Skip to content

Add multi-ingress domains to SCIM IdPs #4880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: sventennie/scim-idp-with-domain
Choose a base branch
from
Draft

Add multi-ingress domains to SCIM IdPs #4880

wants to merge 1 commit into from

Conversation

Copy link

Copilot AI commented Nov 28, 2025
edited
Loading

Ticket: https://wearezeta.atlassian.net/browse/WPB-20052

Adds support for associating SAML IdPs with multi-ingress domains. When multi-ingress is configured, each domain can have at most one IdP to enable deterministic SSO code resolution per email domain.

Key changes:

  • Add domain field to WireIdP extra info, stored only for configured multi-ingress domains
  • Add filterMultiIngressZHost to validate ZHost against configured domain mappings
  • Add guardMultiIngressDuplicateDomain checks on IdP create/update to enforce one-IdP-per-domain
  • Add SparIdPDomainInUse error (409) when domain constraint violated
  • Add Cassandra schema update for domain column in idp table

Behavior:

  • Teams without multi-ingress configured: no change, multiple IdPs allowed
  • Teams with multi-ingress: bijective mapping (domain, team) → IdP enforced at API level
  • IdPs created on unconfigured domains store no domain field (guards against later multi-ingress config conflicts)

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Nov 28, 2025
Open
2 tasks
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Nov 28, 2025
Copilot AI changed the title [WIP] Add multi-ingress domains to SCIM IdPs Add multi-ingress domains to SCIM IdPs Nov 28, 2025
Copilot AI requested a review from supersven November 28, 2025 13:30
Copilot finished work on behalf of supersven November 28, 2025 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@supersven supersven Awaiting requested review from supersven

Assignees

@supersven supersven

Copilot code review Copilot

Labels

ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@supersven @zebot