##// END OF EJS Templates
auth: updated saml docs, and re-order info on plugin details for easier setup
super-admin -
r5505:3fc95e3b default
parent child Browse files
Show More
@@ -0,0 +1,159 b''
1 .. _config-saml-azure-ref:
2
3
4 SAML 2.0 with Azure Entra ID
5 ----------------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with Azure Entra ID provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as Azure AD. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure Duo Security SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `Azure Entra ID` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `Azure Entra ID` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-azure`
27
28
29 .. _config-saml-azure:
30
31
32 Example SAML Azure Entra ID configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with Azure Entra ID provider
36
37
38 Enabled
39 `True`:
40
41 .. note::
42 Enable or disable this authentication plugin.
43
44
45 Auth Cache TTL
46 `30`:
47
48 .. note::
49 Amount of seconds to cache the authentication and permissions check response call for this plugin.
50 Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
51
52 Debug
53 `True`:
54
55 .. note::
56 Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
57
58
59 Auth button name
60 `Azure Entra ID`:
61
62 .. note::
63 Alternative authentication display name. E.g AzureAuth, CorporateID etc.
64
65
66 Entity ID
67 `https://sts.windows.net/APP_ID/`:
68
69 .. note::
70 Identity Provider entity/metadata URI. Known as "Microsoft Entra Identifier"
71 E.g. https://sts.windows.net/abcd-c655-dcee-aab7-abcd/
72
73 SSO URL
74 `https://login.microsoftonline.com/APP_ID/saml2`:
75
76 .. note::
77 SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login, Known also as Login URL
78 E.g. https://login.microsoftonline.com/abcd-c655-dcee-aab7-abcd/saml2
79
80 SLO URL
81 `https://login.microsoftonline.com/APP_ID/saml2`:
82
83 .. note::
84 SLO (SingleLogout) endpoint URL of the IdP. , Known also as Logout URL
85 E.g. https://login.microsoftonline.com/abcd-c655-dcee-aab7-abcd/saml2
86
87 x509cert
88 `<CERTIFICATE_STRING>`:
89
90 .. note::
91 Identity provider public x509 certificate. It will be converted to single-line format without headers.
92 Download the raw base64 encoded certificate from the Identity provider and paste it here.
93
94 SAML Signature
95 `sha-256`:
96
97 .. note::
98 Type of Algorithm to use for verification of SAML signature on Identity provider side.
99
100 SAML Digest
101 `sha-256`:
102
103 .. note::
104 Type of Algorithm to use for verification of SAML digest on Identity provider side.
105
106 Service Provider Cert Dir
107 `/etc/rhodecode/conf/saml_ssl/`:
108
109 .. note::
110 Optional directory to store service provider certificate and private keys.
111 Expected certs for the SP should be stored in this folder as:
112 * sp.key Private Key
113 * sp.crt Public cert
114 * sp_new.crt Future Public cert
115
116 Also you can use other cert to sign the metadata of the SP using the:
117 * metadata.key
118 * metadata.crt
119
120 Expected NameID Format
121 `nameid-format:emailAddress`:
122
123 .. note::
124 The format that specifies how the NameID is sent to the service provider.
125
126 User ID Attribute
127 `user.email`:
128
129 .. note::
130 User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
131 Ensure this is returned from DuoSecurity for example via duo_username.
132
133 Username Attribute
134 `user.username`:
135
136 .. note::
137 Username Attribute name. This defines which attribute in SAML response will map to a username.
138
139 Email Attribute
140 `user.email`:
141
142 .. note::
