From 4a4ae9d332cff31991d9f63417895fce18717f61 Mon Sep 17 00:00:00 2001 From: Norihito Nakae Date: Tue, 28 Nov 2017 12:46:58 +0900 Subject: Initial support for SAML authentication --- lib/config/default.js | 16 ++++++++++++++++ lib/config/environment.js | 4 ++++ lib/config/index.js | 1 + 3 files changed, 21 insertions(+) (limited to 'lib/config') diff --git a/lib/config/default.js b/lib/config/default.js index 273bad02..ff1e3a3e 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -98,6 +98,22 @@ module.exports = { searchAttributes: undefined, tlsca: undefined }, + saml: { + idpSsoUrl: undefined, + idpCert: undefined, + issuer: undefined, + callbackUrl: undefined, + identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + groupAttribute: undefined, + externalGroups: [], + requiredGroups: [], + attribute: { + id: undefined, + username: undefined, + displayName: undefined, + email: undefined + } + }, email: true, allowemailregister: true, allowpdfexport: true diff --git a/lib/config/environment.js b/lib/config/environment.js index 0c272f05..e339832a 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -73,6 +73,10 @@ module.exports = { searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES, tlsca: process.env.HMD_LDAP_TLS_CA }, + saml: { + idpSsoUrl: process.env.HMD_SAML_IDPSSOURL, + idpCert: process.env.HMD_SAML_IDPCERT + }, email: toBooleanConfig(process.env.HMD_EMAIL), allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), allowpdfexport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT) diff --git a/lib/config/index.js b/lib/config/index.js index addd8ba6..3ac3de53 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -92,6 +92,7 @@ config.isGitHubEnable = config.github.clientID && config.github.clientSecret config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret config.isLDAPEnable = config.ldap.url +config.isSAMLEnable = config.saml.idpSsoUrl config.isPDFExportEnable = config.allowpdfexport // generate correct path -- cgit v1.2.3 From a22be81febd6f0bad118e8722e62c841836af807 Mon Sep 17 00:00:00 2001 From: Norihito Nakae Date: Wed, 29 Nov 2017 15:45:32 +0900 Subject: fixed the SAML callback URL to unconfigurable. --- lib/config/default.js | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/config') diff --git a/lib/config/default.js b/lib/config/default.js index ff1e3a3e..96bfe79b 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -102,7 +102,6 @@ module.exports = { idpSsoUrl: undefined, idpCert: undefined, issuer: undefined, - callbackUrl: undefined, identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', groupAttribute: undefined, externalGroups: [], -- cgit v1.2.3 From 410268da741d61c9f010514a6e7dd59542a051d8 Mon Sep 17 00:00:00 2001 From: Norihito Nakae Date: Wed, 29 Nov 2017 20:26:28 +0900 Subject: added environment variables for SAML --- lib/config/environment.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'lib/config') diff --git a/lib/config/environment.js b/lib/config/environment.js index e339832a..3b2e34a0 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -75,7 +75,18 @@ module.exports = { }, saml: { idpSsoUrl: process.env.HMD_SAML_IDPSSOURL, - idpCert: process.env.HMD_SAML_IDPCERT + idpCert: process.env.HMD_SAML_IDPCERT, + issuer: process.env.HMD_SAML_ISSUER, + identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT, + groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE, + externalGroups: process.env.HMD_SAML_EXTERNALGROUPS ? process.env.HMD_SAML_EXTERNALGROUPS.split('|') : [], + requiredGroups: process.env.HMD_SAML_REQUIREDGROUPS ? process.env.HMD_SAML_REQUIREDGROUPS.split('|') : [], + attribute: { + id: process.env.HMD_SAML_ATTRIBUTE_ID, + username: process.env.HMD_SAML_ATTRIBUTE_USERNAME, + displayName: process.env.HMD_SAML_ATTRIBUTE_DISPLAYNAME, + email: process.env.HMD_SAML_ATTRIBUTE_EMAIL + } }, email: toBooleanConfig(process.env.HMD_EMAIL), allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), -- cgit v1.2.3 From 2db2ff484fb0911ea699c7fc59b8b1ad868ca992 Mon Sep 17 00:00:00 2001 From: Norihito Nakae Date: Mon, 4 Dec 2017 19:57:06 +0900 Subject: added guide for SAML settings --- lib/config/default.js | 1 - lib/config/environment.js | 1 - 2 files changed, 2 deletions(-) (limited to 'lib/config') diff --git a/lib/config/default.js b/lib/config/default.js index 96bfe79b..d04485ce 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -109,7 +109,6 @@ module.exports = { attribute: { id: undefined, username: undefined, - displayName: undefined, email: undefined } }, diff --git a/lib/config/environment.js b/lib/config/environment.js index 3b2e34a0..b7b0e3f8 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -84,7 +84,6 @@ module.exports = { attribute: { id: process.env.HMD_SAML_ATTRIBUTE_ID, username: process.env.HMD_SAML_ATTRIBUTE_USERNAME, - displayName: process.env.HMD_SAML_ATTRIBUTE_DISPLAYNAME, email: process.env.HMD_SAML_ATTRIBUTE_EMAIL } }, -- cgit v1.2.3