Attachment #8435 for bug #43582

View | Details | Raw Unified | Return to bug 43582
Collapse All | Expand All

(-)a/univention-office365/modules/univention/office365/azure_auth.py (-1 / +1 lines)

Lines 557-563 def write_saml_setup_script(cls):	Link Here

557

		template = '''

557

		template = '''

558

@ECHO OFF

558

@ECHO OFF

559

ECHO Asking for Azure Administator credentials

559

ECHO Asking for Azure Administator credentials

560

powershell Connect-MsolService; Set-MsolDomainAuthentication -DomainName "{domain}" -Authentication Managed; Set-MsolDomainAuthentication -DomainName "{domain}" -FederationBrandName "UCS" -Authentication Federated -ActiveLogOnUri "https://{ucs_sso_fqdn}/simplesamlphp/saml2/idp/SSOService.php" -PassiveLogOnUri "https://{ucs_sso_fqdn}/simplesamlphp/saml2/idp/SSOService.php" -SigningCertificate "{cert}" -IssuerUri "{issuer}" -LogOffUri "https://{ucs_sso_fqdn}/simplesamlphp/saml2/idp/SingleLogoutService.php?ReturnTo=/ucs-overview" -PreferredAuthenticationProtocol SAMLP;  Get-MsolDomain

560

powershell Connect-MsolService; Set-MsolDomainAuthentication -DomainName "{domain}" -Authentication Managed; Set-MsolDomainAuthentication -DomainName "{domain}" -FederationBrandName "UCS" -Authentication Federated -ActiveLogOnUri "https://{ucs_sso_fqdn}/simplesamlphp/saml2/idp/SSOService.php" -PassiveLogOnUri "https://{ucs_sso_fqdn}/simplesamlphp/saml2/idp/SSOService.php" -SigningCertificate "{cert}" -IssuerUri "{issuer}" -LogOffUri "https://{ucs_sso_fqdn}/simplesamlphp/saml2/idp/SingleLogoutService.php?ReturnTo=/univention/" -PreferredAuthenticationProtocol SAMLP;  Get-MsolDomain

561

ECHO Finished single sign-on configuration change

561

ECHO Finished single sign-on configuration change

562

pause

562

pause

563

'''.format(domain=cls.get_domain(), ucs_sso_fqdn=ucs_sso_fqdn, cert=cert, issuer=issuer)

563

'''.format(domain=cls.get_domain(), ucs_sso_fqdn=ucs_sso_fqdn, cert=cert, issuer=issuer)




msgid "Help"
msgstr "Hilfe"

msgid "If the download of the <i>manifest.json</i> file didn't start automatically <a download=\"manifest.json\" href=\"/univention/command/office365/manifest.json\" target=\"_blank\">click here</a>."
msgstr "Falls der Download der <i>manifest.json</i> Datei nicht automatisch gestartet wurde <a download=\"manifest.json\" target=\"_blank\" href=\"/univention/command/office365/manifest.json\">hier klicken</a>."

msgid "If the script has been executed successfully, single sign-on configuration is completed. Continue by clicking on <i>Next</i>."
msgstr "Wenn das Script erfolgreich ausgeführt wurde, ist die Einrichtung des Single Sign-on abgeschlossen. Fahren Sie durch klicken auf <i>Weiter</i> fort."

msgid "Single Sign-On setup"
msgstr "Single Sign-On Einrichtung"

msgid "Synchronized users can log into Office 365 by using the link on the <a href=\"/univention/\" target=\"_blank\">UCS portal</a>."
msgstr "Synchronisierte Benutzer können sich bei Office 365 anmelden, indem Sie den Link auf dem <a href=\"/univention/\" target=\"_blank\">UCS Portal</a> nutzen."

msgid "The UCS SAML identity provider has to be connected to Azure by running a Windows Powershell script."
msgstr "Der UCS SAML Identity Provider muss über ein Windows Powershell Script mit Azure verbunden werden."




