OIDC in progress (#595)
This commit is contained in:
parent
4fc1f6afa2
commit
5202cd6f7c
|
@ -1,4 +1,4 @@
|
||||||
package Lemonldap::NG::Portal::Auth::SAML;
|
package Lemonldap::NG::Portal::Auth::OpenIDConnect;
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
use Mouse;
|
use Mouse;
|
||||||
|
@ -22,7 +22,7 @@ has opNumber => ( is => 'rw', default => 0 );
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
return 0 unless ( $self->loadOPs and $self->refreshJWSdata );
|
return 0 unless ( $self->loadOPs and $self->refreshJWKSdata );
|
||||||
my @tab = ( sort keys %{ $self->oidcOPList } );
|
my @tab = ( sort keys %{ $self->oidcOPList } );
|
||||||
unless (@tab) {
|
unless (@tab) {
|
||||||
$self->lmLog( "No OP configured", 'error' );
|
$self->lmLog( "No OP configured", 'error' );
|
||||||
|
@ -31,7 +31,7 @@ sub init {
|
||||||
$self->opNumber( scalar @tab );
|
$self->opNumber( scalar @tab );
|
||||||
my @list = ();
|
my @list = ();
|
||||||
|
|
||||||
my $portalPath = $self->{portal};
|
my $portalPath = $self->conf->{portal};
|
||||||
$portalPath =~ s#^https?://[^/]+/?#/#;
|
$portalPath =~ s#^https?://[^/]+/?#/#;
|
||||||
|
|
||||||
foreach (@tab) {
|
foreach (@tab) {
|
||||||
|
|
|
@ -12,20 +12,31 @@ my ( $issuer, $sp, $res );
|
||||||
my %handlerOR = ( issuer => [], sp => [] );
|
my %handlerOR = ( issuer => [], sp => [] );
|
||||||
|
|
||||||
# Initialization
|
# Initialization
|
||||||
ok( $issuer = issuer(), 'Issuer portal' );
|
ok( $issuer = issuer(), 'OP portal' );
|
||||||
|
|
||||||
|
ok( $res = $issuer->_get('/oauth2/jwks'), 'Get JWKS' );
|
||||||
|
my $jwks = $res->[2]->[0];
|
||||||
|
|
||||||
|
ok( $res = $issuer->_get('/.well-known/openid-configuration'), 'Get metadata' );
|
||||||
|
my $metadata = $res->[2]->[0];
|
||||||
|
count(3);
|
||||||
|
|
||||||
|
switch ('sp');
|
||||||
|
ok( $sp = sp( $jwks, $metadata ), 'RP portal' );
|
||||||
count(1);
|
count(1);
|
||||||
|
|
||||||
ok($res=$issuer->_get('/oauth2/jwks'),'Get JWKS');
|
#print STDERR Dumper( $jwks, $metadata );
|
||||||
count(1);
|
|
||||||
|
|
||||||
ok($res=$issuer->_get('/.well-known/openid-configuration'),'Get metadata');
|
|
||||||
count(1);
|
|
||||||
|
|
||||||
print STDERR Dumper($res);
|
|
||||||
|
|
||||||
clean_sessions();
|
clean_sessions();
|
||||||
done_testing( count() );
|
done_testing( count() );
|
||||||
|
|
||||||
|
sub switch {
|
||||||
|
my $type = shift;
|
||||||
|
@Lemonldap::NG::Handler::Main::Reload::_onReload = @{
|
||||||
|
$handlerOR{$type};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
sub issuer {
|
sub issuer {
|
||||||
return LLNG::Manager::Test->new(
|
return LLNG::Manager::Test->new(
|
||||||
{
|
{
|
||||||
|
@ -57,13 +68,13 @@ sub issuer {
|
||||||
oidcServiceAllowAuthorizationCodeFlow => 1,
|
oidcServiceAllowAuthorizationCodeFlow => 1,
|
||||||
oidcRPMetaDataOptions => {
|
oidcRPMetaDataOptions => {
|
||||||
rp => {
|
rp => {
|
||||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||||
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
||||||
oidcRPMetaDataOptionsClientID => "rp",
|
oidcRPMetaDataOptionsClientID => "rpid",
|
||||||
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
||||||
oidcRPMetaDataOptionsBypassConsent => 0,
|
oidcRPMetaDataOptionsBypassConsent => 0,
