cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-09-19 14:59:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

SAML improvements for Docker (#929)

Browse Source 
* Fix typo in managing user account membership with SAML assertion

* Support more config options from Docker env.

* Improve support for SAML key and cert from Docker secrets

Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
This commit is contained in:
Ian Bobbitt 2021-05-07 17:36:55 -04:00 committed by GitHub
parent b66b37ecfd
commit 39cddd3b34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
configs/docker_config.py
View File

@ -48,6 +48,11 @@ legal_envvars = (
'OFFLINE_MODE', 'OFFLINE_MODE',
'REMOTE_USER_LOGOUT_URL', 'REMOTE_USER_LOGOUT_URL',
'REMOTE_USER_COOKIES', 'REMOTE_USER_COOKIES',
'SIGNUP_ENABLED',
'LOCAL_DB_ENABLED',
'LDAP_ENABLED',
'SAML_CERT',
'SAML_KEY',
'FILESYSTEM_SESSIONS_ENABLED' 'FILESYSTEM_SESSIONS_ENABLED'
) )
@ -67,6 +72,9 @@ legal_envvars_bool = (
'SAML_ASSERTION_ENCRYPTED', 'SAML_ASSERTION_ENCRYPTED',
'OFFLINE_MODE', 'OFFLINE_MODE',
'REMOTE_USER_ENABLED', 'REMOTE_USER_ENABLED',
'SIGNUP_ENABLED',
'LOCAL_DB_ENABLED',
'LDAP_ENABLED',
'FILESYSTEM_SESSIONS_ENABLED' 'FILESYSTEM_SESSIONS_ENABLED'
) )

2
powerdnsadmin/routes/index.py
View File

@ -943,7 +943,7 @@ def saml_authorized():
else: else:
user_groups = [] user_groups = []
if admin_attribute_name or group_attribute_name: if admin_attribute_name or group_attribute_name:
user_accounts = set(user.get_account()) user_accounts = set(user.get_accounts())
saml_accounts = [] saml_accounts = []
for group_mapping in group_to_account_mapping: for group_mapping in group_to_account_mapping:
mapping = group_mapping.split('=') mapping = group_mapping.split('=')

6
powerdnsadmin/services/saml.py
View File

@ -104,10 +104,10 @@ class SAML(object):
settings['sp']['entityId'] = current_app.config['SAML_SP_ENTITY_ID'] settings['sp']['entityId'] = current_app.config['SAML_SP_ENTITY_ID']
if ('SAML_CERT_FILE' in current_app.config) and ('SAML_KEY_FILE' in current_app.config): if ('SAML_CERT' in current_app.config) and ('SAML_KEY' in current_app.config):
saml_cert_file = current_app.config['SAML_CERT_FILE'] saml_cert_file = current_app.config['SAML_CERT']
saml_key_file = current_app.config['SAML_KEY_FILE'] saml_key_file = current_app.config['SAML_KEY']
if os.path.isfile(saml_cert_file): if os.path.isfile(saml_cert_file):
cert = open(saml_cert_file, "r").readlines() cert = open(saml_cert_file, "r").readlines()