mirror of
https://github.com/snipe/snipe-it.git
synced 2025-02-21 03:15:45 -08:00
Merge pull request #10449 from adagioajanes/features/lock_logins_to_saml
Added #10436: Restricted Logins to SAML controlled via environment variable
This commit is contained in:
commit
2262176a60
|
@ -155,4 +155,5 @@ LDAP_TIME_LIM=600
|
|||
IMPORT_TIME_LIMIT=600
|
||||
IMPORT_MEMORY_LIMIT=500M
|
||||
REPORT_TIME_LIMIT=12000
|
||||
REQUIRE_SAML=false
|
||||
|
||||
|
|
|
@ -68,6 +68,12 @@ class LoginController extends Controller
|
|||
return redirect()->intended('/');
|
||||
}
|
||||
|
||||
//If the environment is set to ALWAYS require SAML, go straight to the SAML route.
|
||||
//We don't need to check other settings, as this should override those.
|
||||
if(config('app.require_saml')) {
|
||||
return redirect()->route('saml.login');
|
||||
}
|
||||
|
||||
if ($this->saml->isEnabled() && Setting::getSettings()->saml_forcelogin == '1' && ! ($request->has('nosaml') || $request->session()->has('error'))) {
|
||||
return redirect()->route('saml.login');
|
||||
}
|
||||
|
@ -229,6 +235,11 @@ class LoginController extends Controller
|
|||
*/
|
||||
public function login(Request $request)
|
||||
{
|
||||
//If the environment is set to ALWAYS require SAML, return access denied
|
||||
if(config('app.require_saml')) {
|
||||
return view('errors.403');
|
||||
}
|
||||
|
||||
if (Setting::getSettings()->login_common_disabled == '1') {
|
||||
return view('errors.403');
|
||||
}
|
||||
|
|
|
@ -250,8 +250,21 @@ return [
|
|||
|
||||
'enable_csp' => env('ENABLE_CSP', false),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Require SAML Login
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Disable the ability to login via form login, and disables the 'nosaml'
|
||||
| workaround. It requires all logins to process via SAML login.
|
||||
| (This is for high security setups. If your SAML configuration is not
|
||||
| working, this option should be set to false. This option is not needed
|
||||
| to successfully configure SAML authentication.)
|
||||
|
|
||||
*/
|
||||
|
||||
|
||||
'require_saml' => env('REQUIRE_SAML', false),
|
||||
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
|
@ -139,7 +139,7 @@ return array(
|
|||
'saml_idp_metadata_help' => 'You can specify the IdP metadata using a URL or XML file.',
|
||||
'saml_attr_mapping_username' => 'Attribute Mapping - Username',
|
||||
'saml_attr_mapping_username_help' => 'NameID will be used if attribute mapping is unspecified or invalid.',
|
||||
'saml_forcelogin_label' => 'SAML Force Login',
|
||||
'saml_forcelogin_label' => 'SAML Default Login',
|
||||
'saml_forcelogin' => 'Make SAML the primary login',
|
||||
'saml_forcelogin_help' => 'You can use \'/login?nosaml\' to get to the normal login page.',
|
||||
'saml_slo_label' => 'SAML Single Log Out',
|
||||
|
|
|
@ -139,7 +139,7 @@ return array(
|
|||
'saml_idp_metadata_help' => 'You can specify the IdP metadata using a URL or XML file.',
|
||||
'saml_attr_mapping_username' => 'Attribute Mapping - Username',
|
||||
'saml_attr_mapping_username_help' => 'NameID will be used if attribute mapping is unspecified or invalid.',
|
||||
'saml_forcelogin_label' => 'SAML Force Login',
|
||||
'saml_forcelogin_label' => 'SAML Default Login',
|
||||
'saml_forcelogin' => 'Make SAML the primary login',
|
||||
'saml_forcelogin_help' => 'You can use \'/login?nosaml\' to get to the normal login page.',
|
||||
'saml_slo_label' => 'SAML Single Log Out',
|
||||
|
|
|
@ -173,7 +173,7 @@ return [
|
|||
'saml_idp_metadata_help' => 'You can specify the IdP metadata using a URL or XML file.',
|
||||
'saml_attr_mapping_username' => 'Attribute Mapping - Username',
|
||||
'saml_attr_mapping_username_help' => 'NameID will be used if attribute mapping is unspecified or invalid.',
|
||||
'saml_forcelogin_label' => 'SAML Force Login',
|
||||
'saml_forcelogin_label' => 'SAML Default Login',
|
||||
'saml_forcelogin' => 'Make SAML the primary login',
|
||||
'saml_forcelogin_help' => 'You can use \'/login?nosaml\' to get to the normal login page.',
|
||||
'saml_slo_label' => 'SAML Single Log Out',
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
<div class="box-header with-border">
|
||||
<h2 class="box-title">
|
||||
<i class="fas fa-sign-in-alt"></i> {{ trans('admin/settings/general.saml') }}
|
||||
</h4>
|
||||
</h2>
|
||||
</div>
|
||||
<div class="box-body">
|
||||
|
||||
|
|
Loading…
Reference in a new issue