From 933a6da493379a2995deee43a679f436837f51b5 Mon Sep 17 00:00:00 2001
From: Nigel Foucha <nigel@defenseunicorns.com>
Date: Mon, 23 Sep 2024 13:14:03 -0400
Subject: [PATCH] feat: add support for keycloak saml attributes

---
 docs/configuration/uds-operator.md                         | 3 +++
 src/pepr/operator/crd/validators/package-validator.spec.ts | 3 +++
 src/pepr/operator/crd/validators/package-validator.ts      | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/docs/configuration/uds-operator.md b/docs/configuration/uds-operator.md
index 6f5d65e78..a054b9c3d 100644
--- a/docs/configuration/uds-operator.md
+++ b/docs/configuration/uds-operator.md
@@ -220,6 +220,9 @@ The SSO spec supports a subset of the Keycloak attributes for clients, but does
 - saml.assertion.signature
 - saml.client.signature
 - saml_assertion_consumer_url_post
+- saml_assertion_consumer_url_redirect
+- saml_single_logout_service_url_post
+- saml_single_logout_service_url_redirect
 
 ## Exemption
 
diff --git a/src/pepr/operator/crd/validators/package-validator.spec.ts b/src/pepr/operator/crd/validators/package-validator.spec.ts
index cc8cc6ba5..9c5e5ec0d 100644
--- a/src/pepr/operator/crd/validators/package-validator.spec.ts
+++ b/src/pepr/operator/crd/validators/package-validator.spec.ts
@@ -474,6 +474,9 @@ describe("Test Allowed SSO Client Attributes", () => {
             "saml.assertion.signature": "false",
             "saml.client.signature": "false",
             saml_assertion_consumer_url_post: "https://nexus.uds.dev/saml",
+            saml_assertion_consumer_url_redirect: "https://nexus.uds.dev/saml",
+            saml_single_logout_service_url_post: "https://nexus.uds.dev/saml/single-logout",
+            saml_single_logout_service_url_redirect: "https://nexus.uds.dev/saml/single-logout",
           },
         },
       ],
diff --git a/src/pepr/operator/crd/validators/package-validator.ts b/src/pepr/operator/crd/validators/package-validator.ts
index 4ad6266fc..2a88662c7 100644
--- a/src/pepr/operator/crd/validators/package-validator.ts
+++ b/src/pepr/operator/crd/validators/package-validator.ts
@@ -117,6 +117,9 @@ export async function validator(req: PeprValidateRequest<UDSPackage>) {
     "saml.assertion.signature",
     "saml.client.signature",
     "saml_assertion_consumer_url_post",
+    "saml_assertion_consumer_url_redirect",
+    "saml_single_logout_service_url_post",
+    "saml_single_logout_service_url_redirect",
   ]);
 
   for (const client of ssoClients) {