OpenID Connect relaying parties in Manager (#184)
This commit is contained in:
parent
70281de82d
commit
d2423d1a6c
|
@ -126,6 +126,8 @@ sub unserialize {
|
||||||
|oidcOPMetaDataJSON
|
|oidcOPMetaDataJSON
|
||||||
|oidcOPMetaDataJWKS
|
|oidcOPMetaDataJWKS
|
||||||
|oidcOPMetaDataOptions
|
|oidcOPMetaDataOptions
|
||||||
|
|oidcRPMetaDataExportedVars
|
||||||
|
|oidcRPMetaDataOptions
|
||||||
|openIdExportedVars
|
|openIdExportedVars
|
||||||
|persistentStorageOptions
|
|persistentStorageOptions
|
||||||
|portalSkinRules
|
|portalSkinRules
|
||||||
|
|
|
@ -100,6 +100,27 @@ has 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => (
|
||||||
documentation => "OIDC OP scope",
|
documentation => "OIDC OP scope",
|
||||||
);
|
);
|
||||||
|
|
||||||
|
has 'oidcRPMetaDataExportedVars' => (
|
||||||
|
is => 'rw',
|
||||||
|
isa => 'HashRef',
|
||||||
|
default => sub { return { 'sub' => 'uid' }; },
|
||||||
|
documentation => "Exported vars for a RP",
|
||||||
|
);
|
||||||
|
|
||||||
|
has 'oidcRPMetaDataOptionsClientID' => (
|
||||||
|
is => 'rw',
|
||||||
|
isa => 'Str|Undef',
|
||||||
|
default => undef,
|
||||||
|
documentation => "OIDC RP client ID",
|
||||||
|
);
|
||||||
|
|
||||||
|
has 'oidcRPMetaDataOptionsClientSecret' => (
|
||||||
|
is => 'rw',
|
||||||
|
isa => 'Str|Undef',
|
||||||
|
default => undef,
|
||||||
|
documentation => "OIDC RP client Secret",
|
||||||
|
);
|
||||||
|
|
||||||
## P
|
## P
|
||||||
|
|
||||||
has 'post' => (
|
has 'post' => (
|
||||||
|
|
|
@ -465,6 +465,7 @@ function display(div, title) {
|
||||||
$('#newpostr,#delpost').hide();
|
$('#newpostr,#delpost').hide();
|
||||||
$('#newpostdatar,#delpostdata').hide();
|
$('#newpostdatar,#delpostdata').hide();
|
||||||
$('#newoidcopb,#deloidcopb').hide();
|
$('#newoidcopb,#deloidcopb').hide();
|
||||||
|
$('#newoidcrpb,#deloidcrpb').hide();
|
||||||
// Resize (or hide) Help window
|
// Resize (or hide) Help window
|
||||||
resizeHelp();
|
resizeHelp();
|
||||||
}
|
}
|
||||||
|
@ -497,6 +498,11 @@ function oidcOPRoot(id) {
|
||||||
display('default', '');
|
display('default', '');
|
||||||
$('#newoidcopb').show();
|
$('#newoidcopb').show();
|
||||||
}
|
}
|
||||||
|
function oidcRPRoot(id) {
|
||||||
|
currentId = id;
|
||||||
|
display('default', '');
|
||||||
|
$('#newoidcrpb').show();
|
||||||
|
}
|
||||||
/* @function splitModuleAndOptions(string data)
|
/* @function splitModuleAndOptions(string data)
|
||||||
* Split module and options from authentication or userDB string
|
* Split module and options from authentication or userDB string
|
||||||
* @return module, options
|
* @return module, options
|
||||||
|
@ -847,6 +853,17 @@ function oidcOPMetaData(id) {
|
||||||
}
|
}
|
||||||
$('#newoidcopb').show();
|
$('#newoidcopb').show();
|
||||||
}
|
}
|
||||||
|
function oidcRPMetaData(id) {
|
||||||
|
currentId = id;
|
||||||
|
$('#oidcRPMetaData').val(lmtext(id));
|
||||||
|
display('oidcRPMetaData', lmtext(id));
