Small tweaks to SAML2 configuration.

- Add saml2 config docs to default config.
- Use existence of saml2 config to indicate if saml2 should be enabled.
This commit is contained in:
Erik Johnston 2015-07-10 10:50:03 +01:00
parent a887efa07a
commit f3049d0b81
2 changed files with 34 additions and 22 deletions

View File

@ -16,27 +16,39 @@
from ._base import Config from ._base import Config
#
# SAML2 Configuration
# Synapse uses pysaml2 libraries for providing SAML2 support
#
# config_path: Path to the sp_conf.py configuration file
# idp_redirect_url: Identity provider URL which will redirect
# the user back to /login/saml2 with proper info.
#
# sp_conf.py file is something like:
# https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
#
# More information: https://pythonhosted.org/pysaml2/howto/config.html
#
class SAML2Config(Config): class SAML2Config(Config):
"""SAML2 Configuration
Synapse uses pysaml2 libraries for providing SAML2 support
config_path: Path to the sp_conf.py configuration file
idp_redirect_url: Identity provider URL which will redirect
the user back to /login/saml2 with proper info.
sp_conf.py file is something like:
https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
More information: https://pythonhosted.org/pysaml2/howto/config.html
"""
def read_config(self, config): def read_config(self, config):
self.saml2_config = config["saml2_config"] saml2_config = config.get("saml2_config", None)
if saml2_config:
self.saml2_enabled = True
self.saml2_config_path = saml2_config["config_path"]
self.saml2_idp_redirect_url = saml2_config["idp_redirect_url"]
else:
self.saml2_enabled = False
self.saml2_config_path = None
self.saml2_idp_redirect_url = None
def default_config(self, config_dir_path, server_name): def default_config(self, config_dir_path, server_name):
return """ return """
saml2_config: # Enable SAML2 for registration and login. Uses pysaml2
enabled: false # config_path: Path to the sp_conf.py configuration file
config_path: "%s/sp_conf.py" # idp_redirect_url: Identity provider URL which will redirect
idp_redirect_url: "http://%s/idp" # the user back to /login/saml2 with proper info.
# See pysaml2 docs for format of config.
#saml2_config:
# config_path: "%s/sp_conf.py"
# idp_redirect_url: "http://%s/idp"
""" % (config_dir_path, server_name) """ % (config_dir_path, server_name)

View File

@ -38,8 +38,8 @@ class LoginRestServlet(ClientV1RestServlet):
def __init__(self, hs): def __init__(self, hs):
super(LoginRestServlet, self).__init__(hs) super(LoginRestServlet, self).__init__(hs)
self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url'] self.idp_redirect_url = hs.config.saml2_idp_redirect_url
self.saml2_enabled = hs.config.saml2_config['enabled'] self.saml2_enabled = hs.config.saml2_enabled
def on_GET(self, request): def on_GET(self, request):
flows = [{"type": LoginRestServlet.PASS_TYPE}] flows = [{"type": LoginRestServlet.PASS_TYPE}]
@ -127,7 +127,7 @@ class SAML2RestServlet(ClientV1RestServlet):
def __init__(self, hs): def __init__(self, hs):
super(SAML2RestServlet, self).__init__(hs) super(SAML2RestServlet, self).__init__(hs)
self.sp_config = hs.config.saml2_config['config_path'] self.sp_config = hs.config.saml2_config_path
@defer.inlineCallbacks @defer.inlineCallbacks
def on_POST(self, request): def on_POST(self, request):
@ -177,6 +177,6 @@ def _parse_json(request):
def register_servlets(hs, http_server): def register_servlets(hs, http_server):
LoginRestServlet(hs).register(http_server) LoginRestServlet(hs).register(http_server)
if hs.config.saml2_config['enabled']: if hs.config.saml2_enabled:
SAML2RestServlet(hs).register(http_server) SAML2RestServlet(hs).register(http_server)
# TODO PasswordResetRestServlet(hs).register(http_server) # TODO PasswordResetRestServlet(hs).register(http_server)