mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-12 14:27:33 -08:00
Merge pull request #8036 from johnson-yi/features/saml_auth
Additional updates/fixes for saml
This commit is contained in:
snipe
GitHub
commit
d22be8ee0e
|
|
@ -158,8 +158,6 @@ class Saml
|
|||
data_set($settings, 'sp.singleLogoutService.url', route('saml.sls'));
|
||||
data_set($settings, 'sp.x509cert', $setting->saml_sp_x509cert);
|
||||
data_set($settings, 'sp.privateKey', $setting->saml_sp_privatekey);
|
||||
data_set($settings, 'security.wantAssertionsSigned', true);
|
||||
data_set($settings, 'security.requestedAuthnContext', false);
|
||||
|
||||
if (!empty(data_get($settings, 'sp.privateKey'))) {
|
||||
data_set($settings, 'security.logoutRequestSigned', true);
|
||||
|
|
@ -167,31 +165,33 @@ class Saml
|
|||
}
|
||||
|
||||
$idpMetadata = $setting->saml_idp_metadata;
|
||||
$updatedAt = $setting->updated_at->timestamp;
|
||||
$metadataCache = Cache::get('saml_idp_metadata_cache');
|
||||
try {
|
||||
$url = null;
|
||||
$metadataInfo = null;
|
||||
if (!empty($idpMetadata)) {
|
||||
$updatedAt = $setting->updated_at->timestamp;
|
||||
$metadataCache = Cache::get('saml_idp_metadata_cache');
|
||||
try {
|
||||
$url = null;
|
||||
$metadataInfo = null;
|
||||
|
||||
if (empty($metadataCache) || $metadataCache['updated_at'] != $updatedAt) {
|
||||
if (filter_var($idpMetadata, FILTER_VALIDATE_URL)) {
|
||||
$url = $idpMetadata;
|
||||
$metadataInfo = OneLogin_Saml2_IdPMetadataParser::parseRemoteXML($idpMetadata);
|
||||
if (empty($metadataCache) || $metadataCache['updated_at'] != $updatedAt) {
|
||||
if (filter_var($idpMetadata, FILTER_VALIDATE_URL)) {
|
||||
$url = $idpMetadata;
|
||||
$metadataInfo = OneLogin_Saml2_IdPMetadataParser::parseRemoteXML($idpMetadata);
|
||||
} else {
|
||||
$metadataInfo = OneLogin_Saml2_IdPMetadataParser::parseXML($idpMetadata);
|
||||
}
|
||||
|
||||
Cache::put('saml_idp_metadata_cache', [
|
||||
'updated_at' => $updatedAt,
|
||||
'url' => $url,
|
||||
'metadata_info' => $metadataInfo,
|
||||
]);
|
||||
} else {
|
||||
$metadataInfo = OneLogin_Saml2_IdPMetadataParser::parseXML($idpMetadata);
|
||||
$metadataInfo = $metadataCache['metadata_info'];
|
||||
}
|
||||
|
||||
Cache::put('saml_idp_metadata_cache', [
|
||||
'updated_at' => $updatedAt,
|
||||
'url' => $url,
|
||||
'metadata_info' => $metadataInfo,
|
||||
], 604800);
|
||||
} else {
|
||||
$metadataInfo = $metadataCache['metadata_info'];
|
||||
$settings = OneLogin_Saml2_IdPMetadataParser::injectIntoSettings($settings, $metadataInfo);
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
|
||||
$settings = OneLogin_Saml2_IdPMetadataParser::injectIntoSettings($settings, $metadataInfo);
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
|
||||
$custom_settings = preg_split('/\r\n|\r|\n/', $setting->saml_custom_settings);
|
||||
|
|
|
|||
|
|
@ -120,6 +120,10 @@ return array(
|
|||
'qr_text' => 'QR Code Text',
|
||||
'saml_enabled' => 'SAML enabled',
|
||||
'saml_integration' => 'SAML Integration',
|
||||
'saml_sp_entityid' => 'Entity ID',
|
||||
'saml_sp_acs_url' => 'Assertion Consumer Service (ACS) URL',
|
||||
'saml_sp_sls_url' => 'Single Logout Service (SLS) URL',
|
||||
'saml_sp_x509cert' => 'Public Certificate',
|
||||
'saml_idp_metadata' => 'SAML IdP Metadata',
|
||||
'saml_idp_metadata_help' => 'You can specify the IdP metadata using a URL or XML file.',
|
||||
'saml_attr_mapping_username' => 'Attribute Mapping - Username',
|
||||
|
|
