added role autoprovisioning for saml
This commit is contained in:
parent
0f8b8984a2
commit
9f8ec56183
|
@ -111,7 +111,7 @@ class Setting(db.Model):
|
||||||
'oidc_oauth_account_name_property': '',
|
'oidc_oauth_account_name_property': '',
|
||||||
'oidc_oauth_account_description_property': '',
|
'oidc_oauth_account_description_property': '',
|
||||||
'saml_autoprovisioning': False,
|
'saml_autoprovisioning': False,
|
||||||
'saml_urn_value': '',
|
'saml_urn_prefix': '',
|
||||||
'saml_autoprovisioning_attribute': '',
|
'saml_autoprovisioning_attribute': '',
|
||||||
'saml_purge': False,
|
'saml_purge': False,
|
||||||
'forward_records_allow_edit': {
|
'forward_records_allow_edit': {
|
||||||
|
|
|
@ -1035,9 +1035,9 @@ def saml_authorized():
|
||||||
created_by='SAML Assertion')
|
created_by='SAML Assertion')
|
||||||
history.add()
|
history.add()
|
||||||
elif Setting().get('saml_autoprovisioning'):
|
elif Setting().get('saml_autoprovisioning'):
|
||||||
urn_value = Setting().get('saml_urn_value') # urn_value for
|
urn_prefix = Setting().get('saml_urn_prefix')
|
||||||
key = Setting().get('saml_autoprovisioning_attribute')
|
autoprovisioning_attribute = Setting().get('saml_autoprovisioning_attribute')
|
||||||
Entitlements = read_saml_entitlements(urn_value, session['samlUserdata'])
|
Entitlements = read_saml_entitlements(urn_prefix, autoprovisioning_attribute, session['samlUserdata'])
|
||||||
if len(Entitlements)==0 and Setting().get('saml_purge'):
|
if len(Entitlements)==0 and Setting().get('saml_purge'):
|
||||||
if user.role.name != 'User':
|
if user.role.name != 'User':
|
||||||
user.role_id = Role.query.filter_by(name='User').first().id
|
user.role_id = Role.query.filter_by(name='User').first().id
|
||||||
|
@ -1046,8 +1046,8 @@ def saml_authorized():
|
||||||
created_by='SAML Autoprovision')
|
created_by='SAML Autoprovision')
|
||||||
history.add()
|
history.add()
|
||||||
elif len(Entitlements)!=0:
|
elif len(Entitlements)!=0:
|
||||||
if checkForPDAEntries(Entitlements, urn_value):
|
if checkForPDAEntries(Entitlements, autoprovisioning_attribute):
|
||||||
user.updateUser(Entitlements, urn_value)
|
user.updateUser(Entitlements, autoprovisioning_attribute)
|
||||||
else:
|
else:
|
||||||
current_app.logger.warning('Not a single powerdns-admin record was found, possibly a typo in the prefix')
|
current_app.logger.warning('Not a single powerdns-admin record was found, possibly a typo in the prefix')
|
||||||
if Setting().get('saml_purge'):
|
if Setting().get('saml_purge'):
|
||||||
|
@ -1068,11 +1068,13 @@ def saml_authorized():
|
||||||
else:
|
else:
|
||||||
return render_template('errors/SAML.html', errors=errors)
|
return render_template('errors/SAML.html', errors=errors)
|
||||||
|
|
||||||
def read_saml_entitlements(urn_value, saml_userdata):
|
def read_saml_entitlements(urn_prefix, autoprovisioning_attribute, saml_userdata):
|
||||||
Entitlements = []
|
Entitlements = []
|
||||||
if urn_value in saml_userdata:
|
if autoprovisioning_attribute in saml_userdata:
|
||||||
for k in saml_userdata[urn_value]:
|
for k in saml_userdata[autoprovisioning_attribute]:
|
||||||
Entitlements.append(k)
|
pref = k.split(":powerdns-admin:")[0]
|
||||||
|
if pref == urn_prefix:
|
||||||
|
Entitlements.append(k)
|
||||||
return Entitlements
|
return Entitlements
|
||||||
|
|
||||||
def create_group_to_account_mapping():
|
def create_group_to_account_mapping():
|
||||||
|
|
Loading…
Reference in a new issue