summary refs log tree commit diff
path: root/synapse/config/saml2_config.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add config linting script that checks for bool casing (#6203)Andrew Morgan2019-10-231-1/+1
| | | | | Add a linting script that enforces all boolean values in the default config be lowercase. This has annoyed me for a while so I decided to fix it.
* Refactor HomeserverConfig so it can be typechecked (#6137)Amber Brown2019-10-101-0/+2
|
* Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-241-6/+42
|\
| * Merge pull request #6069 from matrix-org/rav/fix_attribute_mappingRichard van der Hoff2019-09-241-6/+42
| |\ | | | | | | Fix a bug with saml attribute maps.
| | * docstrings and commentsRichard van der Hoff2019-09-241-7/+21
| | |
| | * Fix a bug with saml attribute maps.Richard van der Hoff2019-09-191-6/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a bug where the default attribute maps were prioritised over user-specified ones, resulting in incorrect mappings. The problem is that if you call SPConfig.load() multiple times, it adds new attribute mappers to a list. So by calling it with the default config first, and then the user-specified config, we would always get the default mappers before the user-specified mappers. To solve this, let's merge the config dicts first, and then pass them to SPConfig.
* | | Record mappings from saml users in an external tableRichard van der Hoff2019-09-131-2/+76
|/ / | | | | | | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table.
* / Make the sample saml config closer to our standardsRichard van der Hoff2019-09-131-51/+62
|/ | | | It' still not great, thanks to the nested dictionaries, but it's better.
* cleanupsRichard van der Hoff2019-06-271-6/+13
|
* Add support for tracking SAML2 sessions.Richard van der Hoff2019-06-261-1/+19
| | | | This allows us to correctly handle `allow_unsolicited: False`.
* Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-06-261-11/+11
|\
| * Don't load the generated config as the default.Richard van der Hoff2019-06-241-1/+1
| | | | | | | | It's too confusing.
| * Pass config_dir_path and data_dir_path into Config.read_config. (#5522)Richard van der Hoff2019-06-241-1/+1
| | | | | | | | | | | | * Pull config_dir_path and data_dir_path calculation out of read_config_files * Pass config_dir_path and data_dir_path into read_config
| * Run Black. (#5482)Amber Brown2019-06-201-9/+9
| |
* | Code cleanups and simplifications.Richard van der Hoff2019-06-111-1/+6
| | | | | | | | Also: share the saml client between redirect and response handlers.
* | SAML2 Improvements and redirect stuffAlexander Trost2019-06-021-0/+1
|/ | | | Signed-off-by: Alexander Trost <galexrt@googlemail.com>
* Remove periods from copyright headers (#5046)Andrew Morgan2019-04-111-1/+1
|
* Comment out most options in the generated config. (#4863)Richard van der Hoff2019-03-191-1/+1
| | | | | | | | | | | | | | | | | | | | Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand.
* Attempt to make default config more consistentRichard van der Hoff2019-02-191-33/+32
| | | | | | The general idea here is that config examples should just have a hash and no extraneous whitespace, both to make it easier for people who don't understand yaml, and to make the examples stand out from the comments.
* Implement SAML2 authentication (#4267)Richard van der Hoff2018-12-071-0/+110
This implements both a SAML2 metadata endpoint (at `/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at `/_matrix/saml2/authn_response`). If the SAML2 response matches what's been configured, we complete the SSO login flow by redirecting to the client url (aka `RelayState` in SAML2 jargon) with a login token. What we don't yet have is anything to build a SAML2 request and redirect the user to the identity provider. That is left as an exercise for the reader.