Port SAML Token options in trunk (#1083)

This commit is contained in:
Clément Oudot 2016-09-13 12:04:30 +00:00
parent 24b509c05a
commit 5d2be9a418
10 changed files with 38 additions and 8 deletions

View File

@ -258,6 +258,7 @@ sub defaultValues {
'samlIDPMetaDataOptionsSignSSOMessage' => -1,
'samlIDPMetaDataOptionsSLOBinding' => '',
'samlIDPMetaDataOptionsSSOBinding' => '',
'samlIDPMetaDataOptionsStoreSAMLToken' => 0,
'samlIdPResolveCookie' => 'lemonldapidp',
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',

View File

@ -2276,6 +2276,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
],
'type' => 'select'
},
'samlIDPMetaDataOptionsStoreSAMLToken' => {
'default' => 0,
'type' => 'bool'
},
'samlIDPMetaDataXML' => {
'type' => 'file'
},

View File

@ -1518,14 +1518,14 @@ sub attributes {
type => 'bool',
default => 1,
},
samlSPMetaDataOptionsForceUTF8 => {
type => 'bool',
default => 1,
},
samlIDPMetaDataOptionsResolutionRule => {
type => 'longtext',
default => '',
},
samlIDPMetaDataOptionsStoreSAMLToken => {
type => 'bool',
default => 0,
},
# SP keys
samlSPMetaDataExportedAttributes => {
@ -1654,6 +1654,10 @@ sub attributes {
type => 'bool',
default => 0,
},
samlSPMetaDataOptionsForceUTF8 => {
type => 'bool',
default => 1,
},
# AUTH, USERDB and PASSWORD MODULES
authentication => {

View File

@ -51,7 +51,8 @@ sub cTrees {
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsAdaptSessionUtime",
"samlIDPMetaDataOptionsForceUTF8"
"samlIDPMetaDataOptionsForceUTF8",
"samlIDPMetaDataOptionsStoreSAMLToken"
]
},
{

View File

@ -26,7 +26,7 @@ our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogl
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|(?:MaxAg|Scop)e|AcrValues)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|S(?:ignS[LS]OMessage|[LS]OBinding)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
our $virtualHostKeys = '(?:vhost(?:(?:Aliase|Http)s|Maintenance|Port)|(?:exportedHeader|locationRule)s|post)';

View File

@ -501,6 +501,13 @@ function templates(tpl,key) {
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsForceUTF8",
"title" : "samlIDPMetaDataOptionsForceUTF8",
"type" : "bool"
},
{
"default" : 0,
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsStoreSAMLToken",
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsStoreSAMLToken",
"title" : "samlIDPMetaDataOptionsStoreSAMLToken",
"type" : "bool"
}
],
"id" : "samlIDPMetaDataOptionsSession",

File diff suppressed because one or more lines are too long

View File

@ -696,6 +696,7 @@
"samlIDPMetaDataOptionsSignature": "Signature",
"samlIDPMetaDataOptionsBinding": "Binding",
"samlIDPMetaDataOptionsSecurity": "Security",
"samlIDPMetaDataOptionsStoreSAMLToken": "Store SAML Token",
"samlSPMetaDataNodes": "SAML service providers",
"samlSPMetaDataXML": "Metadata",
"samlSPMetaDataExportedAttributes": "Exported attributes",

View File

@ -696,6 +696,7 @@
"samlIDPMetaDataOptionsSignature": "Signature",
"samlIDPMetaDataOptionsBinding": "Méthode",
"samlIDPMetaDataOptionsSecurity": "Sécurité",
"samlIDPMetaDataOptionsStoreSAMLToken": "Conserver le jeton SAML",
"samlSPMetaDataNodes": "Fournisseurs de service SAML",
"samlSPMetaDataXML": "Metadonnées",
"samlSPMetaDataExportedAttributes": "Attributs exportés",

View File

@ -1131,7 +1131,18 @@ sub setAuthSessionInfo {
# Dump Lasso objects in session
$self->{sessionInfo}->{_lassoSessionDump} = $session->dump() if $session;
$self->{sessionInfo}->{_lassoIdentityDump} = $identity->dump() if $identity;
$self->{sessionInfo}->{_samlToken} = $self->{_samlToken};
# Keep SAML Token in session
my $store_samlToken =
$self->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsStoreSAMLToken};
if ($store_samlToken) {
$self->lmLog( "Store SAML Token in session", 'debug' );
$self->{sessionInfo}->{_samlToken} = $self->{_samlToken};
}
else {
$self->lmLog( "SAML Token will not be stored in session", 'debug' );
}
$self->{_lassoLogin} = $login;