143 Email Attribute name. This defines which attribute in SAML response will map to an email address.
144
145
146
147 Below is example setup from Azure Administration page that can be used with above config.
148
149 .. image:: ../images/saml-azure-service-provider-example.png
150 :alt: Azure SAML setup example
151 :scale: 50 %
152
153
154 Below is an example attribute mapping set for IDP provider required by the above config.
155
156
157 .. image:: ../images/saml-azure-attributes-example.png
158 :alt: Azure SAML setup example
159 :scale: 50 % No newline at end of file
@@ -7,12 +7,27 b' RUN apt-get update \\'
7 curl \
7 curl \
8 zip \
8 zip \
9 graphviz \
9 graphviz \
10 dvipng \
10 imagemagick \
11 imagemagick \
11 make \
12 make \
13 latexmk \
14 texlive-latex-recommended \
15 texlive-latex-extra \
16 texlive-xetex \
17 fonts-freefont-otf \
18 texlive-fonts-recommended \
19 texlive-lang-greek \
20 tex-gyre \
12 && apt-get autoremove \
21 && apt-get autoremove \
13 && apt-get clean \
22 && apt-get clean \
14 && rm -rf /var/lib/apt/lists/*
23 && rm -rf /var/lib/apt/lists/*
15
24
25 RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
26 unzip awscliv2.zip && \
27 ./aws/install && \
28 rm -rf ./aws && \
29 rm awscliv2.zip
30
16 RUN \
31 RUN \
17 python3 -m pip install --no-cache-dir --upgrade pip && \
32 python3 -m pip install --no-cache-dir --upgrade pip && \
18 python3 -m pip install --no-cache-dir Sphinx Pillow
33 python3 -m pip install --no-cache-dir Sphinx Pillow
@@ -13,7 +13,7 b' This method simply enables SAML authenti'
13 From the server RhodeCode Enterprise is running run ishell on the instance which we
13 From the server RhodeCode Enterprise is running run ishell on the instance which we
14 want to apply the SAML migration::
14 want to apply the SAML migration::
15
15
16 rccontrol ishell enterprise-1
16 ./rcstack cli ishell
17
17
18 Follow these steps to enable SAML authentication for multiple users.
18 Follow these steps to enable SAML authentication for multiple users.
19
19
@@ -46,6 +46,8 b' From available options pick only one and'
46
46
47 # for Duo Security
47 # for Duo Security
48 In [2]: from rc_auth_plugins.auth_duo_security import RhodeCodeAuthPlugin
48 In [2]: from rc_auth_plugins.auth_duo_security import RhodeCodeAuthPlugin
49 # for Azure Entra
50 In [2]: from rc_auth_plugins.auth_azure import RhodeCodeAuthPlugin
49 # for OneLogin
51 # for OneLogin
50 In [2]: from rc_auth_plugins.auth_onelogin import RhodeCodeAuthPlugin
52 In [2]: from rc_auth_plugins.auth_onelogin import RhodeCodeAuthPlugin
51 # generic SAML plugin
53 # generic SAML plugin
@@ -62,13 +64,13 b' Enter in the ishell prompt'
62 ...: attrs = saml2user.get(user.user_id)
64 ...: attrs = saml2user.get(user.user_id)
63 ...: provider = RhodeCodeAuthPlugin.uid
65 ...: provider = RhodeCodeAuthPlugin.uid
64 ...: if existing_identity:
66 ...: if existing_identity:
65 ...: print('Identity for user `{}` already exists, skipping'.format(user.username))
67 ...: print(f'Identity for user `{user.username}` already exists, skipping')
66 ...: continue
68 ...: continue
67 ...: if attrs:
69 ...: if attrs:
68 ...: external_id = attrs['id']
70 ...: external_id = attrs['id']
69 ...: new_external_identity = ExternalIdentity()
71 ...: new_external_identity = ExternalIdentity()
70 ...: new_external_identity.external_id = external_id
72 ...: new_external_identity.external_id = external_id
71 ...: new_external_identity.external_username = '{}-saml-{}'.format(user.username, user.user_id)
73 ...: new_external_identity.external_username = f'{user.username}-saml-{user.user_id}'
72 ...: new_external_identity.provider_name = provider
74 ...: new_external_identity.provider_name = provider
73 ...: new_external_identity.local_user_id = user.user_id
75 ...: new_external_identity.local_user_id = user.user_id
74 ...: new_external_identity.access_token = ''
76 ...: new_external_identity.access_token = ''
@@ -76,7 +78,7 b' Enter in the ishell prompt'
76 ...: new_external_identity.alt_token = ''
78 ...: new_external_identity.alt_token = ''
77 ...: Session().add(ex_identity)
79 ...: Session().add(ex_identity)
78 ...: Session().commit()
80 ...: Session().commit()
79 ...: print('Set user `{}` external identity bound to ExternalID:{}'.format(user.username, external_id))
81 ...: print(f'Set user `{user.username}` external identity bound to ExternalID:{external_id}')
80
82
81 .. note::
83 .. note::
82
84
@@ -32,62 +32,116 b' 4. Check the `enabled` check box in the '
32 Example SAML Duo Security configuration
32 Example SAML Duo Security configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
34
35 Example configuration for SAML 2.0 with Duo Security provider::
35 Example configuration for SAML 2.0 with Duo Security provider
36
37
38 Enabled
39 `True`:
36
40
37 *option*: `enabled` => `True`
41 .. note::
38 # Enable or disable this authentication plugin.
