WIP - ContextSwitching (#1783)
This commit is contained in:
parent
a2ebaf31b1
commit
b69ffc0ff8
|
@ -326,6 +326,8 @@ status = 0
|
||||||
;hideSignature = 1
|
;hideSignature = 1
|
||||||
; Set ServiceToken timeout
|
; Set ServiceToken timeout
|
||||||
;handlerServiceTokenTTL = 30
|
;handlerServiceTokenTTL = 30
|
||||||
|
; Set Impersonation/ContextSwitching prefix
|
||||||
|
; impersonationPrefix = real_
|
||||||
useRedirectOnError = 1
|
useRedirectOnError = 1
|
||||||
|
|
||||||
; Zimbra Handler parameters
|
; Zimbra Handler parameters
|
||||||
|
|
|
@ -5,7 +5,7 @@ use strict;
|
||||||
use Exporter 'import';
|
use Exporter 'import';
|
||||||
use base qw(Exporter);
|
use base qw(Exporter);
|
||||||
|
|
||||||
our $VERSION = '2.0.5';
|
our $VERSION = '2.0.6';
|
||||||
|
|
||||||
# CONSTANTS
|
# CONSTANTS
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
|
||||||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||||
use constant APPLYSECTION => "apply";
|
use constant APPLYSECTION => "apply";
|
||||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:ErrorOn(?:ExpiredSession|MailNotFound)|DisplayRe(?:setPassword|gister)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|orsEnabled|da)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|no(?:tif(?:ication(?:Server)?|y(?:Deleted|Other))|AjaxHook)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs)|dbiDynamicHashEnabled|bruteForceProtection)$/;
|
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|p(?:ortal(?:ErrorOn(?:ExpiredSession|MailNotFound)|DisplayRe(?:setPassword|gister)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|no(?:tif(?:ication(?:Server)?|y(?:Deleted|Other))|AjaxHook)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs)|dbiDynamicHashEnabled|bruteForceProtection)$/;
|
||||||
|
|
||||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||||
|
|
||||||
|
|
|
@ -1,16 +1,15 @@
|
||||||
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
|
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
|
||||||
package Lemonldap::NG::Common::Conf::DefaultValues;
|
package Lemonldap::NG::Common::Conf::DefaultValues;
|
||||||
|
|
||||||
our $VERSION = '2.0.5';
|
our $VERSION = '2.0.6';
|
||||||
|
|
||||||
sub defaultValues {
|
sub defaultValues {
|
||||||
return {
|
return {
|
||||||
'activeTimer' => 1,
|
'activeTimer' => 1,
|
||||||
'adminImpersonationRule' => 1,
|
'ADPwdExpireWarning' => 0,
|
||||||
'ADPwdExpireWarning' => 0,
|
'ADPwdMaxAge' => 0,
|
||||||
'ADPwdMaxAge' => 0,
|
'apacheAuthnLevel' => 4,
|
||||||
'apacheAuthnLevel' => 4,
|
'applicationList' => {
|
||||||
'applicationList' => {
|
|
||||||
'default' => {
|
'default' => {
|
||||||
'catname' => 'Default category',
|
'catname' => 'Default category',
|
||||||
'type' => 'category'
|
'type' => 'category'
|
||||||
|
@ -19,38 +18,42 @@ sub defaultValues {
|
||||||
'authChoiceParam' => 'lmAuth',
|
'authChoiceParam' => 'lmAuth',
|
||||||
'authentication' => 'Demo',
|
'authentication' => 'Demo',
|
||||||
'available2F' => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,Yubikey',
|
'available2F' => 'UTOTP,TOTP,U2F,REST,Mail2F,Ext2F,Yubikey',
|
||||||
'available2FSelfRegistration' => 'TOTP,U2F,Yubikey',
|
'available2FSelfRegistration' => 'TOTP,U2F,Yubikey',
|
||||||
'bruteForceProtectionMaxAge' => 300,
|
'bruteForceProtectionMaxAge' => 300,
|
||||||
'bruteForceProtectionMaxFailed' => 3,
|
'bruteForceProtectionMaxFailed' => 3,
|
||||||
'bruteForceProtectionTempo' => 30,
|
'bruteForceProtectionTempo' => 30,
|
||||||
'captcha_mail_enabled' => 1,
|
'captcha_mail_enabled' => 1,
|
||||||
'captcha_register_enabled' => 1,
|
'captcha_register_enabled' => 1,
|
||||||
'captcha_size' => 6,
|
'captcha_size' => 6,
|
||||||
'casAccessControlPolicy' => 'none',
|
'casAccessControlPolicy' => 'none',
|
||||||
'casAuthnLevel' => 1,
|
'casAuthnLevel' => 1,
|
||||||
'checkTime' => 600,
|
'checkTime' => 600,
|
||||||
'checkUserHiddenAttributes' => '_loginHistory hGroups',
|
'checkUserHiddenAttributes' => '_loginHistory hGroups',
|
||||||
'checkUserIdRule' => 1,
|
'checkUserIdRule' => 1,
|
||||||
'checkXSS' => 1,
|
'checkXSS' => 1,
|
||||||
'confirmFormMethod' => 'post',
|
'confirmFormMethod' => 'post',
|
||||||
'cookieName' => 'lemonldap',
|
'contextSwitchingHiddenAttributes' => '',
|
||||||
'corsAllow_Credentials' => 'true',
|
'contextSwitchingIdRule' => 1,
|
||||||
'corsAllow_Headers' => '*',
|
'contextSwitchingRule' => 0,
|
||||||
'corsAllow_Methods' => 'POST,GET',
|
'contextSwitchingStopWithLogout' => 1,
|
||||||
'corsAllow_Origin' => '*',
|
'cookieName' => 'lemonldap',
|
||||||
'corsEnabled' => 1,
|
'corsAllow_Credentials' => 'true',
|
||||||
'corsExpose_Headers' => '*',
|
'corsAllow_Headers' => '*',
|
||||||
'corsMax_Age' => '86400',
|
'corsAllow_Methods' => 'POST,GET',