|
||||||
|
if ($('#li_' + myB64('/oidcRPMetaDataNode')).find('span').size() == 1) {
|
||||||
|
$('#deloidcrpb').hide();
|
||||||
|
} else {
|
||||||
|
$('#deloidcrpb').show();
|
||||||
|
}
|
||||||
|
$('#newoidcrpb').show();
|
||||||
|
}
|
||||||
function samlService(id) {
|
function samlService(id) {
|
||||||
currentId = id;
|
currentId = id;
|
||||||
var t = lmdata(id).split(';');
|
var t = lmdata(id).split(';');
|
||||||
|
@ -1123,6 +1140,24 @@ function delOidcOp(id) {
|
||||||
oidcOPMetaData(id);
|
oidcOPMetaData(id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
function newOidcRp() {
|
||||||
|
var name = prompt(text4newOidcRp, 'rp-example');
|
||||||
|
if (!name) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
var rpId = 'li_' + myB64('/oidcRPMetaDataExportedVars/' + name);
|
||||||
|
simpleTreeCollection[0].newAjaxNodeIn($('#li_L29pZGNSUE1ldGFEYXRhTm9kZQ2'), rpId, name, scriptname + '?type=new&node=/oidcRPMetaDataNode/' + name, function(d, s) {
|
||||||
|
$('>span', s).attr('name', name).attr('help', 'default').attr('id', 'text_' + rpId).attr('onclick', 'oidcRPMetaData(\'' + rpId + '\')');
|
||||||
|
oidcRPMetaData(rpId);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
function delOidcRp(id) {
|
||||||
|
var rpname = lmtext(id);
|
||||||
|
if (confirm('Delete ' + rpname + ' ?')) {
|
||||||
|
delKey(id);
|
||||||
|
oidcRPMetaData(id);
|
||||||
|
}
|
||||||
|
}
|
||||||
var cfgAttrDone = 0;
|
var cfgAttrDone = 0;
|
||||||
function uploadConf(f) {
|
function uploadConf(f) {
|
||||||
if (! (f == 1)) f = 0;
|
if (! (f == 1)) f = 0;
|
||||||
|
|
|
@ -53,6 +53,7 @@
|
||||||
var text4newCondition='<lang en="New Condition" fr="Nouvelle Condition" />';
|
var text4newCondition='<lang en="New Condition" fr="Nouvelle Condition" />';
|
||||||
var lang='<TMPL_VAR NAME="LANG">';
|
var lang='<TMPL_VAR NAME="LANG">';
|
||||||
var text4newOidcOp='<lang en="Provider name" fr="Nom du fournisseur" />';
|
var text4newOidcOp='<lang en="Provider name" fr="Nom du fournisseur" />';
|
||||||
|
var text4newOidcRp='<lang en="Relaying party name" fr="Nom du relai" />';
|
||||||
//]]></script>
|
//]]></script>
|
||||||
<script src="<TMPL_VAR NAME="DIR">/js/manager.js" type="text/JavaScript"></script>
|
<script src="<TMPL_VAR NAME="DIR">/js/manager.js" type="text/JavaScript"></script>
|
||||||
</head>
|
</head>
|
||||||
|
@ -266,6 +267,16 @@
|
||||||
<lang en="Delete provider" fr="Supprimer le fournisseur" />
|
<lang en="Delete provider" fr="Supprimer le fournisseur" />
|
||||||
</button>
|
</button>
|
||||||
|
|
||||||
|
<button id="newoidcrpb" style="display:none;" onclick="newOidcRp();return false;" class="btn btn-success">
|
||||||
|
<i class=" glyphicon glyphicon-plus-sign"></i>
|
||||||
|
<lang en="New relaying party" fr="Nouveau relai" />
|
||||||
|
</button>
|
||||||
|
|
||||||
|
<button id="deloidcrpb" style="display:none;" onclick="delOidcRp(currentId);" class="btn btn-danger">
|
