Add option to only allow declared oidc scopes (#2496)
This commit is contained in:
parent
55cdfefd7b
commit
50225ce438
|
@ -31,7 +31,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
|
|||
);
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|heck(?:DevOps(?:Download)?|State|User|XSS)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|heck(?:DevOps(?:Download)?|State|User|XSS)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
@ -69,6 +69,6 @@ our $issuerParameters = {
|
|||
issuerOptions => [qw(issuersTimeout)],
|
||||
};
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
|
||||
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAuthorizationCodeExpiration oidcServiceAccessTokenExpiration oidcServiceIDTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims)];
|
||||
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowOnlyDeclaredScopes oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAuthorizationCodeExpiration oidcServiceAccessTokenExpiration oidcServiceIDTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims)];
|
||||
|
||||
1;
|
||||
|
|
|
@ -2484,6 +2484,10 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'oidcServiceAllowOnlyDeclaredScopes' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'oidcServiceAuthorizationCodeExpiration' => {
|
||||
'default' => 60,
|
||||
'type' => 'int'
|
||||
|
|
|
@ -4087,6 +4087,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
default => 0,
|
||||
documentation => 'OpenID Connect allow dynamic client registration',
|
||||
},
|
||||
oidcServiceAllowOnlyDeclaredScopes => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
documentation => 'OpenID Connect allow only declared scopes',
|
||||
},
|
||||
oidcServiceAllowAuthorizationCodeFlow => {
|
||||
type => 'bool',
|
||||
default => 1,
|
||||
|
|
|
@ -1326,6 +1326,7 @@ sub tree {
|
|||
],
|
||||
},
|
||||
'oidcServiceAllowDynamicRegistration',
|
||||
'oidcServiceAllowOnlyDeclaredScopes',
|
||||
'oidcServiceAllowAuthorizationCodeFlow',
|
||||
'oidcServiceAllowImplicitFlow',
|
||||
'oidcServiceAllowHybridFlow',
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"تدفق هجين",
|
||||
"oidcServiceAllowImplicitFlow":"التدفق الضمني",
|
||||
"oidcServiceAllowOffline":"Allow offline access",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"خدمة أل يو أر ل",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Hybrid Flow",
|
||||
"oidcServiceAllowImplicitFlow":"Implicit Flow",
|
||||
"oidcServiceAllowOffline":"Allow offline access",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"Service URL",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Hybrid Flow",
|
||||
"oidcServiceAllowImplicitFlow":"Implicit Flow",
|
||||
"oidcServiceAllowOffline":"Allow offline access",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Flujo híbrido",
|
||||
"oidcServiceAllowImplicitFlow":"Flujo implícito",
|
||||
"oidcServiceAllowOffline":"Permitir acceso offline",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Caducidad del código de autorización",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Variables exportadas para registro dinámico",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"Service URL",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Hybrid Flow",
|
||||
"oidcServiceAllowImplicitFlow":"Implicit Flow",
|
||||
"oidcServiceAllowOffline":"Autoriser l'accès hors ligne",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"N'autoriser que les scopes déclarés",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Expiration des codes d'autorisation",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Variables exportées pour l'enregistrement dynamique",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Claims supplémentaires pour l'enregistrement dynamique",
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Flusso ibrido",
|
||||
"oidcServiceAllowImplicitFlow":"Flusso implicito",
|
||||
"oidcServiceAllowOffline":"Allow offline access",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"URL del servizio",
|
||||
"yubikey2fUserCanRemoveKey":"Autorizza l'utente a rimuovere la Yubikey",
|
||||
"zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Przepływ hybrydowy",
|
||||
"oidcServiceAllowImplicitFlow":"Implikowany przepływ",
|
||||
"oidcServiceAllowOffline":"Zezwalaj na dostęp offline",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Wygaśnięcie kodu autoryzacji",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Zmienne wyeksportowane do dynamicznej rejestracji",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Dodatkowe roszczenia dotyczące rejestracji dynamicznej",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"URL usługi",
|
||||
"yubikey2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć Yubikey",
|
||||
"zeroConfExplanations":"Serwer nie ma konfiguracji. Użyj szablonu, aby zapisać pierwszy."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Hibrit Akış",
|
||||
"oidcServiceAllowImplicitFlow":"Kapalı Akış",
|
||||
"oidcServiceAllowOffline":"Çevrimdışı erişime izin ver",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Yetkilendirme Kodu sona erme",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Dinamik kayıtlanma için dışa aktarılan değişkenler",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Dinamik kayıtlanma için ekstra talepler",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"Servis URL'si",
|
||||
"yubikey2fUserCanRemoveKey":"Yubikey'i kaldırmak için kullanıcıya izin ver",
|
||||
"zeroConfExplanations":"Sunucunun yapılandırması yok. Şimdi bir tane kaydetmek için şablonu kullanın."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Dòng chảy hỗn hợp",
|
||||
"oidcServiceAllowImplicitFlow":"Dòng chảy ngầm",
|
||||
"oidcServiceAllowOffline":"Allow offline access",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"Dịch vụ URL",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. "
|
||||
}
|
||||
}
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"Hybrid Flow",
|
||||
"oidcServiceAllowImplicitFlow":"Implicit Flow",
|
||||
"oidcServiceAllowOffline":"Allow offline access",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"Service URL",
|
||||
"yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
|
||||
"zeroConfExplanations":"Server has no configuration. Use template to save the first."
|
||||
}
|
||||
}
|
||||
|
|
|
@ -695,6 +695,7 @@
|
|||
"oidcServiceAllowHybridFlow":"混合流程",
|
||||
"oidcServiceAllowImplicitFlow":"內含流程",
|
||||
"oidcServiceAllowOffline":"允許離線存取",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"授權碼到期",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"用於動態註冊的已匯出變數",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"動態註冊的額外聲明",
|
||||
|
@ -1205,4 +1206,4 @@
|
|||
"yubikey2fUrl":"服務 URL",
|
||||
"yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey",
|
||||
"zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。"
|
||||
}
|
||||
}
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -600,7 +600,7 @@ LemonLDAP::NG Portal jQuery scripts
|
|||
event.preventDefault();
|
||||
document.body.style.cursor = 'progress';
|
||||
str = $("#finduserForm").serialize();
|
||||
console.log('Send findUser request with', str);
|
||||
console.log('Send findUser request with parameters', str);
|
||||
return $.ajax({
|
||||
type: "POST",
|
||||
url: portal + "finduser",
|
||||
|
@ -610,7 +610,7 @@ LemonLDAP::NG Portal jQuery scripts
|
|||
var user;
|
||||
document.body.style.cursor = 'default';
|
||||
user = data.user;
|
||||
console.log('Suggested spoofId', user);
|
||||
console.log('Suggested spoofId=', user);
|
||||
$('#spoofIdfield').attr('value', user);
|
||||
if (data.captcha) {
|
||||
$('#captcha').attr('src', data.captcha);
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user