diff --git a/configs/development.py b/configs/development.py index 566fa11..82024c4 100644 --- a/configs/development.py +++ b/configs/development.py @@ -82,7 +82,7 @@ GOOGLE_AUTHORIZE_URL='https://accounts.google.com/o/oauth2/auth' GOOGLE_BASE_URL='https://www.googleapis.com/oauth2/v1/' -# SAML AUTHENTICATION +# SAML Authnetication SAML_ENABLED = False SAML_DEBUG = True SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml') @@ -90,6 +90,53 @@ SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml') SAML_METADATA_URL = 'https:///FederationMetadata/2007-06/FederationMetadata.xml' #Cache Lifetime in Seconds SAML_METADATA_CACHE_LIFETIME = 1 + +## EntityID of the IdP to use. Only needed if more than one IdP is +## in the SAML_METADATA_URL +### Default: First (only) IdP in the SAML_METADATA_URL +### Example: https://idp.example.edu/idp +#SAML_IDP_ENTITY_ID = 'https://idp.example.edu/idp' +## NameID format to request +### Default: The SAML NameID Format in the metadata if present, +### otherwise urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified +### Example: urn:oid:0.9.2342.19200300.100.1.1 +#SAML_NAMEID_FORMAT = 'urn:oid:0.9.2342.19200300.100.1.1' + +## Attribute to use for Email address +### Default: email +### Example: urn:oid:0.9.2342.19200300.100.1.3 +#SAML_ATTRIBUTE_EMAIL = 'urn:oid:0.9.2342.19200300.100.1.3' + +## Attribute to use for Given name +### Default: givenname +### Example: urn:oid:2.5.4.42 +#SAML_ATTRIBUTE_GIVENNAME = 'urn:oid:2.5.4.42' + +## Attribute to use for Surname +### Default: surname +### Example: urn:oid:2.5.4.4 +#SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4' + +## Attribute to use for username +### Default: Use NameID instead +### Example: urn:oid:0.9.2342.19200300.100.1.1 +#SAML_ATTRIBUTE_USERNAME = 'urn:oid:0.9.2342.19200300.100.1.1' + +## Attribute to get admin status from +### Default: Don't control admin with SAML attribute +### Example: https://example.edu/pdns-admin +### If set, look for the value 'true' to set a user as an administrator +### If not included in assertion, or set to something other than 'true', +### the user is set as a non-administrator user. +#SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin' + +## Attribute to get account names from +### Default: Don't control accounts with SAML attribute +### If set, the user will be added and removed from accounts to match +### what's in the login assertion. Accounts that don't exist will +### be created and the user added to them. +SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account' + SAML_SP_ENTITY_ID = 'http://' SAML_SP_CONTACT_NAME = '' SAML_SP_CONTACT_MAIL = '' @@ -104,7 +151,6 @@ SAML_LOGOUT = False #for example redirect to google.com after successful saml logout #SAML_LOGOUT_URL = 'https://google.com' - # POWERDNS CONFIG PDNS_STATS_URL = 'http://{0}:8081'.format(os.environ.get('PDNS_HOST')) PDNS_API_KEY = os.environ.get('PDNS_API_KEY')