set SSL certificate verification enablement (#2062)

* ssl verification enablement for SSO * add hint
Open-MSS · Oct 19, 2023 · 3d328f9 · 3d328f9
1 parent ef326c2
commit 3d328f9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/mslib/mscolab/conf.py b/mslib/mscolab/conf.py
@@ -117,6 +117,9 @@ class default_mscolab_settings:
     # enable login by identity provider
     USE_SAML2 = False
 
+    # SSL certificates verification during SSO.
+    VERIFY_SSL_CERT = True
+
     # dir where mscolab single sign process files are stored
     MSCOLAB_SSO_DIR = os.path.join(DATA_DIR, 'datasso')
 
@@ -175,6 +178,7 @@ class setup_saml2_backend:
                                            Ignore this warning when you initializeing metadata.")
 
                         localhost_test_idp = SPConfig().load(yaml_data["config"]["localhost_test_idp"])
+                        localhost_test_idp.verify_ssl_cert = mscolab_settings.VERIFY_SSL_CERT
                         sp_localhost_test_idp = Saml2Client(localhost_test_idp)
 
                         configured_idp['idp_data']['saml2client'] = sp_localhost_test_idp
@@ -190,7 +194,8 @@ class setup_saml2_backend:
                                        valid CRTs metadata and try again.")
                         sys.exit()
 
-                    # if multiple IdPs exists, development should need to implement accordingly below
+                    # if multiple IdPs exists, development should need to implement accordingly below,
+                    # make sure to set SSL certificates verification enablement.
                     """
                         if 'idp_2'== configured_idp['idp_identity_name']:
                             # rest of code

diff --git a/mslib/mscolab/mscolab.py b/mslib/mscolab/mscolab.py
@@ -144,6 +144,7 @@ def handle_mscolab_backend_yaml_init():
     description: "MSS Collaboration Server with Testing IDP(localhost)"
     key_file: path/to/key_sp.key # Will be set from the mscolab server
     cert_file: path/to/crt_sp.crt # Will be set from the mscolab server
+    verify_ssl_cert: true # Specifies if the SSL certificates should be verified.
     organization: {display_name: Open-MSS, name: Mission Support System, url: 'https://open-mss.github.io/about/'}
     contact_person:
     - {contact_type: technical, email_address: [email protected], given_name: Technical}