mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
949a1eeabb
This change allows configuring a separate URL for SSO callbacks, which is useful when organizations have different URLs for admin access vs agent/API access. Fixes #31480 the SSO issue where organizations with dual URL setups were getting 'Destination does not match requested URL' errors after upgrading to v4.71.0 with the new SAML library. Video demo: https://www.youtube.com/watch?v=dFzNpUY3XKI # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [ ] QA'd all new/changed functionality manually ## New Fleet configuration settings - [x] Verified that the setting is exported via `fleetctl generate-gitops` - [x] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - Same PR since this is going to be a 4.71.1 patch - [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit * **New Features** * Added support for configuring a dedicated SSO URL, allowing organizations to restrict SSO authentication to a specific URL. * The new SSO URL option is available in both the UI and API configuration settings. * **Documentation** * Updated configuration and API documentation to include the new SSO URL option with usage examples. * **Bug Fixes** * Resolved authentication issues for organizations using separate URLs for admin and agent/API access. * **Tests** * Added new unit and integration tests to verify SSO behavior with and without the dedicated SSO URL. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| archtest | ||
| authz | ||
| aws_common | ||
| bindata | ||
| config | ||
| contexts | ||
| cron | ||
| datastore | ||
| errorstore | ||
| fleet | ||
| goose | ||
| health | ||
| launcher | ||
| live_query | ||
| logging | ||
| mdm | ||
| mock | ||
| policies | ||
| ptr | ||
| pubsub | ||
| service | ||
| shellquote | ||
| sso | ||
| test | ||
| version | ||
| vulnerabilities | ||
| webhooks | ||
| websocket | ||
| worker | ||
| utils.go | ||
| utils_test.go | ||