added SAML auth basics and metadata

app/lib/utils.py

@@ -8,6 +8,9 @@ import hashlib
 from app import app
 from distutils.version import StrictVersion
 
+from onelogin.saml2.auth import OneLogin_Saml2_Auth
+from onelogin.saml2.utils import OneLogin_Saml2_Utils
+
 if 'TIMEOUT' in app.config.keys():
     TIMEOUT = app.config['TIMEOUT']
 else:
@@ -159,3 +162,17 @@ def email_to_gravatar_url(email, size=100):
 
     hash_string = hashlib.md5(email).hexdigest()
     return "https://s.gravatar.com/avatar/%s?s=%s" % (hash_string, size)
+
+def prepare_flask_request(request):
+    url_data = urlparse.urlparse(request.url)
+    return {
+        'http_host': request.host,
+        'server_port': url_data.port,
+        'script_name': request.path,
+        'get_data': request.args.copy(),
+        'post_data': request.form.copy()
+    }
+
+def init_saml_auth(req):
+    auth = OneLogin_Saml2_Auth(req, custom_base_path=app.config['SAML_PATH'])
+    return auth

app/templates/login.html

@@ -98,11 +98,16 @@
         <!-- /.col -->
       </div>
     </form>
+    {% if saml_enabled %}
+    <br>
+    <a href="{{ url_for('saml_login') }}">SAML login</a>
+    {% endif %}
     {% if github_enabled %}
+    <br>
     <a href="{{ url_for('github_login') }}">Github oauth login</a>
     {% endif %}
-    <br>
     {% if signup_enabled %}
+    <br>
     <a href="{{ url_for('register') }}" class="text-center">Create an account </a>
     {% endif %}
   </div>

app/views.py

@@ -20,6 +20,8 @@ from .models import User, Domain, Record, Server, History, Anonymous, Setting, D
 from app import app, login_manager, github
 from lib import utils
 
+from onelogin.saml2.auth import OneLogin_Saml2_Auth
+from onelogin.saml2.utils import OneLogin_Saml2_Utils
 
 jinja2.filters.FILTERS['display_record_name'] = utils.display_record_name
 jinja2.filters.FILTERS['display_master_name'] = utils.display_master_name
@@ -166,6 +168,27 @@ def github_login():
         return abort(400)
     return github.authorize(callback=url_for('authorized', _external=True))
 
+@app.route('/saml/login')
+def saml_login():
+    if not app.config.get('SAML_ENABLED'):
+        return abort(400)
+    return abort(400)
+
+@app.route('/saml/metadata/')
+def saml_metadata():
+    req = utils.prepare_flask_request(request)
+    auth = utils.init_saml_auth(req)
+    settings = auth.get_settings()
+    metadata = settings.get_sp_metadata()
+    errors = settings.validate_metadata(metadata)
+
+    if len(errors) == 0:
+        resp = make_response(metadata, 200)
+        resp.headers['Content-Type'] = 'text/xml'
+    else:
+        resp = make_response(errors.join(', '), 500)
+    return resp
+
 @app.route('/login', methods=['GET', 'POST'])
 @login_manager.unauthorized_handler
 def login():
@@ -175,6 +198,7 @@ def login():
     BASIC_ENABLED = app.config['BASIC_ENABLED']
     SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
     GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE')
+    SAML_ENABLED = app.config.get('SAML_ENABLED')
 
     if g.user is not None and current_user.is_authenticated:
         return redirect(url_for('dashboard'))
@@ -197,6 +221,7 @@ def login():
     if request.method == 'GET':
         return render_template('login.html',
                                github_enabled=GITHUB_ENABLE,
+                               saml_enabled=SAML_ENABLED,
                                ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
                                basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
 

config_template.py

@@ -65,6 +65,9 @@ GITHUB_OAUTH_URL = 'http://127.0.0.1:5000/api/v3/'
 GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
 GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
 
+# SAML Authnetication
+SAML_ENABLED = True
+
 #Default Auth
 BASIC_ENABLED = True
 SIGNUP_ENABLED = True