42 Enable or disable this authentication plugin.
43
44
45 Auth Cache TTL
46 `30`:
39
47
40 *option*: `cache_ttl` => `0`
48 .. note::
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
49 Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
50 Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
51
52 Debug
53 `True`:
43
54
44 *option*: `debug` => `True`
55 .. note::
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
56 Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
57
58
59 Auth button name
60 `Azure Entra ID`:
46
61
47 *option*: `entity_id` => `http://rc-app.com/dag/saml2/idp/metadata.php`
62 .. note::
48 # Identity Provider entity/metadata URI.
63 Alternative authentication display name. E.g AzureAuth, CorporateID etc.
49 # E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php
64
65
66 Entity ID
67 `https://my-duo-gateway.com/dag/saml2/idp/metadata.php`:
68
69 .. note::
70 Identity Provider entity/metadata URI.
71 E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php
72
73 SSO URL
74 `https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id>`:
50
75
51 *option*: `sso_service_url` => `http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=http://rc.local.pl/_admin/auth/duosecurity/saml-metadata`
76 .. note::
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
77 SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login, Known also as Login URL
53 # E.g. https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id>
78 E.g. http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=https://docker-dev/_admin/auth/duosecurity/saml-metadata
79
80 SLO URL
81 `https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=<return_url>`:
54
82
55 *option*: `slo_service_url` => `http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://rc-app.com/dag/module.php/duosecurity/logout.php`
83 .. note::
56 # SLO (SingleLogout) endpoint URL of the IdP.
84 SLO (SingleLogout) endpoint URL of the IdP. , Known also as Logout URL
57 # E.g. https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://duo-gateway.com/_admin/saml/sign-out-endpoint
85 E.g. http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=https://docker-dev/_admin/auth/duosecurity/saml-sign-out-endpoint
58
86
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
87 x509cert
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
88 `<CERTIFICATE_STRING>`:
61
89
62 *option*: `name_id_format` => `sha-1`
90 .. note::
63 # The format that specifies how the NameID is sent to the service provider.
91 Identity provider public x509 certificate. It will be converted to single-line format without headers.
92 Download the raw base64 encoded certificate from the Identity provider and paste it here.
93
94 SAML Signature
95 `sha-256`:
96
97 .. note::
98 Type of Algorithm to use for verification of SAML signature on Identity provider side.
99
100 SAML Digest
101 `sha-256`:
64
102
65 *option*: `signature_algo` => `sha-256`
103 .. note::
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
104 Type of Algorithm to use for verification of SAML digest on Identity provider side.
105
106 Service Provider Cert Dir
107 `/etc/rhodecode/conf/saml_ssl/`:
67
108
68 *option*: `digest_algo` => `sha-256`
109 .. note::
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
110 Optional directory to store service provider certificate and private keys.
111 Expected certs for the SP should be stored in this folder as:
112 * sp.key Private Key
113 * sp.crt Public cert
114 * sp_new.crt Future Public cert
70
115
71 *option*: `cert_dir` => `/etc/saml/`
116 Also you can use other cert to sign the metadata of the SP using the:
72 # Optional directory to store service provider certificate and private keys.
