Make SAML2 optional and add some references/comments

This commit is contained in:
Muthu Subramanian 2015-07-09 13:34:47 +05:30
parent d2caa5351a
commit 8cd34dfe95
2 changed files with 23 additions and 4 deletions

View File

@ -16,6 +16,19 @@
from ._base import Config from ._base import Config
#
# SAML2 Configuration
# Synapse uses pysaml2 libraries for providing SAML2 support
#
# config_path: Path to the sp_conf.py configuration file
# idp_redirect_url: Identity provider URL which will redirect
# the user back to /login/saml2 with proper info.
#
# sp_conf.py file is something like:
# https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
#
# More information: https://pythonhosted.org/pysaml2/howto/config.html
#
class SAML2Config(Config): class SAML2Config(Config):
def read_config(self, config): def read_config(self, config):
self.saml2_config = config["saml2_config"] self.saml2_config = config["saml2_config"]
@ -23,6 +36,7 @@ class SAML2Config(Config):
def default_config(self, config_dir_path, server_name): def default_config(self, config_dir_path, server_name):
return """ return """
saml2_config: saml2_config:
enabled: false
config_path: "%s/sp_conf.py" config_path: "%s/sp_conf.py"
idp_redirect_url: "http://%s/idp" idp_redirect_url: "http://%s/idp"
""" % (config_dir_path, server_name) """ % (config_dir_path, server_name)

View File

@ -39,10 +39,13 @@ class LoginRestServlet(ClientV1RestServlet):
def __init__(self, hs): def __init__(self, hs):
super(LoginRestServlet, self).__init__(hs) super(LoginRestServlet, self).__init__(hs)
self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url'] self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url']
self.saml2_enabled = hs.config.saml2_config['enabled']
def on_GET(self, request): def on_GET(self, request):
return (200, {"flows": [{"type": LoginRestServlet.PASS_TYPE}, flows = [{"type": LoginRestServlet.PASS_TYPE}]
{"type": LoginRestServlet.SAML2_TYPE}]}) if self.saml2_enabled:
flows.append({"type": LoginRestServlet.SAML2_TYPE})
return (200, {"flows": flows})
def on_OPTIONS(self, request): def on_OPTIONS(self, request):
return (200, {}) return (200, {})
@ -54,7 +57,8 @@ class LoginRestServlet(ClientV1RestServlet):
if login_submission["type"] == LoginRestServlet.PASS_TYPE: if login_submission["type"] == LoginRestServlet.PASS_TYPE:
result = yield self.do_password_login(login_submission) result = yield self.do_password_login(login_submission)
defer.returnValue(result) defer.returnValue(result)
elif login_submission["type"] == LoginRestServlet.SAML2_TYPE: elif self.saml2_enabled and (login_submission["type"] ==
LoginRestServlet.SAML2_TYPE):
relay_state = "" relay_state = ""
if "relay_state" in login_submission: if "relay_state" in login_submission:
relay_state = "&RelayState="+urllib.quote( relay_state = "&RelayState="+urllib.quote(
@ -173,5 +177,6 @@ def _parse_json(request):
def register_servlets(hs, http_server): def register_servlets(hs, http_server):
LoginRestServlet(hs).register(http_server) LoginRestServlet(hs).register(http_server)
SAML2RestServlet(hs).register(http_server) if hs.config.saml2_config['enabled']:
SAML2RestServlet(hs).register(http_server)
# TODO PasswordResetRestServlet(hs).register(http_server) # TODO PasswordResetRestServlet(hs).register(http_server)