trivir · dallinjsevy · Apr 7, 2026
diff --git a/src/cli/config-manager/config-manager-push/config-manager-push-saml.ts b/src/cli/config-manager/config-manager-push/config-manager-push-saml.ts
@@ -0,0 +1,53 @@
+import { frodo } from '@rockcarver/frodo-lib';
+
+import { configManagerImportSaml } from '../../../configManagerOps/FrConfigSamlOps';
+import { getTokens } from '../../../ops/AuthenticateOps';
+import { printMessage, verboseMessage } from '../../../utils/Console';
+import { FrodoCommand } from '../../FrodoCommand';
+
+const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } =
+  frodo.utils.constants;
+
+const deploymentTypes = [
+  CLOUD_DEPLOYMENT_TYPE_KEY,
+  FORGEOPS_DEPLOYMENT_TYPE_KEY,
+];
+
+export default function setup() {
+  const program = new FrodoCommand(
+    'frodo config-manager push saml',
+    [],
+    deploymentTypes
+  );
+
+  program
+    .description('Import saml configuration.')
+
+    .action(async (host, realm, user, password, options, command) => {
+      command.handleDefaultArgsAndOpts(
+        host,
+        realm,
+        user,
+        password,
+        options,
+        command
+      );
+
+      if (await getTokens(false, true, deploymentTypes)) {
+        verboseMessage('Exporting config entity saml');
+        const outcome = await configManagerImportSaml();
+        if (!outcome) process.exitCode = 1;
+      }
+      // unrecognized combination of options or no options
+      else {
+        printMessage(
+          'Unrecognized combination of options or no options...',
+          'error'
+        );
+        program.help();
+        process.exitCode = 1;
+      }
+    });
+
+  return program;
+}
diff --git a/src/cli/config-manager/config-manager-push/config-manager-push.ts b/src/cli/config-manager/config-manager-push/config-manager-push.ts
@@ -11,6 +11,7 @@ import Locales from './config-manager-push-locales';
 import ManagedObjects from './config-manager-push-managed-objects';
 import OrgPrivileges from './config-manager-push-org-privileges';
 import PasswordPolicy from './config-manager-push-password-policy';
+import Saml from './config-manager-push-saml';
 import Schedules from './config-manager-push-schedules';
 import ServiceObjects from './config-manager-push-service-objects';
 import TermsAndConditions from './config-manager-push-terms-and-conditions';
@@ -39,6 +40,6 @@ export default function setup() {
   program.addCommand(CookieDomains().name('cookie-domains'));
   program.addCommand(ServiceObjects().name('service-objects'));
   program.addCommand(UiConfig().name('ui-config'));
-
+  program.addCommand(Saml().name('saml'));
   return program;
 }
diff --git a/src/configManagerOps/FrConfigSamlOps.ts b/src/configManagerOps/FrConfigSamlOps.ts
@@ -1,4 +1,6 @@
 import { frodo, state } from '@rockcarver/frodo-lib';
+import { CirclesOfTrustExportInterface } from '@rockcarver/frodo-lib/types/ops/CirclesOfTrustOps';
+import { Saml2ExportInterface } from '@rockcarver/frodo-lib/types/ops/Saml2Ops';
 import fs from 'fs';
 
 import { printError } from '../utils/Console';
@@ -9,8 +11,10 @@ import {
 } from '../utils/FrConfig';
 
 const { getFilePath, saveJsonToFile } = frodo.utils;
-const { exportSaml2Provider } = frodo.saml2.entityProvider;
-const { exportCircleOfTrust } = frodo.saml2.circlesOfTrust;
+const { exportSaml2Provider, importSaml2Providers } =
+  frodo.saml2.entityProvider;
+const { exportCircleOfTrust, importCirclesOfTrust } =
+  frodo.saml2.circlesOfTrust;
 /**
  * Export an IDM configuration object in the fr-config-manager format.
  * @param {string} envFile File that defines environment specific variables for replacement during configuration export/import
@@ -98,3 +102,85 @@ export async function configManagerExportSaml(file): Promise<boolean> {
   }
   return false;
 }
+
+/**
+ * Import all SAML entity providers from all *.saml.json files in the current directory
+ * @returns {Promise<boolean>} true if successful, false otherwise
+ */
+
+export async function configManagerImportSaml(): Promise<boolean> {
+  try {
+    const realmsDir = getFilePath('realms/');
+    const realmsToProcess = fs
+      .readdirSync(realmsDir, { withFileTypes: true })
+      .filter((entry) => entry.isDirectory())
+      .map((entry) => entry.name);
+
+    for (const realm of realmsToProcess) {
+      state.setRealm(realm);
+      if (state.getRealm() === '/') continue;
+      const samlDir = getFilePath(`realms/${realm}/realm-config/saml`);
+
+      const hostedDir = `${samlDir}/hosted`;
+      const remoteDir = `${samlDir}/remote`;
+      const cotDir = `${samlDir}/COT`;
+
+      const hosted: Record<string, any> = {};
+      const remote: Record<string, any> = {};
+      const metadata: Record<string, string[]> = {};
+      const cot: Record<string, any> = {};
+
+      if (fs.existsSync(hostedDir)) {
+        for (const file of fs.readdirSync(hostedDir)) {
+          if (file.endsWith('.json')) {
+            const hostedData = JSON.parse(
+              fs.readFileSync(`${hostedDir}/${file}`, 'utf8')
+            );
+            hosted[hostedData.config.entityId] = hostedData.config;
+            metadata[hostedData.config.entityId] = [hostedData.metadata];
+          }
+        }
+      }
+
+      if (fs.existsSync(remoteDir)) {
+        for (const file of fs.readdirSync(remoteDir)) {
+          if (file.endsWith('.json')) {
+            const remoteData = JSON.parse(
+              fs.readFileSync(`${remoteDir}/${file}`, 'utf8')
+            );
+            remote[remoteData.config.entityId] = remoteData.config;
+            metadata[remoteData.config.entityId] = [remoteData.metadata];
+          }
+        }
+      }
+
+      if (fs.existsSync(cotDir)) {
+        for (const file of fs.readdirSync(cotDir)) {
+          if (file.endsWith('.json')) {
+            const cotData = JSON.parse(
+              fs.readFileSync(`${cotDir}/${file}`, 'utf8')
+            );
+            cot[cotData._id] = cotData;
+          }
+        }
+      }
+      const samlImportData: Saml2ExportInterface = {
+        script: {},
+        saml: { hosted, remote, metadata },
+      };
+
+      const cotImportData: CirclesOfTrustExportInterface = {
+        script: {},
+        saml: { hosted: {}, remote: {}, metadata: {}, cot },
+      };
+
+      await importSaml2Providers(samlImportData, { deps: true });
+      await importCirclesOfTrust(cotImportData);
+    }
+
+    return true;
+  } catch (error) {
+    printError(error);
+  }
+  return false;
+}
diff --git a/test/client_cli/en/__snapshots__/config-manager-push-saml.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-push-saml.test.js.snap
@@ -0,0 +1,25 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`CLI help interface for 'config-manager push saml' should be expected english 1`] = `
+"Usage: frodo config-manager push saml [options] [host] [realm] [username] [password]
+
+[Experimental] Import saml configuration.
+
+Arguments:
+  host              AM base URL, e.g.: https://cdk.iam.example.com/am. To use a
+                    connection profile, just specify a unique substring or
+                    alias.
+  realm             Realm. Specify realm as '/' for the root realm or 'realm' or
+                    '/parent/child' otherwise. (default: "alpha" for Identity
+                    Cloud tenants, "/" otherwise.)
+  username          Username to login with. Must be an admin user with
+                    appropriate rights to manage authentication journeys/trees.
+  password          Password.
+
+Options:
+  -h, --help        Help
+  -hh, --help-more  Help with all options.
+  -hhh, --help-all  Help with all options, environment variables, and usage
+                    examples.
+"
+`;
diff --git a/test/client_cli/en/__snapshots__/config-manager-push.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-push.test.js.snap
@@ -26,6 +26,7 @@ Commands:
   managed-objects       [Experimental] Import managed objects.
   org-privileges        [Experimental] Import organization privileges config.
   password-policy       [Experimental] Import password-policy objects.
+  saml                  [Experimental] Import saml configuration.
   schedules             [Experimental] Import schedules.
   service-objects       [Experimental] Import service objects.
   terms-and-conditions  [Experimental] Import terms and conditions.

diff --git a/test/client_cli/en/config-manager-push-saml.test.js b/test/client_cli/en/config-manager-push-saml.test.js
@@ -0,0 +1,10 @@
+import cp from 'child_process';
+import { promisify } from 'util';
+
+const exec = promisify(cp.exec);
+const CMD = 'frodo config-manager push saml --help';
+const { stdout } = await exec(CMD);
+
+test("CLI help interface for 'config-manager push saml' should be expected english", async () => {
+    expect(stdout).toMatchSnapshot();
+});
diff --git a/test/e2e/__snapshots__/config-manager-push-saml.e2e.test.js.snap b/test/e2e/__snapshots__/config-manager-push-saml.e2e.test.js.snap
@@ -0,0 +1,3 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`frodo config-manager push saml "frodo config-manager push saml -D test/e2e/exports/fr-config-manager/forgeops -m forgeops": should import the saml into forgeops" 1`] = `""`;
diff --git a/test/e2e/config-manager-push-saml.e2e.test.js b/test/e2e/config-manager-push-saml.e2e.test.js
@@ -0,0 +1,72 @@
+/**
+ * Follow this process to write e2e tests for the CLI project:
+ *
+ * 1. Test if all the necessary mocks for your tests already exist.
+ *    In mock mode, run the command you want to test with the same arguments
+ *    and parameters exactly as you want to test it, for example:
+ *
+ *    $ FRODO_MOCK=1 frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!
+ *
+ *    If your command completes without errors and with the expected results,
+ *    all the required mocks already exist and you are good to write your
+ *    test and skip to step #4.
+ *
+ *    If, however, your command fails and you see errors like the one below,
+ *    you know you need to record the mock responses first:
+ *
+ *    [Polly] [adapter:node-http] Recording for the following request is not found and `recordIfMissing` is `false`.
+ *
+ * 2. Record mock responses for your exact command.
+ *    In mock record mode, run the command you want to test with the same arguments
+ *    and parameters exactly as you want to test it, for example:
+ *
+ *    $ FRODO_MOCK=record frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!
+ *
+ *    Wait until you see all the Polly instances (mock recording adapters) have
+ *    shutdown before you try to run step #1 again.
+ *    Messages like these indicate mock recording adapters shutting down:
+ *
+ *    Polly instance 'conn/4' stopping in 3s...
+ *    Polly instance 'conn/4' stopping in 2s...
+ *    Polly instance 'conn/save/3' stopping in 3s...
+ *    Polly instance 'conn/4' stopping in 1s...
+ *    Polly instance 'conn/save/3' stopping in 2s...
+ *    Polly instance 'conn/4' stopped.
+ *    Polly instance 'conn/save/3' stopping in 1s...
+ *    Polly instance 'conn/save/3' stopped.
+ *
+ * 3. Validate your freshly recorded mock responses are complete and working.
+ *    Re-run the exact command you want to test in mock mode (see step #1).
+ *
+ * 4. Write your test.
+ *    Make sure to use the exact command including number of arguments and params.
+ *
+ * 5. Commit both your test and your new recordings to the repository.
+ *    Your tests are likely going to reside outside the frodo-lib project but
+ *    the recordings must be committed to the frodo-lib project.
+ */
+
+/*
+// ForgeOps
+FRODO_MOCK=record FRODO_NO_CACHE=1 FRODO_HOST=https://nightly.gcp.forgeops.com/am frodo config-manager push saml -D test/e2e/exports/fr-config-manager/forgeops -m forgeops
+*/
+
+import cp from 'child_process';
+import { promisify } from 'util';
+import { getEnv, removeAnsiEscapeCodes } from './utils/TestUtils';
+import { forgeops_connection as fc } from './utils/TestConfig';
+
+const exec = promisify(cp.exec);
+
+process.env['FRODO_MOCK'] = '1';
+const forgeopsEnv = getEnv(fc);
+
+const allDirectory = "test/e2e/exports/fr-config-manager/forgeops";
+
+describe('frodo config-manager push saml', () => {
+    test(`"frodo config-manager push saml -D ${allDirectory} -m forgeops": should import the saml into forgeops"`, async () => {
+        const CMD = `frodo config-manager push saml -D ${allDirectory} -m forgeops`;
+        const { stdout } = await exec(CMD, forgeopsEnv);
+        expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot();
+    });
+});
diff --git a/test/e2e/exports/fr-config-manager/forgeops/realms/alpha/realm-config/saml/COT/FR_COT.json b/test/e2e/exports/fr-config-manager/forgeops/realms/alpha/realm-config/saml/COT/FR_COT.json
@@ -0,0 +1,15 @@
+{
+  "_id": "FR_COT",
+  "_rev": "641713822",
+  "_type": {
+    "_id": "circlesoftrust",
+    "collection": true,
+    "name": "Circle of Trust"
+  },
+  "description": "testCircle",
+  "status": "active",
+  "trustedProviders": [
+    "ForgeopsTest|saml2",
+    "test-IDP|saml2"
+  ]
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		// Jest Snapshot v1, https://goo.gl/fbAQLP

		exports[`frodo config-manager push saml "frodo config-manager push saml -D test/e2e/exports/fr-config-manager/forgeops -m forgeops": should import the saml into forgeops" 1`] = `""`;