Migrated settings from app.config to Settings()
This commit is contained in:
parent
d223eba0a1
commit
3255bc26d0
|
@ -32,9 +32,9 @@ SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
|
|||
# MAIL_DEFAULT_SENDER = ('PowerDNS-Admin', 'noreply@domain.ltd')
|
||||
|
||||
# SAML Authnetication
|
||||
SAML_ENABLED = False
|
||||
# SAML_ENABLED = True
|
||||
# SAML_DEBUG = True
|
||||
# SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml')
|
||||
SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml')
|
||||
# ##Example for ADFS Metadata-URL
|
||||
# SAML_METADATA_URL = 'https://<hostname>/FederationMetadata/2007-06/FederationMetadata.xml'
|
||||
# #Cache Lifetime in Seconds
|
||||
|
|
|
@ -24,5 +24,5 @@ SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_
|
|||
# SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
|
||||
|
||||
# SAML Authnetication
|
||||
SAML_ENABLED = False
|
||||
SAML_ASSERTION_ENCRYPTED = True
|
||||
# SAML_ENABLED = False
|
||||
# SAML_ASSERTION_ENCRYPTED = True
|
||||
|
|
|
@ -111,10 +111,11 @@ class Setting(db.Model):
|
|||
'oidc_oauth_account_name_property': '',
|
||||
'oidc_oauth_account_description_property': '',
|
||||
'saml_enabled': False,
|
||||
'saml_metadata_url': 'https://<hostname>/FederationMetadata/2007-06/FederationMetadata.xml',
|
||||
'saml_debug': True,
|
||||
'saml_metadata_url': 'https://md.aai.grnet.gr/aggregates/grnet-metadata.xml',#'https://md.aai.grnet.gr/aggregates/grnet-metadata.xml'
|
||||
'saml_metadata_cache_lifetime': '1',
|
||||
'saml_idp_sso_binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
||||
'saml_idp_entity_id': 'https://idp.example.edu/idp',
|
||||
'saml_idp_sso_binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',#
|
||||
'saml_idp_entity_id': 'https://idp.uoa.gr/idp/shibboleth',#'https://idp.uoa.gr/idp/shibboleth'
|
||||
'saml_nameid_format': 'urn:oid:0.9.2342.19200300.100.1.1',
|
||||
'saml_sp_requested_attributes': '[ \
|
||||
{"name": "urn:oid:0.9.2342.19200300.100.1.3", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "isRequired": true, "friendlyName": "email"}, \
|
||||
|
@ -126,15 +127,25 @@ class Setting(db.Model):
|
|||
'saml_attribute_username': 'urn:oid:0.9.2342.19200300.100.1.1',
|
||||
'saml_attribute_admin': 'https://example.edu/pdns-admin',
|
||||
'saml_attribute_account': 'https://example.edu/pdns-account',
|
||||
'saml_attribute_group': None,
|
||||
'saml_group_admin_name': None,
|
||||
'saml_group_to_account_mapping': None,
|
||||
'saml_sp_entity_id': 'http://<SAML SP ENTITY ID>',
|
||||
'saml_sp_entity_name': '<contact name>',
|
||||
'saml_sp_entity_mail': '<contact mail>',
|
||||
'saml_sp_contact_name': '<contact name>',
|
||||
'saml_sp_contact_mail': '<contact mail>',
|
||||
'saml_cert_file': '/etc/pki/powerdns-admin/cert.crt',
|
||||
'saml_cert_key': '/etc/pki/powerdns-admin/key.pem',
|
||||
'saml_sign_request': False,
|
||||
'saml_logout': False,
|
||||
'saml_logout_url': 'https://google.com',
|
||||
'saml_assertion_encrypted': True,
|
||||
