mirror of
https://github.com/bitwarden/server
synced 2026-01-02 00:23:40 +00:00
8a67aafbe5
feat: add SSO request validation and organization identifier lookup - Implement SsoRequestValidator to validate SSO requirements - Add UserSsoOrganizationIdentifierQuery to fetch organization identifiers - Create SsoOrganizationIdentifier custom response for SSO redirects - Add feature flag (RedirectOnSsoRequired) for gradual rollout - Register validators and queries in dependency injection - Create RequestValidationConstants to reduce magic strings - Add comprehensive test coverage for validation logic - Update BaseRequestValidator to consume SsoRequestValidator
31 lines
1.2 KiB
C#
31 lines
1.2 KiB
C#
namespace Bit.Identity.IdentityServer.RequestValidationConstants;
|
|
|
|
public static class CustomResponseConstants
|
|
{
|
|
public static class ResponseKeys
|
|
{
|
|
/// <summary>
|
|
/// Identifies the error model returned in the custom response when an error occurs.
|
|
/// </summary>
|
|
public static string ErrorModel => "ErrorModel";
|
|
/// <summary>
|
|
/// This Key is used when a user is in a single organization that requires SSO authentication. The identifier
|
|
/// is used by the client to speed the redirection to the correct IdP for the user's organization.
|
|
/// </summary>
|
|
public static string SsoOrganizationIdentifier => "SsoOrganizationIdentifier";
|
|
}
|
|
}
|
|
|
|
public static class SsoConstants
|
|
{
|
|
/// <summary>
|
|
/// These are messages and errors we return when SSO Validation is unsuccessful
|
|
/// </summary>
|
|
public static class RequestErrors
|
|
{
|
|
public static string SsoRequired => "sso_required";
|
|
public static string SsoRequiredDescription => "Sso authentication is required.";
|
|
public static string SsoTwoFactorRecoveryDescription => "Two-factor recovery has been performed. SSO authentication is required.";
|
|
}
|
|
}
|