||||||
|
<i class=" glyphicon glyphicon-minus-sign"></i>
|
||||||
|
<lang en="Delete relaying party" fr="Supprimer le relai" />
|
||||||
|
</button>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- Buttons -->
|
<!-- Buttons -->
|
||||||
|
|
|
@ -43,6 +43,7 @@ sub confUpload {
|
||||||
my $catid;
|
my $catid;
|
||||||
my $postname;
|
my $postname;
|
||||||
my $opname;
|
my $opname;
|
||||||
|
my $rpname;
|
||||||
|
|
||||||
# 1. ANALYSE DATAS
|
# 1. ANALYSE DATAS
|
||||||
|
|
||||||
|
@ -117,6 +118,12 @@ s/^text_(NewID_)?li_([\w\/\+\=]+)(\d)(?:_\d+)?$/decode_base64($2.'='x $3)/e;
|
||||||
$opname = $name;
|
$opname = $name;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Get OIDC RP name
|
||||||
|
if ( $id =~ /oidcRPMetaDataExportedVars\/([^\/]*)?$/ ) {
|
||||||
|
$self->lmLog( "Entering RP $name", 'debug' );
|
||||||
|
$rpname = $name;
|
||||||
|
}
|
||||||
|
|
||||||
# Set menu category and application flags
|
# Set menu category and application flags
|
||||||
if ( $id =~ /applicationList/ ) {
|
if ( $id =~ /applicationList/ ) {
|
||||||
if ( $value =~ /^(.*)?\|(.*)?\|(.*)?\|(.*)?\|(.*?)$/ ) {
|
if ( $value =~ /^(.*)?\|(.*)?\|(.*)?\|(.*)?\|(.*?)$/ ) {
|
||||||
|
@ -139,7 +146,7 @@ s/^text_(NewID_)?li_([\w\/\+\=]+)(\d)(?:_\d+)?$/decode_base64($2.'='x $3)/e;
|
||||||
|
|
||||||
# Special case: avoid bug with node created from parent node
|
# Special case: avoid bug with node created from parent node
|
||||||
if ( $id =~
|
if ( $id =~
|
||||||
/^(virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode|generalParameters\/authParams\/choiceParams)/
|
/^(virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode|oidcRPMetaDataNode|generalParameters\/authParams\/choiceParams)/
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$self->lmLog( "Special trigger for $id (attribute $name)",
|
$self->lmLog( "Special trigger for $id (attribute $name)",
|
||||||
|
@ -168,6 +175,10 @@ s/^samlSPMetaDataNode\/([^\/]*)?.*/samlSPMetaDataExportedAttributes\/$1\/$name/;
|
||||||
$id =~
|
$id =~
|
||||||
s/^oidcOPMetaDataNode\/([^\/]*)?.*/oidcOPMetaDataExportedVars\/$1\/$name/;
|
s/^oidcOPMetaDataNode\/([^\/]*)?.*/oidcOPMetaDataExportedVars\/$1\/$name/;
|
||||||
|
|
||||||
|
# OIDC RP attribute
|
||||||
|
$id =~
|
||||||
|
s/^oidcRPMetaDataNode\/([^\/]*)?.*/oidcRPMetaDataExportedVars\/$1\/$name/;
|
||||||
|
|
||||||
# Authentication choice
|
# Authentication choice
|
||||||
$id =~
|
$id =~
|
||||||
s/^generalParameters\/authParams\/choiceParams\/([^\/]*)?.*/authChoiceModules\/$name/;
|
s/^generalParameters\/authParams\/choiceParams\/([^\/]*)?.*/authChoiceModules\/$name/;
|
||||||
|
@ -213,13 +224,17 @@ s/^(samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions)\/(
|
||||||
$id =~
|
$id =~
|
||||||
s/^(oidcOPMetaDataJSON|oidcOPMetaDataJWKS|oidcOPMetaDataExportedVars|oidcOPMetaDataOptions)\/([^\/]*)?\/(.*)$/$1\/$opname\/$3/;
|
s/^(oidcOPMetaDataJSON|oidcOPMetaDataJWKS|oidcOPMetaDataExportedVars|oidcOPMetaDataOptions)\/([^\/]*)?\/(.*)$/$1\/$opname\/$3/;