'saml_digest_algorithm': 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
||||
'saml_signature_algorithm': 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
||||
'saml_want_assertions_signed': True,
|
||||
'saml_sign_metadata': True,
|
||||
'saml_want_message_signed': True,
|
||||
'saml_metadata_cache_duration': 'PT5M',
|
||||
'saml_metadata_valid_until': '',
|
||||
'forward_records_allow_edit': {
|
||||
'A': True,
|
||||
'AAAA': True,
|
||||
|
|
|
@ -1021,7 +1021,6 @@ def setting_authentication():
|
|||
}
|
||||
else:
|
||||
Setting().set('saml_enabled', True)
|
||||
print("SAML ENABLED = ",Setting().get('saml_enabled'))
|
||||
Setting().set('saml_metadata_url',
|
||||
request.form.get('saml_metadata_url'))
|
||||
Setting().set('saml_metadata_cache_lifetime',
|
||||
|
|
|
@ -141,7 +141,7 @@ def oidc_login():
|
|||
|
||||
@index_bp.route('/login', methods=['GET', 'POST'])
|
||||
def login():
|
||||
SAML_ENABLED = current_app.config.get('SAML_ENABLED')
|
||||
SAML_ENABLED = Setting().get('saml_enabled')
|
||||
|
||||
if g.user is not None and current_user.is_authenticated:
|
||||
return redirect(url_for('dashboard.dashboard'))
|
||||
|
@ -587,18 +587,17 @@ def get_azure_groups(uri):
|
|||
|
||||
@index_bp.route('/logout')
|
||||
def logout():
|
||||
if current_app.config.get(
|
||||
'SAML_ENABLED'
|
||||
) and 'samlSessionIndex' in session and current_app.config.get(
|
||||
'SAML_LOGOUT'):
|
||||
if Setting().get('saml_enabled'
|
||||
) and 'samlSessionIndex' in session and Setting().get(
|
||||
'saml_logout'):
|
||||
req = saml.prepare_flask_request(request)
|
||||
auth = saml.init_saml_auth(req)
|
||||
if current_app.config.get('SAML_LOGOUT_URL'):
|
||||
if Setting().get('saml_logout_url'):
|
||||
return redirect(
|
||||
auth.logout(
|
||||
name_id_format=
|
||||
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
||||
return_to=current_app.config.get('SAML_LOGOUT_URL'),
|
||||
return_to=Setting().get('saml_logout_url'),
|
||||
session_index=session['samlSessionIndex'],
|
||||
name_id=session['samlNameId']))
|
||||
return redirect(
|
||||
|
@ -896,7 +895,7 @@ def dyndns_update():
|
|||
### START SAML AUTHENTICATION ###
|
||||
@index_bp.route('/saml/login')
|
||||
def saml_login():
|
||||
if not current_app.config.get('SAML_ENABLED'):
|
||||
if not Setting().get('saml_enabled'):
|
||||
abort(400)
|
||||
req = saml.prepare_flask_request(request)
|
||||
auth = saml.init_saml_auth(req)
|
||||
|
@ -907,7 +906,7 @@ def saml_login():
|
|||
|
||||
@index_bp.route('/saml/metadata')
|
||||
def saml_metadata():
|
||||
if not current_app.config.get('SAML_ENABLED'):
|
||||
if not Setting().get('saml_enabled'):
|
||||
current_app.logger.error("SAML authentication is disabled.")
|
||||
abort(400)
|
||||
|
||||
|
@ -928,7 +927,7 @@ def saml_metadata():
|
|||
@index_bp.route('/saml/authorized', methods=['GET', 'POST'])
|
||||
def saml_authorized():
|
||||
errors = []
|
||||
if not current_app.config.get('SAML_ENABLED'):
|
||||
if not Setting().get('saml_enabled'):
|
||||
current_app.logger.error("SAML authentication is disabled.")
