Refactored and recategorized SAML Settings
This commit is contained in:
vmarkop
parent
69c7a7caa9
commit
d57a37e9c1
|
|
@ -114,7 +114,8 @@ class Setting(db.Model):
|
|||
'saml_debug': True,
|
||||
'saml_metadata_url': 'https://md.aai.grnet.gr/aggregates/grnet-metadata.xml',
|
||||
'saml_metadata_cache_lifetime': '1',
|
||||
'saml_idp_sso_binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
'saml_idp_sso_binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
||||
'saml_idp_slo_binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
'saml_idp_entity_id': 'https://idp.uoa.gr/idp/shibboleth',
|
||||
'saml_nameid_format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
|
||||
'saml_sp_requested_attributes': '[ \
|
||||
|
|
@ -137,15 +138,18 @@ class Setting(db.Model):
|
|||
'saml_sp_contact_mail': 'pda@uoa.gr',
|
||||
'saml_cert_file': '/etc/pki/powerdns-admin/cert.crt',
|
||||
'saml_cert_key': '/etc/pki/powerdns-admin/key.pem',
|
||||
'saml_sign_request': False,
|
||||
'saml_sign_authn_request': False,
|
||||
'saml_sign_logout_request_response': False,
|
||||
'saml_logout': True,
|
||||
'saml_logout_url': 'https://google.com',
|
||||
'saml_assertion_encrypted': False,
|
||||
'saml_want_assertions_encrypted': False,
|
||||
'saml_digest_algorithm': 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
||||
'saml_signature_algorithm': 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
||||
'saml_want_assertions_signed': True,
|
||||
'saml_sign_metadata': False,
|
||||
'saml_want_message_signed': False,
|
||||
'saml_nameid_encrypted': 'False',
|
||||
'saml_want_nameid_encrypted': 'False',
|
||||
'saml_metadata_cache_duration': 'PT5M',
|
||||
'saml_metadata_valid_until': '999999999999999999',
|
||||
'saml_autoprovisioning': True,
|
||||
|
|
|
|||
|
|
@ -1646,6 +1646,8 @@ def setting_authentication():
|
|||
else Setting().defaults['saml_metadata_cache_lifetime']))
|
||||
Setting().set('saml_idp_sso_binding',
|
||||
request.form.get('saml_idp_sso_binding'))
|
||||
Setting().set('saml_idp_slo_binding',
|
||||
request.form.get('saml_idp_slo_binding'))
|
||||
Setting().set('saml_idp_entity_id',
|
||||
request.form.get('saml_idp_entity_id'))
|
||||
Setting().set('saml_nameid_format',
|
||||
|
|
@ -1689,8 +1691,11 @@ def setting_authentication():
|
|||
Setting().set('saml_cert_key',
|
||||
request.form.get('saml_cert_key'))
|
||||
Setting().set(
|
||||
'saml_sign_request',
|
||||
True if request.form.get('saml_sign_request') else False)
|
||||
'saml_sign_authn_request',
|
||||
True if request.form.get('saml_sign_authn_request') else False)
|
||||
Setting().set(
|
||||
'saml_sign_logout_request_response',
|
||||
True if request.form.get('saml_sign_logout_request_response') else False)
|
||||
Setting().set(
|
||||
'saml_logout',
|
||||
True if request.form.get('saml_logout') else False)
|
||||
|
|
@ -1698,11 +1703,17 @@ def setting_authentication():
|
|||
Setting().set('saml_logout_url',
|
||||
request.form.get('saml_logout_url'))
|
||||
Setting().set(
|
||||
'saml_assertion_encrypted',
|
||||
True if request.form.get('saml_assertion_encrypted') else False)
|
||||
'saml_want_assertions_encrypted',
|
||||
True if request.form.get('saml_want_assertions_encrypted') else False)
|
||||
Setting().set(
|
||||
'saml_want_assertions_signed',
|
||||
True if request.form.get('saml_want_assertions_signed') else False)
|
||||
Setting().set(
|
||||
'saml_want_nameid_encrypted',
|
||||
True if request.form.get('saml_want_nameid_encrypted') else False)
|
||||
Setting().set(
|
||||
'saml_nameid_encrypted',
|
||||
True if request.form.get('saml_nameid_encrypted') else False)
|
||||
Setting().set('saml_digest_algorithm',
|
||||
request.form.get('saml_digest_algorithm'))
|
||||
Setting().set('saml_signature_algorithm',
|
||||
|
|
|
|||
|
|
@ -44,17 +44,17 @@ class SAML(object):
|
|||
|
||||
def get_idp_data(self):
