mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-09 15:10:27 +00:00
commit
452c4a02d8
@ -138,3 +138,5 @@ SAML_ENABLED = False
|
|||||||
# #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
|
# #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
|
||||||
# #for example redirect to google.com after successful saml logout
|
# #for example redirect to google.com after successful saml logout
|
||||||
# #SAML_LOGOUT_URL = 'https://google.com'
|
# #SAML_LOGOUT_URL = 'https://google.com'
|
||||||
|
|
||||||
|
# #SAML_ASSERTION_ENCRYPTED = True
|
||||||
|
@ -43,6 +43,7 @@ legal_envvars = (
|
|||||||
'SAML_WANT_MESSAGE_SIGNED',
|
'SAML_WANT_MESSAGE_SIGNED',
|
||||||
'SAML_LOGOUT',
|
'SAML_LOGOUT',
|
||||||
'SAML_LOGOUT_URL',
|
'SAML_LOGOUT_URL',
|
||||||
|
'SAML_ASSERTION_ENCRYPTED',
|
||||||
)
|
)
|
||||||
|
|
||||||
legal_envvars_int = ('PORT', 'MAIL_PORT', 'SAML_METADATA_CACHE_LIFETIME')
|
legal_envvars_int = ('PORT', 'MAIL_PORT', 'SAML_METADATA_CACHE_LIFETIME')
|
||||||
@ -58,6 +59,7 @@ legal_envvars_bool = (
|
|||||||
'SAML_SIGN_REQUEST',
|
'SAML_SIGN_REQUEST',
|
||||||
'SAML_WANT_MESSAGE_SIGNED',
|
'SAML_WANT_MESSAGE_SIGNED',
|
||||||
'SAML_LOGOUT',
|
'SAML_LOGOUT',
|
||||||
|
'SAML_ASSERTION_ENCRYPTED',
|
||||||
)
|
)
|
||||||
|
|
||||||
# import everything from environment variables
|
# import everything from environment variables
|
||||||
|
@ -23,3 +23,4 @@ SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_
|
|||||||
|
|
||||||
# SAML Authnetication
|
# SAML Authnetication
|
||||||
SAML_ENABLED = False
|
SAML_ENABLED = False
|
||||||
|
SAML_ASSERTION_ENCRYPTED = True
|
@ -722,6 +722,7 @@ def saml_authorized():
|
|||||||
req = saml.prepare_flask_request(request)
|
req = saml.prepare_flask_request(request)
|
||||||
auth = saml.init_saml_auth(req)
|
auth = saml.init_saml_auth(req)
|
||||||
auth.process_response()
|
auth.process_response()
|
||||||
|
current_app.logger.debug( auth.get_attributes() )
|
||||||
errors = auth.get_errors()
|
errors = auth.get_errors()
|
||||||
if len(errors) == 0:
|
if len(errors) == 0:
|
||||||
session['samlUserdata'] = auth.get_attributes()
|
session['samlUserdata'] = auth.get_attributes()
|
||||||
|
@ -161,7 +161,8 @@ class SAML(object):
|
|||||||
settings['security']['requestedAuthnContext'] = True
|
settings['security']['requestedAuthnContext'] = True
|
||||||
settings['security'][
|
settings['security'][
|
||||||
'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
||||||
settings['security']['wantAssertionsEncrypted'] = True
|
settings['security']['wantAssertionsEncrypted'] = current_app.config.get(
|
||||||
|
'SAML_ASSERTION_ENCRYPTED', True)
|
||||||
settings['security']['wantAttributeStatement'] = True
|
settings['security']['wantAttributeStatement'] = True
|
||||||
settings['security']['wantNameId'] = True
|
settings['security']['wantNameId'] = True
|
||||||
settings['security']['authnRequestsSigned'] = current_app.config[
|
settings['security']['authnRequestsSigned'] = current_app.config[
|
||||||
|
Loading…
Reference in New Issue
Block a user