mirror of
https://github.com/ansible/awx.git
synced 2026-05-19 14:57:39 -02:30
Merge pull request #721 from chrismeyersfsu/feature-2_factor
allow support for saml + 2-factor
This commit is contained in:
Chris Meyers
GitHub
@@ -1061,6 +1061,71 @@ register(
|
||||
feature_required='enterprise_auth',
|
||||
)
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_SECURITY_CONFIG',
|
||||
field_class=fields.SAMLSecurityField,
|
||||
allow_null=True,
|
||||
default={'requestedAuthnContext': False},
|
||||
label=_('SAML Security Config'),
|
||||
help_text=_('A dict of key value pairs that are passed to the underlying'
|
||||
' python-saml security setting'
|
||||
' https://github.com/onelogin/python-saml#settings'),
|
||||
category=_('SAML'),
|
||||
category_slug='saml',
|
||||
placeholder=collections.OrderedDict([
|
||||
("nameIdEncrypted", False),
|
||||
("authnRequestsSigned", False),
|
||||
("logoutRequestSigned", False),
|
||||
("logoutResponseSigned", False),
|
||||
("signMetadata", False),
|
||||
("wantMessagesSigned", False),
|
||||
("wantAssertionsSigned", False),
|
||||
("wantAssertionsEncrypted", False),
|
||||
("wantNameId", True),
|
||||
("wantNameIdEncrypted", False),
|
||||
("wantAttributeStatement", True),
|
||||
("requestedAuthnContext", True),
|
||||
("requestedAuthnContextComparison", "exact"),
|
||||
("metadataValidUntil", "2015-06-26T20:00:00Z"),
|
||||
("metadataCacheDuration", "PT518400S"),
|
||||
("signatureAlgorithm", "http://www.w3.org/2000/09/xmldsig#rsa-sha1"),
|
||||
("digestAlgorithm", "http://www.w3.org/2000/09/xmldsig#sha1"),
|
||||
]),
|
||||
feature_required='enterprise_auth',
|
||||
)
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_SP_EXTRA',
|
||||
field_class=fields.DictField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('SAML Service Provider extra configuration data'),
|
||||
help_text=_('A dict of key value pairs to be passed to the underlying'
|
||||
' python-saml Service Provider configuration setting.'),
|
||||
category=_('SAML'),
|
||||
category_slug='saml',
|
||||
placeholder=collections.OrderedDict(),
|
||||
feature_required='enterprise_auth',
|
||||
)
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_EXTRA_DATA',
|
||||
field_class=fields.ListTuplesField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('SAML IDP to extra_data attribute mapping'),
|
||||
help_text=_('A list of tuples that maps IDP attributes to extra_attributes.'
|
||||
' Each attribute will be a list of values, even if only 1 value.'),
|
||||
category=_('SAML'),
|
||||
category_slug='saml',
|
||||
placeholder=[
|
||||
('attribute_name', 'extra_data_name_for_attribute'),
|
||||
('department', 'department'),
|
||||
('manager_full_name', 'manager_full_name')
|
||||
],
|
||||
feature_required='enterprise_auth',
|
||||
)
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_ORGANIZATION_MAP',
|
||||
field_class=fields.SocialOrganizationMapField,
|
||||
|
||||
@@ -345,41 +345,10 @@ class LDAPUserFlagsField(fields.DictField):
|
||||
return data
|
||||
|
||||
|
||||
class LDAPDNMapField(fields.ListField):
|
||||
class LDAPDNMapField(fields.StringListBooleanField):
|
||||
|
||||
default_error_messages = {
|
||||
'type_error': _('Expected None, True, False, a string or list of strings but got {input_type} instead.'),
|
||||
}
|
||||
child = LDAPDNField()
|
||||
|
||||
def to_representation(self, value):
|
||||
if isinstance(value, (list, tuple)):
|
||||
return super(LDAPDNMapField, self).to_representation(value)
|
||||
elif value in fields.NullBooleanField.TRUE_VALUES:
|
||||
return True
|
||||
elif value in fields.NullBooleanField.FALSE_VALUES:
|
||||
return False
|
||||
elif value in fields.NullBooleanField.NULL_VALUES:
|
||||
return None
|
||||
elif isinstance(value, basestring):
|
||||
return self.child.to_representation(value)
|
||||
else:
|
||||
self.fail('type_error', input_type=type(value))
|
||||
|
||||
def to_internal_value(self, data):
|
||||
if isinstance(data, (list, tuple)):
|
||||
return super(LDAPDNMapField, self).to_internal_value(data)
|
||||
elif data in fields.NullBooleanField.TRUE_VALUES:
|
||||
return True
|
||||
elif data in fields.NullBooleanField.FALSE_VALUES:
|
||||
return False
|
||||
elif data in fields.NullBooleanField.NULL_VALUES:
|
||||
return None
|
||||
elif isinstance(data, basestring):
|
||||
return self.child.run_validation(data)
|
||||
else:
|
||||
self.fail('type_error', input_type=type(data))
|
||||
|
||||
|
||||
class BaseDictWithChildField(fields.DictField):
|
||||
|
||||
@@ -649,3 +618,28 @@ class SAMLIdPField(BaseDictWithChildField):
|
||||
class SAMLEnabledIdPsField(fields.DictField):
|
||||
|
||||
child = SAMLIdPField()
|
||||
|
||||
|
||||
class SAMLSecurityField(fields.DictField):
|
||||
|
||||
child_fields = {
|
||||
'nameIdEncrypted': fields.BooleanField(required=False),
|
||||
'authnRequestsSigned': fields.BooleanField(required=False),
|
||||
'logoutRequestSigned': fields.BooleanField(required=False),
|
||||
'logoutResponseSigned': fields.BooleanField(required=False),
|
||||
'signMetadata': fields.BooleanField(required=False),
|
||||
'wantMessagesSigned': fields.BooleanField(required=False),
|
||||
'wantAssertionsSigned': fields.BooleanField(required=False),
|
||||
'wantAssertionsEncrypted': fields.BooleanField(required=False),
|
||||
'wantNameId': fields.BooleanField(required=False),
|
||||
'wantNameIdEncrypted': fields.BooleanField(required=False),
|
||||
'wantAttributeStatement': fields.BooleanField(required=False),
|
||||
'requestedAuthnContext': fields.StringListBooleanField(required=False),
|
||||
'requestedAuthnContextComparison': fields.CharField(required=False),
|
||||
'metadataValidUntil': fields.CharField(allow_null=True, required=False),
|
||||
'metadataCacheDuration': fields.CharField(allow_null=True, required=False),
|
||||
'signatureAlgorithm': fields.CharField(allow_null=True, required=False),
|
||||
'digestAlgorithm': fields.CharField(allow_null=True, required=False),
|
||||
}
|
||||
allow_unknown_keys = True
|
||||
|
||||
|
||||
Reference in New Issue
Block a user