|
||||||
oidcRPMetaDataOptionsClientSecret => "rp",
|
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600
|
oidcRPMetaDataOptionsAccessTokenExpiration => 3600
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -78,8 +89,7 @@ sub issuer {
|
||||||
'loa-2' => 2,
|
'loa-2' => 2,
|
||||||
'loa-3' => 3
|
'loa-3' => 3
|
||||||
},
|
},
|
||||||
oidcServicePrivateKeySig =>
|
oidcServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY-----
|
||||||
"-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt
|
MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt
|
||||||
GMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8TrH1PHFmHpy8/qE/S5OhinIpIi7eb
|
GMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8TrH1PHFmHpy8/qE/S5OhinIpIi7eb
|
||||||
ABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH1caJ8lmiERFj7IvNKqEhzAk0pyDr
|
ABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH1caJ8lmiERFj7IvNKqEhzAk0pyDr
|
||||||
|
@ -107,8 +117,7 @@ EYqYAev/l82wi+OZ5O8U+qjFUpT1CVeUJdDs0o5u19v0UJjunU1cwh9jsxBZAWLy
|
||||||
PAGd6SWf4S3uQCTw6dLeMna25YIlPh5qPA6I/pAahe8e3nSu2ckl
|
PAGd6SWf4S3uQCTw6dLeMna25YIlPh5qPA6I/pAahe8e3nSu2ckl
|
||||||
-----END RSA PRIVATE KEY-----
|
-----END RSA PRIVATE KEY-----
|
||||||
",
|
",
|
||||||
oidcServicePublicKeySig =>
|
oidcServicePublicKeySig => "-----BEGIN PUBLIC KEY-----
|
||||||
"-----BEGIN PUBLIC KEY-----
|
|
||||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2jsmIoFuWzMkilJaA8/
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2jsmIoFuWzMkilJaA8/
|
||||||
/5/T30cnuzX9GImXUrFR2k9EKTMtGMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8T
|
/5/T30cnuzX9GImXUrFR2k9EKTMtGMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8T
|
||||||
rH1PHFmHpy8/qE/S5OhinIpIi7ebABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH
|
rH1PHFmHpy8/qE/S5OhinIpIi7ebABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH
|
||||||
|
@ -122,3 +131,44 @@ GQIDAQAB
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub sp {
|
||||||
|
my ( $jwks, $metadata ) = @_;
|
||||||
|
return LLNG::Manager::Test->new(
|
||||||
|
{
|
||||||
|
ini => {
|
||||||
|
logLevel => $debug,
|
||||||
|
domain => 'rp.com',
|
||||||
|
portal => 'http://auth.rp.com',
|
||||||
|
authentication => 'OpenIDConnect',
|
||||||
|
userDB => 'OpenIDConnect',
|
||||||
|
oidcOPMetaDataExportedVars => {
|
||||||
|
op => {
|
||||||
|
cn => "name",
|
||||||
|
uid => "sub",
|
||||||
|
sn => "family_name",
|
||||||
|
mail => "email"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
oidcOPMetaDataOptions => {
|
||||||
|
op => {
|
||||||
|
oidcOPMetaDataOptionsJWKSTimeout => 0,
|
||||||
|
oidcOPMetaDataOptionsClientSecret => "rpsecret",
|
||||||
|
oidcOPMetaDataOptionsScope => "openid profile",
|
||||||
|
oidcOPMetaDataOptionsStoreIDToken => 0,
|
||||||
|
oidcOPMetaDataOptionsDisplay => "",
|
||||||
|
oidcOPMetaDataOptionsClientID => "rpid",
|
||||||
|
oidcOPMetaDataOptionsConfigurationURI =>
|
||||||
|
"https://auth.op.com/.well-known/openid-configuration"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
oidcOPMetaDataJWKS => {
|
||||||
|
op => $jwks,
|
||||||
|
},
|
||||||
|
oidcOPMetaDataJSON => {
|
||||||
|
op => $metadata,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user