-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
set SSL certificate verification enablement #2062
set SSL certificate verification enablement #2062
Conversation
@@ -155,6 +158,7 @@ class setup_saml2_backend: | |||
Ignore this warning when you initializeing metadata.") | |||
|
|||
localhost_test_idp = SPConfig().load(yaml_data["config"]["localhost_test_idp"]) | |||
localhost_test_idp.verify_ssl_cert = mscolab_settings.VERIFY_SSL_CERT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unfortuneantly the default is False on the library itselfs. In this solution the config var will only be set on the test_idp, which won't used. Otheres could understand the variable, that this is the only thing to do to have a vlaidated certificat in use.
Please also add a hint on this in the # if multiple IdPs exists,
sections so it is seen, a user has to take care.
Or is there an other option to pass this value, so that we only have one place to change the constant?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure about the possibility of adding a single value since we are passing the SAML2Client through the dict, and idp_identity_name
also be defined by the user when configuring multiple IdPs.. hint added.
3d328f9
into
Open-MSS:GSOC2023-NilupulManodya
* remove inputs from conditions (#1808) * Setup sp and idp for the sso (#1809) * configure sp and idp * update meta.yml remove cherypy * fixes previous * update notice * update readme * regroup idp_uwsgi * regroup app.py * regroup, change wsgi server to flask * Update conf_sp_idp/README.md Co-authored-by: Matthias Riße <[email protected]> * hide secrets by config * update copy-paste-able command for creating keys and certificates * Update README.md * correct copyright lines * remove make_metadata.py file and update doc with new flow * remove idp.xml file * remove condition libxmlsec1 * Update conf_sp_idp/sp/app/conf.py Co-authored-by: Matthias Riße <[email protected]> * Update conf_sp_idp/idp/idp.py Co-authored-by: Matthias Riße <[email protected]> * remove generate_metadatascript * remove hardcoded path * recorrect copyrights --------- Co-authored-by: Matthias Riße <[email protected]> * Split conf sp idp (#1811) * split sp and idp * generate doc * remove prints idp.py * update comeponents.rst * UI changes in Qt for SSO (#1813) * ui changes in qt for sso * fixes qt UI implementation * get idp_enabled response from server * update tests for test_hello * update test utils * Update mslib/msui/mscolab.py Co-authored-by: Matthias Riße <[email protected]> * fix typo * move downed idp_enabled exception * increase height ui_mscolab_connect_dialog * resolve comments --------- Co-authored-by: Matthias Riße <[email protected]> * web browser implementation (#1814) * web browser implementation * update gitgnore * resolve comments * update docstring * Configure mscolab for sso (#1818) * db modeling * add users into id[ * backend yaml implementation * set server conf * config server for sso * qt ui implmentation * backend html templates implementation * update testcases * config qt client app * update gitignore * set yaml endpoints * update docs * update test utill, and fix error * fix test utils * remove disabled pylint * add libxmlsec1 into dep * set IDP ENabled false * Update mslib/mscolab/server.py Co-authored-by: Matthias Riße <[email protected]> * recorrect commit * update db modeling with authentication_backend for multiple idps * update conf for the multiple idps * template implementation * msui update redirect url for multiple idps * saml update for multiple idps * update mscolab server for multiple idps * update doc for multiple idps * automate CERTs generation and paths * update doc * correct typo in doc * update doc * fix typos update gitignore * fix config idp_conf * update gitignore * set one time token access * add params for cert creation * set idp token for one time validation * fix unnnescessary debug * remove duplicate imports * Update mslib/mscolab/mscolab.py Co-authored-by: Matthias Riße <[email protected]> * automate saml yaml file and improve error handling * rename IDP_ENABLED to USE_SAML2 * update error template * update doc * add todo idp_wsgi * update db models * recorrect doc * add todo refactors --------- Co-authored-by: Matthias Riße <[email protected]> * To do fixes #1818 (#1974) * remove global var * remove idp.subjects file dirs * remove relaystste, rndstr and use secrets * remove shell=True * correct typos * fix group order * enable flake8 for GSOC2023-NilupulManodya * fix lint * fix lint * fixes comments * resolve comments * fix comments * update doc * improve code for multiple Idps * conf routes for multiple conf * remove uncessary .yaml * update cmd metadata * update conf * update saml handler for multiple idps * pinning of xmlschema * pin werkzeug * disable pytests for todo refactor * disbale whole file gsoc_testing * fix conf * resolve comments * resolve comments * manual conflict resolve ui_mscolab_connect_dialog.ui file * resolve flake8 * set SSL certificate verification enablement (#2062) * ssl verification enablement for SSO * add hint * Remove testing SP (#2066) * remove testing sp * remove documentation auth_client_sp * Create documentation for SSO integration through SAML (#2064) * create documentation sso integration * added into makefile components * change dir images * resolve comments, add sample files * resolve comments * change cookies dir of web browser (#2063) * change cookies dir of web browser * Update mslib/msui/msui_web_browser.py Co-authored-by: Matthias Riße <[email protected]> --------- Co-authored-by: Matthias Riße <[email protected]> * improve accessibility saml2 urls (#2068) * improve accessibility saml2 urls * resolve comments --------- Co-authored-by: Nilupul Manodya <[email protected]> Co-authored-by: Matthias Riße <[email protected]> Co-authored-by: Matthias Riße <[email protected]> Co-authored-by: nilupulmanodya <[email protected]>
Purpose of PR?:
Fixes #
set SSL certificate verification enablement. based on the discussion (https://mss-devel.slack.com/archives/C04VCNH81MJ/p1696760025937339)
Does this PR introduce a breaking change?
If the changes in this PR are manually verified, list down the scenarios covered::
Additional information for reviewer? :
Mention if this PR is part of any design or a continuation of previous PRs
Does this PR results in some Documentation changes?
If yes, include the list of Documentation changes
Checklist:
<type>: <subject>