diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm index 3a1dc0a17..a211e9f86 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm @@ -325,12 +325,16 @@ sub cstruct { }, oidcRPMetaDataOptions => { _nodes => [ - qw(oidcRPMetaDataOptionsClientID oidcRPMetaDataOptionsClientSecret) + qw(oidcRPMetaDataOptionsClientID oidcRPMetaDataOptionsClientSecret oidcRPMetaDataOptionsDisplayName oidcRPMetaDataOptionsIcon) ], oidcRPMetaDataOptionsClientID => "text:/oidcRPMetaDataOptions/$k2/oidcRPMetaDataOptionsClientID", oidcRPMetaDataOptionsClientSecret => "password:/oidcRPMetaDataOptions/$k2/oidcRPMetaDataOptionsClientSecret", + oidcRPMetaDataOptionsDisplayName => +"text:/oidcRPMetaDataOptions/$k2/oidcRPMetaDataOptionsDisplayName", + oidcRPMetaDataOptionsIcon => +"text:/oidcRPMetaDataOptions/$k2/oidcRPMetaDataOptionsIcon", }, }, }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm index 84f1faf32..c93e3dfe1 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm @@ -291,6 +291,8 @@ sub en { oidcRPMetaDataOptions => 'Options', oidcRPMetaDataOptionsClientID => 'Client ID', oidcRPMetaDataOptionsClientSecret => 'Client secret', + oidcRPMetaDataOptionsDisplayName => 'Display name', + oidcRPMetaDataOptionsIcon => 'Logo', oidcRPStateTimeout => 'State session timeout', oidcServiceMetaData => 'OpenID Connect Service', oidcServiceMetaDataAuthorizeURI => 'Autorization', @@ -840,6 +842,8 @@ sub fr { oidcRPMetaDataOptions => 'Options', oidcRPMetaDataOptionsClientID => 'Identifiant', oidcRPMetaDataOptionsClientSecret => 'Mot de passe', + oidcRPMetaDataOptionsDisplayName => 'Nom d\'affichage', + oidcRPMetaDataOptionsIcon => 'Logo', oidcRPStateTimeout => 'Durée d\'une session state', oidcServiceMetaData => "Service OpenID Connect", oidcServiceMetaDataAuthorizeURI => "Autorisation", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm index cbaa6e0d2..bf8153c3c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm @@ -208,7 +208,7 @@ sub issuerForAuthUser { $self->lmLog( "URL $url detected as an OpenID Connect AUTHORIZE URL", 'debug' ); - # Get parameters + # Get and save parameters my $oidc_request = {}; foreach my $param (qw/response_type scope client_id state redirect_uri/) { @@ -217,6 +217,7 @@ sub issuerForAuthUser { $self->lmLog( "OIDC request parameter $param: " . $oidc_request->{$param}, 'debug' ); + $self->setHiddenFormValue( $param, $oidc_request->{$param} ); } # TODO check all required parameters @@ -259,7 +260,52 @@ sub issuerForAuthUser { ); } - # TODO obtain consent + # Obtain consent + if ( $self->{sessionInfo}->{"_oidc_consent_$rp"} ) { + $self->lmLog( "Consent already given for Relaying Party $rp", + 'debug' ); + } + else { + if ( $self->param('confirm') == 1 ) { + $self->updatePersistentSession( + { "_oidc_consent_$rp" => time } ); + $self->lmLog( "Consent given for Relaying Party $rp", + 'debug' ); + } + else { + $self->lmLog( "Obtain user consent for Relaying Party $rp", + 'debug' ); + + my $display_name = $self->{oidcRPMetaDataOptions}->{$rp} + ->{oidcRPMetaDataOptionsDisplayName}; + my $icon = $self->{oidcRPMetaDataOptions}->{$rp} + ->{oidcRPMetaDataOptionsIcon}; + my $portalPath = $self->{portal}; + $portalPath =~ s#^https?://[^/]+/?#/#; + $portalPath =~ s#[^/]+\.pl$##; + + $self->info('
'); + $self->info( '' ) + if $icon; + $self->info( '

' + . sprintf( $self->msg(PM_OIDC_CONSENT), + $display_name ) + . '

' ); + $self->info(''); + $self->info('
'); + $self->{activeTimer} = 0; + return PE_CONFIRM; + } + } # Prepare response my $response_url = $oidc_request->{'redirect_uri'}; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm index 585fc7cbe..7710da2dc 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm @@ -184,6 +184,7 @@ use constant { PM_ERROR_MSG => 21, PM_LAST_LOGINS => 22, PM_LAST_FAILED_LOGINS => 23, + PM_OIDC_CONSENT => 24, }; # EXPORTER PARAMETERS @@ -213,7 +214,7 @@ our @EXPORT = qw( PE_IMG_NOK PE_IMG_OK PE_INFO PE_REDIRECT PE_DONE PE_OK PM_SAML_IDPSELECT PM_SAML_IDPCHOOSEN PM_REMEMBERCHOICE PM_SAML_SPLOGOUT PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL PM_LOGOUT PM_OPENID_EXCHANGE PM_CDC_WRITER PM_OPENID_RPNS PM_OPENID_PA PM_OPENID_AP PM_ERROR_MSG - PM_LAST_LOGINS PM_LAST_FAILED_LOGINS + PM_LAST_LOGINS PM_LAST_FAILED_LOGINS PM_OIDC_CONSENT ); our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm index 69ab0213b..49ac9bebc 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm @@ -426,6 +426,7 @@ sub error_ro { # * PM_ERROR_MSG 21 # * PM_LAST_LOGINS 22 # * PM_LAST_FAILED_LOGINS 23 +# * PM_OIDC_CONSENT 24 sub msg_en { use utf8; @@ -454,6 +455,7 @@ sub msg_en { 'Error Message', 'Your last logins', 'Your last failed logins', + 'Application %s would like to know:', ]; } @@ -484,6 +486,7 @@ sub msg_fr { 'Message d\'erreur', 'Vos dernières connexions', 'Vos dernières connexions refusées', + 'L\'application %s voudrait connaître :', ]; }