117 * metadata.key
73 # Expected certs for the SP should be stored in this folder as:
118 * metadata.crt
74 # * sp.key Private Key
119
75 # * sp.crt Public cert
120 Expected NameID Format
76 # * sp_new.crt Future Public cert
121 `nameid-format:emailAddress`:
77 #
122
78 # Also you can use other cert to sign the metadata of the SP using the:
123 .. note::
79 # * metadata.key
124 The format that specifies how the NameID is sent to the service provider.
80 # * metadata.crt
125
126 User ID Attribute
127 `PersonImmutableID`:
81
128
82 *option*: `user_id_attribute` => `PersonImmutableID`
129 .. note::
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
130 User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from DuoSecurity for example via duo_username
131 Ensure this is returned from DuoSecurity for example via duo_username.
132
133 Username Attribute
134 `User.username`:
85
135
86 *option*: `username_attribute` => `User.username`
136 .. note::
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
137 Username Attribute name. This defines which attribute in SAML response will map to a username.
88
138
89 *option*: `email_attribute` => `User.email`
139 Email Attribute
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
140 `User.email`:
141
142 .. note::
143 Email Attribute name. This defines which attribute in SAML response will map to an email address.
144
91
145
92
146
93 Below is example setup from DUO Administration page that can be used with above config.
147 Below is example setup from DUO Administration page that can be used with above config.
@@ -15,5 +15,6 b' Please check for reference two example p'
15
15
16 auth-saml-duosecurity
16 auth-saml-duosecurity
17 auth-saml-onelogin
17 auth-saml-onelogin
18 auth-saml-azure
18 auth-saml-bulk-enroll-users
19 auth-saml-bulk-enroll-users
19
20
@@ -32,62 +32,115 b' 4. Check the `enabled` check box in the '
32 Example SAML OneLogin configuration
32 Example SAML OneLogin configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
34
35 Example configuration for SAML 2.0 with OneLogin provider::
35 Example configuration for SAML 2.0 with OneLogin provider
36
37
38 Enabled
39 `True`:
36
40
37 *option*: `enabled` => `True`
41 .. note::
38 # Enable or disable this authentication plugin.
42 Enable or disable this authentication plugin.
43
44
45 Auth Cache TTL
46 `30`:
39
47
40 *option*: `cache_ttl` => `0`
48 .. note::
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
49 Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
50 Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
51
52 Debug
53 `True`:
43
54
44 *option*: `debug` => `True`
55 .. note::
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
56 Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
57
58
59 Auth button name
60 `Azure Entra ID`:
46
61
47 *option*: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
62 .. note::
48 # Identity Provider entity/metadata URI.
63 Alternative authentication display name. E.g AzureAuth, CorporateID etc.
49 # E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id>
64
65
66 Entity ID
67 `https://app.onelogin.com/saml/metadata/<onelogin_connector_id>`:
68
69 .. note::
70 Identity Provider entity/metadata URI.
71 E.g. https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
72
73 SSO URL
74 `https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>`:
50
75
51 *option*: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx`
76 .. note::
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
77 SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login, Known also as Login URL
53 # E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>
78 E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>
79
80 SLO URL
81 `https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>`:
54
82
55 *option*: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx`
83 .. note::
56 # SLO (SingleLogout) endpoint URL of the IdP.
84 SLO (SingleLogout) endpoint URL of the IdP. , Known also as Logout URL
57 # E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>
85 E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>
58
86
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
87 x509cert
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
88 `<CERTIFICATE_STRING>`:
61
89
62 *option*: `name_id_format` => `sha-1`
90 .. note::
63 # The format that specifies how the NameID is sent to the service provider.
91 Identity provider public x509 certificate. It will be converted to single-line format without headers.
92 Download the raw base64 encoded certificate from the Identity provider and paste it here.
93
94 SAML Signature
95 `sha-256`:
96
97 .. note::
98 Type of Algorithm to use for verification of SAML signature on Identity provider side.
99
100 SAML Digest
101 `sha-256`:
64
102
65 *option*: `signature_algo` => `sha-256`
103 .. note::
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
104 Type of Algorithm to use for verification of SAML digest on Identity provider side.
105
106 Service Provider Cert Dir
107 `/etc/rhodecode/conf/saml_ssl/`:
67
108
68 *option*: `digest_algo` => `sha-256`
109 .. note::
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
110 Optional directory to store service provider certificate and private keys.
111 Expected certs for the SP should be stored in this folder as:
112 * sp.key Private Key
113 * sp.crt Public cert
114 * sp_new.crt Future Public cert
70
115
71 *option*: `cert_dir` => `/etc/saml/`
116 Also you can use other cert to sign the metadata of the SP using the:
72 # Optional directory to store service provider certificate and private keys.