|
||||||
|
|
||||||
|
# Set current OIDC RP name
|
||||||
|
$id =~
|
||||||
|
s/^(oidcRPMetaDataExportedVars|oidcRPMetaDataOptions)\/([^\/]*)?\/(.*)$/$1\/$rpname\/$3/;
|
||||||
|
|
||||||
# Set current POST URL name
|
# Set current POST URL name
|
||||||
$id =~ s/^(post)\/([^\/]*)?\/(.*)$/$1\/$vhostname\/$postname/;
|
$id =~ s/^(post)\/([^\/]*)?\/(.*)$/$1\/$vhostname\/$postname/;
|
||||||
|
|
||||||
$self->lmLog( "id transformed into $id", 'debug' );
|
$self->lmLog( "id transformed into $id", 'debug' );
|
||||||
|
|
||||||
if ( $id =~
|
if ( $id =~
|
||||||
/^(generalParameters|variables|virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode)/
|
/^(generalParameters|variables|virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode|oidcRPMetaDataNode)/
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$self->lmLog( "Ignoring attribute $name (id $id)", 'debug' );
|
$self->lmLog( "Ignoring attribute $name (id $id)", 'debug' );
|
||||||
|
|
|
@ -311,6 +311,31 @@ sub cstruct {
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
elsif ( $k1 =~ /^oidcRPMetaDataNode/i ) {
|
||||||
|
%$h = (
|
||||||
|
%$h,
|
||||||
|
oidcRPMetaDataNode => {
|
||||||
|
$k2 => {
|
||||||
|
_nodes =>
|
||||||
|
[qw(oidcRPMetaDataExportedVars oidcRPMetaDataOptions)],
|
||||||
|
oidcRPMetaDataExportedVars => {
|
||||||
|
_nodes =>
|
||||||
|
["hash:/oidcRPMetaDataExportedVars/$k2:vars:btext"],
|
||||||
|
_js => 'hashRoot',
|
||||||
|
},
|
||||||
|
oidcRPMetaDataOptions => {
|
||||||
|
_nodes => [
|
||||||
|
qw(oidcRPMetaDataOptionsClientID oidcRPMetaDataOptionsClientSecret)
|
||||||
|
],
|
||||||
|
oidcRPMetaDataOptionsClientID =>
|
||||||
|
"text:/oidcRPMetaDataOptions/$k2/oidcRPMetaDataOptionsClientID",
|
||||||
|
oidcRPMetaDataOptionsClientSecret =>
|
||||||
|
"password:/oidcRPMetaDataOptions/$k2/oidcRPMetaDataOptionsClientSecret",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
return $h;
|
return $h;
|
||||||
}
|
}
|
||||||
|
@ -322,7 +347,7 @@ sub struct {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
return {
|
return {
|
||||||
_nodes => [
|
_nodes => [
|
||||||
qw(n:generalParameters n:variables n:virtualHosts n:samlServiceMetaData n:samlIDPMetaDataNode n:samlSPMetaDataNode n:oidcServiceMetaData n:oidcOPMetaDataNode)
|
qw(n:generalParameters n:variables n:virtualHosts n:samlServiceMetaData n:samlIDPMetaDataNode n:samlSPMetaDataNode n:oidcServiceMetaData n:oidcOPMetaDataNode n:oidcRPMetaDataNode)
|
||||||
],
|
],
|
||||||
_help => 'default',
|
_help => 'default',
|
||||||
|
|
||||||
|
@ -1573,6 +1598,15 @@ sub struct {
|
||||||
_js => 'oidcOPRoot',
|
_js => 'oidcOPRoot',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
oidcRPMetaDataNode => {
|
||||||
|
_nodes => [
|
||||||
|
'nhash:/oidcRPMetaDataExportedVars:oidcRPMetaDataNode:oidcRPMetaData'
|
||||||
|
],
|
||||||
|
_upload => ['/oidcRPMetaDataOptions'],
|
||||||
|
