From bed5f37b7ef759b8c8365a9bd7ca0bef28b37b2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Mon, 10 Feb 2014 10:35:08 +0000 Subject: [PATCH] Add samlUseQueryStringSpecific parameter in Manager (#677, #LEMONLDAP-681) --- doc/pages/documentation/1.4/samlservice.html | 2 ++ .../lib/Lemonldap/NG/Manager/_Struct.pm | 10 +++++++--- lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm | 3 +++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/doc/pages/documentation/1.4/samlservice.html b/doc/pages/documentation/1.4/samlservice.html index ece433a1c..1c7981694 100644 --- a/doc/pages/documentation/1.4/samlservice.html +++ b/doc/pages/documentation/1.4/samlservice.html @@ -624,6 +624,8 @@ This is not the case of
RelayState session timeout: timeout for RelayState sessions. By default, the RelayState session is deleted when it is read. This timeout allows to purge sessions of lost RelayState.
+
  • Use specific query_string method: the CGI query_string method may break invalid URL encoded signatures (issued for example by ADFS). This option allows to use a specific method to extract query string, that should be compliant with non standard URL encoded parameters.
    +
    • diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm index 2285b8d3f..05dcafbb8 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm @@ -1321,7 +1321,7 @@ sub struct { # ADVANCED SAML PARAMETERS samlAdvanced => { _nodes => [ - qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions samlRelayStateTimeout n:samlCommonDomainCookie) + qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific n:samlCommonDomainCookie) ], _help => 'samlServiceAdvanced', @@ -1334,7 +1334,9 @@ sub struct { _js => 'hashRoot', _help => 'samlServiceAdvanced', }, - samlRelayStateTimeout => 'int:/samlRelayStateTimeout', + samlRelayStateTimeout => 'int:/samlRelayStateTimeout', + samlUseQueryStringSpecific => + 'bool:/samlUseQueryStringSpecific', samlCommonDomainCookie => { _nodes => [ qw(samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter) @@ -1840,7 +1842,8 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: test => Lemonldap::NG::Common::Regexp::HTTP_URI(), msgFail => 'Bad URI', }, - samlRelayStateTimeout => $integer, + samlRelayStateTimeout => $integer, + samlUseQueryStringSpecific => $boolean, # SSL SSLAuthnLevel => $integer, @@ -2219,6 +2222,7 @@ sub defaultConf { samlAuthnContextMapKerberos => 4, samlCommonDomainCookieActivation => 0, samlRelayStateTimeout => 600, + samlUseQueryStringSpecific => 0, # Authentication levels ldapAuthnLevel => 2, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm index 54a7ef19e..ffda07b6f 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm @@ -520,6 +520,7 @@ sub en { samlCommonDomainCookieReader => 'Reader URL', samlCommonDomainCookieWriter => 'Writer URL', samlRelayStateTimeout => 'RelayState session timeout', + samlUseQueryStringSpecific => 'Use specific query_string method', }; } @@ -1016,6 +1017,8 @@ sub fr { samlCommonDomainCookieReader => 'URL de lecture', samlCommonDomainCookieWriter => 'URL d\'écriture', samlRelayStateTimeout => 'Durée de vie d\'une session RelayState', + samlUseQueryStringSpecific => + "Utilisation d'une fonction spécifique pour query_string", }; }