diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm
index a0e2edd98..7a653150b 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm
@@ -2,7 +2,7 @@ package Lemonldap::NG::Common::Conf::Serializer;
use Data::Dumper;
-our $VERSION = '1.4.0';
+our $VERSION = 2.00;
BEGIN {
*Lemonldap::NG::Common::Conf::normalize = \&normalize;
@@ -122,6 +122,10 @@ sub unserialize {
|logoutServices
|macros
|notificationStorageOptions
+ |oidcOPMetaDataExportedVars
+ |oidcOPMetaDataJSON
+ |oidcOPMetaDataJWKS
+ |oidcOPMetaDataOptions
|openIdExportedVars
|persistentStorageOptions
|portalSkinRules
diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SubAttributes.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SubAttributes.pm
index 86732a2d2..91ed5817c 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SubAttributes.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SubAttributes.pm
@@ -8,7 +8,7 @@ package Lemonldap::NG::Common::Conf::SubAttributes;
use Mouse;
-our $VERSION = 1.4.1;
+our $VERSION = 2.00;
## E
@@ -28,6 +28,78 @@ has 'locationRules' => (
documentation => "Rules for a virtual host",
);
+## O
+
+has 'oidcOPMetaDataExportedVars' => (
+ is => 'rw',
+ isa => 'HashRef',
+ default => sub { return { 'uid' => 'sub' }; },
+ documentation => "Exported vars for an OP",
+);
+
+has 'oidcOPMetaDataOptionsCheckJWTSignature' => (
+ is => 'rw',
+ isa => 'Bool',
+ default => '1',
+ documentation => 'OIDC OP JWT signature checking',
+);
+
+has 'oidcOPMetaDataOptionsClientID' => (
+ is => 'rw',
+ isa => 'Str|Undef',
+ default => undef,
+ documentation => "OIDC OP client ID",
+);
+
+has 'oidcOPMetaDataOptionsClientSecret' => (
+ is => 'rw',
+ isa => 'Str|Undef',
+ default => undef,
+ documentation => "OIDC OP client Secret",
+);
+
+has 'oidcOPMetaDataOptionsConfigurationURI' => (
+ is => 'rw',
+ isa => 'Str|Undef',
+ default => undef,
+ documentation => "OIDC OP configuration endpoint",
+);
+
+has 'oidcOPMetaDataOptionsDisplayName' => (
+ is => 'rw',
+ isa => 'Str',
+ default => "Provider name",
+ documentation => "OIDC OP display name",
+);
+
+has 'oidcOPMetaDataOptionsIcon' => (
+ is => 'rw',
+ isa => 'Str|Undef',
+ default => undef,
+ documentation => "OIDC OP logo file",
+);
+
+has 'oidcOPMetaDataOptionsJWKSTimeout' => (
+ is => 'rw',
+ isa => 'Int',
+ default => "0",
+ documentation => "OIDC OP JWKS data refresh interval",
+);
+
+has 'oidcOPMetaDataOptionsScope' => (
+ is => 'rw',
+ isa => 'Str',
+ default => "openid email profile",
+ documentation => "OIDC OP scope",
+);
+
+has 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => (
+ is => 'rw',
+ isa => 'Str',
+ default => "client_secret_basic",
+ documentation => "OIDC OP scope",
+);
+
## P
has 'post' => (
diff --git a/lemonldap-ng-manager/example/skins/default/js/manager.js b/lemonldap-ng-manager/example/skins/default/js/manager.js
index 53af9aa02..d94456eb8 100644
--- a/lemonldap-ng-manager/example/skins/default/js/manager.js