|
||||||
'cspConnect' => '\'self\'',
|
'corsAllow_Origin' => '*',
|
||||||
'cspDefault' => '\'self\'',
|
'corsEnabled' => 1,
|
||||||
'cspFont' => '\'self\'',
|
'corsExpose_Headers' => '*',
|
||||||
'cspFormAction' => '\'self\'',
|
'corsMax_Age' => '86400',
|
||||||
'cspImg' => '\'self\' data:',
|
'cspConnect' => '\'self\'',
|
||||||
'cspScript' => '\'self\'',
|
'cspDefault' => '\'self\'',
|
||||||
'cspStyle' => '\'self\'',
|
'cspFont' => '\'self\'',
|
||||||
'dbiAuthnLevel' => 2,
|
'cspFormAction' => '\'self\'',
|
||||||
'dbiExportedVars' => {},
|
'cspImg' => '\'self\' data:',
|
||||||
'demoExportedVars' => {
|
'cspScript' => '\'self\'',
|
||||||
|
'cspStyle' => '\'self\'',
|
||||||
|
'dbiAuthnLevel' => 2,
|
||||||
|
'dbiExportedVars' => {},
|
||||||
|
'demoExportedVars' => {
|
||||||
'cn' => 'cn',
|
'cn' => 'cn',
|
||||||
'mail' => 'mail',
|
'mail' => 'mail',
|
||||||
'uid' => 'uid'
|
'uid' => 'uid'
|
||||||
|
|
|
@ -5,7 +5,7 @@ use strict;
|
||||||
use Exporter 'import';
|
use Exporter 'import';
|
||||||
use base qw(Exporter);
|
use base qw(Exporter);
|
||||||
|
|
||||||
our $VERSION = '2.0.5';
|
our $VERSION = '2.0.6';
|
||||||
|
|
||||||
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)] );
|
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)] );
|
||||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
|
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
|
||||||
package Lemonldap::NG::Manager::Attributes;
|
package Lemonldap::NG::Manager::Attributes;
|
||||||
|
|
||||||
our $VERSION = '2.0.5';
|
our $VERSION = '2.0.6';
|
||||||
|
|
||||||
sub perlExpr {
|
sub perlExpr {
|
||||||
my ( $val, $conf ) = @_;
|
my ( $val, $conf ) = @_;
|
||||||
|
@ -257,10 +257,6 @@ sub attributes {
|
||||||
'default' => 1,
|
'default' => 1,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
},
|
},
|
||||||
'adminImpersonationRule' => {
|
|
||||||
'default' => 1,
|
|
||||||
'type' => 'boolOrExpr'
|
|
||||||
},
|
|
||||||
'ADPwdExpireWarning' => {
|
'ADPwdExpireWarning' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'int'
|
'type' => 'int'
|
||||||
|
@ -927,6 +923,25 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
],
|
],
|
||||||
'type' => 'select'
|
'type' => 'select'
|
||||||
},
|
},
|
||||||
|
'contextSwitchingHiddenAttributes' => {
|
||||||
|
'default' => '',
|
||||||
|
'type' => 'text'
|
||||||
|
},
|
||||||
|
'contextSwitchingIdRule' => {
|
||||||
|
'default' => 1,
|
||||||
|
'test' => sub {
|
||||||
|
return perlExpr(@_);
|
||||||
|
},
|
||||||
|
'type' => 'text'
|
||||||
|
},
|
||||||
|
'contextSwitchingRule' => {
|
||||||
|
'default' => 0,
|
||||||
|
'type' => 'boolOrExpr'
|
||||||
|
},
|
||||||
|
'contextSwitchingStopWithLogout' => {
|
||||||
|
'default' => 1,
|
||||||
|
'type' => 'bool'
|
||||||
|
},
|
||||||
'cookieExpiration' => {
|
'cookieExpiration' => {
|
||||||
'type' => 'int'
|
'type' => 'int'
|
||||||
},
|
},
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
package Lemonldap::NG::Manager::Build::Attributes;
|
package Lemonldap::NG::Manager::Build::Attributes;
|
||||||
|
|
||||||
our $VERSION = '2.0.5';
|
our $VERSION = '2.0.6';
|
||||||
use strict;
|
use strict;
|
||||||
use Regexp::Common qw/URI/;
|
use Regexp::Common qw/URI/;
|
||||||
|
|
||||||
|
@ -486,10 +486,27 @@ sub attributes {
|
||||||
documentation => 'Skip session empty values',
|
documentation => 'Skip session empty values',
|
||||||
flags => 'p',
|
flags => 'p',
|
||||||
},
|
},
|
||||||
adminImpersonationRule => {
|
contextSwitchingRule => {
|
||||||
type => 'boolOrExpr',
|
type => 'boolOrExpr',
|
||||||
|
default => 0,
|
||||||
|
documentation => 'Context switching activation rule',
|
||||||
|
},
|
||||||
|
contextSwitchingIdRule => {
|
||||||
|
type => 'text',
|
||||||
|
test => sub { return perlExpr(@_) },
|
||||||
default => 1,
|
default => 1,
|
||||||
documentation => 'adminImpersonation activation rule',
|
documentation => 'Context switching identities rule',
|
||||||
|
},
|
||||||
|
contextSwitchingStopWithLogout => {
|
||||||
|
type => 'bool',
|
||||||
|
default => 1,
|
||||||
|
documentation => 'Stop context switching by logout',
|
||||||
|
},
|
||||||
|
contextSwitchingHiddenAttributes => {
|
||||||
|
type => 'text',
|
||||||
|
default => '',
|
||||||
|
documentation => 'Attributes to skip',
|
||||||
|
flags => 'p',
|
||||||
},
|
},
|
||||||
skipRenewConfirmation => {
|
skipRenewConfirmation => {
|
||||||
type => 'bool',
|
type => 'bool',
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
package Lemonldap::NG::Manager::Build::Tree;
|
package Lemonldap::NG::Manager::Build::Tree;
|
||||||
|
|
||||||
our $VERSION = '2.0.3';
|
our $VERSION = '2.0.6';
|
||||||
|
|
||||||
# TODO: Missing:
|
# TODO: Missing:
|
||||||
# * activeTimer
|
# * activeTimer
|
