diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index 9674ef2b3..7e8393afc 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -170,6 +170,7 @@ sub defaultValues { 'name' => 'cn' }, 'oidcRPMetaDataOptionsAccessTokenExpiration' => 3600, + 'oidcRPMetaDataOptionsBypassConsent' => 0, 'oidcRPMetaDataOptionsIDTokenExpiration' => 3600, 'oidcRPMetaDataOptionsIDTokenSignAlg' => 'HS512', 'oidcRPStateTimeout' => 600, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index da2597df4..a427c882e 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -1530,6 +1530,10 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'default' => 3600, 'type' => 'int' }, + 'oidcRPMetaDataOptionsBypassConsent' => { + 'default' => 0, + 'type' => 'bool' + }, 'oidcRPMetaDataOptionsClientID' => { 'type' => 'text' }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 40d10fecc..9393673ef 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -2411,8 +2411,9 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: { type => 'int', default => 3600 }, oidcRPMetaDataOptionsAccessTokenExpiration => { type => 'int', default => 3600 }, - oidcRPMetaDataOptionsRedirectUris => { type => 'text', }, - oidcRPMetaDataOptionsExtraClaims => { type => 'keyTextContainer', }, + oidcRPMetaDataOptionsRedirectUris => { type => 'text', }, + oidcRPMetaDataOptionsExtraClaims => { type => 'keyTextContainer', }, + oidcRPMetaDataOptionsBypassConsent => { type => 'bool', default => 0 }, }; } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index a2073fe54..7fdf2240b 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -193,6 +193,7 @@ sub cTrees { 'oidcRPMetaDataOptionsIDTokenExpiration', 'oidcRPMetaDataOptionsAccessTokenExpiration', 'oidcRPMetaDataOptionsRedirectUris', + 'oidcRPMetaDataOptionsBypassConsent', 'oidcRPMetaDataOptionsExtraClaims' ] }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm index 8a8a30928..4d9409ed6 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm @@ -25,7 +25,7 @@ our $doubleHashKeys = 'issuerDBGetParameters'; our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))'; our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s'; our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))'; -our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)'; +our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)'; our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)'; our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)'; our $virtualHostKeys = '(?:vhost(?:(?:Aliase|Http)s|Maintenance|Port)|(?:exportedHeader|locationRule)s|post)'; diff --git a/lemonldap-ng-manager/site/static/js/conftree.js b/lemonldap-ng-manager/site/static/js/conftree.js index 8724cc2d2..f9b461cc7 100644 --- a/lemonldap-ng-manager/site/static/js/conftree.js +++ b/lemonldap-ng-manager/site/static/js/conftree.js @@ -344,6 +344,13 @@ function templates(tpl,key) { "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRedirectUris", "title" : "oidcRPMetaDataOptionsRedirectUris" }, + { + "default" : 0, + "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsBypassConsent", + "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsBypassConsent", + "title" : "oidcRPMetaDataOptionsBypassConsent", + "type" : "bool" + }, { "cnodes" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsExtraClaims", "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsExtraClaims", diff --git a/lemonldap-ng-manager/site/static/js/conftree.min.js b/lemonldap-ng-manager/site/static/js/conftree.min.js index 18f1bebf3..0f109e0a2 100644 --- a/lemonldap-ng-manager/site/static/js/conftree.min.js +++ b/lemonldap-ng-manager/site/static/js/conftree.min.js @@ -1 +1 @@ -function templates(b,c){var d;var a=function(e){return{id:b+"s/"+(d++),title:e,get:b+"s/"+c+"/"+e}};switch(b){case"oidcOPMetaDataNode":return[{get:b+"s/"+c+"/oidcOPMetaDataJSON",id:b+"s/"+c+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:b+"s/"+c+"/oidcOPMetaDataJWKS",id:b+"s/"+c+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:b+"s/"+c+"/oidcOPMetaDataExportedVars","default":[{data:"name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",id:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",id:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",id:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{"default":"openid