Add OP resolution rules (#2753)

2022-05-18 00:03:23 +02:00 · 2022-05-18 00:03:23 +02:00 · 3428cb981f
parent 8b968b5096
commit 3428cb981f
2 changed files with 30 additions and 6 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
@ -249,14 +249,23 @@ sub extractFormInfo {
        else {
-            # IDP list
+            # Try to use OP resolution ruls
-            my $portalPath = $self->{conf}->{portal};
+            foreach ( keys %{ $self->opRules } ) {
-            $portalPath =~ s#^https?://[^/]+/?#/#;
+                my $cond = $self->opRules->{$_} or next;
                if ( $cond->( $req, $req->sessionInfo ) ) {
                    $self->logger->debug("OP $_ selected from resolution rule");
                    $op = $_;
                    last;
                }
            }
-            $req->data->{list} = $self->opList;
+            unless ($op) {
-            $req->data->{login} = 1;
+                # display OP list
-            return PE_IDPCHOICE;
+                $req->data->{list}  = $self->opList;
                $req->data->{login} = 1;
                return PE_IDPCHOICE;
            }
        }
    }
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
@ -41,6 +41,7 @@ use constant OIDC_SCOPES => [qw/openid profile email address phone/];
 has oidcOPList   => ( is => 'rw', default => sub { {} }, );
 has oidcRPList   => ( is => 'rw', default => sub { {} }, );
 has rpAttributes => ( is => 'rw', default => sub { {} }, );
 has opRules      => ( is => 'rw', default => sub { {} } );
 has spRules      => ( is => 'rw', default => sub { {} } );
 has spMacros     => ( is => 'rw', default => sub { {} } );
 has spScopeRules => ( is => 'rw', default => sub { {} } );
@ -90,6 +91,20 @@ sub loadOPs {
        $self->oidcOPList->{$_}->{jwks} =
          $self->decodeJSON( $self->conf->{oidcOPMetaDataJWKS}->{$_} );
    }
    # Set rule
    foreach ( keys %{ $self->conf->{oidcOPMetaDataOptions} } ) {
        my $cond = $self->conf->{oidcOPMetaDataOptions}->{$_}
          ->{oidcOPMetaDataOptionsResolutionRule};
        if ( length $cond ) {
            my $rule_sub =
              $self->p->buildRule( $cond, "OIDC provider resolution" );
            if ($rule_sub) {
                $self->opRules->{$_} = $rule_sub;
            }
        }
    }
    return 1;
 }