Merge remote-tracking branch 'Neven1986/saml_requested_attrs'

This commit is contained in:
Khanh Ngo 2019-12-20 21:08:06 +07:00
commit 1ea460fc71
2 changed files with 44 additions and 7 deletions

View File

@ -44,6 +44,30 @@ SAML_ENABLED = False
# ### Example: urn:oid:0.9.2342.19200300.100.1.1
# #SAML_NAMEID_FORMAT = 'urn:oid:0.9.2342.19200300.100.1.1'
# Following parameter defines RequestedAttributes section in SAML metadata
# since certain iDPs require explicit attribute request. If not provided section
# will not be available in metadata.
#
# Possible attributes:
# name (mandatory), nameFormat, isRequired, friendlyName
#
# NOTE: This parameter requires to be entered in valid JSON format as displayed below
# and multiple attributes can given
#
# Following example:
#
# SAML_SP_REQUESTED_ATTRIBUTES = '[ \
# {"name": "urn:oid:0.9.2342.19200300.100.1.3", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "isRequired": true, "friendlyName": "email"}, \
# {"name": "mail", "isRequired": false, "friendlyName": "test-field"} \
# ]'
#
# produces following metadata section:
# <md:AttributeConsumingService index="1">
# <md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email" isRequired="true"/>
# <md:RequestedAttribute Name="mail" FriendlyName="test-field"/>
# </md:AttributeConsumingService>
# ## Attribute to use for Email address
# ### Default: email
# ### Example: urn:oid:0.9.2342.19200300.100.1.3

View File

@ -1,6 +1,7 @@
from datetime import datetime, timedelta
from threading import Thread
from flask import current_app
import json
import os
from ..lib.certutil import KEY_FILE, CERT_FILE, create_self_signed_cert
@ -117,22 +118,34 @@ class SAML(object):
else:
create_self_signed_cert()
if os.path.isfile(CERT_FILE):
if (os.path.isfile(CERT_FILE)) and (os.path.isfile(KEY_FILE)):
cert = open(CERT_FILE, "r").readlines()
settings['sp']['x509cert'] = "".join(cert)
if os.path.isfile(KEY_FILE):
key = open(KEY_FILE, "r").readlines()
else:
create_self_signed_cert()
cert = open(CERT_FILE, "r").readlines()
key = open(KEY_FILE, "r").readlines()
settings['sp']['x509cert'] = "".join(cert)
settings['sp']['privateKey'] = "".join(key)
if 'SAML_SP_REQUESTED_ATTRIBUTES' in current_app.config:
saml_req_attr = json.loads(current_app.config['SAML_SP_REQUESTED_ATTRIBUTES'])
settings['sp']['attributeConsumingService'] = {
"serviceName": "PowerDNSAdmin",
"serviceDescription": "PowerDNS-Admin - PowerDNS administration utility",
"requestedAttributes": saml_req_attr
}
else:
settings['sp']['attributeConsumingService'] = {}
settings['sp']['assertionConsumerService'] = {}
settings['sp']['assertionConsumerService'][
'binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
settings['sp']['assertionConsumerService'][
'url'] = own_url + '/saml/authorized'
settings['sp']['attributeConsumingService'] = {}
settings['sp']['singleLogoutService'] = {}
settings['sp']['singleLogoutService'][
'binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'