RhodeCode Free Hosting
-
- This repo
- ?
- Home
- Public journal
- Gists
- Sign in
'; } else if (searchSubType !== undefined && searchSubType == 'repo_group') { valueDisplay += '
repo group
'; } } // repository else if (searchType === 'repo') { var repoIcon = getRepoIcon(data['repo_type']); icon += repoIcon; if (data['private']) { icon += ' '; } else if (visualShowPublicIcon) { icon += ' '; } } // repository groups else if (searchType === 'repo_group') { icon += ' '; } // user group else if (searchType === 'user_group') { icon += ' '; } // user else if (searchType === 'user') { icon += '
'.format(data['icon_link']); } // pull request else if (searchType === 'pull_request') { icon += ' '; } // commit else if (searchType === 'commit') { var repo_data = data['repo_data']; var repoIcon = getRepoIcon(repo_data['repository_type']); if (repoIcon) { icon += repoIcon; } else { icon += ''; } } // file else if (searchType === 'file') { var repo_data = data['repo_data']; var repoIcon = getRepoIcon(repo_data['repository_type']); if (repoIcon) { icon += repoIcon; } else { icon += ''; } } // generic text else if (searchType === 'text') { icon = ''; } var tmpl = '
{0}{1}
'; return tmpl.format(icon, valueDisplay); }; var handleSelect = function(element, suggestion) { if (suggestion.type === "hint") { // we skip action $('#main_filter').focus(); } else if (suggestion.type === "text") { // we skip action $('#main_filter').focus(); } else { window.location = suggestion['url']; } }; var autocompleteMainFilterResult = function (suggestion, originalQuery, queryLowerCase) { if (queryLowerCase.split(':').length === 2) { queryLowerCase = queryLowerCase.split(':')[1] } if (suggestion.type === "text") { // special case we don't want to "skip" display for return true } return suggestion.value_display.toLowerCase().indexOf(queryLowerCase) !== -1; }; var cleanContext = { repo_view_type: null, repo_id: null, repo_name: "", repo_group_id: null, repo_group_name: null }; var removeGoToFilter = function () { $('.searchTagHidable').hide(); $('#main_filter').autocomplete( 'setOptions', {params:{search_context: cleanContext}}); }; $('#main_filter').autocomplete({ serviceUrl: pyroutes.url('goto_switcher_data'), params: { "search_context": templateContext.search_context }, minChars:2, maxHeight:400, deferRequestBy: 300, //miliseconds tabDisabled: true, autoSelectFirst: false, containerClass: 'autocomplete-qfilter-suggestions', formatResult: autocompleteMainFilterFormatResult, lookupFilter: autocompleteMainFilterResult, onSelect: function (element, suggestion) { handleSelect(element, suggestion); return false; }, onSearchError: function (element, query, jqXHR, textStatus, errorThrown) { if (jqXHR !== 'abort') { var message = formatErrorMessage(jqXHR, textStatus, errorThrown); SwalNoAnimation.fire({ icon: 'error', title: _gettext('Error during search operation'), html: '{0}'.format(message), }).then(function(result) { window.location.reload(); }) } }, onSearchStart: function (params) { $('.searchTag.searchTagIcon').html('') }, onSearchComplete: function (query, suggestions) { $('.searchTag.searchTagIcon').html('') }, }); showMainFilterBox = function () { $('#main_filter_help').toggle(); }; $('#main_filter').on('keydown.autocomplete', function (e) { var BACKSPACE = 8; var el = $(e.currentTarget); if(e.which === BACKSPACE){ var inputVal = el.val(); if (inputVal === ""){ removeGoToFilter() } } }); var dismissNotice = function(noticeId) { var url = pyroutes.url('user_notice_dismiss', {"user_id": templateContext.rhodecode_user.user_id}); var postData = { 'csrf_token': CSRF_TOKEN, 'notice_id': noticeId, }; var success = function(response) { $('#notice-message-' + noticeId).remove(); return false; }; var failure = function(data, textStatus, xhr) { alert("error processing request: " + textStatus); return false; }; ajaxPOST(url, postData, success, failure); } var hideLicenseWarning = function () { var fingerprint = templateContext.session_attrs.license_fingerprint; storeUserSessionAttr('rc_user_session_attr.hide_license_warning', fingerprint); $('#notifications').hide(); } var hideLicenseError = function () { var fingerprint = templateContext.session_attrs.license_fingerprint; storeUserSessionAttr('rc_user_session_attr.hide_license_error', fingerprint); $('#notifications').hide(); }
metrics: remove bootstrap timing, as its not usefull at all....
