diff --git a/api/utils/entraid/federation_metadata.go b/api/utils/entraid/federation_metadata.go new file mode 100644 index 0000000000000..2dfa76080cdeb --- /dev/null +++ b/api/utils/entraid/federation_metadata.go @@ -0,0 +1,33 @@ +/* +Copyright 2024 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package entraid + +import ( + "net/url" + "path" +) + +// FederationMetadataURL returns the URL for the federation metadata endpoint +func FederationMetadataURL(tenantID, appID string) string { + return (&url.URL{ + Scheme: "https", + Host: "login.microsoftonline.com", + Path: path.Join(tenantID, "federationmetadata", "2007-06", "federationmetadata.xml"), + RawQuery: url.Values{ + "appid": {appID}, + }.Encode(), + }).String() +} diff --git a/tool/tctl/common/plugin/entraid.go b/tool/tctl/common/plugin/entraid.go index 040bbbaacade0..0d9edccfb1296 100644 --- a/tool/tctl/common/plugin/entraid.go +++ b/tool/tctl/common/plugin/entraid.go @@ -36,7 +36,7 @@ import ( pluginspb "github.com/gravitational/teleport/api/gen/proto/go/teleport/plugins/v1" "github.com/gravitational/teleport/api/types" - "github.com/gravitational/teleport/e/lib/entraid" + entraapiutils "github.com/gravitational/teleport/api/utils/entraid" "github.com/gravitational/teleport/lib/integrations/azureoidc" "github.com/gravitational/teleport/lib/utils/oidc" "github.com/gravitational/teleport/lib/web/scripts/oneoff" @@ -211,7 +211,7 @@ func (p *PluginsCommand) InstallEntra(ctx context.Context, args installPluginArg }, }, Display: "Entra ID", - EntityDescriptorURL: entraid.FederationMetadataURL(settings.tenantID, settings.clientID), + EntityDescriptorURL: entraapiutils.FederationMetadataURL(settings.tenantID, settings.clientID), }) if err != nil { return trace.Wrap(err, "failed to create SAML connector")