profile",get:b+"s/"+c+"/oidcOPMetaDataOptionsScope",id:b+"s/"+c+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{"default":"",get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",id:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",id:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",id:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{"default":"client_secret_post",get:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",id:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{"default":30,get:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",id:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"}];case"oidcRPMetaDataNode":return[{cnodes:b+"s/"+c+"/oidcRPMetaDataExportedVars","default":[{data:"mail",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/email",title:"email",type:"keyText"},{data:"sn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"keyText"},{data:"cn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/name",title:"name",type:"keyText"}],id:b+"s/"+c+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"}],id:"oidcRPMetaDataOptionsAuthentication",title:"oidcRPMetaDataOptionsAuthentication",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",id:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{"default":"HS512",get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",id:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"},{cnodes:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",id:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"}],id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"}];case"samlIDPMetaDataNode":return[{get:b+"s/"+c+"/samlIDPMetaDataXML",id:b+"s/"+c+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlIDPMetaDataExportedAttributes","default":[],help:"authsaml.html#exported_attributes",id:b+"s/"+c+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",id:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",id:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",id:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"},{k:"artifact-get",v:"Artifact GET"},{k:"artifact-post",v:"Artifact POST"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"},{k:"artifact-get",v:"Artifact GET"},{k:"artifact-post",v:"Artifact POST"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckConditions",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckConditions",title:"samlIDPMetaDataOptionsCheckConditions",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:b+"s/"+c+"/samlSPMetaDataXML",id:b+"s/"+c+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlSPMetaDataExportedAttributes","default":[],help:"idpsaml.html#exported_attributes",id:b+"s/"+c+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{"default":"",get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",id:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"}];case"virtualHost":return[{cnodes:b+"s/"+c+"/locationRules","default":[{data:"deny",id:b+"s/"+c+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:b+"s/"+c+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:b+"s/"+c+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:b+"s/"+c+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:b+"s/"+c+"/post",help:"formreplay.html",id:b+"s/"+c+"/post",title:"post",type:"postContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/vhostPort",id:b+"s/"+c+"/vhostPort",title:"vhostPort",type:"int"},{"default":-1,get:b+"s/"+c+"/vhostHttps",id:b+"s/"+c+"/vhostHttps",title:"vhostHttps",type:"trool"},{"default":0,get:b+"s/"+c+"/vhostMaintenance",id:b+"s/"+c+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{get:b+"s/"+c+"/vhostAliases",id:b+"s/"+c+"/vhostAliases",title:"vhostAliases"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions"}];default:return[]}}function setScopeVars(a){a.portal=a.data[0]._nodes[0]._nodes[0];a.getKey(a.portal);a.domain=a.data[0]._nodes[4]._nodes[1];a.getKey(a.domain)}; \ No newline at end of file +function templates(b,c){var d;var a=function(e){return{id:b+"s/"+(d++),title:e,get:b+"s/"+c+"/"+e}};switch(b){case"oidcOPMetaDataNode":return[{get:b+"s/"+c+"/oidcOPMetaDataJSON",id:b+"s/"+c+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:b+"s/"+c+"/oidcOPMetaDataJWKS",id:b+"s/"+c+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:b+"s/"+c+"/oidcOPMetaDataExportedVars","default":[{data:"name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",id:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",id:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",id:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{"default":"openid