dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add first OpenID Connect RP parameters in Manager (#183)

Browse Source
This commit is contained in:
Clément Oudot 2014-12-11 16:54:27 +00:00
parent ac1f3940c8
commit 8b7ad81ff5
6 changed files with 48 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Attributes.pm
View File

@ -706,6 +706,27 @@ has 'nullAuthnLevel' => (
## O
has 'oidcAuthnLevel' => (
is => 'rw',
isa => 'Int',
default => '1',
documentation => 'OpenID Connect authentication level',
);
has 'oidcRPCallbackGetParam' => (
is => 'rw',
isa => 'Str',
default => 'openidconnectcallback',
documentation => 'OpenID Connect Callback GET URLparameter',
);
has 'oidcRPStateTimeout' => (
is => 'rw',
isa => 'Int',
default => '600',
documentation => 'OpenID Connect Timeout of state sessions',
);
has 'openIdAuthnLevel' => (
is => 'rw',
isa => 'Int',

4
lemonldap-ng-manager/example/skins/default/js/manager.js
View File

@ -548,7 +548,7 @@ function formateSelectAuth(id, value) {
if (value && value.toLowerCase() == "ldap") {
value = "LDAP";
}
formateSelect(id, ['Apache=Apache', 'AD=Active Directory', 'BrowserID=BrowserID (Mozilla Persona)', 'Choice=Authentication choice', 'CAS=Central Authentication Service (CAS)', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'Proxy=Proxy', 'Radius=Radius', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'SSL=SSL', 'Twitter=Twitter', 'WebID=WebID', 'Yubikey=Yubikey'], value);
formateSelect(id, ['Apache=Apache', 'AD=Active Directory', 'BrowserID=BrowserID (Mozilla Persona)', 'Choice=Authentication choice', 'CAS=Central Authentication Service (CAS)', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'OpenIDConnect=OpenID Connect', 'Proxy=Proxy', 'Radius=Radius', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'SSL=SSL', 'Twitter=Twitter', 'WebID=WebID', 'Yubikey=Yubikey'], value);
}
function userdbParams(id) {
currentId = id;
@ -588,7 +588,7 @@ function formateSelectUser(id, value) {
if (value && value.toLowerCase() == "ldap") {
value = "LDAP";
}
formateSelect(id, ['AD=Active Directory', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'WebID=WebID'], value);
formateSelect(id, ['AD=Active Directory', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'OpenIDConnect=OpenID Connect', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'WebID=WebID'], value);
}
function passworddbParams(id) {
currentId = id;

15
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
View File

@ -414,14 +414,15 @@ sub struct {
null => ['nullParams'],
slave => ['slaveParams'],
choice => [
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams)
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams oidcParams)
],
multi => [
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams)
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams oidcParams)
],
yubikey => ['yubikeyParams'],
browserid => ['browserIdParams'],
demo => ['demoParams'],
oidc => ['oidcParams'],
}->{$mod};
if ($tmp) {
$res{$_}++ foreach (@$tmp);
@ -786,6 +787,16 @@ sub struct {
},
},
# OpenIDConnect (OIDC)
oidcParams => {
_nodes => [
qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)
],
oidcAuthnLevel => 'int:/oidcAuthnLevel',
oidcRPCallbackGetParam => 'text:/oidcRPCallbackGetParam',
oidcRPStateTimeout => 'int:/oidcRPStateTimeout',
}
},
# ISSUERDB PARAMETERS

8
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
View File

@ -261,6 +261,10 @@ sub en {
notifyOther => 'Display other sessions',
nullAuthnLevel => 'Authentication level',
nullParams => 'Null parameters',
oidcAuthnLevel => 'Authentication level',
oidcParams => 'OpenID Connect parameters',
oidcRPCallbackGetParam => 'Callback GET parameter',
oidcRPStateTimeout => 'State session timeout',
openIdAttr => 'OpenID login',
openIdAuthnLevel => 'Authentication level',
openIdExportedVars => 'Exported variables',
@ -773,6 +777,10 @@ sub fr {
notifyOther => 'Affiche les autres sessions',
nullAuthnLevel => 'Niveau d\'authentification',
nullParams => 'Paramètres Null',
oidcAuthnLevel => 'Niveau d\'authentification',
oidcParams => 'Paramètres OpenID Connect',
oidcRPCallbackGetParam => 'Paramètre GET callback',
oidcRPStateTimeout => 'Durée d\'une session state',
openIdAttr => 'Identifiant OpenID',
openIdAuthnLevel => 'Niveau d\'authentification',
openIdExportedVars => 'Variables exportées',

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm
View File

@ -31,7 +31,7 @@ sub setAuthSessionInfo {
my $self = shift;
$self->{sessionInfo}->{'_user'} = $self->{user};
$self->{sessionInfo}->{authenticationLevel} = $self->{nullAuthnLevel};
$self->{sessionInfo}->{authenticationLevel} = $self->{oidcAuthnLevel};
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
$self->{sessionInfo}->{OpenIDConnect_access_token} =
@ -48,7 +48,7 @@ sub extractFormInfo {
my $self = shift;
# Check callback
my $callback_get_param = $self->{OIDCRPCallbackGetParam};
my $callback_get_param = $self->{oidcRPCallbackGetParam};
my $callback = $self->param($callback_get_param);
if ($callback) {

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
View File

@ -140,7 +140,7 @@ sub refreshJWKSdata {
sub getCallbackUri {
my $self = shift;
my $callback_get_param = $self->{OIDCRPCallbackGetParam};
my $callback_get_param = $self->{oidcRPCallbackGetParam};
my $callback_uri = $self->{portal};
$callback_uri .=
@ -445,7 +445,7 @@ sub storeState {
# Use default session timeout and relayState session timeout to compute it
my $time = time();
my $timeout = $self->{timeout};
my $stateTimeout = $self->{OIDCRPStateTimeout} || $timeout;
my $stateTimeout = $self->{oidcRPStateTimeout} || $timeout;
$infos->{_utime} = $time + ( $stateTimeout - $timeout );