+++ b/lemonldap-ng-manager/example/skins/default/js/manager.js
@@ -464,6 +464,7 @@ function display(div, title) {
$('#newapplicationr,#delapplication').hide();
$('#newpostr,#delpost').hide();
$('#newpostdatar,#delpostdata').hide();
+ $('#newoidcopb,#deloidcopb').hide();
// Resize (or hide) Help window
resizeHelp();
}
@@ -491,6 +492,11 @@ function samlSpRoot(id) {
display('default', '');
$('#newspsamlmetadatab').show();
}
+function oidcOPRoot(id) {
+ currentId = id;
+ display('default', '');
+ $('#newoidcopb').show();
+}
/* @function splitModuleAndOptions(string data)
* Split module and options from authentication or userDB string
* @return module, options
@@ -825,6 +831,17 @@ function samlSpMetaData(id) {
}
$('#newspsamlmetadatab').show();
}
+function oidcOPMetaData(id) {
+ currentId = id;
+ $('#oidcOPMetaData').val(lmtext(id));
+ display('oidcOPMetaData', lmtext(id));
+ if ($('#li_' + myB64('/oidcOPMetaDataNode')).find('span').size() == 1) {
+ $('#deloidcopb').hide();
+ } else {
+ $('#deloidcopb').show();
+ }
+ $('#newoidcopb').show();
+}
function samlService(id) {
currentId = id;
var t = lmdata(id).split(';');
@@ -1083,6 +1100,24 @@ function newSpSamlMetaData() {
samlSpMetaData(spId);
});
}
+function newOidcOp() {
+ var name = prompt(text4newOidcOp, 'op-example');
+ if (!name) {
+ return false;
+ }
+ var opId = 'li_' + myB64('/oidcOPMetaDataExportedVars/' + name);
+ simpleTreeCollection[0].newAjaxNodeIn($('#li_L29pZGNPUE1ldGFEYXRhTm9kZQ2'), opId, name, scriptname + '?type=new&node=/oidcOPMetaDataNode/' + name, function(d, s) {
+ $('>span', s).attr('name', name).attr('help', 'default').attr('id', 'text_' + opId).attr('onclick', 'oidcOPMetaData(\'' + opId + '\')');
+ oidcOPMetaData(opId);
+ });
+}
+function delOidcOp(id) {
+ var opname = lmtext(id);
+ if (confirm('Delete ' + opname + ' ?')) {
+ delKey(id);
+ oidcOPMetaData(id);
+ }
+}
var cfgAttrDone = 0;
function uploadConf(f) {
if (! (f == 1)) f = 0;
diff --git a/lemonldap-ng-manager/example/skins/default/manager.tpl b/lemonldap-ng-manager/example/skins/default/manager.tpl
index 511c3c28f..db2f10f11 100644
--- a/lemonldap-ng-manager/example/skins/default/manager.tpl
+++ b/lemonldap-ng-manager/example/skins/default/manager.tpl
@@ -52,6 +52,7 @@
var text4newApplication='';
var text4newCondition='';
var lang='';
+ var text4newOidcOp='';
//]]>
@@ -255,6 +256,16 @@
+
+
+
+
@@ -817,6 +828,18 @@
+
+
+
+
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Downloader.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Downloader.pm
index 47fbcbd4d..96b854d1d 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Downloader.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Downloader.pm
@@ -14,7 +14,7 @@ require Lemonldap::NG::Manager::_Struct; #inherits
require Lemonldap::NG::Manager::_i18n; #inherits
require Lemonldap::NG::Manager::Request; #inherits
-our $VERSION = '1.4.0';
+our $VERSION = 2.00;
