SAML user attribute flags issue #5303 (PR #11430)

* Adding SAML option in SAML configuration to specify system auditor and system superusers by role or attribute * Adding keycloak container and documentation on how to start keycloak alongside AWX (including configuration of both)
2026-05-06 16:32:01 -05:00 · 2022-01-10 16:52:44 -05:00
parent 4de0f09c85
commit c92468062d
21 changed files with 2289 additions and 5 deletions
--- a/awx/ui/src/screens/Setting/SAML/SAML.test.js
+++ b/awx/ui/src/screens/Setting/SAML/SAML.test.js
@@ -31,6 +31,7 @@ describe('<SAML />', () => {
        SOCIAL_AUTH_SAML_TEAM_MAP: {},
        SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: {},
        SOCIAL_AUTH_SAML_TEAM_ATTR: {},
+        SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: {},
        SAML_AUTO_CREATE_OBJECTS: false,
      },
    });
--- a/awx/ui/src/screens/Setting/SAML/SAMLDetail/SAMLDetail.test.js
+++ b/awx/ui/src/screens/Setting/SAML/SAMLDetail/SAMLDetail.test.js
@@ -37,6 +37,7 @@ describe('<SAMLDetail />', () => {
        SOCIAL_AUTH_SAML_TEAM_MAP: {},
        SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: {},
        SOCIAL_AUTH_SAML_TEAM_ATTR: {},
+        SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: {},
        SAML_AUTO_CREATE_OBJECTS: false,
      },
    });
--- a/awx/ui/src/screens/Setting/SAML/SAMLEdit/SAMLEdit.js
+++ b/awx/ui/src/screens/Setting/SAML/SAMLEdit/SAMLEdit.js
@@ -89,6 +89,9 @@ function SAMLEdit() {
      ),
      SOCIAL_AUTH_SAML_TEAM_MAP: formatJson(form.SOCIAL_AUTH_SAML_TEAM_MAP),
      SOCIAL_AUTH_SAML_TEAM_ATTR: formatJson(form.SOCIAL_AUTH_SAML_TEAM_ATTR),
+      SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: formatJson(
+        form.SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR
+      ),
      SOCIAL_AUTH_SAML_SECURITY_CONFIG: formatJson(
        form.SOCIAL_AUTH_SAML_SECURITY_CONFIG
      ),
@@ -181,6 +184,10 @@ function SAMLEdit() {
                  name="SOCIAL_AUTH_SAML_TEAM_ATTR"
                  config={saml.SOCIAL_AUTH_SAML_TEAM_ATTR}
                />
+                <ObjectField
+                  name="SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR"
+                  config={saml.SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR}
+                />
                <ObjectField
                  name="SOCIAL_AUTH_SAML_SECURITY_CONFIG"
                  config={saml.SOCIAL_AUTH_SAML_SECURITY_CONFIG}
--- a/awx/ui/src/screens/Setting/SAML/SAMLEdit/SAMLEdit.test.js
+++ b/awx/ui/src/screens/Setting/SAML/SAMLEdit/SAMLEdit.test.js
@@ -40,6 +40,7 @@ describe('<SAMLEdit />', () => {
        SOCIAL_AUTH_SAML_TEAM_MAP: {},
        SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: {},
        SOCIAL_AUTH_SAML_TEAM_ATTR: {},
+        SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: {},
        SOCIAL_AUTH_SAML_SECURITY_CONFIG: {
          requestedAuthnContext: false,
        },
@@ -180,6 +181,7 @@ describe('<SAMLEdit />', () => {
      SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: 'mock_cert',
      SOCIAL_AUTH_SAML_SUPPORT_CONTACT: {},
      SOCIAL_AUTH_SAML_TEAM_ATTR: {},
+      SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: {},
      SOCIAL_AUTH_SAML_TEAM_MAP: {},
      SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: {},
      SOCIAL_AUTH_SAML_SECURITY_CONFIG: {
--- a/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
+++ b/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
@@ -3706,6 +3706,28 @@
          "required": true,
          "read_only": false
        }
+      },
+      "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {
+        "type": "nested object",
+        "required": false,
+        "label": "SAML User Flags Attribute Mapping",
+        "help_text": "Used to map super users and system auditors from SAML.",
+        "category": "SAML",
+        "category_slug": "saml",
+        "placeholder": {
+          "is_superuser_attr": "saml_attr",
+          "is_superuser_value": "value",
+          "is_superuser_role": "saml_role",
+          "is_system_auditor_attr": "saml_attr",
+          "is_system_auditor_value": "value",
+          "is_system_auditor_role": "saml_role"
+        },
+        "default": {},
+        "child": {
+          "type": "field",
+          "required": true,
+          "read_only": false
+        }
      }
    },
    "GET": {
@@ -6305,6 +6327,17 @@
          "type": "field"
        }
      },
+      "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {
+        "type": "nested object",
+	"label": "SAML User Flags Attribute Mapping",
+        "help_text": "Used to map super users and system auditors from SAML.",
+        "category": "SAML",
+        "category_slug": "saml",
+        "defined_in_file": false,
+        "child": {
+          "type": "field"
+        }
+      },
      "NAMED_URL_FORMATS": {
        "type": "nested object",
        "label": "Formats of all available named urls",
--- a/awx/ui/src/screens/Setting/shared/data.allSettings.json
+++ b/awx/ui/src/screens/Setting/shared/data.allSettings.json
@@ -247,6 +247,7 @@
  "SOCIAL_AUTH_SAML_TEAM_MAP":null,
  "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR":{},
  "SOCIAL_AUTH_SAML_TEAM_ATTR":{},
+  "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR":{},
  "NAMED_URL_FORMATS":{
    "organizations":"<name>",
    "teams":"<name>++<organization.name>",