Allow overriding SAML settings.

Review Request #14288 — Created Jan. 7, 2025 and updated

Information

Review Board
release-7.x

Reviewers

The python3-saml library has a bunch of settings that govern its
behavior. We have siteconfig keys for the settings that matter (things
like binding type, verification keys, URLs, etc), which then gets turned
into the dict format that python3-saml wants.

In some cases, users may need to override those settings. In a recent
report, Windows machines which use x509 to log in require setting some
items in the security key (which we otherwise don't use at all).

This change adds an escape hatch for those situations where admins can
define SAML_CONFIG_ADVANCED in their settings_local.py file,
mimicking the advanced_settings.json file that python3-saml would use if
we were not passing in the config as a dict.

Ran unit tests.

Summary ID
Allow overriding SAML settings.
The python3-saml library has a bunch of settings that govern its behavior. We have siteconfig keys for the settings that matter (things like binding type, verification keys, URLs, etc), which then gets turned into the dict format that python3-saml wants. In some cases, users may need to override those settings. In a recent report, Windows machines which use x509 to log in require setting some items in the `security` key (which we otherwise don't use at all). This change adds an escape hatch for those situations where admins can define `SAML_CONFIG_ADVANCED` in their `settings_local.py` file, mimicking the advanced_settings.json file that python3-saml would use if we were not passing in the config as a dict. Testing Done: Ran unit tests.
a71d9afc4eb48e469fa851a2bc852656dcf02331
Description From Last Updated

Can you add a Version Added? I know it's less important than API-level modules, but we've been adding these and …

chipx86chipx86

Same here.

chipx86chipx86
Checks run (2 succeeded)
flake8 passed.
JSHint passed.
chipx86
  1. 
      
  2. Show all issues

    Can you add a Version Added? I know it's less important than API-level modules, but we've been adding these and it's nice to just have that information sometimes when tracing things.

  3. Show all issues

    Same here.

  4. 
      
maubin
  1. Ship It!
  2.