## @method string node(string node)
# Build the part of the tree that does not depends of the configuration.
@@ -229,6 +229,41 @@ sub confNode {
) . "";
}
+ # OIDC Metadata
+ elsif ( $target =~ s/^oidcmetadatajson:// ) {
+ my $h = $self->keyToH( $target, $self->conf );
+ $h = $h->{oidcOPMetaDataJSON};
+ my $text = $target;
+ $text =~ s/^\/([^\/]+)\/.*$/$1/;
+ $res .= $self->li("$target/")
+ . $self->span(
+ id => "$target/",
+ text => $text,
+ data => $h,
+ js => $js,
+ help => $help,
+ target => "oidcmetadatajson",
+ ) . "";
+
+ }
+
+ elsif ( $target =~ s/^oidcmetadatajwks:// ) {
+ my $h = $self->keyToH( $target, $self->conf );
+ $h = $h->{oidcOPMetaDataJWKS};
+ my $text = $target;
+ $text =~ s/^\/([^\/]+)\/.*$/$1/;
+ $res .= $self->li("$target/")
+ . $self->span(
+ id => "$target/",
+ text => $text,
+ data => $h,
+ js => $js,
+ help => $help,
+ target => "oidcmetadatajwks",
+ ) . "";
+
+ }
+
# Application list
elsif ( $target =~ s/^applicationlist:// ) {
$self->lmLog( "Load applications list (target $target)", 'debug' );
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm
index 25d3880ab..5daf1e67f 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm
@@ -20,7 +20,7 @@ use Lemonldap::NG::Manager::_i18n;
use Lemonldap::NG::Manager::Request;
use Lemonldap::NG::Common::Conf::Constants; #inherits
-our $VERSION = '1.4.0';
+our $VERSION = 2.00;
our ( $stylesheet, $parser );
## @method void confUpload(ref rdata)
@@ -42,6 +42,7 @@ sub confUpload {
my $spname;
my $catid;
my $postname;
+ my $opname;
# 1. ANALYSE DATAS
@@ -110,6 +111,12 @@ s/^text_(NewID_)?li_([\w\/\+\=]+)(\d)(?:_\d+)?$/decode_base64($2.'='x $3)/e;
$spname = $name;
}
+ # Get OIDC OP name
+ if ( $id =~ /oidcOPMetaDataExportedVars\/([^\/]*)?$/ ) {
+ $self->lmLog( "Entering OP $name", 'debug' );
+ $opname = $name;
+ }
+
# Set menu category and application flags
if ( $id =~ /applicationList/ ) {
if ( $value =~ /^(.*)?\|(.*)?\|(.*)?\|(.*)?\|(.*?)$/ ) {
@@ -132,7 +139,7 @@ s/^text_(NewID_)?li_([\w\/\+\=]+)(\d)(?:_\d+)?$/decode_base64($2.'='x $3)/e;
# Special case: avoid bug with node created from parent node
if ( $id =~
-/^(virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|generalParameters\/authParams\/choiceParams)/
+/^(virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode|generalParameters\/authParams\/choiceParams)/
)
{
$self->lmLog( "Special trigger for $id (attribute $name)",
@@ -157,6 +164,10 @@ s/^samlIDPMetaDataNode\/([^\/]*)?.*/samlIDPMetaDataExportedAttributes\/$1\/$name
$id =~
s/^samlSPMetaDataNode\/([^\/]*)?.*/samlSPMetaDataExportedAttributes\/$1\/$name/;
+ # OIDC OP attribute
+ $id =~
+s/^oidcOPMetaDataNode\/([^\/]*)?.*/oidcOPMetaDataExportedVars\/$1\/$name/;
+
# Authentication choice
$id =~
s/^generalParameters\/authParams\/choiceParams\/([^\/]*)?.*/authChoiceModules\/$name/;
@@ -198,13 +209,17 @@ s/^(samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions)
$id =~
s/^(samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions)\/([^\/]*)?\/(.*)$/$1\/$spname\/$3/;
+ # Set current OIDC OP name
+ $id =~
+s/^(oidcOPMetaDataJSON|oidcOPMetaDataJWKS|oidcOPMetaDataExportedVars|oidcOPMetaDataOptions)\/([^\/]*)?\/(.*)$/$1\/$opname\/$3/;
+
# Set current POST URL name
$id =~ s/^(post)\/([^\/]*)?\/(.*)$/$1\/$vhostname\/$postname/;
$self->lmLog( "id transformed into $id", 'debug' );
if ( $id =~
-/^(generalParameters|variables|virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode)/
+/^(generalParameters|variables|virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode)/
)
{
$self->lmLog( "Ignoring attribute $name (id $id)", 'debug' );
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
index f6822f94d..c6dfb92fa 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
@@ -11,7 +11,7 @@ use Lemonldap::NG::Common::Conf::Attributes;
use Lemonldap::NG::Common::Conf::SubAttributes;
use Lemonldap::NG::Common::Regexp;
-our $VERSION = '2.00';
+our $VERSION = 2.00;