||||||
|
@ -657,12 +657,22 @@ sub tree {
|
||||||
nodes => [
|
nodes => [
|
||||||
'impersonationRule',
|
'impersonationRule',
|
||||||
'impersonationIdRule',
|
'impersonationIdRule',
|
||||||
'impersonationPrefix',
|
|
||||||
'impersonationHiddenAttributes',
|
'impersonationHiddenAttributes',
|
||||||
'impersonationSkipEmptyValues',
|
'impersonationSkipEmptyValues',
|
||||||
'impersonationMergeSSOgroups',
|
'impersonationMergeSSOgroups',
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
title => 'contextSwitching',
|
||||||
|
help => 'contextswitching.html',
|
||||||
|
form => 'simpleInputContainer',
|
||||||
|
nodes => [
|
||||||
|
'contextSwitchingRule',
|
||||||
|
'contextSwitchingIdRule',
|
||||||
|
'contextSwitchingStopWithLogout',
|
||||||
|
'contextSwitchingHiddenAttributes',
|
||||||
|
]
|
||||||
|
},
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -140,6 +140,11 @@
|
||||||
"categoryName":"اسم الفئة",
|
"categoryName":"اسم الفئة",
|
||||||
"cda":"نطاقات متعددة",
|
"cda":"نطاقات متعددة",
|
||||||
"contentSecurityPolicy":"السياسة الأمنية للمحتوى",
|
"contentSecurityPolicy":"السياسة الأمنية للمحتوى",
|
||||||
|
"contextSwitching":"Switch context anoter user",
|
||||||
|
"contextSwitchingHiddenAttributes":"Stop by logout",
|
||||||
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
|
"contextSwitchingRule":"استخدام القاعدة",
|
||||||
|
"contextSwitchingStopWithLogout":"Identities use rule",
|
||||||
"cspDefault":"القيمة الاعتيادية ",
|
"cspDefault":"القيمة الاعتيادية ",
|
||||||
"cspFormAction":"Form destinations",
|
"cspFormAction":"Form destinations",
|
||||||
"cspImg":"مصدر الصورة",
|
"cspImg":"مصدر الصورة",
|
||||||
|
@ -303,7 +308,6 @@
|
||||||
"impersonationIdRule":"Identities use rule",
|
"impersonationIdRule":"Identities use rule",
|
||||||
"impersonationHiddenAttributes":"السمات المخفية",
|
"impersonationHiddenAttributes":"السمات المخفية",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationPrefix":"Real attributes prefix",
|
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
"incompleteForm":"الحقول المطلوبة مفقودة",
|
"incompleteForm":"الحقول المطلوبة مفقودة",
|
||||||
"index":"فهرس",
|
"index":"فهرس",
|
||||||
|
|
|
@ -140,6 +140,11 @@
|
||||||
"categoryName":"Category name",
|
"categoryName":"Category name",
|
||||||
"cda":"Mehrere Domains",
|
"cda":"Mehrere Domains",
|
||||||
"contentSecurityPolicy":"Content security policy",
|
"contentSecurityPolicy":"Content security policy",
|
||||||
|
"contextSwitching":"Switch context anoter user",
|
||||||
|
"contextSwitchingHiddenAttributes":"Hidden attributes",
|
||||||
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
|
"contextSwitchingRule":"Use rule",
|
||||||
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
"cspDefault":"Default value",
|
"cspDefault":"Default value",
|
||||||
"cspFormAction":"Form destinations",
|
"cspFormAction":"Form destinations",
|
||||||
"cspImg":"Image source",
|
"cspImg":"Image source",
|
||||||
|
@ -303,7 +308,6 @@
|
||||||
"impersonationIdRule":"Identities use rule",
|
"impersonationIdRule":"Identities use rule",
|
||||||
"impersonationHiddenAttributes":"Hidden attributes",
|
"impersonationHiddenAttributes":"Hidden attributes",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationPrefix":"Real attributes prefix",
|
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
"incompleteForm":"Required fields are missing",
|
"incompleteForm":"Required fields are missing",
|
||||||
"index":"Index",
|
"index":"Index",
|
||||||
|
|
|
@ -140,6 +140,11 @@
|
||||||
"categoryName":"Category name",
|
"categoryName":"Category name",
|
||||||
"cda":"Multiple domains",
|
"cda":"Multiple domains",
|
||||||
"contentSecurityPolicy":"Content security policy",
|
"contentSecurityPolicy":"Content security policy",
|
||||||
|
"contextSwitching":"Switch context anoter user",
|
||||||
|
"contextSwitchingHiddenAttributes":"Hidden attributes",
|
||||||
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
|
"contextSwitchingRule":"Use rule",
|
||||||
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
"cspDefault":"Default value",
|
"cspDefault":"Default value",
|
||||||
"cspFormAction":"Form destinations",
|
"cspFormAction":"Form destinations",
|
||||||
"cspImg":"Image source",
|
"cspImg":"Image source",
|
||||||
|
@ -303,7 +308,6 @@
|
||||||
"impersonationIdRule":"Identities use rule",
|
"impersonationIdRule":"Identities use rule",
|
||||||
"impersonationHiddenAttributes":"Hidden attributes",
|
"impersonationHiddenAttributes":"Hidden attributes",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationPrefix":"Real attributes prefix",
|
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
"incompleteForm":"Required fields are missing",
|
"incompleteForm":"Required fields are missing",
