From 47c227246b35f53d6acc8f487a99c8561796b524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Tue, 13 Sep 2016 13:40:02 +0000 Subject: [PATCH] Port option to store ID token in trunk (#1083) --- .../Lemonldap/NG/Common/Conf/DefaultValues.pm | 1 + .../lib/Lemonldap/NG/Manager/Attributes.pm | 4 ++++ .../Lemonldap/NG/Manager/Build/Attributes.pm | 5 +++-- .../lib/Lemonldap/NG/Manager/Build/CTrees.pm | 3 ++- .../lib/Lemonldap/NG/Manager/Constants.pm | 2 +- lemonldap-ng-manager/site/static/js/conftree.js | 7 +++++++ .../site/static/js/conftree.min.js | 2 +- .../site/static/languages/en.json | 1 + .../site/static/languages/fr.json | 1 + .../Lemonldap/NG/Portal/AuthOpenIDConnect.pm | 17 +++++++++++++++-- 10 files changed, 36 insertions(+), 7 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index 5c27ef680..9674ef2b3 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -160,6 +160,7 @@ sub defaultValues { 'oidcOPMetaDataOptionsJWKSTimeout' => 0, 'oidcOPMetaDataOptionsMaxAge' => 0, 'oidcOPMetaDataOptionsScope' => 'openid profile', + 'oidcOPMetaDataOptionsStoreIDToken' => 0, 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => 'client_secret_post', 'oidcOPMetaDataOptionsUseNonce' => 1, 'oidcRPCallbackGetParam' => 'openidconnectcallback', diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index 92097fa75..da2597df4 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -1483,6 +1483,10 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'default' => 'openid profile', 'type' => 'text' }, + 'oidcOPMetaDataOptionsStoreIDToken' => { + 'default' => 0, + 'type' => 'bool' + }, 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => { 'default' => 'client_secret_post', 'select' => [ diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index cc97d3a9f..40d10fecc 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -2376,8 +2376,9 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: { type => 'bool', default => 1 }, oidcOPMetaDataOptionsIDTokenMaxAge => { type => 'int', default => 30 }, oidcOPMetaDataOptionsUseNonce => { type => 'bool', default => 1 }, - oidcOPMetaDataOptionsDisplayName => { type => 'text', }, - oidcOPMetaDataOptionsIcon => { type => 'text', }, + oidcOPMetaDataOptionsDisplayName => { type => 'text', }, + oidcOPMetaDataOptionsIcon => { type => 'text', }, + oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 }, # OpenID Connect relying parties oidcRPMetaDataExportedVars => { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index cf016a6b7..a2073fe54 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -136,7 +136,8 @@ sub cTrees { 'oidcOPMetaDataOptionsConfigurationURI', 'oidcOPMetaDataOptionsJWKSTimeout', 'oidcOPMetaDataOptionsClientID', - 'oidcOPMetaDataOptionsClientSecret' + 'oidcOPMetaDataOptionsClientSecret', + 'oidcOPMetaDataOptionsStoreIDToken' ] }, { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm index 0df60130d..8a8a30928 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm @@ -24,7 +24,7 @@ our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession' our $doubleHashKeys = 'issuerDBGetParameters'; our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))'; our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s'; -our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|(?:MaxAg|Scop)e|AcrValues)|ExportedVars|J(?:SON|WKS))'; +our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))'; our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)'; our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)'; our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)'; diff --git a/lemonldap-ng-manager/site/static/js/conftree.js b/lemonldap-ng-manager/site/static/js/conftree.js index dcdf11bfe..8724cc2d2 100644 --- a/lemonldap-ng-manager/site/static/js/conftree.js +++ b/lemonldap-ng-manager/site/static/js/conftree.js @@ -80,6 +80,13 @@ function templates(tpl,key) { "id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsClientSecret", "title" : "oidcOPMetaDataOptionsClientSecret", "type" : "password" + }, + { + "default" : 0, + "get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsStoreIDToken", + "id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsStoreIDToken", + "title" : "oidcOPMetaDataOptionsStoreIDToken", + "type" : "bool" } ], "id" : "oidcOPMetaDataOptionsConfiguration", diff --git a/lemonldap-ng-manager/site/static/js/conftree.min.js b/lemonldap-ng-manager/site/static/js/conftree.min.js index acb4bb293..18f1bebf3 100644 --- a/lemonldap-ng-manager/site/static/js/conftree.min.js +++ b/lemonldap-ng-manager/site/static/js/conftree.min.js @@ -1 +1 @@ -function templates(b,c){var d;var a=function(e){return{id:b+"s/"+(d++),title:e,get:b+"s/"+c+"/"+e}};switch(b){case"oidcOPMetaDataNode":return[{get:b+"s/"+c+"/oidcOPMetaDataJSON",id:b+"s/"+c+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:b+"s/"+c+"/oidcOPMetaDataJWKS",id:b+"s/"+c+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:b+"s/"+c+"/oidcOPMetaDataExportedVars","default":[{data:"name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",id:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",id:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{"default":"openid