Follow-up #2741: Authenticate users via SAML. Missing setting for new systems.

2019-09-18 10:07:46 +02:00 · 2019-09-18 10:07:46 +02:00 · dfb2b1bc8a
commit dfb2b1bc8a
parent ba2afc0c16
1 changed files with 72 additions and 0 deletions
--- a/db/seeds/settings.rb
+++ b/db/seeds/settings.rb
@ -1658,6 +1658,78 @@ Setting.create_if_not_exists(
  },
  frontend:    false
 )
+Setting.create_if_not_exists(
+  title:       'Authentication via %s',
+  name:        'auth_saml',
+  area:        'Security::ThirdPartyAuthentication',
+  description: 'Enables user authentication via %s.',
+  options:     {
+    form: [
+      {
+        display: '',
+        null:    true,
+        name:    'auth_saml',
+        tag:     'boolean',
+        options: {
+          true  => 'yes',
+          false => 'no',
+        },
+      },
+    ],
+  },
+  preferences: {
+    controller:       'SettingsAreaSwitch',
+    sub:              ['auth_saml_credentials'],
+    title_i18n:       ['SAML'],
+    description_i18n: ['SAML'],
+    permission:       ['admin.security'],
+  },
+  state:       false,
+  frontend:    true
+)
+Setting.create_if_not_exists(
+  title:       'SAML App Credentials',
+  name:        'auth_saml_credentials',
+  area:        'Security::ThirdPartyAuthentication::SAML',
+  description: 'Enables user authentication via SAML.',
+  options:     {
+    form: [
+      {
+        display:     'IDP SSO target URL',
+        null:        true,
+        name:        'idp_sso_target_url',
+        tag:         'input',
+        placeholder: 'https://capriza.github.io/samling/samling.html',
+      },
+      {
+        display:     'IDP certificate',
+        null:        true,
+        name:        'idp_cert',
+        tag:         'input',
+        placeholder: '-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----',
+      },
+      {
+        display:     'IDP certificate fingerprint',
+        null:        true,
+        name:        'idp_cert_fingerprint',
+        tag:         'input',
+        placeholder: 'E7:91:B2:E1:...',
+      },
+      {
+        display:     'Name Identifier Format',
+        null:        true,
+        name:        'name_identifier_format',
+        tag:         'input',
+        placeholder: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+      },
+    ],
+  },
+  state:       {},
+  preferences: {
+    permission: ['admin.security'],
+  },
+  frontend:    false
+)

 Setting.create_if_not_exists(
  title:       'Minimum length',