mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-28 14:05:41 +00:00
added standard SAML logout method using metadata
This commit is contained in:
parent
049a8a4547
commit
60086d5d15
32
app/views.py
32
app/views.py
@ -380,18 +380,38 @@ def login():
|
|||||||
error = e.message['desc'] if 'desc' in e.message else e
|
error = e.message['desc'] if 'desc' in e.message else e
|
||||||
return render_template('register.html', error=error)
|
return render_template('register.html', error=error)
|
||||||
|
|
||||||
@app.route('/logout')
|
def clear_session():
|
||||||
def logout():
|
|
||||||
session.pop('user_id', None)
|
session.pop('user_id', None)
|
||||||
session.pop('github_token', None)
|
session.pop('github_token', None)
|
||||||
session.pop('google_token', None)
|
session.pop('google_token', None)
|
||||||
session.clear()
|
session.clear()
|
||||||
logout_user()
|
logout_user()
|
||||||
if app.config.get('SAML_LOGOUT_REDIRECT'):
|
|
||||||
return redirect(app.config.get('SAML_LOGOUT_REDIRECT'))
|
|
||||||
else:
|
|
||||||
return redirect(url_for('login'))
|
|
||||||
|
|
||||||
|
@app.route('/logout')
|
||||||
|
def logout():
|
||||||
|
if app.config.get('SAML_ENABLED') and session['samlSessionIndex'] and app.config.get('SAML_LOGOUT'):
|
||||||
|
req = utils.prepare_flask_request(request)
|
||||||
|
auth = utils.init_saml_auth(req)
|
||||||
|
if app.config.get('SAML_LOGOUT_URL'):
|
||||||
|
return auth.logout(redirect_url = app.config.get('SAML_LOGOUT_URL'))
|
||||||
|
return auth.logout()
|
||||||
|
clear_session()
|
||||||
|
redirect_url = url_for('login')
|
||||||
|
return redirect(url_for('login'))
|
||||||
|
|
||||||
|
@app.route('/saml/sls')
|
||||||
|
def saml_logout():
|
||||||
|
req = utils.prepare_flask_request(request)
|
||||||
|
auth = utils.init_saml_auth(req)
|
||||||
|
url = auth.process_slo(delete_session_cb=clear_session())
|
||||||
|
errors = auth.get_errors()
|
||||||
|
if len(errors) == 0:
|
||||||
|
if url is not None:
|
||||||
|
return redirect(url)
|
||||||
|
else:
|
||||||
|
return redirect(url_for('index'))
|
||||||
|
else:
|
||||||
|
return render_template('errors/SAML.html', errors=errors)
|
||||||
|
|
||||||
@app.route('/dashboard', methods=['GET', 'POST'])
|
@app.route('/dashboard', methods=['GET', 'POST'])
|
||||||
@login_required
|
@login_required
|
||||||
|
@ -92,8 +92,13 @@ SAML_METADATA_CACHE_LIFETIME = 1
|
|||||||
SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
|
SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
|
||||||
SAML_SP_CONTACT_NAME = '<contact name>'
|
SAML_SP_CONTACT_NAME = '<contact name>'
|
||||||
SAML_SP_CONTACT_MAIL = '<contact mail>'
|
SAML_SP_CONTACT_MAIL = '<contact mail>'
|
||||||
## uncomment to redirect to the given URL on logout
|
#Use SAML standard logout mechanism retreived from idp metadata
|
||||||
# SAML_LOGOUT_REDIRECT = 'https://<idp>/logout'
|
#If configured false don't care about SAML session on logout.
|
||||||
|
#Logout from PowerDNS-Admin only and keep SAML session authenticated.
|
||||||
|
SAML_LOGOUT = False
|
||||||
|
#Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
|
||||||
|
#for example redirect to google.com after successful saml logout
|
||||||
|
#SAML_LOGOUT_URL = 'https://google.com'
|
||||||
|
|
||||||
#Default Auth
|
#Default Auth
|
||||||
BASIC_ENABLED = True
|
BASIC_ENABLED = True
|
||||||
|
Loading…
Reference in New Issue
Block a user