Add a specific timeout parameter for SAML RelayState sessions (#524)
This commit is contained in:
parent
4e9a4e9789
commit
ce581e75e9
|
@ -1314,7 +1314,7 @@ sub struct {
|
||||||
# ADVANCED SAML PARAMETERS
|
# ADVANCED SAML PARAMETERS
|
||||||
samlAdvanced => {
|
samlAdvanced => {
|
||||||
_nodes => [
|
_nodes => [
|
||||||
qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions n:samlCommonDomainCookie)
|
qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage cn:samlStorageOptions samlRelayStateTimeout n:samlCommonDomainCookie)
|
||||||
],
|
],
|
||||||
_help => 'samlServiceAdvanced',
|
_help => 'samlServiceAdvanced',
|
||||||
|
|
||||||
|
@ -1327,6 +1327,7 @@ sub struct {
|
||||||
_js => 'hashRoot',
|
_js => 'hashRoot',
|
||||||
_help => 'samlServiceAdvanced',
|
_help => 'samlServiceAdvanced',
|
||||||
},
|
},
|
||||||
|
samlRelayStateTimeout => 'int:/samlRelayStateTimeout',
|
||||||
samlCommonDomainCookie => {
|
samlCommonDomainCookie => {
|
||||||
_nodes => [
|
_nodes => [
|
||||||
qw(samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter)
|
qw(samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter)
|
||||||
|
@ -1823,6 +1824,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
||||||
test => Lemonldap::NG::Common::Regexp::HTTP_URI(),
|
test => Lemonldap::NG::Common::Regexp::HTTP_URI(),
|
||||||
msgFail => 'Bad URI',
|
msgFail => 'Bad URI',
|
||||||
},
|
},
|
||||||
|
samlRelayStateTimeout => $integer,
|
||||||
|
|
||||||
# SSL
|
# SSL
|
||||||
SSLAuthnLevel => $integer,
|
SSLAuthnLevel => $integer,
|
||||||
|
@ -2198,6 +2200,7 @@ sub defaultConf {
|
||||||
samlAuthnContextMapTLSClient => 5,
|
samlAuthnContextMapTLSClient => 5,
|
||||||
samlAuthnContextMapKerberos => 4,
|
samlAuthnContextMapKerberos => 4,
|
||||||
samlCommonDomainCookieActivation => 0,
|
samlCommonDomainCookieActivation => 0,
|
||||||
|
samlRelayStateTimeout => 600,
|
||||||
|
|
||||||
# Authentication levels
|
# Authentication levels
|
||||||
ldapAuthnLevel => 2,
|
ldapAuthnLevel => 2,
|
||||||
|
|
|
@ -515,6 +515,7 @@ sub en {
|
||||||
samlCommonDomainCookieDomain => 'Common domain',
|
samlCommonDomainCookieDomain => 'Common domain',
|
||||||
samlCommonDomainCookieReader => 'Reader URL',
|
samlCommonDomainCookieReader => 'Reader URL',
|
||||||
samlCommonDomainCookieWriter => 'Writer URL',
|
samlCommonDomainCookieWriter => 'Writer URL',
|
||||||
|
samlRelayStateTimeout => 'RelayState session timeout',
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1005,6 +1006,7 @@ sub fr {
|
||||||
samlCommonDomainCookieDomain => 'Domaine commun',
|
samlCommonDomainCookieDomain => 'Domaine commun',
|
||||||
samlCommonDomainCookieReader => 'URL de lecture',
|
samlCommonDomainCookieReader => 'URL de lecture',
|
||||||
samlCommonDomainCookieWriter => 'URL d\'écriture',
|
samlCommonDomainCookieWriter => 'URL d\'écriture',
|
||||||
|
samlRelayStateTimeout => 'Durée de vie d\'une session RelayState',
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -626,6 +626,8 @@ sub setDefaultValues {
|
||||||
unless defined $self->{samlAuthnContextMapTLSClient};
|
unless defined $self->{samlAuthnContextMapTLSClient};
|
||||||
$self->{samlAuthnContextMapKerberos} = 4
|
$self->{samlAuthnContextMapKerberos} = 4
|
||||||
unless defined $self->{samlAuthnContextMapKerberos};
|
unless defined $self->{samlAuthnContextMapKerberos};
|
||||||
|
$self->{samlRelayStateTimeout} = 600
|
||||||
|
unless defined $self->{samlRelayStateTimeout};
|
||||||
|
|
||||||
# CAS
|
# CAS
|
||||||
$self->{casStorage} ||= $self->{globalStorage};
|
$self->{casStorage} ||= $self->{globalStorage};
|
||||||
|
|
|
@ -1178,8 +1178,13 @@ sub storeRelayState {
|
||||||
# Session type
|
# Session type
|
||||||
$samlSessionInfo->{_type} = "relaystate";
|
$samlSessionInfo->{_type} = "relaystate";
|
||||||
|
|
||||||
# UNIX time
|
# Set _utime for session autoremove
|
||||||
$samlSessionInfo->{_utime} = time();
|
# Use default session timeout and relayState session timeout to compute it
|
||||||
|
my $time = time();
|
||||||
|
my $timeout = $self->{timeout};
|
||||||
|
my $samlRelayStateTimeout = $self->{samlRelayStateTimeout} || $timeout;
|
||||||
|
|
||||||
|
$samlSessionInfo->{_utime} = $time + ( $samlRelayStateTimeout - $timeout );
|
||||||
|
|
||||||
# Store infos in relaystate session
|
# Store infos in relaystate session
|
||||||
foreach ( keys %$infos ) {
|
foreach ( keys %$infos ) {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user