Skip to content
Snippets Groups Projects

Auth

Merged Thomas Schneider requested to merge auth into main
10 files
+ 405
9
Compare changes
  • Side-by-side
  • Inline
Files
10
+ 112
0
# Import as needed
from onelogin.saml2.idp_metadata_parser import (
OneLogin_Saml2_IdPMetadataParser as IdPMetadataParser,
)
from deepmerge import always_merger
from pathlib import Path
SQLALCHEMY_DATABASE_URI = "postgresql+psycopg:///schilder2000"
# To generate a secret key:
# % python -c 'import secrets; print(secrets.token_hex())'
@@ -11,3 +19,107 @@ PRINTERS = {
"Office": "ipps://printserver.example.com:443/printers/Office",
"Kitchen": "ipp://kitchenprinter.local:631/ipp/print",
}
REQUIRE_LOGIN = True
# See upstream documentation for reference:
# https://flask-multipass.readthedocs.io
_ldap_config = {
"uri": "ldaps://dc.example.org:636",
"bind_dn": "CN=schilder2000,CN=Service Accounts,CN=Users,DC=example,DC=org",
"bind_password": "hunter2",
"timeout": 30,
"verify_cert": True,
# optional: if not present, uses certifi's CA bundle (if installed)
# "cert_file": "path/to/server/cert",
"starttls": False,
"page_size": 1000,
"uid": "sAMAccountName",
"user_base": "CN=Users,DC=example,DC=org",
"user_filter": "(objectCategory=person)",
}
_saml_config = always_merger.merge(
IdPMetadataParser.parse_remote(
"https://idp.example.org/realms/owca/protocol/saml/descriptor"
),
{
"debug": False,
"sp": {
"entityId": "https://schilder2000.example.org/multipass/saml/fsmpi-saml/metadata",
"x509cert": (Path(__file__).parent / "saml-cert.pem").read_text(),
"privateKey": (Path(__file__).parent / "saml-key.pem").read_text(),
# We don’t use the name anyway
"NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
},
"security": {
# Keycloak wants this, even though it doesn’t say so
"logoutRequestSigned": True,
},
},
)
_oidc_config = {
"client_id": "schilder2000",
"client_secret": "hunter2",
"server_metadata_url": "https://idp.example.org/realms/owca/.well-known/openid-configuration",
"client_kwargs": {
"scope": "openid",
},
}
MULTIPASS_AUTH_PROVIDERS = {
"test_auth_provider": {
"type": "static",
"title": "Insecure dummy auth",
"identities": {
"gustav": "hunter2",
},
},
"fsmpi-ldap": {
"type": "ldap",
"title": "O.W.C.A. LDAP",
"ldap": _ldap_config,
},
"fsmpi-saml": {
"type": "saml",
"title": "O.W.C.A. SAML",
"saml_config": _saml_config,
},
"fsmpi-oidc": {
"type": "authlib",
"title": "O.W.C.A. OIDC",
"authlib_args": _oidc_config,
},
}
MULTIPASS_IDENTITY_PROVIDERS = {
"test_identity_provider": {
"type": "static",
"identities": {
"gustav": {},
},
},
"ldap": {
"type": "ldap",
"ldap": _ldap_config,
},
"saml": {
"type": "saml",
},
"oidc": {
"type": "authlib",
"title": "OIDC",
},
}
MULTIPASS_PROVIDER_MAP = {
"test_auth_provider": "test_identity_provider",
"ldap": "ldap",
"saml": "saml",
"oidc": "oidc",
}
MULTIPASS_IDENTITY_INFO_KEYS = []
Loading