From cf4dfef9fbd2b25e4f8401fbb06143c505172119 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Mon, 23 Mar 2015 17:12:06 +0000
Subject: [PATCH] Configuration endpoint (#184)

---
 Makefile                                      |  3 +
 _example/etc/portal-apache.conf               |  1 +
 _example/etc/portal-apache2.4.conf            |  1 +
 _example/etc/portal-apache2.conf              |  1 +
 lemonldap-ng-portal/MANIFEST                  |  1 +
 .../example/openid-configuration.pl           | 56 +++++++++++++++++++
 6 files changed, 63 insertions(+)
 create mode 100755 lemonldap-ng-portal/example/openid-configuration.pl

diff --git a/Makefile b/Makefile
index 9d36c680a..e63820dce 100644
--- a/Makefile
+++ b/Makefile
@@ -353,6 +353,7 @@ install_portal_site:	install_conf_dir
 	@cp -pR -f ${SRCPORTALDIR}/example/index_skin.pl ${RPORTALDIR}/index.pl
 	@cp -pR -f ${SRCPORTALDIR}/example/mail.pl ${RPORTALDIR}
 	@cp -pR -f ${SRCPORTALDIR}/example/metadata.pl ${RPORTALDIR}
+	@cp -pR -f ${SRCPORTALDIR}/example/openid-configuration.pl ${RPORTALDIR}
 	@cp -pR -f ${SRCPORTALDIR}/example/cdc.pl ${RPORTALDIR}
 	@cp -pR -f ${SRCPORTALDIR}/example/register.pl ${RPORTALDIR}
 	@tar -cf - -C ${SRCPORTALDIR}/example/skins/ $$(ls ${SRCPORTALDIR}/example/skins/) |tar -xf - -C $(RPORTALSKINSDIR)
@@ -653,6 +654,7 @@ debian-diff:
 	@$(DIFF) lemonldap-ng-portal/example/index_skin.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/index.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/mail.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/mail.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/metadata.pl ||true
+	@$(DIFF) lemonldap-ng-portal/example/openid-configuration.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/openid-configuration.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/cdc.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/register.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/register.pl ||true
 	@# Handler
@@ -685,6 +687,7 @@ default-diff:
 	@$(DIFF) lemonldap-ng-portal/example/mail.pl $(LMPREFIX)/htdocs/portal/mail.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/register.pl $(LMPREFIX)/htdocs/portal/register.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(LMPREFIX)/htdocs/portal/metadata.pl ||true
+	@$(DIFF) lemonldap-ng-portal/example/openid-configuration.pl $(LMPREFIX)/htdocs/portal/openid-configuration.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(LMPREFIX)/htdocs/portal/cdc.pl ||true
 	@# Handler
 	@$(DIFF) lemonldap-ng-handler/lib/Lemonldap/NG/Handler /usr/local/share/perl/$(PERLVERSION)/Lemonldap/NG/Handler ||true
diff --git a/_example/etc/portal-apache.conf b/_example/etc/portal-apache.conf
index 1ba5fe049..74348a9f1 100644
--- a/_example/etc/portal-apache.conf
+++ b/_example/etc/portal-apache.conf
@@ -75,6 +75,7 @@
     <IfModule mod_rewrite.c>
         RewriteEngine On
         RewriteRule ^/oauth2/.* /index.pl
+        RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
     </IfModule>
 
     <Location />
diff --git a/_example/etc/portal-apache2.4.conf b/_example/etc/portal-apache2.4.conf
index c072de6f7..9a2b5a9dd 100644
--- a/_example/etc/portal-apache2.4.conf
+++ b/_example/etc/portal-apache2.4.conf
@@ -69,6 +69,7 @@
     <IfModule mod_rewrite.c>
         RewriteEngine On
         RewriteRule ^/oauth2/.* /index.pl
+        RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
     </IfModule>
 
     <Location />
diff --git a/_example/etc/portal-apache2.conf b/_example/etc/portal-apache2.conf
index fe398d9da..a9dac7ffb 100644
--- a/_example/etc/portal-apache2.conf
+++ b/_example/etc/portal-apache2.conf
@@ -74,6 +74,7 @@
     <IfModule mod_rewrite.c>
         RewriteEngine On
         RewriteRule ^/oauth2/.* /index.pl
+        RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
     </IfModule>
 
     <Location />
diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index e20ee3ed5..f0897604e 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -8,6 +8,7 @@ example/index_skin.pl
 example/mail.pl
 example/metadata.pl
 example/oauth2.pl
+example/openid-configuration.pl
 example/PortalStatus.pl
 example/register.pl
 example/scripts/buildPortalWSDL
diff --git a/lemonldap-ng-portal/example/openid-configuration.pl b/lemonldap-ng-portal/example/openid-configuration.pl
new file mode 100755
index 000000000..479cafd12
--- /dev/null
+++ b/lemonldap-ng-portal/example/openid-configuration.pl
@@ -0,0 +1,56 @@
+#!/usr/bin/perl
+
+use Lemonldap::NG::Portal::SharedConf;
+use JSON;
+use strict;
+
+my $portal = Lemonldap::NG::Portal::SharedConf->new();
+
+my $issuerDBOpenIDConnectPath = $portal->{issuerDBOpenIDConnectPath};
+my $authorize_uri             = $portal->{oidcServiceMetaDataAuthorizeURI};
+my $token_uri                 = $portal->{oidcServiceMetaDataTokenURI};
+my $userinfo_uri              = $portal->{oidcServiceMetaDataUserInfoURI};
+
+my ($path) = ( $issuerDBOpenIDConnectPath =~ /(\w+)/ );
+my $issuer = $portal->{oidcServiceMetaDataIssuer};
+
+# Create OpenID configuration hash;
+my $configuration = {};
+$configuration->{issuer} = $issuer;
+$configuration->{authorization_endpoint} =
+  $issuer . $path . "/" . $authorize_uri;
+$configuration->{token_endpoint}    = $issuer . $path . "/" . $token_uri;
+$configuration->{userinfo_endpoint} = $issuer . $path . "/" . $userinfo_uri;
+
+# MANDATORY # $configuration->{jwks_uri}
+# RECOMMENDED # $configuration->{registration_endpoint}
+$configuration->{scopes_supported} = [qw/openid profile email address phone/];
+$configuration->{response_types_supported} = [
+    "code",
+    "id_token",
+    "id_token token",
+    "code id_token",
+    "code token",
+    "code id_token token"
+];
+
+# $configuration->{response_modes_supported}
+$configuration->{grant_types_supported} =
+  [qw/authorization_code implicit hybrid/];
+
+# $configuration->{acr_values_supported}
+# REQUIRED # $configuration->{subject_types_supported}
+$configuration->{id_token_signing_alg_values_supported} =
+  [qw/none RS256 RS384 RS512/];
+
+# $configuration->{id_token_encryption_alg_values_supported}
+# $configuration->{id_token_encryption_enc_values_supported}
+# $configuration->{userinfo_encryption_alg_values_supported}
+# $configuration->{userinfo_encryption_enc_values_supported}
+# $configuration->{request_object_signing_alg_values_supported}
+# $configuration->{request_object_encryption_alg_values_supported}
+
+my $json = encode_json $configuration;
+
+print $portal->header('application/json; charset=utf-8');
+print $json;