summary refs log tree commit diff
path: root/synapse/rest/saml2 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Clean up exception handling in SAML2ResponseResource (#7614)Richard van der Hoff2020-06-031-13/+13
| | | | | | | | | | | | | * Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string * Clean up exception handling in SAML2ResponseResource * use the existing code in `return_html_error` instead of re-implementing it (giving it a jinja2 template rather than inventing a new form of template) * do the exception-catching in the REST layer rather than in the handler layer, to make sure we catch all exceptions.
* SAML2: render a comprehensible error page if something goes wrongBrendan Abolivier2020-03-101-1/+17
| | | | | | If an error happened while processing a SAML AuthN response, or a client ends up doing a `GET` request to `/authn_response`, then render a customisable error page rather than a confusing error.
* Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-07-011-12/+5
|\
| * Make the http server handle coroutine-making REST servlets (#5475)Amber Brown2019-06-291-11/+4
| |
* | Move all the saml stuff out to a centralised handlerRichard van der Hoff2019-06-261-33/+2
| |
* | Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-06-262-9/+6
|\|
| * Run Black. (#5482)Amber Brown2019-06-202-9/+6
| |
* | Code cleanups and simplifications.Richard van der Hoff2019-06-111-3/+1
|/ | | | Also: share the saml client between redirect and response handlers.
* Initialise user displayname from SAML2 data (#4272)Richard van der Hoff2018-12-071-0/+3
| | | | | When we register a new user from SAML2 data, initialise their displayname correctly.
* Implement SAML2 authentication (#4267)Richard van der Hoff2018-12-073-0/+136
This implements both a SAML2 metadata endpoint (at `/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at `/_matrix/saml2/authn_response`). If the SAML2 response matches what's been configured, we complete the SSO login flow by redirecting to the client url (aka `RelayState` in SAML2 jargon) with a login token. What we don't yet have is anything to build a SAML2 request and redirect the user to the identity provider. That is left as an exercise for the reader.