117 * metadata.key
73 # Expected certs for the SP should be stored in this folder as:
118 * metadata.crt
74 # * sp.key Private Key
119
75 # * sp.crt Public cert
120 Expected NameID Format
76 # * sp_new.crt Future Public cert
121 `nameid-format:emailAddress`:
77 #
122
78 # Also you can use other cert to sign the metadata of the SP using the:
123 .. note::
79 # * metadata.key
124 The format that specifies how the NameID is sent to the service provider.
80 # * metadata.crt
125
126 User ID Attribute
127 `PersonImmutableID`:
81
128
82 *option*: `user_id_attribute` => `PersonImmutableID`
129 .. note::
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
130 User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from OneLogin for example via Internal ID
131 Ensure this is returned from DuoSecurity for example via duo_username.
132
133 Username Attribute
134 `User.username`:
85
135
86 *option*: `username_attribute` => `User.username`
136 .. note::
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
137 Username Attribute name. This defines which attribute in SAML response will map to a username.
88
138
89 *option*: `email_attribute` => `User.email`
139 Email Attribute
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
140 `User.email`:
141
142 .. note::
143 Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
144
92
145
93
146
@@ -29,6 +29,7 b' administrator greater control over how u'
29 auth-saml-generic
29 auth-saml-generic
30 auth-saml-onelogin
30 auth-saml-onelogin
31 auth-saml-duosecurity
31 auth-saml-duosecurity
32 auth-saml-azure
32 auth-crowd
33 auth-crowd
33 auth-pam
34 auth-pam
34 ssh-connection
35 ssh-connection
@@ -52,6 +52,7 b' class AuthnRootResource(AuthnResourceBas'
52 """
52 """
53 This is the root traversal resource object for the authentication settings.
53 This is the root traversal resource object for the authentication settings.
54 """
54 """
55 is_root = True
55
56
56 def __init__(self):
57 def __init__(self):
57 self._store = collections.OrderedDict()
58 self._store = collections.OrderedDict()
@@ -26,8 +26,13 b''
26 <div class="sidebar">
26 <div class="sidebar">
27 <ul class="nav nav-pills nav-stacked">
27 <ul class="nav nav-pills nav-stacked">
28 % for item in resource.get_root().get_nav_list():
28 % for item in resource.get_root().get_nav_list():
29
29 <li ${('class=active' if item == resource else '')}>
30 <li ${('class=active' if item == resource else '')}>
31 % if getattr(item, 'is_root', False):
30 <a href="${request.resource_path(item, route_name='auth_home')}">${item.display_name}</a>
32 <a href="${request.resource_path(item, route_name='auth_home')}">${item.display_name}</a>
33 % else:
34 <a style="padding-left: 10px" href="${request.resource_path(item, route_name='auth_home')}">${item.display_name}</a>
35 % endif
31 </li>
36 </li>
32 % endfor
37 % endfor
33 </ul>
38 </ul>
@@ -50,6 +50,13 b''
50 ${h.secure_form(request.resource_path(resource, route_name='auth_home'), request=request)}
50 ${h.secure_form(request.resource_path(resource, route_name='auth_home'), request=request)}
51 <div class="form">
51 <div class="form">
52
52
53 ## Allow derived templates to add something above the form
54 ## input fields
55 %if hasattr(next, 'above_form_fields'):
56 ${next.above_form_fields()}
57 %endif
58
59 <h4>${_('Plugin Configuration')}</h4>
53 %for node in plugin.get_settings_schema():
60 %for node in plugin.get_settings_schema():
54 <%
61 <%
55 label_to_type = {'label-checkbox': 'bool', 'label-textarea': 'textarea'}
62 label_to_type = {'label-checkbox': 'bool', 'label-textarea': 'textarea'}
General Comments 0
You need to be logged in to leave comments. Login now