auth team SCIM belongs to Admin Console team * Move captcha to Auth team * Move key connector to Auth team * Move emergency access to auth team * Delete extra file * linter fixes * Move kdf config to auth team * Fix whitelist * Fix duo autoformat * Complete two factor provider request move * Fix whitelist names * Fix login capitalization * Revert hint dependency reordering * Revert hint dependency reordering * Revert hint component This components is being picked up as a move between clients * Move web hint component to Auth team * Move new files to auth team * Fix desktop build * Fix browser build
2025-12-18 09:13:33 +00:00 · 2023-02-06 16:53:37 -05:00
parent 084c89107e
commit cf972e784c
377 changed files with 1030 additions and 998 deletions
--- a/libs/common/src/auth/models/view/sso-config.view.ts
+++ b/libs/common/src/auth/models/view/sso-config.view.ts
@@ -0,0 +1,103 @@
+import { View } from "../../../models/view/view";
+import {
+  OpenIdConnectRedirectBehavior,
+  Saml2BindingType,
+  Saml2NameIdFormat,
+  Saml2SigningBehavior,
+  SsoType,
+} from "../../enums/sso";
+import { SsoConfigApi } from "../api/sso-config.api";
+
+export class SsoConfigView extends View {
+  configType: SsoType;
+
+  keyConnectorEnabled: boolean;
+  keyConnectorUrl: string;
+
+  openId: {
+    authority: string;
+    clientId: string;
+    clientSecret: string;
+    metadataAddress: string;
+    redirectBehavior: OpenIdConnectRedirectBehavior;
+    getClaimsFromUserInfoEndpoint: boolean;
+    additionalScopes: string;
+    additionalUserIdClaimTypes: string;
+    additionalEmailClaimTypes: string;
+    additionalNameClaimTypes: string;
+    acrValues: string;
+    expectedReturnAcrValue: string;
+  };
+
+  saml: {
+    spNameIdFormat: Saml2NameIdFormat;
+    spOutboundSigningAlgorithm: string;
+    spSigningBehavior: Saml2SigningBehavior;
+    spMinIncomingSigningAlgorithm: string;
+    spWantAssertionsSigned: boolean;
+    spValidateCertificates: boolean;
+
+    idpEntityId: string;
+    idpBindingType: Saml2BindingType;
+    idpSingleSignOnServiceUrl: string;
+    idpSingleLogoutServiceUrl: string;
+    idpX509PublicCert: string;
+    idpOutboundSigningAlgorithm: string;
+    idpAllowUnsolicitedAuthnResponse: boolean;
+    idpAllowOutboundLogoutRequests: boolean;
+    idpWantAuthnRequestsSigned: boolean;
+  };
+
+  constructor(api: SsoConfigApi) {
+    super();
+    if (api == null) {
+      return;
+    }
+
+    this.configType = api.configType;
+
+    this.keyConnectorEnabled = api.keyConnectorEnabled;
+    this.keyConnectorUrl = api.keyConnectorUrl;
+
+    if (this.configType === SsoType.OpenIdConnect) {
+      this.openId = {
+        authority: api.authority,
+        clientId: api.clientId,
+        clientSecret: api.clientSecret,
+        metadataAddress: api.metadataAddress,
+        redirectBehavior: api.redirectBehavior,
+        getClaimsFromUserInfoEndpoint: api.getClaimsFromUserInfoEndpoint,
+        additionalScopes: api.additionalScopes,
+        additionalUserIdClaimTypes: api.additionalUserIdClaimTypes,
+        additionalEmailClaimTypes: api.additionalEmailClaimTypes,
+        additionalNameClaimTypes: api.additionalNameClaimTypes,
+        acrValues: api.acrValues,
+        expectedReturnAcrValue: api.expectedReturnAcrValue,
+      };
+    } else if (this.configType === SsoType.Saml2) {
+      this.saml = {
+        spNameIdFormat: api.spNameIdFormat,
+        spOutboundSigningAlgorithm: api.spOutboundSigningAlgorithm,
+        spSigningBehavior: api.spSigningBehavior,
+        spMinIncomingSigningAlgorithm: api.spMinIncomingSigningAlgorithm,
+        spWantAssertionsSigned: api.spWantAssertionsSigned,
+        spValidateCertificates: api.spValidateCertificates,
+
+        idpEntityId: api.idpEntityId,
+        idpBindingType: api.idpBindingType,
+        idpSingleSignOnServiceUrl: api.idpSingleSignOnServiceUrl,
+        idpSingleLogoutServiceUrl: api.idpSingleLogoutServiceUrl,
+        idpX509PublicCert: api.idpX509PublicCert,
+        idpOutboundSigningAlgorithm: api.idpOutboundSigningAlgorithm,
+        idpAllowUnsolicitedAuthnResponse: api.idpAllowUnsolicitedAuthnResponse,
+        idpWantAuthnRequestsSigned: api.idpWantAuthnRequestsSigned,
+
+        // Value is inverted in the view model (allow instead of disable)
+        idpAllowOutboundLogoutRequests:
+          api.idpDisableOutboundLogoutRequests == null
+            ? null
+            : !api.idpDisableOutboundLogoutRequests,
+      };
+    }
+  }
+}