feat(auth): read saml auth enabled flag from portal context

Kong · Nov 19, 2024 · af0099d · af0099d
1 parent 538d06f
commit af0099d
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 4 deletions.
diff --git a/cypress/e2e/specs/login.spec.ts b/cypress/e2e/specs/login.spec.ts
@@ -216,7 +216,7 @@ describe('Login Page', () => {
   })
 
   it('shows Login with SSO button', () => {
-    cy.mockPrivatePortal({ oidc_auth_enabled: true, basic_auth_enabled: false })
+    cy.mockPrivatePortal({ oidc_auth_enabled: true, basic_auth_enabled: false, saml_auth_enabled: false })
 
     cy.visit('/', { useOriginalFn: true })
     cy.location('pathname').should('equal', '/login')
@@ -225,8 +225,19 @@ describe('Login Page', () => {
     cy.get('[data-testid="kong-auth-login-sso"]').should('exist')
   })
 
+  it('shows Login with SSO button (SAML)', () => {
+    cy.mockPrivatePortal({ oidc_auth_enabled: false, basic_auth_enabled: false, saml_auth_enabled: true })
+
+    cy.visit('/', { useOriginalFn: true })
+    cy.location('pathname').should('equal', '/login')
+    cy.get('[data-testid="auth-form"]').should('be.visible')
+    cy.get('[data-testid="sign-up-encouragement-message"]').should('not.exist')
+    cy.get('[data-testid="kong-auth-login-sso"]').should('exist')
+  })
+
+
   it('does not show Login with SSO button', () => {
-    cy.mockPrivatePortal({ oidc_auth_enabled: false })
+    cy.mockPrivatePortal({ oidc_auth_enabled: false, saml_auth_enabled: false })
 
     cy.visit('/', { useOriginalFn: true })
     cy.location('pathname').should('equal', '/login')

diff --git a/cypress/e2e/specs/register.spec.ts b/cypress/e2e/specs/register.spec.ts
@@ -63,7 +63,17 @@ describe('Register Page', () => {
       cy.get('[data-testid="kong-auth-login-sso"]').should('not.exist')
     })
     it('redirects to login (with SSO) when basic auth disabled', () => {
-      cy.mockPrivatePortal({ basic_auth_enabled: false, oidc_auth_enabled: true })
+      cy.mockPrivatePortal({ basic_auth_enabled: false, oidc_auth_enabled: true, saml_auth_enabled: false })
+
+      cy.visit('/', { useOriginalFn: true })
+      cy.location('pathname').should('equal', '/login')
+      cy.get('[data-testid="auth-form"]').should('be.visible')
+      cy.get('[data-testid="sign-up-encouragement-message"]').should('not.exist')
+      cy.get('[data-testid="kong-auth-login-sso"]').should('exist')
+    })
+
+    it('redirects to login (with SSO - SAML) when basic auth disabled', () => {
+      cy.mockPrivatePortal({ basic_auth_enabled: false, oidc_auth_enabled: false, saml_auth_enabled: true })
 
       cy.visit('/', { useOriginalFn: true })
       cy.location('pathname').should('equal', '/login')

diff --git a/src/main.ts b/src/main.ts
@@ -66,6 +66,7 @@ async function init () {
       featureset_id: featuresetId,
       feature_set: featureSet,
       oidc_auth_enabled: oidcAuthEnabled,
+      saml_auth_enabled: samlAuthEnabled,
       is_public: isPublic,
       basic_auth_enabled: basicAuthEnabled,
       rbac_enabled: isRbacEnabled,
@@ -77,7 +78,8 @@ async function init () {
       portalApiV2.value.updateClientWithCredentials()
     }
 
-    const authClientConfig = { basicAuthEnabled, oidcAuthEnabled }
+    // SAML Auth enabled comes on a different portal context property, but is handled the same as OIDC by the Auth Client
+    const authClientConfig = { basicAuthEnabled, oidcAuthEnabled: oidcAuthEnabled || samlAuthEnabled }
 
     setPortalData({ portalId, orgId, authClientConfig, featuresetId, featureSet, isPublic, isRbacEnabled, allowedTimePeriod, canonicalDomain })
     setSession(session)