Mask sensitive values displayed in the NeuVector UI under the SAML configuration, such as certificates, group names, and tenant ID

[Bin0089]

Hi Team,
I am working with customer and we were able to successfully configure SAML(AzureAD) using a ConfigMap. The configuration is working as expected.Here is the sample configMap file.

$ cat initcfg.yaml
apiVersion: v1
data:
samlinitcfg.yaml: |
always_reload: true
SSO_URL: https://login.microsoftonline.com/tjklpojknknklmnl/saml12
Issuer: https://sts.windows.net/tjklpojknknklmnl
X509_Cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
x509_cert_extra:
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Group_Claim:
Enable: false
Default_Role: admin
group_mapped_roles:
- group: admin1
global_role: admin
kind: ConfigMap
metadata:
name: neuvector-init
namespace: neuvector
Questions from customer: it is possible to mask sensitive values displayed in the NeuVector UI under the SAML configuration, such as certificates, group names, and tenant ID ? These values appears as it is in UI and customer would like to mask it.

Refer-: https://suse.slack.com/archives/C03205DN52S/p1767692512518709

[lsongsuse]

Hi @Bin0089

Regarding the request to mask the Tenant ID:
Since NeuVector does not have a "Tenant ID" field, the Tenant ID is currently embedded within the Identity Provider Single Sign-On URL and the Identity Provider Issuer URLs (e.g., https://login.microsoftonline.com/<tenant-id>/...).

To mask the Tenant ID, I will need to mask those two URL fields entirely in the UI.

Could you please confirm with the customer that masking the entire "Identity Provider SSO URL" and "Identity Provider Issuer" fields is the acceptable behavior for them?