Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-15 13:08:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 138
fleet/changes
History
Victor Lyuboslavsky 949a1eeabb
Add sso_server_url configuration for dual URL SSO setups (#31497) 
This change allows configuring a separate URL for SSO callbacks, which
is useful when organizations have different URLs for admin access vs
agent/API access.

Fixes #31480 the SSO issue where organizations with dual URL setups were
getting 'Destination does not match requested URL' errors after
upgrading to v4.71.0 with the new SAML library.

Video demo: https://www.youtube.com/watch?v=dFzNpUY3XKI

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually

## New Fleet configuration settings

- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
  - Same PR since this is going to be a 4.71.1 patch
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

* **New Features**
* Added support for configuring a dedicated SSO URL, allowing
organizations to restrict SSO authentication to a specific URL.
* The new SSO URL option is available in both the UI and API
configuration settings.

* **Documentation**
* Updated configuration and API documentation to include the new SSO URL
option with usage examples.

* **Bug Fixes**
* Resolved authentication issues for organizations using separate URLs
for admin and agent/API access.

* **Tests**
* Added new unit and integration tests to verify SSO behavior with and
without the dedicated SSO URL.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-01 20:32:15 +02:00
..
.keep Issue 1009 calculate diff software (#1305) 2021-07-08 13:57:43 -03:00
21754-fleetctl-api-body-support [fleetctl] api command: support request body, including file uploads (#30806) 2025-07-29 08:15:23 -05:00
21973-better-unmarshal-type-errors Better gitops unmarshal type errors (#30647) 2025-07-24 13:49:17 -04:00
25587-pkg-name-extraction Use install path on packageInfo XML if it's a .app before falling back to bundle ID for PKG name extraction (#30669) 2025-07-09 08:21:10 -05:00
26404-stale-false-positive Switch vulns cron false positive clear to clear vulns based on when the vulns run started, rather than based on periodicity (#31364) 2025-07-29 10:14:14 -05:00
26618-software-vuln-detected-dates fix issue with CVE showing wrong date (#30768) 2025-07-10 22:38:22 -04:00
27061-dedupe-cve Revise OS vuln query to avoid duplicate entries (#30812) 2025-07-15 14:03:25 -05:00
27447-auto-install-queries-for-custom-msi-2 Use upgrade code if available to improve accuracy of auto-install policy (#30977) 2025-07-17 12:18:06 -04:00
27580-vuln-counts Fix insufficient deduplication on vulnerabilities count query (#31021) 2025-07-17 17:40:21 -05:00
27758-msi-unnstall Extract UpgradeCode from MSI custom packages, use for better uninstall script generation (#30969) 2025-07-17 10:33:23 -05:00
27919-fma-versions Populate version for macOS Chrome FMA on import, use Chrome Enterprise PKG instead of DMG, add tooltip on "latest" version when adding FMA (#30926) 2025-07-24 16:14:01 -05:00
27983-update-software Fleet UI: Add update details modal (#31250) 2025-07-25 09:28:25 -04:00
28342-linux-escrow-error-report 28342: Do not report error if host already escrowed (#30652) 2025-07-09 12:47:17 -04:00
28818-tpm-backed-http-signatures Fleet server verifies HTTP signature (#30825) 2025-07-16 20:08:27 +02:00
28996-parse-cert-dn-with-slashes Fix host certificate parsing with embedded slash (#30827) 2025-07-15 21:24:15 +02:00
29250-force-filevault-on-login-for-manual-enrollments Enforce FileVault at login when manually enrolled (#31170) 2025-08-01 15:15:11 +02:00
29286-sort-package-ids Sort package ids to ensure consistent uninstall script generation (#30968) 2025-07-16 20:44:30 -05:00
29315-manual-label-scoping Manual labels no longer factor in created_at time for exclusions (#30745) 2025-07-11 12:18:34 -05:00
29451-fix-doubled-banners Prevent double banner on host details page (#31001) 2025-07-23 14:38:11 -05:00
29824-declarations-status-not-respected-with-remove-operations Fix declaration status conditions not following profile status conditions (#30911) 2025-07-16 18:03:16 +02:00
29824-delete-installs-that-has-not-reached-hosts Fix stale pending remove apple declarations if host was offline for add and remove declaration (#30981) 2025-07-22 11:22:04 +02:00
