mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-08 22:50:26 +00:00
Merge remote-tracking branch 'Neven1986/saml_requested_attrs'
This commit is contained in:
commit
1ea460fc71
@ -44,6 +44,30 @@ SAML_ENABLED = False
|
||||
# ### Example: urn:oid:0.9.2342.19200300.100.1.1
|
||||
# #SAML_NAMEID_FORMAT = 'urn:oid:0.9.2342.19200300.100.1.1'
|
||||
|
||||
# Following parameter defines RequestedAttributes section in SAML metadata
|
||||
# since certain iDPs require explicit attribute request. If not provided section
|
||||
# will not be available in metadata.
|
||||
#
|
||||
# Possible attributes:
|
||||
# name (mandatory), nameFormat, isRequired, friendlyName
|
||||
#
|
||||
# NOTE: This parameter requires to be entered in valid JSON format as displayed below
|
||||
# and multiple attributes can given
|
||||
#
|
||||
# Following example:
|
||||
#
|
||||
# SAML_SP_REQUESTED_ATTRIBUTES = '[ \
|
||||
# {"name": "urn:oid:0.9.2342.19200300.100.1.3", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "isRequired": true, "friendlyName": "email"}, \
|
||||
# {"name": "mail", "isRequired": false, "friendlyName": "test-field"} \
|
||||
# ]'
|
||||
#
|
||||
# produces following metadata section:
|
||||
# <md:AttributeConsumingService index="1">
|
||||
# <md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email" isRequired="true"/>
|
||||
# <md:RequestedAttribute Name="mail" FriendlyName="test-field"/>
|
||||
# </md:AttributeConsumingService>
|
||||
|
||||
|
||||
# ## Attribute to use for Email address
|
||||
# ### Default: email
|
||||
# ### Example: urn:oid:0.9.2342.19200300.100.1.3
|
||||
|
@ -1,6 +1,7 @@
|
||||
from datetime import datetime, timedelta
|
||||
from threading import Thread
|
||||
from flask import current_app
|
||||
import json
|
||||
import os
|
||||
|
||||
from ..lib.certutil import KEY_FILE, CERT_FILE, create_self_signed_cert
|
||||
@ -117,22 +118,34 @@ class SAML(object):
|
||||
|
||||
else:
|
||||
|
||||
create_self_signed_cert()
|
||||
|
||||
if os.path.isfile(CERT_FILE):
|
||||
if (os.path.isfile(CERT_FILE)) and (os.path.isfile(KEY_FILE)):
|
||||
cert = open(CERT_FILE, "r").readlines()
|
||||
settings['sp']['x509cert'] = "".join(cert)
|
||||
if os.path.isfile(KEY_FILE):
|
||||
key = open(KEY_FILE, "r").readlines()
|
||||
else:
|
||||
create_self_signed_cert()
|
||||
cert = open(CERT_FILE, "r").readlines()
|
||||
key = open(KEY_FILE, "r").readlines()
|
||||
|
||||
settings['sp']['x509cert'] = "".join(cert)
|
||||
settings['sp']['privateKey'] = "".join(key)
|
||||
|
||||
|
||||
if 'SAML_SP_REQUESTED_ATTRIBUTES' in current_app.config:
|
||||
saml_req_attr = json.loads(current_app.config['SAML_SP_REQUESTED_ATTRIBUTES'])
|
||||
settings['sp']['attributeConsumingService'] = {
|
||||
"serviceName": "PowerDNSAdmin",
|
||||
"serviceDescription": "PowerDNS-Admin - PowerDNS administration utility",
|
||||
"requestedAttributes": saml_req_attr
|
||||
}
|
||||
else:
|
||||
settings['sp']['attributeConsumingService'] = {}
|
||||
|
||||
|
||||
settings['sp']['assertionConsumerService'] = {}
|
||||
settings['sp']['assertionConsumerService'][
|
||||
'binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
|
||||
settings['sp']['assertionConsumerService'][
|
||||
'url'] = own_url + '/saml/authorized'
|
||||
settings['sp']['attributeConsumingService'] = {}
|
||||
settings['sp']['singleLogoutService'] = {}
|
||||
settings['sp']['singleLogoutService'][
|
||||
'binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
||||
|
Loading…
Reference in New Issue
Block a user