|
||||
|
||||
# lifetime = timedelta(
|
||||
# minutes=int(Setting().get('saml_metadata_cache_lifetime'))) # should be seconds instead of minutes?
|
||||
lifetime = timedelta(
|
||||
minutes=int(Setting().get('saml_metadata_cache_lifetime'))) # should be seconds instead of minutes?
|
||||
# Since SAML is now user-configurable, idp_data may change before the lifetime has ended,
|
||||
# so metadata should not be cached at all, or outdated settings may be used.
|
||||
try:
|
||||
self.retrieve_idp_data()
|
||||
except:
|
||||
return None
|
||||
# if self.idp_timestamp + lifetime < datetime.now():
|
||||
background_thread = Thread(target=self.retrieve_idp_data())
|
||||
background_thread.start()
|
||||
if self.idp_timestamp + lifetime < datetime.now():
|
||||
background_thread = Thread(target=self.retrieve_idp_data())
|
||||
background_thread.start()
|
||||
|
||||
return self.idp_data
|
||||
|
||||
|
|
@ -158,12 +158,12 @@ class SAML(object):
|
|||
|
||||
settings['sp']['assertionConsumerService'] = {}
|
||||
settings['sp']['assertionConsumerService'][
|
||||
'binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
|
||||
'binding'] = Setting().get('saml_idp_sso_binding')
|
||||
settings['sp']['assertionConsumerService'][
|
||||
'url'] = own_url + '/saml/authorized'
|
||||
settings['sp']['singleLogoutService'] = {}
|
||||
settings['sp']['singleLogoutService'][
|
||||
'binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
||||
'binding'] = Setting().get('saml_idp_slo_binding')
|
||||
settings['sp']['singleLogoutService']['url'] = own_url + '/saml/sls'
|
||||
settings['idp'] = metadata['idp']
|
||||
settings['strict'] = True
|
||||
|
|
@ -176,17 +176,17 @@ class SAML(object):
|
|||
settings['security']['requestedAuthnContext'] = True
|
||||
settings['security'][
|
||||
'signatureAlgorithm'] = Setting().get('saml_signature_algorithm')
|
||||
settings['security']['wantAssertionsEncrypted'] = Setting().get('saml_assertion_encrypted')
|
||||
settings['security']['wantAssertionsEncrypted'] = Setting().get('saml_want_assertions_encrypted')
|
||||
settings['security']['wantAttributeStatement'] = True
|
||||
settings['security']['wantNameId'] = True
|
||||
settings['security']['authnRequestsSigned'] = Setting().get('saml_sign_request')
|
||||
settings['security']['logoutRequestSigned'] = Setting().get('saml_sign_request')
|
||||
settings['security']['logoutResponseSigned'] = Setting().get('saml_sign_request')
|
||||
settings['security']['nameIdEncrypted'] = False
|
||||
settings['security']['authnRequestsSigned'] = Setting().get('saml_sign_authn_request')
|
||||
settings['security']['logoutRequestSigned'] = Setting().get('saml_sign_logout_request_response')
|
||||
settings['security']['logoutResponseSigned'] = Setting().get('saml_sign_logout_request_response')
|
||||
settings['security']['nameIdEncrypted'] = Setting().get('saml_nameid_encrypted')
|
||||
settings['security']['signMetadata'] = Setting().get('saml_sign_metadata')
|
||||
settings['security']['wantAssertionsSigned'] = Setting().get('saml_want_assertions_signed')
|
||||
settings['security']['wantMessagesSigned'] = Setting().get('saml_want_message_signed')
|
||||
settings['security']['wantNameIdEncrypted'] = False
|
||||
settings['security']['wantNameIdEncrypted'] = Setting().get('saml_want_nameid_encrypted')
|
||||
settings['contactPerson'] = {}
|
||||
settings['contactPerson']['support'] = {}
|
||||
settings['contactPerson']['support']['emailAddress'] = Setting().get('saml_sp_contact_mail')
|
||||
|
|
|
|||
|
|
@ -691,39 +691,63 @@
|
|||
