Parameter to allow dynamic client registration (#184)
This commit is contained in:
parent
b66a90e197
commit
121e578b7e
|
@ -1967,8 +1967,13 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
},
|
||||
documentation => 'OpenID Connect Authentication Context Class Ref',
|
||||
},
|
||||
oidcServicePrivateKeySig => { type => 'RSAPrivateKey', },
|
||||
oidcServicePublicKeySig => { type => 'RSAPublicKey', },
|
||||
oidcServicePrivateKeySig => { type => 'RSAPrivateKey', },
|
||||
oidcServicePublicKeySig => { type => 'RSAPublicKey', },
|
||||
oidcServiceAllowDynamicRegistration => {
|
||||
type => 'bool',
|
||||
default => '0',
|
||||
documentation => 'OpenID Connect allow dynamic client registration',
|
||||
},
|
||||
|
||||
# OpenID-Connect metadata nodes
|
||||
oidcOPMetaDataNodes =>
|
||||
|
|
|
@ -823,8 +823,11 @@ sub tree {
|
|||
{
|
||||
title => 'oidcServiceMetaDataSecurity',
|
||||
form => 'RSAKeyNoPassword',
|
||||
group =>
|
||||
[ 'oidcServicePrivateKeySig', 'oidcServicePublicKeySig' ]
|
||||
group => [
|
||||
'oidcServicePrivateKeySig',
|
||||
'oidcServicePublicKeySig',
|
||||
'oidcServiceAllowDynamicRegistration'
|
||||
]
|
||||
},
|
||||
]
|
||||
},
|
||||
|
|
|
@ -27,7 +27,8 @@ $configuration->{token_endpoint} = $issuer . $path . "/" . $token_uri;
|
|||
$configuration->{userinfo_endpoint} = $issuer . $path . "/" . $userinfo_uri;
|
||||
$configuration->{jwks_uri} = $issuer . $path . "/" . $jwks_uri;
|
||||
$configuration->{registration_endpoint} =
|
||||
$issuer . $path . "/" . $registration_uri;
|
||||
$issuer . $path . "/" . $registration_uri
|
||||
if ( $portal->{oidcServiceAllowDynamicRegistration} );
|
||||
$configuration->{end_session_endpoint} =
|
||||
$issuer . $path . "/" . $endsession_uri;
|
||||
$configuration->{scopes_supported} = [qw/openid profile email address phone/];
|
||||
|
|
|
@ -413,6 +413,14 @@ sub issuerForUnAuthUser {
|
|||
$self->lmLog( "OpenID Connect Registration request from $source_ip",
|
||||
'warn' );
|
||||
|
||||
# Check dynamic registration is allowed
|
||||
unless ( $self->{oidcServiceAllowDynamicRegistration} ) {
|
||||
$self->lmLog( "Dynamic registration is not allowed", 'error' );
|
||||
$self->returnJSONError( 'server_error',
|
||||
'Dynamic registration is not allowed' );
|
||||
$self->quit;
|
||||
}
|
||||
|
||||
# Get client metadata
|
||||
my $client_metadata_json = $self->param('POSTDATA');
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user