|
576 | 576 | }, |
577 | 577 | } |
578 | 578 |
|
| 579 | +ENABLE_SAML_SOCIALACCOUNT = os.getenv("ENABLE_SAML_SOCIALACCOUNT", "False") == "True" |
| 580 | +if ENABLE_SAML_SOCIALACCOUNT: |
| 581 | + SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") |
| 582 | + |
| 583 | + if "allauth.socialaccount.providers.saml" not in INSTALLED_APPS: |
| 584 | + INSTALLED_APPS.append("allauth.socialaccount.providers.saml") |
| 585 | + |
| 586 | + # Microsoft Entra ID SAML Configuration |
| 587 | + SAML_APP_NAME = os.getenv("SAML_APP_NAME", "") |
| 588 | + SAML_APP_CLIENT_ID = os.getenv("SAML_APP_CLIENT_ID", "") |
| 589 | + SAML_APP_TENANT_ID = os.getenv("SAML_APP_TENANT_ID", "") |
| 590 | + SAML_APP_CERTIFICATE = os.getenv("SAML_APP_CERTIFICATE", "") |
| 591 | + |
| 592 | + SAML_APP = { |
| 593 | + "name": SAML_APP_NAME, |
| 594 | + "provider_id": f"https://login.microsoftonline.com/{SAML_APP_TENANT_ID}/", |
| 595 | + "client_id": SAML_APP_CLIENT_ID, |
| 596 | + "settings": { |
| 597 | + "attribute_mapping": { |
| 598 | + "uid": "http://schemas.microsoft.com/identity/claims/objectidentifier", |
| 599 | + "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", |
| 600 | + "first_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", |
| 601 | + "last_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", |
| 602 | + }, |
| 603 | + "idp": { |
| 604 | + "entity_id": f"https://sts.windows.net/{SAML_APP_TENANT_ID}/", |
| 605 | + "sso_url": f"https://login.microsoftonline.com/{SAML_APP_TENANT_ID}/saml2", |
| 606 | + "slo_url": f"https://login.microsoftonline.com/{SAML_APP_TENANT_ID}/saml2", |
| 607 | + "x509cert": SAML_APP_CERTIFICATE, |
| 608 | + }, |
| 609 | + # "advanced": { |
| 610 | + # "strict": False, |
| 611 | + # "authn_requests_signed": False, |
| 612 | + # "logout_request_signed": False, |
| 613 | + # "logout_response_signed": False, |
| 614 | + # "requested_authn_context": False, |
| 615 | + # "sign_metadata": False, |
| 616 | + # "want_assertion_encrypted": False, |
| 617 | + # "want_assertion_signed": True, |
| 618 | + # "want_messages_signed": False, |
| 619 | + # }, |
| 620 | + }, |
| 621 | + } |
| 622 | + |
| 623 | + SOCIALACCOUNT_PROVIDERS["saml"] = { |
| 624 | + "APPS": [SAML_APP], |
| 625 | + } |
| 626 | + |
579 | 627 | EVENT_TOPIC_MAPPING = { |
580 | 628 | "app.run.finished": [ |
581 | 629 | { |
|
0 commit comments