Add first OpenID Connect RP parameters in Manager (#183)
This commit is contained in:
Clément Oudot
parent
ac1f3940c8
commit
8b7ad81ff5
|
|
@ -706,6 +706,27 @@ has 'nullAuthnLevel' => (
|
||||||
|
|
||||||
## O
|
## O
|
||||||
|
|
||||||
|
has 'oidcAuthnLevel' => (
|
||||||
|
is => 'rw',
|
||||||
|
isa => 'Int',
|
||||||
|
default => '1',
|
||||||
|
documentation => 'OpenID Connect authentication level',
|
||||||
|
);
|
||||||
|
|
||||||
|
has 'oidcRPCallbackGetParam' => (
|
||||||
|
is => 'rw',
|
||||||
|
isa => 'Str',
|
||||||
|
default => 'openidconnectcallback',
|
||||||
|
documentation => 'OpenID Connect Callback GET URLparameter',
|
||||||
|
);
|
||||||
|
|
||||||
|
has 'oidcRPStateTimeout' => (
|
||||||
|
is => 'rw',
|
||||||
|
isa => 'Int',
|
||||||
|
default => '600',
|
||||||
|
documentation => 'OpenID Connect Timeout of state sessions',
|
||||||
|
);
|
||||||
|
|
||||||
has 'openIdAuthnLevel' => (
|
has 'openIdAuthnLevel' => (
|
||||||
is => 'rw',
|
is => 'rw',
|
||||||
isa => 'Int',
|
isa => 'Int',
|
||||||
|
|
|
||||||
|
|
@ -548,7 +548,7 @@ function formateSelectAuth(id, value) {
|
||||||
if (value && value.toLowerCase() == "ldap") {
|
if (value && value.toLowerCase() == "ldap") {
|
||||||
value = "LDAP";
|
value = "LDAP";
|
||||||
}
|
}
|
||||||
formateSelect(id, ['Apache=Apache', 'AD=Active Directory', 'BrowserID=BrowserID (Mozilla Persona)', 'Choice=Authentication choice', 'CAS=Central Authentication Service (CAS)', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'Proxy=Proxy', 'Radius=Radius', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'SSL=SSL', 'Twitter=Twitter', 'WebID=WebID', 'Yubikey=Yubikey'], value);
|
formateSelect(id, ['Apache=Apache', 'AD=Active Directory', 'BrowserID=BrowserID (Mozilla Persona)', 'Choice=Authentication choice', 'CAS=Central Authentication Service (CAS)', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'OpenIDConnect=OpenID Connect', 'Proxy=Proxy', 'Radius=Radius', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'SSL=SSL', 'Twitter=Twitter', 'WebID=WebID', 'Yubikey=Yubikey'], value);
|
||||||
}
|
}
|
||||||
function userdbParams(id) {
|
function userdbParams(id) {
|
||||||
currentId = id;
|
currentId = id;
|
||||||
|
|
@ -588,7 +588,7 @@ function formateSelectUser(id, value) {
|
||||||
if (value && value.toLowerCase() == "ldap") {
|
if (value && value.toLowerCase() == "ldap") {
|
||||||
value = "LDAP";
|
value = "LDAP";
|
||||||
}
|
}
|
||||||
formateSelect(id, ['AD=Active Directory', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'WebID=WebID'], value);
|
formateSelect(id, ['AD=Active Directory', 'DBI=Database (DBI)', 'Demo=Demonstration', 'Facebook=Facebook', 'Google=Google', 'LDAP=LDAP', 'Multi=Multiple', 'Null=None', 'OpenID=OpenID', 'OpenIDConnect=OpenID Connect', 'Proxy=Proxy', 'Remote=Remote', 'SAML=SAML v2', 'Slave=Slave', 'WebID=WebID'], value);
|
||||||
}
|
}
|
||||||
function passworddbParams(id) {
|
function passworddbParams(id) {
|
||||||
currentId = id;
|
currentId = id;
|
||||||
|
|
|
||||||
|
|
@ -414,14 +414,15 @@ sub struct {
|
||||||
null => ['nullParams'],
|
null => ['nullParams'],
|
||||||
slave => ['slaveParams'],
|
slave => ['slaveParams'],
|
||||||
choice => [
|
choice => [
|
||||||
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams)
|
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams oidcParams)
|
||||||
],
|
],
|
||||||
multi => [
|
multi => [
|
||||||
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams)
|
qw(ldapParams sslParams casParams radiusParams remoteParams proxyParams openIdParams googleParams facebookParams twitterParams webIDParams dbiParams apacheParams nullParams choiceParams slaveParams yubikeyParams browserIdParams demoParams oidcParams)
|
||||||
],
|
],
|
||||||
yubikey => ['yubikeyParams'],
|
yubikey => ['yubikeyParams'],
|
||||||
browserid => ['browserIdParams'],
|
browserid => ['browserIdParams'],
|
||||||
demo => ['demoParams'],
|
demo => ['demoParams'],
|
||||||
|
oidc => ['oidcParams'],
|
||||||
}->{$mod};
|
}->{$mod};
|
||||||
if ($tmp) {
|
if ($tmp) {
|
||||||
$res{$_}++ foreach (@$tmp);
|
$res{$_}++ foreach (@$tmp);
|
||||||
|
|
@ -786,6 +787,16 @@ sub struct {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
# OpenIDConnect (OIDC)
|