29848-tooltip-missing-webhook-url Add missing webhook tooltip URL (#30603) 2025-07-09 14:37:54 -04:00
29849-filter-linux-installers Filter out DEB/RPM installers in ListHostSoftware when they're incompatible with the target host's distro (#30852) 2025-07-15 15:41:42 -05:00
29994-use-comshim For 29994: Use comshim for proper COM initialization (#30920) 2025-07-16 14:40:28 -04:00
30109-fix-sql-like-clause Allow ESCAPE in LIKE clauses to be valid SQL (#31222) 2025-07-25 10:13:55 -05:00
30157-enable_software_inventory-default-true Set enable_software_inventory to default true in gitops (#30744) 2025-07-10 16:38:56 -04:00
30197-automatic-install-policies Automatic install policies in ListHostSoftware (#31469) 2025-08-01 10:22:14 -05:00
30240-show-appropriate-status-actions Fleet UI: Add update details modal (#31250) 2025-07-25 09:28:25 -04:00
30311-fix-race-cond-test 30311: Fix race condition in test (#30903) 2025-07-17 10:20:49 -04:00
30359-mdm-eula-url-extra-slash Remove additional / from MDM EULA urls (#30985) 2025-07-18 13:30:32 +01:00
30390-cert-country Fixed issue ingesting certs with long country codes. (#31443) 2025-07-31 23:06:36 +02:00
30409-list-mdm-commands-sql Potential datastore optimizations for concurrent use of list mdm command API to poll results by host identifier (#30804) 2025-07-17 15:25:31 -05:00
30435-hash-for-policy-in-software-path Fix handling of software policy automations when a hash is specified inside a software file (#30814) 2025-07-15 13:24:24 -05:00
30461-fleetd-generate-tpm-key Rename flags and types for TPM work (#31176) 2025-07-23 14:30:44 -03:00
30481-gitops-manual-label-no-hosts Allow manual label with empty host list in gitops (#30756) 2025-07-18 11:07:19 -04:00
30565-cron-errors Skip software installers for which we can't, or don't need to, parse package IDs/create uninstall scripts (#31347) 2025-07-28 13:58:19 -05:00
30636-apple-account-driven-user-enrollment Managed Apple account user enrollment - integrate PoC changes (#30755) 2025-07-15 15:02:11 -04:00
30746-remove-unintended-broken-sort Fleet UI: Remove unintended broken sort on type column (#31264) 2025-07-28 09:08:34 -04:00
30749-primo-mode-expansion Allow users of Fleet in Primo mode to access Software automations and Failing policy ticket & webhook automations (#30865) 2025-07-17 15:53:31 -07:00
30797-argparse Add changes file for #30797 (#30798) 2025-07-11 14:41:00 -05:00
30853-gitops-secrets-validation Removed fleet secret validation during gitops dry runs (#31402) 2025-07-30 13:12:39 -05:00
31077-msi-uninstall Add waits + norestart to MSI uninstall scripts (#31078) 2025-07-23 09:27:59 -05:00
31123-dcv-viewer-fix Add software sanitation on ingest back, use it to fix DCV Viewer versions (#31251) 2025-07-25 08:45:39 -05:00
31143-hosts-gets-configured-before-profiles-are-sent Wait for expected profiles to be sent before releasing device (#31381) 2025-07-31 17:50:57 +02:00
31193-turn-on-ability-to-set-tpm-pin Ability to set TPM PIN protector policy on host. (#31484) 2025-08-01 13:32:19 -04:00
31232-ms-mde-7.0 Add MS-MDE2 Request/Enrollment version 7.0 to allowlist to fix Windows enrollments (#31412) 2025-07-30 11:53:27 -04:00
31286-package-upgrade-fix Move 31286 changes file. (#31327) 2025-07-30 07:24:43 +02:00
31372-host-identity-cert-renewal Host identity cert renewal (#31372) 2025-07-30 16:46:36 +02:00
31480-fix-sso-alternate-url Add sso_server_url configuration for dual URL SSO setups (#31497) 2025-08-01 20:32:15 +02:00
add-fmas Add FMA icons and icon tool (#30933) 2025-07-18 13:58:45 -06:00
fleetd-extensions-support-arm64 Add arm64 support for fleetd extensions and fixes on test scripts (#31084) 2025-07-21 15:47:59 -03:00
issue-25367-os-updates-page-permissions dont show os updates page for users who are not global admin or the team admin (#31410) 2025-07-31 12:04:06 +01:00
issue-29410-turn-on-mdm-styles change button styles for turn on mdm info banner (#31374) 2025-08-01 15:36:03 +01:00
issue-30782-updates-to-UI-for-personally-enrolled-devices Updates across UI to support personal devices enrolled in MDM (#30830) 2025-07-21 12:07:03 +01:00
issue-31057-service-discovery-endpoint Add service discovery API endpoint (#31089) 2025-07-23 12:11:32 +01:00
update-go-1.24.5 Update Go to 1.24.5 (#30770) 2025-07-15 10:59:17 -07:00