forked from MirrorHub/synapse
Make SAML2 optional and add some references/comments
This commit is contained in:
parent
d2caa5351a
commit
8cd34dfe95
2 changed files with 23 additions and 4 deletions
|
@ -16,6 +16,19 @@
|
|||
from ._base import Config
|
||||
|
||||
|
||||
#
|
||||
# SAML2 Configuration
|
||||
# Synapse uses pysaml2 libraries for providing SAML2 support
|
||||
#
|
||||
# config_path: Path to the sp_conf.py configuration file
|
||||
# idp_redirect_url: Identity provider URL which will redirect
|
||||
# the user back to /login/saml2 with proper info.
|
||||
#
|
||||
# sp_conf.py file is something like:
|
||||
# https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
|
||||
#
|
||||
# More information: https://pythonhosted.org/pysaml2/howto/config.html
|
||||
#
|
||||
class SAML2Config(Config):
|
||||
def read_config(self, config):
|
||||
self.saml2_config = config["saml2_config"]
|
||||
|
@ -23,6 +36,7 @@ class SAML2Config(Config):
|
|||
def default_config(self, config_dir_path, server_name):
|
||||
return """
|
||||
saml2_config:
|
||||
enabled: false
|
||||
config_path: "%s/sp_conf.py"
|
||||
idp_redirect_url: "http://%s/idp"
|
||||
""" % (config_dir_path, server_name)
|
||||
|
|
|
@ -39,10 +39,13 @@ class LoginRestServlet(ClientV1RestServlet):
|
|||
def __init__(self, hs):
|
||||
super(LoginRestServlet, self).__init__(hs)
|
||||
self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url']
|
||||
self.saml2_enabled = hs.config.saml2_config['enabled']
|
||||
|
||||
def on_GET(self, request):
|
||||
return (200, {"flows": [{"type": LoginRestServlet.PASS_TYPE},
|
||||
{"type": LoginRestServlet.SAML2_TYPE}]})
|
||||
flows = [{"type": LoginRestServlet.PASS_TYPE}]
|
||||
if self.saml2_enabled:
|
||||
flows.append({"type": LoginRestServlet.SAML2_TYPE})
|
||||
return (200, {"flows": flows})
|
||||
|
||||
def on_OPTIONS(self, request):
|
||||
return (200, {})
|
||||
|
@ -54,7 +57,8 @@ class LoginRestServlet(ClientV1RestServlet):
|
|||
if login_submission["type"] == LoginRestServlet.PASS_TYPE:
|
||||
result = yield self.do_password_login(login_submission)
|
||||
defer.returnValue(result)
|
||||
elif login_submission["type"] == LoginRestServlet.SAML2_TYPE:
|
||||
elif self.saml2_enabled and (login_submission["type"] ==
|
||||
LoginRestServlet.SAML2_TYPE):
|
||||
relay_state = ""
|
||||
if "relay_state" in login_submission:
|
||||
relay_state = "&RelayState="+urllib.quote(
|
||||
|
@ -173,5 +177,6 @@ def _parse_json(request):
|
|||
|
||||
def register_servlets(hs, http_server):
|
||||
LoginRestServlet(hs).register(http_server)
|
||||
if hs.config.saml2_config['enabled']:
|
||||
SAML2RestServlet(hs).register(http_server)
|
||||
# TODO PasswordResetRestServlet(hs).register(http_server)
|
||||
|
|
Loading…
Reference in a new issue