metrics: remove bootstrap timing, as its not usefull at all.Counter resets on each start we don't get any good metrics out of that
| marcink - - Load All Authors |
File last commit:
r3290:ac4e4e5a default
r4813:5072ed70 default
Show More
Download file
auth-saml-onelogin.rst
105 lines | 4.2 KiB | text/x-rst | RstLexer
/ docs / auth / auth-saml-onelogin.rst
History | Annotation | Raw |Copy content |Copy permalink
This plugin is available only in EE Edition.
|RCE| supports SAML 2.0 Authentication with OneLogin provider. This allowsusers to log-in to RhodeCode via SSO mechanism of external identity providersuch as OneLogin. The login can be triggered either by the external IDP, or internallyby clicking specific authentication button on the log-in page.
To configure OneLogin SAML authentication, use the following steps:
- From the |RCE| interface, select:menuselection:`Admin --> Authentication`
- Activate the OneLogin plugin and select :guilabel:`Save`
- Go to newly available menu option called OneLogin on the left side.
- Check the enabled check box in the plugin configuration section,and fill in the required SAML information and :guilabel:`Save`, for more details,see :ref:`config-saml-onelogin`
Example configuration for SAML 2.0 with OneLogin provider:
*option*: `enabled` => `True`# Enable or disable this authentication plugin.*option*: `cache_ttl` => `0`# Amount of seconds to cache the authentication and permissions check response call for this plugin.# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).*option*: `debug` => `True`# Enable or disable debug mode that shows SAML errors in the RhodeCode logs.*option*: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`# Identity Provider entity/metadata URI.# E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id>*option*: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx`# SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login# E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>*option*: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx`# SLO (SingleLogout) endpoint URL of the IdP.# E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>*option*: `x509cert` => `<CERTIFICATE_STRING>`# Identity provider public x509 certificate. It will be converted to single-line format without headers*option*: `name_id_format` => `sha-1`# The format that specifies how the NameID is sent to the service provider.*option*: `signature_algo` => `sha-256`# Type of Algorithm to use for verification of SAML signature on Identity provider side*option*: `digest_algo` => `sha-256`# Type of Algorithm to use for verification of SAML digest on Identity provider side*option*: `cert_dir` => `/etc/saml/`# Optional directory to store service provider certificate and private keys.# Expected certs for the SP should be stored in this folder as:# * sp.key Private Key# * sp.crt Public cert# * sp_new.crt Future Public cert## Also you can use other cert to sign the metadata of the SP using the:# * metadata.key# * metadata.crt*option*: `user_id_attribute` => `PersonImmutableID`# User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.# Ensure this is returned from OneLogin for example via Internal ID*option*: `username_attribute` => `User.username`# Username Attribute name. This defines which attribute in SAML response will map to an username.*option*: `email_attribute` => `User.email`# Email Attribute name. This defines which attribute in SAML response will map to an email address.
Below is example setup that can be used with OneLogin SAML authentication that can be used with above config..
Below is an example attribute mapping set for IDP provider required by the above config.