profile",get:b+"s/"+c+"/oidcOPMetaDataOptionsScope",id:b+"s/"+c+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{"default":"",get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",id:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",id:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",id:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{"default":"client_secret_post",get:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",id:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{"default":30,get:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",id:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"}];case"oidcRPMetaDataNode":return[{cnodes:b+"s/"+c+"/oidcRPMetaDataExportedVars","default":[{data:"mail",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/email",title:"email",type:"keyText"},{data:"sn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"keyText"},{data:"cn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/name",title:"name",type:"keyText"}],id:b+"s/"+c+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"}],id:"oidcRPMetaDataOptionsAuthentication",title:"oidcRPMetaDataOptionsAuthentication",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",id:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{"default":"HS512",get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",id:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"},{"default":0,get:b+"s/"+c+"/oidcRPMetaDataOptionsBypassConsent",id:b+"s/"+c+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{cnodes:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",id:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"}],id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"}];case"samlIDPMetaDataNode":return[{get:b+"s/"+c+"/samlIDPMetaDataXML",id:b+"s/"+c+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlIDPMetaDataExportedAttributes","default":[],help:"authsaml.html#exported_attributes",id:b+"s/"+c+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",id:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",id:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",id:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"},{k:"artifact-get",v:"Artifact GET"},{k:"artifact-post",v:"Artifact POST"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"},{k:"artifact-get",v:"Artifact GET"},{k:"artifact-post",v:"Artifact POST"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckConditions",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckConditions",title:"samlIDPMetaDataOptionsCheckConditions",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:b+"s/"+c+"/samlSPMetaDataXML",id:b+"s/"+c+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlSPMetaDataExportedAttributes","default":[],help:"idpsaml.html#exported_attributes",id:b+"s/"+c+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{"default":"",get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",id:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"}];case"virtualHost":return[{cnodes:b+"s/"+c+"/locationRules","default":[{data:"deny",id:b+"s/"+c+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:b+"s/"+c+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:b+"s/"+c+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:b+"s/"+c+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:b+"s/"+c+"/post",help:"formreplay.html",id:b+"s/"+c+"/post",title:"post",type:"postContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/vhostPort",id:b+"s/"+c+"/vhostPort",title:"vhostPort",type:"int"},{"default":-1,get:b+"s/"+c+"/vhostHttps",id:b+"s/"+c+"/vhostHttps",title:"vhostHttps",type:"trool"},{"default":0,get:b+"s/"+c+"/vhostMaintenance",id:b+"s/"+c+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{get:b+"s/"+c+"/vhostAliases",id:b+"s/"+c+"/vhostAliases",title:"vhostAliases"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions"}];default:return[]}}function setScopeVars(a){a.portal=a.data[0]._nodes[0]._nodes[0];a.getKey(a.portal);a.domain=a.data[0]._nodes[4]._nodes[1];a.getKey(a.domain)}; \ No newline at end of file diff --git a/lemonldap-ng-manager/site/static/languages/en.json b/lemonldap-ng-manager/site/static/languages/en.json index 7b97b465f..67a77872a 100644 --- a/lemonldap-ng-manager/site/static/languages/en.json +++ b/lemonldap-ng-manager/site/static/languages/en.json @@ -404,6 +404,7 @@ "oidcRPMetaDataNode": "OpenID Connect Relying Parties", "oidcRPMetaDataOptions": "Options", "oidcRPMetaDataOptionsAccessTokenExpiration": "Access token expiration", +"oidcRPMetaDataOptionsBypassConsent": "Bypass consent", "oidcRPMetaDataOptionsClientID": "Client ID", "oidcRPMetaDataOptionsClientSecret": "Client secret", "oidcRPMetaDataOptionsDisplay": "Display", diff --git a/lemonldap-ng-manager/site/static/languages/fr.json b/lemonldap-ng-manager/site/static/languages/fr.json index 68af82c9c..426ff0b85 100644 --- a/lemonldap-ng-manager/site/static/languages/fr.json +++ b/lemonldap-ng-manager/site/static/languages/fr.json @@ -404,6 +404,7 @@ "oidcRPMetaDataNode": "Clients OpenID Connect", "oidcRPMetaDataOptions": "Options", "oidcRPMetaDataOptionsAccessTokenExpiration": "Expiration