Commit Graph

28 Commits

Author SHA1 Message Date
Matt Scott
ee9012fa24
Completed OAuth change to make the use of the metadata URL setting exclusive to the authorization and token URL settings. If the former is defined, it will be used in preference to the latter. 2023-04-08 17:14:55 -04:00
Matt Scott
ab4495dc46
Completed the implementation of the SERVER_EXTERNAL_SSL environment setting into the app config files.
Completed the implementation of the aforementioned environment setting into the OAuth workflows.

Documented the aforementioned setting in the Environment-variables.md wiki document.
2023-04-08 17:05:27 -04:00
Matt Scott
19335439bd
Completed the removal of the OAuth JWKS URL setting as well as the update of how the existing metadata URL settings are being used.
For additional information, reference GitHub issue #1499.
2023-04-02 09:19:05 -04:00
Matt Scott
1afe9b4908 Finished adding new OAuth Server Metadata URL setting to Google, GitHub, and Microsoft OAuth service configuration features. 2023-03-12 09:13:54 -04:00
Matt Scott
fd30e3ff49 Added new JWKS URL setting for each OAuth provider and updated the associated authorization service to use the setting during the initialization of the authlib. 2023-03-11 14:46:58 -05:00
AdvanticGmbH
5ad384bfe9 Add support for oidc_oauth_metadata_url configuration option
This commit adds support for the `oidc_oauth_metadata_url` configuration
option. This option specifies the URL of the OIDC server's
metadata endpoint, which contains information about the OIDC server's
endpoints, supported scopes, and other configuration details. By using this
option, we can ensure compatibility with different OIDC servers and reduce
the risk of errors due to manual endpoint configuration.
2023-02-23 09:21:01 +01:00
pixelrebel
e4c8c3892f Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs 2022-05-19 19:00:38 -07:00
pixelrebel
9221d58a1b Allow SAML AttributeStatements to be optional 2022-05-19 14:52:51 -07:00
Ian Bobbitt
39cddd3b34
SAML improvements for Docker (#929)
* Fix typo in managing user account membership with SAML assertion

* Support more config options from Docker env.

* Improve support for SAML key and cert from Docker secrets

Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
Khanh Ngo
0dfced4968
Upgrade pip packages 2020-10-10 20:27:09 +02:00
Attila DEBRECZENI
def06bee41 set SAML wantAssertionsEncrypted from config 2020-04-03 13:44:03 +00:00
Attila DEBRECZENI
cc26174a48
wantAssertionsEncrypted to false 2020-03-27 02:19:06 +01:00
Attila DEBRECZENI
a581aa3cf2 add SAML_ASSERTION_ENCRYPTED envrionment 2020-03-25 21:35:20 +00:00
Khanh Ngo
7024404f73
Merge pull request #674 from sshipway/patch-1
Corrections to Azure auth service definition after refactor
2020-03-06 13:57:09 +07:00
Enrico Tröger
b421b9b38a Fix token name in session for OIDC and GitHub authentication 2020-03-05 17:07:13 +01:00
Steve Shipway
7ac6529e0a
Corrections to Azure auth service definition after refactor 2020-03-04 17:34:01 +13:00
Khanh Ngo
4bdd433079
Fix migration script and LGTM 2019-12-21 22:26:56 +07:00
Khanh Ngo
7739bf7cfc
Add user email verification 2019-12-21 21:43:03 +07:00
Neven1986
3688cec91a Support for SAML metadata Requested Attributes
Enhancements:

- More robust check when creating self-signed certificates
- Added support for SAML Requested Attributes through "SAML_SP_REQUESTED_ATTRIBUTES" parameter
2019-12-20 03:24:26 +01:00
Khanh Ngo
59110432a0
Merge pull request #612 from Neven1986/saml_certificate_fix
SAML certificate fix and enhancement
2019-12-19 09:11:15 +07:00
Neven1986
567430790c SAML certificate fix and enhancement
Problems resolved:

- Method create_self_signed_cert() was invoked nowhere. This puts parameter "SAML_SIGN_REQUEST" description in configs/development.py as incorrect
- Method create_self_signed_cert() was returning error while trying to write out certificate and private key. File handler was opened for writing out TEXT instead of BINARY data

Enhancements:

- Two new parameters are introduced SAML_CERT_FILE and SAML_KEY_FILE. User can now explicitly define own certificate and key file anywhere on file-system.
- If parameters mentioned in previous bullet aren't explicitly defined, in PowerDNS-Admin root directory self-signed certificate will be created.
- Certificates will be used or generated in any case, because in saml.py there are explicit parameters defined which require certificate/key in order to work normally. If they aren't, exception will be thrown. Examples of parameters defined in saml.py requiring certificate: wantAssertionsEncrypted, signMetadata, wantAssertionsSigned.
2019-12-19 00:40:25 +01:00
Khanh Ngo
de581e9e1d
Yapf code formatting 2019-12-15 09:40:05 +07:00
Neven1986
894756ad96 Invocation of separate threa in get_idp_data() problem resolved 2019-12-14 21:45:51 +01:00
Neven1986
cd3535dcd2 - Variable references inside SAML class were fixed
- Function signatures inside SAML class were fixed
    - Redirect URL for /saml/login path was modified (saml_authorized -> index.saml_authorized)

    Current status is that SAML metadata can be generated under /saml/metadata and communication to SAML iDP is working

    Problems remaining:
        - SAML Response doesn't contain any attributes (There is no AttributeStatement on the Response). It can be that problem is on iDP side
        - Background thread in retrieve_idp_data() cannot be spawned, this part is currently commented out, old code needs to be revisited
2019-12-14 18:59:59 +01:00
Khanh Ngo
ad6b04bd78
LGTM fixes 2019-12-14 08:31:23 +07:00
Khanh Ngo
c0594b2c0b
Fix SAML 2019-12-13 21:55:11 +07:00
Khanh Ngo
80b6ca19ac Resolve the conflicts and add adjustment to #591 2019-12-06 14:27:35 +07:00
Khanh Ngo
8ea00b9484
Refactoring the code
- Use Flask blueprint
- Split model and views into smaller parts
- Bug fixes
- API adjustment
2019-12-02 10:32:03 +07:00