allow configuring saml in configuration.yml

pull/8113/head
ulferts 5 years ago
parent 092443d53d
commit 3f9672a903
No known key found for this signature in database
GPG Key ID: A205708DE1284017
  1. 80
      modules/auth_saml/README.md
  2. 17
      modules/auth_saml/lib/open_project/auth_saml/engine.rb

@ -4,27 +4,76 @@
This plugin provides the [OmniAuth SAML strategy](https://github.com/omniauth/omniauth-saml) into OpenProject.
## Installation
## Configuration
Add the following entries to your `Gemfile.plugins` in your OpenProject root directory:
The configuration can be provided in one of three ways:
gem 'openproject-auth_plugins', git: 'https://github.com/finnlabs/openproject-auth_plugins', branch: 'stable'
gem "openproject-auth_saml", git: 'https://github.com/finnlabs/openproject-auth_saml', branch: 'stable'
* configuration.yml file
* Environment variables
* settings.yml file
## Requirements
Whatever means are chosen, the plugin simply passes all options to omniauth-saml. See [their configuration
documentation](https://github.com/omniauth/omniauth-saml#usage) for further details.
* [omniauth-saml gem](https://github.com/omniauth/omniauth-saml) >= 1.4.0
* [OpenProject](https://www.openproject.org) >= 5.0
* [openproject-auth_plugins](https://github.com/opf/openproject-auth_plugins)
### configuration.yml file
## Configuration
The file
```bash
config/configuration.yml
```
can be extended to include the necessary settings. Everything belonging to the `saml` key will be made available to the plugin.
```yaml
saml:
my_saml:
name: "your-provider-name"
display_name: "My SAML provider"
# Use the default SAML icon
icon: "auth_provider-saml.png"
# omniauth-saml config
assertion_consumer_service_url: "consumer_service_url"
issuer: "issuer"
idp_sso_target_url: "idp_sso_target_url"
idp_cert_fingerprint: "E7:91:B2:E1:..."
attribute_statements:
email: ['mailPrimaryAddress']
name: ['gecos']
first_name: ['givenName']
last_name: ['sn']
admin: ['openproject-isadmin']
```
### Environment variables
As with all the rest of the OpenProject configuration settings, the saml configuration can be provided via environment variables.
E.g.
```bash
OPENPROJECT_SAML_MY__SAML_NAME="your-provider-name"
OPENPROJECT_SAML_MY__SAML_DISPLAY__NAME="My SAML provider"
...
OPENPROJECT_SAML_MY__SAML_ATTRIBUTE__STATEMENTS_ADMIN="['openproject-isadmin']"
```
Please note that every underscore (`_`) in the original configuration key has to be replaced by a duplicate underscore
(`__`) in the environment variable as the single underscore denotes namespaces.
### settings.yml file
For backwards compatibility, having a dedicated settings.yml is also supported.
To add your own SAML strategy provider(s), create the following settings file (relative to your OpenProject root):
```bash
config/plugins/auth_saml/settings.yml
```
with the following contents:
```yaml
your-provider-name:
name: "your-provider-name"
display_name: "My SAML provider"
@ -41,6 +90,7 @@ with the following contents:
first_name: ['givenName']
last_name: ['sn']
admin: ['openproject-isadmin']
```
The plugin simply passes all options to omniauth-saml. See [their configuration
documentation](https://github.com/omniauth/omniauth-saml#usage) for further
@ -51,14 +101,6 @@ details.
To add a custom icon to be rendered as your omniauth provider icon, add an
image asset to OpenProject and reference it in your `settings.yml`:
```bash
icon: "my/asset/path/to/icon.png"
## Copyrights & License
OpenProject SAML Auth is completely free and open source and released under the
[MIT
License](https://github.com/finnlabs/openproject-auth_saml/blob/dev/LICENSE).
Copyright (c) 2016 OpenProject GmbH
The default provider icon is a combination of icons from [Font Awesome by Dave Gandy](http://fontawesome.io).
```

@ -31,12 +31,19 @@ module OpenProject
end
register_auth_providers do
settings = Rails.root.join('config', 'plugins', 'auth_saml', 'settings.yml')
if settings.exist?
Rails.logger.info("[auth_saml] Registering saml integration from 'config/plugins/auth_saml/settings.yml'")
providers = YAML::load(File.open(settings)).symbolize_keys
configuration = if OpenProject::Configuration['saml'].present?
Rails.logger.info("[auth_saml] Registering saml integration from configuration.yml")
OpenProject::Configuration['saml']
elsif (settings = Rails.root.join('config', 'plugins', 'auth_saml', 'settings.yml')).exist?
Rails.logger.info("[auth_saml] Registering saml integration from settings file")
YAML::load(File.open(settings)).symbolize_keys
end
if configuration
strategy :saml do
providers.values.map do |h|
configuration.values.map do |h|
h[:openproject_attribute_map] = Proc.new do |auth|
{
login: auth[:uid],

Loading…
Cancel
Save