Add configuration option for origin check (#914)

Depends on PR cloudfoundry/uaa#2934
cloudfoundry · Jul 12, 2024 · ce712f1 · ce712f1
1 parent 1d6b716
commit ce712f1
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 0 deletions.
diff --git a/jobs/uaa/spec b/jobs/uaa/spec
@@ -448,6 +448,9 @@ properties:
       the alias). Note that existing entities with an alias will not be removed when deactivating the flag. Instead, the
       creation, update and deletion of identity providers and users with an alias is prohibited.
     default: false
+  login.checkOriginEnabled:
+    description: "This flag enables the origin check in SCIM. Otherwise, the assignments of users to an origin are not validated."
+    default: false
 
   # Email
   login.notifications.url:

diff --git a/jobs/uaa/templates/config/uaa.yml.erb b/jobs/uaa/templates/config/uaa.yml.erb
@@ -671,6 +671,7 @@
       'idpDiscoveryEnabled' => p('login.idpDiscoveryEnabled'),
       'accountChooserEnabled' => p('login.accountChooserEnabled'),
       'aliasEntitiesEnabled' => p('login.aliasEntitiesEnabled'),
+      'checkOriginEnabled' => p('login.checkOriginEnabled'),
       'entityBaseURL' => login_entityBaseUrl,
       'entityID' => login_entityId,
       'prompt' => {

diff --git a/spec/compare/all-properties-set-uaa.yml b/spec/compare/all-properties-set-uaa.yml
@@ -347,6 +347,7 @@ login:
   idpDiscoveryEnabled: true
   accountChooserEnabled: true
   aliasEntitiesEnabled: true
+  checkOriginEnabled: true
   entityBaseURL: http://all-properties-set:8888/uaa
   entityID: all-properties-set:8888/uaa
   prompt:

diff --git a/spec/compare/bosh-lite-uaa.yml b/spec/compare/bosh-lite-uaa.yml
@@ -265,6 +265,7 @@ login:
   idpDiscoveryEnabled: false
   accountChooserEnabled: false
   aliasEntitiesEnabled: false
+  checkOriginEnabled: false
   entityBaseURL: https://login.bosh-lite.com
   entityID: login.bosh-lite.com
   prompt:

diff --git a/spec/compare/deprecated-properties-still-work-uaa.yml b/spec/compare/deprecated-properties-still-work-uaa.yml
@@ -219,6 +219,7 @@ login:
   idpDiscoveryEnabled: false
   accountChooserEnabled: false
   aliasEntitiesEnabled: false
+  checkOriginEnabled: false
   entityBaseURL: http://test.uaa.url
   entityID: test.uaa.url
   prompt:

diff --git a/spec/compare/test-defaults-uaa.yml b/spec/compare/test-defaults-uaa.yml
@@ -170,6 +170,7 @@ login:
   idpDiscoveryEnabled: false
   accountChooserEnabled: false
   aliasEntitiesEnabled: false
+  checkOriginEnabled: false
   entityBaseURL: http://test.uaa.url
   entityID: test.uaa.url
   prompt:

diff --git a/spec/input/all-properties-set.yml b/spec/input/all-properties-set.yml
@@ -39,6 +39,7 @@ properties:
     idpDiscoveryEnabled: true
     accountChooserEnabled: true
     aliasEntitiesEnabled: true
+    checkOriginEnabled: true
     links:
       global:
         passwd: "https://{zone.subdomain}.myaccountmanager.domain.com/z/{zone.id}/forgot_password"