##// END OF EJS Templates
u » pc » rhodecode-enterprise-ce-fork-pc
RSS

Fork of rhodecode-enterprise-ce

docs: updated bulk external identity set
marcink -
r3493:1c22d247 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -11,11 +11,9 b' This method simply enables SAML authenti'
11 11
12 12
13 13 From the server RhodeCode Enterprise is running run ishell on the instance which we
14 want to apply the SAML migration:
14 want to apply the SAML migration::
15 15
16 ```
17 16 rccontrol ishell enterprise-1
18 ```
19 17
20 18 Follow these steps to enable SAML authentication for multiple users.
21 19
@@ -26,32 +24,50 b' 1) Create a user_id => attribute mapping'
26 24 `saml2user` is a mapping of external ID from SAML provider such as OneLogin, DuoSecurity, Google.
27 25 This mapping consists of local rhodecode user_id mapped to set of required attributes needed to bind SAML
28 26 account to internal rhodecode user.
29 For example, 123 is local rhodecode user_id, and '48253211' is onelogin ID.
27 For example, 123 is local rhodecode user_id, and '48253211' is OneLogin ID.
30 28 For other providers you'd have to figure out what would be the user-id, sometimes it's the email, i.e for Google
29 The most important this id needs to be unique for each user.
30
31 .. code-block:: python
31 32
32 33 In [1]: saml2user = {
33 34 ...: # OneLogin, uses externalID available to read from in the UI
34 35 ...: 123: {'id: '48253211'},
35 ...: # for google use email
36 ...: # for Google/DuoSecurity email is also an option for unique ID
36 37 ...: 124: {'id: 'email@domain.com'},
37 38 ...: }
38 39
39 2) Import the plugin you want to run migration for, pick only one and run the `import` statement
40 # for duo security
40
41 2) Import the plugin you want to run migration for.
42
43 From available options pick only one and run the `import` statement
44
45 .. code-block:: python
46
47 # for Duo Security
41 48 In [2]: from rc_auth_plugins.auth_duo_security import RhodeCodeAuthPlugin
42 # for onelogin
49 # for OneLogin
43 50 In [2]: from rc_auth_plugins.auth_onelogin import RhodeCodeAuthPlugin
44 # generic saml
45 In [2]: from rc_auth_plugins.auth_duo_security import RhodeCodeAuthPlugin
51 # generic SAML plugin
52 In [2]: from rc_auth_plugins.auth_saml import RhodeCodeAuthPlugin
53
54 3) Run the migration based on saml2user mapping.
46 55
47 3) Run the migration based on saml2user mapping. Enter in the ishell prompt
56 Enter in the ishell prompt
57
58 .. code-block:: python
59
48 60 In [3]: for user in User.get_all():
49 61 ...: existing_identity = ExternalIdentity().query().filter(ExternalIdentity.local_user_id == user.user_id).scalar()
50 62 ...: attrs = saml2user.get(user.user_id)
51 63 ...: provider = RhodeCodeAuthPlugin.uid
52 ...: if not existing_identity and attrs:
64 ...: if existing_identity:
65 ...: print('Identity for user `{}` already exists, skipping'.format(user.username))
66 ...: continue
67 ...: if attrs:
68 ...: external_id = attrs['id']
53 69 ...: new_external_identity = ExternalIdentity()
54 ...: new_external_identity.external_id = attrs['id']
70 ...: new_external_identity.external_id = external_id
55 71 ...: new_external_identity.external_username = '{}-saml-{}'.format(user.username, user.user_id)
56 72 ...: new_external_identity.provider_name = provider
57 73 ...: new_external_identity.local_user_id = user_id
@@ -60,7 +76,7 b' In [3]: for user in User.get_all():'
60 76 ...: new_external_identity.alt_token = ''
61 77 ...: Session().add(ex_identity)
62 78 ...: Session().commit()
63
79 ...: print('Set user `{}` external identity bound to ExternalID:{}'.format(user.username, external_id))
64 80
65 81 .. note::
66 82
General Comments 0
You need to be logged in to leave comments. Login now