From 7c638b245a4573b83f7027069e609c51f3da6bca Mon Sep 17 00:00:00 2001 From: Josip Mrden Date: Wed, 20 Mar 2024 12:19:12 +0100 Subject: [PATCH] Add SAML authentication auth module --- release/debian/conffiles | 1 + release/rpm/memgraph.spec.in | 1 + src/auth/CMakeLists.txt | 4 ++ src/auth/reference_modules/saml/saml.py | 51 +++++++++++++++++++ src/auth/reference_modules/saml/settings.json | 30 +++++++++++ 5 files changed, 87 insertions(+) create mode 100644 src/auth/reference_modules/saml/saml.py create mode 100644 src/auth/reference_modules/saml/settings.json diff --git a/release/debian/conffiles b/release/debian/conffiles index 125dfed845..4578de95fa 100644 --- a/release/debian/conffiles +++ b/release/debian/conffiles @@ -1,4 +1,5 @@ /etc/memgraph/memgraph.conf /etc/memgraph/apoc_compatibility_mappings.json /etc/memgraph/auth_module/ldap.example.yaml +/etc/memgraph/auth_module/saml/settings.json /etc/logrotate.d/memgraph diff --git a/release/rpm/memgraph.spec.in b/release/rpm/memgraph.spec.in index f0ce3044e7..23cd052bbf 100644 --- a/release/rpm/memgraph.spec.in +++ b/release/rpm/memgraph.spec.in @@ -134,6 +134,7 @@ echo "Don't forget to switch to the 'memgraph' user to use Memgraph" || exit 1 %config(noreplace) "/etc/memgraph/memgraph.conf" %config(noreplace) "/etc/memgraph/apoc_compatibility_mappings.json" %config(noreplace) "/etc/memgraph/auth_module/ldap.example.yaml" +%config(noreplace) "/etc/memgraph/auth_module/saml/settings.json" %config(noreplace) "/etc/logrotate.d/memgraph" @CPACK_RPM_USER_INSTALL_FILES@ diff --git a/src/auth/CMakeLists.txt b/src/auth/CMakeLists.txt index 49c8258c4d..527be0a323 100644 --- a/src/auth/CMakeLists.txt +++ b/src/auth/CMakeLists.txt @@ -29,3 +29,7 @@ install(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/reference_modules/ldap.py DESTINATION lib/memgraph/auth_module) install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/reference_modules/ldap.example.yaml DESTINATION /etc/memgraph/auth_module) +install(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/reference_modules/saml/saml.py + DESTINATION lib/memgraph/auth_module/saml) +install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/reference_modules/saml/settings.json + DESTINATION /etc/memgraph/auth_module/saml) diff --git a/src/auth/reference_modules/saml/saml.py b/src/auth/reference_modules/saml/saml.py new file mode 100644 index 0000000000..64c655f738 --- /dev/null +++ b/src/auth/reference_modules/saml/saml.py @@ -0,0 +1,51 @@ +#!/usr/bin/python3 +import io +import json +from os.path import dirname + +from onelogin.saml2.auth import OneLogin_Saml2_Auth +from onelogin.saml2.settings import OneLogin_Saml2_Settings + + +def init_saml_auth(req): + saml_settings = OneLogin_Saml2_Settings(custom_base_path=dirname(__file__)) + auth = OneLogin_Saml2_Auth(req, saml_settings) + return auth + + +def prepare_request(password): + # Dummy password Base64 encoded SAMLResponse assertion to be validated against the x509 certificate + # Delete this part as the