Initial support for SAML authentication

2025-06-01 07:38:33 -04:00 · 2017-11-28 12:46:58 +09:00 · 2017-11-28 12:46:58 +09:00 · 4a4ae9d332
commit 4a4ae9d332
parent 9c002ce29b
12 changed files with 157 additions and 4 deletions
--- a/lib/config/default.js
+++ b/lib/config/default.js
@ -98,6 +98,22 @@ module.exports = {
    searchAttributes: undefined,
    tlsca: undefined
  },
+  saml: {
+    idpSsoUrl: undefined,
+    idpCert: undefined,
+    issuer: undefined,
+    callbackUrl: undefined,
+    identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+    groupAttribute: undefined,
+    externalGroups: [],
+    requiredGroups: [],
+    attribute: {
+      id: undefined,
+      username: undefined,
+      displayName: undefined,
+      email: undefined
+    }
+  },
  email: true,
  allowemailregister: true,
  allowpdfexport: true
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -73,6 +73,10 @@ module.exports = {
    searchAttributes: process.env.HMD_LDAP_SEARCHATTRIBUTES,
    tlsca: process.env.HMD_LDAP_TLS_CA
  },
+  saml: {
+    idpSsoUrl: process.env.HMD_SAML_IDPSSOURL,
+    idpCert: process.env.HMD_SAML_IDPCERT
+  },
  email: toBooleanConfig(process.env.HMD_EMAIL),
  allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),
  allowpdfexport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT)
--- a/lib/config/index.js
+++ b/lib/config/index.js
@ -92,6 +92,7 @@ config.isGitHubEnable = config.github.clientID && config.github.clientSecret
 config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
 config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret
 config.isLDAPEnable = config.ldap.url
+config.isSAMLEnable = config.saml.idpSsoUrl
 config.isPDFExportEnable = config.allowpdfexport

 // generate correct path