Apply bypass consent option to trunk (#1089)
This commit is contained in:
parent
29453547e6
commit
91b7ac93b1
|
@ -170,6 +170,7 @@ sub defaultValues {
|
||||||
'name' => 'cn'
|
'name' => 'cn'
|
||||||
},
|
},
|
||||||
'oidcRPMetaDataOptionsAccessTokenExpiration' => 3600,
|
'oidcRPMetaDataOptionsAccessTokenExpiration' => 3600,
|
||||||
|
'oidcRPMetaDataOptionsBypassConsent' => 0,
|
||||||
'oidcRPMetaDataOptionsIDTokenExpiration' => 3600,
|
'oidcRPMetaDataOptionsIDTokenExpiration' => 3600,
|
||||||
'oidcRPMetaDataOptionsIDTokenSignAlg' => 'HS512',
|
'oidcRPMetaDataOptionsIDTokenSignAlg' => 'HS512',
|
||||||
'oidcRPStateTimeout' => 600,
|
'oidcRPStateTimeout' => 600,
|
||||||
|
|
|
@ -1530,6 +1530,10 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
|
||||||
'default' => 3600,
|
'default' => 3600,
|
||||||
'type' => 'int'
|
'type' => 'int'
|
||||||
},
|
},
|
||||||
|
'oidcRPMetaDataOptionsBypassConsent' => {
|
||||||
|
'default' => 0,
|
||||||
|
'type' => 'bool'
|
||||||
|
},
|
||||||
'oidcRPMetaDataOptionsClientID' => {
|
'oidcRPMetaDataOptionsClientID' => {
|
||||||
'type' => 'text'
|
'type' => 'text'
|
||||||
},
|
},
|
||||||
|
|
|
@ -2411,8 +2411,9 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
||||||
{ type => 'int', default => 3600 },
|
{ type => 'int', default => 3600 },
|
||||||
oidcRPMetaDataOptionsAccessTokenExpiration =>
|
oidcRPMetaDataOptionsAccessTokenExpiration =>
|
||||||
{ type => 'int', default => 3600 },
|
{ type => 'int', default => 3600 },
|
||||||
oidcRPMetaDataOptionsRedirectUris => { type => 'text', },
|
oidcRPMetaDataOptionsRedirectUris => { type => 'text', },
|
||||||
oidcRPMetaDataOptionsExtraClaims => { type => 'keyTextContainer', },
|
oidcRPMetaDataOptionsExtraClaims => { type => 'keyTextContainer', },
|
||||||
|
oidcRPMetaDataOptionsBypassConsent => { type => 'bool', default => 0 },
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -193,6 +193,7 @@ sub cTrees {
|
||||||
'oidcRPMetaDataOptionsIDTokenExpiration',
|
'oidcRPMetaDataOptionsIDTokenExpiration',
|
||||||
'oidcRPMetaDataOptionsAccessTokenExpiration',
|
'oidcRPMetaDataOptionsAccessTokenExpiration',
|
||||||
'oidcRPMetaDataOptionsRedirectUris',
|
'oidcRPMetaDataOptionsRedirectUris',
|
||||||
|
'oidcRPMetaDataOptionsBypassConsent',
|
||||||
'oidcRPMetaDataOptionsExtraClaims'
|
'oidcRPMetaDataOptionsExtraClaims'
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
@ -25,7 +25,7 @@ our $doubleHashKeys = 'issuerDBGetParameters';
|
||||||
our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
|
our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
|
||||||
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
|
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
|
||||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)';
|
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
|
||||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
|
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Check(?:S[LS]OMessageSignature|Conditions)|Re(?:questedAuthnContext|solutionRule)|(?:EncryptionMod|IsPassiv)e|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
|
||||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
|
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
|
||||||
our $virtualHostKeys = '(?:vhost(?:(?:Aliase|Http)s|Maintenance|Port)|(?:exportedHeader|locationRule)s|post)';
|
our $virtualHostKeys = '(?:vhost(?:(?:Aliase|Http)s|Maintenance|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||||
|
|
|
@ -344,6 +344,13 @@ function templates(tpl,key) {
|
||||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRedirectUris",
|
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRedirectUris",
|
||||||
"title" : "oidcRPMetaDataOptionsRedirectUris"
