Allow customizing IdP name and icon for SAML and CAS (#16094)
parent
614efc488b
commit
9ff84bccbb
|
@ -0,0 +1 @@
|
||||||
|
Allow customising the IdP display name, icon, and brand for SAML and CAS providers (in addition to OIDC provider).
|
|
@ -3025,6 +3025,16 @@ enable SAML login. You can either put your entire pysaml config inline using the
|
||||||
option, or you can specify a path to a psyaml config file with the sub-option `config_path`.
|
option, or you can specify a path to a psyaml config file with the sub-option `config_path`.
|
||||||
This setting has the following sub-options:
|
This setting has the following sub-options:
|
||||||
|
|
||||||
|
* `idp_name`: A user-facing name for this identity provider, which is used to
|
||||||
|
offer the user a choice of login mechanisms.
|
||||||
|
* `idp_icon`: An optional icon for this identity provider, which is presented
|
||||||
|
by clients and Synapse's own IdP picker page. If given, must be an
|
||||||
|
MXC URI of the format `mxc://<server-name>/<media-id>`. (An easy way to
|
||||||
|
obtain such an MXC URI is to upload an image to an (unencrypted) room
|
||||||
|
and then copy the "url" from the source of the event.)
|
||||||
|
* `idp_brand`: An optional brand for this identity provider, allowing clients
|
||||||
|
to style the login flow according to the identity provider in question.
|
||||||
|
See the [spec](https://spec.matrix.org/latest/) for possible options here.
|
||||||
* `sp_config`: the configuration for the pysaml2 Service Provider. See pysaml2 docs for format of config.
|
* `sp_config`: the configuration for the pysaml2 Service Provider. See pysaml2 docs for format of config.
|
||||||
Default values will be used for the `entityid` and `service` settings,
|
Default values will be used for the `entityid` and `service` settings,
|
||||||
so it is not normally necessary to specify them unless you need to
|
so it is not normally necessary to specify them unless you need to
|
||||||
|
@ -3176,7 +3186,7 @@ Options for each entry include:
|
||||||
|
|
||||||
* `idp_icon`: An optional icon for this identity provider, which is presented
|
* `idp_icon`: An optional icon for this identity provider, which is presented
|
||||||
by clients and Synapse's own IdP picker page. If given, must be an
|
by clients and Synapse's own IdP picker page. If given, must be an
|
||||||
MXC URI of the format mxc://<server-name>/<media-id>. (An easy way to
|
MXC URI of the format `mxc://<server-name>/<media-id>`. (An easy way to
|
||||||
obtain such an MXC URI is to upload an image to an (unencrypted) room
|
obtain such an MXC URI is to upload an image to an (unencrypted) room
|
||||||
and then copy the "url" from the source of the event.)
|
and then copy the "url" from the source of the event.)
|
||||||
|
|
||||||
|
@ -3391,6 +3401,16 @@ Enable Central Authentication Service (CAS) for registration and login.
|
||||||
Has the following sub-options:
|
Has the following sub-options:
|
||||||
* `enabled`: Set this to true to enable authorization against a CAS server.
|
* `enabled`: Set this to true to enable authorization against a CAS server.
|
||||||
Defaults to false.
|
Defaults to false.
|
||||||
|
* `idp_name`: A user-facing name for this identity provider, which is used to
|
||||||
|
offer the user a choice of login mechanisms.
|
||||||
|
* `idp_icon`: An optional icon for this identity provider, which is presented
|
||||||
|
by clients and Synapse's own IdP picker page. If given, must be an
|
||||||
|
MXC URI of the format `mxc://<server-name>/<media-id>`. (An easy way to
|
||||||
|
obtain such an MXC URI is to upload an image to an (unencrypted) room
|
||||||
|
and then copy the "url" from the source of the event.)
|
||||||
|
* `idp_brand`: An optional brand for this identity provider, allowing clients
|
||||||
|
to style the login flow according to the identity provider in question.
|
||||||
|
See the [spec](https://spec.matrix.org/latest/) for possible options here.
|
||||||
* `server_url`: The URL of the CAS authorization endpoint.
|
* `server_url`: The URL of the CAS authorization endpoint.
