From b4b8b983361f6a9b041ccbc988e87470c2ee4e49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=81=BE=E3=81=A3=E3=81=A1=E3=82=83=E3=81=A8=E3=83=BC?= =?UTF-8?q?=E3=81=AB=E3=82=85?= <17376330+u1-liquid@users.noreply.github.com> Date: Sun, 17 Mar 2024 22:20:47 +0900 Subject: [PATCH] =?UTF-8?q?enhance(SSO):=20SAML=E8=AA=8D=E8=A8=BC=E3=81=AE?= =?UTF-8?q?NameIDFormat=E3=81=ABemailAddress=E3=82=92=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../server/sso/SAMLIdentifyProviderService.ts | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts index 688127b27d..2a07e4a123 100644 --- a/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts +++ b/packages/backend/src/server/sso/SAMLIdentifyProviderService.ts @@ -97,9 +97,10 @@ export class SAMLIdentifyProviderService { }, }, }, - 'md:NameIDFormat': { - '#text': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', - }, + 'md:NameIDFormat': [ + { '#text': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' }, + { '#text': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' }, + ], 'md:SingleSignOnService': [ { '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', @@ -186,9 +187,10 @@ export class SAMLIdentifyProviderService { '@WantAssertionsSigned': provider.wantAssertionsSigned, '@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol', 'md:KeyDescriptor': keyDescriptor, - 'md:NameIDFormat': { - '#text': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', - }, + 'md:NameIDFormat': [ + { '#text': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' }, + { '#text': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' }, + ], 'md:AssertionConsumerService': { '@isDefault': 'true', '@index': 0, @@ -475,10 +477,16 @@ export class SAMLIdentifyProviderService { '#text': ssoServiceProvider.issuer, }, 'saml:Subject': { - 'saml:NameID': { - '@Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', - '#text': user.id, - }, + 'saml:NameID': [ + { + '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + '#text': profile.email, + }, + { + '@Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', + '#text': user.id, + }, + ], 'saml:SubjectConfirmation': { '@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer', 'saml:SubjectConfirmationData': {