Port option to store ID token in trunk (#1083)
This commit is contained in:
parent
5d2be9a418
commit
47c227246b
|
@ -160,6 +160,7 @@ sub defaultValues {
|
|||
'oidcOPMetaDataOptionsJWKSTimeout' => 0,
|
||||
'oidcOPMetaDataOptionsMaxAge' => 0,
|
||||
'oidcOPMetaDataOptionsScope' => 'openid profile',
|
||||
'oidcOPMetaDataOptionsStoreIDToken' => 0,
|
||||
'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => 'client_secret_post',
|
||||
'oidcOPMetaDataOptionsUseNonce' => 1,
|
||||
'oidcRPCallbackGetParam' => 'openidconnectcallback',
|
||||
|
|
|
@ -1483,6 +1483,10 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
|
|||
'default' => 'openid profile',
|
||||
'type' => 'text'
|
||||
},
|
||||
'oidcOPMetaDataOptionsStoreIDToken' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => {
|
||||
'default' => 'client_secret_post',
|
||||
'select' => [
|
||||
|
|
|
@ -2376,8 +2376,9 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
{ type => 'bool', default => 1 },
|
||||
oidcOPMetaDataOptionsIDTokenMaxAge => { type => 'int', default => 30 },
|
||||
oidcOPMetaDataOptionsUseNonce => { type => 'bool', default => 1 },
|
||||
oidcOPMetaDataOptionsDisplayName => { type => 'text', },
|
||||
oidcOPMetaDataOptionsIcon => { type => 'text', },
|
||||
oidcOPMetaDataOptionsDisplayName => { type => 'text', },
|
||||
oidcOPMetaDataOptionsIcon => { type => 'text', },
|
||||
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
|
||||
|
||||
# OpenID Connect relying parties
|
||||
oidcRPMetaDataExportedVars => {
|
||||
|
|
|
@ -136,7 +136,8 @@ sub cTrees {
|
|||
'oidcOPMetaDataOptionsConfigurationURI',
|
||||
'oidcOPMetaDataOptionsJWKSTimeout',
|
||||
'oidcOPMetaDataOptionsClientID',
|
||||
'oidcOPMetaDataOptionsClientSecret'
|
||||
'oidcOPMetaDataOptionsClientSecret',
|
||||
'oidcOPMetaDataOptionsStoreIDToken'
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
|
@ -24,7 +24,7 @@ our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession'
|
|||
our $doubleHashKeys = 'issuerDBGetParameters';
|
||||
our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
|
||||
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|(?:MaxAg|Scop)e|AcrValues)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
|
||||
|
|
|
@ -80,6 +80,13 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsClientSecret",
|
||||
"title" : "oidcOPMetaDataOptionsClientSecret",
|
||||
"type" : "password"
|
||||
},
|
||||
{
|
||||
"default" : 0,
|
||||
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsStoreIDToken",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsStoreIDToken",
|
||||
"title" : "oidcOPMetaDataOptionsStoreIDToken",
|
||||
"type" : "bool"
|
||||
}
|
||||
],
|
||||
"id" : "oidcOPMetaDataOptionsConfiguration",
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -394,6 +394,7 @@
|
|||
"oidcOPMetaDataOptionsJWKSTimeout": "JWKS data timeout",
|
||||
"oidcOPMetaDataOptionsProtocol": "Protocol",
|
||||
"oidcOPMetaDataOptionsScope": "Scope",
|
||||
"oidcOPMetaDataOptionsStoreIDToken": "Store ID Token",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod": "Token endpoint authentication method",
|
||||
"oidcOPName": "OpenID Connect Provider Name",
|
||||
"oidcParams": "OpenID Connect parameters",
|
||||
|
|
|
@ -394,6 +394,7 @@
|
|||
"oidcOPMetaDataOptionsJWKSTimeout": "Durée de vie des données JWKS",
|
||||
"oidcOPMetaDataOptionsProtocol": "Protocole",
|
||||
"oidcOPMetaDataOptionsScope": "Étendue",
|
||||
"oidcOPMetaDataOptionsStoreIDToken": "Conserver le jeton d'identité",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod": "Méthode d'authentification pour l'accès aux jetons",
|
||||
"oidcOPName": "Nom du fournisseur OpenID Connect",
|
||||
"oidcParams": "Paramètres OpenID Connect",
|
||||
|
|
|
@ -29,14 +29,27 @@ sub authInit {
|
|||
# @return Lemonldap::NG::Portal constant
|
||||
sub setAuthSessionInfo {
|
||||
my $self = shift;
|
||||
my $op = $self->{_oidcOPCurrent};
|
||||
|
||||
$self->{sessionInfo}->{'_user'} = $self->{user};
|
||||
$self->{sessionInfo}->{authenticationLevel} = $self->{oidcAuthnLevel};
|
||||
|
||||
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
|
||||
$self->{sessionInfo}->{OpenIDConnect_OP} = $op;
|
||||
$self->{sessionInfo}->{OpenIDConnect_access_token} =
|
||||
$self->{tmp}->{access_token};
|
||||
$self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{id_token};
|
||||
|
||||
# Keep ID Token in session
|
||||
my $store_IDToken =
|
||||
$self->{oidcOPMetaDataOptions}->{$op}
|
||||
->{oidcOPMetaDataOptionsStoreIDToken};
|
||||
if ($store_IDToken) {
|
||||
$self->lmLog( "Store ID Token in session", 'debug' );
|
||||
$self->{sessionInfo}->{OpenIDConnect_IDToken} =
|
||||
$self->{tmp}->{id_token};
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "ID Token will not be stored in session", 'debug' );
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user