Add option to skip session upgrade confirmation (#2124)
This commit is contained in:
parent
1cf1990fe2
commit
c183675651
|
@ -30,7 +30,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
|
|||
dirName => '/usr/local/lemonldap-ng/data/conf',
|
||||
);
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
@ -3686,6 +3686,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'skipUpgradeConfirmation' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'slaveAuthnLevel' => {
|
||||
'default' => 2,
|
||||
'type' => 'int'
|
||||
|
|
|
@ -601,6 +601,12 @@ sub attributes {
|
|||
documentation =>
|
||||
'Avoid asking confirmation when an Issuer asks to renew auth',
|
||||
},
|
||||
skipUpgradeConfirmation => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
documentation =>
|
||||
'Avoid asking confirmation during a session upgrade',
|
||||
},
|
||||
refreshSessions => {
|
||||
type => 'bool',
|
||||
documentation => 'Refresh sessions plugin',
|
||||
|
|
|
@ -1016,6 +1016,7 @@ sub tree {
|
|||
nodes => [
|
||||
'jsRedirect', 'noAjaxHook',
|
||||
'skipRenewConfirmation',
|
||||
'skipUpgradeConfirmation',
|
||||
]
|
||||
},
|
||||
'nginxCustomHandlers',
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"One session per user",
|
||||
"singleUserByIP":"مستخدم واحد لكل عنوان آي بي",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"skipUpgradeConfirmation":"Skip upgrade confirmation",
|
||||
"slaveAuthnLevel":"مستوى إثبات الهوية",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"المتغيرات المصدرة",
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"One session per user",
|
||||
"singleUserByIP":"One user per IP address",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"skipUpgradeConfirmation":"Skip upgrade confirmation",
|
||||
"slaveAuthnLevel":"Authentication level",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Exported variables",
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"One session per user",
|
||||
"singleUserByIP":"One user per IP address",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"skipUpgradeConfirmation":"Skip upgrade confirmation",
|
||||
"slaveAuthnLevel":"Authentication level",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Exported variables",
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"Une seule session par utilisateur",
|
||||
"singleUserByIP":"Un seul utilisateur par adresse IP",
|
||||
"skipRenewConfirmation":"Éviter la confirmation de ré-authentification",
|
||||
"skipUpgradeConfirmation":"Éviter la confirmation d'élévation du niveau d'authentification",
|
||||
"slaveAuthnLevel":"Niveau d'authentification",
|
||||
"slaveDisplayLogo":"Afficher le logo d'authentification",
|
||||
"slaveExportedVars":"Variables exportées",
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"One session per user",
|
||||
"singleUserByIP":"One user per IP address",
|
||||
"skipRenewConfirmation":"Salta la conferma di re-auth",
|
||||
"skipUpgradeConfirmation":"Skip upgrade confirmation",
|
||||
"slaveAuthnLevel":"Livello di autenticazione",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Variabili esportate",
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"Jedna sesja na użytkownika",
|
||||
"singleUserByIP":"Jeden użytkownik na adres IP",
|
||||
"skipRenewConfirmation":"Pomiń potwierdzenie ponownego uwierzytelnienia",
|
||||
"skipUpgradeConfirmation":"Skip upgrade confirmation",
|
||||
"slaveAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"slaveDisplayLogo":"Wyświetl logo uwierzytelniające",
|
||||
"slaveExportedVars":"Wyeksportowane zmienne",
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"Her kullanıcı için bir oturum",
|
||||
"singleUserByIP":"Her IP adresi için bir kullanıcı",
|
||||
"skipRenewConfirmation":"Yeniden yetkilendirme doğrulamasını geç",
|
||||
"skipUpgradeConfirmation":"Skip upgrade confirmation",
|
||||
"slaveAuthnLevel":"Doğrulama seviyesi",
|
||||
"slaveDisplayLogo":"Doğrulama logosunu görüntüle",
|
||||
"slaveExportedVars":"Dışa aktarılan değişkenler",
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"One session per user",
|
||||
"singleUserByIP":"Một người dùng theo địa chỉ IP",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"skipUpgradeConfirmation":"Skip upgrade confirmation",
|
||||
"slaveAuthnLevel":"Mức xác thực",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Biến đã được xuất",
|
||||
|
|
|
@ -865,6 +865,7 @@
|
|||
"singleSession":"One session per user",
|
||||
"singleUserByIP":"One user per IP address",
|
||||
"skipRenewConfirmation":"Skip re-auth confirmation",
|
||||
"skipUpgradeConfirmation":"Skip upgrade confirmation",
|
||||
"slaveAuthnLevel":"认证等级",
|
||||
"slaveDisplayLogo":"Display authentication logo",
|
||||
"slaveExportedVars":"Exported variables",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user