## @method protected hashref cstruct(hashref h,string k)
# Merge $h with the structure produced with $k and return it.
@@ -249,6 +249,69 @@ sub cstruct {
}
);
}
+ elsif ( $k1 =~ /^oidcOPMetaDataNode/i ) {
+ %$h = (
+ %$h,
+ oidcOPMetaDataNode => {
+ $k2 => {
+ _nodes => [
+ qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataExportedVars oidcOPMetaDataOptions)
+ ],
+
+ oidcOPMetaDataJSON =>
+"oidcmetadatajson:/oidcOPMetaDataJSON/$k2:oidcOPMetaDataJSON:textarea",
+ oidcOPMetaDataJWKS =>
+"oidcmetadatajwks:/oidcOPMetaDataJWKS/$k2:oidcOPMetaDataJWKS:textarea",
+ oidcOPMetaDataExportedVars => {
+ _nodes =>
+ ["hash:/oidcOPMetaDataExportedVars/$k2:vars:btext"],
+ _js => 'hashRoot',
+ },
+ oidcOPMetaDataOptions => {
+ _nodes => [
+ qw(oidcOPMetaDataOptionsConfiguration oidcOPMetaDataOptionsProtocol oidcOPMetaDataOptionsDisplay)
+ ],
+
+ oidcOPMetaDataOptionsConfiguration => {
+ _nodes => [
+ qw(oidcOPMetaDataOptionsConfigurationURI oidcOPMetaDataOptionsJWKSTimeout oidcOPMetaDataOptionsClientID oidcOPMetaDataOptionsClientSecret)
+ ],
+ oidcOPMetaDataOptionsConfigurationURI =>
+"text:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsConfigurationURI",
+ oidcOPMetaDataOptionsJWKSTimeout =>
+"int:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsJWKSTimeout",
+ oidcOPMetaDataOptionsClientID =>
+"text:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsClientID",
+ oidcOPMetaDataOptionsClientSecret =>
+"text:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsClientSecret",
+ },
+ oidcOPMetaDataOptionsProtocol => {
+ _nodes => [
+ qw(oidcOPMetaDataOptionsScope oidcOPMetaDataOptionsTokenEndpointAuthMethod oidcOPMetaDataOptionsCheckJWTSignature)
+ ],
+ oidcOPMetaDataOptionsScope =>
+"text:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsScope",
+ oidcOPMetaDataOptionsTokenEndpointAuthMethod =>
+"text:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsTokenEndpointAuthMethod",
+ oidcOPMetaDataOptionsCheckJWTSignature =>
+"bool:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsCheckJWTSignature",
+ },
+ oidcOPMetaDataOptionsDisplay => {
+ _nodes => [
+ qw(oidcOPMetaDataOptionsDisplayName oidcOPMetaDataOptionsIcon)
+ ],
+ oidcOPMetaDataOptionsDisplayName =>
+"text:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsDisplayName",
+ oidcOPMetaDataOptionsIcon =>
+"text:/oidcOPMetaDataOptions/$k2/oidcOPMetaDataOptionsIcon",
+ },
+ },
+
+ },
+ },
+ );
+ }
+
return $h;
}
@@ -259,7 +322,7 @@ sub struct {
my $self = shift;
return {
_nodes => [
- qw(n:generalParameters n:variables n:virtualHosts n:samlServiceMetaData n:samlIDPMetaDataNode n:samlSPMetaDataNode)
+ qw(n:generalParameters n:variables n:virtualHosts n:samlServiceMetaData n:samlIDPMetaDataNode n:samlSPMetaDataNode n:oidcOPMetaDataNode)
],
_help => 'default',
@@ -1461,6 +1524,22 @@ sub struct {
},
},
+
+ ########
+ # OIDC #
+ ########
+ oidcOPMetaDataNode => {
+ _nodes => [
+'nhash:/oidcOPMetaDataExportedVars:oidcOPMetaDataNode:oidcOPMetaData'
+ ],
+ _upload => [
+ '/oidcOPMetaDataJSON', '/oidcOPMetaDataJWKS',
+ '/oidcOPMetaDataOptions'
+ ],
+ _help => 'oidcOP',
+ _js => 'oidcOPRoot',
+ },
+
};
}
@@ -2174,6 +2253,42 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
browserIdSiteName => $testNotDefined,
browserIdSiteLogo => $testNotDefined,
browserIdBackgroundColor => $testNotDefined,
+
+ # OIDC OP
+ oidcOPMetaDataExportedVars => {
+ keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
+ keyMsgFail => 'Bad metadata name',
+ '*' => {
+ keyTest => qr/^\w([\w\-]*\w)?$/,
