From 846a9b899821e5b96cacd9149354a43b77af74fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Wed, 6 Jul 2011 09:36:15 +0000 Subject: [PATCH] Secure Token configuration in Manager (#288) --- .../example/skins/default/js/manager.js | 1 + .../lib/Lemonldap/NG/Manager/_Struct.pm | 69 ++++++++++----- .../lib/Lemonldap/NG/Manager/_i18n.pm | 84 +++++++++++-------- 3 files changed, 97 insertions(+), 57 deletions(-) diff --git a/modules/lemonldap-ng-manager/example/skins/default/js/manager.js b/modules/lemonldap-ng-manager/example/skins/default/js/manager.js index c3f028183..0a15427e4 100644 --- a/modules/lemonldap-ng-manager/example/skins/default/js/manager.js +++ b/modules/lemonldap-ng-manager/example/skins/default/js/manager.js @@ -68,6 +68,7 @@ var helpCh={ 'samlSPExportedAttributes':'/pages/documentation/latest/idpsaml.html#exported_attributes', 'samlSPMetaDataXML':'/pages/documentation/latest/idpsaml.html#metadata', 'samlSPOptions':'/pages/documentation/latest/idpsaml.html#options', + 'securetoken':'/pages/documentation/latest/securetoken.html', 'security':'/pages/documentation/latest/security.html#configure_security_settings', 'sessions':'/pages/documentation/latest/sessions.html', 'sessionsdb':'/pages/documentation/latest/start.html#sessions_database', diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm index 435963a48..793084036 100644 --- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm +++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm @@ -850,7 +850,8 @@ sub struct { }, specialHandlers => { - _nodes => [qw(zimbraHandler sympaHandler)], + _nodes => + [qw(zimbraHandler sympaHandler secureTokenHandler)], # Zimbra zimbraHandler => { @@ -872,6 +873,20 @@ sub struct { sympaSecret => 'text:/sympaSecret', sympaMailKey => 'text:/sympaMailKey', }, + + # Secure Token + secureTokenHandler => { + _nodes => [ + qw(secureTokenMemcachedServers secureTokenExpiration secureTokenAttribute secureTokenUrls secureTokenHeader) + ], + _help => 'securetoken', + secureTokenMemcachedServers => + 'text:/secureTokenMemcachedServers', + secureTokenExpiration => 'int:/secureTokenExpiration', + secureTokenAttribute => 'text:secureTokenAttribute', + secureTokenUrls => 'text:/secureTokenUrls', + secureTokenHeader => 'text:/secureTokenHeader', + }, }, logoutServices => { @@ -1773,6 +1788,13 @@ sub testStruct { yubikeyClientID => $testNotDefined, yubikeySecretKey => $testNotDefined, yubikeyPublicIDSize => $integer, + + # Secure Token + secureTokenMemcachedServers => $testNotDefined, + secureTokenExpiration => $integer, + secureTokenAttribute => $testNotDefined, + secureTokenUrls => $testNotDefined, + secureTokenHeader => $testNotDefined, }; } @@ -1836,26 +1858,31 @@ sub defaultConf { protection => 'none', remoteGlobalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP', securedCookie => '0', - singleSession => '0', - singleIP => '0', - singleUserByIP => '0', - Soap => '1', - SSLRequired => '0', - storePassword => '0', - syslog => '', - timeout => '72000', - timeoutActivity => '0', - userControl => '^[\w\.\-@]+$', - userDB => 'LDAP', - passwordDB => 'LDAP', - useRedirectOnError => '1', - useRedirectOnForbidden => '0', - useSafeJail => '1', - useXForwardedForIP => '0', - vhostPort => '-1', - vhostHttps => '-1', - whatToTrace => '$_whatToTrace', - yubikeyPublicIDSize => '12', + secureTokenMemcachedServers => '127.0.0.1:11211', + secureTokenExpiration => '60', + secureTokenAttribute => 'uid', + secureTokenUrls => '.*', + secureTokenHeader => 'Auth-Token', + singleSession => '0', + singleIP => '0', + singleUserByIP => '0', + Soap => '1', + SSLRequired => '0', + storePassword => '0', + syslog => '', + timeout => '72000', + timeoutActivity => '0', + userControl => '^[\w\.