Sync config templates

This commit is contained in:
Tim Jacomb 2019-03-03 15:07:51 +00:00
parent 292aaddaee
commit 08de197cff
No known key found for this signature in database
GPG Key ID: 08A202C942DC52AD
2 changed files with 54 additions and 0 deletions

View File

@ -62,6 +62,12 @@ SAML_METADATA_CACHE_LIFETIME = 1
### Example: urn:oid:2.5.4.4 ### Example: urn:oid:2.5.4.4
#SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4' #SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4'
## Split into Given name and Surname
## Useful if your IDP only gives a display name
### Default: none
### Example: http://schemas.microsoft.com/identity/claims/displayname
#SAML_ATTRIBUTE_NAME = 'http://schemas.microsoft.com/identity/claims/displayname'
## Attribute to use for username ## Attribute to use for username
### Default: Use NameID instead ### Default: Use NameID instead
### Example: urn:oid:0.9.2342.19200300.100.1.1 ### Example: urn:oid:0.9.2342.19200300.100.1.1
@ -75,6 +81,22 @@ SAML_METADATA_CACHE_LIFETIME = 1
### the user is set as a non-administrator user. ### the user is set as a non-administrator user.
#SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin' #SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
## Attribute to get group from
### Default: Don't use groups from SAML attribute
### Example: https://example.edu/pdns-admin-group
#SAML_ATTRIBUTE_GROUP = 'https://example.edu/pdns-admin'
## Group namem to get admin status from
### Default: Don't control admin with SAML group
### Example: https://example.edu/pdns-admin
#SAML_GROUP_ADMIN_NAME = 'powerdns-admin'
## Attribute to get group to account mappings from
### Default: None
### If set, the user will be added and removed from accounts to match
### what's in the login assertion if they are in the required group
#SAML_GROUP_TO_ACCOUNT_MAPPING = 'dev-admins=dev,prod-admins=prod'
## Attribute to get account names from ## Attribute to get account names from
### Default: Don't control accounts with SAML attribute ### Default: Don't control accounts with SAML attribute
### If set, the user will be added and removed from accounts to match ### If set, the user will be added and removed from accounts to match
@ -88,6 +110,11 @@ SAML_SP_CONTACT_MAIL = '<contact mail>'
#Configures if SAML tokens should be encrypted. #Configures if SAML tokens should be encrypted.
#If enabled a new app certificate will be generated on restart #If enabled a new app certificate will be generated on restart
SAML_SIGN_REQUEST = False SAML_SIGN_REQUEST = False
# Configures if you want to request the IDP to sign the message
# Default is True
#SAML_WANT_MESSAGE_SIGNED = True
#Use SAML standard logout mechanism retrieved from idp metadata #Use SAML standard logout mechanism retrieved from idp metadata
#If configured false don't care about SAML session on logout. #If configured false don't care about SAML session on logout.
#Logout from PowerDNS-Admin only and keep SAML session authenticated. #Logout from PowerDNS-Admin only and keep SAML session authenticated.

View File

@ -69,6 +69,12 @@ SAML_METADATA_CACHE_LIFETIME = 1
### Example: urn:oid:2.5.4.4 ### Example: urn:oid:2.5.4.4
#SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4' #SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4'
## Split into Given name and Surname
## Useful if your IDP only gives a display name
### Default: none
### Example: http://schemas.microsoft.com/identity/claims/displayname
#SAML_ATTRIBUTE_NAME = 'http://schemas.microsoft.com/identity/claims/displayname'
## Attribute to use for username ## Attribute to use for username
### Default: Use NameID instead ### Default: Use NameID instead
### Example: urn:oid:0.9.2342.19200300.100.1.1 ### Example: urn:oid:0.9.2342.19200300.100.1.1
@ -82,6 +88,22 @@ SAML_METADATA_CACHE_LIFETIME = 1
### the user is set as a non-administrator user. ### the user is set as a non-administrator user.
#SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin' #SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
## Attribute to get group from
### Default: Don't use groups from SAML attribute
### Example: https://example.edu/pdns-admin-group
#SAML_ATTRIBUTE_GROUP = 'https://example.edu/pdns-admin'
## Group namem to get admin status from
### Default: Don't control admin with SAML group
### Example: https://example.edu/pdns-admin
#SAML_GROUP_ADMIN_NAME = 'powerdns-admin'
## Attribute to get group to account mappings from
### Default: None
### If set, the user will be added and removed from accounts to match
### what's in the login assertion if they are in the required group
#SAML_GROUP_TO_ACCOUNT_MAPPING = 'dev-admins=dev,prod-admins=prod'
## Attribute to get account names from ## Attribute to get account names from
### Default: Don't control accounts with SAML attribute ### Default: Don't control accounts with SAML attribute
### If set, the user will be added and removed from accounts to match ### If set, the user will be added and removed from accounts to match
@ -95,6 +117,11 @@ SAML_SP_CONTACT_MAIL = '<contact mail>'
#Configures if SAML tokens should be encrypted. #Configures if SAML tokens should be encrypted.
#If enabled a new app certificate will be generated on restart #If enabled a new app certificate will be generated on restart
SAML_SIGN_REQUEST = False SAML_SIGN_REQUEST = False
# Configures if you want to request the IDP to sign the message
# Default is True
#SAML_WANT_MESSAGE_SIGNED = True
#Use SAML standard logout mechanism retrieved from idp metadata #Use SAML standard logout mechanism retrieved from idp metadata
#If configured false don't care about SAML session on logout. #If configured false don't care about SAML session on logout.
#Logout from PowerDNS-Admin only and keep SAML session authenticated. #Logout from PowerDNS-Admin only and keep SAML session authenticated.