allow support for saml + 2-factor

* python-social-auth has SOCIAL_AUTH_SAML_SECURITY_CONFIG, which is forwarded to python-saml settings configuration. This commit exposes SOCIAL_AUTH_SAML_SECURITY_CONFIG to configure tower in tower to allow users to set requestedAuthnContext, which will disable the requesting of password type auth from the idp. Thus, it's up to the idp to choose which auth to use (i.e. 2-factor).
2026-05-18 06:47:41 -02:30 · 2017-11-17 09:25:50 -05:00
parent 71127c039d
commit 98f2d936d9
3 changed files with 81 additions and 32 deletions
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -70,6 +70,11 @@ SOCIAL_AUTH_TEAM_MAP_PLACEHOLDER = collections.OrderedDict([
    ])),
 ])

+SOCIAL_AUTH_SAML_SECURITY_CONFIG_HELP_TEXT = _('''\
+Extra https://github.com/onelogin/python-saml#settings\
+''')
+
+
 ###############################################################################
 # AUTHENTICATION BACKENDS DYNAMIC SETTING
 ###############################################################################
@@ -1061,6 +1066,20 @@ register(
    feature_required='enterprise_auth',
 )

+register(
+    'SOCIAL_AUTH_SAML_SECURITY_CONFIG',
+    field_class=fields.SAMLSecurityField,
+    allow_null=True,
+    default=None,
+    label=_('SAML Security Config'),
+    help_text=SOCIAL_AUTH_SAML_SECURITY_CONFIG_HELP_TEXT,
+    category=_('SAML'),
+    category_slug='saml',
+    #placeholder=SOCIAL_AUTH_TEAM_MAP_PLACEHOLDER,
+    placeholder=collections.OrderedDict(),
+    feature_required='enterprise_auth',
+)
+
 register(
    'SOCIAL_AUTH_SAML_ORGANIZATION_MAP',
    field_class=fields.SocialOrganizationMapField,