Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SAML authentication module #1839

Closed
wants to merge 3 commits into from
Closed

Add SAML authentication module #1839

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7c638b2
Add SAML authentication auth module
Josipmrden Mar 20, 2024
f7c95bd
Merge branch 'master' into saml-authentication
antepusic Apr 19, 2024
4335325
Merge branch 'master' into saml-authentication
antepusic Apr 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions release/debian/conffiles
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
/etc/memgraph/memgraph.conf
/etc/memgraph/apoc_compatibility_mappings.json
/etc/memgraph/auth_module/ldap.example.yaml
/etc/memgraph/auth_module/saml/settings.json
/etc/logrotate.d/memgraph
1 change: 1 addition & 0 deletions release/rpm/memgraph.spec.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ echo "Don't forget to switch to the 'memgraph' user to use Memgraph" || exit 1
%config(noreplace) "/etc/memgraph/memgraph.conf"
%config(noreplace) "/etc/memgraph/apoc_compatibility_mappings.json"
%config(noreplace) "/etc/memgraph/auth_module/ldap.example.yaml"
%config(noreplace) "/etc/memgraph/auth_module/saml/settings.json"
%config(noreplace) "/etc/logrotate.d/memgraph"

@CPACK_RPM_USER_INSTALL_FILES@
Expand Down
4 changes: 4 additions & 0 deletions src/auth/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,7 @@ install(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/reference_modules/ldap.py
DESTINATION lib/memgraph/auth_module)
install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/reference_modules/ldap.example.yaml
DESTINATION /etc/memgraph/auth_module)
install(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/reference_modules/saml/saml.py
DESTINATION lib/memgraph/auth_module/saml)
install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/reference_modules/saml/settings.json
DESTINATION /etc/memgraph/auth_module/saml)
51 changes: 51 additions & 0 deletions src/auth/reference_modules/saml/saml.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/usr/bin/python3
import io
import json
from os.path import dirname

from onelogin.saml2.auth import OneLogin_Saml2_Auth
from onelogin.saml2.settings import OneLogin_Saml2_Settings


def init_saml_auth(req):
saml_settings = OneLogin_Saml2_Settings(custom_base_path=dirname(__file__))
auth = OneLogin_Saml2_Auth(req, saml_settings)
return auth


