valitydev/redash
14
0
Fork 0
mirror of https://github.com/valitydev/redash.git synced 2024-11-07 01:25:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1341 from zoetrope/specify-nameid-format-in-saml

Browse Source 
Add: support for specifying SAML nameid-format
This commit is contained in:
Arik Fraimovich 2016-10-21 08:17:11 +03:00 committed by GitHub
commit 3db0eea921
4 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/dev/saml.rst
View File

@ -13,6 +13,10 @@ and add REDASH_SAML_LOCAL_METADATA_PATH instead of REDASH_SAML_METADATA_URL, eg
And an optional REDASH_SAML_CALLBACK_SERVER_NAME which contains the And an optional REDASH_SAML_CALLBACK_SERVER_NAME which contains the
server name of the redash server for the callbacks from the SAML provider (eg demo.redash.io) server name of the redash server for the callbacks from the SAML provider (eg demo.redash.io)
And if you want to specify nameid format, add REDASH_SAML_NAMEID_FORMAT config value,
eg urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
default is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
If you want to specify entityid in AuthnRequest, If you want to specify entityid in AuthnRequest,
add REDASH_SAML_ENTITY_ID config value, eg http://demo.redash.io/saml/callback add REDASH_SAML_ENTITY_ID config value, eg http://demo.redash.io/saml/callback

1
docs/settings.rst
View File

@ -30,6 +30,7 @@ The follow is a list of settings and what they control:
- **REDASH_SAML_METADATA_URL**: *default ""* - **REDASH_SAML_METADATA_URL**: *default ""*
- **REDASH_SAML_LOCAL_METADATA_PATH**: *default ""* - **REDASH_SAML_LOCAL_METADATA_PATH**: *default ""*
- **REDASH_SAML_CALLBACK_SERVER_NAME**: *default ""* - **REDASH_SAML_CALLBACK_SERVER_NAME**: *default ""*
- **REDASH_SAML_NAMEID_FORMAT**: *default ""*
- **REDASH_SAML_ENTITY_ID**: *default ""* - **REDASH_SAML_ENTITY_ID**: *default ""*
- **REDASH_STATIC_ASSETS_PATH**: *default "../rd_ui/app/"* - **REDASH_STATIC_ASSETS_PATH**: *default "../rd_ui/app/"*
- **REDASH_JOB_EXPIRY_TIME**: *default 3600 * 6* - **REDASH_JOB_EXPIRY_TIME**: *default 3600 * 6*

7
redash/authentication/saml_auth.py
View File

@ -7,6 +7,7 @@ from redash import settings
from saml2 import BINDING_HTTP_POST, BINDING_HTTP_REDIRECT, entity from saml2 import BINDING_HTTP_POST, BINDING_HTTP_REDIRECT, entity
from saml2.client import Saml2Client from saml2.client import Saml2Client
from saml2.config import Config as Saml2Config from saml2.config import Config as Saml2Config
from saml2.saml import NAMEID_FORMAT_TRANSIENT
logger = logging.getLogger('saml_auth') logger = logging.getLogger('saml_auth')
@ -112,7 +113,11 @@ def sp_initiated():
return redirect(url_for('redash.index')) return redirect(url_for('redash.index'))
saml_client = get_saml_client() saml_client = get_saml_client()
reqid, info = saml_client.prepare_for_authenticate() if settings.SAML_NAMEID_FORMAT != "":
nameid_format = settings.SAML_NAMEID_FORMAT
else:
nameid_format = NAMEID_FORMAT_TRANSIENT
reqid, info = saml_client.prepare_for_authenticate(nameid_format=nameid_format)
redirect_url = None redirect_url = None
# Select the IdP URL to send the AuthN request to # Select the IdP URL to send the AuthN request to

1
redash/settings.py
View File

@ -92,6 +92,7 @@ SAML_ENTITY_ID = os.environ.get("REDASH_SAML_ENTITY_ID", "")
SAML_METADATA_URL = os.environ.get("REDASH_SAML_METADATA_URL", "") SAML_METADATA_URL = os.environ.get("REDASH_SAML_METADATA_URL", "")
SAML_LOCAL_METADATA_PATH = os.environ.get("REDASH_SAML_LOCAL_METADATA_PATH", "") SAML_LOCAL_METADATA_PATH = os.environ.get("REDASH_SAML_LOCAL_METADATA_PATH", "")
SAML_LOGIN_ENABLED = SAML_METADATA_URL != "" or SAML_LOCAL_METADATA_PATH != "" SAML_LOGIN_ENABLED = SAML_METADATA_URL != "" or SAML_LOCAL_METADATA_PATH != ""
SAML_NAMEID_FORMAT = os.environ.get("REDASH_SAML_NAMEID_FORMAT", "")
SAML_CALLBACK_SERVER_NAME = os.environ.get("REDASH_SAML_CALLBACK_SERVER_NAME", "") SAML_CALLBACK_SERVER_NAME = os.environ.get("REDASH_SAML_CALLBACK_SERVER_NAME", "")
# Enables the use of an externally-provided and trusted remote user via an HTTP # Enables the use of an externally-provided and trusted remote user via an HTTP