From 39cddd3b348d49b6cc9e40bd1bb32229f8a0838f Mon Sep 17 00:00:00 2001 From: Ian Bobbitt Date: Fri, 7 May 2021 17:36:55 -0400 Subject: [PATCH] SAML improvements for Docker (#929) * Fix typo in managing user account membership with SAML assertion * Support more config options from Docker env. * Improve support for SAML key and cert from Docker secrets Co-authored-by: Ian Bobbitt --- configs/docker_config.py | 8 ++++++++ powerdnsadmin/routes/index.py | 2 +- powerdnsadmin/services/saml.py | 6 +++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/configs/docker_config.py b/configs/docker_config.py index 1723556..d06f220 100644 --- a/configs/docker_config.py +++ b/configs/docker_config.py @@ -48,6 +48,11 @@ legal_envvars = ( 'OFFLINE_MODE', 'REMOTE_USER_LOGOUT_URL', 'REMOTE_USER_COOKIES', + 'SIGNUP_ENABLED', + 'LOCAL_DB_ENABLED', + 'LDAP_ENABLED', + 'SAML_CERT', + 'SAML_KEY', 'FILESYSTEM_SESSIONS_ENABLED' ) @@ -67,6 +72,9 @@ legal_envvars_bool = ( 'SAML_ASSERTION_ENCRYPTED', 'OFFLINE_MODE', 'REMOTE_USER_ENABLED', + 'SIGNUP_ENABLED', + 'LOCAL_DB_ENABLED', + 'LDAP_ENABLED', 'FILESYSTEM_SESSIONS_ENABLED' ) diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py index 847c5b7..f1ddb6b 100644 --- a/powerdnsadmin/routes/index.py +++ b/powerdnsadmin/routes/index.py @@ -943,7 +943,7 @@ def saml_authorized(): else: user_groups = [] if admin_attribute_name or group_attribute_name: - user_accounts = set(user.get_account()) + user_accounts = set(user.get_accounts()) saml_accounts = [] for group_mapping in group_to_account_mapping: mapping = group_mapping.split('=') diff --git a/powerdnsadmin/services/saml.py b/powerdnsadmin/services/saml.py index 8fbeb1e..40c97bf 100644 --- a/powerdnsadmin/services/saml.py +++ b/powerdnsadmin/services/saml.py @@ -104,10 +104,10 @@ class SAML(object): settings['sp']['entityId'] = current_app.config['SAML_SP_ENTITY_ID'] - if ('SAML_CERT_FILE' in current_app.config) and ('SAML_KEY_FILE' in current_app.config): + if ('SAML_CERT' in current_app.config) and ('SAML_KEY' in current_app.config): - saml_cert_file = current_app.config['SAML_CERT_FILE'] - saml_key_file = current_app.config['SAML_KEY_FILE'] + saml_cert_file = current_app.config['SAML_CERT'] + saml_key_file = current_app.config['SAML_KEY'] if os.path.isfile(saml_cert_file): cert = open(saml_cert_file, "r").readlines()