+ keyMsgFail => 'Bad attribute name',
+ test => sub { return 1; },
+ },
+ },
+ oidcOPMetaDataJSON => {
+ keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
+ keyMsgFail => 'Bad metadata name',
+ '*' => {
+ test => sub { return 1; },
+ keyTest => sub { return 1; },
+ },
+ },
+ oidcOPMetaDataJWKS => {
+ keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
+ keyMsgFail => 'Bad metadata name',
+ '*' => {
+ test => sub { return 1; },
+ keyTest => sub { return 1; },
+ },
+ },
+ oidcOPMetaDataOptions => {
+ keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
+ keyMsgFail => 'Bad metadata name',
+ '*' => {
+ test => sub { return 1; },
+ keyTest => sub { return 1; },
+ },
+ },
+
};
}
## @method hashref subDefaultConf()
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
index 1251913f5..acb8d6b1e 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
@@ -254,14 +254,32 @@ sub en {
notificationNotPurged => 'The notification was not definitely removed',
notificationPurged => 'Notification has been definitely removed',
notificationStorage => 'Storage module',
- notificationStorageOptions => 'Storage module parameters',
- notificationWildcard => 'Wildcard for all users',
- notificationXSLTfile => 'Custom XSLT file',
- notifyDeleted => 'Display deleted sessions',
- notifyOther => 'Display other sessions',
- nullAuthnLevel => 'Authentication level',
- nullParams => 'Null parameters',
- oidcAuthnLevel => 'Authentication level',
+ notificationStorageOptions => 'Storage module parameters',
+ notificationWildcard => 'Wildcard for all users',
+ notificationXSLTfile => 'Custom XSLT file',
+ notifyDeleted => 'Display deleted sessions',
+ notifyOther => 'Display other sessions',
+ nullAuthnLevel => 'Authentication level',
+ nullParams => 'Null parameters',
+ oidcAuthnLevel => 'Authentication level',
+ oidcOPMetaDataExportedVars => 'Exported attributes',
+ oidcOPMetaDataJSON => 'Metadata',
+ oidcOPMetaDataJWKS => 'JWKS data',
+ oidcOPMetaDataNode => 'OpenID Connect Providers',
+ oidcOPMetaDataOptions => 'Options',
+ oidcOPMetaDataOptionsCheckJWTSignature => 'Check JWT signature',
+ oidcOPMetaDataOptionsClientID => 'Client ID',
+ oidcOPMetaDataOptionsClientSecret => 'Client secret',
+ oidcOPMetaDataOptionsConfiguration => 'Configuration',
+ oidcOPMetaDataOptionsConfigurationURI => 'Configuration endpoint',
+ oidcOPMetaDataOptionsDisplay => 'Display',
+ oidcOPMetaDataOptionsDisplayName => 'Display name',
+ oidcOPMetaDataOptionsIcon => 'Logo',
+ oidcOPMetaDataOptionsJWKSTimeout => 'JWKS data timeout',
+ oidcOPMetaDataOptionsProtocol => 'Protocol',
+ oidcOPMetaDataOptionsScope => 'Scope',
+ oidcOPMetaDataOptionsTokenEndpointAuthMethod =>
+ 'Token endpoint authentication method',
oidcParams => 'OpenID Connect parameters',
oidcRPCallbackGetParam => 'Callback GET parameter',
oidcRPStateTimeout => 'State session timeout',
@@ -769,15 +787,34 @@ sub fr {
"La notification n'a pas été définitivement supprimée",
notificationPurged =>
'La notification a été définitivement supprimée',
- notificationStorage => 'Module de stockage',
- notificationStorageOptions => 'Paramètres du module de stockage',
- notificationWildcard => 'Identifiant pour tous les utilisateurs',
- notificationXSLTfile => 'Fichier XSLT personnalisé',
- notifyDeleted => 'Affiche les sessions effacées',
- notifyOther => 'Affiche les autres sessions',
- nullAuthnLevel => 'Niveau d\'authentification',
- nullParams => 'Paramètres Null',
- oidcAuthnLevel => 'Niveau d\'authentification',