profile",get:b+"s/"+c+"/oidcOPMetaDataOptionsScope",id:b+"s/"+c+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{"default":"",get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",id:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",id:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",id:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{"default":"client_secret_post",get:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",id:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{"default":30,get:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",id:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"}];case"oidcRPMetaDataNode":return[{cnodes:b+"s/"+c+"/oidcRPMetaDataExportedVars","default":[{data:"mail",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/email",title:"email",type:"keyText"},{data:"sn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"keyText"},{data:"cn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/name",title:"name",type:"keyText"}],id:b+"s/"+c+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"}],id:"oidcRPMetaDataOptionsAuthentication",title:"oidcRPMetaDataOptionsAuthentication",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",id:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{"default":"HS512",get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",id:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"},{cnodes:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",id:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"}],id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"}];case"samlIDPMetaDataNode":return[{get:b+"s/"+c+"/samlIDPMetaDataXML",id:b+"s/"+c+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlIDPMetaDataExportedAttributes","default":[],help:"authsaml.html#exported_attributes",id:b+"s/"+c+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",id:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",id:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",id:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"},{k:"artifact-get",v:"Artifact GET"},{k:"artifact-post",v:"Artifact POST"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"},{k:"artifact-get",v:"Artifact GET"},{k:"artifact-post",v:"Artifact POST"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckConditions",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckConditions",title:"samlIDPMetaDataOptionsCheckConditions",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:b+"s/"+c+"/samlSPMetaDataXML",id:b+"s/"+c+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlSPMetaDataExportedAttributes","default":[],help:"idpsaml.html#exported_attributes",id:b+"s/"+c+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{"default":"",get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",id:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"}];case"virtualHost":return[{cnodes:b+"s/"+c+"/locationRules","default":[{data:"deny",id:b+"s/"+c+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:b+"s/"+c+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:b+"s/"+c+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:b+"s/"+c+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:b+"s/"+c+"/post",help:"formreplay.html",id:b+"s/"+c+"/post",title:"post",type:"postContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/vhostPort",id:b+"s/"+c+"/vhostPort",title:"vhostPort",type:"int"},{"default":-1,get:b+"s/"+c+"/vhostHttps",id:b+"s/"+c+"/vhostHttps",title:"vhostHttps",type:"trool"},{"default":0,get:b+"s/"+c+"/vhostMaintenance",id:b+"s/"+c+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{get:b+"s/"+c+"/vhostAliases",id:b+"s/"+c+"/vhostAliases",title:"vhostAliases"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions"}];default:return[]}}function setScopeVars(a){a.portal=a.data[0]._nodes[0]._nodes[0];a.getKey(a.portal);a.domain=a.data[0]._nodes[4]._nodes[1];a.getKey(a.domain)}; \ No newline at end of file +function templates(b,c){var d;var a=function(e){return{id:b+"s/"+(d++),title:e,get:b+"s/"+c+"/"+e}};switch(b){case"oidcOPMetaDataNode":return[{get:b+"s/"+c+"/oidcOPMetaDataJSON",id:b+"s/"+c+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:b+"s/"+c+"/oidcOPMetaDataJWKS",id:b+"s/"+c+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:b+"s/"+c+"/oidcOPMetaDataExportedVars","default":[{data:"name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",id:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",id:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",id:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{"default":"openid profile",get:b+"s/"+c+"/oidcOPMetaDataOptionsScope",id:b+"s/"+c+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{"default":"",get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",id:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",id:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",id:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{"default":"client_secret_post",get:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",id:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{"default":30,get:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",id:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"}];case"oidcRPMetaDataNode":return[{cnodes:b+"s/"+c+"/oidcRPMetaDataExportedVars","default":[{data:"mail",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/email",title:"email",type:"keyText"},{data:"sn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"keyText"},{data:"cn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/name",title:"name",type:"keyText"}],id:b+"s/"+c+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"}],id:"oidcRPMetaDataOptionsAuthentication",title:"oidcRPMetaDataOptionsAuthentication",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",id:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{"default":"HS512",get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",id:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"},{cnodes:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",id:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"}],id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"}];case"samlIDPMetaDataNode":return[{get:b+"s/"+c+"/samlIDPMetaDataXML",id:b+"s/"+c+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlIDPMetaDataExportedAttributes","default":[],help:"authsaml.html#exported_attributes",id:b+"s/"+c+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",id:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",id:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",id:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"},{k:"artifact-get",v:"Artifact GET"},{k:"artifact-post",v:"Artifact POST"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"},{k:"artifact-get",v:"Artifact GET"},{k:"artifact-post",v:"Artifact POST"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckConditions",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckConditions",title:"samlIDPMetaDataOptionsCheckConditions",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:b+"s/"+c+"/samlSPMetaDataXML",id:b+"s/"+c+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlSPMetaDataExportedAttributes","default":[],help:"idpsaml.html#exported_attributes",id:b+"s/"+c+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{"default":"",get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",id:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"}];case"virtualHost":return[{cnodes:b+"s/"+c+"/locationRules","default":[{data:"deny",id:b+"s/"+c+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:b+"s/"+c+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:b+"s/"+c+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:b+"s/"+c+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:b+"s/"+c+"/post",help:"formreplay.html",id:b+"s/"+c+"/post",title:"post",type:"postContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/vhostPort",id:b+"s/"+c+"/vhostPort",title:"vhostPort",type:"int"},{"default":-1,get:b+"s/"+c+"/vhostHttps",id:b+"s/"+c+"/vhostHttps",title:"vhostHttps",type:"trool"},{"default":0,get:b+"s/"+c+"/vhostMaintenance",id:b+"s/"+c+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{get:b+"s/"+c+"/vhostAliases",id:b+"s/"+c+"/vhostAliases",title:"vhostAliases"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions"}];default:return[]}}function setScopeVars(a){a.portal=a.data[0]._nodes[0]._nodes[0];a.getKey(a.portal);a.domain=a.data[0]._nodes[4]._nodes[1];a.getKey(a.domain)}; \ No newline at end of file diff --git a/lemonldap-ng-manager/site/static/languages/en.json b/lemonldap-ng-manager/site/static/languages/en.json index 0a0a32b5e..7b97b465f 100644 --- a/lemonldap-ng-manager/site/static/languages/en.json +++ b/lemonldap-ng-manager/site/static/languages/en.json @@ -394,6 +394,7 @@ "oidcOPMetaDataOptionsJWKSTimeout": "JWKS data timeout", "oidcOPMetaDataOptionsProtocol": "Protocol", "oidcOPMetaDataOptionsScope": "Scope", +"oidcOPMetaDataOptionsStoreIDToken": "Store ID Token", "oidcOPMetaDataOptionsTokenEndpointAuthMethod": "Token endpoint authentication method", "oidcOPName": "OpenID Connect Provider Name", "oidcParams": "OpenID Connect parameters", diff --git a/lemonldap-ng-manager/site/static/languages/fr.json b/lemonldap-ng-manager/site/static/languages/fr.json index a7707a4cb..68af82c9c 100644 --- a/lemonldap-ng-manager/site/static/languages/fr.json +++ b/lemonldap-ng-manager/site/static/languages/fr.json @@ -394,6 +394,7 @@ "oidcOPMetaDataOptionsJWKSTimeout": "Durée de vie des données JWKS", "oidcOPMetaDataOptionsProtocol": "Protocole", "oidcOPMetaDataOptionsScope": "Étendue", +"oidcOPMetaDataOptionsStoreIDToken": "Conserver le jeton d'identité", "oidcOPMetaDataOptionsTokenEndpointAuthMethod": "Méthode d'authentification pour l'accès aux jetons", "oidcOPName": "Nom du fournisseur OpenID Connect", "oidcParams": "Paramètres OpenID Connect", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm index e3a4a2100..ad6bd0925 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm @@ -29,14 +29,27 @@ sub authInit { # @return Lemonldap::NG::Portal constant sub setAuthSessionInfo { my $self = shift; + my $op = $self->{_oidcOPCurrent}; $self->{sessionInfo}->{'_user'} = $self->{user}; $self->{sessionInfo}->{authenticationLevel} = $self->{oidcAuthnLevel}; - $self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent}; + $self->{sessionInfo}->{OpenIDConnect_OP} = $op; $self->{sessionInfo}->{OpenIDConnect_access_token} = $self->{tmp}->{access_token}; - $self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{id_token}; + + # Keep ID Token in session + my $store_IDToken = + $self->{oidcOPMetaDataOptions}->{$op} + ->{oidcOPMetaDataOptionsStoreIDToken}; + if ($store_IDToken) { + $self->lmLog( "Store ID Token in session", 'debug' ); + $self->{sessionInfo}->{OpenIDConnect_IDToken} = + $self->{tmp}->{id_token}; + } + else { + $self->lmLog( "ID Token will not be stored in session", 'debug' ); + } PE_OK; }