SAML user attribute flags issue #5303 (PR #11430)

* Adding SAML option in SAML configuration to specify system auditor and system superusers by role or attribute
* Adding keycloak container and documentation on how to start keycloak alongside AWX (including configuration of both)
This commit is contained in:
John Westcott IV
2022-01-10 16:52:44 -05:00
committed by GitHub
parent 4de0f09c85
commit c92468062d
21 changed files with 2289 additions and 5 deletions

View File

@@ -32,6 +32,7 @@ from awx.sso.fields import (
SAMLOrgInfoField,
SAMLSecurityField,
SAMLTeamAttrField,
SAMLUserFlagsAttrField,
SocialOrganizationMapField,
SocialTeamMapField,
)
@@ -1523,6 +1524,25 @@ register(
),
)
register(
'SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR',
field_class=SAMLUserFlagsAttrField,
allow_null=True,
default=None,
label=_('SAML User Flags Attribute Mapping'),
help_text=_('Used to map super users and system auditors from SAML.'),
category=_('SAML'),
category_slug='saml',
placeholder=[
('is_superuser_attr', 'saml_attr'),
('is_superuser_value', 'value'),
('is_superuser_role', 'saml_role'),
('is_system_auditor_attr', 'saml_attr'),
('is_system_auditor_value', 'value'),
('is_system_auditor_role', 'saml_role'),
],
)
def tacacs_validate(serializer, attrs):
if not serializer.instance or not hasattr(serializer.instance, 'TACACSPLUS_HOST') or not hasattr(serializer.instance, 'TACACSPLUS_SECRET'):