Add new option to override EntityID when acting as IDP
This commit is contained in:
Maxime Besson
parent
bd8cd2ee8f
commit
25d1c45fd4
|
|
@ -245,6 +245,7 @@ sub defaultValues {
|
|||
'samlOrganizationDisplayName' => 'Example',
|
||||
'samlOrganizationName' => 'Example',
|
||||
'samlOrganizationURL' => 'http://www.example.com',
|
||||
'samlOverrideIDPEntityID' => '',
|
||||
'samlRelayStateTimeout' => 600,
|
||||
'samlServiceSignatureMethod' => 'RSA_SHA1',
|
||||
'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ our $issuerParameters = {
|
|||
issuerDBOpenIDConnect => [qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)],
|
||||
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
|
||||
};
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlOverrideIDPEntityID)];
|
||||
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)];
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -53,6 +53,11 @@ sub serviceToXML {
|
|||
$template->param( $_, $self->getValue( $_, $conf ) );
|
||||
}
|
||||
|
||||
# When asked to provide only IDP metadata, take into account EntityID override
|
||||
if ( $type eq "idp" and $conf->{samlOverrideIDPEntityID} ) {
|
||||
$template->param( 'samlEntityID', $conf->{samlOverrideIDPEntityID} );
|
||||
}
|
||||
|
||||
# Boolean parameters
|
||||
my @param_boolean = qw(
|
||||
samlSPSSODescriptorAuthnRequestsSigned
|
||||
|
|
|
|||
|
|
@ -2885,6 +2885,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 'http://www.example.com',
|
||||
'type' => 'text'
|
||||
},
|
||||
'samlOverrideIDPEntityID' => {
|
||||
'default' => '',
|
||||
'type' => 'text'
|
||||
},
|
||||
'samlRelayStateTimeout' => {
|
||||
'default' => 600,
|
||||
'type' => 'int'
|
||||
|
|
|
|||
|
|
@ -2021,6 +2021,11 @@ sub attributes {
|
|||
default => 600,
|
||||
documentation => 'SAML timeout of relay state',
|
||||
},
|
||||
samlOverrideIDPEntityID => {
|
||||
type => 'text',
|
||||
documentation => 'Override SAML EntityID when acting as an IDP',
|
||||
default => '',
|
||||
},
|
||||
samlUseQueryStringSpecific => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
|
|
|
|||
|
|
@ -1009,7 +1009,8 @@ sub tree {
|
|||
'samlDiscoveryProtocolPolicy',
|
||||
'samlDiscoveryProtocolIsPassive'
|
||||
]
|
||||
}
|
||||
},
|
||||
'samlOverrideIDPEntityID',
|
||||
]
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -975,5 +975,6 @@
|
|||
"samlCommonDomainCookieReader":"يو آر إل القارئ",
|
||||
"samlCommonDomainCookieWriter":"يو آر إل الكاتب",
|
||||
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
|
||||
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين"
|
||||
}
|
||||
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -975,5 +975,6 @@
|
|||
"samlCommonDomainCookieReader":"Reader URL",
|
||||
"samlCommonDomainCookieWriter":"Writer URL",
|
||||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method"
|
||||
}
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -975,5 +975,6 @@
|
|||
"samlCommonDomainCookieReader":"Reader URL",
|
||||
"samlCommonDomainCookieWriter":"Writer URL",
|
||||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method"
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -975,5 +975,6 @@
|
|||
"samlCommonDomainCookieReader":"URL de lecture",
|
||||
"samlCommonDomainCookieWriter":"URL d'écriture",
|
||||
"samlRelayStateTimeout":"Durée de vie d'une session RelayState",
|
||||
"samlUseQueryStringSpecific":"Utilisation d'une fonction spécifique pour query_string"
|
||||
"samlUseQueryStringSpecific":"Utilisation d'une fonction spécifique pour query_string",
|
||||
"samlOverrideIDPEntityID": "Valeur de l'Entity ID en mode IDP"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -975,5 +975,6 @@
|
|||
"samlCommonDomainCookieReader":"URL del lettore",
|
||||
"samlCommonDomainCookieWriter":"URL dell'autore",
|
||||
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
|
||||
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string"
|
||||
}
|
||||
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -975,5 +975,6 @@
|
|||
"samlCommonDomainCookieReader":"Trình đọc URL",
|
||||
"samlCommonDomainCookieWriter":"Trình viết URL",
|
||||
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
|
||||
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể"
|
||||
}
|
||||
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -975,5 +975,6 @@
|
|||
"samlCommonDomainCookieReader":"Reader URL",
|
||||
"samlCommonDomainCookieWriter":"Writer URL",
|
||||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method"
|
||||
}
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -91,6 +91,11 @@ qr/^($saml_sso_get_url|$saml_sso_get_url_ret|$saml_sso_post_url|$saml_sso_post_u
|
|||
);
|
||||
return 0 unless ($res);
|
||||
|
||||
if ( $self->conf->{samlOverrideIDPEntityID} ) {
|
||||
$self->lassoServer->ProviderID(
|
||||
$self->conf->{samlOverrideIDPEntityID} );
|
||||
}
|
||||
|
||||
# Single logout routes
|
||||
$self->addUnauthRouteFromMetaDataURL(
|
||||
"samlIDPSSODescriptorSingleLogoutServiceSOAP",
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user