|
"title" : "oidcRPMetaDataOptionsRedirectUris"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"default" : 0,
|
||||||
|
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsBypassConsent",
|
||||||
|
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsBypassConsent",
|
||||||
|
"title" : "oidcRPMetaDataOptionsBypassConsent",
|
||||||
|
"type" : "bool"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"cnodes" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsExtraClaims",
|
"cnodes" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsExtraClaims",
|
||||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsExtraClaims",
|
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsExtraClaims",
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -404,6 +404,7 @@
|
||||||
"oidcRPMetaDataNode": "OpenID Connect Relying Parties",
|
"oidcRPMetaDataNode": "OpenID Connect Relying Parties",
|
||||||
"oidcRPMetaDataOptions": "Options",
|
"oidcRPMetaDataOptions": "Options",
|
||||||
"oidcRPMetaDataOptionsAccessTokenExpiration": "Access token expiration",
|
"oidcRPMetaDataOptionsAccessTokenExpiration": "Access token expiration",
|
||||||
|
"oidcRPMetaDataOptionsBypassConsent": "Bypass consent",
|
||||||
"oidcRPMetaDataOptionsClientID": "Client ID",
|
"oidcRPMetaDataOptionsClientID": "Client ID",
|
||||||
"oidcRPMetaDataOptionsClientSecret": "Client secret",
|
"oidcRPMetaDataOptionsClientSecret": "Client secret",
|
||||||
"oidcRPMetaDataOptionsDisplay": "Display",
|
"oidcRPMetaDataOptionsDisplay": "Display",
|
||||||
|
|
|
@ -404,6 +404,7 @@
|
||||||
"oidcRPMetaDataNode": "Clients OpenID Connect",
|
"oidcRPMetaDataNode": "Clients OpenID Connect",
|
||||||
"oidcRPMetaDataOptions": "Options",
|
"oidcRPMetaDataOptions": "Options",
|
||||||
"oidcRPMetaDataOptionsAccessTokenExpiration": "Expiration des jetons d'accès",
|
"oidcRPMetaDataOptionsAccessTokenExpiration": "Expiration des jetons d'accès",
|
||||||
|
"oidcRPMetaDataOptionsBypassConsent": "Contourner le consentement",
|
||||||
"oidcRPMetaDataOptionsClientID": "Identifiant",
|
"oidcRPMetaDataOptionsClientID": "Identifiant",
|
||||||
"oidcRPMetaDataOptionsClientSecret": "Mot de passe",
|
"oidcRPMetaDataOptionsClientSecret": "Mot de passe",
|
||||||
"oidcRPMetaDataOptionsDisplay": "Affichage",
|
"oidcRPMetaDataOptionsDisplay": "Affichage",
|
||||||
|
|
|
@ -874,129 +874,143 @@ sub issuerForAuthUser {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Obtain consent
|
# Obtain consent
|
||||||
my $ask_for_consent = 1;
|
my $bypassConsent = $self->{oidcRPMetaDataOptions}->{$rp}
|
||||||
if ( $self->{sessionInfo}->{"_oidc_consent_time_$rp"}
|
->{oidcRPMetaDataOptionsBypassConsent};
|
||||||
and $self->{sessionInfo}->{"_oidc_consent_scope_$rp"} )
|
if ($bypassConsent) {
|
||||||
{
|
|
||||||
$ask_for_consent = 0;
|
|
||||||
my $consent_time = $self->{sessionInfo}->{"_oidc_consent_time_$rp"};
|
|
||||||
my $consent_scope =
|
|
||||||
$self->{sessionInfo}->{"_oidc_consent_scope_$rp"};
|
|
||||||
|
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Consent already given for Relying Party $rp (time: $consent_time, scope: $consent_scope)",
|
"Consent is disabled for RP $rp, user will not be prompted",
|
||||||
'debug'
|
'debug' );
|
||||||
);
|
|
||||||
|
|
||||||
# Check accepted scope
|
|
||||||
foreach
|
|
||||||
my $requested_scope ( split( /\s+/, $oidc_request->{'scope'} ) )
|
|
||||||
{
|
|
||||||
if ( $consent_scope =~ /\b$requested_scope\b/ ) {
|
|
||||||
$self->lmLog( "Scope $requested_scope already accepted",
|
|
||||||
'debug' );
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$self->lmLog(
|
|
||||||
"Scope $requested_scope was not previously accepted",
|
|
