site_cubicweb.py 3.23 KB
Newer Older
1
# copyright 2019-2022 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
Aurelien Lubert's avatar
Aurelien Lubert committed
2
3
4
5
6
7
8
9
10
11
12
13
# contact http://www.logilab.fr -- mailto:contact@logilab.fr
#
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU Lesser General Public License as published by the Free
# Software Foundation, either version 2.1 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
14
15
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
Aurelien Lubert's avatar
Aurelien Lubert committed
16
17

options = (
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
    ('saml-allow-unsolicited', {
        'type': 'yn',
        'default': True,
        'help': "Don't verify that the incoming requests originate from us "
                "via the built-in cache for authn request ids in pysaml2",
        'group': 'saml',
        'level': 5,
    }),
    ('saml-authn-requests-signed', {
        'type': 'yn',
        'default': False,
        'help': "Indicates if the Authentication Requests sent by this SP "
                "should be signed by default.",
        'group': 'saml',
        'level': 5,
    }),
    ('saml-logout-requests-signed', {
        'type': 'yn',
        'default': True,
        'help': "Indicates if this entity will sign the Logout Requests "
                "originated from it.",
        'group': 'saml',
        'level': 5,
    }),
    ('saml-want-assertions-signed', {
        'type': 'yn',
        'default': True,
        'help': "Indicates if this SP wants the IdP to send the assertions "
                "signed. This sets the WantAssertionsSigned attribute of the "
                "SPSSODescriptor node of the metadata so the IdP will know "
                "this SP preference.",
        'group': 'saml',
        'level': 5,
    }),
    ('saml-want-response-signed', {
        'type': 'yn',
        'default': False,
        'help': "Indicates that Authentication Responses to this SP must be "
                "signed. If set to True, the SP will not consume any SAML "
                "Responses that are not signed.",
Aurelien Lubert's avatar
Aurelien Lubert committed
58
59
60
        'group': 'saml',
        'level': 5,
    }),
61
62
63
    ('saml-register-unknown-user', {
        'type': 'yn',
        'default': False,
Nicola Spanti's avatar
Nicola Spanti committed
64
        'help': "Allow to register a new user if this one does not exist in "
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
                "current database.",
        'group': 'saml',
        'level': 5,
    }),
    ('saml-register-default-group', {
        'type': 'string',
        'default': 'guests',
        'help': "Set the default group to register new user if the "
                "saml-register-unknown-user option was activated.",
        'group': 'saml',
        'level': 5,
    }),
    ('saml-register-default-password', {
        'type': 'string',
        'default': 'empty',
        'help': "Set the default password system to use if the "
                "saml-register-unknown-user option was activated. Available "
                "modes: empty (no password), random (set a randomize password "
Aurelien Lubert's avatar
Aurelien Lubert committed
83
                "based on hashed string).",
84
85
86
        'group': 'saml',
        'level': 5,
    }),
Aurelien Lubert's avatar
Aurelien Lubert committed
87
)