mirror of
https://github.com/fleetdm/fleet
synced 2026-05-06 06:48:54 +00:00
949a1eeabb
This change allows configuring a separate URL for SSO callbacks, which is useful when organizations have different URLs for admin access vs agent/API access. Fixes #31480 the SSO issue where organizations with dual URL setups were getting 'Destination does not match requested URL' errors after upgrading to v4.71.0 with the new SAML library. Video demo: https://www.youtube.com/watch?v=dFzNpUY3XKI # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [ ] QA'd all new/changed functionality manually ## New Fleet configuration settings - [x] Verified that the setting is exported via `fleetctl generate-gitops` - [x] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - Same PR since this is going to be a 4.71.1 patch - [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit * **New Features** * Added support for configuring a dedicated SSO URL, allowing organizations to restrict SSO authentication to a specific URL. * The new SSO URL option is available in both the UI and API configuration settings. * **Documentation** * Updated configuration and API documentation to include the new SSO URL option with usage examples. * **Bug Fixes** * Resolved authentication issues for organizations using separate URLs for admin and agent/API access. * **Tests** * Added new unit and integration tests to verify SSO behavior with and without the dedicated SSO URL. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| android | ||
| api | ||
| apm-elastic | ||
| app | ||
| app-sso-platform | ||
| backup_db | ||
| bomutils-docker | ||
| bump-migration | ||
| calendar | ||
| ci | ||
| cis | ||
| cloner-check | ||
| custom-package-parser | ||
| dbutils | ||
| desktop | ||
| dialog | ||
| fdm | ||
| file-server | ||
| fleet-docker | ||
| fleetctl-docker | ||
| fleetctl-npm | ||
| fleetd-linux | ||
| github-releases | ||
| inspect-cert | ||
| jira-integration | ||
| kubequery | ||
| loadtest | ||
| luks | ||
| mailpit | ||
| makefile-support | ||
| mdm | ||
| msal | ||
| mysql-replica-testing | ||
| nvd/nvdvuln | ||
| oncall | ||
| osquery | ||
| osquery-agent-options | ||
| osquery-testing | ||
| percona/test | ||
| redis-stress | ||
| redis-tests | ||
| release | ||
| run-scripts | ||
| saml | ||
| seed_data/queries | ||
| sentry-self-hosted | ||
| sign-fleetctl | ||
| smtp4dev | ||
| snapshot | ||
| software | ||
| team-builder | ||
| telemetry | ||
| terraform | ||
| test-certs | ||
| test-orbit-mtls | ||
| test_extensions/hello_world | ||
| testdata | ||
| tuf | ||
| vex-parser | ||
| webhook | ||
| windows-mdm-enroll | ||
| wix-docker | ||
| zendesk-integration | ||