feat: optionally add domain_hint (#628)

Co-authored-by: Tim Jacomb <timjacomb1@gmail.com>
jenkinsci · Oct 12, 2024 · 161b33e · 161b33e
1 parent e7721ae
commit 161b33e
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 19 deletions.
diff --git a/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java b/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java
@@ -121,6 +121,7 @@ public class AzureSecurityRealm extends SecurityRealm {
     public static final String CONVERTER_DISABLE_GRAPH_INTEGRATION = "disableGraphIntegration";
     public static final String CONVERTER_SINGLE_LOGOUT = "singleLogout";
     public static final String CONVERTER_PROMPT_ACCOUNT = "promptAccount";
+    public static final String CONVERTER_DOMAIN_HINT = "domainHint";
 
     public static final String CONVERTER_ENVIRONMENT_NAME = "environmentName";
 
@@ -137,6 +138,7 @@ public class AzureSecurityRealm extends SecurityRealm {
     private boolean disableGraphIntegration;
     private String azureEnvironmentName = "Azure";
     private String credentialType = "Secret";
+    private String domainHint = "";
 
     public AccessToken getAccessToken() {
         TokenRequestContext tokenRequestContext = new TokenRequestContext();
@@ -192,6 +194,15 @@ public void setPromptAccount(boolean promptAccount) {
         this.promptAccount = promptAccount;
     }
 
+    public String getDomainHint() {
+        return domainHint;
+    }
+
+    @DataBoundSetter
+    public void setDomainHint(String domainHint) {
+        this.domainHint = domainHint;
+    }
+
     public boolean isSingleLogout() {
         return singleLogout;
     }
@@ -371,6 +382,9 @@ public HttpResponse doCommenceLogin(StaplerRequest request, @Header("Referer") f
         if (promptAccount) {
             additionalParams.put("prompt", "select_account");
         }
+        if (!StringUtils.isBlank(domainHint)) {
+            additionalParams.put("domain_hint", domainHint);
+        }
 
         return new HttpRedirect(service.getAuthorizationUrl(additionalParams));
     }
@@ -702,6 +716,10 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC
             writer.startNode(CONVERTER_SINGLE_LOGOUT);
             writer.setValue(String.valueOf(realm.isSingleLogout()));
             writer.endNode();
+
+            writer.startNode(CONVERTER_DOMAIN_HINT);
+            writer.setValue(String.valueOf(realm.getDomainHint()));
+            writer.endNode();
         }
 
         @Override
@@ -745,6 +763,9 @@ public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext co
                     case CONVERTER_SINGLE_LOGOUT:
                         realm.setSingleLogout(Boolean.parseBoolean(value));
                         break;
+                    case CONVERTER_DOMAIN_HINT:
+                        realm.setDomainHint(value);
+                        break;
                     default:
                         break;
                 }

diff --git a/src/main/resources/com/microsoft/jenkins/azuread/AzureSecurityRealm/config.jelly b/src/main/resources/com/microsoft/jenkins/azuread/AzureSecurityRealm/config.jelly
@@ -30,30 +30,35 @@
             <f:textbox />
         </f:entry>
 
-        <f:entry title="${%Azure Environment}" field="azureEnvironmentName">
-            <f:select/>
-        </f:entry>
+        <f:advanced>
+            <f:entry title="${%Azure Environment}" field="azureEnvironmentName">
+                <f:select/>
+            </f:entry>
+            <f:entry title="Cache Duration" field="cacheDuration">
+                <f:number default="3600"/>
+            </f:entry>
 
-        <f:entry title="Cache Duration" field="cacheDuration">
-            <f:number default="3600" />
-        </f:entry>
+            <f:entry title="Callback URL from request" field="fromRequest">
+                <f:checkbox/>
+            </f:entry>
 
-        <f:entry title="Callback URL from request" field="fromRequest">
-            <f:checkbox />
-        </f:entry>
+            <f:entry title="${%Prompt for user account on each login}" field="promptAccount">
+                <f:checkbox/>
+            </f:entry>
 
-        <f:entry title="${%Prompt for user account on each login}" field="promptAccount">
-            <f:checkbox />
-        </f:entry>
+            <f:entry title="${%Domain Hint}" description="${%The realm of the user in a federated directory}"
+                     field="domainHint">
+                <f:textbox/>
+            </f:entry>
 
+            <f:entry title="${%Enable Single Logout}" field="singleLogout">
+                <f:checkbox/>
+            </f:entry>
 
-        <f:entry title="${%Enable Single Logout}" field="singleLogout">
-            <f:checkbox />
-        </f:entry>
-
-        <f:entry title="${%Disable graph integration}" field="disableGraphIntegration">
-            <f:checkbox />
-        </f:entry>
+            <f:entry title="${%Disable graph integration}" field="disableGraphIntegration">
+                <f:checkbox/>
+            </f:entry>
+        </f:advanced>
 
         <f:entry title="Test user principal name or object id">
             <f:textbox name="testObject" />