|
||||||
"index":"Index",
|
"index":"Index",
|
||||||
|
|
|
@ -140,6 +140,11 @@
|
||||||
"categoryName":"Nom de la catégorie",
|
"categoryName":"Nom de la catégorie",
|
||||||
"cda":"Domaines multiples",
|
"cda":"Domaines multiples",
|
||||||
"contentSecurityPolicy":"Politique de sécurité de contenu",
|
"contentSecurityPolicy":"Politique de sécurité de contenu",
|
||||||
|
"contextSwitching":"Endossement d'identités",
|
||||||
|
"contextSwitchingHiddenAttributes":"Attributs masqués",
|
||||||
|
"contextSwitchingIdRule":"Règle d'utilisation des identités",
|
||||||
|
"contextSwitchingRule":"Règle d'utilisation",
|
||||||
|
"contextSwitchingStopWithLogout":"Arrêt par déconnexion",
|
||||||
"cspDefault":"Valeur par défaut",
|
"cspDefault":"Valeur par défaut",
|
||||||
"cspFormAction":"Destinations des formulaires",
|
"cspFormAction":"Destinations des formulaires",
|
||||||
"cspImg":"Sources des images",
|
"cspImg":"Sources des images",
|
||||||
|
@ -303,7 +308,6 @@
|
||||||
"impersonationIdRule":"Règle d'utilisation des identités",
|
"impersonationIdRule":"Règle d'utilisation des identités",
|
||||||
"impersonationHiddenAttributes":"Attributs masqués",
|
"impersonationHiddenAttributes":"Attributs masqués",
|
||||||
"impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
|
"impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
|
||||||
"impersonationPrefix":"Préfix des vrais attributs",
|
|
||||||
"impersonationSkipEmptyValues":"Ignorer les valeurs nulles",
|
"impersonationSkipEmptyValues":"Ignorer les valeurs nulles",
|
||||||
"incompleteForm":"Des champs requis manquent",
|
"incompleteForm":"Des champs requis manquent",
|
||||||
"index":"Index",
|
"index":"Index",
|
||||||
|
|
|
@ -140,6 +140,11 @@
|
||||||
"categoryName":"Nome della categoria",
|
"categoryName":"Nome della categoria",
|
||||||
"cda":"Domini multipli",
|
"cda":"Domini multipli",
|
||||||
"contentSecurityPolicy":"Politica di protezione dei contenuti",
|
"contentSecurityPolicy":"Politica di protezione dei contenuti",
|
||||||
|
"contextSwitching":"Switch context anoter user",
|
||||||
|
"contextSwitchingHiddenAttributes":"Hidden attributes",
|
||||||
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
|
"contextSwitchingRule":"Use rule",
|
||||||
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
"cspDefault":"Valore di default",
|
"cspDefault":"Valore di default",
|
||||||
"cspFormAction":"Formare le destinazioni",
|
"cspFormAction":"Formare le destinazioni",
|
||||||
"cspImg":"Origine immagine",
|
"cspImg":"Origine immagine",
|
||||||
|
@ -303,7 +308,6 @@
|
||||||
"impersonationIdRule":"Le identità usano la regola",
|
"impersonationIdRule":"Le identità usano la regola",
|
||||||
"impersonationHiddenAttributes":"Attributi nascosti",
|
"impersonationHiddenAttributes":"Attributi nascosti",
|
||||||
"impersonationMergeSSOgroups":"Unisci gruppi SSO usurpati e reali",
|
"impersonationMergeSSOgroups":"Unisci gruppi SSO usurpati e reali",
|
||||||
"impersonationPrefix":"Prefisso degli attributi reali",
|
|
||||||
"impersonationSkipEmptyValues":"Salta valori vuoti",
|
"impersonationSkipEmptyValues":"Salta valori vuoti",
|
||||||
"incompleteForm":"Mancano campi obbligatori",
|
"incompleteForm":"Mancano campi obbligatori",
|
||||||
"index":"Indice",
|
"index":"Indice",
|
||||||
|
|
|
@ -140,6 +140,11 @@
|
||||||
"categoryName":"Tên thể loại",
|
"categoryName":"Tên thể loại",
|
||||||
"cda":"Nhiều tên miền",
|
"cda":"Nhiều tên miền",
|
||||||
"contentSecurityPolicy":"Chính sách bảo mật nội dung",
|
"contentSecurityPolicy":"Chính sách bảo mật nội dung",
|
||||||
|
"contextSwitching":"Switch context anoter user",
|
||||||
|
"contextSwitchingHiddenAttributes":"Hidden attributes",
|
||||||
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
|
"contextSwitchingRule":"Use rule",
|
||||||
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
"cspDefault":"Giá trị mặc định",
|
"cspDefault":"Giá trị mặc định",
|
||||||
"cspFormAction":"Form destinations",
|
"cspFormAction":"Form destinations",
|
||||||
"cspImg":"Nguồn ảnh",
|
"cspImg":"Nguồn ảnh",
|
||||||
|
@ -303,7 +308,6 @@
|
||||||
"impersonationIdRule":"Identities use rule",
|
"impersonationIdRule":"Identities use rule",
|
||||||
"impersonationHiddenAttributes":"Thuộc tính ẩn",
|
"impersonationHiddenAttributes":"Thuộc tính ẩn",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationPrefix":"Real attributes prefix",
|
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
"incompleteForm":"Các trường bắt buộc bị thiếu",
|
"incompleteForm":"Các trường bắt buộc bị thiếu",
|
||||||
"index":"Chỉ mục",
|
"index":"Chỉ mục",
|
||||||
|
|
|
@ -140,6 +140,11 @@
|
||||||
"categoryName":"分类名称",
|
"categoryName":"分类名称",
|
||||||
"cda":"Multiple domains",
