mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
949a1eeabb
This change allows configuring a separate URL for SSO callbacks, which is useful when organizations have different URLs for admin access vs agent/API access. Fixes #31480 the SSO issue where organizations with dual URL setups were getting 'Destination does not match requested URL' errors after upgrading to v4.71.0 with the new SAML library. Video demo: https://www.youtube.com/watch?v=dFzNpUY3XKI # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [ ] QA'd all new/changed functionality manually ## New Fleet configuration settings - [x] Verified that the setting is exported via `fleetctl generate-gitops` - [x] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - Same PR since this is going to be a 4.71.1 patch - [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit * **New Features** * Added support for configuring a dedicated SSO URL, allowing organizations to restrict SSO authentication to a specific URL. * The new SSO URL option is available in both the UI and API configuration settings. * **Documentation** * Updated configuration and API documentation to include the new SSO URL option with usage examples. * **Bug Fixes** * Resolved authentication issues for organizations using separate URLs for admin and agent/API access. * **Tests** * Added new unit and integration tests to verify SSO behavior with and without the dedicated SSO URL. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| activity.ts | ||
| campaign.ts | ||
| certificates.ts | ||
| config.ts | ||
| config_option.js | ||
| datatable_config.ts | ||
| decorators.js | ||
| dropdownOption.ts | ||
| empty_table.ts | ||
| enroll_secret.ts | ||
| errors.ts | ||
| form_field.ts | ||
| host.ts | ||
| host_summary.ts | ||
| host_users.ts | ||
| installer.ts | ||
| integration.ts | ||
| invite.ts | ||
| label.ts | ||
| license.js | ||
| list_options.ts | ||
| macadmins.ts | ||
| mdm.ts | ||
| notification.ts | ||
| operating_system.ts | ||
| osquery_table.ts | ||
| pack.ts | ||
| package_type.ts | ||
| platform.ts | ||
| policy.ts | ||
| query.ts | ||
| query_report.ts | ||
| query_stats.ts | ||
| registration_form_data.js | ||
| registration_form_data.ts | ||
| routing.ts | ||
| schedulable_query.ts | ||
| scheduled_query.ts | ||
| script.ts | ||
| software.ts | ||
| ssoSettings.ts | ||
| status_labels.ts | ||
| target.ts | ||
| team.ts | ||
| team_subnav.ts | ||
| user.ts | ||
| version.ts | ||
| vulnerability.ts | ||
| webhook.ts | ||