From 8c85e80c2b330062e8c51b38372544e219abdea4 Mon Sep 17 00:00:00 2001 From: pixelrebel Date: Thu, 19 May 2022 20:36:28 -0700 Subject: [PATCH] Add SAML_ATTRIBUTE_GROUP and SAML_GROUP_ADMIN_NAME to the development config, with instructions for use --- configs/development.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/configs/development.py b/configs/development.py index a867812..f1768d2 100644 --- a/configs/development.py +++ b/configs/development.py @@ -120,6 +120,16 @@ SAML_ENABLED = False # ### be created and the user added to them. # SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account' +# ## Attribute name that aggregates group names +# ### Default: Don't collect IdP groups from SAML group attributes +# ### In Okta, you can assign administrators by group using "Group Attribute Statements." +# ### In this case, the SAML_ATTRIBUTE_GROUP will be the attribute name for a collection of +# ### groups passed in the SAML assertion. From there, you can specify a SAML_GROUP_ADMIN_NAME. +# ### If the user is a member of this group, and that group name is included in the collection, +# ### the user will be set as an administrator. +# #SAML_ATTRIBUTE_GROUP = 'https://example.edu/pdns-groups' +# #SAML_GROUP_ADMIN_NAME = 'PowerDNSAdmin-Administrators' + # SAML_SP_ENTITY_ID = 'http://' # SAML_SP_CONTACT_NAME = '' # SAML_SP_CONTACT_MAIL = ''