n0emis
/
matrix-synapse-saml-mozilla
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 Commits
1 Branch
0 Tags
139 KiB
Python 67.8%
JavaScript 16.7%
CSS 10.7%
HTML 4.8%
 
 
 
 
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '12e759155a'
${ noResults }
Go to file
Richard van der Hoff 12e759155a remove saml attribute maps and hardcode attribute names 
the maps are hard to maintain and don't add much value.
 		5 years ago
doc Allow users to pick a username on login (#1) 5 years ago
matrix_synapse_saml_mozilla remove saml attribute maps and hardcode attribute names 5 years ago
tests Block new registrations based on a domain blacklist (#2) 5 years ago
.gitignore update gitignore 5 years ago
LICENSE Initial commit 5 years ago
README.md don't forget to push your tags 5 years ago
setup.cfg Block new registrations based on a domain blacklist (#2) 5 years ago
setup.py switch to setuptools_scm 5 years ago
tox.ini bump to dev release of synapse 5 years ago

README.md

Synapse Mozilla SAML MXID Mapper

A Synapse plugin module which allows users to choose their username when they first log in.

Installation

This plugin can be installed via PyPi:

pip install matrix-synapse-saml-mozilla

Config

Add the following in your Synapse config:

   saml2_config:
     user_mapping_provider:
       module: "matrix_synapse_saml_mozilla.SamlMappingProvider"

Also, under the HTTP client listener, configure an additional_resource as per the below:

listeners:
  - port: <port>
    type: http

    resources:
      - names: [client]

    additional_resources:
      "/_matrix/saml2/pick_username":
        module: "matrix_synapse_saml_mozilla.pick_username_resource"

Configuration Options

Synapse allows SAML mapping providers to specify custom configuration through the saml2_config.user_mapping_provider.config option.

Currently the following options are supported:

  • use_name_id_for_remote_uid: if set to False, we will use the SAML attribute mapped to uid to identify the remote user instead of the NameID from the assertion. True by default.

  • bad_domain_file: should point a file containing a list of domains (one per line); users who have an email address on any of these domains will be blocked from registration.

  • bad_domain_list: an alternative to bad_domain_file allowing the list of bad domains to be specified inline in the config.

    If both bad_domain_file and bad_domain_list are specified, the two lists are merged.

Implementation notes

The login flow looks something like this:

login flow

Development and Testing

This repository uses tox to run linting and tests.

Linting

Code is linted with the flake8 tool. Run tox -e lint to check for linting errors in the codebase.

Tests

This repository uses unittest to run the tests located in the tests directory. They can be ran with tox -e tests.

Making a release

git tag vX.Y
python3 setup.py sdist
twine upload dist/matrix-synapse-saml-mozilla-X.Y.tar.gz
git push origin vX.Y