Deepak Prabhakara 1a20b0a0c6

Add log in with Google and SAML (#1192 )

* Add log in with Google

* Fix merge conflicts

* Merge branch 'main' into feature/copy-add-identity-provider

# Conflicts:
#	pages/api/auth/[...nextauth].tsx
#	pages/api/auth/forgot-password.ts
#	pages/settings/security.tsx
#	prisma/schema.prisma
#	public/static/locales/en/common.json

* WIP: SAML login

* fixed login

* fixed verified_email check for Google

* tweaks to padding

* added BoxyHQ SAML service to local docker-compose

* identityProvider is missing from the select clause

* user may be undefined

* fix for yarn build

* Added SAML configuration to Settings -> Security page

* UI tweaks

* get saml login flag from the server

* UI tweaks

* moved SAMLConfiguration to a component in ee

* updated saml migration date

* fixed merge conflict

* fixed merge conflict

* lint fixes

* check-types fixes

* check-types fixes

* fixed type errors

* updated docker image for SAML Jackson

* added api keys config

* added default values for SAML_TENANT_ID and SAML_PRODUCT_ID

* - move all env vars related to saml into a separate file for easy access
- added SAML_ADMINS comma separated list of emails that will be able to configure the SAML metadata

* cleanup after merging main

* revert mistake during merge

* revert mistake during merge

* set info text to indicate SAML has been configured.

* tweaks to text

* tweaks to text

* i18n text

* i18n text

* tweak

* use a separate db for saml to avoid Prisma schema being out of sync

* use separate docker-compose file for saml

* padding tweak

* Prepare for implementing SAML login for the hosted solution

* WIP: Support for SAML in the hosted solution

* teams view has changed, adjusting saml changes accordingly

* enabled SAML only for PRO plan

* if user was invited and signs in via saml/google then update the user record

* WIP: embed saml lib

* 302 instead of 307

* no separate docker-compose file for saml

* - ogs cleanup
- type fixes

* fixed types for jackson

* cleaned up cors, not needed by the oauth flow

* updated jackson to support encryption at rest

* updated saml-jackson lib

* allow only the required http methods

* fixed issue with latest merge with main

* - Added instructions for deploying SAML support
- Tweaked SAML audience identifier

* fixed check for hosted Cal instance

* Added a new route to initiate Google and SAML login flows

* updated saml-jackson lib (node engine version is now 14.x or above)

* moved SAML instructions from Google Docs to a docs file

* moved randomString to lib

* comment SAML_DATABASE_URL and SAML_ADMINS in .env.example so that default is SAML off.

* fixed path to randomString

* updated @boxyhq/saml-jackson to v0.3.0

* fixed TS errors

* tweaked SAML config UI

* fixed types

* added e2e test for Google login

* setup secrets for Google login test

* test for OAuth login buttons (Google and SAML)

* enabled saml for the test

* added test for SAML config UI

* fixed nextauth import

* use pkce flow

* tweaked NextAuth config for saml

* updated saml-jackson

* added ability to delete SAML configuration

* SAML variables explainers and refactoring

* Prevents constant collision

* Var name changes

* Env explainers

* better validation for email

Co-authored-by: Omar López <zomars@me.com>

* enabled GOOGLE_API_CREDENTIALS in e2e tests (Github Actions secret)

* cleanup (will create an issue to handle forgot password for Google and SAML identities)

Co-authored-by: Chris <76668588+bytesbuffer@users.noreply.github.com>
Co-authored-by: Omar López <zomars@me.com>

2022-01-13 20:05:23 +00:00

2.8 KiB

Raw Blame History

Get Started with Enterprise

Enterprise Edition

Welcome to the Enterprise Edition ("/ee") of Cal.com.

The /ee subfolder is the place for all the Pro features from our hosted plan and enterprise-grade features such as SSO, SAML, ADFS, OIDC, SCIM, SIEM, HRIS and much more.

❗ WARNING: This repository is copyrighted (unlike our main repo). You are not allowed to use this code to host your own version of app.cal.com without obtaining a proper license first❗

Setting up Stripe

Create a stripe account or use an existing one. For testing, you should use all stripe dashboard functions with the Test-Mode toggle in the top right activated.
Open Stripe ApiKeys save the token starting with pk_... to NEXT_PUBLIC_STRIPE_PUBLIC_KEY and sk_... to STRIPE_PRIVATE_KEY in the .env file.
Open Stripe Connect Settings and activate OAuth for Standard Accounts
Add <CALENDSO URL>/api/integrations/stripepayment/callback as redirect URL.
Copy your client*id (ca*...) to STRIPE_CLIENT_ID in the .env file.
Open Stripe Webhooks and add <CALENDSO URL>/api/integrations/stripepayment/webhook as webhook for connected applications.
Select all payment_intent events for the webhook.
Copy the webhook secret (whsec_...) to STRIPE_WEBHOOK_SECRET in the .env file.

Set SAML_DATABASE_URL to a postgres database. Please use a different database than the main Cal instance since the migrations are separate for this database. For example postgresql://postgres:@localhost:5450/cal-saml
Set SAML_ADMINS to a comma separated list of admin emails from where the SAML metadata can be uploaded and configured.
Create a SAML application with your Identity Provider (IdP) using the instructions here - SAML Setup
Remember to configure access to the IdP SAML app for all your users (who need access to Cal).
You will need the XML metadata from your IdP later, so keep it accessible.
Log in to one of the admin accounts configured in SAML_ADMINS and then navigate to Settings -> Security.
You should see a SAML configuration section, copy and paste the XML metadata from step 5 and click on Save.
Your provisioned users can now log into Cal using SAML.

2.8 KiB Raw Blame History

Enterprise Edition

Setting up Stripe

Setting up SAML login

2.8 KiB

Raw Blame History