diff --git a/app/lib/utils.py b/app/lib/utils.py
index a4a2954..1156da3 100644
--- a/app/lib/utils.py
+++ b/app/lib/utils.py
@@ -8,6 +8,9 @@ import hashlib
from app import app
from distutils.version import StrictVersion
+from onelogin.saml2.auth import OneLogin_Saml2_Auth
+from onelogin.saml2.utils import OneLogin_Saml2_Utils
+
if 'TIMEOUT' in app.config.keys():
TIMEOUT = app.config['TIMEOUT']
else:
@@ -159,3 +162,17 @@ def email_to_gravatar_url(email, size=100):
hash_string = hashlib.md5(email).hexdigest()
return "https://s.gravatar.com/avatar/%s?s=%s" % (hash_string, size)
+
+def prepare_flask_request(request):
+ url_data = urlparse.urlparse(request.url)
+ return {
+ 'http_host': request.host,
+ 'server_port': url_data.port,
+ 'script_name': request.path,
+ 'get_data': request.args.copy(),
+ 'post_data': request.form.copy()
+ }
+
+def init_saml_auth(req):
+ auth = OneLogin_Saml2_Auth(req, custom_base_path=app.config['SAML_PATH'])
+ return auth
\ No newline at end of file
diff --git a/app/templates/login.html b/app/templates/login.html
index 9527f22..1d0403a 100644
--- a/app/templates/login.html
+++ b/app/templates/login.html
@@ -98,11 +98,16 @@
+ {% if saml_enabled %}
+
+ SAML login
+ {% endif %}
{% if github_enabled %}
+
Github oauth login
{% endif %}
-
{% if signup_enabled %}
+
Create an account
{% endif %}
diff --git a/app/views.py b/app/views.py
index 8cc8761..62ef5dd 100644
--- a/app/views.py
+++ b/app/views.py
@@ -20,6 +20,8 @@ from .models import User, Domain, Record, Server, History, Anonymous, Setting, D
from app import app, login_manager, github
from lib import utils
+from onelogin.saml2.auth import OneLogin_Saml2_Auth
+from onelogin.saml2.utils import OneLogin_Saml2_Utils
jinja2.filters.FILTERS['display_record_name'] = utils.display_record_name
jinja2.filters.FILTERS['display_master_name'] = utils.display_master_name
@@ -166,6 +168,27 @@ def github_login():
return abort(400)
return github.authorize(callback=url_for('authorized', _external=True))
+@app.route('/saml/login')
+def saml_login():
+ if not app.config.get('SAML_ENABLED'):
+ return abort(400)
+ return abort(400)
+
+@app.route('/saml/metadata/')
+def saml_metadata():
+ req = utils.prepare_flask_request(request)
+ auth = utils.init_saml_auth(req)
+ settings = auth.get_settings()
+ metadata = settings.get_sp_metadata()
+ errors = settings.validate_metadata(metadata)
+
+ if len(errors) == 0:
+ resp = make_response(metadata, 200)
+ resp.headers['Content-Type'] = 'text/xml'
+ else:
+ resp = make_response(errors.join(', '), 500)
+ return resp
+
@app.route('/login', methods=['GET', 'POST'])
@login_manager.unauthorized_handler
def login():
@@ -175,6 +198,7 @@ def login():
BASIC_ENABLED = app.config['BASIC_ENABLED']
SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE')
+ SAML_ENABLED = app.config.get('SAML_ENABLED')
if g.user is not None and current_user.is_authenticated:
return redirect(url_for('dashboard'))
@@ -197,6 +221,7 @@ def login():
if request.method == 'GET':
return render_template('login.html',
github_enabled=GITHUB_ENABLE,
+ saml_enabled=SAML_ENABLED,
ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
diff --git a/config_template.py b/config_template.py
index 288ff47..e80efd0 100644
--- a/config_template.py
+++ b/config_template.py
@@ -65,6 +65,9 @@ GITHUB_OAUTH_URL = 'http://127.0.0.1:5000/api/v3/'
GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
+# SAML Authnetication
+SAML_ENABLED = True
+
#Default Auth
BASIC_ENABLED = True
SIGNUP_ENABLED = True