From 5b26c2dfaddecc599998f7bf9fde91b1aff37e07 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Sat, 14 Sep 2024 14:50:32 +0200
Subject: [PATCH] Add example config for login
---
examples/config.py | 112 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 112 insertions(+)
diff --git a/examples/config.py b/examples/config.py
index f3cc2d0..ae122ff 100644
--- a/examples/config.py
+++ b/examples/config.py
@@ -1,3 +1,11 @@
+# Import as needed
+from onelogin.saml2.idp_metadata_parser import (
+ OneLogin_Saml2_IdPMetadataParser as IdPMetadataParser,
+)
+from deepmerge import always_merger
+from pathlib import Path
+
+
SQLALCHEMY_DATABASE_URI = "postgresql+psycopg:///schilder2000"
# To generate a secret key:
# % python -c 'import secrets; print(secrets.token_hex())'
@@ -11,3 +19,107 @@ PRINTERS = {
"Office": "ipps://printserver.example.com:443/printers/Office",
"Kitchen": "ipp://kitchenprinter.local:631/ipp/print",
}
+
+REQUIRE_LOGIN = True
+
+
+# See upstream documentation for reference:
+# https://flask-multipass.readthedocs.io
+
+_ldap_config = {
+ "uri": "ldaps://dc.example.org:636",
+ "bind_dn": "CN=schilder2000,CN=Service Accounts,CN=Users,DC=example,DC=org",
+ "bind_password": "hunter2",
+ "timeout": 30,
+ "verify_cert": True,
+ # optional: if not present, uses certifi's CA bundle (if installed)
+ # "cert_file": "path/to/server/cert",
+ "starttls": False,
+ "page_size": 1000,
+ "uid": "sAMAccountName",
+ "user_base": "CN=Users,DC=example,DC=org",
+ "user_filter": "(objectCategory=person)",
+}
+
+_saml_config = always_merger.merge(
+ IdPMetadataParser.parse_remote(
+ "https://idp.example.org/realms/owca/protocol/saml/descriptor"
+ ),
+ {
+ "debug": False,
+ "sp": {
+ "entityId": "https://schilder2000.example.org/multipass/saml/fsmpi-saml/metadata",
+ "x509cert": (Path(__file__).parent / "saml-cert.pem").read_text(),
+ "privateKey": (Path(__file__).parent / "saml-key.pem").read_text(),
+ # We don’t use the name anyway
+ "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
+ },
+ "security": {
+ # Keycloak wants this, even though it doesn’t say so
+ "logoutRequestSigned": True,
+ },
+ },
+)
+
+_oidc_config = {
+ "client_id": "schilder2000",
+ "client_secret": "hunter2",
+ "server_metadata_url": "https://idp.example.org/realms/owca/.well-known/openid-configuration",
+ "client_kwargs": {
+ "scope": "openid",
+ },
+}
+
+MULTIPASS_AUTH_PROVIDERS = {
+ "test_auth_provider": {
+ "type": "static",
+ "title": "Insecure dummy auth",
+ "identities": {
+ "gustav": "hunter2",
+ },
+ },
+ "fsmpi-ldap": {
+ "type": "ldap",
+ "title": "O.W.C.A. LDAP",
+ "ldap": _ldap_config,
+ },
+ "fsmpi-saml": {
+ "type": "saml",
+ "title": "O.W.C.A. SAML",
+ "saml_config": _saml_config,
+ },
+ "fsmpi-oidc": {
+ "type": "authlib",
+ "title": "O.W.C.A. OIDC",
+ "authlib_args": _oidc_config,
+ },
+}
+
+MULTIPASS_IDENTITY_PROVIDERS = {
+ "test_identity_provider": {
+ "type": "static",
+ "identities": {
+ "gustav": {},
+ },
+ },
+ "ldap": {
+ "type": "ldap",
+ "ldap": _ldap_config,
+ },
+ "saml": {
+ "type": "saml",
+ },
+ "oidc": {
+ "type": "authlib",
+ "title": "OIDC",
+ },
+}
+
+MULTIPASS_PROVIDER_MAP = {
+ "test_auth_provider": "test_identity_provider",
+ "ldap": "ldap",
+ "saml": "saml",
+ "oidc": "oidc",
+}
+
+MULTIPASS_IDENTITY_INFO_KEYS = []
--
GitLab