|
||||
abort(400)
|
||||
req = saml.prepare_flask_request(request)
|
||||
|
@ -945,9 +944,9 @@ def saml_authorized():
|
|||
if 'RelayState' in request.form and self_url != request.form[
|
||||
'RelayState']:
|
||||
return redirect(auth.redirect_to(request.form['RelayState']))
|
||||
if current_app.config.get('SAML_ATTRIBUTE_USERNAME', False):
|
||||
if Setting().get('saml_attribute_username'):
|
||||
username = session['samlUserdata'][
|
||||
current_app.config['SAML_ATTRIBUTE_USERNAME']][0].lower()
|
||||
Setting().get('saml_attribute_username')][0].lower()
|
||||
else:
|
||||
username = session['samlNameId'].lower()
|
||||
user = User.query.filter_by(username=username).first()
|
||||
|
@ -958,22 +957,38 @@ def saml_authorized():
|
|||
email=session['samlNameId'])
|
||||
user.create_local_user()
|
||||
session['user_id'] = user.id
|
||||
email_attribute_name = current_app.config.get('SAML_ATTRIBUTE_EMAIL',
|
||||
'email')
|
||||
givenname_attribute_name = current_app.config.get(
|
||||
'SAML_ATTRIBUTE_GIVENNAME', 'givenname')
|
||||
surname_attribute_name = current_app.config.get(
|
||||
'SAML_ATTRIBUTE_SURNAME', 'surname')
|
||||
name_attribute_name = current_app.config.get('SAML_ATTRIBUTE_NAME',
|
||||
None)
|
||||
account_attribute_name = current_app.config.get(
|
||||
'SAML_ATTRIBUTE_ACCOUNT', None)
|
||||
admin_attribute_name = current_app.config.get('SAML_ATTRIBUTE_ADMIN',
|
||||
None)
|
||||
group_attribute_name = current_app.config.get('SAML_ATTRIBUTE_GROUP',
|
||||
None)
|
||||
admin_group_name = current_app.config.get('SAML_GROUP_ADMIN_NAME',
|
||||
None)
|
||||
if Setting().get('saml_attribute_email'):
|
||||
email_attribute_name = Setting().get('saml_attribute_email')
|
||||
else:
|
||||
email_attribute_name = 'email'
|
||||
if Setting().get('saml_attribute_givenname'):
|
||||
givenname_attribute_name = Setting().get('saml_attribute_givenname')
|
||||
else:
|
||||
givenname_attribute_name = 'givenname'
|
||||
if Setting().get('saml_attribute_surname'):
|
||||
surname_attribute_name = Setting().get('saml_attribute_surname')
|
||||
else:
|
||||
surname_attribute_name = 'surname'
|
||||
if Setting().get('saml_attribute_name'):
|
||||
name_attribute_name = Setting().get('saml_attribute_name')
|
||||
else:
|
||||
name_attribute_name = None
|
||||
if Setting().get('saml_attribute_account'):
|
||||
account_attribute_name = Setting().get('saml_attribute_account')
|
||||
else:
|
||||
account_attribute_name = None
|
||||
if Setting().get('saml_attribute_admin'):
|
||||
admin_attribute_name = Setting().get('saml_attribute_admin')
|
||||
else:
|
||||
admin_attribute_name = None
|
||||
if Setting().get('saml_attribute_group'):
|
||||
group_attribute_name = Setting().get('saml_attribute_group')
|
||||
else:
|
||||
group_attribute_name = None
|
||||
if Setting().get('saml_group_admin_name'):
|
||||
admin_group_name = Setting().get('saml_group_admin_name')
|
||||
else:
|
||||
admin_group_name = None
|
||||
group_to_account_mapping = create_group_to_account_mapping()
|
||||
|
||||
if email_attribute_name in session['samlUserdata']:
|
||||
|
@ -1045,8 +1060,7 @@ def saml_authorized():
|
|||
|
||||
|
||||
def create_group_to_account_mapping():
|
||||
group_to_account_mapping_string = current_app.config.get(
|
||||
'SAML_GROUP_TO_ACCOUNT_MAPPING', None)
|
||||
group_to_account_mapping_string = Setting().get('saml_group_to_account_mapping')
|
||||
if group_to_account_mapping_string and len(
|
||||
group_to_account_mapping_string.strip()) > 0:
|
||||
group_to_account_mapping = group_to_account_mapping_string.split(',')
|
||||
|
@ -1096,8 +1110,8 @@ def saml_logout():
|
|||
clear_session()
|
||||
if url is not None:
|
||||
return redirect(url)
|
||||
elif current_app.config.get('SAML_LOGOUT_URL') is not None:
|
||||
return redirect(current_app.config.get('SAML_LOGOUT_URL'))
|
||||
elif Setting().get('saml_logout_url') is not None:
|
||||
return redirect(Setting().get('saml_logout_url'))
|
||||
else:
|
||||
return redirect(url_for('login'))
|
||||
else:
|
||||
|
|
|
@ -6,11 +6,12 @@ import os
|
|||
|
||||
from ..lib.certutil import KEY_FILE, CERT_FILE, create_self_signed_cert
|
||||
from ..lib.utils import urlparse
|
||||
from ..models.setting import Setting
|
||||
|
||||
|
||||
class SAML(object):
|
||||
def __init__(self):
|
||||
if current_app.config['SAML_ENABLED']:
|
||||
if Setting().get('saml_enabled'):
|
||||
from onelogin.saml2.auth import OneLogin_Saml2_Auth
|
||||
from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser
|
||||
|
||||
|
@ -19,18 +20,15 @@ class SAML(object):
|
|||
self.OneLogin_Saml2_IdPMetadataParser = OneLogin_Saml2_IdPMetadataParser
|
||||
self.idp_data = None
|
||||
|
||||
if 'SAML_IDP_ENTITY_ID' in current_app.config:
|
||||
if Setting().get('saml_idp_entity_id'):
|
||||
self.idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(
|
||||
current_app.config['SAML_METADATA_URL'],
|
||||
entity_id=current_app.config.get('SAML_IDP_ENTITY_ID',
|
||||
None),
|
||||
required_sso_binding=current_app.
|
||||
config['SAML_IDP_SSO_BINDING'])
|
||||
Setting().get('saml_metadata_url'),
|
||||
entity_id=Setting().get('saml_idp_entity_id'),
|
||||
required_sso_binding=Setting().get('saml_idp_sso_binding'))
|
||||
else:
|
||||
self.idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(
|
||||
current_app.config['SAML_METADATA_URL'],
|
||||
entity_id=current_app.config.get('SAML_IDP_ENTITY_ID',
|
||||
None))
|
||||
Setting().get('saml_metadata_url'),
|
||||
entity_id=None)
|
||||
if self.idp_data is None:
|
||||
current_app.logger.info(
|
||||
'SAML: IDP Metadata initial load failed')
|
||||
|
@ -39,7 +37,7 @@ class SAML(object):
|
|||
def get_idp_data(self):
|
||||
|
||||
lifetime = timedelta(
|
||||
minutes=current_app.config['SAML_METADATA_CACHE_LIFETIME'])
|
||||
minutes=int(Setting().get('saml_metadata_cache_lifetime'))) # should be seconds instead of minutes?
|
||||
|
||||
if self.idp_timestamp + lifetime < datetime.now():
|
||||
background_thread = Thread(target=self.retrieve_idp_data())
|
||||
|
@ -49,22 +47,22 @@ class SAML(object):
|
|||
|
||||
def retrieve_idp_data(self):
|
||||
|
||||
if 'SAML_IDP_SSO_BINDING' in current_app.config:
|
||||
if Setting().get('saml_idp_sso_binding'):
|
||||
new_idp_data = self.OneLogin_Saml2_IdPMetadataParser.parse_remote(
|
||||
current_app.config['SAML_METADATA_URL'],
|
||||
entity_id=current_app.config.get('SAML_IDP_ENTITY_ID', None),
|
||||
required_sso_binding=current_app.config['SAML_IDP_SSO_BINDING']
|
||||
Setting().get('saml_metadata_url'),
|
||||
entity_id=Setting().get('saml_idp_entity_id'),
|
||||
required_sso_binding=Setting().get('saml_idp_sso_binding')
|
||||
)
|
||||
else:
|
||||
new_idp_data = self.OneLogin_Saml2_IdPMetadataParser.parse_remote(
|
||||
current_app.config['SAML_METADATA_URL'],
|
||||
entity_id=current_app.config.get('SAML_IDP_ENTITY_ID', None))
|
||||
Setting().get('saml_metadata_url'),
|
||||
entity_id=Setting().get('saml_idp_entity_id'))
|
||||
if new_idp_data is not None:
|
||||
self.idp_data = new_idp_data
|
||||
self.idp_timestamp = datetime.now()
|
||||
current_app.logger.info(
|
||||
"SAML: IDP Metadata successfully retrieved from: " +
|
||||
current_app.config['SAML_METADATA_URL'])
|
||||
Setting().get('saml_metadata_url'))
|
||||
else:
|
||||
current_app.logger.info(
|
||||
"SAML: IDP Metadata could not be retrieved")
|
||||
|
@ -94,20 +92,19 @@ class SAML(object):
|
|||
metadata = self.get_idp_data()
|
||||
settings = {}
|
||||
settings['sp'] = {}
|
||||
if 'SAML_NAMEID_FORMAT' in current_app.config:
|
||||
settings['sp']['NameIDFormat'] = current_app.config[
|
||||
'SAML_NAMEID_FORMAT']
|
||||
if Setting().get('saml_nameid_format'):
|
||||
settings['sp']['NameIDFormat'] = Setting().get('saml_nameid_format')
|
||||
else:
|
||||
settings['sp']['NameIDFormat'] = self.idp_data.get('sp', {}).get(
|
||||
'NameIDFormat',
|
||||
'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified')
|
||||
settings['sp']['entityId'] = current_app.config['SAML_SP_ENTITY_ID']
|
||||
settings['sp']['entityId'] = Setting().get('saml_sp_entity_id')
|
||||
|
||||
|
||||
if ('SAML_CERT' in current_app.config) and ('SAML_KEY' in current_app.config):
|
||||
if (Setting().get('saml_cert_file')) and (Setting().get('saml_cert_key')):
|
||||
|
||||
saml_cert_file = current_app.config['SAML_CERT']
|
||||
saml_key_file = current_app.config['SAML_KEY']
|
||||
saml_cert_file = Setting().get('saml_cert_file')
|
||||
saml_key_file = Setting().get('saml_cert_key')
|
||||
|
||||
if os.path.isfile(saml_cert_file):
|
||||
cert = open(saml_cert_file, "r").readlines()
|
