feat: pre-fill SAML login role from URL (#9394) (#9402)

* prefill role for saml auth method * add changelog Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2026-02-03 20:40:45 -05:00 · 2025-09-17 14:16:57 -04:00 · 2025-09-17 14:16:57 -04:00 · cc9e227d0b
commit cc9e227d0b
parent dfc8b589be
3 changed files with 11 additions and 1 deletions
--- a/changelog/_9394.txt
+++ b/changelog/_9394.txt
@ -0,0 +1,3 @@
+```release-note:improvement
+ui/auth: the role field on the SAML login form now auto-fills from the `role` URL query string parameter
+```
--- a/ui/app/components/auth/form/saml.hbs
+++ b/ui/app/components/auth/form/saml.hbs
@ -14,7 +14,7 @@

    {{! Authenticating with SAML requires a secure context }}
    {{#if this.canLoginSaml}}
-      <Auth::Fields @loginFields={{this.loginFields}} />
+      <Auth::Fields @loginFields={{this.loginFields}} @formQueryParams={{@formQueryParams}} />

      {{yield to="advancedSettings"}}

--- a/ui/tests/acceptance/auth/auth-login-test.js
+++ b/ui/tests/acceptance/auth/auth-login-test.js
@ -61,6 +61,13 @@ module('Acceptance | auth login', function (hooks) {
    assert.dom(GENERAL.inputByAttr('role')).hasValue(role);
  });

+  test('enterprise: it pre-fills SAML role if specified in query param', async function (assert) {
+    const role = AUTH_METHOD_LOGIN_DATA.oidc.role;
+    await visit(`/vault/auth?with=saml&role=${role}`);
+    assert.dom(AUTH_FORM.selectMethod).hasValue('saml');
+    assert.dom(GENERAL.inputByAttr('role')).hasValue(role);
+  });
+
  test('it selects auth method if "with" query param ends in an encoded slash and matches an auth type', async function (assert) {
    await visit('/vault/auth?with=userpass%2F');
    assert.dom(AUTH_FORM.selectMethod).hasValue('userpass');