From a581aa3cf230d03908480a70519b63ccebbe5363 Mon Sep 17 00:00:00 2001 From: Attila DEBRECZENI <9527748+Atisom@users.noreply.github.com> Date: Wed, 25 Mar 2020 21:35:20 +0000 Subject: [PATCH] add SAML_ASSERTION_ENCRYPTED envrionment --- configs/development.py | 2 ++ configs/docker_config.py | 2 ++ powerdnsadmin/default_config.py | 1 + powerdnsadmin/services/saml.py | 3 ++- 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/configs/development.py b/configs/development.py index b793995..b2351e4 100644 --- a/configs/development.py +++ b/configs/development.py @@ -138,3 +138,5 @@ SAML_ENABLED = False # #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout # #for example redirect to google.com after successful saml logout # #SAML_LOGOUT_URL = 'https://google.com' + +# #SAML_ASSERTION_ENCRYPTED = True diff --git a/configs/docker_config.py b/configs/docker_config.py index b4869b4..0f5f8c8 100644 --- a/configs/docker_config.py +++ b/configs/docker_config.py @@ -43,6 +43,7 @@ legal_envvars = ( 'SAML_WANT_MESSAGE_SIGNED', 'SAML_LOGOUT', 'SAML_LOGOUT_URL', + 'SAML_ASSERTION_ENCRYPTED', ) legal_envvars_int = ('PORT', 'MAIL_PORT', 'SAML_METADATA_CACHE_LIFETIME') @@ -58,6 +59,7 @@ legal_envvars_bool = ( 'SAML_SIGN_REQUEST', 'SAML_WANT_MESSAGE_SIGNED', 'SAML_LOGOUT', + 'SAML_ASSERTION_ENCRYPTED', ) # import everything from environment variables diff --git a/powerdnsadmin/default_config.py b/powerdnsadmin/default_config.py index b6f45ad..474d3b4 100644 --- a/powerdnsadmin/default_config.py +++ b/powerdnsadmin/default_config.py @@ -23,3 +23,4 @@ SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_ # SAML Authnetication SAML_ENABLED = False +SAML_ASSERTION_ENCRYPTED = True \ No newline at end of file diff --git a/powerdnsadmin/services/saml.py b/powerdnsadmin/services/saml.py index 1114817..b108a71 100644 --- a/powerdnsadmin/services/saml.py +++ b/powerdnsadmin/services/saml.py @@ -161,7 +161,8 @@ class SAML(object): settings['security']['requestedAuthnContext'] = True settings['security'][ 'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' - settings['security']['wantAssertionsEncrypted'] = True + settings['security']['wantAssertionsEncrypted'] = current_app.config[ + 'SAML_ASSERTION_ENCRYPTED'] settings['security']['wantAttributeStatement'] = True settings['security']['wantNameId'] = True settings['security']['authnRequestsSigned'] = current_app.config[