@ -129,7 +133,7 @@ return array(
|
|||
'saml_forcelogin_help' => 'You can use \'/login?nosaml\' to get to the normal login page.',
|
||||
'saml_slo_label' => 'SAML Single Log Out',
|
||||
'saml_slo' => 'Send a LogoutRequest to IdP on Logout',
|
||||
'saml_slo_help' => 'This will cause the user to be first redirected to the Idp on logout. Leave unchecked if the IdP doesn\'t correctly support SP-initiated SAML SLO.',
|
||||
'saml_slo_help' => 'This will cause the user to be first redirected to the IdP on logout. Leave unchecked if the IdP doesn\'t correctly support SP-initiated SAML SLO.',
|
||||
'saml_custom_settings' => 'SAML Custom Settings',
|
||||
'saml_custom_settings_help' => 'You can specify additional settings to the onelogin/php-saml library. Use at your own risk.',
|
||||
'setting' => 'Setting',
|
||||
|
|
|
|||
|
|
@ -30,9 +30,6 @@
|
|||
<input type="password" name="password_fake" id="password_fake" value="" style="display:none;" />
|
||||
|
||||
|
||||
@if (!empty($setting->saml_sp_x509cert))
|
||||
{{ Form::hidden('saml_sp_x509cert', $setting->saml_sp_x509cert) }}
|
||||
@endif
|
||||
|
||||
<div class="row">
|
||||
<div class="col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2">
|
||||
|
|
@ -57,8 +54,30 @@
|
|||
<div class="col-md-9">
|
||||
{{ Form::checkbox('saml_enabled', '1', Request::old('saml_enabled', $setting->saml_enabled), ['class' => 'minimal '. $setting->demoMode, $setting->demoMode]) }}
|
||||
{{ trans('admin/settings/general.saml_enabled') }}
|
||||
<p class="help-block"></p>
|
||||
@if ($setting->saml_enabled)
|
||||
<p class="help-block"><a href="{{ route('saml.metadata') }}" target="_blank">{{ route('saml.metadata') }}</a></p>
|
||||
<!-- SAML SP Details -->
|
||||
<!-- SAML SP Entity ID -->
|
||||
{{ Form::label('saml_sp_entitiyid', trans('admin/settings/general.saml_sp_entityid')) }}
|
||||
{{ Form::text('saml_sp_entitiyid', url('/'), ['class' => 'form-control', 'readonly']) }}
|
||||
<br>
|
||||
<!-- SAML SP ACS -->
|
||||
{{ Form::label('saml_sp_acs_url', trans('admin/settings/general.saml_sp_acs_url')) }}
|
||||
{{ Form::text('saml_sp_acs_url', route('saml.acs'), ['class' => 'form-control', 'readonly']) }}
|
||||
<br>
|
||||
<!-- SAML SP SLS -->
|
||||
{{ Form::label('saml_sp_sls_url', trans('admin/settings/general.saml_sp_sls_url')) }}
|
||||
{{ Form::text('saml_sp_sls_url', route('saml.sls'), ['class' => 'form-control', 'readonly']) }}
|
||||
<br>
|
||||
<!-- SAML SP Certificate -->
|
||||
@if (!empty($setting->saml_sp_x509cert))
|
||||
{{ Form::label('saml_sp_x509cert', trans('admin/settings/general.saml_sp_x509cert')) }}
|
||||
{{ Form::textarea('saml_sp_x509cert', $setting->saml_sp_x509cert, ['class' => 'form-control', 'wrap' => 'off', 'readonly']) }}
|
||||
<br>
|
||||
@endif
|
||||
<p class="help-block">
|
||||
<a href="{{ route('saml.metadata') }}" target="_blank" class="btn btn-default" style="margin-right: 5px;">View Metadata</a>
|
||||
</p>
|
||||
@endif
|
||||
{!! $errors->first('saml_enabled', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
|
||||
</div>
|
||||
|
|
@ -91,7 +110,7 @@
|
|||
<p class="help-block">{{ trans('admin/settings/general.saml_attr_mapping_username_help') }}</p>
|
||||
{!! $errors->first('saml_attr_mapping_username', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
|
||||
</div>
|
||||
</div><!-- AD Domain -->
|
||||
</div>
|
||||
|
||||
<!-- SAML Force Login -->
|
||||
<div class="form-group">
|
||||
|
|
|
|||
Loading…
Reference in a new issue