des jetons d'accès", +"oidcRPMetaDataOptionsBypassConsent": "Contourner le consentement", "oidcRPMetaDataOptionsClientID": "Identifiant", "oidcRPMetaDataOptionsClientSecret": "Mot de passe", "oidcRPMetaDataOptionsDisplay": "Affichage", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm index d99dd773d..f54fdf0b8 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm @@ -874,129 +874,143 @@ sub issuerForAuthUser { } # Obtain consent - my $ask_for_consent = 1; - if ( $self->{sessionInfo}->{"_oidc_consent_time_$rp"} - and $self->{sessionInfo}->{"_oidc_consent_scope_$rp"} ) - { - $ask_for_consent = 0; - my $consent_time = $self->{sessionInfo}->{"_oidc_consent_time_$rp"}; - my $consent_scope = - $self->{sessionInfo}->{"_oidc_consent_scope_$rp"}; - + my $bypassConsent = $self->{oidcRPMetaDataOptions}->{$rp} + ->{oidcRPMetaDataOptionsBypassConsent}; + if ($bypassConsent) { $self->lmLog( -"Consent already given for Relying Party $rp (time: $consent_time, scope: $consent_scope)", - 'debug' - ); - - # Check accepted scope - foreach - my $requested_scope ( split( /\s+/, $oidc_request->{'scope'} ) ) - { - if ( $consent_scope =~ /\b$requested_scope\b/ ) { - $self->lmLog( "Scope $requested_scope already accepted", - 'debug' ); - } - else { - $self->lmLog( - "Scope $requested_scope was not previously accepted", - 'debug' ); - $ask_for_consent = 1; - last; - } - } - - # Check prompt parameter - $ask_for_consent = 1 if ( $prompt =~ /\bconsent\b/ ); + "Consent is disabled for RP $rp, user will not be prompted", + 'debug' ); } - if ($ask_for_consent) { - if ( $self->param('confirm') == 1 ) { - $self->updatePersistentSession( - { "_oidc_consent_time_$rp" => time } ); - $self->updatePersistentSession( - { - "_oidc_consent_scope_$rp" => $oidc_request->{'scope'} - } - ); - $self->lmLog( "Consent given for Relying Party $rp", 'debug' ); - } - elsif ( $self->param('confirm') == -1 ) { - $self->lmLog( "User refused consent for Relying party $rp", - 'debug' ); - $self->returnRedirectError( - $oidc_request->{'redirect_uri'}, - "consent_required", - "consent not given", - undef, - $oidc_request->{'state'}, - ( $flow ne "authorizationcode" ) - ); - } - else { - $self->lmLog( "Obtain user consent for Relying Party $rp", - 'debug' ); + else { + my $ask_for_consent = 1; + if ( $self->{sessionInfo}->{"_oidc_consent_time_$rp"} + and $self->{sessionInfo}->{"_oidc_consent_scope_$rp"} ) + { + $ask_for_consent = 0; + my $consent_time = + $self->{sessionInfo}->{"_oidc_consent_time_$rp"}; + my $consent_scope = + $self->{sessionInfo}->{"_oidc_consent_scope_$rp"}; - # Return error if prompt is none - if ( $prompt =~ /\bnone\b/ ) { - $self->lmLog( "Consent is needed but prompt is none", + $self->lmLog( +"Consent already given for Relying Party $rp (time: $consent_time, scope: $consent_scope)", + 'debug' + ); + + # Check accepted scope + foreach my $requested_scope ( + split( /\s+/, $oidc_request->{'scope'} ) ) + { + if ( $consent_scope =~ /\b$requested_scope\b/ ) { + $self->lmLog( "Scope $requested_scope already accepted", + 'debug' ); + } + else { + $self->lmLog( +"Scope $requested_scope was not previously accepted", + 'debug' + ); + $ask_for_consent = 1; + last; + } + } + + # Check prompt parameter + $ask_for_consent = 1 if ( $prompt =~ /\bconsent\b/ ); + } + if ($ask_for_consent) { + if ( $self->param('confirm') == 1 ) { + $self->updatePersistentSession( + { "_oidc_consent_time_$rp" => time } ); + $self->updatePersistentSession( + { + "_oidc_consent_scope_$rp" => + $oidc_request->{'scope'} + } + ); + $self->lmLog( "Consent given for Relying Party $rp", + 'debug' ); + } + elsif ( $self->param('confirm') == -1 ) { + $self->lmLog( "User refused consent for Relying party $rp", 'debug' ); $self->returnRedirectError( $oidc_request->{'redirect_uri'}, "consent_required", - "consent required", + "consent not given", undef, $oidc_request->{'state'}, ( $flow ne "authorizationcode" ) ); } + else { + $self->lmLog( "Obtain user consent for Relying Party $rp", + 'debug' ); - my $display_name = $self->{oidcRPMetaDataOptions}->{$rp} - ->{oidcRPMetaDataOptionsDisplayName}; - my $icon = $self->{oidcRPMetaDataOptions}->{$rp} - ->{oidcRPMetaDataOptionsIcon}; - my $img_src; - my $portalPath = $self->{portal}; - $portalPath =~ s#^https?://[^/]+/?#/#; - $portalPath =~ s#[^/]+\.pl$##; - - if ($icon) { - $img_src = - ( $icon =~ m#^https?://# ) - ? $icon - : $portalPath . "skins/common/" . $icon; - } - - $self->info('
'); - $self->info( '' ) if $img_src; - $self->info( '

' - . sprintf( $self->msg(PM_OIDC_CONSENT), $display_name ) - . '

' ); - $self->info(''); - $self->info('
'); - $self->{activeTimer} = 0; - return PE_CONFIRM; } }