diff --git a/cmd/api/src/api/v2/auth/saml.go b/cmd/api/src/api/v2/auth/saml.go index 3deb71469d..5f2da6cc92 100644 --- a/cmd/api/src/api/v2/auth/saml.go +++ b/cmd/api/src/api/v2/auth/saml.go @@ -31,7 +31,7 @@ import ( "github.com/specterops/bloodhound/log" "github.com/specterops/bloodhound/mediatypes" "github.com/specterops/bloodhound/src/api" - v2 "github.com/specterops/bloodhound/src/api/v2" + "github.com/specterops/bloodhound/src/api/v2" "github.com/specterops/bloodhound/src/auth" "github.com/specterops/bloodhound/src/ctx" "github.com/specterops/bloodhound/src/model" @@ -227,7 +227,7 @@ func (s ManagementResource) SAMLLoginHandler(response http.ResponseWriter, reque bindingLocation = serviceProvider.GetSSOBindingLocation(binding) } - // TODO: add actual relay state support + // TODO: add actual relay state support - BED-5071 if authReq, err := serviceProvider.MakeAuthenticationRequest(bindingLocation, binding, saml.HTTPPostBinding); err != nil { log.Errorf("[SAML] Failed creating SAML authentication request: %v", err) api.WriteErrorResponse(request.Context(), api.BuildErrorResponse(http.StatusInternalServerError, api.ErrorResponseDetailsInternalServerError, request), response) diff --git a/cmd/api/src/auth/saml.go b/cmd/api/src/auth/saml.go index 02b44f8586..9d7a529a10 100644 --- a/cmd/api/src/auth/saml.go +++ b/cmd/api/src/auth/saml.go @@ -28,7 +28,6 @@ import ( "github.com/specterops/bloodhound/src/model" ) -// Todo Verify this is the optimal place for these func GetIDPSingleSignOnServiceURL(idp saml.IDPSSODescriptor, bindingType string) (string, error) { for _, singleSignOnService := range idp.SingleSignOnServices { if singleSignOnService.Binding == bindingType { @@ -39,7 +38,6 @@ func GetIDPSingleSignOnServiceURL(idp saml.IDPSSODescriptor, bindingType string) return "", fmt.Errorf("no SSO service defined that supports the %s binding type", bindingType) } -// Todo Verify this is the optimal place for these func GetIDPSingleSignOnDescriptor(metadata *saml.EntityDescriptor, bindingType string) (saml.IDPSSODescriptor, error) { for _, idpSSODescriptor := range metadata.IDPSSODescriptors { for _, singleSignOnService := range idpSSODescriptor.SingleSignOnServices { diff --git a/cmd/api/src/model/auth.go b/cmd/api/src/model/auth.go index b9bfb96ea3..b86b49328b 100644 --- a/cmd/api/src/model/auth.go +++ b/cmd/api/src/model/auth.go @@ -562,7 +562,7 @@ type UserSession struct { User User `gorm:"constraint:OnDelete:CASCADE;"` UserID uuid.UUID AuthProviderType SessionAuthProvider - AuthProviderID int32 // This is the SSO Provider ID if SSO session + AuthProviderID int32 // If SSO Session, this will be the child saml or oidc provider id ExpiresAt time.Time Flags types.JSONBBoolObject `json:"flags"`