mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
Make SAML2 optional and add some references/comments
This commit is contained in:
parent
d2caa5351a
commit
8cd34dfe95
@ -16,6 +16,19 @@
|
|||||||
from ._base import Config
|
from ._base import Config
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# SAML2 Configuration
|
||||||
|
# Synapse uses pysaml2 libraries for providing SAML2 support
|
||||||
|
#
|
||||||
|
# config_path: Path to the sp_conf.py configuration file
|
||||||
|
# idp_redirect_url: Identity provider URL which will redirect
|
||||||
|
# the user back to /login/saml2 with proper info.
|
||||||
|
#
|
||||||
|
# sp_conf.py file is something like:
|
||||||
|
# https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
|
||||||
|
#
|
||||||
|
# More information: https://pythonhosted.org/pysaml2/howto/config.html
|
||||||
|
#
|
||||||
class SAML2Config(Config):
|
class SAML2Config(Config):
|
||||||
def read_config(self, config):
|
def read_config(self, config):
|
||||||
self.saml2_config = config["saml2_config"]
|
self.saml2_config = config["saml2_config"]
|
||||||
@ -23,6 +36,7 @@ class SAML2Config(Config):
|
|||||||
def default_config(self, config_dir_path, server_name):
|
def default_config(self, config_dir_path, server_name):
|
||||||
return """
|
return """
|
||||||
saml2_config:
|
saml2_config:
|
||||||
|
enabled: false
|
||||||
config_path: "%s/sp_conf.py"
|
config_path: "%s/sp_conf.py"
|
||||||
idp_redirect_url: "http://%s/idp"
|
idp_redirect_url: "http://%s/idp"
|
||||||
""" % (config_dir_path, server_name)
|
""" % (config_dir_path, server_name)
|
||||||
|
@ -39,10 +39,13 @@ class LoginRestServlet(ClientV1RestServlet):
|
|||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
super(LoginRestServlet, self).__init__(hs)
|
super(LoginRestServlet, self).__init__(hs)
|
||||||
self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url']
|
self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url']
|
||||||
|
self.saml2_enabled = hs.config.saml2_config['enabled']
|
||||||
|
|
||||||
def on_GET(self, request):
|
def on_GET(self, request):
|
||||||
return (200, {"flows": [{"type": LoginRestServlet.PASS_TYPE},
|
flows = [{"type": LoginRestServlet.PASS_TYPE}]
|
||||||
{"type": LoginRestServlet.SAML2_TYPE}]})
|
if self.saml2_enabled:
|
||||||
|
flows.append({"type": LoginRestServlet.SAML2_TYPE})
|
||||||
|
return (200, {"flows": flows})
|
||||||
|
|
||||||
def on_OPTIONS(self, request):
|
def on_OPTIONS(self, request):
|
||||||
return (200, {})
|
return (200, {})
|
||||||
@ -54,7 +57,8 @@ class LoginRestServlet(ClientV1RestServlet):
|
|||||||
if login_submission["type"] == LoginRestServlet.PASS_TYPE:
|
if login_submission["type"] == LoginRestServlet.PASS_TYPE:
|
||||||
result = yield self.do_password_login(login_submission)
|
result = yield self.do_password_login(login_submission)
|
||||||
defer.returnValue(result)
|
defer.returnValue(result)
|
||||||
elif login_submission["type"] == LoginRestServlet.SAML2_TYPE:
|
elif self.saml2_enabled and (login_submission["type"] ==
|
||||||
|
LoginRestServlet.SAML2_TYPE):
|
||||||
relay_state = ""
|
relay_state = ""
|
||||||
if "relay_state" in login_submission:
|
if "relay_state" in login_submission:
|
||||||
relay_state = "&RelayState="+urllib.quote(
|
relay_state = "&RelayState="+urllib.quote(
|
||||||
@ -173,5 +177,6 @@ def _parse_json(request):
|
|||||||
|
|
||||||
def register_servlets(hs, http_server):
|
def register_servlets(hs, http_server):
|
||||||
LoginRestServlet(hs).register(http_server)
|
LoginRestServlet(hs).register(http_server)
|
||||||
|
if hs.config.saml2_config['enabled']:
|
||||||
SAML2RestServlet(hs).register(http_server)
|
SAML2RestServlet(hs).register(http_server)
|
||||||
# TODO PasswordResetRestServlet(hs).register(http_server)
|
# TODO PasswordResetRestServlet(hs).register(http_server)
|
||||||
|
Loading…
Reference in New Issue
Block a user