Add setting for whitelisting redirect URLs for auth

Author: mrajashree

code/implementation/docker/machine/src/main/java/io/cattle/platform/docker/machine/launch/AuthServiceLauncher.java

@@ -59,6 +59,7 @@ public class AuthServiceLauncher extends GenericServiceLauncher implements Initi
     public static final DynamicStringProperty NO_IDENTITY_LOOKUP_SETTING = ArchaiusUtil.getString("api.auth.external.provider.no.identity.lookup");
     private static final DynamicStringProperty AUTH_SERVICE_LOG_LEVEL = ArchaiusUtil.getString("auth.service.log.level");
     private static final DynamicStringProperty AUTH_SERVICE_CONFIG_UPDATE_TIMESTAMP = ArchaiusUtil.getString("auth.service.config.update.timestamp");
+    public static final DynamicStringProperty API_AUTH_SHIBBOLETH_REDIRECT_WHITELIST_SETTING = ArchaiusUtil.getString("api.auth.shibboleth.redirect.whitelist");
 
     @Override
     protected boolean shouldRun() {
@@ -154,6 +155,7 @@ protected List<DynamicStringProperty> getReloadSettings() {
         list.add(SECURITY_SETTING);
         list.add(AUTH_SERVICE_LOG_LEVEL);
         list.add(AUTH_SERVICE_CONFIG_UPDATE_TIMESTAMP);
+        list.add(API_AUTH_SHIBBOLETH_REDIRECT_WHITELIST_SETTING);
         return list;
     }
 

code/packaging/app-config/src/main/resources/META-INF/cattle/api-server/defaults.properties

@@ -93,7 +93,8 @@ settings.public=rancher.compose.linux.url, \
   ui.show.system, \
   ui.show.custom.host, \
   api.host, \
-  ipsec.service.enable.healthcheck
+  ipsec.service.enable.healthcheck, \
+  api.auth.shibboleth.redirect.whitelist
 
 vm.enabled=false
 ui.pl=rancher
@@ -103,4 +104,5 @@ engine.install.url=https://releases.rancher.com/install-docker/1.12.sh
 account.version=2
 supported.docker.range=~v1.12.3 || ~v1.13.0 || ~v17.03.0 || ~v17.06.0 || ~v17.09.0 || ~v17.12.0 || ~v18.03.0 || ~v18.06.0
 newest.docker.version=v18.06.0
+api.auth.shibboleth.redirect.whitelist=
 ipsec.service.enable.healthcheck=false

tests/integration-v1/cattletest/core/test_settings.py

@@ -99,16 +99,16 @@ def test_settings_user_list(context):
     names = {x.name for x in settings}
 
     assert len(settings) != 0
-    assert len(settings) < 17
+    assert len(settings) < 18
     assert 'rancher.compose.linux.url' in names
 
     settings = user_client.list_setting(all=True)
     assert len(settings) != 0
-    assert len(settings) < 17
+    assert len(settings) < 18
 
     settings = user_client.list_setting(all=False)
     assert len(settings) != 0
-    assert len(settings) < 17
+    assert len(settings) < 18
 
 
 def test_settings_admin_user_list(admin_user_client):
@@ -124,5 +124,5 @@ def test_settings_admin_user_list(admin_user_client):
     names = {x.name for x in settings}
 
     assert len(settings) != 0
-    assert len(settings) < 17
+    assert len(settings) < 18
     assert 'rancher.compose.linux.url' in names

tests/integration/cattletest/core/test_settings.py

@@ -99,16 +99,16 @@ def test_settings_user_list(context):
     names = {x.name for x in settings}
 
     assert len(settings) != 0
-    assert len(settings) < 17
+    assert len(settings) < 18
     assert 'rancher.compose.linux.url' in names
 
     settings = user_client.list_setting(all=True)
     assert len(settings) != 0
-    assert len(settings) < 17
+    assert len(settings) < 18
 
     settings = user_client.list_setting(all=False)
     assert len(settings) != 0
-    assert len(settings) < 17
+    assert len(settings) < 18
 
 
 def test_settings_admin_user_list(admin_user_client):
@@ -124,7 +124,7 @@ def test_settings_admin_user_list(admin_user_client):
     names = {x.name for x in settings}
 
     assert len(settings) != 0
-    assert len(settings) < 17
+    assert len(settings) < 18
     assert 'rancher.compose.linux.url' in names