def get_saml2_config():
config = saml2.config.Config()
saml_settings = {
'metadata': {
'remote': [{
'url': current_app.config['SAML2_METADATA_URL'],
}]
},
'entityid': absolute_url(),
'service': {
'sp': {
'endpoints': {
'assertion_consumer_service': [
(absolute_url('/auth/saml'), saml2.BINDING_HTTP_POST)
]
},
'allow_unsolicited': True,
'authn_requests_signed': False,
'want_assertions_signed': True,
'want_response_signed': False
}
}
}
if current_app.config['SAML2_ENTITY_ID']:
saml_settings['entityid'] = current_app.config['SAML2_ENTITY_ID']
if current_app.config['SAML2_CONFIG'].get('metadata'):
saml_settings['metadata'] = current_app.config['SAML2_CONFIG']['metadata']
merge(saml_settings, current_app.config['SAML2_CONFIG']) # allow settings override
config.load(saml_settings)
config.allow_unknown_attributes = True
return config
def __init__(self,
endpoint,
key=None,
secret=None,
token=None,
username=None,
password=None,
timeout=30.0,
ssl_verify=True,
headers=None,
debug=False):
self.endpoint = endpoint
self.auth = None
if username:
self.auth = HTTPBasicAuth(username, password)
elif secret:
self.auth = HawkAuth(id=key, key=secret) # HMAC
elif key:
self.auth = ApiKeyAuth(api_key=key)
elif token:
self.auth = TokenAuth(token)
self.timeout = timeout
self.session = requests.Session()
self.session.verify = ssl_verify # or use REQUESTS_CA_BUNDLE env var
self.headers = headers or dict()
merge(self.headers, self.default_headers())
self.debug = debug
def update_user_attributes(self, id, old_attrs, new_attrs):
from alerta.utils.collections import merge
merge(old_attrs, new_attrs)
attrs = {k: v for k, v in old_attrs.items() if v is not None}
update = """
UPDATE users
SET attributes=%(attrs)s, update_time=NOW() at time zone 'utc'
WHERE id=%(id)s
RETURNING id
"""
return bool(self._updateone(update, {'id': id, 'attrs': attrs}, returning=True))
