feat: Add relay state for SAML SSO (#12597)

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
2025-10-07 20:32:29 +05:30
parent 4b2ebb8877
commit 978f4c431a
8 changed files with 101 additions and 3 deletions
--- a/app/controllers/devise_overrides/omniauth_callbacks_controller.rb
+++ b/app/controllers/devise_overrides/omniauth_callbacks_controller.rb
@@ -19,6 +19,19 @@ class DeviseOverrides::OmniauthCallbacksController < DeviseTokenAuth::OmniauthCa
    redirect_to login_page_url(email: encoded_email, sso_auth_token: @resource.generate_sso_auth_token)
  end

+  def sign_in_user_on_mobile
+    @resource.skip_confirmation! if confirmable_enabled?
+
+    # once the resource is found and verified
+    # we can just send them to the login page again with the SSO params
+    # that will log them in
+    encoded_email = ERB::Util.url_encode(@resource.email)
+    params = { email: encoded_email, sso_auth_token: @resource.generate_sso_auth_token }.to_query
+
+    mobile_deep_link_base = GlobalConfigService.load('MOBILE_DEEP_LINK_BASE', 'chatwootapp')
+    redirect_to "#{mobile_deep_link_base}://auth/saml?#{params}", allow_other_host: true
+  end
+
  def sign_up_user
    return redirect_to login_page_url(error: 'no-account-found') unless account_signup_allowed?
    return redirect_to login_page_url(error: 'business-account-only') unless validate_signup_email_is_business_domain?
--- a/app/javascript/v3/views/login/Index.vue
+++ b/app/javascript/v3/views/login/Index.vue
@@ -22,6 +22,8 @@ import MfaVerification from 'dashboard/components/auth/MfaVerification.vue';
 const ERROR_MESSAGES = {
  'no-account-found': 'LOGIN.OAUTH.NO_ACCOUNT_FOUND',
  'business-account-only': 'LOGIN.OAUTH.BUSINESS_ACCOUNTS_ONLY',
+  'saml-authentication-failed': 'LOGIN.SAML.API.ERROR_MESSAGE',
+  'saml-not-enabled': 'LOGIN.SAML.API.ERROR_MESSAGE',
 };

 const IMPERSONATION_URL_SEARCH_KEY = 'impersonation';
--- a/app/javascript/v3/views/login/Saml.vue
+++ b/app/javascript/v3/views/login/Saml.vue
@@ -15,6 +15,10 @@ const props = defineProps({
    type: String,
    default: '',
  },
+  target: {
+    type: String,
+    default: 'web',
+  },
 });

 const store = useStore();
@@ -107,6 +111,7 @@ onMounted(async () => {
          name="authenticity_token"
          :value="csrfToken"
        />
+        <input type="hidden" class="h-0" name="target" :value="target" />
        <NextButton
          lg
          type="submit"
--- a/app/javascript/v3/views/routes.js
+++ b/app/javascript/v3/views/routes.js
@@ -28,6 +28,7 @@ export default [
    meta: { requireEnterprise: true },
    props: route => ({
      authError: route.query.error,
+      target: route.query.target,
    }),
  },
  {