|
"cda":"Multiple domains",
|
||||||
"contentSecurityPolicy":"Content security policy",
|
"contentSecurityPolicy":"Content security policy",
|
||||||
|
"contextSwitching":"Switch context anoter user",
|
||||||
|
"contextSwitchingHiddenAttributes":"Hidden attributes",
|
||||||
|
"contextSwitchingIdRule":"Identities use rule",
|
||||||
|
"contextSwitchingRule":"Use rule",
|
||||||
|
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||||
"cspDefault":"Default value",
|
"cspDefault":"Default value",
|
||||||
"cspFormAction":"Form destinations",
|
"cspFormAction":"Form destinations",
|
||||||
"cspImg":"Image source",
|
"cspImg":"Image source",
|
||||||
|
@ -303,7 +308,6 @@
|
||||||
"impersonationIdRule":"Identities use rule",
|
"impersonationIdRule":"Identities use rule",
|
||||||
"impersonationHiddenAttributes":"Hidden attributes",
|
"impersonationHiddenAttributes":"Hidden attributes",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||||
"impersonationPrefix":"Real attributes prefix",
|
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Skip empty values",
|
||||||
"incompleteForm":"Required fields are missing",
|
"incompleteForm":"Required fields are missing",
|
||||||
"index":"Index",
|
"index":"Index",
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -55,7 +55,7 @@ my @notManagedAttributes = (
|
||||||
'configStorage', 'status', 'localStorageOptions', 'localStorage',
|
'configStorage', 'status', 'localStorageOptions', 'localStorage',
|
||||||
'max2FDevices', 'max2FDevicesNameLength', 'checkTime',
|
'max2FDevices', 'max2FDevicesNameLength', 'checkTime',
|
||||||
'mySessionAuthorizedRWKeys', 'handlerInternalCache',
|
'mySessionAuthorizedRWKeys', 'handlerInternalCache',
|
||||||
'handlerServiceTokenTTL'
|
'handlerServiceTokenTTL', 'impersonationPrefix'
|
||||||
);
|
);
|
||||||
|
|
||||||
# Words used either as attribute name and node title
|
# Words used either as attribute name and node title
|
||||||
|
|
|
@ -114,15 +114,15 @@ sub params {
|
||||||
$self->p->_sfEngine->display2fRegisters( $req, $req->userData );
|
$self->p->_sfEngine->display2fRegisters( $req, $req->userData );
|
||||||
$self->logger->debug("Display 2fRegisters link") if $res{sfaManager};
|
$self->logger->debug("Display 2fRegisters link") if $res{sfaManager};
|
||||||
|
|
||||||
# Display adminImpersonation link only if allowed
|
# Display ContextSwitching link only if allowed
|
||||||
my $impPlugin = $self->p->loadedModules->{
|
my $cswPlugin = $self->p->loadedModules->{
|
||||||
'Lemonldap::NG::Portal::Plugins::AdminImpersonation'};
|
'Lemonldap::NG::Portal::Plugins::ContextSwitching'};
|
||||||
$res{adminImpersonation} =
|
$res{contextSwitching} =
|
||||||
$impPlugin
|
$cswPlugin
|
||||||
? $impPlugin->displayAdminImpersonation( $req, $req->userData )
|
? $cswPlugin->displaySwitchContext( $req, $req->userData )
|
||||||
: '';
|
: '';
|
||||||
$self->logger->debug("Display AdminImpersonation link")
|
$self->logger->debug("Display SwitchContext link")
|
||||||
if $res{adminImpersonation};
|
if $res{contextSwitching};
|
||||||
|
|
||||||
return %res;
|
return %res;
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,7 +27,7 @@ our @pList = (
|
||||||
portalForceAuthn => '::Plugins::ForceAuthn',
|
portalForceAuthn => '::Plugins::ForceAuthn',
|
||||||
checkUser => '::Plugins::CheckUser',
|
checkUser => '::Plugins::CheckUser',
|
||||||
impersonationRule => '::Plugins::Impersonation',
|
impersonationRule => '::Plugins::Impersonation',
|
||||||
adminImpersonationRule => '::Plugins::AdminImpersonation',
|
contextSwitchingRule => '::Plugins::ContextSwitching',
|
||||||
);
|
);
|
||||||
|
|
||||||
##@method list enabledPlugins
|
##@method list enabledPlugins
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
package Lemonldap::NG::Portal::Plugins::AdminImpersonation;
|
package Lemonldap::NG::Portal::Plugins::ContextSwitching;
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
use Mouse;
|
use Mouse;
|
||||||
|
@ -16,7 +16,7 @@ has rule => ( is => 'rw', default => sub { 1 } );
|
||||||
has idRule => ( is => 'rw', default => sub { 1 } );
|
has idRule => ( is => 'rw', default => sub { 1 } );
|
||||||
|
|
||||||
sub hAttr {
|
sub hAttr {
|
||||||
$_[0]->{conf}->{impersonationHiddenAttributes} . ' '
|
$_[0]->{conf}->{contextSwitchingHiddenAttributes} . ' '
|
||||||
. $_[0]->{conf}->{hiddenAttributes};
|
. $_[0]->{conf}->{hiddenAttributes};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,29 +34,29 @@ has ott => (
|
||||||
sub init {
|
sub init {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
my $hd = $self->p->HANDLER;
|
my $hd = $self->p->HANDLER;
|
||||||
$self->addAuthRoute( impersonate => 'run', ['POST'] );
|
$self->addAuthRoute( switchcontext => 'run', ['POST'] );
|
||||||
