Backport add SCIM endpoint ServiceProviderConfig into ce/main (#12303)

2026-02-18 18:38:08 -05:00 · 2026-02-17 10:41:09 -05:00 · 2026-02-17 10:41:09 -05:00 · 2ee80aef37
commit 2ee80aef37
parent daa03407c0
3 changed files with 21 additions and 6 deletions
--- a/vault/identity_store.go
+++ b/vault/identity_store.go
@ -113,6 +113,14 @@ func NewIdentityStore(ctx context.Context, core *Core, config *logical.BackendCo
 		return nil, fmt.Errorf("failed to create group packer: %w", err)
 	}

+	unauthenticatedPaths := []string{
+		"oidc/.well-known/*",
+		"oidc/+/.well-known/*",
+		"oidc/provider/+/.well-known/*",
+		"oidc/provider/+/token",
+	}
+	unauthenticatedPaths = append(unauthenticatedPaths, identityStoreLoginMFAEntUnauthedPaths()...)
+	unauthenticatedPaths = append(unauthenticatedPaths, identityStoreSCIMUnauthedPaths()...)
 	iStore.Backend = &framework.Backend{
 		BackendType:    logical.TypeLogical,
 		Paths:          iStore.paths(),
@ -120,12 +128,7 @@ func NewIdentityStore(ctx context.Context, core *Core, config *logical.BackendCo
 		InitializeFunc: iStore.initialize,
 		ActivationFunc: iStore.activate,
 		PathsSpecial: &logical.Paths{
-			Unauthenticated: append([]string{
-				"oidc/.well-known/*",
-				"oidc/+/.well-known/*",
-				"oidc/provider/+/.well-known/*",
-				"oidc/provider/+/token",
-			}),
+			Unauthenticated: unauthenticatedPaths,
 			LocalStorage: []string{
 				localAliasesBucketsPrefix,
 			},
@ -167,6 +170,8 @@ func (i *IdentityStore) paths() []*framework.Path {
 		mfaDuoPaths(i),
 		mfaPingIDPaths(i),
 		mfaLoginEnforcementPaths(i),
+		mfaLoginEnterprisePaths(i),
+		scimPaths(i),
 	)
 }

--- a/vault/identity_store_oss.go
+++ b/vault/identity_store_oss.go
@ -24,6 +24,10 @@ func identityStoreLoginMFAEntUnauthedPaths() []string {
 	return []string{}
 }

+func identityStoreSCIMUnauthedPaths() []string {
+	return []string{}
+}
+
 func mfaLoginEnterprisePaths(i *IdentityStore) []*framework.Path {
 	return []*framework.Path{}
 }
--- a/vault/identity_store_scim_oss.go
+++ b/vault/identity_store_scim_oss.go
@ -7,6 +7,8 @@ package vault

 import (
 	"context"
+
+	"github.com/hashicorp/vault/sdk/framework"
 )

 func (i *IdentityStore) loadSCIMClients(ctx context.Context) error {
@ -15,3 +17,7 @@ func (i *IdentityStore) loadSCIMClients(ctx context.Context) error {

 func (i *IdentityStore) invalidateSCIMClient(ctx context.Context, key string) {
 }
+
+func scimPaths(_ *IdentityStore) []*framework.Path {
+	return []*framework.Path{}
+}