||||||
'debug' );
|
|
||||||
$ask_for_consent = 1;
|
|
||||||
last;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check prompt parameter
|
|
||||||
$ask_for_consent = 1 if ( $prompt =~ /\bconsent\b/ );
|
|
||||||
}
|
}
|
||||||
if ($ask_for_consent) {
|
else {
|
||||||
if ( $self->param('confirm') == 1 ) {
|
my $ask_for_consent = 1;
|
||||||
$self->updatePersistentSession(
|
if ( $self->{sessionInfo}->{"_oidc_consent_time_$rp"}
|
||||||
{ "_oidc_consent_time_$rp" => time } );
|
and $self->{sessionInfo}->{"_oidc_consent_scope_$rp"} )
|
||||||
$self->updatePersistentSession(
|
{
|
||||||
{
|
$ask_for_consent = 0;
|
||||||
"_oidc_consent_scope_$rp" => $oidc_request->{'scope'}
|
my $consent_time =
|
||||||
}
|
$self->{sessionInfo}->{"_oidc_consent_time_$rp"};
|
||||||
);
|
my $consent_scope =
|
||||||
$self->lmLog( "Consent given for Relying Party $rp", 'debug' );
|
$self->{sessionInfo}->{"_oidc_consent_scope_$rp"};
|
||||||
}
|
|
||||||
elsif ( $self->param('confirm') == -1 ) {
|
|
||||||
$self->lmLog( "User refused consent for Relying party $rp",
|
|
||||||
'debug' );
|
|
||||||
$self->returnRedirectError(
|
|
||||||
$oidc_request->{'redirect_uri'},
|
|
||||||
"consent_required",
|
|
||||||
"consent not given",
|
|
||||||
undef,
|
|
||||||
$oidc_request->{'state'},
|
|
||||||
( $flow ne "authorizationcode" )
|
|
||||||
);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$self->lmLog( "Obtain user consent for Relying Party $rp",
|
|
||||||
'debug' );
|
|
||||||
|
|
||||||
# Return error if prompt is none
|
$self->lmLog(
|
||||||
if ( $prompt =~ /\bnone\b/ ) {
|
"Consent already given for Relying Party $rp (time: $consent_time, scope: $consent_scope)",
|
||||||
$self->lmLog( "Consent is needed but prompt is none",
|
'debug'
|
||||||
|
);
|
||||||
|
|
||||||
|
# Check accepted scope
|
||||||
|
foreach my $requested_scope (
|
||||||
|
split( /\s+/, $oidc_request->{'scope'} ) )
|
||||||
|
{
|
||||||
|
if ( $consent_scope =~ /\b$requested_scope\b/ ) {
|
||||||
|
$self->lmLog( "Scope $requested_scope already accepted",
|
||||||
|
'debug' );
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog(
|
||||||
|
"Scope $requested_scope was not previously accepted",
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
$ask_for_consent = 1;
|
||||||
|
last;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check prompt parameter
|
||||||
|
$ask_for_consent = 1 if ( $prompt =~ /\bconsent\b/ );
|
||||||
|
}
|
||||||
|
if ($ask_for_consent) {
|
||||||
|
if ( $self->param('confirm') == 1 ) {
|
||||||
|
$self->updatePersistentSession(
|
||||||
|
{ "_oidc_consent_time_$rp" => time } );
|
||||||
|
$self->updatePersistentSession(
|
||||||
|
{
|
||||||
|
"_oidc_consent_scope_$rp" =>
|
||||||
|
$oidc_request->{'scope'}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
$self->lmLog( "Consent given for Relying Party $rp",
|
||||||
|
'debug' );
|
||||||
|
}
|
||||||
|
elsif ( $self->param('confirm') == -1 ) {
|
||||||
|
$self->lmLog( "User refused consent for Relying party $rp",
|
||||||
'debug' );
|
'debug' );
|
||||||
$self->returnRedirectError(
|
$self->returnRedirectError(
|
||||||
$oidc_request->{'redirect_uri'},
|
$oidc_request->{'redirect_uri'},
|
||||||
"consent_required",
|
"consent_required",
|
||||||
"consent required",
|
"consent not given",
|
||||||
undef,
|
undef,
|
||||||
$oidc_request->{'state'},
|
$oidc_request->{'state'},
|
||||||
( $flow ne "authorizationcode" )
|
( $flow ne "authorizationcode" )
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog( "Obtain user consent for Relying Party $rp",
|
||||||
|
'debug' );
|
||||||
|
|
||||||
my $display_name = $self->{oidcRPMetaDataOptions}->{$rp}
|
# Return error if prompt is none
|