def prepare_request(password):
# Dummy password Base64 encoded SAMLResponse assertion to be validated against the x509 certificate
# Delete this part as the Base64 encoded SAMLResponse needs to be inserted in the password field
# when communicating with the driver
password = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6UmVzcG9uc2UgRGVzdGluYXRpb249Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMC8/YWNzIiBJRD0iXzQyMzVjMWNmZTBhOTBmNzhiODFiIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzljZTc0Y2Q3ZTc3YmRlNDg0OTU4MjVmM2EwMTk4ZGQ1ZDkyNjQ1ZDIiIElzc3VlSW5zdGFudD0iMjAyNC0wMy0xOVQxNDo0OTozMC40MjBaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5IiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3NhbWwuZXhhbXBsZS5jb20vZW50aXR5aWQ8L3NhbWw6SXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48UmVmZXJlbmNlIFVSST0iI180MjM1YzFjZmUwYTkwZjc4YjgxYiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PERpZ2VzdFZhbHVlPnVXOUoycnlCZm0yd2p2SDUzbWNtOGJhdWF2akpLNng0bTh0NUxYeGxXZTA9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPkxuTnFJR0lEaFN5dzU5MmU3WEYyOGlLcCtTYzVUUzduTFNnZm5yTmhpcW1tMHZrRHJkV1p2MkE3Y0pjRHJkcHpjVlJuTHlEUFRvTkxZR1BvZW5jdFd4ZmVhaGRiU3lMRzA0RTZDUDBvRzNXWFhpenpWSHJ4VWNXcHk3UmNObHp5SXRnK1g5MFRPaGdRSUprRXhpdFZjQjRJYldoVzZwbUZSRUNHOUgva1JhMS9pc0EwbSsyK0lUUmwra3ltekJlK2xqQXRyaldTbTFsWnoraVIrb0dPYlErQ3dVY2JCbVk5Q0htd2luVk5EVEF2ckkwZUJsalZzd3dpWkFPY05SZ0lJazVwRi9pNDRWREE1Z2JMZ0o4N3pmWnM0NnpDWU1FKzlnZDBTM3lUdlhnMzdlWEE5cnNnc0ErN0UyRDNYZEpMc1M4N3RoY0lRQmdwRGFjMDlLRmw0UT09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE+PFg1MDlDZXJ0aWZpY2F0ZT5NSUlDNGpDQ0Fjb0NDUUMzM3dueWJUNVFaREFOQmdrcWhraUc5dzBCQVFzRkFEQXlNUXN3Q1FZRFZRUUdFd0pWClN6RVBNQTBHQTFVRUNnd0dRbTk0ZVVoUk1SSXdFQVlEVlFRRERBbE5iMk5ySUZOQlRVd3dJQmNOTWpJd01qSTQKTWpFME5qTTRXaGdQTXpBeU1UQTNNREV5TVRRMk16aGFNREl4Q3pBSkJnTlZCQVlUQWxWTE1ROHdEUVlEVlFRSwpEQVpDYjNoNVNGRXhFakFRQmdOVkJBTU1DVTF2WTJzZ1UwRk5URENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTEdmWWV0dE1zY3QxVDZ0VlV3VHVkTkpINVBuYjlHR25rWGk5WncvZTZ4NDVERDAKUnVST05iRmxKMlQ0UmpBRS91RytBalh4WFE4bzJTWmZiOStHZ21DSHVUSkZOZ0hvWjFuRlZYQ21iL0hnOEhwZAo0dk9BR1huZGl4YVJlT2lxM0VINVh2cE1qTWtKMys4KzlWWU16TVpPamtnUXRBcU8zNmVBRkZmTktYN2RUajNWCnB3TGt2ejYvS0ZDcThPQXdZK0FVaTRlWm01SjU3RDMxR3pqSHdmakg5V1RlWDBNeW5kbW5OQjFxVjc1cVFSM2IKMi9XNXNHSFJ2KzlBYXJnZ0prRitwdFVrWG9MdFZBNTF3Y2ZZbTZoSUxwdHBkZTVGUUM4UldZMVlyc3dCV0FFWgpOZnlyUjRKZVN3ZUVsTkhnNE5WT3M0VHdHak9Qd1dHcXpUZmdUbEVDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBQVlSbFlmbFNYQVdvWnBGZndOaUNRVkU1ZDl6WjBEUHpOZFdoQXliWGNUeU1mMHo1bURmNkZXQlcKNUd5b2k5dTNFTUVEbnpMY0pOa3dKQUFjMzlBcGE0STIvdG1sK0p5MjlkazhiVHlYNm05M25nbUNnZExoNVphNApraHVVM0FNM0w2M2c3VmV4Q3VPN2t3a2poLytMcWRjSVhzVkdPNlhEZnUyUU9zMVhwZTl6SXpMcHdtL1JOWWVYClVqYlNqNWNlL2pla3BBdzdxeVZWTDR4T3loOEF0VVcxZWszd0l3MU1KdkVnRVB0MGQxNm9zaFdKcG9TMU9UOEwKci8yMlN2WUVvM0VtU0dkVFZHZ2szeDNzK0EwcVdBcVRjeWpyN1E0cy9HS1lSRmZvbUd3ejBUWjRJdzFaTjk5TQptMGVvMlVTbFNSVFZsN1FIUlR1aXVTVGhIcExLUVE9PTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpTdGF0dXMgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiBJRD0iX2EyMTEwNWRkYzBhZmRlZTQwMjkxIiBJc3N1ZUluc3RhbnQ9IjIwMjQtMDMtMTlUMTQ6NDk6MzAuNDIwWiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cHM6Ly9zYW1sLmV4YW1wbGUuY29tL2VudGl0eWlkPC9zYW1sOklzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PFJlZmVyZW5jZSBVUkk9IiNfYTIxMTA1ZGRjMGFmZGVlNDAyOTEiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxEaWdlc3RWYWx1ZT5FankzUGs3dXhGTGE5eVM0Zi94R1VjUGtMQSt6akRFdFlGYVhkaUtmOWFjPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5uOUs4elZHdElTaU9LRXR2MjFiQnViOUNENHZCckNkY2o3d2FaNkdtVTJwdGc1QS9uL1ZSb1ZnN2E2NVFURTNLMTZsdVkxZk5vQlNCZFFmbTFpL295SGhRbkhqV1pNaWFsSjdza1dOK2kxclFtdFA5T2VoZlZoNWhxMUFTZ0dYZzZlZVoxL0ZTWFFMNnliVkRSS3FGYzVERVhDR0xuWXdWbnhzRkJrOU0rNkFscVdoTkNuS0hHOEZVUUtsZFhnWkpTNkxnZ0U2TmFxTmVrckEzZjJYSHJTYmx3aEdUSTN6VlZpSm0xU3krOWR1VFhRWFNvSyt6NnI1OWE5a0VweWd3L0RNUEkzZDcvcC9nUVN0WDhXZkFibERWcDZyekh0YU9McWIrc040TGZwUjVHaVY1QmlwcS9CU2lMWGFNMk54U0Znay9ZczlLSmlDTThaaWw5NVIvb0E9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU+TUlJQzRqQ0NBY29DQ1FDMzN3bnliVDVRWkRBTkJna3Foa2lHOXcwQkFRc0ZBREF5TVFzd0NRWURWUVFHRXdKVgpTekVQTUEwR0ExVUVDZ3dHUW05NGVVaFJNUkl3RUFZRFZRUUREQWxOYjJOcklGTkJUVXd3SUJjTk1qSXdNakk0Ck1qRTBOak00V2hnUE16QXlNVEEzTURFeU1UUTJNemhhTURJeEN6QUpCZ05WQkFZVEFsVkxNUTh3RFFZRFZRUUsKREFaQ2IzaDVTRkV4RWpBUUJnTlZCQU1NQ1Uxdlkyc2dVMEZOVERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUxHZllldHRNc2N0MVQ2dFZVd1R1ZE5KSDVQbmI5R0dua1hpOVp3L2U2eDQ1REQwClJ1Uk9OYkZsSjJUNFJqQUUvdUcrQWpYeFhROG8yU1pmYjkrR2dtQ0h1VEpGTmdIb1oxbkZWWENtYi9IZzhIcGQKNHZPQUdYbmRpeGFSZU9pcTNFSDVYdnBNak1rSjMrOCs5VllNek1aT2prZ1F0QXFPMzZlQUZGZk5LWDdkVGozVgpwd0xrdno2L0tGQ3E4T0F3WStBVWk0ZVptNUo1N0QzMUd6akh3ZmpIOVdUZVgwTXluZG1uTkIxcVY3NXFRUjNiCjIvVzVzR0hSdis5QWFyZ2dKa0YrcHRVa1hvTHRWQTUxd2NmWW02aElMcHRwZGU1RlFDOFJXWTFZcnN3QldBRVoKTmZ5clI0SmVTd2VFbE5IZzROVk9zNFR3R2pPUHdXR3F6VGZnVGxFQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQUFZUmxZZmxTWEFXb1pwRmZ3TmlDUVZFNWQ5elowRFB6TmRXaEF5YlhjVHlNZjB6NW1EZjZGV0JXCjVHeW9pOXUzRU1FRG56TGNKTmt3SkFBYzM5QXBhNEkyL3RtbCtKeTI5ZGs4YlR5WDZtOTNuZ21DZ2RMaDVaYTQKa2h1VTNBTTNMNjNnN1ZleEN1Tzdrd2tqaC8rTHFkY0lYc1ZHTzZYRGZ1MlFPczFYcGU5ekl6THB3bS9STlllWApVamJTajVjZS9qZWtwQXc3cXlWVkw0eE95aDhBdFVXMWVrM3dJdzFNSnZFZ0VQdDBkMTZvc2hXSnBvUzFPVDhMCnIvMjJTdllFbzNFbVNHZFRWR2drM3gzcytBMHFXQXFUY3lqcjdRNHMvR0tZUkZmb21Hd3owVFo0SXcxWk45OU0KbTBlbzJVU2xTUlRWbDdRSFJUdWl1U1RoSHBMS1FRPT08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48c2FtbDpTdWJqZWN0IHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+amFja3NvbkBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fOWNlNzRjZDdlNzdiZGU0ODQ5NTgyNWYzYTAxOThkZDVkOTI2NDVkMiIgTm90T25PckFmdGVyPSIyMDI0LTAzLTE5VDE0OjU0OjMwLjQyMFoiIFJlY2lwaWVudD0iaHR0cDovL2xvY2FsaG9zdDo4MDAwLz9hY3MiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNC0wMy0xOVQxNDo0NDozMC40MjBaIiBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDMtMTlUMTQ6NTQ6MzAuNDIwWiIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwOi8vbG9jYWxob3N0OjUwMDAvbWV0YWRhdGEvPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyNC0wMy0xOVQxNDo0OTozMC40MjBaIiBTZXNzaW9uSW5kZXg9Ik9ORUxPR0lOXzljZTc0Y2Q3ZTc3YmRlNDg0OTU4MjVmM2EwMTk4ZGQ1ZDkyNjQ1ZDIiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5zcG9ydDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjFkZGE5ZmI0OTFkYzAxYmQyNGQyNDIzYmEyZjIyYWU1NjFmNTZkZGYyMzc2YjI5YTExYzgwMjgxZDIxMjAxZjk8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZW1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+amFja3NvbkBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJmaXJzdE5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+amFja3Nvbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJsYXN0TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5qYWNrc29uPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+"
return {
"post_data": {"SAMLResponse": password},
}


