From b1e6264ac08c1affc6bb899e50a29e9997c8287f Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Thu, 29 Jun 2017 16:33:34 -0400 Subject: [PATCH] SAML configuration changes based on feedback from field. 1. Default SOCIAL_AUTH_SAML_SP_ENTITY_ID to the Tower hostname/base URL. 2. Refer to the callback URL as the Assertion Consumer Service, per common SAML notation. --- awx/sso/conf.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/awx/sso/conf.py b/awx/sso/conf.py index f682f429b3..ed125b1836 100644 --- a/awx/sso/conf.py +++ b/awx/sso/conf.py @@ -890,16 +890,18 @@ register( def get_saml_metadata_url(): return urlparse.urljoin(settings.TOWER_URL_BASE, reverse('sso:saml_metadata')) +def get_saml_entity_id(): + return settings.TOWER_URL_BASE register( 'SOCIAL_AUTH_SAML_CALLBACK_URL', field_class=fields.CharField, read_only=True, default=SocialAuthCallbackURL('saml'), - label=_('SAML Service Provider Callback URL'), + label=_('SAML Assertion Consumer Service (ACS) URL'), help_text=_('Register Tower as a service provider (SP) with each identity ' 'provider (IdP) you have configured. Provide your SP Entity ID ' - 'and this callback URL for your application.'), + 'and this ACS URL for your application.'), category=_('SAML'), category_slug='saml', depends_on=['TOWER_URL_BASE'], @@ -923,13 +925,15 @@ register( 'SOCIAL_AUTH_SAML_SP_ENTITY_ID', field_class=fields.CharField, allow_blank=True, - default='', + default=get_saml_entity_id, label=_('SAML Service Provider Entity ID'), help_text=_('The application-defined unique identifier used as the ' - 'audience of the SAML service provider (SP) configuration.'), + 'audience of the SAML service provider (SP) configuration. ' + 'This is usually the URL for Tower.'), category=_('SAML'), category_slug='saml', feature_required='enterprise_auth', + depends_on=['TOWER_URL_BASE'], ) register(