Skip to content

Commit

Permalink
Add SAML scheme override env var (#2947)
Browse files Browse the repository at this point in the history
* Add SAML scheme override env var

* Make it pretty, please the linter
  • Loading branch information
leosunmo authored and arikfr committed Mar 13, 2019
1 parent 4a8d9a7 commit 4768fd0
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
7 changes: 6 additions & 1 deletion redash/authentication/saml_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,12 @@ def get_saml_client(org):
"""
metadata_url = org.get_setting("auth_saml_metadata_url")
entity_id = org.get_setting("auth_saml_entity_id")
acs_url = url_for("saml_auth.idp_initiated", org_slug=org.slug, _external=True)

if settings.SAML_SCHEME_OVERRIDE:
acs_url = url_for("saml_auth.idp_initiated", org_slug=org.slug, _external=True,
_scheme=settings.SAML_SCHEME_OVERRIDE)
else:
acs_url = url_for("saml_auth.idp_initiated", org_slug=org.slug, _external=True)

saml_settings = {
'metadata': {
Expand Down
7 changes: 7 additions & 0 deletions redash/settings/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,13 @@ def all_settings():
GOOGLE_CLIENT_SECRET = os.environ.get("REDASH_GOOGLE_CLIENT_SECRET", "")
GOOGLE_OAUTH_ENABLED = bool(GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET)

# If Redash is behind a proxy it might sometimes receive a X-Forwarded-Proto of HTTP
# even if your actual Redash URL scheme is HTTPS. This will cause Flask to build
# the SAML redirect URL incorrect thus failing auth. This is especially common if
# you're behind a SSL/TCP configured AWS ELB or similar.
# This setting will force the URL scheme.
SAML_SCHEME_OVERRIDE = os.environ.get("REDASH_SAML_SCHEME_OVERRIDE", "")

# Enables the use of an externally-provided and trusted remote user via an HTTP
# header. The "user" must be an email address.
#
Expand Down

0 comments on commit 4768fd0

Please sign in to comment.