Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

Explicitly request email NameID from MDM SSO providers (#30886)

Browse source 
#30785
This commit is contained in:
Dante Catalfamo 2025-07-16 13:48:38 -04:00 committed by GitHub
parent b8f75b2b96
commit 06160d35e9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ee/server/service/mdm.go
View file

@ -15,6 +15,7 @@ import (
"sort"
"strings"
"github.com/crewjam/saml"
"github.com/fleetdm/fleet/v4/pkg/file"
"github.com/fleetdm/fleet/v4/pkg/optjson"
"github.com/fleetdm/fleet/v4/server/authz"
@ -720,6 +721,8 @@ func (svc *Service) InitiateMDMAppleSSO(ctx context.Context, initiator string) (
if err != nil {
return "", 0, "", ctxerr.Wrap(ctx, err, "failed to create provider from metadata")
}
// Request the NameID as an email address instead of an unknown type
samlProvider.AuthnNameIDFormat = saml.EmailAddressNameIDFormat
// originalURL is unused in the Setup Experience initiated MDM flow
// however because we need slightly different behavior for account driven