Merge pull request #575 from TheJumpCloud/CUT-4061_EntraSsoEntityID

entityID parsing and validation
TheJumpCloud · May 22, 2024 · ac88be4 · ac88be4
2 parents 2d1509f + b0cc1a4
commit ac88be4
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 12 deletions.
diff --git a/PowerShell/JumpCloud.Office365.SSO/JumpCloud.Office365.SSO.psd1 b/PowerShell/JumpCloud.Office365.SSO/JumpCloud.Office365.SSO.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: JumpCloud
 #
-# Generated on: 4/16/24
+# Generated on: 5/16/24
 #
 
 @{
@@ -12,7 +12,7 @@
     RootModule        = 'JumpCloud.Office365.SSO.psm1'
 
     # Version number of this module.
-    ModuleVersion     = '0.10.0'
+    ModuleVersion     = '0.11.0'
 
     # ID used to uniquely identify this module
     GUID              = 'e96fc334-5734-4705-b837-0ac564623803'
@@ -74,3 +74,9 @@
     # DefaultCommandPrefix = ''
 
 }
+
+
+
+
+
+
diff --git a/PowerShell/JumpCloud.Office365.SSO/Private/HelperFunctions/Get-MetadataFromXML.ps1 b/PowerShell/JumpCloud.Office365.SSO/Private/HelperFunctions/Get-MetadataFromXML.ps1
@@ -8,18 +8,42 @@ function Get-MetadataFromXML {
         [ValidatePattern( '\.xml$' )]
         [string]$XMLFilePath
     )
+    begin {
 
-    [xml]$XMLInfo = Get-Content $XMLFilePath
+        [xml]$XMLInfo = Get-Content $XMLFilePath
+    }
+    process {
+
+        $certificate = $XMLInfo.EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509Certificate
+        # domain should be extracted from entityID
+        $domainMatches = $XMLInfo.EntityDescriptor.entityID | Select-String -Pattern '(https:\/\/|urn:uri:)(=?.*)'
+        if ($domainMatches) {
+            if (($domainMatches.Matches.Groups[0].Value -match "https://") -or ($domainMatches.Matches.Groups[0].Value -match "urn:uri:")) {
+                # entity ID should match https: or urn:uri:
+                $entityID = $domainMatches.Matches.Groups[0].Value
+            } else {
+                throw "The supplied EntityID: $($XMLInfo.EntityDescriptor.entityID) does not appear to be correct. The domain name may be missing 'https://' or 'urn:uri:' as a prefix to the domain name. EX: within the JumpCloud SSO application for O365, supply an EntityID value such as 'https://myDomain.com' or 'urn:uri:myDomain.com'"
+            }
+            # domain should be the second group match from the $domainMatches variable
+            $domain = $domainMatches.Matches.Groups[2].Value
+
+        } else {
+            throw "The supplied EntityID: $($XMLInfo.EntityDescriptor.entityID) does not appear to be correct. The domain name may be missing 'https://' or 'urn:uri:' as a prefix to the domain name. EX: within the JumpCloud SSO application for O365, supply an EntityID value such as 'https://myDomain.com' or 'urn:uri:myDomain.com'"
+        }
 
-    $certificate = $XMLInfo.EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509Certificate
-    $domain = $XMLInfo.EntityDescriptor.entityID
-    $IDPUrl = $XMLInfo.EntityDescriptor.IDPSSODescriptor.SingleSignOnService.location[0]
 
-    $MetaData = [PSCustomObject]@{
-        Certificate = $certificate
-        Domain      = $domain
-        IDPUrl      = $IDPUrl
+        $IDPUrl = $XMLInfo.EntityDescriptor.IDPSSODescriptor.SingleSignOnService.location[0]
+
+        $MetaData = [PSCustomObject]@{
+            Certificate = $certificate
+            Domain      = $domain
+            EntityID    = $entityID
+            IDPUrl      = $IDPUrl
+        }
+
     }
+    end {
 
-    Return $MetaData
+        Return $MetaData
+    }
 }
diff --git a/PowerShell/JumpCloud.Office365.SSO/Public/Enable-JumpCloud.Office365.SSO.ps1 b/PowerShell/JumpCloud.Office365.SSO/Public/Enable-JumpCloud.Office365.SSO.ps1
@@ -16,6 +16,7 @@ function Enable-JumpCloud.Office365.SSO {
             $Metadata = Get-MetaDataFromXML -XMLFilePath $XMLFilePath
             $IDPUrl = $Metadata.IDPUrl
             $Domain = $Metadata.Domain
+            $EntityID = $Metadata.EntityID
             $Certificate = $Metadata.Certificate
             $logoutUrl = "https://console.jumpcloud.com/userconsole/"
 
@@ -43,7 +44,7 @@ function Enable-JumpCloud.Office365.SSO {
                 $SetDomainParams = @{
                     DomainName                      = $Domain
                     DisplayName                     = $Domain
-                    IssuerUri                       = "https://$Domain"
+                    IssuerUri                       = $EntityID
                     SignOutUri                      = $logoutUrl
                     PassiveSignInUri                = $IDPUrl
                     ActiveSignInUri                 = $idpUrl