mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-04 19:15:30 +00:00
SAML improvements for Docker (#929)
* Fix typo in managing user account membership with SAML assertion * Support more config options from Docker env. * Improve support for SAML key and cert from Docker secrets Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
This commit is contained in:
parent
b66b37ecfd
commit
39cddd3b34
@ -48,6 +48,11 @@ legal_envvars = (
|
||||
'OFFLINE_MODE',
|
||||
'REMOTE_USER_LOGOUT_URL',
|
||||
'REMOTE_USER_COOKIES',
|
||||
'SIGNUP_ENABLED',
|
||||
'LOCAL_DB_ENABLED',
|
||||
'LDAP_ENABLED',
|
||||
'SAML_CERT',
|
||||
'SAML_KEY',
|
||||
'FILESYSTEM_SESSIONS_ENABLED'
|
||||
)
|
||||
|
||||
@ -67,6 +72,9 @@ legal_envvars_bool = (
|
||||
'SAML_ASSERTION_ENCRYPTED',
|
||||
'OFFLINE_MODE',
|
||||
'REMOTE_USER_ENABLED',
|
||||
'SIGNUP_ENABLED',
|
||||
'LOCAL_DB_ENABLED',
|
||||
'LDAP_ENABLED',
|
||||
'FILESYSTEM_SESSIONS_ENABLED'
|
||||
)
|
||||
|
||||
|
@ -943,7 +943,7 @@ def saml_authorized():
|
||||
else:
|
||||
user_groups = []
|
||||
if admin_attribute_name or group_attribute_name:
|
||||
user_accounts = set(user.get_account())
|
||||
user_accounts = set(user.get_accounts())
|
||||
saml_accounts = []
|
||||
for group_mapping in group_to_account_mapping:
|
||||
mapping = group_mapping.split('=')
|
||||
|
@ -104,10 +104,10 @@ class SAML(object):
|
||||
settings['sp']['entityId'] = current_app.config['SAML_SP_ENTITY_ID']
|
||||
|
||||
|
||||
if ('SAML_CERT_FILE' in current_app.config) and ('SAML_KEY_FILE' in current_app.config):
|
||||
if ('SAML_CERT' in current_app.config) and ('SAML_KEY' in current_app.config):
|
||||
|
||||
saml_cert_file = current_app.config['SAML_CERT_FILE']
|
||||
saml_key_file = current_app.config['SAML_KEY_FILE']
|
||||
saml_cert_file = current_app.config['SAML_CERT']
|
||||
saml_key_file = current_app.config['SAML_KEY']
|
||||
|
||||
if os.path.isfile(saml_cert_file):
|
||||
cert = open(saml_cert_file, "r").readlines()
|
||||
|
Loading…
Reference in New Issue
Block a user