Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Delegate remote_user_id mapping to the saml mapping provider #6723

Merged
merged 3 commits into from
Jan 17, 2020
Merged

Delegate remote_user_id mapping to the saml mapping provider #6723

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
af3aedf
Allow the SAML attribute mapper to extract the remote userid
richvdh Jan 13, 2020
54ecbfb
raise exception if no remote_user_id found
richvdh Jan 14, 2020
7282f36
changelog
richvdh Jan 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/6723.misc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Updates to the SAML mapping provider API.
1 change: 1 addition & 0 deletions synapse/config/saml2_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ def read_config(self, config, **kwargs):
required_methods = [
"get_saml_attributes",
"saml_response_to_user_attributes",
"get_remote_user_id",
]
missing_methods = [
method
Expand Down
27 changes: 21 additions & 6 deletions synapse/handlers/saml_handler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,14 +135,15 @@ async def _map_saml_response_to_user(self, resp_bytes, client_redirect_url):
logger.info("SAML2 response: %s", saml2_auth.origxml)
logger.info("SAML2 mapped attributes: %s", saml2_auth.ava)

try:
remote_user_id = saml2_auth.ava["uid"][0]
except KeyError:
logger.warning("SAML2 response lacks a 'uid' attestation")
raise SynapseError(400, "'uid' not in SAML2 response")

self._outstanding_requests_dict.pop(saml2_auth.in_response_to, None)

remote_user_id = self._user_mapping_provider.get_remote_user_id(
saml2_auth, client_redirect_url
)

if not remote_user_id:
raise Exception("Failed to extract remote user id from SAML response")

with (await self._mapping_lock.queue(self._auth_provider_id)):
# first of all, check if we already have a mapping for this user
logger.info(
Expand Down Expand Up @@ -279,6 +280,20 @@ def __init__(self, parsed_config: SamlConfig, module_api: ModuleApi):
self._mxid_source_attribute = parsed_config.mxid_source_attribute
self._mxid_mapper = parsed_config.mxid_mapper

self._grandfathered_mxid_source_attribute = (
module_api._hs.config.saml2_grandfathered_mxid_source_attribute
)

def get_remote_user_id(
self, saml_response: saml2.response.AuthnResponse, client_redirect_url: str
):
"""Extracts the remote user id from the SAML response"""
try:
return saml_response.ava["uid"][0]
except KeyError:
logger.warning("SAML2 response lacks a 'uid' attestation")
raise SynapseError(400, "'uid' not in SAML2 response")

def saml_response_to_user_attributes(
self,
saml_response: saml2.response.AuthnResponse,
Expand Down