CSA-6 Fix/remove artifact binding (#1885)

* Remove artifact binding, add validation * Re-add JSON properties but eviscerate them
2025-06-30 07:36:14 -05:00 · 2022-02-28 13:43:49 -05:00
parent 3cefd5fd5d
commit a7a39fb54d
5 changed files with 10 additions and 21 deletions
--- a/src/Api/Models/Request/Organizations/OrganizationSsoRequestModel.cs
+++ b/src/Api/Models/Request/Organizations/OrganizationSsoRequestModel.cs
@ -72,7 +72,7 @@ namespace Bit.Api.Models.Request.Organizations
        public Saml2BindingType IdpBindingType { get; set; }
        public string IdpSingleSignOnServiceUrl { get; set; }
        public string IdpSingleLogoutServiceUrl { get; set; }
-        public string IdpArtifactResolutionServiceUrl { get; set; }
+        public string IdpArtifactResolutionServiceUrl { get => null; set { /*IGNORE*/ } }
        public string IdpX509PublicCert { get; set; }
        public string IdpOutboundSigningAlgorithm { get; set; }
        public bool? IdpAllowUnsolicitedAuthnResponse { get; set; }
@ -111,12 +111,6 @@ namespace Bit.Api.Models.Request.Organizations
                        new[] { nameof(IdpEntityId) });
                }

-                if (IdpBindingType == Saml2BindingType.Artifact && string.IsNullOrWhiteSpace(IdpArtifactResolutionServiceUrl))
-                {
-                    yield return new ValidationResult(i18nService.GetLocalizedHtmlString("Saml2BindingTypeValidationError"),
-                        new[] { nameof(IdpArtifactResolutionServiceUrl) });
-                }
-
                if (!Uri.IsWellFormedUriString(IdpEntityId, UriKind.Absolute) && string.IsNullOrWhiteSpace(IdpSingleSignOnServiceUrl))
                {
                    yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleSignOnServiceUrlValidationError"),
@ -129,12 +123,6 @@ namespace Bit.Api.Models.Request.Organizations
                        new[] { nameof(IdpSingleSignOnServiceUrl) });
                }

-                if (InvalidServiceUrl(IdpArtifactResolutionServiceUrl))
-                {
-                    yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpArtifactResolutionServiceUrlInvalid"),
-                        new[] { nameof(IdpArtifactResolutionServiceUrl) });
-                }
-
                if (InvalidServiceUrl(IdpSingleLogoutServiceUrl))
                {
                    yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleLogoutServiceUrlInvalid"),
@ -190,7 +178,7 @@ namespace Bit.Api.Models.Request.Organizations
                IdpBindingType = IdpBindingType,
                IdpSingleSignOnServiceUrl = IdpSingleSignOnServiceUrl,
                IdpSingleLogoutServiceUrl = IdpSingleLogoutServiceUrl,
-                IdpArtifactResolutionServiceUrl = IdpArtifactResolutionServiceUrl,
+                IdpArtifactResolutionServiceUrl = null,
                IdpX509PublicCert = StripPemCertificateElements(IdpX509PublicCert),
                IdpOutboundSigningAlgorithm = IdpOutboundSigningAlgorithm,
                IdpAllowUnsolicitedAuthnResponse = IdpAllowUnsolicitedAuthnResponse.GetValueOrDefault(),
--- a/src/Core/Enums/Saml2BindingType.cs
+++ b/src/Core/Enums/Saml2BindingType.cs
@ -4,6 +4,5 @@
    {
        HttpRedirect = 1,
        HttpPost = 2,
-        Artifact = 4
    }
 }
--- a/src/Core/Models/Data/SsoConfigurationData.cs
+++ b/src/Core/Models/Data/SsoConfigurationData.cs
@ -51,7 +51,7 @@ namespace Bit.Core.Models.Data
        public string IdpX509PublicCert { get; set; }
        public Saml2BindingType IdpBindingType { get; set; } = Saml2BindingType.HttpRedirect;
        public bool IdpAllowUnsolicitedAuthnResponse { get; set; }
-        public string IdpArtifactResolutionServiceUrl { get; set; }
+        public string IdpArtifactResolutionServiceUrl { get => null; set { /*IGNORE*/ } }
        public bool IdpDisableOutboundLogoutRequests { get; set; }
        public string IdpOutboundSigningAlgorithm { get; set; } = SamlSigningAlgorithms.Sha256;
        public bool IdpWantAuthnRequestsSigned { get; set; }