Base64 encoded SAMLResponse needs to be inserted in the password field + # when communicating with the driver + password = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6UmVzcG9uc2UgRGVzdGluYXRpb249Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMC8/YWNzIiBJRD0iXzQyMzVjMWNmZTBhOTBmNzhiODFiIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzljZTc0Y2Q3ZTc3YmRlNDg0OTU4MjVmM2EwMTk4ZGQ1ZDkyNjQ1ZDIiIElzc3VlSW5zdGFudD0iMjAyNC0wMy0xOVQxNDo0OTozMC40MjBaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5IiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3NhbWwuZXhhbXBsZS5jb20vZW50aXR5aWQ8L3NhbWw6SXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48UmVmZXJlbmNlIFVSST0iI180MjM1YzFjZmUwYTkwZjc4YjgxYiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnVXOUoycnlCZm0yd2p2SDUzbWNtOGJhdWF2akpLNng0bTh0NUxYeGxXZTA9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPkxuTnFJR0lEaFN5dzU5MmU3WEYyOGlLcCtTYzVUUzduTFNnZm5yTmhpcW1tMHZrRHJkV1p2MkE3Y0pjRHJkcHpjVlJuTHlEUFRvTkxZR1BvZW5jdFd4ZmVhaGRiU3lMRzA0RTZDUDBvRzNXWFhpenpWSHJ4VWNXcHk3UmNObHp5SXRnK1g5MFRPaGdRSUprRXhpdFZjQjRJYldoVzZwbUZSRUNHOUgva1JhMS9pc0EwbSsyK0lUUmwra3ltekJlK2xqQXRyaldTbTFsWnoraVIrb0dPYlErQ3dVY2JCbVk5Q0htd2luVk5EVEF2ckkwZUJsalZzd3dpWkFPY05SZ0lJazVwRi9pNDRWREE1Z2JMZ0o4N3pmWnM0NnpDWU1FKzlnZDBTM3lUdlhnMzdlWEE5cnNnc0ErN0UyRDNYZEpMc1M4N3RoY0lRQmdwRGFjMDlLRmw0UT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlDNGpDQ0Fjb0NDUUMzM3dueWJUNVFaREFOQmdrcWhraUc5dzBCQVFzRkFEQXlNUXN3Q1FZRFZRUUdFd0pWClN6RVBNQTBHQTFVRUNnd0dRbTk0ZVVoUk1SSXdFQVlEVlFRRERBbE5iMk5ySUZOQlRVd3dJQmNOTWpJd01qSTQKTWpFME5qTTRXaGdQTXpBeU1UQTNNREV5TVRRMk16aGFNREl4Q3pBSkJnTlZCQVlUQWxWTE1ROHdEUVlEVlFRSwpEQVpDYjNoNVNGRXhFakFRQmdOVkJBTU1DVTF2WTJzZ1UwRk5URENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTEdmWWV0dE1zY3QxVDZ0VlV3VHVkTkpINVBuYjlHR25rWGk5WncvZTZ4NDVERDAKUnVST05iRmxKMlQ0UmpBRS91RytBalh4WFE4bzJTWmZiOStHZ21DSHVUSkZOZ0hvWjFuRlZYQ21iL0hnOEhwZAo0dk9BR1huZGl4YVJlT2lxM0VINVh2cE1qTWtKMys4KzlWWU16TVpPamtnUXRBcU8zNmVBRkZmTktYN2RUajNWCnB3TGt2ejYvS0ZDcThPQXdZK0FVaTRlWm01SjU3RDMxR3pqSHdmakg5V1RlWDBNeW5kbW5OQjFxVjc1cVFSM2IKMi9XNXNHSFJ2KzlBYXJnZ0prRitwdFVrWG9MdFZBNTF3Y2ZZbTZoSUxwdHBkZTVGUUM4UldZMVlyc3dCV0FFWgpOZnlyUjRKZVN3ZUVsTkhnNE5WT3M0VHdHak9Qd1dHcXpUZmdUbEVDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBQVlSbFlmbFNYQVdvWnBGZndOaUNRVkU1ZDl6WjBEUHpOZFdoQXliWGNUeU1mMHo1bURmNkZXQlcKNUd5b2k5dTNFTUVEbnpMY0pOa3dKQUFjMzlBcGE0STIvdG1sK0p5MjlkazhiVHlYNm05M25nbUNnZExoNVphNApraHVVM0FNM0w2M2c3VmV4Q3VPN2t3a2poLytMcWRjSVhzVkdPNlhEZnUyUU9zMVhwZTl6SXpMcHdtL1JOWWVYClVqYlNqNWNlL2pla3BBdzdxeVZWTDR4T3loOEF0VVcxZWszd0l3MU1KdkVnRVB0MGQxNm9zaFdKcG9TMU9UOEwKci8yMlN2WUVvM0VtU0dkVFZHZ2szeDNzK0EwcVdBcVRjeWpyN1E0cy9HS1lSRmZvbUd3ejBUWjRJdzFaTjk5TQptMGVvMlVTbFNSVFZsN1FIUlR1aXVTVGhIcExLUVE9PTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpTdGF0dXMgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiBJRD0iX2EyMTEwNWRkYzBhZmRlZTQwMjkxIiBJc3N1ZUluc3RhbnQ9IjIwMjQtMDMtMTlUMTQ6NDk6MzAuNDIwWiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cHM6Ly9zYW1sLmV4YW1wbGUuY29tL2VudGl0eWlkPC9zYW1sOklzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PFJlZmVyZW5jZSBVUkk9IiNfYTIxMTA1ZGRjMGFmZGVlNDAyOTEiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxEaWdlc3RWYWx1ZT5FankzUGs3dXhGTGE5eVM0Zi94R1VjUGtMQSt6akRFdFlGYVhkaUtmOWFjPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5uOUs4elZHdElTaU9LRXR2MjFiQnViOUNENHZCckNkY2o3d2FaNkdtVTJwdGc1QS9uL1ZSb1ZnN2E2NVFURTNLMTZsdVkxZk5vQlNCZFFmbTFpL295SGhRbkhqV1pNaWFsSjdza1dOK2kxclFtdFA5T2VoZlZoNWhxMUFTZ0dYZzZlZVoxL0ZTWFFMNnliVkRSS3FGYzVERVhDR0xuWXdWbnhzRkJrOU0rNkFscVdoTkNuS0hHOEZVUUtsZFhnWkpTNkxnZ0U2TmFxTmVrckEzZjJYSHJTYmx3aEdUSTN6VlZpSm0xU3krOWR1VFhRWFNvSyt6NnI1OWE5a0VweWd3L0RNUEkzZDcvcC9nUVN0WDhXZkFibERWcDZyekh0YU9McWIrc040TGZwUjVHaVY1QmlwcS9CU2lMWGFNMk54U0Znay9ZczlLSmlDTThaaWw5NVIvb0E9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU+TUlJQzRqQ0NBY29DQ1FDMzN3bnliVDVRWkRBTkJna3Foa2lHOXcwQkFRc0ZBREF5TVFzd0NRWURWUVFHRXdKVgpTekVQTUEwR0ExVUVDZ3dHUW05NGVVaFJNUkl3RUFZRFZRUUREQWxOYjJOcklGTkJUVXd3SUJjTk1qSXdNakk0Ck1qRTBOak00V2hnUE16QXlNVEEzTURFeU1UUTJNemhhTURJeEN6QUpCZ05WQkFZVEFsVkxNUTh3RFFZRFZRUUsKREFaQ2IzaDVTRkV4RWpBUUJnTlZCQU1NQ1Uxdlkyc2dVMEZOVERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUxHZllldHRNc2N0MVQ2dFZVd1R1ZE5KSDVQbmI5R0dua1hpOVp3L2U2eDQ1REQwClJ1Uk9OYkZsSjJUNFJqQUUvdUcrQWpYeFhROG8yU1pmYjkrR2dtQ0h1VEpGTmdIb1oxbkZWWENtYi9IZzhIcGQKNHZPQUdYbmRpeGFSZU9pcTNFSDVYdnBNak1rSjMrOCs5VllNek1aT2prZ1F0QXFPMzZlQUZGZk5LWDdkVGozVgpwd0xrdno2L0tGQ3E4T0F3WStBVWk0ZVptNUo1N0QzMUd6akh3ZmpIOVdUZVgwTXluZG1uTkIxcVY3NXFRUjNiCjIvVzVzR0hSdis5QWFyZ2dKa0YrcHRVa1hvTHRWQTUxd2NmWW02aElMcHRwZGU1RlFDOFJXWTFZcnN3QldBRVoKTmZ5clI0SmVTd2VFbE5IZzROVk9zNFR3R2pPUHdXR3F6VGZnVGxFQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQUFZUmxZZmxTWEFXb1pwRmZ3TmlDUVZFNWQ5elowRFB6TmRXaEF5YlhjVHlNZjB6NW1EZjZGV0JXCjVHeW9pOXUzRU1FRG56TGNKTmt3SkFBYzM5QXBhNEkyL3RtbCtKeTI5ZGs4YlR5WDZtOTNuZ21DZ2RMaDVaYTQKa2h1VTNBTTNMNjNnN1ZleEN1Tzdrd2tqaC8rTHFkY0lYc1ZHTzZYRGZ1MlFPczFYcGU5ekl6THB3bS9STlllWApVamJTajVjZS9qZWtwQXc3cXlWVkw0eE95aDhBdFVXMWVrM3dJdzFNSnZFZ0VQdDBkMTZvc2hXSnBvUzFPVDhMCnIvMjJTdllFbzNFbVNHZFRWR2drM3gzcytBMHFXQXFUY3lqcjdRNHMvR0tZUkZmb21Hd3owVFo0SXcxWk45OU0KbTBlbzJVU2xTUlRWbDdRSFJUdWl1U1RoSHBMS1FRPT08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48c2FtbDpTdWJqZWN0IHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+amFja3NvbkBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fOWNlNzRjZDdlNzdiZGU0ODQ5NTgyNWYzYTAxOThkZDVkOTI2NDVkMiIgTm90T25PckFmdGVyPSIyMDI0LTAzLTE5VDE0OjU0OjMwLjQyMFoiIFJlY2lwaWVudD0iaHR0cDovL2xvY2FsaG9zdDo4MDAwLz9hY3MiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNC0wMy0xOVQxNDo0NDozMC40MjBaIiBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDMtMTlUMTQ6NTQ6MzAuNDIwWiIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwOi8vbG9jYWxob3N0OjUwMDAvbWV0YWRhdGEvPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyNC0wMy0xOVQxNDo0OTozMC40MjBaIiBTZXNzaW9uSW5kZXg9Ik9ORUxPR0lOXzljZTc0Y2Q3ZTc3YmRlNDg0OTU4MjVmM2EwMTk4ZGQ1ZDkyNjQ1ZDIiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