dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add SAML user attribute option in Manager (#1512)

Browse Source
This commit is contained in:
Clément OUDOT 2018-10-02 17:18:17 +02:00
parent 702faf0b49
commit d21dfa926b
11 changed files with 54 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
View File

@ -28,7 +28,7 @@ our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedV
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:(?:PostLogoutRedirectUri|ExtraClaim)s|I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|Https|Port)|(?:exportedHeader|locationRule)s|post)';

71
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -8,17 +8,17 @@ sub types {
'array' => {
'test' => sub {
1;
}
}
},
'authParamsText' => {
'test' => sub {
1;
}
}
},
'blackWhiteList' => {
'test' => sub {
1;
}
}
},
'bool' => {
'msgFail' => '__notABoolean__',
@ -36,17 +36,17 @@ sub types {
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'catAndAppList' => {
'test' => sub {
1;
}
}
},
'file' => {
'test' => sub {
1;
}
}
},
'hostname' => {
'form' => 'text',
@ -80,48 +80,48 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val};
}
return 1, "__unknownAttrOrMacro__: $val";
}
}
},
'longtext' => {
'test' => sub {
1;
}
}
},
'menuApp' => {
'test' => sub {
1;
}
}
},
'menuCat' => {
'test' => sub {
1;
}
}
},
'oidcmetadatajson' => {
'test' => sub {
1;
}
}
},
'oidcmetadatajwks' => {
'test' => sub {
1;
}
}
},
'oidcOPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'oidcRPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'password' => {
'msgFail' => '__malformedValue__',
'test' => sub {
1;
}
}
},
'pcre' => {
'form' => 'text',
@ -132,7 +132,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
}
};
return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
}
}
},
'PerlModule' => {
'form' => 'text',
@ -142,17 +142,17 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
'portalskin' => {
'test' => sub {
1;
}
}
},
'portalskinbackground' => {
'test' => sub {
1;
}
}
},
'post' => {
'test' => sub {
1;
}
}
},
'RSAPrivateKey' => {
'test' => sub {
@ -160,7 +160,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'RSAPublicKey' => {
'test' => sub {
@ -168,7 +168,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\n
m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'RSAPublicKeyOrCertificate' => {
'test' => sub {
@ -176,37 +176,37 @@ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\
m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'rule' => {
'test' => sub {
1;
}
}
},
'samlAssertion' => {
'test' => sub {
1;
}
}
},
'samlAttribute' => {
'test' => sub {
1;
}
}
},
'samlIDPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'samlService' => {
'test' => sub {
1;
}
}
},
'samlSPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'select' => {
'test' => sub {
@ -216,19 +216,19 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
return $test
? 1
: ( 1, "Invalid value '$_[0]' for this select" );
}
}
},
'subContainer' => {
'keyTest' => qr/\w/,
'test' => sub {
1;
}
}
},
'text' => {
'msgFail' => '__malformedValue__',
'test' => sub {
1;
}
}
},
'trool' => {
'msgFail' => '__authorizedValues__: -1, 0, 1',
@ -1050,7 +1050,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'type' => 'keyTextContainer'
},
@ -1219,7 +1219,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
and defined $conf->{$_}{$val};
}
return 1, "__unknownAttrOrMacro__: $val";
}
}
},
'type' => 'doubleHash'
},
@ -1502,7 +1502,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'type' => 'ruleContainer'
},
@ -2700,6 +2700,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'bool'
},
'samlIDPMetaDataOptionsUserAttribute' => {
'type' => 'text'
},
'samlIDPMetaDataXML' => {
'test' => sub {
my $v = shift();

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -2110,6 +2110,9 @@ sub attributes {
type => 'bool',
default => 0,
},
samlIDPMetaDataOptionsUserAttribute => {
type => 'text',
},
# SP keys
samlSPMetaDataExportedAttributes => {

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
View File

@ -56,7 +56,8 @@ sub cTrees {
nodes => [
"samlIDPMetaDataOptionsAdaptSessionUtime",
"samlIDPMetaDataOptionsForceUTF8",
"samlIDPMetaDataOptionsStoreSAMLToken"
"samlIDPMetaDataOptionsStoreSAMLToken",
"samlIDPMetaDataOptionsUserAttribute"
]
},
{

5
lemonldap-ng-manager/site/htdocs/static/js/conftree.js
View File

@ -696,6 +696,11 @@ function templates(tpl,key) {
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsStoreSAMLToken",
"title" : "samlIDPMetaDataOptionsStoreSAMLToken",
"type" : "bool"
},
{
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsUserAttribute",
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsUserAttribute",
"title" : "samlIDPMetaDataOptionsUserAttribute"
}
],
"id" : "samlIDPMetaDataOptionsSession",

2
lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js vendored
View File

File diff suppressed because one or more lines are too long

1
lemonldap-ng-manager/site/htdocs/static/languages/ar.json
View File

@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"الحماية",
"samlIDPMetaDataOptionsStoreSAMLToken":"حفظ SAML توكن",
"samlIDPMetaDataOptionsRelayStateURL":"السماح بعنوان اليو آر إل ك RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
"samlSPMetaDataNodes":"SAML Service Providers",
"samlSPMetaDataXML":"البيانات الوصفية",
"samlSPMetaDataExportedAttributes":"السمات المصدرة",

1
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"Security",
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
"samlSPMetaDataNodes":"SAML Service Providers",
"samlSPMetaDataXML":"Metadata",
"samlSPMetaDataExportedAttributes":"Exported attributes",

1
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"Sécurité",
"samlIDPMetaDataOptionsStoreSAMLToken":"Conserver le jeton SAML",
"samlIDPMetaDataOptionsRelayStateURL":"Pemettre une URL dans le RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribut contenant l'identité de l'utilisateur",
"samlSPMetaDataNodes":"Fournisseurs de service SAML",
"samlSPMetaDataXML":"Metadonnées",
"samlSPMetaDataExportedAttributes":"Attributs exportés",

1
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"Sicurezza",
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
"samlIDPMetaDataOptionsRelayStateURL":"Consenti l'URL come RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
"samlSPMetaDataNodes":"Provider di servizi SAML",
"samlSPMetaDataXML":"Metadati",
"samlSPMetaDataExportedAttributes":"Attributi esportati",

1
lemonldap-ng-manager/site/htdocs/static/languages/vi.json
View File

@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"Bảo mật",
"samlIDPMetaDataOptionsStoreSAMLToken":"Lưu trữ token SAML",
"samlIDPMetaDataOptionsRelayStateURL":"Cho phép URL như RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
"samlSPMetaDataNodes":"Trìn cung cấp dịch vụ SAML",
"samlSPMetaDataXML":"Mô-tả dữ liệu",
"samlSPMetaDataExportedAttributes":"Thuộc tính đã được xuất",