Add Tines SAML mapping

mozilla-iam · Dec 16, 2024 · 0bdc9bb · 0bdc9bb
1 parent c471527
commit 0bdc9bb
Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/tf/actions/samlMappings.js b/tf/actions/samlMappings.js
@@ -2,6 +2,22 @@ exports.onExecutePostLogin = async (event, api) => {
   console.log("Running actions:", "samlMappings");
 
   switch(event.client.client_id) {
+    case "cPH0znP4n74JvPf9Efc1w6O8KQWwT634": // Tines
+      // Only pass relative groups. These should match the authorized apps in apps.yml
+      const tineGroups = [
+        'mozilliansorg_sec_tines-admin',
+        'mozilliansorg_sec_tines-access',
+        'team_moco',
+        'team_mofo',
+        'team_mzla',
+        'team_mzai',
+        'team_mzvc'
+        ];
+      const userGroups = event.user.metadata?.groups || [];
+      const selectGroups = tineGroups.filter(group => userGroups.includes(group));
+      api.samlResponse.setAttribute("groups", selectGroups);
+      break;
+
     case "wgh8S9GaE7sJ4i0QrAzeMxFXgWZYtB0l": // sage-intacct
       api.samlResponse.setAttribute('Company Name', 'MOZ Corp');
       api.samlResponse.setAttribute('emailAddress', event.user.email);

diff --git a/tf/tests/samlMappings.test.js b/tf/tests/samlMappings.test.js
@@ -112,6 +112,44 @@ test('Client ID does not match, no SAML attributes set', async () => {
 
 });
 
+describe('Tines SAML tests', () => {
+  const clientIDs = ['cPH0znP4n74JvPf9Efc1w6O8KQWwT634'];
+
+  test.each(clientIDs)('Ensure SAML configuration mappings for client %s', async (clientID) => {
+    _event.client.client_id = clientID;
+
+    _event.user.metadata = {};
+    _event.user.metadata.groups = [
+      'mozilliansorg_sec_tines-admin',
+      'foo',
+      'mozilliansorg_sec_tines-access',
+      'bar',
+      'team_moco',
+      'team_mofo',
+      'team_mzla',
+      'team_mzai',
+      'team_mzvc'
+    ];
+
+    expectedSamlAttributes = {
+      "groups": [
+        'mozilliansorg_sec_tines-admin',
+        'mozilliansorg_sec_tines-access',
+        'team_moco',
+        'team_mofo',
+        'team_mzla',
+        'team_mzai',
+        'team_mzvc'
+    ]};
+
+    // Execute onExecutePostLogin
+    await onExecutePostLogin(_event, api);
+
+    expect(api.samlResponse.setAttribute).toHaveBeenCalled();
+    expect(_samlAttributes).toEqual(expectedSamlAttributes);
+  });
+});
+
 describe('Sage Intacct SAML tests', () => {
   const clientIDs = ['wgh8S9GaE7sJ4i0QrAzeMxFXgWZYtB0l'];