Merge pull request #690 from Atisom/master

SAML debug attributes
This commit is contained in:
Khanh Ngo 2020-04-06 09:40:03 +07:00 committed by GitHub
commit 452c4a02d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 8 additions and 1 deletions

View File

@ -138,3 +138,5 @@ SAML_ENABLED = False
# #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout # #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
# #for example redirect to google.com after successful saml logout # #for example redirect to google.com after successful saml logout
# #SAML_LOGOUT_URL = 'https://google.com' # #SAML_LOGOUT_URL = 'https://google.com'
# #SAML_ASSERTION_ENCRYPTED = True

View File

@ -43,6 +43,7 @@ legal_envvars = (
'SAML_WANT_MESSAGE_SIGNED', 'SAML_WANT_MESSAGE_SIGNED',
'SAML_LOGOUT', 'SAML_LOGOUT',
'SAML_LOGOUT_URL', 'SAML_LOGOUT_URL',
'SAML_ASSERTION_ENCRYPTED',
) )
legal_envvars_int = ('PORT', 'MAIL_PORT', 'SAML_METADATA_CACHE_LIFETIME') legal_envvars_int = ('PORT', 'MAIL_PORT', 'SAML_METADATA_CACHE_LIFETIME')
@ -58,6 +59,7 @@ legal_envvars_bool = (
'SAML_SIGN_REQUEST', 'SAML_SIGN_REQUEST',
'SAML_WANT_MESSAGE_SIGNED', 'SAML_WANT_MESSAGE_SIGNED',
'SAML_LOGOUT', 'SAML_LOGOUT',
'SAML_ASSERTION_ENCRYPTED',
) )
# import everything from environment variables # import everything from environment variables

View File

@ -23,3 +23,4 @@ SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_
# SAML Authnetication # SAML Authnetication
SAML_ENABLED = False SAML_ENABLED = False
SAML_ASSERTION_ENCRYPTED = True

View File

@ -722,6 +722,7 @@ def saml_authorized():
req = saml.prepare_flask_request(request) req = saml.prepare_flask_request(request)
auth = saml.init_saml_auth(req) auth = saml.init_saml_auth(req)
auth.process_response() auth.process_response()
current_app.logger.debug( auth.get_attributes() )
errors = auth.get_errors() errors = auth.get_errors()
if len(errors) == 0: if len(errors) == 0:
session['samlUserdata'] = auth.get_attributes() session['samlUserdata'] = auth.get_attributes()

View File

@ -161,7 +161,8 @@ class SAML(object):
settings['security']['requestedAuthnContext'] = True settings['security']['requestedAuthnContext'] = True
settings['security'][ settings['security'][
'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' 'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
settings['security']['wantAssertionsEncrypted'] = True settings['security']['wantAssertionsEncrypted'] = current_app.config.get(
'SAML_ASSERTION_ENCRYPTED', True)
settings['security']['wantAttributeStatement'] = True settings['security']['wantAttributeStatement'] = True
settings['security']['wantNameId'] = True settings['security']['wantNameId'] = True
settings['security']['authnRequestsSigned'] = current_app.config[ settings['security']['authnRequestsSigned'] = current_app.config[