Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SAML Auth Provider #1576

Open
wants to merge 4 commits into
base: master
from

Conversation

@Xiphoseer
Copy link
Contributor

commented Aug 5, 2019

This PR should be the base of adding SAML as an additional authentication provider for bookstack accounts. Currently with some minimal configuration in .env as specified below, the use should be redirected to the configured identity provide and redirected back to the application. The actual handling of the logged in event remains to be done, as the data sent to the IDP is still somehow broken. Hence the WIP for this PR.

SAML2_ENABLED=true
SAML2_IDP_SSO=https://example.com/idp/SSORedirectLogin
SAML2_IDP_x509=BASE64IDPCERT==
SAML2_IDP_ENTITYID=https://example.com/idp/metadata.xml
@Xiphoseer

This comment has been minimized.

Copy link
Contributor Author

commented Aug 6, 2019

Ok, the login should now work, including automatic registration. The SAML provider is implemented in a very similar way to a Socialite plugin. It may be possible to refactor this into an actual socialite plugin. When I checked last week, such a plugin was not available. The configuration now allows for variables like

SAML_USER_NAME_ATTRIBUTE=username
SAML_DISPLAY_NAME_ATTRIBUTE=firstName|lastName
SAML_AUTO_REGISTER=true

I'll address the codeclimate issues in some upcoming commit.

Xiphoseer added 2 commits Aug 7, 2019
@Xiphoseer Xiphoseer referenced this pull request Aug 7, 2019

@Xiphoseer Xiphoseer changed the title WIP: Initial work on SAML integration SAML Auth Provider Aug 7, 2019

@Xiphoseer

This comment has been minimized.

Copy link
Contributor Author

commented Aug 7, 2019

Synchronizing groups now works the same as with the LDAP service. There is now an ExternalAuthService in BookStack\Auth\Access, that contains the common functionality. Ideally, someone would turn this into a proper socialite provider, but that needs to be maintained.

@ssddanbrown

This comment has been minimized.

Copy link
Member

commented Aug 11, 2019

Thank you very much @Xiphoseer for your work here. Code looks great from a quick scan but I'll have a deeper review at some point soon. I'll probably focus on getting v0.27 done before then coming back to this, Hopefully so this is part of v0.28.

Don't worry too much about codeclimate issues btw, I'm always creating new codeclimate issues 😅

@ssddanbrown ssddanbrown added this to the v0.28.0 milestone Sep 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.