pr@dev@feat_saml2_auth (#1216)

* feat: 支持saml2协议单点登录认证 * fix: 合并遗漏的翻译文件 * fix: 合并遗漏的翻译文件
2026-01-29 21:28:52 +00:00 · 2021-12-09 16:01:46 +08:00
parent 0b71032631
commit 3eff78817b
5 changed files with 117 additions and 3 deletions
--- a/src/i18n/langs/cn.json
+++ b/src/i18n/langs/cn.json
@@ -246,6 +246,7 @@
    "UserLoginLimit": "用户登录限制",
    "IPLoginLimit": "IP 登录限制",
    "Setting": "设置",
+    "Certificate": "证书",
    "ViewMore": "查看更多",
    "Announcement": "公告",
    "Logging": "日志记录",
@@ -903,6 +904,13 @@
    "authLdapSearchOu": "用户OU",
    "authLdapServerUri": "LDAP地址",
    "authLdapUserAttrMap": "用户属性映射",
+    "authUserAttrMap": "用户属性映射",
+    "authUserAttrMapHelpText": "映射关系 {idp：sp}",
+    "SAML2": "SAML2",
+    "enableSAML2Auth": "开启 SAML2 认证",
+    "SAML2Auth": "SAML2 认证",
+    "authSAML2Xml": "IDP metadata XML",
+    "authSAML2MetadataUrl": "IDP metadata URL",
    "authCASAttrMap": "用户属性映射",
    "SignaturesAndTemplates": "Signatures and Templates",
    "unselectedUser": "没有选择用户",
--- a/src/i18n/langs/en.json
+++ b/src/i18n/langs/en.json
@@ -240,6 +240,7 @@
    "UserLoginLimit": "User login limit",
    "IPLoginLimit": "IP login limit",
    "Setting": "Setting",
+    "Certificate": "Certificate",
    "ViewMore": "View more",
    "Announcement": "Announcement",
    "Logging": "Logging",
@@ -881,7 +882,13 @@
    "authLdapSearchOu": "User OU",
    "authLdapServerUri": "LDAP server",
    "authLdapUserAttrMap": "User attr map",
-    "authCASAttrMap": "User attr map",
+    "authUserAttrMap": "User attr map",
+    "authUserAttrMapHelpText": "Mapping relationship { idp_key: sp_key}",
+    "SAML2": "SAML2",
+    "enableSAML2Auth": "Enable SAML2 Auth",
+    "SAML2Auth": "SAML2 Auth",
+    "authSAML2Xml": "IDP metadata XML",
+    "authSAML2MetadataUrl": "IDP metadata URL",
    "unselectedUser": "Unselected user",
    "auto": "Auto",
    "basicSetting": "Basic setting",
--- a/src/views/settings/Auth/CAS.vue
+++ b/src/views/settings/Auth/CAS.vue
@@ -40,7 +40,7 @@ export default {
            el: {
              type: 'textarea'
            },
-            label: this.$t('setting.authCASAttrMap'),
+            label: this.$t('setting.authUserAttrMap'),
            rules: [JsonRequired]
          }
        },
--- a/src/views/settings/Auth/SAML2.vue
+++ b/src/views/settings/Auth/SAML2.vue
@@ -0,0 +1,94 @@
+<template>
+  <BaseAuth
+    :value="value"
+    :config="settings"
+    :title="$t('setting.SAML2')"
+    enable-field="AUTH_SAML2"
+    v-on="$listeners"
+  />
+</template>
+
+<script>
+import BaseAuth from './Base'
+import { JsonRequired } from '@/components/DataForm/rules'
+import { UploadKey } from '@/components'
+export default {
+  name: 'SAML2',
+  components: {
+    BaseAuth
+  },
+  props: {
+    value: {
+      type: Boolean,
+      required: true
+    }
+  },
+  data() {
+    return {
+      settings: {
+        url: '/api/v1/settings/setting/?category=saml2',
+        fields: [
+          [this.$t('common.Basic'), ['AUTH_SAML2']],
+          [this.$t('common.Params'), ['SAML2_IDP_METADATA_URL', 'SAML2_IDP_METADATA_XML']],
+          [this.$t('common.Certificate'), ['SAML2_SP_CERT_CONTENT', 'SAML2_SP_KEY_CONTENT']],
+          [this.$t('common.Other'), [
+            'SAML2_LOGOUT_COMPLETELY', 'AUTH_SAML2_ALWAYS_UPDATE_USER',
+            'SAML2_RENAME_ATTRIBUTES'
+          ]]
+        ],
+        fieldsMeta: {
+          AUTH_SAML2: {
+            label: this.$t('setting.enableSAML2Auth')
+          },
+          SAML2_IDP_METADATA_URL: {
+            component: 'el-input',
+            label: this.$t('setting.authSAML2MetadataUrl')
+          },
+          SAML2_IDP_METADATA_XML: {
+            component: 'el-input',
+            el: {
+              type: 'textarea',
+              rows: 8
+            },
+            label: this.$t('setting.authSAML2Xml')
+          },
+          SAML2_SP_CERT_CONTENT: {
+            component: UploadKey
+          },
+          SAML2_SP_KEY_CONTENT: {
+            component: UploadKey
+          },
+          SAML2_RENAME_ATTRIBUTES: {
+            component: 'el-input',
+            el: {
+              type: 'textarea'
+            },
+            label: this.$t('setting.authUserAttrMap'),
+            rules: [JsonRequired],
+            helpText: this.$t('setting.authUserAttrMapHelpText')
+          }
+        },
+        submitMethod: () => 'patch',
+        afterGetFormValue(obj) {
+          obj.SAML2_RENAME_ATTRIBUTES = JSON.stringify(obj.SAML2_RENAME_ATTRIBUTES)
+          return obj
+        },
+        cleanFormValue(data) {
+          if (data['SAML2_RENAME_ATTRIBUTES']) {
+            data['SAML2_RENAME_ATTRIBUTES'] = JSON.parse(data['SAML2_RENAME_ATTRIBUTES'])
+          }
+          return data
+        }
+      }
+    }
+  },
+  methods: {
+    onConfirm() {
+    }
+  }
+}
+</script>
+
+<style scoped>
+
+</style>
--- a/src/views/settings/Auth/index.vue
+++ b/src/views/settings/Auth/index.vue
@@ -14,6 +14,7 @@ import DingTalk from './DingTalk'
 import FeiShu from './FeiShu'
 import WeCom from './WeCom'
 import SSO from './SSO'
+import SAML2 from './SAML2'

 export default {
  name: 'Auth',
@@ -29,7 +30,7 @@ export default {
          this.$t('setting.AuthMethod'), [
            'AUTH_CAS', 'AUTH_OPENID',
            'AUTH_WECOM', 'AUTH_DINGTALK', 'AUTH_FEISHU',
-            'AUTH_RADIUS', 'AUTH_SSO'
+            'AUTH_RADIUS', 'AUTH_SSO', 'AUTH_SAML2'
          ]
        ],
        [
@@ -62,6 +63,10 @@ export default {
        AUTH_SSO: {
          component: SSO
        },
+        AUTH_SAML2: {
+          component: SAML2,
+          label: this.$t('setting.SAML2Auth')
+        },
        FORGOT_PASSWORD_URL: {
          on: {
            change([value], updateForm) {