Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ENCRYPTION_KEYPAIRS to settings #216

Merged
merged 8 commits into from
Nov 9, 2023
Merged

Add ENCRYPTION_KEYPAIRS to settings #216

merged 8 commits into from
Nov 9, 2023

Conversation

gregorywong
Copy link
Contributor

This PR introduces a new configuration variable ENCRYPTION_KEYPAIRS to the settings.
In addition to allowing the user to set it, this enhancement will automatically set it for them if both KEY_FILE and CERT_FILE are defined.

When handling encrypted assertions, encryption_keypairs must be set in order for saml2 to properly decrypt them. Unfortunately, this is not fully documented, but it is a known issue noted by other users of pysaml2 (or libraries requiring it):
IdentityPython/pysaml2#346
IdentityPython/djangosaml2#22

This enhancement ensures that encrypted assertions can be handled successfully, while keeping the configuration settings DRY (i.e., no need to include CERT_FILE and KEY_FILE twice).

@CLAassistant
Copy link

CLAassistant commented Nov 9, 2023
edited

CLA assistant check
All committers have signed the CLA.

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@gregorywong
Copy link
Contributor Author

Tagging @mostafa for review. Thanks!

mostafa
mostafa reviewed Nov 9, 2023
View reviewed changes
Copy link
Member

@mostafa mostafa left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gregorywong
Thanks for your contribution! LGTM, but please consider fixing the comment before I merge.

README.md Show resolved Hide resolved
mostafa
mostafa approved these changes Nov 9, 2023
View reviewed changes
Copy link
Member

@mostafa mostafa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@mostafa mostafa merged commit 7a5723f into grafana:main Nov 9, 2023
14 checks passed
@mostafa mostafa mentioned this pull request Nov 9, 2023
Closed
@gregorywong gregorywong deleted the configure-encryption-keypairs branch November 10, 2023 07:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mostafa mostafa mostafa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@gregorywong @CLAassistant @mostafa