					widgets: [{
						type: Text,
						name: 'infos',
						content: _('Synchronized users can log into Office 365 by using the link on the <a href="/univention/" target="_blank">UCS portal</a>.') + '<br>' + this.img(_('sso-login_EN.png'))
					}]
				}, {
					name: 'error',


		getTextUpdateManifest: function() {
			return this.formatOrderedList([
				_('If the download of the <i>manifest.json</i> file didn\'t start automatically <a download="manifest.json" href="/univention/command/office365/manifest.json" target="_blank">click here</a>.'),
				_('Select <i>MANAGE MANIFEST</i> and <i>upload manifest</i> in the Azure dashboard.') + this.img(_('manage_manifest_EN.png')),
				_('To upload the manifest in the new pop up click on <i>BROWSE FOR FILE...</i> and select the previously downloaded <i>manifest.json</i>.') + this.img(_('azure_upload_manifest_window_EN.png')),
				_('After the upload has succeeded continue this wizard by clicking on <i>Next</i>.')

				_('Install the latest version of Microsoft Powershell by installing <a href="%s" target="_blank">Windows Management Framework 5.0</a>', _('https://www.microsoft.com/en-us/download/details.aspx?id=50395')),
				_('On your Windows PC, follow the <a href="%s" target="_blank">instructions on Microsoft TechNet</a> to install the <i>Microsoft Online Services Sign-In Assistant for IT Professionals RTW</i> and <i>Azure Active Directory Module for Windows PowerShell</i> on your PC.', _('https://technet.microsoft.com/library/jj151815.aspx#bkmk_installmodule')),
				_('Make sure that the verified domain which is set up in Azure Active Directory is <b>not</b> configured as the primary domain. Otherwise, the next step will fail.'),
				lang.replace(_('Download the {link} for Microsoft Powershell.'), {link: '<a href="/univention/command/office365/saml_setup.bat" target="_blank">' + _('SAML configuration script') + '</a>'}) + ' ' +
				_('Execute the downloaded SAML configuration script, and authenticate with the Azure Active Directory domain administrator account.') + this.img(_('saml_setup_script_windows_EN.png')),
				_('If the script has been executed successfully, single sign-on configuration is completed. Continue by clicking on <i>Next</i>.')
			]);

			this.authorizationurl = data.result.authorizationurl;
//			iframe("data:application/octet-stream;headers=Content-Disposition%3A%20attachment%3B%20filename%3Dmanifest.json;charset=utf-8;base64," + data.result.manifest);  // sucks...
//			domConstruct.create('a', {href: 'data:application/octet-stream;charset=utf-8;base64,' + data.result.manifest, 'download': 'manifest.json', style: 'display: none;', 'innerHTML': 'manifest.json'}, dojo.body()).click();  // IE11 sucks
			domConstruct.create('a', {target: '_blank', href: '/univention/command/office365/manifest.json', 'download': 'manifest.json', style: 'display: none;', 'innerHTML': 'manifest.json'}, dojo.body()).click();
			this._next('manifest-upload');
		},





from univention.lib.i18n import Translation
from univention.management.console.config import ucr
from univention.management.console.base import Base, UMC_Error, UMC_OptionSanitizeError
from univention.management.console.modules.decorators import sanitize, simple_response, file_upload, allow_get
from univention.management.console.modules.sanitizers import StringSanitizer, DictSanitizer, BooleanSanitizer, ValidationError, MultiValidationError
from univention.management.console.log import MODULE


		fqdn = '%s.%s' % (ucr.get('hostname'), ucr.get('domainname'))
		return {
			'initialized': AzureAuth.is_initialized(),
			'login-url': '{origin}/univention/command/office365/authorize',
			'appid-url': 'https://%s/office365' % (fqdn,),
			'base-url': 'https://%s/' % (fqdn,),
		}

			'authorizationurl': authorizationurl,
		}, message=_('The manifest has been successfully uploaded.'))

	@allow_get
	def manifest_json(self, request):
		with open(MANIFEST_FILE, 'rb') as fd:
			self.finished(request.id, fd.read(), mimetype='application/octet-stream')

	@allow_get
	def saml_setup_script(self, request):
		with open(SAML_SETUP_SCRIPT_PATH, 'rb') as fd:
			self.finished(request.id, fd.read(), mimetype='application/octet-stream')

	@allow_get
	@sanitize(
		id_token=StringSanitizer(),
		code=StringSanitizer(),

Return to bug 43582