Port SAML Token options in trunk (#1083)
This commit is contained in:
Clément Oudot
parent
24b509c05a
commit
5d2be9a418
|
|
@ -258,6 +258,7 @@ sub defaultValues {
|
|||
'samlIDPMetaDataOptionsSignSSOMessage' => -1,
|
||||
'samlIDPMetaDataOptionsSLOBinding' => '',
|
||||
'samlIDPMetaDataOptionsSSOBinding' => '',
|
||||
'samlIDPMetaDataOptionsStoreSAMLToken' => 0,
|
||||
'samlIdPResolveCookie' => 'lemonldapidp',
|
||||
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' =>
|
||||
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
|
||||
|
|
|
|||
|
|
@ -2276,6 +2276,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'samlIDPMetaDataOptionsStoreSAMLToken' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'samlIDPMetaDataXML' => {
|
||||
'type' => 'file'
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1518,14 +1518,14 @@ sub attributes {
|
|||
type => 'bool',
|
||||
default => 1,
|
||||
},
|
||||
samlSPMetaDataOptionsForceUTF8 => {
|
||||
type => 'bool',
|
||||
default => 1,
|
||||
},
|
||||
samlIDPMetaDataOptionsResolutionRule => {
|
||||
type => 'longtext',
|
||||
default => '',
|
||||
},
|
||||
samlIDPMetaDataOptionsStoreSAMLToken => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
},
|
||||
|
||||
# SP keys
|
||||
samlSPMetaDataExportedAttributes => {
|
||||
|
|
@ -1654,6 +1654,10 @@ sub attributes {
|
|||
type => 'bool',
|
||||
default => 0,
|
||||
},
|
||||
samlSPMetaDataOptionsForceUTF8 => {
|
||||
type => 'bool',
|
||||
default => 1,
|
||||
},
|
||||
|
||||
# AUTH, USERDB and PASSWORD MODULES
|
||||
authentication => {
|
||||
|
|
|
|||
|
|
@ -51,7 +51,8 @@ sub cTrees {
|
|||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
"samlIDPMetaDataOptionsAdaptSessionUtime",
|
||||
"samlIDPMetaDataOptionsForceUTF8"
|
||||
"samlIDPMetaDataOptionsForceUTF8",
|
||||
"samlIDPMetaDataOptionsStoreSAMLToken"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogl
|
|||
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|(?:MaxAg|Scop)e|AcrValues)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|S(?:ignS[LS]OMessage|[LS]OBinding)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
|
||||
our $virtualHostKeys = '(?:vhost(?:(?:Aliase|Http)s|Maintenance|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
||||
|
|
|
|||
|
|
@ -501,6 +501,13 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsForceUTF8",
|
||||
"title" : "samlIDPMetaDataOptionsForceUTF8",
|
||||
"type" : "bool"
|
||||
},
|
||||
{
|
||||
"default" : 0,
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsStoreSAMLToken",
|
||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsStoreSAMLToken",
|
||||
"title" : "samlIDPMetaDataOptionsStoreSAMLToken",
|
||||
"type" : "bool"
|
||||
}
|
||||
],
|
||||
"id" : "samlIDPMetaDataOptionsSession",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -696,6 +696,7 @@
|
|||
"samlIDPMetaDataOptionsSignature": "Signature",
|
||||
"samlIDPMetaDataOptionsBinding": "Binding",
|
||||
"samlIDPMetaDataOptionsSecurity": "Security",
|
||||
"samlIDPMetaDataOptionsStoreSAMLToken": "Store SAML Token",
|
||||
"samlSPMetaDataNodes": "SAML service providers",
|
||||
"samlSPMetaDataXML": "Metadata",
|
||||
"samlSPMetaDataExportedAttributes": "Exported attributes",
|
||||
|
|
|
|||
|
|
@ -696,6 +696,7 @@
|
|||
"samlIDPMetaDataOptionsSignature": "Signature",
|
||||
"samlIDPMetaDataOptionsBinding": "Méthode",
|
||||
"samlIDPMetaDataOptionsSecurity": "Sécurité",
|
||||
"samlIDPMetaDataOptionsStoreSAMLToken": "Conserver le jeton SAML",
|
||||
"samlSPMetaDataNodes": "Fournisseurs de service SAML",
|
||||
"samlSPMetaDataXML": "Metadonnées",
|
||||
"samlSPMetaDataExportedAttributes": "Attributs exportés",
|
||||
|
|
|
|||
|
|
@ -1131,7 +1131,18 @@ sub setAuthSessionInfo {
|
|||
# Dump Lasso objects in session
|
||||
$self->{sessionInfo}->{_lassoSessionDump} = $session->dump() if $session;
|
||||
$self->{sessionInfo}->{_lassoIdentityDump} = $identity->dump() if $identity;
|
||||
$self->{sessionInfo}->{_samlToken} = $self->{_samlToken};
|
||||
|
||||
# Keep SAML Token in session
|
||||
my $store_samlToken =
|
||||
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
|
||||
->{samlIDPMetaDataOptionsStoreSAMLToken};
|
||||
if ($store_samlToken) {
|
||||
$self->lmLog( "Store SAML Token in session", 'debug' );
|
||||
$self->{sessionInfo}->{_samlToken} = $self->{_samlToken};
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "SAML Token will not be stored in session", 'debug' );
|
||||
}
|
||||
|
||||
$self->{_lassoLogin} = $login;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user