||||
|
@ -130,8 +127,8 @@ class SAML(object):
|
|||
settings['sp']['privateKey'] = "".join(key)
|
||||
|
||||
|
||||
if 'SAML_SP_REQUESTED_ATTRIBUTES' in current_app.config:
|
||||
saml_req_attr = json.loads(current_app.config['SAML_SP_REQUESTED_ATTRIBUTES'])
|
||||
if Setting().get('saml_sp_requested_attributes'):
|
||||
saml_req_attr = json.loads(Setting().get('saml_sp_requested_attributes'))
|
||||
settings['sp']['attributeConsumingService'] = {
|
||||
"serviceName": "PowerDNSAdmin",
|
||||
"serviceDescription": "PowerDNS-Admin - PowerDNS administration utility",
|
||||
|
@ -152,7 +149,7 @@ class SAML(object):
|
|||
settings['sp']['singleLogoutService']['url'] = own_url + '/saml/sls'
|
||||
settings['idp'] = metadata['idp']
|
||||
settings['strict'] = True
|
||||
settings['debug'] = current_app.config['SAML_DEBUG']
|
||||
settings['debug'] = Setting().get('saml_debug')
|
||||
settings['security'] = {}
|
||||
settings['security'][
|
||||
'digestAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
||||
|
@ -161,33 +158,24 @@ class SAML(object):
|
|||
settings['security']['requestedAuthnContext'] = True
|
||||
settings['security'][
|
||||
'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
||||
settings['security']['wantAssertionsEncrypted'] = current_app.config.get(
|
||||
'SAML_ASSERTION_ENCRYPTED', True)
|
||||
settings['security']['wantAssertionsEncrypted'] = Setting().get('saml_assertion_encrypted')
|
||||
settings['security']['wantAttributeStatement'] = True
|
||||
settings['security']['wantNameId'] = True
|
||||
settings['security']['authnRequestsSigned'] = current_app.config[
|
||||
'SAML_SIGN_REQUEST']
|
||||
settings['security']['logoutRequestSigned'] = current_app.config[
|
||||
'SAML_SIGN_REQUEST']
|
||||
settings['security']['logoutResponseSigned'] = current_app.config[
|
||||
'SAML_SIGN_REQUEST']
|
||||
settings['security']['authnRequestsSigned'] = Setting().get('saml_sign_request')
|
||||
settings['security']['logoutRequestSigned'] = Setting().get('saml_sign_request')
|
||||
settings['security']['logoutResponseSigned'] = Setting().get('saml_sign_request')
|
||||
settings['security']['nameIdEncrypted'] = False
|
||||
settings['security']['signMetadata'] = True
|
||||
settings['security']['wantAssertionsSigned'] = True
|
||||
settings['security']['wantMessagesSigned'] = current_app.config.get(
|
||||
'SAML_WANT_MESSAGE_SIGNED', True)
|
||||
settings['security']['signMetadata'] = Setting().get('saml_sign_metadata')
|
||||
settings['security']['wantAssertionsSigned'] = Setting().get('saml_want_assertions_signed')
|
||||
settings['security']['wantMessagesSigned'] = Setting().get('saml_want_message_signed')
|
||||
settings['security']['wantNameIdEncrypted'] = False
|
||||
settings['contactPerson'] = {}
|
||||
settings['contactPerson']['support'] = {}
|
||||
settings['contactPerson']['support'][
|
||||
'emailAddress'] = current_app.config['SAML_SP_CONTACT_NAME']
|
||||
settings['contactPerson']['support']['givenName'] = current_app.config[
|
||||
'SAML_SP_CONTACT_MAIL']
|
||||
settings['contactPerson']['support']['emailAddress'] = Setting().get('saml_sp_contact_mail')
|
||||
settings['contactPerson']['support']['givenName'] = Setting().get('saml_sp_contact_name')
|
||||
settings['contactPerson']['technical'] = {}
|
||||
settings['contactPerson']['technical'][
|
||||
'emailAddress'] = current_app.config['SAML_SP_CONTACT_MAIL']
|
||||
settings['contactPerson']['technical'][
|
||||
'givenName'] = current_app.config['SAML_SP_CONTACT_NAME']
|
||||
settings['contactPerson']['technical']['emailAddress'] = Setting().get('saml_sp_contact_mail')
