Add samlUseQueryStringSpecific parameter in Manager (#677, #LEMONLDAP-681)

2014-02-10 10:35:08 +00:00 · 2014-02-10 10:35:08 +00:00 · bed5f37b7e
commit bed5f37b7e
parent 25454d4ba1
3 changed files with 12 additions and 3 deletions
--- a/doc/pages/documentation/1.4/samlservice.html
+++ b/doc/pages/documentation/1.4/samlservice.html
@ -624,6 +624,8 @@ This is not the case of <a href="../../documentation/1.4/memcachedsessionbackend
 <ul>
 <li class="level1"><div class="li"> <strong>RelayState session timeout</strong>: timeout for RelayState sessions. By default, the RelayState session is deleted when it is read. This timeout allows to purge sessions of lost RelayState.</div>
 </li>
+<li class="level1"><div class="li"> <strong>Use specific query_string method</strong>: the <acronym title="Common Gateway Interface">CGI</acronym> query_string method may break invalid <acronym title="Uniform Resource Locator">URL</acronym> encoded signatures (issued for example by ADFS). This option allows to use a specific method to extract query string, that should be compliant with non standard <acronym title="Uniform Resource Locator">URL</acronym> encoded parameters.</div>
+</li>
 </ul>

 </div>
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
@ -1321,7 +1321,7 @@ sub struct {
            # ADVANCED SAML PARAMETERS
            samlAdvanced => {
                _nodes => [
-                    qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions samlRelayStateTimeout n:samlCommonDomainCookie)
+                    qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific n:samlCommonDomainCookie)
                ],
                _help => 'samlServiceAdvanced',

@ -1334,7 +1334,9 @@ sub struct {
                    _js   => 'hashRoot',
                    _help => 'samlServiceAdvanced',
                },
-                samlRelayStateTimeout  => 'int:/samlRelayStateTimeout',
+                samlRelayStateTimeout => 'int:/samlRelayStateTimeout',
+                samlUseQueryStringSpecific =>
+                  'bool:/samlUseQueryStringSpecific',
                samlCommonDomainCookie => {
                    _nodes => [
                        qw(samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter)
@ -1840,7 +1842,8 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
            test    => Lemonldap::NG::Common::Regexp::HTTP_URI(),
            msgFail => 'Bad URI',
        },
-        samlRelayStateTimeout => $integer,
+        samlRelayStateTimeout      => $integer,
+        samlUseQueryStringSpecific => $boolean,

        # SSL
        SSLAuthnLevel => $integer,
@ -2219,6 +2222,7 @@ sub defaultConf {
        samlAuthnContextMapKerberos                   => 4,
        samlCommonDomainCookieActivation              => 0,
        samlRelayStateTimeout                         => 600,
+        samlUseQueryStringSpecific                    => 0,

        # Authentication levels
        ldapAuthnLevel      => 2,
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
@ -520,6 +520,7 @@ sub en {
        samlCommonDomainCookieReader     => 'Reader URL',
        samlCommonDomainCookieWriter     => 'Writer URL',
        samlRelayStateTimeout            => 'RelayState session timeout',
+        samlUseQueryStringSpecific       => 'Use specific query_string method',
    };
 }

@ -1016,6 +1017,8 @@ sub fr {
        samlCommonDomainCookieReader     => 'URL de lecture',
        samlCommonDomainCookieWriter     => 'URL d\'écriture',
        samlRelayStateTimeout => 'Durée de vie d\'une session RelayState',
+        samlUseQueryStringSpecific =>
+          "Utilisation d'une fonction spécifique pour query_string",
    };
 }