$self->addAuthRoute( impersonate => 'display', ['GET'] );
|
$self->addAuthRoute( switchcontext => 'display', ['GET'] );
|
||||||
|
|
||||||
# Parse activation rule
|
# Parse activation rule
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
'AdminImpersonation rule -> ' . $self->conf->{adminImpersonationRule} );
|
'ContextSwitching rule -> ' . $self->conf->{contextSwitchingRule} );
|
||||||
my $rule =
|
my $rule =
|
||||||
$hd->buildSub( $hd->substitute( $self->conf->{adminImpersonationRule} ) );
|
$hd->buildSub( $hd->substitute( $self->conf->{contextSwitchingRule} ) );
|
||||||
unless ($rule) {
|
unless ($rule) {
|
||||||
$self->error(
|
$self->error(
|
||||||
'Bad adminImpersonation rule -> ' . $hd->tsv->{jail}->error );
|
'Bad contextSwitching rule -> ' . $hd->tsv->{jail}->error );
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
$self->rule($rule);
|
$self->rule($rule);
|
||||||
|
|
||||||
# Parse identity rule
|
# Parse identity rule
|
||||||
$self->logger->debug( "Impersonation identity rule -> "
|
$self->logger->debug( "ContextSwitching identities rule -> "
|
||||||
. $self->conf->{impersonationIdRule} );
|
. $self->conf->{contextSwitchingIdRule} );
|
||||||
$rule =
|
$rule =
|
||||||
$hd->buildSub( $hd->substitute( $self->conf->{impersonationIdRule} ) );
|
$hd->buildSub( $hd->substitute( $self->conf->{contextSwitchingIdRule} ) );
|
||||||
unless ($rule) {
|
unless ($rule) {
|
||||||
$self->error(
|
$self->error(
|
||||||
"Bad impersonation identity rule -> " . $hd->tsv->{jail}->error );
|
"Bad contextSwitching identities rule -> " . $hd->tsv->{jail}->error );
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
$self->idRule($rule);
|
$self->idRule($rule);
|
||||||
|
@ -73,10 +73,10 @@ sub display {
|
||||||
PORTAL => $self->conf->{portal},
|
PORTAL => $self->conf->{portal},
|
||||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||||
LANGS => $self->conf->{showLanguages},
|
LANGS => $self->conf->{showLanguages},
|
||||||
MSG => 'impersonate',
|
MSG => 'contextSwitching',
|
||||||
ALERTE => 'alert-danger',
|
ALERTE => 'alert-danger',
|
||||||
LOGIN => '',
|
LOGIN => '',
|
||||||
SPOOFID => $self->conf->{adminImpersonationRule},
|
SPOOFID => $self->conf->{contextSwitchingRule},
|
||||||
TOKEN => (
|
TOKEN => (
|
||||||
$self->ottRule->( $req, {} )
|
$self->ottRule->( $req, {} )
|
||||||
? $self->ott->createToken()
|
? $self->ott->createToken()
|
||||||
|
@ -84,7 +84,7 @@ sub display {
|
||||||
)
|
)
|
||||||
};
|
};
|
||||||
|
|
||||||
return $self->p->sendHtml( $req, 'adminImpersonation', params => $params, );
|
return $self->p->sendHtml( $req, 'contextSwitching', params => $params, );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub run {
|
sub run {
|
||||||
|
@ -93,7 +93,7 @@ sub run {
|
||||||
my $spoofId = $req->param('spoofId') || ''; # Impersonation required ?
|
my $spoofId = $req->param('spoofId') || ''; # Impersonation required ?
|
||||||
|
|
||||||
unless ($spoofId) {
|
unless ($spoofId) {
|
||||||
$self->logger->debug("No impersonation required");
|
$self->logger->debug("No context switching required");
|
||||||
$req->mustRedirect(1);
|
$req->mustRedirect(1);
|
||||||
return $self->p->do( $req, [ sub { PE_OK } ] );
|
return $self->p->do( $req, [ sub { PE_OK } ] );
|
||||||
}
|
}
|
||||||
|
@ -101,7 +101,7 @@ sub run {
|
||||||
unless ( $spoofId =~ /$self->{conf}->{userControl}/o ) {
|
unless ( $spoofId =~ /$self->{conf}->{userControl}/o ) {
|
||||||
$self->userLogger->error('Malformed spoofed Id');
|
$self->userLogger->error('Malformed spoofed Id');
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"AdminImpersonation tried with spoofed Id: $spoofId");
|
"Context switching tried with spoofed Id: $spoofId");
|
||||||
$spoofId = $req->{user};
|
$spoofId = $req->{user};
|
||||||
$statut = PE_MALFORMEDUSER;
|
$statut = PE_MALFORMEDUSER;
|
||||||
}
|
}
|
||||||
|
@ -111,7 +111,7 @@ sub run {
|
||||||
$self->logger->debug("Spoof Id: $spoofId");
|
$self->logger->debug("Spoof Id: $spoofId");
|
||||||
unless ( $self->rule->( $req, $req->sessionInfo ) ) {
|
unless ( $self->rule->( $req, $req->sessionInfo ) ) {
|
||||||
$self->userLogger->error(
|
$self->userLogger->error(
|
||||||
'adminImpersonation service not authorized');
|
'Context switching service not authorized');
|
||||||
$spoofId = '';
|
$spoofId = '';
|
||||||
$statut = PE_IMPERSONATION_SERVICE_NOT_ALLOWED;
|
$statut = PE_IMPERSONATION_SERVICE_NOT_ALLOWED;
|
||||||
}
|
}
|
||||||
|
@ -122,9 +122,9 @@ sub run {
|
||||||
$self->logger->debug("Rename real attributes...");
|
$self->logger->debug("Rename real attributes...");
|
||||||
my $spk = '';
|
my $spk = '';
|
||||||
foreach my $k ( keys %{ $req->{userData} } ) {
|
foreach my $k ( keys %{ $req->{userData} } ) {
|
||||||