+ notificationStorage => 'Module de stockage',
+ notificationStorageOptions => 'Paramètres du module de stockage',
+ notificationWildcard => 'Identifiant pour tous les utilisateurs',
+ notificationXSLTfile => 'Fichier XSLT personnalisé',
+ notifyDeleted => 'Affiche les sessions effacées',
+ notifyOther => 'Affiche les autres sessions',
+ nullAuthnLevel => 'Niveau d\'authentification',
+ nullParams => 'Paramètres Null',
+ oidcAuthnLevel => 'Niveau d\'authentification',
+ oidcOPMetaDataExportedVars => 'Attributs exportés',
+ oidcOPMetaDataJSON => 'Métadonnées',
+ oidcOPMetaDataJWKS => 'Données JWKS',
+ oidcOPMetaDataNode => 'Fournisseurs OpenID Connect',
+ oidcOPMetaDataOptions => 'Options',
+ oidcOPMetaDataOptionsCheckJWTSignature =>
+ 'Vérifier la signature des jetons',
+ oidcOPMetaDataOptionsClientID => 'Identifiant',
+ oidcOPMetaDataOptionsClientSecret => 'Mot de passe',
+ oidcOPMetaDataOptionsConfiguration => 'Configuration',
+ oidcOPMetaDataOptionsConfigurationURI => 'URI de la configuration',
+ oidcOPMetaDataOptionsDisplay => 'Affichage',
+ oidcOPMetaDataOptionsDisplayName => 'Nom d\'affichage',
+ oidcOPMetaDataOptionsIcon => 'Logo',
+ oidcOPMetaDataOptionsJWKSTimeout => 'Durée de vie des données JWKS',
+ oidcOPMetaDataOptionsProtocol => 'Protocole',
+ oidcOPMetaDataOptionsScope => 'Étendue',
+ oidcOPMetaDataOptionsTokenEndpointAuthMethod =>
+ 'Méthode d\'authentification pour l\'accès aux jetons',
oidcParams => 'Paramètres OpenID Connect',
oidcRPCallbackGetParam => 'Paramètre GET callback',
oidcRPStateTimeout => 'Durée d\'une session state',
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm
index bc4bad4e1..c5d7547e6 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm
@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Simple;
use MIME::Base64;
use base qw(Lemonldap::NG::Portal::_OpenIDConnect);
-our $VERSION = '2.00';
+our $VERSION = 2.00;
## @apmethod int authInit()
# Get configuration data
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenIDConnect.pm
index 3d95bffc3..9e91ed298 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBOpenIDConnect.pm
@@ -9,7 +9,7 @@ use strict;
use Lemonldap::NG::Portal::Simple;
our @ISA = (qw(Lemonldap::NG::Portal::_OpenIDConnect));
-our $VERSION = '2.00';
+our $VERSION = 2.00;
## @apmethod int userDBInit()
# Do nothing
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
index 28eca2f8e..26a0c1b74 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
@@ -15,7 +15,7 @@ use Crypt::OpenSSL::RSA;
use Crypt::OpenSSL::Bignum;
use base qw(Lemonldap::NG::Portal::_Browser);
-our $VERSION = '2.00';
+our $VERSION = 2.00;
our $oidcCache;
BEGIN {
@@ -53,9 +53,11 @@ sub loadOPs {
$self->{_oidcOPList} = {};
foreach ( keys %{ $self->{oidcOPMetaDataJSON} } ) {
$self->{_oidcOPList}->{$_}->{conf} =
- $self->decodeJSON( $self->{oidcOPMetaDataJSON}->{$_} );
+ $self->decodeJSON(
+ $self->{oidcOPMetaDataJSON}->{$_}->{oidcOPMetaDataJSON} );
$self->{_oidcOPList}->{$_}->{jwks} =
- $self->decodeJSON( $self->{oidcOPMetaDataJWKS}->{$_} );
+ $self->decodeJSON(
+ $self->{oidcOPMetaDataJWKS}->{$_}->{oidcOPMetaDataJWKS} );
}
$oidcCache->{_oidcOPList} = $self->{_oidcOPList} unless $no_cache;
@@ -206,7 +208,6 @@ sub buildAuthorizationCodeAuthnRequest {
# return String Token response decoded content
sub getAuthorizationCodeAccessToken {
my ( $self, $op, $code, $auth_method ) = splice @_;
- $auth_method ||= "client_secret_basic";
my $client_id =
$self->{oidcOPMetaDataOptions}->{$op}->{oidcOPMetaDataOptionsClientID};