mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2025-01-07 19:05:39 +00:00
Merge pull request #1203 from pixelrebel/saml-fixes
Small fixes to SAML service
This commit is contained in:
commit
9d7d701cd9
@ -120,6 +120,16 @@ SAML_ENABLED = False
|
|||||||
# ### be created and the user added to them.
|
# ### be created and the user added to them.
|
||||||
# SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account'
|
# SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account'
|
||||||
|
|
||||||
|
# ## Attribute name that aggregates group names
|
||||||
|
# ### Default: Don't collect IdP groups from SAML group attributes
|
||||||
|
# ### In Okta, you can assign administrators by group using "Group Attribute Statements."
|
||||||
|
# ### In this case, the SAML_ATTRIBUTE_GROUP will be the attribute name for a collection of
|
||||||
|
# ### groups passed in the SAML assertion. From there, you can specify a SAML_GROUP_ADMIN_NAME.
|
||||||
|
# ### If the user is a member of this group, and that group name is included in the collection,
|
||||||
|
# ### the user will be set as an administrator.
|
||||||
|
# #SAML_ATTRIBUTE_GROUP = 'https://example.edu/pdns-groups'
|
||||||
|
# #SAML_GROUP_ADMIN_NAME = 'PowerDNSAdmin-Administrators'
|
||||||
|
|
||||||
# SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
|
# SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
|
||||||
# SAML_SP_CONTACT_NAME = '<contact name>'
|
# SAML_SP_CONTACT_NAME = '<contact name>'
|
||||||
# SAML_SP_CONTACT_MAIL = '<contact mail>'
|
# SAML_SP_CONTACT_MAIL = '<contact mail>'
|
||||||
@ -133,8 +143,8 @@ SAML_ENABLED = False
|
|||||||
# CAUTION: For production use, usage of self-signed certificates it's highly discouraged.
|
# CAUTION: For production use, usage of self-signed certificates it's highly discouraged.
|
||||||
# Use certificates from trusted CA instead
|
# Use certificates from trusted CA instead
|
||||||
# ###########################################################################################
|
# ###########################################################################################
|
||||||
# SAML_CERT_FILE = '/etc/pki/powerdns-admin/cert.crt'
|
# SAML_CERT = '/etc/pki/powerdns-admin/cert.crt'
|
||||||
# SAML_CERT_KEY = '/etc/pki/powerdns-admin/key.pem'
|
# SAML_KEY = '/etc/pki/powerdns-admin/key.pem'
|
||||||
|
|
||||||
# Configures if SAML tokens should be encrypted.
|
# Configures if SAML tokens should be encrypted.
|
||||||
# SAML_SIGN_REQUEST = False
|
# SAML_SIGN_REQUEST = False
|
||||||
@ -148,6 +158,10 @@ SAML_ENABLED = False
|
|||||||
|
|
||||||
# #SAML_ASSERTION_ENCRYPTED = True
|
# #SAML_ASSERTION_ENCRYPTED = True
|
||||||
|
|
||||||
|
# Some IdPs, like Okta, do not return Attribute Statements by default
|
||||||
|
# Set the following to False if you are using Okta and not manually configuring Attribute Statements
|
||||||
|
# #SAML_WANT_ATTRIBUTE_STATEMENT = True
|
||||||
|
|
||||||
# Remote authentication settings
|
# Remote authentication settings
|
||||||
|
|
||||||
# Whether to enable remote user authentication or not
|
# Whether to enable remote user authentication or not
|
||||||
|
@ -72,8 +72,9 @@ class SAML(object):
|
|||||||
def prepare_flask_request(self, request):
|
def prepare_flask_request(self, request):
|
||||||
# If server is behind proxys or balancers use the HTTP_X_FORWARDED fields
|
# If server is behind proxys or balancers use the HTTP_X_FORWARDED fields
|
||||||
url_data = urlparse(request.url)
|
url_data = urlparse(request.url)
|
||||||
|
proto = request.headers.get('HTTP_X_FORWARDED_PROTO', request.scheme)
|
||||||
return {
|
return {
|
||||||
'https': 'on' if request.scheme == 'https' else 'off',
|
'https': 'on' if proto == 'https' else 'off',
|
||||||
'http_host': request.host,
|
'http_host': request.host,
|
||||||
'server_port': url_data.port,
|
'server_port': url_data.port,
|
||||||
'script_name': request.path,
|
'script_name': request.path,
|
||||||
@ -163,7 +164,8 @@ class SAML(object):
|
|||||||
'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
||||||
settings['security']['wantAssertionsEncrypted'] = current_app.config.get(
|
settings['security']['wantAssertionsEncrypted'] = current_app.config.get(
|
||||||
'SAML_ASSERTION_ENCRYPTED', True)
|
'SAML_ASSERTION_ENCRYPTED', True)
|
||||||
settings['security']['wantAttributeStatement'] = True
|
settings['security']['wantAttributeStatement'] = current_app.config.get(
|
||||||
|
'SAML_WANT_ATTRIBUTE_STATEMENT', True)
|
||||||
settings['security']['wantNameId'] = True
|
settings['security']['wantNameId'] = True
|
||||||
settings['security']['authnRequestsSigned'] = current_app.config[
|
settings['security']['authnRequestsSigned'] = current_app.config[
|
||||||
'SAML_SIGN_REQUEST']
|
'SAML_SIGN_REQUEST']
|
||||||
|
Loading…
Reference in New Issue
Block a user