mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-10-01 08:25:44 -04:00
Small tweaks to SAML2 configuration.
- Add saml2 config docs to default config. - Use existence of saml2 config to indicate if saml2 should be enabled.
This commit is contained in:
parent
a887efa07a
commit
f3049d0b81
@ -16,27 +16,39 @@
|
|||||||
from ._base import Config
|
from ._base import Config
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# SAML2 Configuration
|
|
||||||
# Synapse uses pysaml2 libraries for providing SAML2 support
|
|
||||||
#
|
|
||||||
# config_path: Path to the sp_conf.py configuration file
|
|
||||||
# idp_redirect_url: Identity provider URL which will redirect
|
|
||||||
# the user back to /login/saml2 with proper info.
|
|
||||||
#
|
|
||||||
# sp_conf.py file is something like:
|
|
||||||
# https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
|
|
||||||
#
|
|
||||||
# More information: https://pythonhosted.org/pysaml2/howto/config.html
|
|
||||||
#
|
|
||||||
class SAML2Config(Config):
|
class SAML2Config(Config):
|
||||||
|
"""SAML2 Configuration
|
||||||
|
Synapse uses pysaml2 libraries for providing SAML2 support
|
||||||
|
|
||||||
|
config_path: Path to the sp_conf.py configuration file
|
||||||
|
idp_redirect_url: Identity provider URL which will redirect
|
||||||
|
the user back to /login/saml2 with proper info.
|
||||||
|
|
||||||
|
sp_conf.py file is something like:
|
||||||
|
https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
|
||||||
|
|
||||||
|
More information: https://pythonhosted.org/pysaml2/howto/config.html
|
||||||
|
"""
|
||||||
|
|
||||||
def read_config(self, config):
|
def read_config(self, config):
|
||||||
self.saml2_config = config["saml2_config"]
|
saml2_config = config.get("saml2_config", None)
|
||||||
|
if saml2_config:
|
||||||
|
self.saml2_enabled = True
|
||||||
|
self.saml2_config_path = saml2_config["config_path"]
|
||||||
|
self.saml2_idp_redirect_url = saml2_config["idp_redirect_url"]
|
||||||
|
else:
|
||||||
|
self.saml2_enabled = False
|
||||||
|
self.saml2_config_path = None
|
||||||
|
self.saml2_idp_redirect_url = None
|
||||||
|
|
||||||
def default_config(self, config_dir_path, server_name):
|
def default_config(self, config_dir_path, server_name):
|
||||||
return """
|
return """
|
||||||
saml2_config:
|
# Enable SAML2 for registration and login. Uses pysaml2
|
||||||
enabled: false
|
# config_path: Path to the sp_conf.py configuration file
|
||||||
config_path: "%s/sp_conf.py"
|
# idp_redirect_url: Identity provider URL which will redirect
|
||||||
idp_redirect_url: "http://%s/idp"
|
# the user back to /login/saml2 with proper info.
|
||||||
|
# See pysaml2 docs for format of config.
|
||||||
|
#saml2_config:
|
||||||
|
# config_path: "%s/sp_conf.py"
|
||||||
|
# idp_redirect_url: "http://%s/idp"
|
||||||
""" % (config_dir_path, server_name)
|
""" % (config_dir_path, server_name)
|
||||||
|
@ -38,8 +38,8 @@ class LoginRestServlet(ClientV1RestServlet):
|
|||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
super(LoginRestServlet, self).__init__(hs)
|
super(LoginRestServlet, self).__init__(hs)
|
||||||
self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url']
|
self.idp_redirect_url = hs.config.saml2_idp_redirect_url
|
||||||
self.saml2_enabled = hs.config.saml2_config['enabled']
|
self.saml2_enabled = hs.config.saml2_enabled
|
||||||
|
|
||||||
def on_GET(self, request):
|
def on_GET(self, request):
|
||||||
flows = [{"type": LoginRestServlet.PASS_TYPE}]
|
flows = [{"type": LoginRestServlet.PASS_TYPE}]
|
||||||
@ -127,7 +127,7 @@ class SAML2RestServlet(ClientV1RestServlet):
|
|||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
super(SAML2RestServlet, self).__init__(hs)
|
super(SAML2RestServlet, self).__init__(hs)
|
||||||
self.sp_config = hs.config.saml2_config['config_path']
|
self.sp_config = hs.config.saml2_config_path
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_POST(self, request):
|
def on_POST(self, request):
|
||||||
@ -177,6 +177,6 @@ def _parse_json(request):
|
|||||||
|
|
||||||
def register_servlets(hs, http_server):
|
def register_servlets(hs, http_server):
|
||||||
LoginRestServlet(hs).register(http_server)
|
LoginRestServlet(hs).register(http_server)
|
||||||
if hs.config.saml2_config['enabled']:
|
if hs.config.saml2_enabled:
|
||||||
SAML2RestServlet(hs).register(http_server)
|
SAML2RestServlet(hs).register(http_server)
|
||||||
# TODO PasswordResetRestServlet(hs).register(http_server)
|
# TODO PasswordResetRestServlet(hs).register(http_server)
|
||||||
|
Loading…
Reference in New Issue
Block a user