Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve SAML assertion issues #50

Merged
merged 4 commits into from
Mar 1, 2024
Merged

Resolve SAML assertion issues #50

merged 4 commits into from
Mar 1, 2024

Conversation

dms1981
Copy link
Contributor

@dms1981 dms1981 commented Feb 29, 2024
edited
Loading

This PR makes a few changes to how github teams are passed back as a SAML attribute to AWS.

  • Updates the SAML value from PrincipalTag to AccessControl in line with this guidance.
  • Enforces implicit type conversion of the value provided for the SAML assertion to JSON as without this, the payload will be treated as malformed.

@dms1981 dms1981 requested a review from a team as a code owner February 29, 2024 09:43
@dms1981 dms1981 marked this pull request as draft February 29, 2024 21:29
connormaglynn
connormaglynn reviewed Mar 1, 2024
View reviewed changes
auth0-actions/allow-github-organisations-and-map-saml.js Outdated
@@ -52,7 +52,8 @@ exports.onExecutePostLogin = async (event, api) => {
// Set SAML attribute for the user's GitHub team memberships
const userTeamsResponse = await octokit.request('GET /user/teams').catch(error => api.access.deny(`Error retrieving teams from GitHub: ${error}`))
const userTeamSlugs = userTeamsResponse.data.map(team => team.slug)
api.samlResponse.setAttribute('https://aws.amazon.com/SAML/Attributes/PrincipalTag:github_team', userTeamSlugs.join(','))
console.log("Joined the following teams:" `${userTeamSlugs.join(',')}`)
Copy link
Contributor

@connormaglynn connormaglynn Mar 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logline needs updating to 👇

Suggested change
console.log("Joined the following teams:" `${userTeamSlugs.join(',')}`)
console.log(`Joined the following teams: ${userTeamSlugs.join(',')}`)

Interpreter is getting confused about two separate strings being passed to the join function 🙈

Will also need to update the test on line 64 to 👇

- ['https://aws.amazon.com/SAML/Attributes/PrincipalTag:github_team', 'test-team-1,test-team-2'],
+ ['https://aws.amazon.com/SAML/Attributes/AccessControl:github_team', 'test-team-1,test-team-2'],

To reflect the new changes 🧪 🪞 😁

@dms1981 dms1981 changed the title Apply implicit JSON type conversion Resolve SAML assertion issues Mar 1, 2024
@dms1981 dms1981 marked this pull request as ready for review March 1, 2024 11:20
connormaglynn
connormaglynn approved these changes Mar 1, 2024
View reviewed changes
Copy link
Contributor

@connormaglynn connormaglynn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Looks Good To Me!

@dms1981 dms1981 merged commit ed53cd4 into main Mar 1, 2024
6 checks passed
@dms1981 dms1981 deleted the fix/declare-saml-assertion-as-json branch March 1, 2024 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@connormaglynn connormaglynn connormaglynn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
⚙️ Operations Engineering
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dms1981 @connormaglynn