2015-03-23 18:12:06 +01:00
|
|
|
#!/usr/bin/perl
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::SharedConf;
|
|
|
|
use JSON;
|
|
|
|
use strict;
|
|
|
|
|
|
|
|
my $portal = Lemonldap::NG::Portal::SharedConf->new();
|
|
|
|
|
|
|
|
my $issuerDBOpenIDConnectPath = $portal->{issuerDBOpenIDConnectPath};
|
|
|
|
my $authorize_uri = $portal->{oidcServiceMetaDataAuthorizeURI};
|
|
|
|
my $token_uri = $portal->{oidcServiceMetaDataTokenURI};
|
|
|
|
my $userinfo_uri = $portal->{oidcServiceMetaDataUserInfoURI};
|
2015-03-27 15:21:43 +01:00
|
|
|
my $jwks_uri = $portal->{oidcServiceMetaDataJWKSURI};
|
2015-03-30 17:57:23 +02:00
|
|
|
my $registration_uri = $portal->{oidcServiceMetaDataRegistrationURI};
|
2015-04-02 18:54:00 +02:00
|
|
|
my $endsession_uri = $portal->{oidcServiceMetaDataEndSessionURI};
|
2015-06-01 20:22:36 +02:00
|
|
|
my $checksession_uri = $portal->{oidcServiceMetaDataCheckSessionURI};
|
2015-03-23 18:12:06 +01:00
|
|
|
|
|
|
|
my ($path) = ( $issuerDBOpenIDConnectPath =~ /(\w+)/ );
|
|
|
|
my $issuer = $portal->{oidcServiceMetaDataIssuer};
|
2015-04-02 08:41:15 +02:00
|
|
|
my @acr = keys $portal->{oidcServiceMetaDataAuthnContext};
|
2015-03-23 18:12:06 +01:00
|
|
|
|
|
|
|
# Create OpenID configuration hash;
|
|
|
|
my $configuration = {};
|
|
|
|
$configuration->{issuer} = $issuer;
|
|
|
|
$configuration->{authorization_endpoint} =
|
|
|
|
$issuer . $path . "/" . $authorize_uri;
|
|
|
|
$configuration->{token_endpoint} = $issuer . $path . "/" . $token_uri;
|
|
|
|
$configuration->{userinfo_endpoint} = $issuer . $path . "/" . $userinfo_uri;
|
2015-03-27 15:21:43 +01:00
|
|
|
$configuration->{jwks_uri} = $issuer . $path . "/" . $jwks_uri;
|
2015-03-30 17:57:23 +02:00
|
|
|
$configuration->{registration_endpoint} =
|
2015-05-29 12:07:54 +02:00
|
|
|
$issuer . $path . "/" . $registration_uri
|
|
|
|
if ( $portal->{oidcServiceAllowDynamicRegistration} );
|
2015-04-02 18:54:00 +02:00
|
|
|
$configuration->{end_session_endpoint} =
|
|
|
|
$issuer . $path . "/" . $endsession_uri;
|
2015-06-01 20:22:36 +02:00
|
|
|
$configuration->{check_session_iframe} =
|
|
|
|
$issuer . $path . "/" . $checksession_uri;
|
2015-03-23 18:12:06 +01:00
|
|
|
$configuration->{scopes_supported} = [qw/openid profile email address phone/];
|
|
|
|
$configuration->{response_types_supported} = [
|
|
|
|
"code",
|
|
|
|
"id_token",
|
|
|
|
"id_token token",
|
|
|
|
"code id_token",
|
|
|
|
"code token",
|
|
|
|
"code id_token token"
|
|
|
|
];
|
|
|
|
|
|
|
|
# $configuration->{response_modes_supported}
|
|
|
|
$configuration->{grant_types_supported} =
|
|
|
|
[qw/authorization_code implicit hybrid/];
|
2015-04-02 08:41:15 +02:00
|
|
|
$configuration->{acr_values_supported} = \@acr;
|
2015-03-24 16:09:48 +01:00
|
|
|
$configuration->{subject_types_supported} = ["public"];
|
2015-03-23 18:12:06 +01:00
|
|
|
$configuration->{id_token_signing_alg_values_supported} =
|
2015-03-27 16:13:00 +01:00
|
|
|
[qw/none HS256 HS384 HS512 RS256 RS384 RS512/];
|
2015-03-23 18:12:06 +01:00
|
|
|
|
|
|
|
# $configuration->{id_token_encryption_alg_values_supported}
|
|
|
|
# $configuration->{id_token_encryption_enc_values_supported}
|
2015-04-14 20:42:02 +02:00
|
|
|
$configuration->{userinfo_signing_alg_values_supported} =
|
|
|
|
[qw/none HS256 HS384 HS512 RS256 RS384 RS512/];
|
|
|
|
|
2015-03-23 18:12:06 +01:00
|
|
|
# $configuration->{userinfo_encryption_alg_values_supported}
|
|
|
|
# $configuration->{userinfo_encryption_enc_values_supported}
|
|
|
|
# $configuration->{request_object_signing_alg_values_supported}
|
|
|
|
# $configuration->{request_object_encryption_alg_values_supported}
|
2015-03-24 16:05:38 +01:00
|
|
|
# $configuration->{request_object_encryption_enc_values_supported}
|
|
|
|
$configuration->{token_endpoint_auth_methods_supported} =
|
|
|
|
[qw/client_secret_post client_secret_basic/];
|
|
|
|
|
|
|
|
# $configuration->{token_endpoint_auth_signing_alg_values_supported}
|
|
|
|
# $configuration->{display_values_supported}
|
|
|
|
# $configuration->{claim_types_supported}
|
|
|
|
# RECOMMENDED # $configuration->{claims_supported}
|
|
|
|
# $configuration->{service_documentation}
|
|
|
|
# $configuration->{claims_locales_supported}
|
|
|
|
# $configuration->{ui_locales_supported}
|
|
|
|
# $configuration->{claims_parameter_supported}
|
2015-04-30 08:09:51 +02:00
|
|
|
$configuration->{request_parameter_supported} = "true";
|
|
|
|
$configuration->{request_uri_parameter_supported} = "true";
|
|
|
|
$configuration->{require_request_uri_registration} = "false";
|
2015-04-22 19:16:32 +02:00
|
|
|
|
2015-03-24 16:05:38 +01:00
|
|
|
# $configuration->{op_policy_uri}
|
|
|
|
# $configuration->{op_tos_uri}
|
2015-03-23 18:12:06 +01:00
|
|
|
|
2015-03-27 15:33:13 +01:00
|
|
|
my $json = to_json( $configuration, { pretty => 1 } );
|
2015-03-23 18:12:06 +01:00
|
|
|
|
|
|
|
print $portal->header('application/json; charset=utf-8');
|
|
|
|
print $json;
|