WIP

Author: mdellweg

.github/workflows/scripts/before_install.sh

@@ -79,6 +79,11 @@ services:
     image: "docker.io/pulp/pulp-fixtures:latest"
     env:
       BASE_URL: "http://pulp-fixtures:8080"
+  - name: "saml2-idp"
+    image: "ghcr.io/pfrest/mock-saml2-idp:latest"
+    env:
+      SP_ENTITY_ID: "http://pulp"
+      SP_ACS_LOCATION: "http://pulp/saml/acs/"
 VARSYAML
 
 if [ "$TEST" = "s3" ]; then

ci_requirements.txt

@@ -1 +1,2 @@
-
+pulpcore[saml2]
+djangosaml2

pulpcore/app/settings.py

@@ -160,6 +160,13 @@
     "pulpcore.backends.ObjectRolePermissionBackend",
 ]
 
+if True:  # SAML2
+    INSTALLED_APPS.append("djangosaml2")
+    MIDDLEWARE.append("djangosaml2.middleware.SamlSessionMiddleware")
+    AUTHENTICATION_BACKENDS.append("djangosaml2.backends.Saml2Backend")
+    LOGIN_URL = "/saml2/login/"
+    SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+
 ROOT_URLCONF = "pulpcore.app.urls"
 
 TEMPLATES = [

pulpcore/app/urls.py

@@ -245,6 +245,9 @@ class NoSchema(p.callback.cls):
         path("", include("social_django.urls", namespace=settings.SOCIAL_AUTH_URL_NAMESPACE))
     )
 
+if "djangosaml2" in settings.INSTALLED_APPS:
+    urlpatterns.append(path("saml2/", include("djangosaml2.urls", namespace="saml2")))
+
 #: The Pulp Platform v3 API router, which can be used to manually register ViewSets with the API.
 root_router = PulpDefaultRouter()
 

pyproject.toml

@@ -73,6 +73,7 @@ s3 = ["django-storages[boto3]==1.14.6"]
 google = ["django-storages[google]==1.14.6"]
 azure = ["django-storages[azure]==1.14.6"]
 prometheus = ["django-prometheus"]
+saml2 = ["djangosaml2>=1.12.0,<1.13"]
 kafka = [
   # Pinned because project warns "things might (and will) break with every update"
   "cloudevents==1.11.0",