Make SAML2 optional and add some references/comments

2024-10-01 11:49:51 -04:00 · 2015-07-09 13:34:47 +05:30 · 2015-07-09 13:34:47 +05:30 · 8cd34dfe95
commit 8cd34dfe95
parent d2caa5351a
2 changed files with 23 additions and 4 deletions
--- a/synapse/config/saml2.py
+++ b/synapse/config/saml2.py
@ -16,6 +16,19 @@
 from ._base import Config


+#
+# SAML2 Configuration
+# Synapse uses pysaml2 libraries for providing SAML2 support
+#
+# config_path:      Path to the sp_conf.py configuration file
+# idp_redirect_url: Identity provider URL which will redirect
+#                   the user back to /login/saml2 with proper info.
+#
+# sp_conf.py file is something like:
+# https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
+#
+# More information: https://pythonhosted.org/pysaml2/howto/config.html
+#
 class SAML2Config(Config):
    def read_config(self, config):
        self.saml2_config = config["saml2_config"]
@ -23,6 +36,7 @@ class SAML2Config(Config):
    def default_config(self, config_dir_path, server_name):
        return """
        saml2_config:
+            enabled: false
            config_path: "%s/sp_conf.py"
            idp_redirect_url: "http://%s/idp"
        """ % (config_dir_path, server_name)
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@ -39,10 +39,13 @@ class LoginRestServlet(ClientV1RestServlet):
    def __init__(self, hs):
        super(LoginRestServlet, self).__init__(hs)
        self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url']
+        self.saml2_enabled = hs.config.saml2_config['enabled']

    def on_GET(self, request):
-        return (200, {"flows": [{"type": LoginRestServlet.PASS_TYPE},
-                                {"type": LoginRestServlet.SAML2_TYPE}]})
+        flows = [{"type": LoginRestServlet.PASS_TYPE}]
+        if self.saml2_enabled:
+            flows.append({"type": LoginRestServlet.SAML2_TYPE})
+        return (200, {"flows": flows})

    def on_OPTIONS(self, request):
        return (200, {})
@ -54,7 +57,8 @@ class LoginRestServlet(ClientV1RestServlet):
            if login_submission["type"] == LoginRestServlet.PASS_TYPE:
                result = yield self.do_password_login(login_submission)
                defer.returnValue(result)
-            elif login_submission["type"] == LoginRestServlet.SAML2_TYPE:
+            elif self.saml2_enabled and (login_submission["type"] ==
+                                         LoginRestServlet.SAML2_TYPE):
                relay_state = ""
                if "relay_state" in login_submission:
                    relay_state = "&RelayState="+urllib.quote(
@ -173,5 +177,6 @@ def _parse_json(request):

 def register_servlets(hs, http_server):
    LoginRestServlet(hs).register(http_server)
+    if hs.config.saml2_config['enabled']:
        SAML2RestServlet(hs).register(http_server)
    # TODO PasswordResetRestServlet(hs).register(http_server)