SSO support (#862)

* [SSO] Added change password API (#836) * Created API for updating password with no current comparison * Changed name of method and request // Added user has password error flow * Updated user service method name // Updated string null/empty check * Replaced hardcoded sso domain hints with config loader (#850) * Replaced hardcoded sso domain hints with config loader * use async/await for sso config loader * Update AccountsController.cs Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Matt Portune <mportune@bitwarden.com> Co-authored-by: Matt Portune <59324545+mportune-bw@users.noreply.github.com>
2025-07-03 17:12:49 -05:00 · 2020-08-12 17:03:09 -04:00
parent 056b4b9bf4
commit 783b4804ec
6 changed files with 89 additions and 22 deletions
--- a/src/Identity/Controllers/AccountController.cs
+++ b/src/Identity/Controllers/AccountController.cs
@ -21,17 +21,20 @@ namespace Bit.Identity.Controllers
    {
        private readonly IIdentityServerInteractionService _interaction;
        private readonly IUserRepository _userRepository;
+        private readonly ISsoConfigRepository _ssoConfigRepository;
        private readonly IClientStore _clientStore;
        private readonly ILogger<AccountController> _logger;

        public AccountController(
            IIdentityServerInteractionService interaction,
            IUserRepository userRepository,
+            ISsoConfigRepository ssoConfigRepository,
            IClientStore clientStore,
            ILogger<AccountController> logger)
        {
            _interaction = interaction;
            _userRepository = userRepository;
+            _ssoConfigRepository = ssoConfigRepository;
            _clientStore = clientStore;
            _logger = logger;
        }
@ -53,36 +56,19 @@ namespace Bit.Identity.Controllers
        }

        [HttpGet]
-        public IActionResult ExternalChallenge(string organizationIdentifier, string returnUrl)
+        public async Task<IActionResult> ExternalChallenge(string organizationIdentifier, string returnUrl)
        {
            if (string.IsNullOrWhiteSpace(organizationIdentifier))
            {
                throw new Exception("Invalid organization reference id.");
            }

-            // TODO: Lookup sso config and create a domain hint
-            var domainHint = "oidc_okta";
-            // Temp hardcoded orgs
-            if (organizationIdentifier == "org_oidc_okta")
+            var ssoConfig = await _ssoConfigRepository.GetByIdentifierAsync(organizationIdentifier);
+            if (ssoConfig == null || !ssoConfig.Enabled)
            {
-                domainHint = "oidc_okta";
-            }
-            else if (organizationIdentifier == "org_oidc_onelogin")
-            {
-                domainHint = "oidc_onelogin";
-            }
-            else if (organizationIdentifier == "org_saml2_onelogin")
-            {
-                domainHint = "saml2_onelogin";
-            }
-            else if (organizationIdentifier == "org_saml2_sustainsys")
-            {
-                domainHint = "saml2_sustainsys";
-            }
-            else
-            {
-                throw new Exception("Organization not found.");
+                throw new Exception("Organization not found or SSO configuration not enabled");
            }
+            var domainHint = ssoConfig.OrganizationId.ToString();

            var scheme = "sso";
            var props = new AuthenticationProperties