diff --git a/mslib/mscolab/conf.py b/mslib/mscolab/conf.py index c0ba8ad58..998afa4d8 100644 --- a/mslib/mscolab/conf.py +++ b/mslib/mscolab/conf.py @@ -117,6 +117,9 @@ class default_mscolab_settings: # enable login by identity provider USE_SAML2 = False + # SSL certificates verification during SSO. + VERIFY_SSL_CERT = True + # dir where mscolab single sign process files are stored MSCOLAB_SSO_DIR = os.path.join(DATA_DIR, 'datasso') @@ -175,6 +178,7 @@ class setup_saml2_backend: Ignore this warning when you initializeing metadata.") localhost_test_idp = SPConfig().load(yaml_data["config"]["localhost_test_idp"]) + localhost_test_idp.verify_ssl_cert = mscolab_settings.VERIFY_SSL_CERT sp_localhost_test_idp = Saml2Client(localhost_test_idp) configured_idp['idp_data']['saml2client'] = sp_localhost_test_idp @@ -190,7 +194,8 @@ class setup_saml2_backend: valid CRTs metadata and try again.") sys.exit() - # if multiple IdPs exists, development should need to implement accordingly below + # if multiple IdPs exists, development should need to implement accordingly below, + # make sure to set SSL certificates verification enablement. """ if 'idp_2'== configured_idp['idp_identity_name']: # rest of code diff --git a/mslib/mscolab/mscolab.py b/mslib/mscolab/mscolab.py index 3a77791bd..c96579034 100644 --- a/mslib/mscolab/mscolab.py +++ b/mslib/mscolab/mscolab.py @@ -144,6 +144,7 @@ def handle_mscolab_backend_yaml_init(): description: "MSS Collaboration Server with Testing IDP(localhost)" key_file: path/to/key_sp.key # Will be set from the mscolab server cert_file: path/to/crt_sp.crt # Will be set from the mscolab server + verify_ssl_cert: true # Specifies if the SSL certificates should be verified. organization: {display_name: Open-MSS, name: Mission Support System, url: 'https://open-mss.github.io/about/'} contact_person: - {contact_type: technical, email_address: technical@example.com, given_name: Technical}