Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Implement SAML2 authentication #4267

Merged
merged 8 commits into from
Dec 7, 2018
Merged

Implement SAML2 authentication #4267

merged 8 commits into from
Dec 7, 2018

Commits on Dec 5, 2018

  1. Rip out half-implemented m.login.saml2 support 

    This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.
    @richvdh
    richvdh committed Dec 5, 2018
    Configuration menu
    Copy the full SHA
    4433796 View commit details
    Browse the repository at this point in the history

  2. drop undocumented dependency on dateutil 

    It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
    @richvdh
    richvdh committed Dec 5, 2018
    Configuration menu
    Copy the full SHA
    51d23e4 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'rav/drop_dateutil' into rav/remove_old_saml2

    @richvdh
    richvdh committed Dec 5, 2018
    Configuration menu
    Copy the full SHA
    c6d1858 View commit details
    Browse the repository at this point in the history

  4. Factor SSO success handling out of CAS login 

    This is mostly factoring out the post-CAS-login code to somewhere we can reuse
it for other SSO flows, but it also fixes the userid mapping while we're at it.
    @richvdh
    richvdh committed Dec 5, 2018
    Configuration menu
    Copy the full SHA
    c79afcb View commit details
    Browse the repository at this point in the history

  5. Merge branch 'rav/factor_out_sso_handling' into rav/saml2_auth/base

    @richvdh
    richvdh committed Dec 5, 2018
    Configuration menu
    Copy the full SHA
    c71d76f View commit details
    Browse the repository at this point in the history

  6. Implement SAML2 authentication 

    This implements both a SAML2 metadata endpoint (at
`/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at
`/_matrix/saml2/authn_response`). If the SAML2 response matches what's been
configured, we complete the SSO login flow by redirecting to the client url
(aka `RelayState` in SAML2 jargon) with a login token.

What we don't yet have is anything to build a SAML2 request and redirect the
user to the identity provider. That is left as an exercise for the reader.
    @richvdh
    richvdh committed Dec 5, 2018
    Configuration menu
    Copy the full SHA
    4e7643a View commit details
    Browse the repository at this point in the history

Commits on Dec 6, 2018

  1. Merge branch 'develop' into rav/saml2_auth/saml2_login

    @hawkowl
    hawkowl authored Dec 6, 2018
    Configuration menu
    Copy the full SHA
    357b913 View commit details
    Browse the repository at this point in the history

  2. Fix bad merge

    @richvdh
    richvdh committed Dec 6, 2018
    Configuration menu
    Copy the full SHA
    75843bd View commit details
    Browse the repository at this point in the history