Skip to content
Snippets Groups Projects
Commit 5b26c2df authored by Thomas Schneider's avatar Thomas Schneider
Browse files

Add example config for login

parent f16e5ed5
No related branches found
No related tags found
1 merge request!5Auth
# Import as needed
from onelogin.saml2.idp_metadata_parser import (
OneLogin_Saml2_IdPMetadataParser as IdPMetadataParser,
)
from deepmerge import always_merger
from pathlib import Path
SQLALCHEMY_DATABASE_URI = "postgresql+psycopg:///schilder2000" SQLALCHEMY_DATABASE_URI = "postgresql+psycopg:///schilder2000"
# To generate a secret key: # To generate a secret key:
# % python -c 'import secrets; print(secrets.token_hex())' # % python -c 'import secrets; print(secrets.token_hex())'
...@@ -11,3 +19,107 @@ PRINTERS = { ...@@ -11,3 +19,107 @@ PRINTERS = {
"Office": "ipps://printserver.example.com:443/printers/Office", "Office": "ipps://printserver.example.com:443/printers/Office",
"Kitchen": "ipp://kitchenprinter.local:631/ipp/print", "Kitchen": "ipp://kitchenprinter.local:631/ipp/print",
} }
REQUIRE_LOGIN = True
# See upstream documentation for reference:
# https://flask-multipass.readthedocs.io
_ldap_config = {
"uri": "ldaps://dc.example.org:636",
"bind_dn": "CN=schilder2000,CN=Service Accounts,CN=Users,DC=example,DC=org",
"bind_password": "hunter2",
"timeout": 30,
"verify_cert": True,
# optional: if not present, uses certifi's CA bundle (if installed)
# "cert_file": "path/to/server/cert",
"starttls": False,
"page_size": 1000,
"uid": "sAMAccountName",
"user_base": "CN=Users,DC=example,DC=org",
"user_filter": "(objectCategory=person)",
}
_saml_config = always_merger.merge(
IdPMetadataParser.parse_remote(
"https://idp.example.org/realms/owca/protocol/saml/descriptor"
),
{
"debug": False,
"sp": {
"entityId": "https://schilder2000.example.org/multipass/saml/fsmpi-saml/metadata",
"x509cert": (Path(__file__).parent / "saml-cert.pem").read_text(),
"privateKey": (Path(__file__).parent / "saml-key.pem").read_text(),
# We don’t use the name anyway
"NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
},
"security": {
# Keycloak wants this, even though it doesn’t say so
"logoutRequestSigned": True,
},
},
)
_oidc_config = {
"client_id": "schilder2000",
"client_secret": "hunter2",
"server_metadata_url": "https://idp.example.org/realms/owca/.well-known/openid-configuration",
"client_kwargs": {
"scope": "openid",
},
}
MULTIPASS_AUTH_PROVIDERS = {
"test_auth_provider": {
"type": "static",
"title": "Insecure dummy auth",
"identities": {
"gustav": "hunter2",
},
},
"fsmpi-ldap": {
"type": "ldap",
"title": "O.W.C.A. LDAP",
"ldap": _ldap_config,
},
"fsmpi-saml": {
"type": "saml",
"title": "O.W.C.A. SAML",
"saml_config": _saml_config,
},
"fsmpi-oidc": {
"type": "authlib",
"title": "O.W.C.A. OIDC",
"authlib_args": _oidc_config,
},
}
MULTIPASS_IDENTITY_PROVIDERS = {
"test_identity_provider": {
"type": "static",
"identities": {
"gustav": {},
},
},
"ldap": {
"type": "ldap",
"ldap": _ldap_config,
},
"saml": {
"type": "saml",
},
"oidc": {
"type": "authlib",
"title": "OIDC",
},
}
MULTIPASS_PROVIDER_MAP = {
"test_auth_provider": "test_identity_provider",
"ldap": "ldap",
"saml": "saml",
"oidc": "oidc",
}
MULTIPASS_IDENTITY_INFO_KEYS = []
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment