Commit Graph

14 Commits

Author SHA1 Message Date
pixelrebel
e4c8c3892f Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs 2022-05-19 19:00:38 -07:00
pixelrebel
9221d58a1b Allow SAML AttributeStatements to be optional 2022-05-19 14:52:51 -07:00
Ian Bobbitt
39cddd3b34
SAML improvements for Docker (#929)
* Fix typo in managing user account membership with SAML assertion

* Support more config options from Docker env.

* Improve support for SAML key and cert from Docker secrets

Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
Attila DEBRECZENI
def06bee41 set SAML wantAssertionsEncrypted from config 2020-04-03 13:44:03 +00:00
Attila DEBRECZENI
cc26174a48
wantAssertionsEncrypted to false 2020-03-27 02:19:06 +01:00
Attila DEBRECZENI
a581aa3cf2 add SAML_ASSERTION_ENCRYPTED envrionment 2020-03-25 21:35:20 +00:00
Neven1986
3688cec91a Support for SAML metadata Requested Attributes
Enhancements:

- More robust check when creating self-signed certificates
- Added support for SAML Requested Attributes through "SAML_SP_REQUESTED_ATTRIBUTES" parameter
2019-12-20 03:24:26 +01:00
Khanh Ngo
59110432a0
Merge pull request #612 from Neven1986/saml_certificate_fix
SAML certificate fix and enhancement
2019-12-19 09:11:15 +07:00
Neven1986
567430790c SAML certificate fix and enhancement
Problems resolved:

- Method create_self_signed_cert() was invoked nowhere. This puts parameter "SAML_SIGN_REQUEST" description in configs/development.py as incorrect
- Method create_self_signed_cert() was returning error while trying to write out certificate and private key. File handler was opened for writing out TEXT instead of BINARY data

Enhancements:

- Two new parameters are introduced SAML_CERT_FILE and SAML_KEY_FILE. User can now explicitly define own certificate and key file anywhere on file-system.
- If parameters mentioned in previous bullet aren't explicitly defined, in PowerDNS-Admin root directory self-signed certificate will be created.
- Certificates will be used or generated in any case, because in saml.py there are explicit parameters defined which require certificate/key in order to work normally. If they aren't, exception will be thrown. Examples of parameters defined in saml.py requiring certificate: wantAssertionsEncrypted, signMetadata, wantAssertionsSigned.
2019-12-19 00:40:25 +01:00
Khanh Ngo
de581e9e1d
Yapf code formatting 2019-12-15 09:40:05 +07:00
Neven1986
894756ad96 Invocation of separate threa in get_idp_data() problem resolved 2019-12-14 21:45:51 +01:00
Neven1986
cd3535dcd2 - Variable references inside SAML class were fixed
- Function signatures inside SAML class were fixed
    - Redirect URL for /saml/login path was modified (saml_authorized -> index.saml_authorized)

    Current status is that SAML metadata can be generated under /saml/metadata and communication to SAML iDP is working

    Problems remaining:
        - SAML Response doesn't contain any attributes (There is no AttributeStatement on the Response). It can be that problem is on iDP side
        - Background thread in retrieve_idp_data() cannot be spawned, this part is currently commented out, old code needs to be revisited
2019-12-14 18:59:59 +01:00
Khanh Ngo
ad6b04bd78
LGTM fixes 2019-12-14 08:31:23 +07:00
Khanh Ngo
c0594b2c0b
Fix SAML 2019-12-13 21:55:11 +07:00