if ( $self->{conf}->{impersonationSkipEmptyValues} ) {
|
# if ( $self->{conf}->{impersonationSkipEmptyValues} ) {
|
||||||
next unless defined $req->{userData}->{$k};
|
# next unless defined $req->{userData}->{$k};
|
||||||
}
|
# }
|
||||||
$spk = "$self->{conf}->{impersonationPrefix}$k";
|
$spk = "$self->{conf}->{impersonationPrefix}$k";
|
||||||
unless ( $self->hAttr =~ /\b$k\b/
|
unless ( $self->hAttr =~ /\b$k\b/
|
||||||
|| $k =~ /^(?:_imp|token|_type)\w*\b/ )
|
|| $k =~ /^(?:_imp|token|_type)\w*\b/ )
|
||||||
|
@ -157,7 +157,7 @@ sub run {
|
||||||
# Merging SSO Groups and hGroups & dedup
|
# Merging SSO Groups and hGroups & dedup
|
||||||
$spoofSession->{groups} ||= '';
|
$spoofSession->{groups} ||= '';
|
||||||
$spoofSession->{hGroups} ||= {};
|
$spoofSession->{hGroups} ||= {};
|
||||||
if ( $self->{conf}->{impersonationMergeSSOgroups} ) {
|
#if ( $self->{conf}->{impersonationMergeSSOgroups} ) {
|
||||||
$self->userLogger->warn("MERGING SSO groups and hGroups...");
|
$self->userLogger->warn("MERGING SSO groups and hGroups...");
|
||||||
my $spg = "$self->{conf}->{impersonationPrefix}groups";
|
my $spg = "$self->{conf}->{impersonationPrefix}groups";
|
||||||
my $sphg = "$self->{conf}->{impersonationPrefix}hGroups";
|
my $sphg = "$self->{conf}->{impersonationPrefix}hGroups";
|
||||||
|
@ -171,20 +171,20 @@ sub run {
|
||||||
$realSession->{$sphg} ||= {};
|
$realSession->{$sphg} ||= {};
|
||||||
|
|
||||||
# Merge specified groups/hGroups only
|
# Merge specified groups/hGroups only
|
||||||
unless ( $self->{conf}->{impersonationMergeSSOgroups} eq 1 ) {
|
# unless ( $self->{conf}->{impersonationMergeSSOgroups} eq 1 ) {
|
||||||
my %SSOgroups = map { $_, 1 } split /\Q$separator/,
|
# my %SSOgroups = map { $_, 1 } split /\Q$separator/,
|
||||||
$self->{conf}->{impersonationMergeSSOgroups};
|
# $self->{conf}->{impersonationMergeSSOgroups};
|
||||||
|
|
||||||
$self->logger->debug("Filtering specified groups/hGroups...");
|
# $self->logger->debug("Filtering specified groups/hGroups...");
|
||||||
@realGrps = grep { exists $SSOgroups{$_} } @realGrps;
|
# @realGrps = grep { exists $SSOgroups{$_} } @realGrps;
|
||||||
my %intersct =
|
# my %intersct =
|
||||||
map {
|
# map {
|
||||||
$realSession->{$sphg}->{$_}
|
# $realSession->{$sphg}->{$_}
|
||||||
? ( $_, $realSession->{$sphg}->{$_} )
|
# ? ( $_, $realSession->{$sphg}->{$_} )
|
||||||
: ()
|
# : ()
|
||||||
} keys %SSOgroups;
|
# } keys %SSOgroups;
|
||||||
$realSession->{$sphg} = \%intersct;
|
# $realSession->{$sphg} = \%intersct;
|
||||||
}
|
# }
|
||||||
|
|
||||||
$self->logger->debug("Processing groups...");
|
$self->logger->debug("Processing groups...");
|
||||||
@spoofGrps = ( @spoofGrps, @realGrps );
|
@spoofGrps = ( @spoofGrps, @realGrps );
|
||||||
|
@ -194,7 +194,7 @@ sub run {
|
||||||
$self->logger->debug("Processing hGroups...");
|
$self->logger->debug("Processing hGroups...");
|
||||||
$spoofSession->{hGroups} =
|
$spoofSession->{hGroups} =
|
||||||
{ %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
|
{ %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
|
||||||
}
|
# }
|
||||||
|
|
||||||
# Main session
|
# Main session
|
||||||
$self->p->updateSession( $req, $spoofSession );
|
$self->p->updateSession( $req, $spoofSession );
|
||||||
|
@ -262,10 +262,10 @@ sub _userData {
|
||||||
return $req->{sessionInfo};
|
return $req->{sessionInfo};
|
||||||
}
|
}
|
||||||
|
|
||||||
sub displayAdminImpersonation {
|
sub displaySwitchContext {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $self->rule->( $req, $req->userData )
|
return 2 if $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
||||||
|| $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
return $self->rule->( $req, $req->userData );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
|
@ -37,13 +37,13 @@ sub init {
|
||||||
$self->rule($rule);
|
$self->rule($rule);
|
||||||
|
|
||||||
# Parse identity rule
|
# Parse identity rule
|
||||||
$self->logger->debug( "Impersonation identity rule -> "
|
$self->logger->debug( "Impersonation identities rule -> "
|
||||||
. $self->conf->{impersonationIdRule} );
|
. $self->conf->{impersonationIdRule} );
|
||||||
$rule =
|
$rule =
|
||||||
$hd->buildSub( $hd->substitute( $self->conf->{impersonationIdRule} ) );
|
$hd->buildSub( $hd->substitute( $self->conf->{impersonationIdRule} ) );
|
||||||
unless ($rule) {
|
unless ($rule) {
|
||||||
$self->error(
|
$self->error(
|
||||||
"Bad impersonation identity rule -> " . $hd->tsv->{jail}->error );
|
"Bad impersonation identities rule -> " . $hd->tsv->{jail}->error );
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
$self->idRule($rule);
|
$self->idRule($rule);
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 787 B |
Binary file not shown.
After Width: | Height: | Size: 895 B |
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"انا متاكد",
|
"imSure":"انا متاكد",
|
||||||
"info":"معلومات",
|
"info":"معلومات",
|
||||||
"ipAddr":"عنوان الأي بي",
|
"ipAddr":"عنوان الأي بي",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"ID",
|
"id":"ID",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"Ich bin sicher",
|
"imSure":"Ich bin sicher",
|
||||||
"info":"Information",
|
"info":"Information",
|
||||||
"ipAddr":"IP Adresse",
|
"ipAddr":"IP Adresse",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"I'm sure",
|
"imSure":"I'm sure",
|
||||||
"info":"Information",
|
"info":"Information",
|
||||||
"ipAddr":"IP address",
|
"ipAddr":"IP address",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"I'm sure",
|
"imSure":"I'm sure",
|
||||||
"info":"Information",
|
"info":"Information",
|
||||||
"ipAddr":"IP address",
|
"ipAddr":"IP address",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"Olen varma",
|
"imSure":"Olen varma",
|
||||||
"info":"Information",
|
"info":"Information",
|
||||||
"ipAddr":"IP-osoite",
|
"ipAddr":"IP-osoite",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"GROUPES SSO",
|
"groups_sso":"GROUPES SSO",
|
||||||
"headers":"ENTETES",
|
"headers":"ENTETES",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Endosser l'identité d'un autre utilisateur",
|
||||||
|
"switchContext":"Changer de contexte",
|
||||||
"imSure":"Je suis sûr",
|
"imSure":"Je suis sûr",
|
||||||
"info":"Information",
|
"info":"Information",
|
||||||
"ipAddr":"Adresse IP",
|
"ipAddr":"Adresse IP",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"GRUPPI SSO",
|
"groups_sso":"GRUPPI SSO",
|
||||||
"headers":"INTESTAZIONI",
|
"headers":"INTESTAZIONI",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"Sono sicuro",
|
"imSure":"Sono sicuro",
|
||||||
"info":"Informazioni",
|
"info":"Informazioni",
|
||||||
"ipAddr":"Indirizzo IP",
|
"ipAddr":"Indirizzo IP",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"I'm sure",
|
"imSure":"I'm sure",
|
||||||
"info":"Information",
|
"info":"Information",
|
||||||
"ipAddr":"IP address",
|
"ipAddr":"IP address",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"I'm sure",
|
"imSure":"I'm sure",
|
||||||
"info":"Information",
|
"info":"Information",
|
||||||
"ipAddr":"IP address",
|
"ipAddr":"IP address",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"I'm sure",
|
"imSure":"I'm sure",
|
||||||
"info":"Information",
|
"info":"Information",
|
||||||
"ipAddr":"IP address",
|
"ipAddr":"IP address",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"Tôi chắc chắn",
|
"imSure":"Tôi chắc chắn",
|
||||||
"info":"Thông tin",
|
"info":"Thông tin",
|
||||||
"ipAddr":"Địa chỉ IP",
|
"ipAddr":"Địa chỉ IP",
|
||||||
|
|
|
@ -143,6 +143,8 @@
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"SSO GROUPS",
|
||||||
"headers":"HEADERS",
|
"headers":"HEADERS",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
|
"contextSwitching":"Impersonate another user",
|
||||||
|
"switchContext":"Switch context",
|
||||||
"imSure":"我确认",
|
"imSure":"我确认",
|
||||||
"info":"信息",
|
"info":"信息",
|
||||||
"ipAddr":"IP 地址",
|
"ipAddr":"IP 地址",
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>
|
<div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>
|
||||||
-->
|
-->
|
||||||
<div class="alert <TMPL_VAR NAME="ALERTE"> alert"><div class="text-center"><span trspan="<TMPL_VAR NAME="MSG">"></span></div></div>
|
<div class="alert <TMPL_VAR NAME="ALERTE"> alert"><div class="text-center"><span trspan="<TMPL_VAR NAME="MSG">"></span></div></div>
|
||||||
<form id="adminImpersonation" action="/impersonate" method="post" class="password" role="form">
|
<form id="contextSwitching" action="/switchcontext" method="post" class="password" role="form">
|
||||||
<div class="buttons">
|
<div class="buttons">
|
||||||
<TMPL_IF NAME="TOKEN">
|
<TMPL_IF NAME="TOKEN">
|
||||||
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
|
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
<button type="submit" class="btn btn-success">
|
<button type="submit" class="btn btn-success">
|
||||||
<span class="fa fa-random"></span>
|
<span class="fa fa-random"></span>
|
||||||
<span trspan="impersonate">Impersonate</span>
|
<span trspan="switchContext">switchContext</span>
|
||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
|
@ -67,10 +67,10 @@
|
||||||
<span trspan="sfaManager">sfaManager</span>
|
<span trspan="sfaManager">sfaManager</span>
|
||||||
</a></li>
|
</a></li>
|
||||||
</TMPL_IF>
|
</TMPL_IF>
|
||||||
<TMPL_IF NAME="adminImpersonation">
|
<TMPL_IF NAME="contextSwitching">
|
||||||
<li class="dropdown-item"><a href="/impersonate" class="nav-link">
|
<li class="dropdown-item"><a href="/switchcontext" class="nav-link">
|
||||||
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/sfa_manager.png" width="16" height="16" alt="refresh" />
|
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/switchcontext1.png" width="16" height="16" alt="refresh" />
|
||||||
<span trspan="adminImpersonate">adminImpersonate</span>
|
<span trspan="contextSwitching">contextSwitching</span>
|
||||||
</a></li>
|
</a></li>
|
||||||
</TMPL_IF>
|
</TMPL_IF>
|
||||||
<li class="dropdown-item"><a href="/refresh" class="nav-link">
|
<li class="dropdown-item"><a href="/refresh" class="nav-link">
|
||||||
|
|
Loading…
Reference in New Issue
Block a user