Add OIDC logout parameters (#1032)
This commit is contained in:
Xavier Guimard
parent
179f6e0381
commit
2ec0f3ce6f
|
|
@ -23,7 +23,7 @@ our $doubleHashKeys = 'issuerDBGetParameters';
|
|||
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList)|SSLVarIf)';
|
||||
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
|
||||
our $virtualHostKeys = '(?:vhost(?:(?:Maintenanc|Typ)e|(?:Aliase|Http)s|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
|
|
|||
|
|
@ -1686,6 +1686,26 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
|
|||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'oidcRPMetaDataOptionsLogoutSessionRequired' => {
|
||||
'type' => 'bool'
|
||||
},
|
||||
'oidcRPMetaDataOptionsLogoutType' => {
|
||||
'default' => 'front',
|
||||
'select' => [
|
||||
{
|
||||
'k' => 'front',
|
||||
'v' => 'Front Channel'
|
||||
},
|
||||
{
|
||||
'k' => 'back',
|
||||
'v' => 'Back Channel'
|
||||
}
|
||||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'oidcRPMetaDataOptionsLogoutUrl' => {
|
||||
'type' => 'url'
|
||||
},
|
||||
'oidcRPMetaDataOptionsRedirectUris' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
|
|||
|
|
@ -2509,7 +2509,23 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
{ type => 'keyTextContainer', default => {} },
|
||||
oidcRPMetaDataOptionsBypassConsent =>
|
||||
{ type => 'bool', help => 'openidconnectclaims.html', default => 0 },
|
||||
|
||||
oidcRPMetaDataOptionsLogoutUrl => {
|
||||
type => 'url',
|
||||
documentation => 'Logout URL',
|
||||
},
|
||||
oidcRPMetaDataOptionsLogoutType => {
|
||||
type => 'select',
|
||||
select => [
|
||||
{ k => 'front', v => 'Front Channel' },
|
||||
{ k => 'back', v => 'Back Channel' },
|
||||
],
|
||||
default => 'front',
|
||||
documentation => 'Logout type',
|
||||
},
|
||||
oidcRPMetaDataOptionsLogoutSessionRequired => {
|
||||
type => 'bool',
|
||||
documentation => 'Session required for logout',
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -199,6 +199,15 @@ sub cTrees {
|
|||
'oidcRPMetaDataOptionsAccessTokenExpiration',
|
||||
'oidcRPMetaDataOptionsRedirectUris',
|
||||
'oidcRPMetaDataOptionsBypassConsent',
|
||||
{
|
||||
title => 'logout',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcRPMetaDataOptionsLogoutUrl',
|
||||
'oidcRPMetaDataOptionsLogoutType',
|
||||
'oidcRPMetaDataOptionsLogoutSessionRequired',
|
||||
]
|
||||
},
|
||||
]
|
||||
},
|
||||
'oidcRPMetaDataOptionsExtraClaims',
|
||||
|
|
|
|||
|
|
@ -351,6 +351,41 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsBypassConsent",
|
||||
"title" : "oidcRPMetaDataOptionsBypassConsent",
|
||||
"type" : "bool"
|
||||
},
|
||||
{
|
||||
"_nodes" : [
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutUrl",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutUrl",
|
||||
"title" : "oidcRPMetaDataOptionsLogoutUrl"
|
||||
},
|
||||
{
|
||||
"default" : "front",
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutType",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutType",
|
||||
"select" : [
|
||||
{
|
||||
"k" : "front",
|
||||
"v" : "Front Channel"
|
||||
},
|
||||
{
|
||||
"k" : "back",
|
||||
"v" : "Back Channel"
|
||||
}
|
||||
],
|
||||
"title" : "oidcRPMetaDataOptionsLogoutType",
|
||||
"type" : "select"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutSessionRequired",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutSessionRequired",
|
||||
"title" : "oidcRPMetaDataOptionsLogoutSessionRequired",
|
||||
"type" : "bool"
|
||||
}
|
||||
],
|
||||
"id" : "logout",
|
||||
"title" : "logout",
|
||||
"type" : "simpleInputContainer"
|
||||
}
|
||||
],
|
||||
"id" : "oidcRPMetaDataOptions",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -422,6 +422,9 @@
|
|||
"oidcOPMetaDataOptionsDisplayParams": "Display",
|
||||
"oidcOPMetaDataOptionsIcon": "Logo",
|
||||
"oidcOPMetaDataOptionsJWKSTimeout": "JWKS data timeout",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired": "Session required",
|
||||
"oidcRPMetaDataOptionsLogoutType": "Type",
|
||||
"oidcRPMetaDataOptionsLogoutUrl": "URL",
|
||||
"oidcOPMetaDataOptionsProtocol": "Protocol",
|
||||
"oidcOPMetaDataOptionsScope": "Scope",
|
||||
"oidcOPMetaDataOptionsStoreIDToken": "Store ID Token",
|
||||
|
|
|
|||
|
|
@ -422,6 +422,9 @@
|
|||
"oidcOPMetaDataOptionsDisplayParams": "Affichage",
|
||||
"oidcOPMetaDataOptionsIcon": "Logo",
|
||||
"oidcOPMetaDataOptionsJWKSTimeout": "Durée de vie des données JWKS",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired": "Session requise",
|
||||
"oidcRPMetaDataOptionsLogoutType": "Type",
|
||||
"oidcRPMetaDataOptionsLogoutUrl": "URL",
|
||||
"oidcOPMetaDataOptionsProtocol": "Protocole",
|
||||
"oidcOPMetaDataOptionsScope": "Étendue",
|
||||
"oidcOPMetaDataOptionsStoreIDToken": "Conserver le jeton d'identité",
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user