||||||
|
oidcParams => {
|
||||||
|
_nodes => [
|
||||||
|
qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)
|
||||||
|
],
|
||||||
|
oidcAuthnLevel => 'int:/oidcAuthnLevel',
|
||||||
|
oidcRPCallbackGetParam => 'text:/oidcRPCallbackGetParam',
|
||||||
|
oidcRPStateTimeout => 'int:/oidcRPStateTimeout',
|
||||||
|
}
|
||||||
|
|
||||||
},
|
},
|
||||||
|
|
||||||
# ISSUERDB PARAMETERS
|
# ISSUERDB PARAMETERS
|
||||||
|
|
|
||||||
|
|
@ -261,6 +261,10 @@ sub en {
|
||||||
notifyOther => 'Display other sessions',
|
notifyOther => 'Display other sessions',
|
||||||
nullAuthnLevel => 'Authentication level',
|
nullAuthnLevel => 'Authentication level',
|
||||||
nullParams => 'Null parameters',
|
nullParams => 'Null parameters',
|
||||||
|
oidcAuthnLevel => 'Authentication level',
|
||||||
|
oidcParams => 'OpenID Connect parameters',
|
||||||
|
oidcRPCallbackGetParam => 'Callback GET parameter',
|
||||||
|
oidcRPStateTimeout => 'State session timeout',
|
||||||
openIdAttr => 'OpenID login',
|
openIdAttr => 'OpenID login',
|
||||||
openIdAuthnLevel => 'Authentication level',
|
openIdAuthnLevel => 'Authentication level',
|
||||||
openIdExportedVars => 'Exported variables',
|
openIdExportedVars => 'Exported variables',
|
||||||
|
|
@ -773,6 +777,10 @@ sub fr {
|
||||||
notifyOther => 'Affiche les autres sessions',
|
notifyOther => 'Affiche les autres sessions',
|
||||||
nullAuthnLevel => 'Niveau d\'authentification',
|
nullAuthnLevel => 'Niveau d\'authentification',
|
||||||
nullParams => 'Paramètres Null',
|
nullParams => 'Paramètres Null',
|
||||||
|
oidcAuthnLevel => 'Niveau d\'authentification',
|
||||||
|
oidcParams => 'Paramètres OpenID Connect',
|
||||||
|
oidcRPCallbackGetParam => 'Paramètre GET callback',
|
||||||
|
oidcRPStateTimeout => 'Durée d\'une session state',
|
||||||
openIdAttr => 'Identifiant OpenID',
|
openIdAttr => 'Identifiant OpenID',
|
||||||
openIdAuthnLevel => 'Niveau d\'authentification',
|
openIdAuthnLevel => 'Niveau d\'authentification',
|
||||||
openIdExportedVars => 'Variables exportées',
|
openIdExportedVars => 'Variables exportées',
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ sub setAuthSessionInfo {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
$self->{sessionInfo}->{'_user'} = $self->{user};
|
$self->{sessionInfo}->{'_user'} = $self->{user};
|
||||||
$self->{sessionInfo}->{authenticationLevel} = $self->{nullAuthnLevel};
|
$self->{sessionInfo}->{authenticationLevel} = $self->{oidcAuthnLevel};
|
||||||
|
|
||||||
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
|
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
|
||||||
$self->{sessionInfo}->{OpenIDConnect_access_token} =
|
$self->{sessionInfo}->{OpenIDConnect_access_token} =
|
||||||
|
|
@ -48,7 +48,7 @@ sub extractFormInfo {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
# Check callback
|
# Check callback
|
||||||
my $callback_get_param = $self->{OIDCRPCallbackGetParam};
|
my $callback_get_param = $self->{oidcRPCallbackGetParam};
|
||||||
my $callback = $self->param($callback_get_param);
|
my $callback = $self->param($callback_get_param);
|
||||||
|
|
||||||
if ($callback) {
|
if ($callback) {
|
||||||
|
|
|
||||||
|
|
@ -140,7 +140,7 @@ sub refreshJWKSdata {
|
||||||
sub getCallbackUri {
|
sub getCallbackUri {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
my $callback_get_param = $self->{OIDCRPCallbackGetParam};
|
my $callback_get_param = $self->{oidcRPCallbackGetParam};
|
||||||
|
|
||||||
my $callback_uri = $self->{portal};
|
my $callback_uri = $self->{portal};
|
||||||
$callback_uri .=
|
$callback_uri .=
|
||||||
|
|
@ -445,7 +445,7 @@ sub storeState {
|
||||||
# Use default session timeout and relayState session timeout to compute it
|
# Use default session timeout and relayState session timeout to compute it
|
||||||
my $time = time();
|
my $time = time();
|
||||||
my $timeout = $self->{timeout};
|
my $timeout = $self->{timeout};
|
||||||
my $stateTimeout = $self->{OIDCRPStateTimeout} || $timeout;
|
my $stateTimeout = $self->{oidcRPStateTimeout} || $timeout;
|
||||||
|
|
||||||
$infos->{_utime} = $time + ( $stateTimeout - $timeout );
|
$infos->{_utime} = $time + ( $stateTimeout - $timeout );
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user