def authenticate(username, password):
# Validates the assertion using the SAML authentication protocol and authorizes the user
# with the proper role
# Change logic in order to determine the user's respective role
request = prepare_request(password)
auth = init_saml_auth(request)

auth.process_response(request_id=None)
errors = auth.get_errors()

if not auth.is_authenticated():
return {"authenticated": False, "role": ""}

attrs = auth.get_attributes()

return {"authenticated": True, "role": "moderator"}


if __name__ == "__main__":
# Part specific to Memgraph's communication with the auth module
input_stream = io.FileIO(1000, mode="r")
output_stream = io.FileIO(1001, mode="w")
while True:
params = json.loads(input_stream.readline().decode("ascii"))
ret = authenticate(**params)
output_stream.write((json.dumps(ret) + "\n").encode("ascii"))
30 changes: 30 additions & 0 deletions src/auth/reference_modules/saml/settings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"strict": false,
"debug": true,
"sp": {
"entityId": "http://localhost:5000/metadata/",
"assertionConsumerService": {
"url": "http://localhost:8000/?acs",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
},
"singleLogoutService": {
"url": "http://localhost:5000/?sls",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"x509cert": "",
"privateKey": ""
},
"idp": {
"entityId": "https://saml.example.com/entityid",
"singleSignOnService": {
"url": "https://mocksaml.com/api/saml/sso",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"singleLogoutService": {
"url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
"x509cert": "MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJVSzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQKDAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3VpwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZNfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeXUjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8Lr/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99Mm0eo2USlSRTVl7QHRTuiuSThHpLKQQ=="
}
}