Select Git revision
Thomas Schneider authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
config.py 3.40 KiB
# Import as needed
from onelogin.saml2.idp_metadata_parser import (
OneLogin_Saml2_IdPMetadataParser as IdPMetadataParser,
)
from deepmerge import always_merger
from pathlib import Path
SQLALCHEMY_DATABASE_URI = "postgresql+psycopg:///schilder2000"
# SQLALCHEMY_DATABASE_URI = "sqlite:///data/schilder2000.db" # Relative to instance directory
# SQLALCHEMY_DATABASE_URI = "mysql:///schilder2000"
# To generate a secret key:
# % python -c 'import secrets; print(secrets.token_hex())'
#SECRET_KEY = ... # Replace me!
TEMPLATES_AUTO_RELOAD = True
SCHILD_FOOTER = "Organization Without a Cool Acronym – O.W.C.A."
SCHILD_LOGO = "img/owca.png"
PRINTERS = {
"Office": "ipps://printserver.example.com:443/printers/Office",
"Kitchen": "ipp://kitchenprinter.local:631/ipp/print",
}
REQUIRE_LOGIN = True
# See upstream documentation for reference:
# https://flask-multipass.readthedocs.io
_ldap_config = {
"uri": "ldaps://dc.example.org:636",
"bind_dn": "CN=schilder2000,CN=Service Accounts,CN=Users,DC=example,DC=org",
"bind_password": "hunter2",
"timeout": 30,
"verify_cert": True,
# optional: if not present, uses certifi's CA bundle (if installed)
# "cert_file": "path/to/server/cert",
"starttls": False,
"page_size": 1000,
"uid": "sAMAccountName",
"user_base": "CN=Users,DC=example,DC=org",
"user_filter": "(objectCategory=person)",
}
_saml_config = always_merger.merge(
IdPMetadataParser.parse_remote(
"https://idp.example.org/realms/owca/protocol/saml/descriptor"
),
{
"debug": False,
"sp": {
"entityId": "https://schilder2000.example.org/multipass/saml/fsmpi-saml/metadata",
"x509cert": (Path(__file__).parent / "saml-cert.pem").read_text(),
"privateKey": (Path(__file__).parent / "saml-key.pem").read_text(),
# We don’t use the name anyway
"NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
},
"security": {
# Keycloak wants this, even though it doesn’t say so
"logoutRequestSigned": True,
},
},
)
_oidc_config = {
"client_id": "schilder2000",
"client_secret": "hunter2",
"server_metadata_url": "https://idp.example.org/realms/owca/.well-known/openid-configuration",
"client_kwargs": {
"scope": "openid",
},
}
MULTIPASS_AUTH_PROVIDERS = {
"test_auth_provider": {
"type": "static",
"title": "Insecure dummy auth",
"identities": {
"gustav": "hunter2",
},
},
"fsmpi-ldap": {
"type": "ldap",
"title": "O.W.C.A. LDAP",
"ldap": _ldap_config,
},
"fsmpi-saml": {
"type": "saml",
"title": "O.W.C.A. SAML",
"saml_config": _saml_config,
},
"fsmpi-oidc": {
"type": "authlib",
"title": "O.W.C.A. OIDC",
"authlib_args": _oidc_config,
},
}
MULTIPASS_IDENTITY_PROVIDERS = {
"test_identity_provider": {
"type": "static",
"identities": {
"gustav": {},
},
},
"ldap": {
"type": "ldap",
"ldap": _ldap_config,
},
"saml": {
"type": "saml",
},
"oidc": {
"type": "authlib",
"title": "OIDC",
},
}
MULTIPASS_PROVIDER_MAP = {
"test_auth_provider": "test_identity_provider",
"ldap": "ldap",
"saml": "saml",
"oidc": "oidc",
}
MULTIPASS_IDENTITY_INFO_KEYS = []