Add first OpenID Connect RP parameters in Manager (#183)
This commit is contained in:
parent
ac1f3940c8
commit
8b7ad81ff5
|
@ -706,6 +706,27 @@ has 'nullAuthnLevel' => (
|
|||
|
||||
## O
|
||||
|
||||
has 'oidcAuthnLevel' => (
|
||||
is => 'rw',
|
||||
isa => 'Int',
|
||||
default => '1',
|
||||
documentation => 'OpenID Connect authentication level',
|
||||
);
|
||||
|
||||
has 'oidcRPCallbackGetParam' => (
|
||||
is => 'rw',
|
||||
isa => 'Str',
|
||||
default => 'openidconnectcallback',
|
||||
documentation => 'OpenID Connect Callback GET URLparameter',
|
||||
);
|
||||
|
||||
has 'oidcRPStateTimeout' => (
|
||||
is => 'rw',
|
||||
isa => 'Int',
|
||||
default => '600',
|
||||
documentation => 'OpenID Connect Timeout of state sessions',
|
||||
);
|
||||
|
||||
has 'openIdAuthnLevel' => (
|
||||
is => 'rw',
|
||||
isa => 'Int',
|
||||
|
|
|
@ -548,7 +548,7 @@ function formateSelectAuth(id, value) {
|
|||
if (value && value.toLowerCase() == "ldap") {
|
||||
value = "LDAP";
|
||||
}
|
||||
formateSelect(id, ['Apache=Apache', 'AD=Active Directory', 'BrowserID=BrowserID (Mozilla Persona)', 'Choice=Authentication choice', 'CAS=Central Authentication Service (CAS)', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'Proxy=Proxy', 'Radius=Radius', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'SSL=SSL', 'Twitter=Twitter', 'WebID=WebID', 'Yubikey=Yubikey'], value);
|
||||
formateSelect(id, ['Apache=Apache', 'AD=Active Directory', 'BrowserID=BrowserID (Mozilla Persona)', 'Choice=Authentication choice', 'CAS=Central Authentication Service (CAS)', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'OpenIDConnect=OpenID Connect', 'Proxy=Proxy', 'Radius=Radius', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'SSL=SSL', 'Twitter=Twitter', 'WebID=WebID', 'Yubikey=Yubikey'], value);
|
||||
}
|
||||
function userdbParams(id) {
|
||||
currentId = id;
|
||||
|
@ -588,7 +588,7 @@ function formateSelectUser(id, value) {
|
|||
if (value && value.toLowerCase() == "ldap") {
|
||||
value = "LDAP";
|
||||
}
|
||||
formateSelect(id, ['AD=Active Directory', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'WebID=WebID'], value);
|
||||
formateSelect(id, ['AD=Active Directory', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'OpenIDConnect=OpenID Connect', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'WebID=WebID'], value);
|
||||
}
|
||||
function passworddbParams(id) {
|
||||
currentId = id;
|
||||
|
|
|
@ -414,14 +414,15 @@ sub struct {
|
|||
null => ['nullParams'],
|
||||
slave => ['slaveParams'],
|
||||
choice => [
|
||||
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams)
|
||||
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams oidcParams)
|
||||
],
|
||||
multi => [
|
||||
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams)
|
||||
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams oidcParams)
|
||||
],
|
||||
yubikey => ['yubikeyParams'],
|
||||
browserid => ['browserIdParams'],
|
||||
demo => ['demoParams'],
|
||||
oidc => ['oidcParams'],
|
||||
}->{$mod};
|
||||
if ($tmp) {
|
||||
$res{$_}++ foreach (@$tmp);
|
||||
|
@ -786,6 +787,16 @@ sub struct {
|
|||
},
|
||||
},
|
||||
|
||||
# OpenIDConnect (OIDC)
|
||||
oidcParams => {
|
||||
_nodes => [
|
||||
qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)
|
||||
],
|
||||
oidcAuthnLevel => 'int:/oidcAuthnLevel',
|
||||
oidcRPCallbackGetParam => 'text:/oidcRPCallbackGetParam',
|
||||
oidcRPStateTimeout => 'int:/oidcRPStateTimeout',
|
||||
}
|
||||
|
||||
},
|
||||
|
||||
# ISSUERDB PARAMETERS
|
||||
|
|
|
@ -261,6 +261,10 @@ sub en {
|
|||
notifyOther => 'Display other sessions',
|
||||
nullAuthnLevel => 'Authentication level',
|
||||
nullParams => 'Null parameters',
|
||||
oidcAuthnLevel => 'Authentication level',
|
||||
oidcParams => 'OpenID Connect parameters',
|
||||
oidcRPCallbackGetParam => 'Callback GET parameter',
|
||||
oidcRPStateTimeout => 'State session timeout',
|
||||
openIdAttr => 'OpenID login',
|
||||
openIdAuthnLevel => 'Authentication level',
|
||||
openIdExportedVars => 'Exported variables',
|
||||
|
@ -773,6 +777,10 @@ sub fr {
|
|||
notifyOther => 'Affiche les autres sessions',
|
||||
nullAuthnLevel => 'Niveau d\'authentification',
|
||||
nullParams => 'Paramètres Null',
|
||||
oidcAuthnLevel => 'Niveau d\'authentification',
|
||||
oidcParams => 'Paramètres OpenID Connect',
|
||||
oidcRPCallbackGetParam => 'Paramètre GET callback',
|
||||
oidcRPStateTimeout => 'Durée d\'une session state',
|
||||
openIdAttr => 'Identifiant OpenID',
|
||||
openIdAuthnLevel => 'Niveau d\'authentification',
|
||||
openIdExportedVars => 'Variables exportées',
|
||||
|
|
|
@ -31,7 +31,7 @@ sub setAuthSessionInfo {
|
|||
my $self = shift;
|
||||
|
||||
$self->{sessionInfo}->{'_user'} = $self->{user};
|
||||
$self->{sessionInfo}->{authenticationLevel} = $self->{nullAuthnLevel};
|
||||
$self->{sessionInfo}->{authenticationLevel} = $self->{oidcAuthnLevel};
|
||||
|
||||
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
|
||||
$self->{sessionInfo}->{OpenIDConnect_access_token} =
|
||||
|
@ -48,7 +48,7 @@ sub extractFormInfo {
|
|||
my $self = shift;
|
||||
|
||||
# Check callback
|
||||
my $callback_get_param = $self->{OIDCRPCallbackGetParam};
|
||||
my $callback_get_param = $self->{oidcRPCallbackGetParam};
|
||||
my $callback = $self->param($callback_get_param);
|
||||
|
||||
if ($callback) {
|
||||
|
|
|
@ -140,7 +140,7 @@ sub refreshJWKSdata {
|
|||
sub getCallbackUri {
|
||||
my $self = shift;
|
||||
|
||||
my $callback_get_param = $self->{OIDCRPCallbackGetParam};
|
||||
my $callback_get_param = $self->{oidcRPCallbackGetParam};
|
||||
|
||||
my $callback_uri = $self->{portal};
|
||||
$callback_uri .=
|
||||
|
@ -445,7 +445,7 @@ sub storeState {
|
|||
# Use default session timeout and relayState session timeout to compute it
|
||||
my $time = time();
|
||||
my $timeout = $self->{timeout};
|
||||
my $stateTimeout = $self->{OIDCRPStateTimeout} || $timeout;
|
||||
my $stateTimeout = $self->{oidcRPStateTimeout} || $timeout;
|
||||
|
||||
$infos->{_utime} = $time + ( $stateTimeout - $timeout );
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user