minio
diff --git a/‎models/login_details.go
Lines changed: 63 additions & 6 deletions b/‎models/login_details.go
Lines changed: 63 additions & 6 deletions
diff --git a/‎models/redirect_rule.go
Lines changed: 70 additions & 0 deletions b/‎models/redirect_rule.go
Lines changed: 70 additions & 0 deletions
diff --git a/‎operatorapi/embedded_spec.go
Lines changed: 26 additions & 16 deletions b/‎operatorapi/embedded_spec.go
Lines changed: 26 additions & 16 deletions
diff --git a/‎operatorapi/login.go
Lines changed: 10 additions & 3 deletions b/‎operatorapi/login.go
Lines changed: 10 additions & 3 deletions
diff --git a/‎pkg/auth/idp.go
Lines changed: 3 additions & 2 deletions b/‎pkg/auth/idp.go
Lines changed: 3 additions & 2 deletions
diff --git a/‎pkg/auth/idp/oauth2/config.go
Lines changed: 4 additions & 2 deletions b/‎pkg/auth/idp/oauth2/config.go
Lines changed: 4 additions & 2 deletions
diff --git a/‎pkg/auth/idp/oauth2/const.go
Lines changed: 1 addition & 0 deletions b/‎pkg/auth/idp/oauth2/const.go
Lines changed: 1 addition & 0 deletions
@@ -101,7 +101,8 @@ func getLoginDetailsResponse(params authApi.LoginDetailParams) (*models.LoginDet
 	r := params.HTTPRequest
 
 	loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
-	redirectURL := []string{}
+
+	var redirectRules []*models.RedirectRule
 
 	if oauth2.IsIDPEnabled() {
 		loginStrategy = models.LoginDetailsLoginStrategyRedirectDashServiceDashAccount
@@ -115,12 +116,18 @@ func getLoginDetailsResponse(params authApi.LoginDetailParams) (*models.LoginDet
 			KeyFunc: oauth2.DefaultDerivedKey,
 			Client:  oauth2Client,
 		}
-		redirectURL = append(redirectURL, identityProvider.GenerateLoginURL())
+
+		newRedirectRule := &models.RedirectRule{
+			Redirect:    identityProvider.GenerateLoginURL(),
+			DisplayName: "Login with SSO",
+		}
+
+		redirectRules = append(redirectRules, newRedirectRule)
 	}
 
 	loginDetails := &models.LoginDetails{
 		LoginStrategy: loginStrategy,
-		Redirect:      redirectURL,
+		RedirectRules: redirectRules,
 		IsDirectPV:    getDirectPVEnabled(),
 	}
 	return loginDetails, nil
 
@@ -40,11 +40,12 @@ type IdentityProviderI interface {
 type IdentityProvider struct {
 	KeyFunc oauth2.StateKeyFunc
 	Client  *oauth2.Provider
+	RoleARN string
 }
 
 // VerifyIdentity will verify the user identity against the idp using the authorization code flow
 func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error) {
-	return c.Client.VerifyIdentity(ctx, code, state, c.KeyFunc)
+	return c.Client.VerifyIdentity(ctx, code, state, c.RoleARN, c.KeyFunc)
 }
 
 // VerifyIdentityForOperator will verify the user identity against the idp using the authorization code flow
@@ -54,5 +55,5 @@ func (c IdentityProvider) VerifyIdentityForOperator(ctx context.Context, code, s
 
 // GenerateLoginURL returns a new URL used by the user to login against the idp
 func (c IdentityProvider) GenerateLoginURL() string {
-	return c.Client.GenerateLoginURL(c.KeyFunc)
+	return c.Client.GenerateLoginURL(c.KeyFunc, c.Client.IDPName)
 }
@@ -48,9 +48,11 @@ func (pc ProviderConfig) GetStateKeyFunc() StateKeyFunc {
 	}
 }
 
-type OpenIDPCfg map[string]ProviderConfig
+func (pc ProviderConfig) GetARNInf() string {
+	return pc.RoleArn
+}
 
-var DefaultIDPConfig = "_"
+type OpenIDPCfg map[string]ProviderConfig
 
 func GetSTSEndpoint() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
 
@@ -29,4 +29,5 @@ const (
 	ConsoleIDPScopes             = "CONSOLE_IDP_SCOPES"
 	ConsoleIDPUserInfo           = "CONSOLE_IDP_USERINFO"
 	ConsoleIDPTokenExpiration    = "CONSOLE_IDP_TOKEN_EXPIRATION"
+	ConsoleIDPRoleARN            = "CONSOLE_IDP_ROLE_ARN"
 )
Original file line number	Diff line number	Diff line change
`@@ -40,11 +40,12 @@ type IdentityProviderI interface {`
`40`	`40`	`type IdentityProvider struct {`
`41`	`41`	`KeyFunc oauth2.StateKeyFunc`
`42`	`42`	`Client *oauth2.Provider`
	`43`	`+ RoleARN string`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`// VerifyIdentity will verify the user identity against the idp using the authorization code flow`
`46`	`47`	`func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error) {`
`47`		`- return c.Client.VerifyIdentity(ctx, code, state, c.KeyFunc)`
	`48`	`+ return c.Client.VerifyIdentity(ctx, code, state, c.RoleARN, c.KeyFunc)`
`48`	`49`	`}`
`49`	`50`
`50`	`51`	`// VerifyIdentityForOperator will verify the user identity against the idp using the authorization code flow`
`@@ -54,5 +55,5 @@ func (c IdentityProvider) VerifyIdentityForOperator(ctx context.Context, code, s`
`54`	`55`
`55`	`56`	`// GenerateLoginURL returns a new URL used by the user to login against the idp`
`56`	`57`	`func (c IdentityProvider) GenerateLoginURL() string {`
`57`		`- return c.Client.GenerateLoginURL(c.KeyFunc)`
	`58`	`+ return c.Client.GenerateLoginURL(c.KeyFunc, c.Client.IDPName)`
`58`	`59`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,9 +48,11 @@ func (pc ProviderConfig) GetStateKeyFunc() StateKeyFunc {`
`48`	`48`	`}`
`49`	`49`	`}`
`50`	`50`
`51`		`-type OpenIDPCfg map[string]ProviderConfig`
	`51`	`+func (pc ProviderConfig) GetARNInf() string {`
	`52`	`+ return pc.RoleArn`
	`53`	`+}`
`52`	`54`
`53`		`-var DefaultIDPConfig = "_"`
	`55`	`+type OpenIDPCfg map[string]ProviderConfig`
`54`	`56`
`55`	`57`	`func GetSTSEndpoint() string {`
`56`	`58`	`return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))`
Original file line number	Diff line number	Diff line change
`@@ -29,4 +29,5 @@ const (`
`29`	`29`	`ConsoleIDPScopes = "CONSOLE_IDP_SCOPES"`
`30`	`30`	`ConsoleIDPUserInfo = "CONSOLE_IDP_USERINFO"`
`31`	`31`	`ConsoleIDPTokenExpiration = "CONSOLE_IDP_TOKEN_EXPIRATION"`
	`32`	`+ ConsoleIDPRoleARN = "CONSOLE_IDP_ROLE_ARN"`
`32`	`33`	`)`