allow for saml attributes to define team and org

related to https://github.com/ansible/awx/issues/217 * Adds a configure tower in tower setting for users to configure a saml attribute that tower will use to put users into teams and orgs.
2026-05-17 06:17:36 -02:30 · 2017-12-04 12:18:44 -05:00
parent 4707b5e020
commit 9d58b15135
6 changed files with 529 additions and 1 deletions
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -1152,6 +1152,64 @@ register(
    feature_required='enterprise_auth',
 )

+register(
+    'SOCIAL_AUTH_SAML_ORGANIZATION_ATTR',
+    field_class=fields.SAMLOrgAttrField,
+    allow_null=True,
+    default=None,
+    label=_('SAML Organization Attribute Mapping'),
+    help_text=_('Used to translate user organization membership into Tower.'),
+    category=_('SAML'),
+    category_slug='saml',
+    placeholder=collections.OrderedDict([
+        ('saml_attr', 'organization'),
+        ('remove', True),
+    ]),
+    feature_required='enterprise_auth',
+)
+
+register(
+    'SOCIAL_AUTH_SAML_TEAM_ATTR',
+    field_class=fields.SAMLTeamAttrField,
+    allow_null=True,
+    default=None,
+    label=_('SAML Team Map'),
+    help_text=_('Used to translate user team membership into Tower.'),
+    category=_('SAML'),
+    category_slug='saml',
+    placeholder=collections.OrderedDict([
+        ('saml_attr', 'organization'),
+        ('remove', True),
+        ('team_org_map', [
+            collections.OrderedDict([
+                ('team', 'Marketing'),
+                ('organization', 'Red Hat'),
+            ]),
+            collections.OrderedDict([
+                ('team', 'Human Resources'),
+                ('organization', 'Red Hat'),
+            ]),
+            collections.OrderedDict([
+                ('team', 'Engineering'),
+                ('organization', 'Red Hat'),
+            ]),
+            collections.OrderedDict([
+                ('team', 'Engineering'),
+                ('organization', 'Ansible'),
+            ]),
+            collections.OrderedDict([
+                ('team', 'Quality Engineering'),
+                ('organization', 'Ansible'),
+            ]),
+            collections.OrderedDict([
+                ('team', 'Sales'),
+                ('organization', 'Ansible'),
+            ]),
+        ]),
+    ]),
+    feature_required='enterprise_auth',
+)
+

 def tacacs_validate(serializer, attrs):
    if not serializer.instance or \