<label for="saml_enabled">Enable SAML</label>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>METADATA</legend>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_url">Metadata URL</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_url" id="saml_metadata_url" placeholder="SAML Metadata URL" data-error="Please input SAML Metadata URL" value="{{ SETTING.get('saml_metadata_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_cache_lifetime">Metadata Cache Lifetime</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_cache_lifetime" id="saml_metadata_cache_lifetime" placeholder="SAML Metadata Cache Lifetime" data-error="Please input SAML Metadata Cache Lifetime" value="{{ SETTING.get('saml_metadata_cache_lifetime') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>IDP</legend>
|
||||
<div class="form-group">
|
||||
<label for="saml_idp_sso_binding">IDP SSO Binding</label>
|
||||
<input type="text" class="form-control" name="saml_idp_sso_binding" id="saml_idp_sso_binding" placeholder="e.g. urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" data-error="Please input SAML IDP SSO Binding" value="{{ SETTING.get('saml_idp_sso_binding') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_idp_entity_id">IDP Entity ID</label>
|
||||
<input type="text" class="form-control" name="saml_idp_entity_id" id="saml_idp_entity_id" placeholder="e.g. https://idp.example.edu/idp" data-error="Please input SAML IDP Entity ID" value="{{ SETTING.get('saml_idp_entity_id') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_nameid_format">NameID Format</label>
|
||||
<input type="text" class="form-control" name="saml_nameid_format" id="saml_nameid_format" placeholder="e.g. urn:oid:0.9.2342.19200300.100.1.1" data-error="Please input NameID Format" value="{{ SETTING.get('saml_nameid_format') }}">
|
||||
<label for="saml_metadata_url">IDP Metadata URL</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_url" id="saml_metadata_url" placeholder="SAML Metadata URL" data-error="Please input SAML Metadata URL" value="{{ SETTING.get('saml_metadata_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_cache_lifetime">IDP Metadata Cache Lifetime</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_cache_lifetime" id="saml_metadata_cache_lifetime" placeholder="SAML Metadata Cache Lifetime" data-error="Please input SAML Metadata Cache Lifetime" value="{{ SETTING.get('saml_metadata_cache_lifetime') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_idp_sso_binding">IDP SSO Binding</label>
|
||||
<input type="text" class="form-control" name="saml_idp_sso_binding" id="saml_idp_sso_binding" placeholder="e.g. urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" data-error="Please input SAML IDP SSO Binding" value="{{ SETTING.get('saml_idp_sso_binding') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_idp_slo_binding">IDP SLO Binding</label>
|
||||
<input type="text" class="form-control" name="saml_idp_slo_binding" id="saml_idp_slo_binding" placeholder="e.g. urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT" data-error="Please input SAML IDP SLO Binding" value="{{ SETTING.get('saml_idp_slo_binding') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>ATTRIBUTES</legend>
|
||||
<legend>SP</legend>
|
||||
<div class="form-group">
|
||||
<label for="saml_sp_entity_id">SP Entity ID</label>
|
||||
<input type="text" class="form-control" name="saml_sp_entity_id" id="saml_sp_entity_id" placeholder="http://<SAML SP Entity ID>" data-error="Please input SAML SP Entity ID" value="{{ SETTING.get('saml_sp_entity_id') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_nameid_format">SP NameID Format</label>
|
||||