\-@]+$', + userDB => 'LDAP', + passwordDB => 'LDAP', + useRedirectOnError => '1', + useRedirectOnForbidden => '0', + useSafeJail => '1', + useXForwardedForIP => '0', + vhostPort => '-1', + vhostHttps => '-1', + whatToTrace => '$_whatToTrace', + yubikeyPublicIDSize => '12', ######## # SAML # ######## diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm index dfaa82397..3a027dabb 100644 --- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm +++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm @@ -274,6 +274,12 @@ sub en { remotePortal => 'Portal URL', rules => 'Rules', securedCookie => 'Secured Cookie (SSL)', + secureTokenAttribute => 'Attribute to store', + secureTokenExpiration => 'Token expiration', + secureTokenHandler => 'Secure Token', + secureTokenHeader => 'Header name', + secureTokenMemcachedServers => 'Memcached servers', + secureTokenUrls => 'Protected URLs', security => 'Security', session => 'session', sessions => 'sessions', @@ -693,42 +699,48 @@ sub fr { purgeNotification => 'Supprimer définitivement la notification', randomPasswordRegexp => 'Expression regulière pour la génération des mots de passe', - redirection => 'Redirections du Handler', - remoteCookieName => 'Nom du cookie', - remoteGlobalStorage => 'Module des sessions', - remoteGlobalStorageOptions => 'Options du module des sessions', - remoteParams => 'Paramètres Remote', - remotePortal => 'URL du portail', - rules => 'Règles', - securedCookie => 'Cookie sécurisé (SSL)', - security => 'Sécurité', - session => 'session', - sessions => 'sessions', - sessionDeleted => 'La session a été supprimée', - sessionParams => 'Sessions', - sessionStartedAt => 'Session démarrée le ', - sessionStorage => 'Stockage des sessions', - sessionTitle => 'Contenu de la session', - singleIP => 'Une seule IP par utilisateur', - singleSession => 'Une seule session par utilisateur', - singleUserByIP => 'Une seule adresse IP par utilisateur', - slaveAuthnLevel => 'Niveau d\'authentification', - slaveParams => 'Paramètres Slave', - slaveUserHeader => "En-tête identifiant l'utilisateur", - SMTPAuthPass => 'Mot de passe SMTP', - SMTPAuthUser => 'Utilisateur SMTP', - SMTPServer => 'Serveur SMTP', - soap => 'SOAP', - Soap => 'Activation', - soapAuthService => 'URL du portail', - soapSessionService => 'Point d\'accès SOAP des sessions', - specialHandlers => 'Handlers spéciaux', - SSLAuthnLevel => 'Niveau d\'authentification', - SSLLDAPField => 'Attribut LDAP pour le filtre', - sslParams => 'Paramètres SSL', - SSLRequire => 'SSL Requis', - SSLVar => 'Champ extrait du certificat', - startTime => 'Date de création', + redirection => 'Redirections du Handler', + remoteCookieName => 'Nom du cookie', + remoteGlobalStorage => 'Module des sessions', + remoteGlobalStorageOptions => 'Options du module des sessions', + remoteParams => 'Paramètres Remote', + remotePortal => 'URL du portail', + rules => 'Règles', + securedCookie => 'Cookie sécurisé (SSL)', + secureTokenAttribute => 'Attribut à stocker', + secureTokenExpiration => 'Expiration du jeton', + secureTokenHandler => 'Jeton sécurisé', + secureTokenHeader => "Nom de l'en-tête HTTP", + secureTokenMemcachedServers => 'Serveurs Memcached', + secureTokenUrls => 'URLs protégées', + security => 'Sécurité', + session => 'session', + sessions => 'sessions', + sessionDeleted => 'La session a été supprimée', + sessionParams => 'Sessions', + sessionStartedAt => 'Session démarrée le ', + sessionStorage => 'Stockage des sessions', + sessionTitle => 'Contenu de la session', + singleIP => 'Une seule IP par utilisateur', + singleSession => 'Une seule session par utilisateur', + singleUserByIP => 'Une seule adresse IP par utilisateur', + slaveAuthnLevel => 'Niveau d\'authentification', + slaveParams => 'Paramètres Slave', + slaveUserHeader => "En-tête identifiant l'utilisateur", + SMTPAuthPass => 'Mot de passe SMTP', + SMTPAuthUser => 'Utilisateur SMTP', + SMTPServer => 'Serveur SMTP', + soap => 'SOAP', + Soap => 'Activation', + soapAuthService => 'URL du portail', + soapSessionService => 'Point d\'accès SOAP des sessions', + specialHandlers => 'Handlers spéciaux', + SSLAuthnLevel => 'Niveau d\'authentification', + SSLLDAPField => 'Attribut LDAP pour le filtre', + sslParams => 'Paramètres SSL', + SSLRequire => 'SSL Requis', + SSLVar => 'Champ extrait du certificat', + startTime => 'Date de création', storePassword => "Stocke le mot de passe de l'utilisateur en session", sympaHandler => 'Sympa', sympaMailKey => 'Clé de session pour le mail',