'.format(_gettext('Loading ...'))); $.pjax({ url: url, container: '#file_history_container', push: false, timeout: 5000 }).complete(function () { tooltipActivate(); }); }); }; var initTreeJS = function () { var state = getFileState(); getFilesMetadata(); // fuzzy file filter fileBrowserListeners(state.node_list_url, state.url_base); // switch to widget var initialCommitData = { at_ref: atRef, id: null, text: '5072ed70d286dbfb940b39e65bc08645cd956e8d', type: 'sha', raw_id: '5072ed70d286dbfb940b39e65bc08645cd956e8d', idx: 4813, files_url: null, }; // check if we have ref info. var selectedRef = fileTreeRefs[atRef]; if (selectedRef !== undefined) { $.extend(initialCommitData, selectedRef) } var loadUrl = pyroutes.url('repo_refs_data', {'repo_name': templateContext.repo_name}); var cacheKey = '__ALL_FILE_REFS__'; var cachedDataSource = {}; var loadRefsData = function (query) { $.ajax({ url: loadUrl, data: {}, dataType: 'json', type: 'GET', success: function (data) { cachedDataSource[cacheKey] = data; query.callback({results: data.results}); } }); }; var feedRefsData = function (query, cachedData) { var data = {results: []}; //filter results $.each(cachedData.results, function () { var section = this.text; var children = []; $.each(this.children, function () { if (query.term.length === 0 || this.text.toUpperCase().indexOf(query.term.toUpperCase()) >= 0) { children.push(this) } }); data.results.push({ 'text': section, 'children': children }) }); //push the typed in commit idx if (!isNaN(query.term)) { var files_url = pyroutes.url('repo_files', {'repo_name': templateContext.repo_name, 'commit_id': query.term, 'f_path': state.f_path}); data.results.push({ 'text': _gettext('go to numeric commit'), 'children': [{ at_ref: null, id: null, text: 'r{0}'.format(query.term), type: 'sha', raw_id: query.term, idx: query.term, files_url: files_url, }] }); } query.callback(data); }; var select2RefFileSwitcher = function (targetElement, loadUrl, initialData) { var formatResult = function (result, container, query) { return formatSelect2SelectionRefs(result); }; var formatSelection = function (data, container) { var commit_ref = data; var tmpl = ''; if (commit_ref.type === 'sha') { tmpl = (commit_ref.raw_id || "").substr(0,8); } else if (commit_ref.type === 'branch') { tmpl = tmpl.concat(' '); tmpl = tmpl.concat(escapeHtml(commit_ref.text)); } else if (commit_ref.type === 'tag') { tmpl = tmpl.concat(' '); tmpl = tmpl.concat(escapeHtml(commit_ref.text)); } else if (commit_ref.type === 'book') { tmpl = tmpl.concat(' '); tmpl = tmpl.concat(escapeHtml(commit_ref.text)); } var idx = commit_ref.idx || 0; if (idx !== 0) { tmpl = tmpl.concat('r{0}'.format(idx)); } return tmpl }; $(targetElement).select2({ dropdownAutoWidth: true, width: "resolve", containerCssClass: "drop-menu", dropdownCssClass: "drop-menu-dropdown", query: function(query) { var cachedData = cachedDataSource[cacheKey]; if (cachedData) { feedRefsData(query, cachedData) } else { loadRefsData(query) } }, initSelection: function(element, callback) { callback(initialData); }, formatResult: formatResult, formatSelection: formatSelection }); }; select2RefFileSwitcher('#refs_filter', loadUrl, initialCommitData); // switcher for file tree $('#refs_filter').on('change', function(e) { var data = $('#refs_filter').select2('data'); window.location = data.files_url }); }; $(document).ready(function() { timeagoActivate(); tooltipActivate(); if ($('#trimmed_message_box').height() < 50) { $('#message_expand').hide(); } $('#message_expand').on('click', function(e) { $('#trimmed_message_box').css('max-height', 'none'); $(this).hide(); }); if (fileSourcePage) { initFileJS() } else { initTreeJS() } var search_GET = ""; if (search_GET === "1") { NodeFilter.initFilter(); NodeFilter.focus(); } });
