fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Copy/paste SAML metadata from IdP w/o manipulation

Open allenhouchins opened this issue 1 year ago • 1 comments

  • @noahtalerman: User requested this because copying SAML metadata from an IdP into YAML for GitOps fails due to strict indentation requirements.
    • @noahtalerman: In the interim they manually adjust tabbing before using it, which is tedious and error-prone.
    • @noahtalerman: Eventually Fleet should allow pasting metadata in the UI and exporting it via fleetctl to generate properly formatted YAML. Another option is for Fleet to auto-format the metadata at runtime when pulling from GitHub secrets.

User stories

  • #27459

allenhouchins avatar Feb 26 '25 15:02 allenhouchins

Problem

I am not able to directly copy and paste my SAML metadata from my IdP and use it in yaml/gitops as yaml has strict tabbing requirements. This means I have to tab this data out before using it in yaml. Since sso_settings.metadata and mdm.end_user_authentication.metadata are at different indentations in yaml, this makes it more confusing on how to properly tab this data. More info: fleetdm/confidential#9204 and https://github.com/fleetdm/fleet/pull/26042 and https://github.com/fleetdm/fleet/issues/26135

What have you tried?

I have tried to copy/paste my SAML metadata from IdP into a GitHub secret to use in yaml. This fails because the data is not properly tabbed so I encounter unfurl errors when gitops runs.

Potential solutions

You can copy/paste the data in the UI then through fleetctl export it to properly formatted yaml. It would be great if we knew how to take this data provided in the GitHub secret and unfurl it for the customer automatically at run-time.

What is the expected workflow as a result of your proposal?

I can copy/paste my SAML metadata without manipulation, manage the configuration with gitops, and my admins and end users can authenticate successfully.

allenhouchins avatar Apr 03 '25 15:04 allenhouchins

@noahtalerman @allenhouchins I submitted a PR in the gitops repo that adds logic to ensure even spacing. We may be able to close this out if you feel that is adequate:

https://github.com/fleetdm/fleet-gitops/pull/68

ksatter avatar Apr 25 '25 15:04 ksatter

@ksatter nice! Do we need to make the same change to the GitLab repo? cc @getvictor

We may be able to close this out if you feel that is adequate

I opened up a :help-dogfood request (issue template here): https://github.com/fleetdm/fleet/issues/28706

noahtalerman avatar Apr 30 '25 19:04 noahtalerman

It may/should work in GitLab with @ksatter's changes. But yes, I recommend trying it in GitLab.

getvictor avatar Apr 30 '25 20:04 getvictor

UPDATE: @noahtalerman: Closed this feature request because it's now a duplicate of the following request:

  • #30006

FYI @allenhouchins

noahtalerman avatar Aug 04 '25 15:08 noahtalerman

Metadata copied, pasted, Fleet shapes it, no error, In cloud city's grace.

fleet-release avatar Aug 04 '25 15:08 fleet-release