<input type="text" class="form-control" name="saml_nameid_format" id="saml_nameid_format" placeholder="e.g. urn:oid:0.9.2342.19200300.100.1.1" data-error="Please input NameID Format" value="{{ SETTING.get('saml_nameid_format') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_cache_duration">SP Metadata Cache Duration</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_cache_duration" id="saml_metadata_cache_duration" placeholder="Cache duration in seconds" data-error="Please input Metadata Cache Duration" value="{{ SETTING.get('saml_metadata_cache_duration') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_valid_until">SP Metadata Valid Until</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_valid_until" id="saml_metadata_valid_until" placeholder="Time-moment when metadata stops being valid" data-error="Please input Metadata Expiration Date" value="{{ SETTING.get('saml_metadata_valid_until') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_sign_metadata" name="saml_sign_metadata" class="checkbox" {% if SETTING.get('saml_sign_metadata') %}checked{% endif %}>
|
||||
<label for="saml_sign_metadata">Sign SP Metadata </label>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>SP ATTRIBUTES</legend>
|
||||
<div class="form-group">
|
||||
<label for="saml_sp_requested_attributes">Requested Attributes</label>
|
||||
<input type="text" class="form-control" name="saml_sp_requested_attributes" id="saml_sp_requested_attributes" placeholder="must be valid JSON" data-error="Plesae input Requested Attributes" value="{{ SETTING.get('saml_sp_requested_attributes') }}">
|
||||
|
|
@ -749,21 +773,6 @@
|
|||
<input type="text" class="form-control" name="saml_attribute_username" id="saml_attribute_username" placeholder="e.g. urn:oid:0.9.2342.19200300.100.1.1" data-error="Please input SAML Username Attribute" value="{{ SETTING.get('saml_attribute_username') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_attribute_admin">Admin</label>
|
||||
<input type="text" class="form-control" name="saml_attribute_admin" id="saml_attribute_admin" placeholder="e.g. https://example.edu/pdns-admin" data-error="Please input SAML Admin Attribute" value="{{ SETTING.get('saml_attribute_admin') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_attribute_account">Account</label>
|
||||
<input type="text" class="form-control" name="saml_attribute_account" id="saml_attribute_account" placeholder="e.g. https://example.edu/pdns-account" data-error="Please input SAML Account Attribute" value="{{ SETTING.get('saml_attribute_account') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_sp_entity_id">SP Entity ID</label>
|
||||
<input type="text" class="form-control" name="saml_sp_entity_id" id="saml_sp_entity_id" placeholder="http://<SAML SP Entity ID>" data-error="Please input SAML SP Entity ID" value="{{ SETTING.get('saml_sp_entity_id') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_sp_contact_name">SP Contact Name</label>
|
||||
<input type="text" class="form-control" name="saml_sp_contact_name" id="saml_sp_contact_name" placeholder="<contact name>" data-error="Please input SAML SP contact name" value="{{ SETTING.get('saml_sp_contact_name') }}">
|
||||
|
|
@ -776,7 +785,7 @@
|
|||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>CERTIFICATE</legend>
|
||||
<legend>SIGNING & ENCRYPTION</legend>
|
||||
<div class="form-group">
|
||||
<label for="saml_cert_file">Cert File</label>
|
||||
<input type="text" class="form-control" name="saml_cert_file" id="saml_cert_file" placeholder="e.g. opt/web/PowerDNS-Admin/cert.crt" data-error="Please input SAML cert file path" value="{{ SETTING.get('saml_cert_file') }}">
|
||||
|
|
@ -788,8 +797,42 @@
|
|||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_sign_request" name="saml_sign_request" class="checkbox" {% if SETTING.get('saml_sign_request') %}checked{% endif %}>
|
||||
<label for="saml_sign_request">Sign Request</label>
|
||||
<input type="checkbox" id="saml_sign_authn_request" name="saml_sign_authn_request" class="checkbox" {% if SETTING.get('saml_sign_authn_request') %}checked{% endif %}>
|
||||
<label for="saml_sign_authn_request">Sign Authentication Request</label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_sign_logout_request_response" name="saml_sign_logout_request_response" class="checkbox" {% if SETTING.get('saml_sign_logout_request_response') %}checked{% endif %}>
|
||||
<label for="saml_sign_logout_request_response">Sign Logout Request & Response</label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_want_assertions_encrypted" name="saml_want_assertions_encrypted" class="checkbox" {% if SETTING.get('saml_want_assertions_encrypted') %}checked{% endif %}>
|
||||
<label for="saml_want_assertions_encrypted">Want Assertions Encrypted</label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_want_assertions_signed" name="saml_want_assertions_signed" class="checkbox" {% if SETTING.get('saml_want_assertions_signed') %}checked{% endif %}>
|
||||
<label for="saml_want_assertions_encrypted">Want Assertions Signed</label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_want_message_signed" name="saml_want_message_signed" class="checkbox" {% if SETTING.get('saml_want_message_signed') %}checked{% endif %}>
|
||||
<label for="saml_want_message_signed">Want Message Signed </label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_nameid_encrypted" name="saml_nameid_encrypted" class="checkbox" {% if SETTING.get('saml_nameid_encrypted') %}checked{% endif %}>
|
||||
<label for="saml_nameid_encrypted">NameID Encrypted </label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_want_nameid_encrypted" name="saml_want_nameid_encrypted" class="checkbox" {% if SETTING.get('saml_want_nameid_encrypted') %}checked{% endif %}>
|
||||
<label for="saml_want_message_signed">Want NameID Encrypted </label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_digest_algorithm">Digest Algorithm</label>
|
||||
<input type="text" class="form-control" name="saml_digest_algorithm" id="saml_digest_algorithm" placeholder="must be a valid algorithm" data-error="Please input SAML digest algorithm" value="{{ SETTING.get('saml_digest_algorithm') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_signature_algorithm">Signature Algorithm</label>
|
||||
<input type="text" class="form-control" name="saml_signature_algorithm" id="saml_signature_algorithm" placeholder="must be a valid algorithm" data-error="Please input SAML signature algorithm" value="{{ SETTING.get('saml_signature_algorithm') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
|
|
@ -804,50 +847,18 @@
|
|||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>ENCRYPTION</legend>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_assertion_encrypted" name="saml_assertion_encrypted" class="checkbox" {% if SETTING.get('saml_assertion_encrypted') %}checked{% endif %}>
|
||||
<label for="saml_assertion_encrypted">Encrypted Assertion</label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_want_assertions_signed" name="saml_want_assertions_signed" class="checkbox" {% if SETTING.get('saml_want_assertions_signed') %}checked{% endif %}>
|
||||
<label for="saml_want_assertions_encrypted">Want Assertions Signed </label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_digest_algorithm">Digest Algorithm</label>
|
||||
<input type="text" class="form-control" name="saml_digest_algorithm" id="saml_digest_algorithm" placeholder="must be a valid algorithm" data-error="Please input SAML digest algorithm" value="{{ SETTING.get('saml_digest_algorithm') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_signature_algorithm">Signature Algorithm</label>
|
||||
<input type="text" class="form-control" name="saml_signature_algorithm" id="saml_signature_algorithm" placeholder="must be a valid algorithm" data-error="Please input SAML signature algorithm" value="{{ SETTING.get('saml_signature_algorithm') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_want_message_signed" name="saml_want_message_signed" class="checkbox" {% if SETTING.get('saml_want_message_signed') %}checked{% endif %}>
|
||||
<label for="saml_want_message_signed">Want Message Signed </label>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="saml_sign_metadata" name="saml_sign_metadata" class="checkbox" {% if SETTING.get('saml_sign_metadata') %}checked{% endif %}>
|
||||
<label for="saml_sign_metadata">Sign Metadata </label>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>DURATION</legend>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_cache_duration">Metadata Cache Duration</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_cache_duration" id="saml_metadata_cache_duration" placeholder="Cache duration in seconds" data-error="Please input Metadata Cache Duration" value="{{ SETTING.get('saml_metadata_cache_duration') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_metadata_valid_until">Metadata Valid Until</label>
|
||||
<input type="text" class="form-control" name="saml_metadata_valid_until" id="saml_metadata_valid_until" placeholder="Time-moment when metadata stops being valid" data-error="Please input Metadata Expiration Date" value="{{ SETTING.get('saml_metadata_valid_until') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>AUTOPROVISION</legend>
|
||||
<div class="form-group">
|
||||
<label for="saml_attribute_admin">Admin SP Attribute</label>
|
||||
<input type="text" class="form-control" name="saml_attribute_admin" id="saml_attribute_admin" placeholder="e.g. https://example.edu/pdns-admin" data-error="Please input SAML Admin Attribute" value="{{ SETTING.get('saml_attribute_admin') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="saml_attribute_account">Account SP Attribute</label>
|
||||
<input type="text" class="form-control" name="saml_attribute_account" id="saml_attribute_account" placeholder="e.g. https://example.edu/pdns-account" data-error="Please input SAML Account Attribute" value="{{ SETTING.get('saml_attribute_account') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label>Roles Autoprovisioning</label> <br />
|
||||
<label>
|
||||
|
|
@ -896,7 +907,7 @@
|
|||
<b>Metadata URL</b> - URL to fetch metadata from
|
||||
</li>
|
||||
<li>
|
||||
<b>Metadata Cache Lifetime</b> - Cache Lifetime in Seconds before fresh metadata are requested
|
||||
<b>Metadata Cache Lifetime</b> - Cache Lifetime in minutes before fresh metadata are requested
|
||||
</li>
|
||||
</ul>
|
||||
</dd>
|
||||
|
|
@ -1479,26 +1490,17 @@
|
|||
var is_enabled = e.currentTarget.checked;
|
||||
if (is_enabled){
|
||||
$('#saml_metadata_url').prop('required', true);
|
||||
// $('#saml_metadata_cache_lifetime').prop('required', true);
|
||||
$('#saml_idp_sso_binding').prop('required', true);
|
||||
$('#saml_idp_slo_binding').prop('required', true);
|
||||
$('#saml_idp_entity_id').prop('required', true);
|
||||
$('#saml_nameid_format').prop('required', true);
|
||||
$('#saml_sp_requested_attributes').prop('required', true);
|
||||
// $('#saml_attribute_email').prop('required', true);
|
||||
// $('#saml_attribute_givenname').prop('required', true);
|
||||
// $('#saml_attribute_surname').prop('required', true);
|
||||
$('#saml_attribute_username').prop('required', true);
|
||||
// $('#saml_attribute_admin').prop('required', true);
|
||||
// $('#saml_attribute_account').prop('required', true);
|
||||
$('#saml_sp_entity_id').prop('required', true);
|
||||
// $('#saml_sp_contact_name').prop('required', true);
|
||||
// $('#saml_sp_contact_mail').prop('required', true);
|
||||
$('#saml_cert_file').prop('required', true);
|
||||
$('#saml_cert_key').prop('required', true);
|
||||
$('#saml_digest_algorithm').prop('required', true);
|
||||
$('#saml_signature_algorithm').prop('required', true);
|
||||
// $('#saml_metadata_cache_duration').prop('required', true);
|
||||
// $('#saml_metadata_valid_until').prop('required', true);
|
||||
if ($('#saml_logout').is(":checked")) {
|
||||
$('#saml_logout_url').prop('required', true);
|
||||
}
|
||||
|
|
@ -1508,27 +1510,18 @@
|
|||
}
|
||||
} else {
|
||||
$('#saml_metadata_url').prop('required', false);
|
||||
// $('#saml_metadata_cache_lifetime').prop('required', false);
|
||||
$('#saml_idp_sso_binding').prop('required', false);
|
||||
$('#saml_idp_slo_binding').prop('required', false);
|
||||
$('#saml_idp_entity_id').prop('required', false);
|
||||
$('#saml_nameid_format').prop('required', false);
|
||||
$('#saml_sp_requested_attributes').prop('required', false);
|
||||
// $('#saml_attribute_email').prop('required', false);
|
||||
// $('#saml_attribute_givenname').prop('required', false);
|
||||
// $('#saml_attribute_surname').prop('required', false);
|
||||
$('#saml_attribute_username').prop('required', false);
|
||||
// $('#saml_attribute_admin').prop('required', false);
|
||||
// $('#saml_attribute_account').prop('required', false);
|
||||
$('#saml_sp_entity_id').prop('required', false);
|
||||
// $('#saml_sp_contact_name').prop('required', false);
|
||||
// $('#saml_sp_contact_mail').prop('required', false);
|
||||
$('#saml_cert_file').prop('required', false);
|
||||
$('#saml_cert_key').prop('required', false);
|
||||
$('#saml_logout_url').prop('required', false);
|
||||
$('#saml_digest_algorithm').prop('required', false);
|
||||
$('#saml_signature_algorithm').prop('required', false);
|
||||
// $('#saml_metadata_cache_duration').prop('required', false);
|
||||
// $('#saml_metadata_valid_until').prop('required', false);
|
||||
$('#saml_autoprovisioning_attribute').prop('required', false);
|
||||
$('#saml_urn_prefix').prop('required', false);
|
||||
}
|
||||
|
|
@ -1536,26 +1529,16 @@
|
|||
// init validation requirement at first time page load
|
||||
{% if SETTING.get('saml_enabled') %}
|
||||
$('#saml_metadata_url').prop('required', true);
|
||||
// $('#saml_metadata_cache_lifetime').prop('required', true);
|
||||
$('#saml_idp_sso_binding').prop('required', true);
|
||||
$('#saml_idp_slo_binding').prop('required', true);
|
||||
$('#saml_idp_entity_id').prop('required', true);
|
||||
$('#saml_nameid_format').prop('required', true);
|
||||
$('#saml_sp_requested_attributes').prop('required', true);
|
||||
// $('#saml_attribute_email').prop('required', true);
|
||||
// $('#saml_attribute_givenname').prop('required', true);
|
||||
// $('#saml_attribute_surname').prop('required', true);
|
||||
$('#saml_attribute_username').prop('required', true);
|
||||
// $('#saml_attribute_admin').prop('required', true);
|
||||
// $('#saml_attribute_account').prop('required', true);
|
||||
$('#saml_sp_entity_id').prop('required', true);
|
||||
// $('#saml_sp_contact_name').prop('required', true);
|
||||
// $('#saml_sp_contact_mail').prop('required', true);
|
||||
// $('#saml_cert_file').prop('required', true);
|
||||
$('#saml_cert_key').prop('required', true);
|
||||
$('#saml_digest_algorithm').prop('required', true);
|
||||
$('#saml_signature_algorithm').prop('required', true);
|
||||
// $('#saml_metadata_cache_duration').prop('required', true);
|
||||
// $('#saml_metadata_valid_until').prop('required', true);
|
||||
if ($('#saml_logout').is(":checked")) {
|
||||
$('#saml_logout_url').prop('required', true);
|
||||
}
|
||||
|
|
@ -1609,11 +1592,23 @@
|
|||
}
|
||||
});
|
||||
|
||||
$('#saml_sign_request').iCheck({
|
||||
$('#saml_sign_authn_request').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
$('#saml_assertion_encrypted').iCheck({
|
||||
$('#saml_sign_logout_request_response').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
$('#saml_nameid_encrypted').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
$('#saml_want_nameid_encrypted').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
$('#saml_want_assertions_encrypted').iCheck({
|
||||
checkboxClass : 'icheckbox_square-blue',
|
||||
increaseArea : '20%'
|
||||
})
|
||||
|
|
|
|||
Loading…
Reference in a new issue