|
||||
settings['contactPerson']['technical']['givenName'] = Setting().get('saml_sp_contact_name')
|
||||
settings['organization'] = {}
|
||||
settings['organization']['en-US'] = {}
|
||||
settings['organization']['en-US']['displayname'] = 'PowerDNS-Admin'
|
||||
|
|
|
@ -766,12 +766,12 @@
|
|||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_sp_contact_name">SP Contact Name</label>
|
||||
<input type="text" class="form-control" name="saml_sp_contact_name" id="saml_sp_contact_name" placeholder="<contact name>" data-error="Please input SAML SP contact name" value="{{ SETTING.get('saml_sp_entity_name') }}">
|
||||
<input type="text" class="form-control" name="saml_sp_contact_name" id="saml_sp_contact_name" placeholder="<contact name>" data-error="Please input SAML SP contact name" value="{{ SETTING.get('saml_sp_contact_name') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_sp_contact_mail">SP Contact Mail</label>
|
||||
<input type="text" class="form-control" name="saml_sp_contact_mail" id="saml_sp_contact_mail" placeholder="<contact mail>" data-error="Please input SAML SP contact mail" value="{{ SETTING.get('saml_sp_entity_mail') }}">
|
||||
<input type="text" class="form-control" name="saml_sp_contact_mail" id="saml_sp_contact_mail" placeholder="<contact mail>" data-error="Please input SAML SP contact mail" value="{{ SETTING.get('saml_sp_contact_mail') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
|
@ -800,7 +800,7 @@
|
|||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_logout_url">Logout URL</label>
|
||||
<input type="text" class="form-control" name="saml_saml_logout_url" id="saml_logout_url" placeholder="must be a valid logout URL" data-error="Please input SAML logout URL" value="{{ SETTING.get('saml_logout_url') }}">
|
||||
<input type="text" class="form-control" name="saml_logout_url" id="saml_logout_url" placeholder="must be a valid logout URL" data-error="Please input SAML logout URL" value="{{ SETTING.get('saml_logout_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
|
@ -810,6 +810,38 @@
|
|||
<input type="checkbox" id="saml_assertion_encrypted" name="saml_assertion_encrypted" class="checkbox" {% if SETTING.get('saml_assertion_encrypted') %}checked{% endif %}>
|
||||
<label for="saml_assertion_encrypted">Encrypted Assertion</label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_want_assertions_signed" name="saml_want_assertions_signed" class="checkbox" {% if SETTING.get('saml_want_assertions_signed') %}checked{% endif %}>
|
||||
<label for="saml_want_assertions_encrypted">Want Assertions Signed </label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_digest_algorithm">Digest Algorithm</label>
|
||||
<input type="text" class="form-control" name="saml_digest_algorithm" id="saml_digest_algorithm" placeholder="must be a valid algorithm" data-error="Please input SAML digest algorithm" value="{{ SETTING.get('saml_digest_algorithm') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_signature_algorithm">Signature Algorithm</label>
|
||||
<input type="text" class="form-control" name="saml_signature_algorithm" id="saml_signature_algorithm" placeholder="must be a valid algorithm" data-error="Please input SAML signature algorithm" value="{{ SETTING.get('saml_signature_algorithm') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_want_message_signed" name="saml_want_message_signed" class="checkbox" {% if SETTING.get('saml_want_message_signed') %}checked{% endif %}>
|
||||