||||||
->{oidcRPMetaDataOptionsDisplayName};
|
if ( $prompt =~ /\bnone\b/ ) {
|
||||||
my $icon = $self->{oidcRPMetaDataOptions}->{$rp}
|
$self->lmLog( "Consent is needed but prompt is none",
|
||||||
->{oidcRPMetaDataOptionsIcon};
|
'debug' );
|
||||||
my $img_src;
|
$self->returnRedirectError(
|
||||||
my $portalPath = $self->{portal};
|
$oidc_request->{'redirect_uri'},
|
||||||
$portalPath =~ s#^https?://[^/]+/?#/#;
|
"consent_required",
|
||||||
$portalPath =~ s#[^/]+\.pl$##;
|
"consent required",
|
||||||
|
undef,
|
||||||
if ($icon) {
|
$oidc_request->{'state'},
|
||||||
$img_src =
|
( $flow ne "authorizationcode" )
|
||||||
( $icon =~ m#^https?://# )
|
);
|
||||||
? $icon
|
|
||||||
: $portalPath . "skins/common/" . $icon;
|
|
||||||
}
|
|
||||||
|
|
||||||
$self->info('<div class="oidc_consent_message">');
|
|
||||||
$self->info( '<img src="' . $img_src . '" />' ) if $img_src;
|
|
||||||
$self->info( '<h3>'
|
|
||||||
. sprintf( $self->msg(PM_OIDC_CONSENT), $display_name )
|
|
||||||
. '</h3>' );
|
|
||||||
$self->info('<ul>');
|
|
||||||
|
|
||||||
foreach my $requested_scope (
|
|
||||||
split( /\s/, $oidc_request->{'scope'} ) )
|
|
||||||
{
|
|
||||||
my $message;
|
|
||||||
my $scope_messages = {
|
|
||||||
openid => PM_OIDC_SCOPE_OPENID,
|
|
||||||
profile => PM_OIDC_SCOPE_PROFILE,
|
|
||||||
email => PM_OIDC_SCOPE_EMAIL,
|
|
||||||
address => PM_OIDC_SCOPE_ADDRESS,
|
|
||||||
phone => PM_OIDC_SCOPE_PHONE,
|
|
||||||
};
|
|
||||||
if ( $scope_messages->{$requested_scope} ) {
|
|
||||||
$message =
|
|
||||||
$self->msg( $scope_messages->{$requested_scope} );
|
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
$message = $self->msg(PM_OIDC_SCOPE_OTHER) . " "
|
my $display_name = $self->{oidcRPMetaDataOptions}->{$rp}
|
||||||
. $requested_scope;
|
->{oidcRPMetaDataOptionsDisplayName};
|
||||||
|
my $icon = $self->{oidcRPMetaDataOptions}->{$rp}
|
||||||
|
->{oidcRPMetaDataOptionsIcon};
|
||||||
|
my $img_src;
|
||||||
|
my $portalPath = $self->{portal};
|
||||||
|
$portalPath =~ s#^https?://[^/]+/?#/#;
|
||||||
|
$portalPath =~ s#[^/]+\.pl$##;
|
||||||
|
|
||||||
|
if ($icon) {
|
||||||
|
$img_src =
|
||||||
|
( $icon =~ m#^https?://# )
|
||||||
|
? $icon
|
||||||
|
: $portalPath . "skins/common/" . $icon;
|
||||||
}
|
}
|
||||||
$self->info("<li>$message</li>");
|
|
||||||
|
$self->info('<div class="oidc_consent_message">');
|
||||||
|
$self->info( '<img src="' . $img_src . '" />' ) if $img_src;
|
||||||
|
$self->info( '<h3>'
|
||||||
|
. sprintf( $self->msg(PM_OIDC_CONSENT),
|
||||||
|
$display_name )
|
||||||
|
. '</h3>' );
|
||||||
|
$self->info('<ul>');
|
||||||
|
|
||||||
|
foreach my $requested_scope (
|
||||||
|
split( /\s/, $oidc_request->{'scope'} ) )
|
||||||
|
{
|
||||||
|
my $message;
|
||||||
|
my $scope_messages = {
|
||||||
|
openid => PM_OIDC_SCOPE_OPENID,
|
||||||
|
profile => PM_OIDC_SCOPE_PROFILE,
|
||||||
|
email => PM_OIDC_SCOPE_EMAIL,
|
||||||
|
address => PM_OIDC_SCOPE_ADDRESS,
|
||||||
|
phone => PM_OIDC_SCOPE_PHONE,
|
||||||
|
};
|
||||||
|
if ( $scope_messages->{$requested_scope} ) {
|
||||||
|
$message =
|
||||||
|
$self->msg( $scope_messages->{$requested_scope} );
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$message = $self->msg(PM_OIDC_SCOPE_OTHER) . " "
|
||||||
|
. $requested_scope;
|
||||||
|
}
|
||||||
|
$self->info("<li>$message</li>");
|
||||||
|
}
|
||||||
|
$self->info('</ul>');
|
||||||
|
$self->info('</div>');
|
||||||
|
$self->{activeTimer} = 0;
|
||||||
|
return PE_CONFIRM;
|
||||||
}
|
}
|
||||||
$self->info('</ul>');
|
|
||||||
$self->info('</div>');
|
|
||||||
$self->{activeTimer} = 0;
|
|
||||||
return PE_CONFIRM;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user