Add manager option for dynamic scopes (#2424)
This commit is contained in:
parent
1119af91d4
commit
88cc6004a4
|
@ -418,7 +418,7 @@ sub _oidcMetaDataNodes {
|
|||
}
|
||||
# Return all exported attributes if asked
|
||||
elsif ( $query =~
|
||||
/^(?:oidc${type}MetaDataExportedVars|oidcRPMetaDataOptionsExtraClaims|oidcRPMetaDataMacros)$/
|
||||
/^(?:oidc${type}MetaDataExportedVars|oidcRPMetaDataOptionsExtraClaims|oidcRPMetaDataMacros|oidcRPMetaDataScopeRules)$/
|
||||
)
|
||||
{
|
||||
my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {};
|
||||
|
|
|
@ -27,7 +27,7 @@ our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaData
|
|||
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|Servic|Rul)e|AuthnLevel)|(?:ExportedVar|Macro)s)';
|
||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|uth(?:orizationCodeExpiration|nLevel)|ccessTokenExpiration|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|uth(?:orizationCodeExpiration|nLevel)|ccessTokenExpiration|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|ScopeRule|Macro)s)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|AuthnLevel|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
|
||||
our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
|
|
@ -2384,6 +2384,17 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
'oidcRPMetaDataOptionsUserIDAttr' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'oidcRPMetaDataScopeRules' => {
|
||||
'default' => {},
|
||||
'test' => {
|
||||
'keyMsgFail' => '__badMacroName__',
|
||||
'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
|
||||
'test' => sub {
|
||||
return perlExpr(@_);
|
||||
}
|
||||
},
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
'oidcRPStateTimeout' => {
|
||||
'default' => 600,
|
||||
'type' => 'int'
|
||||
|
|
|
@ -4286,6 +4286,17 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
default => {},
|
||||
documentation => 'Macros',
|
||||
},
|
||||
oidcRPMetaDataScopeRules => {
|
||||
type => 'keyTextContainer',
|
||||
help => 'idpopenidconnect.html#scope-rules',
|
||||
test => {
|
||||
keyTest => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
|
||||
keyMsgFail => '__badMacroName__',
|
||||
test => sub { return perlExpr(@_) },
|
||||
},
|
||||
default => {},
|
||||
documentation => 'Scope rules',
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -252,6 +252,7 @@ sub cTrees {
|
|||
]
|
||||
},
|
||||
'oidcRPMetaDataMacros',
|
||||
'oidcRPMetaDataScopeRules',
|
||||
{
|
||||
title => 'oidcRPMetaDataOptionsDisplay',
|
||||
form => 'simpleInputContainer',
|
||||
|
|
|
@ -439,7 +439,7 @@ sub _scanNodes {
|
|||
}
|
||||
}
|
||||
elsif (
|
||||
$target =~ /^oidc(?:O|R)PMetaData(?:ExportedVars|Macros)$/ )
|
||||
$target =~ /^oidc(?:O|R)PMetaData(?:ExportedVars|Macros|ScopeRules)$/ )
|
||||
{
|
||||
hdebug(" $target");
|
||||
if ( $leaf->{cnodes} ) {
|
||||
|
|
|
@ -657,6 +657,14 @@ function templates(tpl,key) {
|
|||
"title" : "oidcRPMetaDataMacros",
|
||||
"type" : "keyTextContainer"
|
||||
},
|
||||
{
|
||||
"cnodes" : tpl+"s/"+key+"/"+"oidcRPMetaDataScopeRules",
|
||||
"default" : [],
|
||||
"help" : "idpopenidconnect.html#scope-rules",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataScopeRules",
|
||||
"title" : "oidcRPMetaDataScopeRules",
|
||||
"type" : "keyTextContainer"
|
||||
},
|
||||
{
|
||||
"_nodes" : [
|
||||
{
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"مستوى إثبات الهوية",
|
||||
"oidcRPMetaDataOptionsRule":"قاعدة الدخول",
|
||||
"oidcRPMetaDataMacros":"ماكرو",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"نطاق",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"مخزن تعريف التوكن",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"توكن نقطة النهاية لطريقة إثبات الهوية",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
|
||||
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"Authentication level",
|
||||
"oidcRPMetaDataOptionsRule":"Access rule",
|
||||
"oidcRPMetaDataMacros":"Macros",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"Scope",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"Authentication level",
|
||||
"oidcRPMetaDataOptionsRule":"Access rule",
|
||||
"oidcRPMetaDataMacros":"Macros",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"Scope",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method",
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"Authentication level",
|
||||
"oidcRPMetaDataOptionsRule":"Regla de acceso",
|
||||
"oidcRPMetaDataMacros":"Macros",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"Ámbito",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Guardar token ID",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -631,7 +631,8 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"Niveau d'authentification",
|
||||
"oidcRPMetaDataOptionsRule":"Règle d'accès",
|
||||
"oidcRPMetaDataMacros":"Macros",
|
||||
"oidcOPMetaDataOptionsScope":"Étendue",
|
||||
"oidcRPMetaDataScopeRules":"Règles de scope",
|
||||
"oidcOPMetaDataOptionsScope":"Scope",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Conserver le jeton d'identité",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Méthode d'authentification pour l'accès aux jetons",
|
||||
"oidcOPName":"Nom du fournisseur OpenID Connect",
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"Livello di autenticazione",
|
||||
"oidcRPMetaDataOptionsRule":"Regola di accesso",
|
||||
"oidcRPMetaDataMacros":"Macro",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"Scopo",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Immagazzina ID Token",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Metodo di autenticazione degli endpoint di token",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
|
||||
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
|
||||
"samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"oidcRPMetaDataOptionsRule":"Reguła dostępu",
|
||||
"oidcRPMetaDataMacros":"Makra",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"Zakres",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Przechowuj token identyfikacyjny",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Metoda uwierzytelniania tokena punktu końcowego",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"Limit czasu sesji RelayState",
|
||||
"samlUseQueryStringSpecific":"Użyj określonej metody query_string",
|
||||
"samlOverrideIDPEntityID":"Zastąp identyfikator jednostki podczas działania jako IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"Doğrulama seviyesi",
|
||||
"oidcRPMetaDataOptionsRule":"Erişim kuralı",
|
||||
"oidcRPMetaDataMacros":"Makrolar",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"Kapsam",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"ID Jetonu Sakla",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Jeton uç noktası doğrulama metodu",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"RelayState oturum zaman aşımı",
|
||||
"samlUseQueryStringSpecific":"Spesifik query_string metodu kullan",
|
||||
"samlOverrideIDPEntityID":"IDP olarak davrandığında Varlık ID'yi geçersiz kıl"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"Mức xác thực",
|
||||
"oidcRPMetaDataOptionsRule":"Quy tắc truy cập",
|
||||
"oidcRPMetaDataMacros":"Macros",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"Phạm vi",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Mã thông báo Cửa hàng",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Phương pháp xác thực thiết bị đầu cuối Token",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
|
||||
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"认证级别",
|
||||
"oidcRPMetaDataOptionsRule":"Access rule",
|
||||
"oidcRPMetaDataMacros":"Macros",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"Scope",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"RelayState session timeout",
|
||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -630,6 +630,7 @@
|
|||
"oidcRPMetaDataOptionsAuthnLevel":"驗證等級",
|
||||
"oidcRPMetaDataOptionsRule":"存取規則",
|
||||
"oidcRPMetaDataMacros":"巨集",
|
||||
"oidcRPMetaDataScopeRules":"Scope rules",
|
||||
"oidcOPMetaDataOptionsScope":"範圍",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"儲存 ID 權杖",
|
||||
"oidcOPMetaDataOptionsTokenEndpointAuthMethod":"權杖端點驗證方法",
|
||||
|
@ -1194,4 +1195,4 @@
|
|||
"samlRelayStateTimeout":"RelayState 工作階段逾時",
|
||||
"samlUseQueryStringSpecific":"使用特定的 query_string 方法",
|
||||
"samlOverrideIDPEntityID":"充當 IDP 覆寫實體 ID"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user