Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

auth: Tweak docs now that SAML supports multiple IdPs.

This commit is contained in:
Tim Abbott 2019-10-28 15:21:49 -07:00
parent 9d14b50186
commit 7a66dfa133
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/production/authentication-methods.md
View File

@ -57,11 +57,11 @@ configure it as follows:
`/home/zulip/deployments/current/scripts/setup/get-django-setting `/home/zulip/deployments/current/scripts/setup/get-django-setting
SOCIAL_AUTH_SAML_SP_ENTITY_ID` to get the computed value. SOCIAL_AUTH_SAML_SP_ENTITY_ID` to get the computed value.
2. Tell Zulip how to connect to your SAML provider server by filling 2. Tell Zulip how to connect to your SAML provider(s) by filling
out the section of `/etc/zulip/settings.py` on your Zulip server out the section of `/etc/zulip/settings.py` on your Zulip server
with the heading "SAML Authentication". with the heading "SAML Authentication".
* You will need to update `SOCIAL_AUTH_SAML_ORG_INFO` with your * You will need to update `SOCIAL_AUTH_SAML_ORG_INFO` with your
organization name (`displayname` may appear in the SAML organization name (`displayname` may appear in the IdP's
authentication flow; `name` won't be displayed to humans). authentication flow; `name` won't be displayed to humans).
* Fill out `SOCIAL_AUTH_SAML_ENABLED_IDPS` with data provided by * Fill out `SOCIAL_AUTH_SAML_ENABLED_IDPS` with data provided by
your identity provider. You may find [the python-social-auth your identity provider. You may find [the python-social-auth
@ -71,8 +71,8 @@ configure it as follows:
metadata and enter them on the right-hand side of this metadata and enter them on the right-hand side of this
Python dictionary: Python dictionary:
1. Set the outer `idp_name` key to be an identifier for your IdP, 1. Set the outer `idp_name` key to be an identifier for your IdP,
e.g. `testshib` or `okta`. This field may be used later if e.g. `testshib` or `okta`. This field appears in URLs for
Zulip adds support for declaring multiple IdPs here. parts of your Zulip server's SAML authentication flow.
2. The IdP should provide the `url` and `entity_id` values. 2. The IdP should provide the `url` and `entity_id` values.
3. Save the `x509cert` value to a file; you'll use it in the 3. Save the `x509cert` value to a file; you'll use it in the
instructions below. instructions below.
@ -82,6 +82,8 @@ configure it as follows:
"Attribute Mapping" with GSuite). You'll want to connect "Attribute Mapping" with GSuite). You'll want to connect
these so that Zulip gets the email address (used as a unique these so that Zulip gets the email address (used as a unique
user ID) and name for the user. user ID) and name for the user.
5. The `display_name` and `display_logo` fields are used to
display the login/registration buttons for the IdP.
3. Install the certificate(s) required for SAML authentication. You 3. Install the certificate(s) required for SAML authentication. You
will definitely need the public certificate of your IdP. Some IdP will definitely need the public certificate of your IdP. Some IdP

4
zproject/prod_settings_template.py
View File

@ -198,8 +198,8 @@ AUTHENTICATION_BACKENDS = (
# You will need to modify these SAML settings: # You will need to modify these SAML settings:
SOCIAL_AUTH_SAML_ORG_INFO = { SOCIAL_AUTH_SAML_ORG_INFO = {
"en-US": { "en-US": {
"displayname": "Example Inc.", "displayname": "Example, Inc. Zulip",
"name": "example", "name": "zulip",
"url": "%s%s" % ('https://', EXTERNAL_HOST), "url": "%s%s" % ('https://', EXTERNAL_HOST),
} }
} }