|
||||||
* `displayname_attribute`: The attribute of the CAS response to use as the display name.
|
* `displayname_attribute`: The attribute of the CAS response to use as the display name.
|
||||||
If no name is given here, no displayname will be set.
|
If no name is given here, no displayname will be set.
|
||||||
|
|
|
@ -47,6 +47,10 @@ class CasConfig(Config):
|
||||||
required_attributes
|
required_attributes
|
||||||
)
|
)
|
||||||
|
|
||||||
|
self.idp_name = cas_config.get("idp_name", "CAS")
|
||||||
|
self.idp_icon = cas_config.get("idp_icon")
|
||||||
|
self.idp_brand = cas_config.get("idp_brand")
|
||||||
|
|
||||||
else:
|
else:
|
||||||
self.cas_server_url = None
|
self.cas_server_url = None
|
||||||
self.cas_service_url = None
|
self.cas_service_url = None
|
||||||
|
|
|
@ -89,8 +89,14 @@ class SAML2Config(Config):
|
||||||
"grandfathered_mxid_source_attribute", "uid"
|
"grandfathered_mxid_source_attribute", "uid"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# refers to a SAML IdP entity ID
|
||||||
self.saml2_idp_entityid = saml2_config.get("idp_entityid", None)
|
self.saml2_idp_entityid = saml2_config.get("idp_entityid", None)
|
||||||
|
|
||||||
|
# IdP properties for Matrix clients
|
||||||
|
self.idp_name = saml2_config.get("idp_name", "SAML")
|
||||||
|
self.idp_icon = saml2_config.get("idp_icon")
|
||||||
|
self.idp_brand = saml2_config.get("idp_brand")
|
||||||
|
|
||||||
# user_mapping_provider may be None if the key is present but has no value
|
# user_mapping_provider may be None if the key is present but has no value
|
||||||
ump_dict = saml2_config.get("user_mapping_provider") or {}
|
ump_dict = saml2_config.get("user_mapping_provider") or {}
|
||||||
|
|
||||||
|
|
|
@ -76,12 +76,13 @@ class CasHandler:
|
||||||
self.idp_id = "cas"
|
self.idp_id = "cas"
|
||||||
|
|
||||||
# user-facing name of this auth provider
|
# user-facing name of this auth provider
|
||||||
self.idp_name = "CAS"
|
self.idp_name = hs.config.cas.idp_name
|
||||||
|
|
||||||
# we do not currently support brands/icons for CAS auth, but this is required by
|
# MXC URI for icon for this auth provider
|
||||||
# the SsoIdentityProvider protocol type.
|
self.idp_icon = hs.config.cas.idp_icon
|
||||||
self.idp_icon = None
|
|
||||||
self.idp_brand = None
|
# optional brand identifier for this auth provider
|
||||||
|
self.idp_brand = hs.config.cas.idp_brand
|
||||||
|
|
||||||
self._sso_handler = hs.get_sso_handler()
|
self._sso_handler = hs.get_sso_handler()
|
||||||
|
|
||||||
|
|
|
@ -74,12 +74,13 @@ class SamlHandler:
|
||||||
self.idp_id = "saml"
|
self.idp_id = "saml"
|
||||||
|
|
||||||
# user-facing name of this auth provider
|
# user-facing name of this auth provider
|
||||||
self.idp_name = "SAML"
|
self.idp_name = hs.config.saml2.idp_name
|
||||||
|
|
||||||
# we do not currently support icons/brands for SAML auth, but this is required by
|
# MXC URI for icon for this auth provider
|
||||||
# the SsoIdentityProvider protocol type.
|
self.idp_icon = hs.config.saml2.idp_icon
|
||||||
self.idp_icon = None
|
|
||||||
self.idp_brand = None
|
# optional brand identifier for this auth provider
|
||||||
|
self.idp_brand = hs.config.saml2.idp_brand
|
||||||
|
|
||||||
# a map from saml session id to Saml2SessionData object
|
# a map from saml session id to Saml2SessionData object
|
||||||
self._outstanding_requests_dict: Dict[str, Saml2SessionData] = {}
|
self._outstanding_requests_dict: Dict[str, Saml2SessionData] = {}
|
||||||
|
|
Loading…
Reference in New Issue