mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-09 15:10:27 +00:00
updated documentation and config-template
This commit is contained in:
parent
dff5d7cf78
commit
f3093fe794
42
README.md
42
README.md
@ -5,6 +5,7 @@ PowerDNS Web-GUI - Built by Flask
|
||||
- Multiple domain management
|
||||
- Local / LDAP user authentication
|
||||
- Support Two-factor authentication (TOTP)
|
||||
- Support SAML authentication
|
||||
- User management
|
||||
- User access management based on domain
|
||||
- User activity logging
|
||||
@ -84,6 +85,47 @@ Run the application and enjoy!
|
||||
(flask)$ ./run.py
|
||||
```
|
||||
|
||||
### SAML Authentication
|
||||
SAML authentication is supported. In order to use it you have to create your own settings.json and advanced_settings.json based on the templates.
|
||||
Following Assertions are supported and used by this application:
|
||||
- nameidentifier in form of email address as user login
|
||||
- email used as user email address
|
||||
- givenname used as firstname
|
||||
- surname used as lastname
|
||||
|
||||
### ADFS claim rules as example
|
||||
Microsoft Active Directory Federation Services can be used as Identity Provider for SAML login.
|
||||
The Following rules should be configured to send all attribute information to PowerDNS-Admin.
|
||||
The nameidentifier should be something stable from the idp side. All other attributes are update when singing in.
|
||||
|
||||
#### sending the nameidentifier
|
||||
Name-Identifiers Type is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
|
||||
```
|
||||
c:[Type == "<here goes your source claim>"]
|
||||
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
|
||||
```
|
||||
|
||||
#### sending the firstname
|
||||
Name-Identifiers Type is "givenname"
|
||||
```
|
||||
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"]
|
||||
=> issue(Type = "givenname", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient");
|
||||
```
|
||||
|
||||
#### sending the lastname
|
||||
Name-Identifiers Type is "surname"
|
||||
```
|
||||
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"]
|
||||
=> issue(Type = "surname", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient");
|
||||
```
|
||||
|
||||
#### sending the email
|
||||
Name-Identifiers Type is "email"
|
||||
```
|
||||
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
|
||||
=> issue(Type = "email", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
|
||||
```
|
||||
|
||||
### Screenshots
|
||||
![login page](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/images/readme_screenshots/fullscreen-login.png?raw=true)
|
||||
![dashboard](https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/images/readme_screenshots/fullscreen-dashboard.png?raw=true)
|
||||
|
@ -66,7 +66,7 @@ GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
|
||||
GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
|
||||
|
||||
# SAML Authnetication
|
||||
SAML_ENABLED = True
|
||||
SAML_ENABLED = False
|
||||
|
||||
#Default Auth
|
||||
BASIC_ENABLED = True
|
||||
|
Loading…
Reference in New Issue
Block a user