Christopher Cooper
c4a820b32a
allow emails to be passed through SAML ( #7385 )
...
Signed-off-by: Christopher Cooper <cooperc@ocf.berkeley.edu>
2020-05-27 17:40:08 +01:00
Patrick Cloke
22246919e3
Add more type hints to SAML handler. ( #7445 )
2020-05-07 09:30:45 -04:00
Patrick Cloke
627b0f5f27
Persist user interactive authentication sessions ( #7302 )
...
By persisting the user interactive authentication sessions to the database, this fixes
situations where a user hits different works throughout their auth session and also
allows sessions to persist through restarts of Synapse.
2020-04-30 13:47:49 -04:00
Patrick Cloke
b85d7652ff
Do not allow a deactivated user to login via SSO. ( #7240 )
2020-04-09 13:28:13 -04:00
Patrick Cloke
b9930d24a0
Support SAML in the user interactive authentication workflow. ( #7102 )
2020-04-01 08:48:00 -04:00
Jason Robinson
060e7dce09
Allow RedirectResponse in SAML response handler
...
Allow custom SAML handlers to redirect after processing an auth response.
Fixes #7149
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2020-03-26 19:02:35 +02:00
Brendan Abolivier
6b0efe73e2
SAML2: render a comprehensible error page if something goes wrong
...
If an error happened while processing a SAML AuthN response, or a client
ends up doing a `GET` request to `/authn_response`, then render a
customisable error page rather than a confusing error.
2020-03-10 13:59:22 +00:00
Brendan Abolivier
a0178df104
Fix wrong handler being used in SAML handler
2020-03-03 11:29:07 +00:00
Richard van der Hoff
59dc87c618
Merge pull request #6724 from matrix-org/rav/log_saml_attributes
...
Log saml assertions rather than the whole response
2020-01-17 10:33:24 +00:00
Richard van der Hoff
2b6a77fcde
Delegate remote_user_id mapping to the saml mapping provider ( #6723 )
...
Turns out that figuring out a remote user id for the SAML user isn't quite as obvious as it seems. Factor it out to the SamlMappingProvider so that it's easy to control.
2020-01-17 10:32:47 +00:00
Richard van der Hoff
acc7820574
Log saml assertions rather than the whole response
...
... since the whole response is huge.
We even need to break up the assertions, since kibana otherwise truncates them.
2020-01-16 22:26:34 +00:00
Richard van der Hoff
dc69a1cf43
Pass client redirect URL into SAML mapping providers
2020-01-12 21:40:49 +00:00
Richard van der Hoff
47e63cc67a
Pass the module_api into the SamlMappingProvider
...
... for consistency with other modules, and because we'll need it sooner or
later and it will be a pain to introduce later.
2020-01-12 21:40:49 +00:00
Andrew Morgan
4947de5a14
Allow SAML username provider plugins ( #6411 )
2019-12-10 17:30:16 +00:00
Richard van der Hoff
33757bad19
More better logging
2019-09-20 11:20:02 +01:00
Richard van der Hoff
7423fade92
better logging
2019-09-19 17:16:50 +01:00
Richard van der Hoff
a8ac40445c
Record mappings from saml users in an external table
...
We want to assign unique mxids to saml users based on an incrementing
suffix. For that to work, we need to record the allocated mxid in a separate
table.
2019-09-13 16:01:46 +01:00
Richard van der Hoff
3bcb13edd0
Address review comments
2019-07-01 12:13:22 +01:00
Richard van der Hoff
28db0ae537
cleanups
2019-06-27 00:37:41 +01:00