Allow customizing IdP name and icon for SAML and CAS (#16094)

pull/16103/head
Gabriel Rodríguez 2023-08-11 16:15:17 -04:00 committed by GitHub
parent 614efc488b
commit 9ff84bccbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 44 additions and 11 deletions

View File

@ -0,0 +1 @@
Allow customising the IdP display name, icon, and brand for SAML and CAS providers (in addition to OIDC provider).

View File

@ -3025,6 +3025,16 @@ enable SAML login. You can either put your entire pysaml config inline using the
option, or you can specify a path to a psyaml config file with the sub-option `config_path`. option, or you can specify a path to a psyaml config file with the sub-option `config_path`.
This setting has the following sub-options: This setting has the following sub-options:
* `idp_name`: A user-facing name for this identity provider, which is used to
offer the user a choice of login mechanisms.
* `idp_icon`: An optional icon for this identity provider, which is presented
by clients and Synapse's own IdP picker page. If given, must be an
MXC URI of the format `mxc://<server-name>/<media-id>`. (An easy way to
obtain such an MXC URI is to upload an image to an (unencrypted) room
and then copy the "url" from the source of the event.)
* `idp_brand`: An optional brand for this identity provider, allowing clients
to style the login flow according to the identity provider in question.
See the [spec](https://spec.matrix.org/latest/) for possible options here.
* `sp_config`: the configuration for the pysaml2 Service Provider. See pysaml2 docs for format of config. * `sp_config`: the configuration for the pysaml2 Service Provider. See pysaml2 docs for format of config.
Default values will be used for the `entityid` and `service` settings, Default values will be used for the `entityid` and `service` settings,
so it is not normally necessary to specify them unless you need to so it is not normally necessary to specify them unless you need to
@ -3176,7 +3186,7 @@ Options for each entry include:
* `idp_icon`: An optional icon for this identity provider, which is presented * `idp_icon`: An optional icon for this identity provider, which is presented
by clients and Synapse's own IdP picker page. If given, must be an by clients and Synapse's own IdP picker page. If given, must be an
MXC URI of the format mxc://<server-name>/<media-id>. (An easy way to MXC URI of the format `mxc://<server-name>/<media-id>`. (An easy way to
obtain such an MXC URI is to upload an image to an (unencrypted) room obtain such an MXC URI is to upload an image to an (unencrypted) room
and then copy the "url" from the source of the event.) and then copy the "url" from the source of the event.)
@ -3391,6 +3401,16 @@ Enable Central Authentication Service (CAS) for registration and login.
Has the following sub-options: Has the following sub-options:
* `enabled`: Set this to true to enable authorization against a CAS server. * `enabled`: Set this to true to enable authorization against a CAS server.
Defaults to false. Defaults to false.
* `idp_name`: A user-facing name for this identity provider, which is used to
offer the user a choice of login mechanisms.
* `idp_icon`: An optional icon for this identity provider, which is presented
by clients and Synapse's own IdP picker page. If given, must be an
MXC URI of the format `mxc://<server-name>/<media-id>`. (An easy way to
obtain such an MXC URI is to upload an image to an (unencrypted) room
and then copy the "url" from the source of the event.)
* `idp_brand`: An optional brand for this identity provider, allowing clients
to style the login flow according to the identity provider in question.
See the [spec](https://spec.matrix.org/latest/) for possible options here.
* `server_url`: The URL of the CAS authorization endpoint. * `server_url`: The URL of the CAS authorization endpoint.
* `displayname_attribute`: The attribute of the CAS response to use as the display name. * `displayname_attribute`: The attribute of the CAS response to use as the display name.
If no name is given here, no displayname will be set. If no name is given here, no displayname will be set.

View File

@ -47,6 +47,10 @@ class CasConfig(Config):
required_attributes required_attributes
) )
self.idp_name = cas_config.get("idp_name", "CAS")
self.idp_icon = cas_config.get("idp_icon")
self.idp_brand = cas_config.get("idp_brand")
else: else:
self.cas_server_url = None self.cas_server_url = None
self.cas_service_url = None self.cas_service_url = None

View File

@ -89,8 +89,14 @@ class SAML2Config(Config):
"grandfathered_mxid_source_attribute", "uid" "grandfathered_mxid_source_attribute", "uid"
) )
# refers to a SAML IdP entity ID
self.saml2_idp_entityid = saml2_config.get("idp_entityid", None) self.saml2_idp_entityid = saml2_config.get("idp_entityid", None)
# IdP properties for Matrix clients
self.idp_name = saml2_config.get("idp_name", "SAML")
self.idp_icon = saml2_config.get("idp_icon")
self.idp_brand = saml2_config.get("idp_brand")
# user_mapping_provider may be None if the key is present but has no value # user_mapping_provider may be None if the key is present but has no value
ump_dict = saml2_config.get("user_mapping_provider") or {} ump_dict = saml2_config.get("user_mapping_provider") or {}

View File

@ -76,12 +76,13 @@ class CasHandler:
self.idp_id = "cas" self.idp_id = "cas"
# user-facing name of this auth provider # user-facing name of this auth provider
self.idp_name = "CAS" self.idp_name = hs.config.cas.idp_name
# we do not currently support brands/icons for CAS auth, but this is required by # MXC URI for icon for this auth provider
# the SsoIdentityProvider protocol type. self.idp_icon = hs.config.cas.idp_icon
self.idp_icon = None
self.idp_brand = None # optional brand identifier for this auth provider
self.idp_brand = hs.config.cas.idp_brand
self._sso_handler = hs.get_sso_handler() self._sso_handler = hs.get_sso_handler()

View File

@ -74,12 +74,13 @@ class SamlHandler:
self.idp_id = "saml" self.idp_id = "saml"
# user-facing name of this auth provider # user-facing name of this auth provider
self.idp_name = "SAML" self.idp_name = hs.config.saml2.idp_name
# we do not currently support icons/brands for SAML auth, but this is required by # MXC URI for icon for this auth provider
# the SsoIdentityProvider protocol type. self.idp_icon = hs.config.saml2.idp_icon
self.idp_icon = None
self.idp_brand = None # optional brand identifier for this auth provider
self.idp_brand = hs.config.saml2.idp_brand
# a map from saml session id to Saml2SessionData object # a map from saml session id to Saml2SessionData object
self._outstanding_requests_dict: Dict[str, Saml2SessionData] = {} self._outstanding_requests_dict: Dict[str, Saml2SessionData] = {}