Small tweaks to SAML2 configuration.

- Add saml2 config docs to default config.
- Use existence of saml2 config to indicate if saml2 should be enabled.

2 files changed, 34 insertions, 22 deletions

diff --git a/synapse/config/saml2.py b/synapse/config/saml2.py
index be5176db52..1532036876 100644
--- a/synapse/config/saml2.py
+++ b/synapse/config/saml2.py
@@ -16,27 +16,39 @@
 from ._base import Config
 
 
-#
-# SAML2 Configuration
-# Synapse uses pysaml2 libraries for providing SAML2 support
-#
-# config_path:      Path to the sp_conf.py configuration file
-# idp_redirect_url: Identity provider URL which will redirect
-#                   the user back to /login/saml2 with proper info.
-#
-# sp_conf.py file is something like:
-# https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
-#
-# More information: https://pythonhosted.org/pysaml2/howto/config.html
-#
 class SAML2Config(Config):
+    """SAML2 Configuration
+    Synapse uses pysaml2 libraries for providing SAML2 support
+
+    config_path:      Path to the sp_conf.py configuration file
+    idp_redirect_url: Identity provider URL which will redirect
+                      the user back to /login/saml2 with proper info.
+
+    sp_conf.py file is something like:
+    https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
+
+    More information: https://pythonhosted.org/pysaml2/howto/config.html
+    """
+
     def read_config(self, config):
-        self.saml2_config = config["saml2_config"]
+        saml2_config = config.get("saml2_config", None)
+        if saml2_config:
+            self.saml2_enabled = True
+            self.saml2_config_path = saml2_config["config_path"]
+            self.saml2_idp_redirect_url = saml2_config["idp_redirect_url"]
+        else:
+            self.saml2_enabled = False
+            self.saml2_config_path = None
+            self.saml2_idp_redirect_url = None
 
     def default_config(self, config_dir_path, server_name):
         return """
-        saml2_config:
-            enabled: false
-            config_path: "%s/sp_conf.py"
-            idp_redirect_url: "http://%s/idp"
+        # Enable SAML2 for registration and login. Uses pysaml2
+        # config_path:      Path to the sp_conf.py configuration file
+        # idp_redirect_url: Identity provider URL which will redirect
+        #                   the user back to /login/saml2 with proper info.
+        # See pysaml2 docs for format of config.
+        #saml2_config:
+        #   config_path: "%s/sp_conf.py"
+        #   idp_redirect_url: "http://%s/idp"
         """ % (config_dir_path, server_name)
diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py
index f64f5e990e..998d4d44c6 100644
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@@ -38,8 +38,8 @@ class LoginRestServlet(ClientV1RestServlet):
 
     def __init__(self, hs):
         super(LoginRestServlet, self).__init__(hs)
-        self.idp_redirect_url = hs.config.saml2_config['idp_redirect_url']
-        self.saml2_enabled = hs.config.saml2_config['enabled']
+        self.idp_redirect_url = hs.config.saml2_idp_redirect_url
+        self.saml2_enabled = hs.config.saml2_enabled
 
     def on_GET(self, request):
         flows = [{"type": LoginRestServlet.PASS_TYPE}]
@@ -127,7 +127,7 @@ class SAML2RestServlet(ClientV1RestServlet):
 
     def __init__(self, hs):
         super(SAML2RestServlet, self).__init__(hs)
-        self.sp_config = hs.config.saml2_config['config_path']
+        self.sp_config = hs.config.saml2_config_path
 
     @defer.inlineCallbacks
     def on_POST(self, request):
@@ -177,6 +177,6 @@ def _parse_json(request):
 
 def register_servlets(hs, http_server):
     LoginRestServlet(hs).register(http_server)
-    if hs.config.saml2_config['enabled']:
+    if hs.config.saml2_enabled:
         SAML2RestServlet(hs).register(http_server)
     # TODO PasswordResetRestServlet(hs).register(http_server)