IdpPolicyRuleActionProvider needs the ability to set the provider id to be useful for creating IDP Routing Rules #999
Assignees
Labels
Comments
|
Also of note, the |
|
Curious if there has been any progress on this issue as it is blocking me from using the API for creating an dpDiscoveryPolicyRule with an action containing the IdpPolicyRuleActionProvider. It also looks like this issue is preventing the PolicyApi from populating the actions when retrieving the rule from the server as the actions providers object is always null. |
|
@duttkin This can be done directly using private PolicyRule createOktaIdpDiscoveryRuleForOrg(OrganizationRecord orgRec) {
final Policy idpDiscoveryPolicy = getOktaIdpDiscoveryPolicy();
HashMap<String, Object> idpPolicyRuleMap = buildIdpPolicyRuleBody(orgRec);
PolicyRule createdIdpPolicyRule = oktaPolicyApi.getApiClient()
.invokeAPI(String.format("/api/v1/policies/%s/rules", idpDiscoveryPolicy.getId()),
HttpMethod.POST.name(),
null,
null,
null,
idpPolicyRuleMap,
new HashMap<>(),
new HashMap<>(),
new HashMap<>(),
MediaType.APPLICATION_JSON_VALUE,
MediaType.APPLICATION_JSON_VALUE,
new String[]{"apiToken", "oauth2"},
new TypeReference<>() {}
);
if (createdIdpPolicyRule == null || createdIdpPolicyRule.getId() == null) {
throw new IllegalStateException("Failed to create Okta IDP Discovery Rule, no PolicyRule returned.");
}
orgRec.setOktaIdpDiscoveryRuleId(createdIdpPolicyRule.getId());
return createdIdpPolicyRule;
}
private Policy getOktaIdpDiscoveryPolicy() {
final List<Policy> idpDiscoveryPolicies = oktaPolicyApi.listPolicies(PolicyType.IDP_DISCOVERY.getValue(), null, null);
// There should only be one IDP Discovery Policy. Each Organization will have its own Policy Rule
if (idpDiscoveryPolicies.size() != 1) {
throw new IllegalArgumentException("Unexpected IDP Discovery policy size of " + idpDiscoveryPolicies.size());
}
return idpDiscoveryPolicies.get(0);
}
private static HashMap<String, Object> buildIdpPolicyRuleBody(OrganizationRecord orgRec) {
Map<String, Object> conditionsMap = buildRoutingRuleConditions(orgRec);
Map<String, Object> actionsMap = buildRoutingRuleActions(orgRec);
HashMap<String, Object> idpRoutingRuleMap = new HashMap<>();
idpRoutingRuleMap.put("type", PolicyRuleType.IDP_DISCOVERY);
idpRoutingRuleMap.put("name", "routingRuleNameLimit50SpecificToEachIDP");
idpRoutingRuleMap.put("actions", actionsMap);
idpRoutingRuleMap.put("conditions", conditionsMap);
return idpRoutingRuleMap;
}
private static Map<String, Object> buildRoutingRuleActions(OrganizationRecord orgRec) {
Map<String, Object> providerMap = new HashMap<>();
providerMap.put("id", orgRec.getOktaIdpId());
Map<String, Object> idpMap = new HashMap<>();
idpMap.put("providers", List.of(providerMap));
idpMap.put("idpSelectionType", "SPECIFIC");
return Map.of("idp", idpMap);
}
private static Map<String, Object> buildRoutingRuleConditions(OrganizationRecord orgRec) {
HashMap<String, String> patternMap = new HashMap<>();
patternMap.put("matchType", "SUFFIX");
patternMap.put("value", orgRec.getSpDomain());
HashMap<String, Object> userIdentifierMap = new HashMap<>();
userIdentifierMap.put("type", "IDENTIFIER");
userIdentifierMap.put("patterns", List.of(patternMap));
return Map.of("userIdentifier", userIdentifierMap);
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature request?
The
IdpPolicyRuleActionProviderclass is currently missing the ability to set theidfield. Without this field it cannot be used when creating new IDP Routing Rules.New or Affected Resource(s)
IdpPolicyRuleActionProvider
Provide a documentation link
No response
Additional Information?
No response
The text was updated successfully, but these errors were encountered: