diff options
| author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2018-12-07 13:11:11 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-12-07 13:11:11 +0100 |
| commit | c7401a697f1ee3410b860afd8686f8bb012a8dce (patch) | |
| tree | 5de0676006c902fe90ccebb6856b32371a5bcb76 /synapse/app | |
| parent | Factor SSO success handling out of CAS login (#4264) (diff) | |
| download | synapse-c7401a697f1ee3410b860afd8686f8bb012a8dce.tar.xz | |
Implement SAML2 authentication (#4267)
This implements both a SAML2 metadata endpoint (at `/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at `/_matrix/saml2/authn_response`). If the SAML2 response matches what's been configured, we complete the SSO login flow by redirecting to the client url (aka `RelayState` in SAML2 jargon) with a login token. What we don't yet have is anything to build a SAML2 request and redirect the user to the identity provider. That is left as an exercise for the reader.
Diffstat (limited to 'synapse/app')
| -rwxr-xr-x | synapse/app/homeserver.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index a03a3e4b8a..1e495a38b9 100755 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -199,6 +199,10 @@ class SynapseHomeServer(HomeServer): "/.well-known/matrix/client": WellKnownResource(self), }) + if self.get_config().saml2_enabled: + from synapse.rest.saml2 import SAML2Resource + resources["/_matrix/saml2"] = SAML2Resource(self) + if name == "consent": from synapse.rest.consent.consent_resource import ConsentResource consent_resource = ConsentResource(self) |