FR: SAML Sign In - Interstitial page to send users directly to IdP login screen

chrome/browser/resources/gaia_auth_host/authenticator.js

Index: chrome/browser/resources/gaia_auth_host/authenticator.js
diff --git a/chrome/browser/resources/gaia_auth_host/authenticator.js b/chrome/browser/resources/gaia_auth_host/authenticator.js
index 2407ffa35822773b9212cfb3091c74cb18eeb99d..f8f0018d7c05f101bbf5cc65d26ce767c33d4c47 100644
--- a/chrome/browser/resources/gaia_auth_host/authenticator.js
+++ b/chrome/browser/resources/gaia_auth_host/authenticator.js
@@ -31,6 +31,7 @@ cr.define('cr.login', function() {
   var GAPS_COOKIE = 'GAPS';
   var SERVICE_ID = 'chromeoslogin';
   var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos';
+  var SAML_REDIRECTION_PATH = 'samlredirect';
 
   /**
    * The source URL parameter for the constrained signin flow.
@@ -264,6 +265,17 @@ cr.define('cr.login', function() {
   };
 
   Authenticator.prototype.constructInitialFrameUrl_ = function(data) {
+    if (data.doSamlRedirect) {
+      var url = this.idpOrigin_ + SAML_REDIRECTION_PATH;
+      url = appendParam(url, 'domain', data.enterpriseDomain);
+      url = appendParam(url, 'continue', data.gaiaUrl +
+          'o/oauth2/programmatic_auth?hl=' + data.hl +
+          '&scope=https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthLogin&' +
+          'client_id=' + data.clientId + '&access_type=offline');

[xiyuan, 2016/03/28 20:58:40]

To be on the safe side, encodeURIComponent(data.clientId)

[afakhry, 2016/03/28 23:15:33]

Done.

+
+      return url;
+    }
+
     var path = data.gaiaPath;
     if (!path && this.isNewGaiaFlow)
       path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT;