diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm index 08907bed0..cba9d4964 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm @@ -24,7 +24,7 @@ our $specialNodeHash = { our $doubleHashKeys = 'issuerDBGetParameters'; our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))'; our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s'; -our $casAppMetaDataNodeKeys = 'casAppMetaData(?:OptionsService|ExportedVars)'; +our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedVars)'; our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)'; our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))'; our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|ExportedVars)'; @@ -67,6 +67,5 @@ our $issuerParameters = { }; our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter)]; our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)]; -our $casServiceParameters = [qw()]; 1; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index f1176e8ee..10a484101 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -640,6 +640,25 @@ sub attributes { 'casAppMetaDataOptions' => { 'type' => 'subContainer' }, + 'casAppMetaDataOptionsRule' => { + 'test' => sub { + my ( $val, $conf ) = @_; + my $s = ''; + + BEGIN { + ${^WARNING_BITS} = +"\x54\x55\x55\x55\x15\x55\x55\x55\x55\x55\x51\x55\x55\x55\x55\x55\x55"; + } + eval "$s $val"; + my $err = join( + '', + grep( { $_ =~ /Undefined subroutine/ ? () : $_; } + split( /\n/, $@, 0 ) ) + ); + return $err ? ( 1, "__badExpression__: $err" ) : 1; + }, + 'type' => 'text' + }, 'casAppMetaDataOptionsService' => { 'type' => 'url' }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm index fb35e40a3..64e0e8fc3 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm @@ -214,7 +214,7 @@ EOF } print F "$tmp};\n"; } - foreach (qw(samlServiceParameters oidcServiceParameters casServiceParameters)) { + foreach (qw(samlServiceParameters oidcServiceParameters)) { no strict 'refs'; $tmp = "our \$$_ = [qw(" . join( ' ', @$$_ ) . ")];\n"; print F "$tmp"; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 29f5577ae..9ac924ea0 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -1237,16 +1237,21 @@ sub attributes { }, # Partners - casAppMetaDataOptions => { type => 'subContainer', }, + casAppMetaDataOptions => { type => 'subContainer', }, casAppMetaDataExportedVars => { type => 'keyTextContainer', default => { cn => 'cn', mail => 'mail', uid => 'uid', }, documentation => 'CAS exported variables', }, casAppMetaDataOptionsService => { - type => 'url', + type => 'url', documentation => 'CAS App service', }, + casAppMetaDataOptionsRule => { + type => 'text', + test => $perlExpr, + documentation => 'CAS App rule', + }, # Fake attribute: used by manager REST API to agglomerate all nodes # related to a SAML SP partner @@ -2083,7 +2088,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: default => { cn => 'cn', mail => 'mail', uid => 'uid', }, documentation => 'CAS exported variables', }, - casSrvMetaDataOptions => { type => 'subContainer', }, + casSrvMetaDataOptions => { type => 'subContainer', }, casSrvMetaDataOptionsGateway => { type => 'bool', }, casSrvMetaDataOptionsProxiedServices => { type => 'keyTextContainer', @@ -2097,11 +2102,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: msgFail => '__badUrl__', }, casSrvMetaDataOptionsDisplayName => { - type => 'text', + type => 'text', documentation => 'Name to display for CAS server', }, casSrvMetaDataOptionsIcon => { - type => 'text', + type => 'text', documentation => 'Path of CAS Server Icon', }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index 48bac45ae..acf3b1778 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -231,7 +231,10 @@ sub cTrees { casAppMetaDataNode => [ { title => 'casAppMetaDataOptions', - nodes => ['casAppMetaDataOptionsService'] + nodes => [ + 'casAppMetaDataOptionsService', + 'casAppMetaDataOptionsRule' + ] }, 'casAppMetaDataExportedVars', ], diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js index 9d8036535..b4875380c 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js @@ -16,6 +16,11 @@ function templates(tpl,key) { "get" : tpl+"s/"+key+"/"+"casAppMetaDataOptionsService", "id" : tpl+"s/"+key+"/"+"casAppMetaDataOptionsService", "title" : "casAppMetaDataOptionsService" + }, + { + "get" : tpl+"s/"+key+"/"+"casAppMetaDataOptionsRule", + "id" : tpl+"s/"+key+"/"+"casAppMetaDataOptionsRule", + "title" : "casAppMetaDataOptionsRule" } ], "id" : "casAppMetaDataOptions", diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js index efce2a720..19484646d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js @@ -1 +1 @@ -function templates(b,c){var d;var a=function(e){return{id:b+"s/"+(d++),title:e,get:b+"s/"+c+"/"+e}};switch(b){case"casAppMetaDataNode":return[{_nodes:[{get:b+"s/"+c+"/casAppMetaDataOptionsService",id:b+"s/"+c+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions"},{cnodes:b+"s/"+c+"/casAppMetaDataExportedVars","default":[{data:"cn",id:b+"s/"+c+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:b+"s/"+c+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:b+"s/"+c+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{_nodes:[{get:b+"s/"+c+"/casSrvMetaDataOptionsUrl",id:b+"s/"+c+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{get:b+"s/"+c+"/casSrvMetaDataOptionsRenew",id:b+"s/"+c+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{get:b+"s/"+c+"/casSrvMetaDataOptionsGateway",id:b+"s/"+c+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"},{cnodes:b+"s/"+c+"/casSrvMetaDataOptionsProxiedServices",id:b+"s/"+c+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{get:b+"s/"+c+"/casSrvMetaDataOptionsDisplayName",id:b+"s/"+c+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/casSrvMetaDataOptionsIcon",id:b+"s/"+c+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions"},{cnodes:b+"s/"+c+"/casSrvMetaDataExportedVars","default":[{data:"cn",id:b+"s/"+c+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:b+"s/"+c+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:b+"s/"+c+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"}];case"oidcOPMetaDataNode":return[{get:b+"s/"+c+"/oidcOPMetaDataJSON",id:b+"s/"+c+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:b+"s/"+c+"/oidcOPMetaDataJWKS",id:b+"s/"+c+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:b+"s/"+c+"/oidcOPMetaDataExportedVars","default":[{data:"name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",id:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",id:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",id:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{"default":"openid profile",get:b+"s/"+c+"/oidcOPMetaDataOptionsScope",id:b+"s/"+c+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{"default":"",get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",id:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",id:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",id:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{"default":"client_secret_post",get:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",id:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{"default":30,get:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",id:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"}];case"oidcRPMetaDataNode":return[{cnodes:b+"s/"+c+"/oidcRPMetaDataExportedVars","default":[{data:"mail",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/email",title:"email",type:"keyText"},{data:"sn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"keyText"},{data:"cn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/name",title:"name",type:"keyText"}],id:b+"s/"+c+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"}],id:"oidcRPMetaDataOptionsAuthentication",title:"oidcRPMetaDataOptionsAuthentication",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",id:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{"default":"HS512",get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",id:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"},{"default":0,get:b+"s/"+c+"/oidcRPMetaDataOptionsBypassConsent",help:"openidconnectclaims.html",id:b+"s/"+c+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutUrl",id:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{"default":"front",get:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutType",id:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"},{k:"back",v:"Back Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"}],id:"logout",title:"logout",type:"simpleInputContainer"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsRule",id:b+"s/"+c+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"}],id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims","default":[],id:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"}];case"samlIDPMetaDataNode":return[{get:b+"s/"+c+"/samlIDPMetaDataXML",id:b+"s/"+c+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlIDPMetaDataExportedAttributes","default":[],help:"authsaml.html#exported_attributes",id:b+"s/"+c+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",id:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",id:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsRelayStateURL",id:b+"s/"+c+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",id:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckTime",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckAudience",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:b+"s/"+c+"/samlSPMetaDataXML",id:b+"s/"+c+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlSPMetaDataExportedAttributes","default":[],help:"idpsaml.html#exported_attributes",id:b+"s/"+c+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{"default":"",get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",id:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:b+"s/"+c+"/samlSPMetaDataOptionsRule",id:b+"s/"+c+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"}];case"virtualHost":return[{cnodes:b+"s/"+c+"/locationRules","default":[{data:"deny",id:b+"s/"+c+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:b+"s/"+c+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:b+"s/"+c+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:b+"s/"+c+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:b+"s/"+c+"/post",help:"formreplay.html",id:b+"s/"+c+"/post",title:"post",type:"postContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/vhostPort",id:b+"s/"+c+"/vhostPort",title:"vhostPort",type:"int"},{"default":-1,get:b+"s/"+c+"/vhostHttps",id:b+"s/"+c+"/vhostHttps",title:"vhostHttps",type:"trool"},{"default":0,get:b+"s/"+c+"/vhostMaintenance",id:b+"s/"+c+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{get:b+"s/"+c+"/vhostAliases",id:b+"s/"+c+"/vhostAliases",title:"vhostAliases"},{"default":"Main",get:b+"s/"+c+"/vhostType",id:b+"s/"+c+"/vhostType",select:[{k:"Main",v:"Main"},{k:"Zimbra",v:"ZimbraPreAuth"},{k:"AuthBasic",v:"AuthBasic"},{k:"SecureToken",v:"SecureToken"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"ServiceToken",v:"ServiceToken"}],title:"vhostType",type:"select"},{get:b+"s/"+c+"/vhostAuthnLevel",id:b+"s/"+c+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"int"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions"}];default:return[]}}function setScopeVars(a){a.portal=a.data[0]._nodes[0]._nodes[0];a.getKey(a.portal);a.domain=a.data[0]._nodes[4]._nodes[1];a.getKey(a.domain)}; \ No newline at end of file +function templates(b,c){var d;var a=function(e){return{id:b+"s/"+(d++),title:e,get:b+"s/"+c+"/"+e}};switch(b){case"casAppMetaDataNode":return[{_nodes:[{get:b+"s/"+c+"/casAppMetaDataOptionsService",id:b+"s/"+c+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:b+"s/"+c+"/casAppMetaDataOptionsRule",id:b+"s/"+c+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions"},{cnodes:b+"s/"+c+"/casAppMetaDataExportedVars","default":[{data:"cn",id:b+"s/"+c+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:b+"s/"+c+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:b+"s/"+c+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{_nodes:[{get:b+"s/"+c+"/casSrvMetaDataOptionsUrl",id:b+"s/"+c+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{get:b+"s/"+c+"/casSrvMetaDataOptionsRenew",id:b+"s/"+c+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{get:b+"s/"+c+"/casSrvMetaDataOptionsGateway",id:b+"s/"+c+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"},{cnodes:b+"s/"+c+"/casSrvMetaDataOptionsProxiedServices",id:b+"s/"+c+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{get:b+"s/"+c+"/casSrvMetaDataOptionsDisplayName",id:b+"s/"+c+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/casSrvMetaDataOptionsIcon",id:b+"s/"+c+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions"},{cnodes:b+"s/"+c+"/casSrvMetaDataExportedVars","default":[{data:"cn",id:b+"s/"+c+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:b+"s/"+c+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:b+"s/"+c+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"}];case"oidcOPMetaDataNode":return[{get:b+"s/"+c+"/oidcOPMetaDataJSON",id:b+"s/"+c+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:b+"s/"+c+"/oidcOPMetaDataJWKS",id:b+"s/"+c+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:b+"s/"+c+"/oidcOPMetaDataExportedVars","default":[{data:"name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:b+"s/"+c+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:b+"s/"+c+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",id:b+"s/"+c+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",id:b+"s/"+c+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",id:b+"s/"+c+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{"default":"openid profile",get:b+"s/"+c+"/oidcOPMetaDataOptionsScope",id:b+"s/"+c+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{"default":"",get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",id:b+"s/"+c+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{"default":0,get:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",id:b+"s/"+c+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",id:b+"s/"+c+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{"default":"client_secret_post",get:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:b+"s/"+c+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",id:b+"s/"+c+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{"default":30,get:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:b+"s/"+c+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{"default":1,get:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",id:b+"s/"+c+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"}];case"oidcRPMetaDataNode":return[{cnodes:b+"s/"+c+"/oidcRPMetaDataExportedVars","default":[{data:"mail",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/email",title:"email",type:"keyText"},{data:"sn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"keyText"},{data:"cn",id:b+"s/"+c+"/oidcRPMetaDataExportedVars/name",title:"name",type:"keyText"}],id:b+"s/"+c+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",id:b+"s/"+c+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"}],id:"oidcRPMetaDataOptionsAuthentication",title:"oidcRPMetaDataOptionsAuthentication",type:"simpleInputContainer"},{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",id:b+"s/"+c+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",id:b+"s/"+c+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",id:b+"s/"+c+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{"default":"HS512",get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{"default":3600,get:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:b+"s/"+c+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",id:b+"s/"+c+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"},{"default":0,get:b+"s/"+c+"/oidcRPMetaDataOptionsBypassConsent",help:"openidconnectclaims.html",id:b+"s/"+c+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{_nodes:[{get:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutUrl",id:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{"default":"front",get:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutType",id:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"},{k:"back",v:"Back Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:b+"s/"+c+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"}],id:"logout",title:"logout",type:"simpleInputContainer"},{get:b+"s/"+c+"/oidcRPMetaDataOptionsRule",id:b+"s/"+c+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"}],id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims","default":[],id:b+"s/"+c+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"}];case"samlIDPMetaDataNode":return[{get:b+"s/"+c+"/samlIDPMetaDataXML",id:b+"s/"+c+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlIDPMetaDataExportedAttributes","default":[],help:"authsaml.html#exported_attributes",id:b+"s/"+c+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",id:b+"s/"+c+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",id:b+"s/"+c+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:b+"s/"+c+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:b+"s/"+c+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsRelayStateURL",id:b+"s/"+c+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:b+"s/"+c+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{"default":0,get:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",id:b+"s/"+c+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{"default":"",get:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",id:b+"s/"+c+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckTime",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{"default":1,get:b+"s/"+c+"/samlIDPMetaDataOptionsCheckAudience",id:b+"s/"+c+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:b+"s/"+c+"/samlSPMetaDataXML",id:b+"s/"+c+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:b+"s/"+c+"/samlSPMetaDataExportedAttributes","default":[],help:"idpsaml.html#exported_attributes",id:b+"s/"+c+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{"default":"",get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",id:b+"s/"+c+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",id:b+"s/"+c+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{"default":72000,get:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:b+"s/"+c+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",id:b+"s/"+c+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{"default":-1,get:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",id:b+"s/"+c+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{"default":1,get:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:b+"s/"+c+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{"default":"none",get:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",id:b+"s/"+c+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{"default":0,get:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:b+"s/"+c+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:b+"s/"+c+"/samlSPMetaDataOptionsRule",id:b+"s/"+c+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"}];case"virtualHost":return[{cnodes:b+"s/"+c+"/locationRules","default":[{data:"deny",id:b+"s/"+c+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:b+"s/"+c+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:b+"s/"+c+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:b+"s/"+c+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:b+"s/"+c+"/post",help:"formreplay.html",id:b+"s/"+c+"/post",title:"post",type:"postContainer"},{_nodes:[{"default":-1,get:b+"s/"+c+"/vhostPort",id:b+"s/"+c+"/vhostPort",title:"vhostPort",type:"int"},{"default":-1,get:b+"s/"+c+"/vhostHttps",id:b+"s/"+c+"/vhostHttps",title:"vhostHttps",type:"trool"},{"default":0,get:b+"s/"+c+"/vhostMaintenance",id:b+"s/"+c+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{get:b+"s/"+c+"/vhostAliases",id:b+"s/"+c+"/vhostAliases",title:"vhostAliases"},{"default":"Main",get:b+"s/"+c+"/vhostType",id:b+"s/"+c+"/vhostType",select:[{k:"Main",v:"Main"},{k:"Zimbra",v:"ZimbraPreAuth"},{k:"AuthBasic",v:"AuthBasic"},{k:"SecureToken",v:"SecureToken"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"ServiceToken",v:"ServiceToken"}],title:"vhostType",type:"select"},{get:b+"s/"+c+"/vhostAuthnLevel",id:b+"s/"+c+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"int"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions"}];default:return[]}}function setScopeVars(a){a.portal=a.data[0]._nodes[0]._nodes[0];a.getKey(a.portal);a.domain=a.data[0]._nodes[4]._nodes[1];a.getKey(a.domain)}; \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index fad92568b..02ee353af 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -108,6 +108,7 @@ "casAppMetaDataNodes": "CAS Applications", "casAppMetaDataOptions": "Options", "casAppMetaDataOptionsService": "Service URL", +"casAppMetaDataOptionsRule": "Rule", "casAppName": "CAS App Name", "casAttr": "CAS login", "casAttributes": "CAS exported attributes", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index de73ca2d7..b2d15011f 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -108,6 +108,7 @@ "casAppMetaDataNodes": "Applications CAS", "casAppMetaDataOptions": "Options", "casAppMetaDataOptionsService": "URL du service", +"casAppMetaDataOptionsRule": "Règle", "casAppName": "Nom de l'application CAS", "casAttr": "Identifiant CAS", "casAttributes": "Attributs CAS", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm index a3e21b50a..e5ca20a63 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm @@ -27,6 +27,7 @@ sub init { # Launch parents initialization subroutines, then launch IdP en SP lists my $res = $self->Lemonldap::NG::Portal::Main::Issuer::init(); + return 0 unless($self->loadApp); $self->addUnauthRoute( ( $self->path ) => { serviceValidate => 'serviceValidate', @@ -108,35 +109,37 @@ sub run { "CAS access control requested on service $service"); ## HERE - unless ( $service =~ m#^https?://([^/]+)(/.*)?$# ) { + unless ( $service =~ m#^(https?://[^/]+)(/.*)?$# ) { $self->logger->error("Bad service $service"); return PE_ERROR; } my ( $host, $uri ) = ( $1, $2 ); - if ( - $self->p->HANDLER->grant( - $req, $req->sessionInfo, $1, undef, $2 - ) - ) - { - $self->logger->debug("CAS service $service access allowed"); + my $app; + unless($app = $self->casAppList->{$host} ) { + $self->userLogger->error('CAS service not configured'); + return PE_CAS_SERVICE_NOT_ALLOWED; } - - else { - $self->userLogger->error( - "CAS service $service access not allowed"); - - if ( $casAccessControlPolicy =~ /^(error)$/i ) { - $self->logger->debug( -"Return error instead of redirecting user on CAS service" - ); - return PE_CAS_SERVICE_NOT_ALLOWED; + if ( my $rule = $self->appRules->{$app} ) { + if($rule->($req, $req->sessionInfo ) ) { + $self->logger->debug("CAS service $service access allowed"); } else { - $self->logger->debug( - "Redirect user on CAS service with a fake ticket"); - $casServiceTicket = "ST-F4K3T1CK3T"; + $self->userLogger->error( + "CAS service $service access not allowed"); + + if ( $casAccessControlPolicy =~ /^(error)$/i ) { + $self->logger->debug( + "Return error instead of redirecting user on CAS service" + ); + return PE_CAS_SERVICE_NOT_ALLOWED; + } + + else { + $self->logger->debug( + "Redirect user on CAS service with a fake ticket"); + $casServiceTicket = "ST-F4K3T1CK3T"; + } } } } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm index e68ceaf15..092fb8ebf 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm @@ -25,6 +25,7 @@ has ua => ( has casSrvList => ( is => 'rw', default => sub { {} }, ); has casAppList => ( is => 'rw', default => sub { {} }, ); +has appRules => ( is => 'rw', default => sub { {} }, ); # RUNNING METHODS @@ -50,9 +51,21 @@ sub loadApp { } foreach ( keys %{ $self->conf->{casAppMetaDataOptions} } ) { my $tmp = - $self->conf->{casAppMetaDataOptions}->{casAppMetaDataOptionsService}; + $self->conf->{casAppMetaDataOptions}->{$_} + ->{casAppMetaDataOptionsService}; $tmp =~ s#^(https?://[^/]+).*$#$1#; $self->casAppList->{$tmp} = $_; + my $rule = $self->conf->{casAppMetaDataOptions}->{$_} + ->{casAppMetaDataOptionsRule}; + if ( length $rule ) { + $rule = $self->p->HANDLER->substitute($rule); + unless ( $rule = $self->p->HANDLER->buildSub($rule) ) { + $self->error( 'OIDC RP rule error: ' + . $self->p->HANDLER->tsv->{jail}->error ); + return 0; + } + $self->appRules->{$_} = $rule; + } } return 1; } @@ -315,7 +328,7 @@ sub validateST { my $proxied = $srvConf->{casSrvMetaDataOptionsProxiedServices} || {}; my $proxy_url; - if(%$proxied) { + if (%$proxied) { $proxy_url = $self->p->fullUrl($req) . '?casProxy=1'; if ( $self->conf->{authChoiceParam} and my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) @@ -327,7 +340,7 @@ sub validateST { $req->datas->{casProxyUrl} = $proxy_url; - $serviceValidateUrl .= "&pgtUrl=" . uri_escape( $proxy_url ); + $serviceValidateUrl .= "&pgtUrl=" . uri_escape($proxy_url); } my $response = $self->ua->get($serviceValidateUrl); @@ -348,7 +361,7 @@ sub validateST { } # Get proxy data and store pgtId - if ( $proxy_url ) { + if ($proxy_url) { my $pgtIou = $xml->{'cas:authenticationSuccess'}->{'cas:proxyGrantingTicket'};