_help => 'oidcRP',
|
||||||
|
_js => 'oidcRPRoot',
|
||||||
|
},
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2327,6 +2361,25 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
# OIDC RP
|
||||||
|
oidcRPMetaDataExportedVars => {
|
||||||
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
||||||
|
keyMsgFail => 'Bad metadata name',
|
||||||
|
'*' => {
|
||||||
|
keyTest => qr/^\w([\w\-]*\w)?$/,
|
||||||
|
keyMsgFail => 'Bad attribute name',
|
||||||
|
test => sub { return 1; },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
oidcRPMetaDataOptions => {
|
||||||
|
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
||||||
|
keyMsgFail => 'Bad metadata name',
|
||||||
|
'*' => {
|
||||||
|
test => sub { return 1; },
|
||||||
|
keyTest => sub { return 1; },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
## @method hashref subDefaultConf()
|
## @method hashref subDefaultConf()
|
||||||
|
|
|
@ -286,6 +286,11 @@ sub en {
|
||||||
'Token endpoint authentication method',
|
'Token endpoint authentication method',
|
||||||
oidcParams => 'OpenID Connect parameters',
|
oidcParams => 'OpenID Connect parameters',
|
||||||
oidcRPCallbackGetParam => 'Callback GET parameter',
|
oidcRPCallbackGetParam => 'Callback GET parameter',
|
||||||
|
oidcRPMetaDataExportedVars => 'Exported attributes',
|
||||||
|
oidcRPMetaDataNode => 'OpenID Connect Relaying Parties',
|
||||||
|
oidcRPMetaDataOptions => 'Options',
|
||||||
|
oidcRPMetaDataOptionsClientID => 'Client ID',
|
||||||
|
oidcRPMetaDataOptionsClientSecret => 'Client secret',
|
||||||
oidcRPStateTimeout => 'State session timeout',
|
oidcRPStateTimeout => 'State session timeout',
|
||||||
oidcServiceMetaData => 'OpenID Connect Service',
|
oidcServiceMetaData => 'OpenID Connect Service',
|
||||||
oidcServiceMetaDataAuthorizeURI => 'Autorization',
|
oidcServiceMetaDataAuthorizeURI => 'Autorization',
|
||||||
|
@ -830,6 +835,11 @@ sub fr {
|
||||||
'Méthode d\'authentification pour l\'accès aux jetons',
|
'Méthode d\'authentification pour l\'accès aux jetons',
|
||||||
oidcParams => 'Paramètres OpenID Connect',
|
oidcParams => 'Paramètres OpenID Connect',
|
||||||
oidcRPCallbackGetParam => 'Paramètre GET callback',
|
oidcRPCallbackGetParam => 'Paramètre GET callback',
|
||||||
|
oidcRPMetaDataExportedVars => 'Attributs exportés',
|
||||||
|
oidcRPMetaDataNode => 'Relais OpenID Connect',
|
||||||
|
oidcRPMetaDataOptions => 'Options',
|
||||||
|
oidcRPMetaDataOptionsClientID => 'Identifiant',
|
||||||
|
oidcRPMetaDataOptionsClientSecret => 'Mot de passe',
|
||||||
oidcRPStateTimeout => 'Durée d\'une session state',
|
oidcRPStateTimeout => 'Durée d\'une session state',
|
||||||
oidcServiceMetaData => "Service OpenID Connect",
|
oidcServiceMetaData => "Service OpenID Connect",
|
||||||
oidcServiceMetaDataAuthorizeURI => "Autorisation",
|
oidcServiceMetaDataAuthorizeURI => "Autorisation",
|
||||||
|
|
Loading…
Reference in New Issue
Block a user