diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Attributes.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Attributes.pm index d0ff7a1af..90d5ce41f 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Attributes.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Attributes.pm @@ -706,6 +706,27 @@ has 'nullAuthnLevel' => ( ## O +has 'oidcAuthnLevel' => ( + is => 'rw', + isa => 'Int', + default => '1', + documentation => 'OpenID Connect authentication level', +); + +has 'oidcRPCallbackGetParam' => ( + is => 'rw', + isa => 'Str', + default => 'openidconnectcallback', + documentation => 'OpenID Connect Callback GET URLparameter', +); + +has 'oidcRPStateTimeout' => ( + is => 'rw', + isa => 'Int', + default => '600', + documentation => 'OpenID Connect Timeout of state sessions', +); + has 'openIdAuthnLevel' => ( is => 'rw', isa => 'Int', diff --git a/lemonldap-ng-manager/example/skins/default/js/manager.js b/lemonldap-ng-manager/example/skins/default/js/manager.js index a23445ee6..53af9aa02 100644 --- a/lemonldap-ng-manager/example/skins/default/js/manager.js +++ b/lemonldap-ng-manager/example/skins/default/js/manager.js @@ -548,7 +548,7 @@ function formateSelectAuth(id, value) { if (value && value.toLowerCase() == "ldap") { value = "LDAP"; } - formateSelect(id, ['Apache=Apache', 'AD=Active Directory', 'BrowserID=BrowserID (Mozilla Persona)', 'Choice=Authentication choice', 'CAS=Central Authentication Service (CAS)', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'Proxy=Proxy', 'Radius=Radius', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'SSL=SSL', 'Twitter=Twitter', 'WebID=WebID', 'Yubikey=Yubikey'], value); + formateSelect(id, ['Apache=Apache', 'AD=Active Directory', 'BrowserID=BrowserID (Mozilla Persona)', 'Choice=Authentication choice', 'CAS=Central Authentication Service (CAS)', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'OpenIDConnect=OpenID Connect', 'Proxy=Proxy', 'Radius=Radius', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'SSL=SSL', 'Twitter=Twitter', 'WebID=WebID', 'Yubikey=Yubikey'], value); } function userdbParams(id) { currentId = id; @@ -588,7 +588,7 @@ function formateSelectUser(id, value) { if (value && value.toLowerCase() == "ldap") { value = "LDAP"; } - formateSelect(id, ['AD=Active Directory', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'WebID=WebID'], value); + formateSelect(id, ['AD=Active Directory', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'OpenIDConnect=OpenID Connect', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'WebID=WebID'], value); } function passworddbParams(id) { currentId = id; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm index 2b98fc55d..f6822f94d 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm @@ -414,14 +414,15 @@ sub struct { null => ['nullParams'], slave => ['slaveParams'], choice => [ - qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams) + qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams oidcParams) ], multi => [ - qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams) + qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams oidcParams) ], yubikey => ['yubikeyParams'], browserid => ['browserIdParams'], demo => ['demoParams'], + oidc => ['oidcParams'], }->{$mod}; if ($tmp) { $res{$_}++ foreach (@$tmp); @@ -786,6 +787,16 @@ sub struct { }, }, + # OpenIDConnect (OIDC) + oidcParams => { + _nodes => [ + qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout) + ], + oidcAuthnLevel => 'int:/oidcAuthnLevel', + oidcRPCallbackGetParam => 'text:/oidcRPCallbackGetParam', + oidcRPStateTimeout => 'int:/oidcRPStateTimeout', + } + }, # ISSUERDB PARAMETERS diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm index a5b99d2d4..1251913f5 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm @@ -261,6 +261,10 @@ sub en { notifyOther => 'Display other sessions', nullAuthnLevel => 'Authentication level', nullParams => 'Null parameters', + oidcAuthnLevel => 'Authentication level', + oidcParams => 'OpenID Connect parameters', + oidcRPCallbackGetParam => 'Callback GET parameter', + oidcRPStateTimeout => 'State session timeout', openIdAttr => 'OpenID login', openIdAuthnLevel => 'Authentication level', openIdExportedVars => 'Exported variables', @@ -773,6 +777,10 @@ sub fr { notifyOther => 'Affiche les autres sessions', nullAuthnLevel => 'Niveau d\'authentification', nullParams => 'Paramètres Null', + oidcAuthnLevel => 'Niveau d\'authentification', + oidcParams => 'Paramètres OpenID Connect', + oidcRPCallbackGetParam => 'Paramètre GET callback', + oidcRPStateTimeout => 'Durée d\'une session state', openIdAttr => 'Identifiant OpenID', openIdAuthnLevel => 'Niveau d\'authentification', openIdExportedVars => 'Variables exportées', diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm index 48cd5b070..e3902897b 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm @@ -31,7 +31,7 @@ sub setAuthSessionInfo { my $self = shift; $self->{sessionInfo}->{'_user'} = $self->{user}; - $self->{sessionInfo}->{authenticationLevel} = $self->{nullAuthnLevel}; + $self->{sessionInfo}->{authenticationLevel} = $self->{oidcAuthnLevel}; $self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent}; $self->{sessionInfo}->{OpenIDConnect_access_token} = @@ -48,7 +48,7 @@ sub extractFormInfo { my $self = shift; # Check callback - my $callback_get_param = $self->{OIDCRPCallbackGetParam}; + my $callback_get_param = $self->{oidcRPCallbackGetParam}; my $callback = $self->param($callback_get_param); if ($callback) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm index d244bd810..dfbdfb8a2 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm @@ -140,7 +140,7 @@ sub refreshJWKSdata { sub getCallbackUri { my $self = shift; - my $callback_get_param = $self->{OIDCRPCallbackGetParam}; + my $callback_get_param = $self->{oidcRPCallbackGetParam}; my $callback_uri = $self->{portal}; $callback_uri .= @@ -445,7 +445,7 @@ sub storeState { # Use default session timeout and relayState session timeout to compute it my $time = time(); my $timeout = $self->{timeout}; - my $stateTimeout = $self->{OIDCRPStateTimeout} || $timeout; + my $stateTimeout = $self->{oidcRPStateTimeout} || $timeout; $infos->{_utime} = $time + ( $stateTimeout - $timeout );