| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Refactor `SsoHandler.get_mxid_from_sso` (#8900) | Richard van der Hoff | 2020-12-10 | 1 | -13/+8 |
| | | | | | | | | * Factor out _call_attribute_mapper and _register_mapped_user This is mostly an attempt to simplify `get_mxid_from_sso`. * Move mapping_lock down into SsoHandler. | ||||
| * | Simplify the flow for SSO UIA (#8881) | Richard van der Hoff | 2020-12-08 | 1 | -15/+49 |
| | | | | | | | | | | * SsoHandler: remove inheritance from BaseHandler * Simplify the flow for SSO UIA We don't need to do all the magic for mapping users when we are doing UIA, so let's factor that out. | ||||
| * | Fix a regression when grandfathering SAML users. (#8855) | Patrick Cloke | 2020-12-02 | 1 | -4/+5 |
| | | | | | | | This was broken in #8801 when abstracting code shared with OIDC. After this change both SAML and OIDC have a concept of grandfathering users, but with different implementations. | ||||
| * | Add basic SAML tests for mapping users. (#8800) | Patrick Cloke | 2020-12-02 | 1 | -1/+1 |
| | | |||||
| * | Support trying multiple localparts for OpenID Connect. (#8801) | Patrick Cloke | 2020-11-25 | 1 | -63/+28 |
| | | | | | Abstracts the SAML and OpenID Connect code which attempts to regenerate the localpart of a matrix ID if it is already in use. | ||||
| * | Properly report user-agent/IP during registration of SSO users. (#8784) | Patrick Cloke | 2020-11-23 | 1 | -3/+3 |
| | | | | | | This also expands type-hints to the SSO and registration code. Refactors the CAS code to more closely match OIDC/SAML. | ||||
| * | Improve logging of the mapping from SSO IDs to Matrix IDs. (#8773) | Andrew Morgan | 2020-11-23 | 1 | -2/+3 |
| | | |||||
| * | Improve error checking for OIDC/SAML mapping providers (#8774) | Patrick Cloke | 2020-11-19 | 1 | -0/+6 |
| | | | | | | | Checks that the localpart returned by mapping providers for SAML and OIDC are valid before registering new users. Extends the OIDC tests for existing users and invalid data. | ||||
| * | SAML: Allow specifying the IdP entityid to use. (#8630) | Ben Banfield-Zanin | 2020-11-19 | 1 | -1/+2 |
| | | | | | If the SAML metadata includes multiple IdPs it is necessary to specify which IdP to redirect users to for authentication. | ||||
| * | Abstract shared SSO code. (#8765) | Patrick Cloke | 2020-11-17 | 1 | -54/+23 |
| | | | | De-duplicates code between the SAML and OIDC implementations. | ||||
| * | Fix handling of User-Agent headers with bad utf-8. (#8632) | Erik Johnston | 2020-10-23 | 1 | -3/+1 |
| | | |||||
| * | Use slots in attrs classes where possible (#8296) | Patrick Cloke | 2020-09-14 | 1 | -1/+1 |
| | | | | | | slots use less memory (and attribute access is faster) while slightly limiting the flexibility of the class attributes. This focuses on objects which are instantiated "often" and for short periods of time. | ||||
| * | Improve SAML error messages (#8248) | Patrick Cloke | 2020-09-14 | 1 | -59/+110 |
| | | |||||
| * | Stop sub-classing object (#8249) | Patrick Cloke | 2020-09-04 | 1 | -2/+2 |
| | | |||||
| * | Allow denying or shadow banning registrations via the spam checker (#8034) | Patrick Cloke | 2020-08-20 | 1 | -2/+16 |
| | | |||||
| * | Implement login blocking based on SAML attributes (#8052) | Richard van der Hoff | 2020-08-11 | 1 | -6/+36 |
| | | | | | | | | Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the error handling. Fixes #8047 | ||||
| * | Add additional logging for SAML sessions. (#7971) | Patrick Cloke | 2020-07-29 | 1 | -0/+3 |
| | | |||||
| * | Clean up exception handling in SAML2ResponseResource (#7614) | Richard van der Hoff | 2020-06-03 | 1 | -30/+11 |
| | | | | | | | | | | | | | | * Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string * Clean up exception handling in SAML2ResponseResource * use the existing code in `return_html_error` instead of re-implementing it (giving it a jinja2 template rather than inventing a new form of template) * do the exception-catching in the REST layer rather than in the handler layer, to make sure we catch all exceptions. | ||||
| * | allow emails to be passed through SAML (#7385) | Christopher Cooper | 2020-05-27 | 1 | -2/+10 |
| | | | | Signed-off-by: Christopher Cooper <cooperc@ocf.berkeley.edu> | ||||
| * | Add more type hints to SAML handler. (#7445) | Patrick Cloke | 2020-05-07 | 1 | -12/+16 |
| | | |||||
| * | Persist user interactive authentication sessions (#7302) | Patrick Cloke | 2020-04-30 | 1 | -1/+1 |
| | | | | | | By persisting the user interactive authentication sessions to the database, this fixes situations where a user hits different works throughout their auth session and also allows sessions to persist through restarts of Synapse. | ||||
| * | Do not allow a deactivated user to login via SSO. (#7240) | Patrick Cloke | 2020-04-09 | 1 | -1/+1 |
| | | |||||
| * | Support SAML in the user interactive authentication workflow. (#7102) | Patrick Cloke | 2020-04-01 | 1 | -10/+41 |
| | | |||||
| * | Allow RedirectResponse in SAML response handler | Jason Robinson | 2020-03-26 | 1 | -0/+4 |
| | | | | | | | | | Allow custom SAML handlers to redirect after processing an auth response. Fixes #7149 Signed-off-by: Jason Robinson <jasonr@matrix.org> | ||||
| * | SAML2: render a comprehensible error page if something goes wrong | Brendan Abolivier | 2020-03-10 | 1 | -1/+19 |
| | | | | | | | If an error happened while processing a SAML AuthN response, or a client ends up doing a `GET` request to `/authn_response`, then render a customisable error page rather than a confusing error. | ||||
| * | Fix wrong handler being used in SAML handler | Brendan Abolivier | 2020-03-03 | 1 | -3/+2 |
| | | |||||
| * | Merge pull request #6724 from matrix-org/rav/log_saml_attributes | Richard van der Hoff | 2020-01-17 | 1 | -1/+12 |
| |\ | | | | | Log saml assertions rather than the whole response | ||||
| | * | Log saml assertions rather than the whole response | Richard van der Hoff | 2020-01-16 | 1 | -1/+12 |
| | | | | | | | | | | | | | ... since the whole response is huge. We even need to break up the assertions, since kibana otherwise truncates them. | ||||
| * | | Delegate remote_user_id mapping to the saml mapping provider (#6723) | Richard van der Hoff | 2020-01-17 | 1 | -6/+21 |
| |/ | | | Turns out that figuring out a remote user id for the SAML user isn't quite as obvious as it seems. Factor it out to the SamlMappingProvider so that it's easy to control. | ||||
| * | Pass client redirect URL into SAML mapping providers | Richard van der Hoff | 2020-01-12 | 1 | -4/+11 |
| | | |||||
| * | Pass the module_api into the SamlMappingProvider | Richard van der Hoff | 2020-01-12 | 1 | -2/+5 |
| | | | | | | ... for consistency with other modules, and because we'll need it sooner or later and it will be a pain to introduce later. | ||||
| * | Allow SAML username provider plugins (#6411) | Andrew Morgan | 2019-12-10 | 1 | -28/+170 |
| | | |||||
| * | More better logging | Richard van der Hoff | 2019-09-20 | 1 | -1/+2 |
| | | |||||
| * | better logging | Richard van der Hoff | 2019-09-19 | 1 | -0/+2 |
| | | |||||
| * | Record mappings from saml users in an external table | Richard van der Hoff | 2019-09-13 | 1 | -8/+95 |
| | | | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table. | ||||
| * | Address review comments | Richard van der Hoff | 2019-07-01 | 1 | -5/+7 |
| | | |||||
| * | cleanups | Richard van der Hoff | 2019-06-27 | 1 | -0/+121 |
 |
index : matrix/thirdparty/synapse.git | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summary refs log tree commit diff |