Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SAML SLO in tsh #43528

Merged
merged 1 commit into from
Jul 16, 2024
Merged

Add support for SAML SLO in tsh #43528

merged 1 commit into from
Jul 16, 2024

Conversation

rudream
Copy link
Contributor

@rudream rudream commented Jun 26, 2024
edited
Loading

Purpose

Part of #41076

This PR adds SAML SLO (single logout) functionality to tsh. When a user runs tsh logout, if they were logged in via a SAML auth connector with SLO configured, they will also be logged out of the identity provider.

@rudream rudream added the no-changelog Indicates that a PR does not require a changelog entry label Jun 26, 2024
@rudream rudream requested review from avatus and gzdunek June 26, 2024 08:36
@github-actions github-actions bot added size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Jun 26, 2024
@github-actions github-actions bot requested review from atburke and espadolini June 26, 2024 08:36
espadolini
espadolini reviewed Jun 26, 2024
View reviewed changes
Copy link
Contributor

@espadolini espadolini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does "single logout" entail? Would this log the user out of all the IdP sessions, or just the tsh one?

lib/client/api.go Outdated Show resolved Hide resolved
tool/tsh/common/tsh.go Outdated Show resolved Hide resolved
tool/tsh/common/tsh.go Outdated Show resolved Hide resolved
@rudream
Copy link
Contributor Author

rudream commented Jun 26, 2024

What does "single logout" entail? Would this log the user out of all the IdP sessions, or just the tsh one?

@espadolini It will log them out of all their IdP sessions, this might not seem ideal but it's just the way SAML SLO works. There was discussion about this here in the original issue.

@rudream rudream requested a review from espadolini June 26, 2024 20:02
espadolini
espadolini reviewed Jun 27, 2024
View reviewed changes
Copy link
Contributor

@espadolini espadolini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would really prefer if we had a way to keep track of whether or not the login was a SSO session to begin with and if it had a SLO url, since I'm really not looking forward to tsh logout taking 5 seconds per profile, and I'd just start doing rm -r ~/.tsh instead.

tool/tsh/common/tsh.go Outdated Show resolved Hide resolved
tool/tsh/common/tsh.go Outdated Show resolved Hide resolved
tool/tsh/common/tsh.go Outdated Show resolved Hide resolved
tool/tsh/common/tsh.go Outdated Show resolved Hide resolved
tool/tsh/common/tsh.go Outdated Show resolved Hide resolved
@rudream rudream requested a review from espadolini July 10, 2024 12:52
@rudream rudream force-pushed the yassine/saml-slo-tsh branch 2 times, most recently from 527791d to 3ded2d8 Compare July 10, 2024 12:56
espadolini
espadolini reviewed Jul 11, 2024
View reviewed changes
tool/tsh/common/tsh.go Outdated Show resolved Hide resolved
@rudream rudream requested a review from espadolini July 12, 2024 09:32
espadolini
espadolini approved these changes Jul 12, 2024
View reviewed changes
tool/tsh/common/tsh.go Show resolved Hide resolved
@rudream rudream enabled auto-merge July 12, 2024 21:16
@rudream rudream added this pull request to the merge queue Jul 12, 2024
@rudream rudream removed this pull request from the merge queue due to a manual request Jul 12, 2024
@rudream rudream force-pushed the yassine/saml-slo-tsh branch from 6308361 to 75eadc5 Compare July 16, 2024 02:18
@rudream rudream enabled auto-merge July 16, 2024 02:18
@rudream rudream added this pull request to the merge queue Jul 16, 2024
Merged via the queue into master with commit f88877e Jul 16, 2024
43 checks passed
@rudream rudream deleted the yassine/saml-slo-tsh branch July 16, 2024 02:55
@public-teleport-github-review-bot
Copy link

@rudream See the table below for backport results.

Branch Result
branch/v15 Create PR
branch/v16 Create PR

This was referenced Jul 16, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@avatus avatus avatus approved these changes

@espadolini espadolini espadolini approved these changes

Assignees
No one assigned
Labels
backport/branch/v15 backport/branch/v16 no-changelog Indicates that a PR does not require a changelog entry size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rudream @espadolini @avatus