<label for="saml_want_message_signed">Want Message Signed </label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_sign_metadata" name="saml_sign_metadata" class="checkbox" {% if SETTING.get('saml_signed_metadata') %}checked{% endif %}>
|
||||
<label for="saml_sign_metadata">Sign Metadata </label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_cache_duration">Metadata Cache Duration</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_cache_duration" id="saml_metadata_cache_duration" placeholder="Cache duration in seconds" data-error="Please input Metadata Cache Duration" value="{{ SETTING.get('saml_metadata_cache_duration') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_valid_until">Metadata Valid Until</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_valid_until" id="saml_metadata_valid_until" placeholder="Time-moment when metadata stops being valid" data-error="Please input Metadata Expiration Date" value="{{ SETTING.get('saml_metadata_valid_until') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
<div class="form-group">
|
||||
<button type="submit" class="btn btn-flat btn-primary">Save</button>
|
||||
|
@ -1315,7 +1347,7 @@
|
|||
{% endif %}
|
||||
//END: OIDC Tab JS
|
||||
|
||||
// START: OIDC tab js
|
||||
// START: SAML tab js
|
||||
$('#saml_enabled').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
|
@ -1340,6 +1372,10 @@
|
|||
$('#saml_cert_file').prop('required', true);
|
||||
$('#saml_cert_key').prop('required', true);
|
||||
$('#saml_logout_url').prop('required', true);
|
||||
$('#saml_digest_algorithm').prop('required', true);
|
||||
$('#saml_signature_algorithm').prop('required', true);
|
||||
$('#saml_metadata_cache_duration').prop('required', true);
|
||||
$('#saml_metadata_valid_until').prop('required', true);
|
||||
} else {
|
||||
$('#saml_metadata_url').prop('required', false);
|
||||
$('#saml_metadata_cache_lifetime').prop('required', false);
|
||||
|
@ -1359,6 +1395,10 @@
|
|||
$('#saml_cert_file').prop('required', false);
|
||||
$('#saml_cert_key').prop('required', false);
|
||||
$('#saml_logout_url').prop('required', false);
|
||||
$('#saml_digest_algorithm').prop('required', false);
|
||||
$('#saml_signature_algorithm').prop('required', false);
|
||||
$('#saml_metadata_cache_duration').prop('required', false);
|
||||
$('#saml_metadata_valid_until').prop('required', false);
|
||||
}
|
||||
});
|
||||
// init validation requirement at first time page load
|
||||
|
@ -1380,10 +1420,12 @@
|
|||
$('#saml_sp_contact_mail').prop('required', true);
|
||||
$('#saml_cert_file').prop('required', true);
|
||||
$('#saml_cert_key').prop('required', true);
|
||||
$('#saml_sign_request').prop('required', true);
|
||||
$('#saml_logout').prop('required', true);
|
||||
$('#saml_logout_url').prop('required', true);
|
||||
$('#saml_assertion_encrypted').prop('required', true);
|
||||
$('#saml_digest_algorithm').prop('required', true);
|
||||
$('#saml_signature_algorithm').prop('required', true);
|
||||
$('#saml_metadata_cache_duration').prop('required', true);
|
||||
$('#saml_metadata_valid_until').prop('required', true);
|
||||
{% endif %}
|
||||
|
||||
$('#saml_sign_request').iCheck({
|
||||
|
@ -1398,7 +1440,19 @@
|
|||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
// END: OIDC Tab js
|
||||
$('#saml_want_assertions_signed').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
$('#saml_want_message_signed').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
$('#saml_sign_metadata').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
// END: SAML Tab js
|
||||
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in a new issue