Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/cmd
History
Victor Lyuboslavsky 949a1eeabb
Add sso_server_url configuration for dual URL SSO setups (#31497) 
This change allows configuring a separate URL for SSO callbacks, which
is useful when organizations have different URLs for admin access vs
agent/API access.

Fixes #31480 the SSO issue where organizations with dual URL setups were
getting 'Destination does not match requested URL' errors after
upgrading to v4.71.0 with the new SAML library.

Video demo: https://www.youtube.com/watch?v=dFzNpUY3XKI

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually

## New Fleet configuration settings

- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
  - Same PR since this is going to be a 4.71.1 patch
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

* **New Features**
* Added support for configuring a dedicated SSO URL, allowing
organizations to restrict SSO authentication to a specific URL.
* The new SSO URL option is available in both the UI and API
configuration settings.

* **Documentation**
* Updated configuration and API documentation to include the new SSO URL
option with usage examples.

* **Bug Fixes**
* Resolved authentication issues for organizations using separate URLs
for admin and agent/API access.

* **Tests**
* Added new unit and integration tests to verify SSO behavior with and
without the dedicated SSO URL.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-01 20:32:15 +02:00
..
cpe Add validator for NVD feed items (#29282) 2025-05-22 14:51:52 -05:00
cve Fix CVSSv3 validation expectations (#29594) 2025-05-29 14:39:55 -05:00
fleet Switch vulns cron false positive clear to clear vulns based on when the vulns run started, rather than based on periodicity (#31364) 2025-07-29 10:14:14 -05:00
fleetctl Add sso_server_url configuration for dual URL SSO setups (#31497) 2025-08-01 20:32:15 +02:00
macoffice Add new archive URL as data source for Mac Office release notes (#26978) 2025-03-10 08:46:18 -05:00
maintained-apps FMA test automation (#31210) 2025-07-31 15:23:36 -05:00
msrc Don't reuse GitHub HTTP client to pull MSRC feeds (#22493) 2024-09-27 21:23:48 -05:00
osquery-perf add basic handling for vpp app installs on osquery perf (#31178) 2025-07-24 08:26:03 -04:00