Add OIDC logout parameters (#1032)

This commit is contained in:
Xavier Guimard 2017-03-09 21:56:45 +00:00
parent 179f6e0381
commit 2ec0f3ce6f
8 changed files with 89 additions and 3 deletions

View File

@ -23,7 +23,7 @@ our $doubleHashKeys = 'issuerDBGetParameters';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList)|SSLVarIf)';
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
our $virtualHostKeys = '(?:vhost(?:(?:Maintenanc|Typ)e|(?:Aliase|Http)s|Port)|(?:exportedHeader|locationRule)s|post)';

View File

@ -1686,6 +1686,26 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
],
'type' => 'select'
},
'oidcRPMetaDataOptionsLogoutSessionRequired' => {
'type' => 'bool'
},
'oidcRPMetaDataOptionsLogoutType' => {
'default' => 'front',
'select' => [
{
'k' => 'front',
'v' => 'Front Channel'
},
{
'k' => 'back',
'v' => 'Back Channel'
}
],
'type' => 'select'
},
'oidcRPMetaDataOptionsLogoutUrl' => {
'type' => 'url'
},
'oidcRPMetaDataOptionsRedirectUris' => {
'type' => 'text'
},

View File

@ -2509,7 +2509,23 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ type => 'keyTextContainer', default => {} },
oidcRPMetaDataOptionsBypassConsent =>
{ type => 'bool', help => 'openidconnectclaims.html', default => 0 },
oidcRPMetaDataOptionsLogoutUrl => {
type => 'url',
documentation => 'Logout URL',
},
oidcRPMetaDataOptionsLogoutType => {
type => 'select',
select => [
{ k => 'front', v => 'Front Channel' },
{ k => 'back', v => 'Back Channel' },
],
default => 'front',
documentation => 'Logout type',
},
oidcRPMetaDataOptionsLogoutSessionRequired => {
type => 'bool',
documentation => 'Session required for logout',
},
};
}

View File

@ -199,6 +199,15 @@ sub cTrees {
'oidcRPMetaDataOptionsAccessTokenExpiration',
'oidcRPMetaDataOptionsRedirectUris',
'oidcRPMetaDataOptionsBypassConsent',
{
title => 'logout',
form => 'simpleInputContainer',
nodes => [
'oidcRPMetaDataOptionsLogoutUrl',
'oidcRPMetaDataOptionsLogoutType',
'oidcRPMetaDataOptionsLogoutSessionRequired',
]
},
]
},
'oidcRPMetaDataOptionsExtraClaims',

View File

@ -351,6 +351,41 @@ function templates(tpl,key) {
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsBypassConsent",
"title" : "oidcRPMetaDataOptionsBypassConsent",
"type" : "bool"
},
{
"_nodes" : [
{
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutUrl",
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutUrl",
"title" : "oidcRPMetaDataOptionsLogoutUrl"
},
{
"default" : "front",
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutType",
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutType",
"select" : [
{
"k" : "front",
"v" : "Front Channel"
},
{
"k" : "back",
"v" : "Back Channel"
}
],
"title" : "oidcRPMetaDataOptionsLogoutType",
"type" : "select"
},
{
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutSessionRequired",
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutSessionRequired",
"title" : "oidcRPMetaDataOptionsLogoutSessionRequired",
"type" : "bool"
}
],
"id" : "logout",
"title" : "logout",
"type" : "simpleInputContainer"
}
],
"id" : "oidcRPMetaDataOptions",

File diff suppressed because one or more lines are too long

View File

@ -422,6 +422,9 @@
"oidcOPMetaDataOptionsDisplayParams": "Display",
"oidcOPMetaDataOptionsIcon": "Logo",
"oidcOPMetaDataOptionsJWKSTimeout": "JWKS data timeout",
"oidcRPMetaDataOptionsLogoutSessionRequired": "Session required",
"oidcRPMetaDataOptionsLogoutType": "Type",
"oidcRPMetaDataOptionsLogoutUrl": "URL",
"oidcOPMetaDataOptionsProtocol": "Protocol",
"oidcOPMetaDataOptionsScope": "Scope",
"oidcOPMetaDataOptionsStoreIDToken": "Store ID Token",

View File

@ -422,6 +422,9 @@
"oidcOPMetaDataOptionsDisplayParams": "Affichage",
"oidcOPMetaDataOptionsIcon": "Logo",
"oidcOPMetaDataOptionsJWKSTimeout": "Durée de vie des données JWKS",
"oidcRPMetaDataOptionsLogoutSessionRequired": "Session requise",
"oidcRPMetaDataOptionsLogoutType": "Type",
"oidcRPMetaDataOptionsLogoutUrl": "URL",
"oidcOPMetaDataOptionsProtocol": "Protocole",
"oidcOPMetaDataOptionsScope": "Étendue",
"oidcOPMetaDataOptionsStoreIDToken": "Conserver le jeton d'identité",