summary refs log tree commit diff
path: root/synapse/handlers/saml_handler.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Improve logging of the mapping from SSO IDs to Matrix IDs. (#8773)Andrew Morgan2020-11-231-2/+3
|
* Improve error checking for OIDC/SAML mapping providers (#8774)Patrick Cloke2020-11-191-0/+6
| | | | | | Checks that the localpart returned by mapping providers for SAML and OIDC are valid before registering new users. Extends the OIDC tests for existing users and invalid data.
* SAML: Allow specifying the IdP entityid to use. (#8630)Ben Banfield-Zanin2020-11-191-1/+2
| | | | If the SAML metadata includes multiple IdPs it is necessary to specify which IdP to redirect users to for authentication.
* Abstract shared SSO code. (#8765)Patrick Cloke2020-11-171-54/+23
| | | De-duplicates code between the SAML and OIDC implementations.
* Fix handling of User-Agent headers with bad utf-8. (#8632)Erik Johnston2020-10-231-3/+1
|
* Use slots in attrs classes where possible (#8296)Patrick Cloke2020-09-141-1/+1
| | | | | slots use less memory (and attribute access is faster) while slightly limiting the flexibility of the class attributes. This focuses on objects which are instantiated "often" and for short periods of time.
* Improve SAML error messages (#8248)Patrick Cloke2020-09-141-59/+110
|
* Stop sub-classing object (#8249)Patrick Cloke2020-09-041-2/+2
|
* Allow denying or shadow banning registrations via the spam checker (#8034)Patrick Cloke2020-08-201-2/+16
|
* Implement login blocking based on SAML attributes (#8052)Richard van der Hoff2020-08-111-6/+36
| | | | | | | Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the error handling. Fixes #8047
* Add additional logging for SAML sessions. (#7971)Patrick Cloke2020-07-291-0/+3
|
* Clean up exception handling in SAML2ResponseResource (#7614)Richard van der Hoff2020-06-031-30/+11
| | | | | | | | | | | | | * Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string * Clean up exception handling in SAML2ResponseResource * use the existing code in `return_html_error` instead of re-implementing it (giving it a jinja2 template rather than inventing a new form of template) * do the exception-catching in the REST layer rather than in the handler layer, to make sure we catch all exceptions.
* allow emails to be passed through SAML (#7385)Christopher Cooper2020-05-271-2/+10
| | | Signed-off-by: Christopher Cooper <cooperc@ocf.berkeley.edu>
* Add more type hints to SAML handler. (#7445)Patrick Cloke2020-05-071-12/+16
|
* Persist user interactive authentication sessions (#7302)Patrick Cloke2020-04-301-1/+1
| | | | | By persisting the user interactive authentication sessions to the database, this fixes situations where a user hits different works throughout their auth session and also allows sessions to persist through restarts of Synapse.
* Do not allow a deactivated user to login via SSO. (#7240)Patrick Cloke2020-04-091-1/+1
|
* Support SAML in the user interactive authentication workflow. (#7102)Patrick Cloke2020-04-011-10/+41
|
* Allow RedirectResponse in SAML response handlerJason Robinson2020-03-261-0/+4
| | | | | | | | Allow custom SAML handlers to redirect after processing an auth response. Fixes #7149 Signed-off-by: Jason Robinson <jasonr@matrix.org>
* SAML2: render a comprehensible error page if something goes wrongBrendan Abolivier2020-03-101-1/+19
| | | | | | If an error happened while processing a SAML AuthN response, or a client ends up doing a `GET` request to `/authn_response`, then render a customisable error page rather than a confusing error.
* Fix wrong handler being used in SAML handlerBrendan Abolivier2020-03-031-3/+2
|
* Merge pull request #6724 from matrix-org/rav/log_saml_attributesRichard van der Hoff2020-01-171-1/+12
|\ | | | | Log saml assertions rather than the whole response
| * Log saml assertions rather than the whole responseRichard van der Hoff2020-01-161-1/+12
| | | | | | | | | | | | ... since the whole response is huge. We even need to break up the assertions, since kibana otherwise truncates them.
* | Delegate remote_user_id mapping to the saml mapping provider (#6723)Richard van der Hoff2020-01-171-6/+21
|/ | | Turns out that figuring out a remote user id for the SAML user isn't quite as obvious as it seems. Factor it out to the SamlMappingProvider so that it's easy to control.
* Pass client redirect URL into SAML mapping providersRichard van der Hoff2020-01-121-4/+11
|
* Pass the module_api into the SamlMappingProviderRichard van der Hoff2020-01-121-2/+5
| | | | | ... for consistency with other modules, and because we'll need it sooner or later and it will be a pain to introduce later.
* Allow SAML username provider plugins (#6411)Andrew Morgan2019-12-101-28/+170
|
* More better loggingRichard van der Hoff2019-09-201-1/+2
|
* better loggingRichard van der Hoff2019-09-191-0/+2
|
* Record mappings from saml users in an external tableRichard van der Hoff2019-09-131-8/+95
| | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table.
* Address review commentsRichard van der Hoff2019-07-011-5/+7
|
* cleanupsRichard van der Hoff2019-06-271-0/+121