feat: add saml model & controller [CW-2958] (#12289)

This PR adds the foundation for account-level SAML SSO configuration in Chatwoot Enterprise. It introduces a new `AccountSamlSettings` model and management API that allows accounts to configure their own SAML identity providers independently, this also includes the certificate generation flow The implementation includes a new controller (`Api::V1::Accounts::SamlSettingsController`) that provides CRUD operations for SAML configuration The feature is properly gated behind the 'saml' feature flag and includes administrator-only authorization via Pundit policies.
2025-09-04 02:00:42 +05:30
parent b46c07519a
commit 33058b5f3f
17 changed files with 590 additions and 1 deletions
--- a/spec/factories/account_saml_settings.rb
+++ b/spec/factories/account_saml_settings.rb
@@ -0,0 +1,31 @@
+FactoryBot.define do
+  factory :account_saml_settings do
+    account
+    sso_url { 'https://idp.example.com/saml/sso' }
+    certificate do
+      key = OpenSSL::PKey::RSA.new(2048)
+      cert = OpenSSL::X509::Certificate.new
+      cert.version = 2
+      cert.serial = 1
+      cert.subject = OpenSSL::X509::Name.parse('/C=US/ST=Test/L=Test/O=Test/CN=test.example.com')
+      cert.issuer = cert.subject
+      cert.public_key = key.public_key
+      cert.not_before = Time.zone.now
+      cert.not_after = cert.not_before + (365 * 24 * 60 * 60)
+      cert.sign(key, OpenSSL::Digest.new('SHA256'))
+      cert.to_pem
+    end
+    idp_entity_id { 'https://idp.example.com/saml/metadata' }
+    role_mappings { {} }
+
+    trait :with_role_mappings do
+      role_mappings do
+        {
+          'Administrators' => { 'role' => 1 },
+          'Agents' => { 'role' => 0 },
+          'Custom-Team' => { 'custom_role_id' => 5 }
+        }
+      end
+    end
+  end
+end