gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
Browse Source

Put SAML callback URI under /_synapse/client. (#9289)

tags/v1.27.0rc1
Richard van der Hoff 3 years ago
committed by GitHub
parent
846b9d3df0
commit
8f75bf1df7
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 25 additions and 13 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -0
      UPGRADE.rst
  2. +1
    -0
      changelog.d/9289.removal
  3. +2
    -2
      docs/sample_config.yaml
  4. +1
    -1
      docs/workers.md
  5. +4
    -4
      synapse/config/saml2_config.py
  6. +1
    -1
      synapse/handlers/saml_handler.py
  7. +6
    -3
      synapse/rest/synapse/client/__init__.py
  8. +6
    -2
      synapse/rest/synapse/client/saml2/__init__.py
  9. +0
    -0
      synapse/rest/synapse/client/saml2/metadata_resource.py
  10. +0
    -0
      synapse/rest/synapse/client/saml2/response_resource.py

+ 4
- 0
UPGRADE.rst View File

@@ -99,6 +99,10 @@ to the list of permitted "redirect URIs" at the identity provider.
See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
Connect.

(Note: a similar change is being made for SAML2; in this case the old URI
``[synapse public baseurl]/_matrix/saml2`` is being deprecated, but will continue to
work, so no immediate changes are required for existing installations.)

Changes to HTML templates
-------------------------



+ 1
- 0
changelog.d/9289.removal View File

@@ -0,0 +1 @@
Add new endpoint `/_synapse/client/saml2` for SAML2 authentication callbacks, and deprecate the old endpoint `/_matrix/saml2`.

+ 2
- 2
docs/sample_config.yaml View File

@@ -1566,10 +1566,10 @@ trusted_key_servers:
# enable SAML login.
#
# Once SAML support is enabled, a metadata file will be exposed at
# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to
# https://<server>:<port>/_synapse/client/saml2/metadata.xml, which you may be able to
# use to configure your SAML IdP with. Alternatively, you can manually configure
# the IdP to use an ACS location of
# https://<server>:<port>/_matrix/saml2/authn_response.
# https://<server>:<port>/_synapse/client/saml2/authn_response.
#
saml2_config:
# `sp_config` is the configuration for the pysaml2 Service Provider.


+ 1
- 1
docs/workers.md View File

@@ -269,7 +269,7 @@ using):
^/_synapse/client/oidc/callback$

# SAML requests.
^/_matrix/saml2/authn_response$
^/_synapse/client/saml2/authn_response$

# CAS requests.
^/_matrix/client/(api/v1|r0|unstable)/login/cas/ticket$


+ 4
- 4
synapse/config/saml2_config.py View File

@@ -194,8 +194,8 @@ class SAML2Config(Config):
optional_attributes.add(self.saml2_grandfathered_mxid_source_attribute)
optional_attributes -= required_attributes

metadata_url = public_baseurl + "_matrix/saml2/metadata.xml"
response_url = public_baseurl + "_matrix/saml2/authn_response"
metadata_url = public_baseurl + "_synapse/client/saml2/metadata.xml"
response_url = public_baseurl + "_synapse/client/saml2/authn_response"
return {
"entityid": metadata_url,
"service": {
@@ -233,10 +233,10 @@ class SAML2Config(Config):
# enable SAML login.
#
# Once SAML support is enabled, a metadata file will be exposed at
# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to
# https://<server>:<port>/_synapse/client/saml2/metadata.xml, which you may be able to
# use to configure your SAML IdP with. Alternatively, you can manually configure
# the IdP to use an ACS location of
# https://<server>:<port>/_matrix/saml2/authn_response.
# https://<server>:<port>/_synapse/client/saml2/authn_response.
#
saml2_config:
# `sp_config` is the configuration for the pysaml2 Service Provider.


+ 1
- 1
synapse/handlers/saml_handler.py View File

@@ -133,7 +133,7 @@ class SamlHandler(BaseHandler):
raise Exception("prepare_for_authenticate didn't return a Location header")

async def handle_saml_response(self, request: SynapseRequest) -> None:
"""Handle an incoming request to /_matrix/saml2/authn_response
"""Handle an incoming request to /_synapse/client/saml2/authn_response

Args:
request: the incoming request from the browser. We'll


+ 6
- 3
synapse/rest/synapse/client/__init__.py View File

@@ -52,10 +52,13 @@ def build_synapse_client_resource_tree(hs: "HomeServer") -> Mapping[str, Resourc
resources["/_synapse/client/oidc"] = OIDCResource(hs)

if hs.config.saml2_enabled:
from synapse.rest.saml2 import SAML2Resource
from synapse.rest.synapse.client.saml2 import SAML2Resource

# This is mounted under '/_matrix' for backwards-compatibility.
resources["/_matrix/saml2"] = SAML2Resource(hs)
res = SAML2Resource(hs)
resources["/_synapse/client/saml2"] = res

# This is also mounted under '/_matrix' for backwards-compatibility.
resources["/_matrix/saml2"] = res

return resources



synapse/rest/saml2/__init__.py → synapse/rest/synapse/client/saml2/__init__.py View File

@@ -12,12 +12,13 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import logging

from twisted.web.resource import Resource

from synapse.rest.saml2.metadata_resource import SAML2MetadataResource
from synapse.rest.saml2.response_resource import SAML2ResponseResource
from synapse.rest.synapse.client.saml2.metadata_resource import SAML2MetadataResource
from synapse.rest.synapse.client.saml2.response_resource import SAML2ResponseResource

logger = logging.getLogger(__name__)

@@ -27,3 +28,6 @@ class SAML2Resource(Resource):
Resource.__init__(self)
self.putChild(b"metadata.xml", SAML2MetadataResource(hs))
self.putChild(b"authn_response", SAML2ResponseResource(hs))


__all__ = ["SAML2Resource"]

synapse/rest/saml2/metadata_resource.py → synapse/rest/synapse/client/saml2/metadata_resource.py View File


synapse/rest/saml2/response_resource.py → synapse/rest/synapse/client/saml2/response_resource.py View File


Write Preview
Loading…
Cancel
Save