5zcG9ydDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjFkZGE5ZmI0OTFkYzAxYmQyNGQyNDIzYmEyZjIyYWU1NjFmNTZkZGYyMzc2YjI5YTExYzgwMjgxZDIxMjAxZjk8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZW1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+amFja3NvbkBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJmaXJzdE5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+amFja3Nvbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJsYXN0TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5qYWNrc29uPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+" + return { + "post_data": {"SAMLResponse": password}, + } + + +def authenticate(username, password): + # Validates the assertion using the SAML authentication protocol and authorizes the user + # with the proper role + # Change logic in order to determine the user's respective role + request = prepare_request(password) + auth = init_saml_auth(request) + + auth.process_response(request_id=None) + errors = auth.get_errors() + + if not auth.is_authenticated(): + return {"authenticated": False, "role": ""} + + attrs = auth.get_attributes() + + return {"authenticated": True, "role": "moderator"} + + +if __name__ == "__main__": + # Part specific to Memgraph's communication with the auth module + input_stream = io.FileIO(1000, mode="r") + output_stream = io.FileIO(1001, mode="w") + while True: + params = json.loads(input_stream.readline().decode("ascii")) + ret = authenticate(**params) + output_stream.write((json.dumps(ret) + "\n").encode("ascii")) diff --git a/src/auth/reference_modules/saml/settings.json b/src/auth/reference_modules/saml/settings.json new file mode 100644 index 0000000000..677fa63088 --- /dev/null +++ b/src/auth/reference_modules/saml/settings.json @@ -0,0 +1,30 @@ +{ + "strict": false, + "debug": true, + "sp": { + "entityId": "http://localhost:5000/metadata/", + "assertionConsumerService": { + "url": "http://localhost:8000/?acs", + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + }, + "singleLogoutService": { + "url": "http://localhost:5000/?sls", + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + }, + "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "x509cert": "", + "privateKey": "" + }, + "idp": { + "entityId": "https://saml.example.com/entityid", + "singleSignOnService": { + "url": "https://mocksaml.com/api/saml/sso", + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + }, + "singleLogoutService": { + "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/", + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + }, + "x509cert": "MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJVSzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQKDAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3VpwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZNfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeXUjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8Lr/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99Mm0eo2USlSRTVl7QHRTuiuSThHpLKQQ==" + } +}