OpenID Connect relaying parties in Manager (#184)
This commit is contained in:
parent
70281de82d
commit
d2423d1a6c
|
@ -126,6 +126,8 @@ sub unserialize {
|
|||
|oidcOPMetaDataJSON
|
||||
|oidcOPMetaDataJWKS
|
||||
|oidcOPMetaDataOptions
|
||||
|oidcRPMetaDataExportedVars
|
||||
|oidcRPMetaDataOptions
|
||||
|openIdExportedVars
|
||||
|persistentStorageOptions
|
||||
|portalSkinRules
|
||||
|
|
|
@ -100,6 +100,27 @@ has 'oidcOPMetaDataOptionsTokenEndpointAuthMethod' => (
|
|||
documentation => "OIDC OP scope",
|
||||
);
|
||||
|
||||
has 'oidcRPMetaDataExportedVars' => (
|
||||
is => 'rw',
|
||||
isa => 'HashRef',
|
||||
default => sub { return { 'sub' => 'uid' }; },
|
||||
documentation => "Exported vars for a RP",
|
||||
);
|
||||
|
||||
has 'oidcRPMetaDataOptionsClientID' => (
|
||||
is => 'rw',
|
||||
isa => 'Str|Undef',
|
||||
default => undef,
|
||||
documentation => "OIDC RP client ID",
|
||||
);
|
||||
|
||||
has 'oidcRPMetaDataOptionsClientSecret' => (
|
||||
is => 'rw',
|
||||
isa => 'Str|Undef',
|
||||
default => undef,
|
||||
documentation => "OIDC RP client Secret",
|
||||
);
|
||||
|
||||
## P
|
||||
|
||||
has 'post' => (
|
||||
|
|
|
@ -465,6 +465,7 @@ function display(div, title) {
|
|||
$('#newpostr,#delpost').hide();
|
||||
$('#newpostdatar,#delpostdata').hide();
|
||||
$('#newoidcopb,#deloidcopb').hide();
|
||||
$('#newoidcrpb,#deloidcrpb').hide();
|
||||
// Resize (or hide) Help window
|
||||
resizeHelp();
|
||||
}
|
||||
|
@ -497,6 +498,11 @@ function oidcOPRoot(id) {
|
|||
display('default', '');
|
||||
$('#newoidcopb').show();
|
||||
}
|
||||
function oidcRPRoot(id) {
|
||||
currentId = id;
|
||||
display('default', '');
|
||||
$('#newoidcrpb').show();
|
||||
}
|
||||
/* @function splitModuleAndOptions(string data)
|
||||
* Split module and options from authentication or userDB string
|
||||
* @return module, options
|
||||
|
@ -847,6 +853,17 @@ function oidcOPMetaData(id) {
|
|||
}
|
||||
$('#newoidcopb').show();
|
||||
}
|
||||
function oidcRPMetaData(id) {
|
||||
currentId = id;
|
||||
$('#oidcRPMetaData').val(lmtext(id));
|
||||
display('oidcRPMetaData', lmtext(id));
|
||||
if ($('#li_' + myB64('/oidcRPMetaDataNode')).find('span').size() == 1) {
|
||||
$('#deloidcrpb').hide();
|
||||
} else {
|
||||
$('#deloidcrpb').show();
|
||||
}
|
||||
$('#newoidcrpb').show();
|
||||
}
|
||||
function samlService(id) {
|
||||
currentId = id;
|
||||
var t = lmdata(id).split(';');
|
||||
|
@ -1123,6 +1140,24 @@ function delOidcOp(id) {
|
|||
oidcOPMetaData(id);
|
||||
}
|
||||
}
|
||||
function newOidcRp() {
|
||||
var name = prompt(text4newOidcRp, 'rp-example');
|
||||
if (!name) {
|
||||
return false;
|
||||
}
|
||||
var rpId = 'li_' + myB64('/oidcRPMetaDataExportedVars/' + name);
|
||||
simpleTreeCollection[0].newAjaxNodeIn($('#li_L29pZGNSUE1ldGFEYXRhTm9kZQ2'), rpId, name, scriptname + '?type=new&node=/oidcRPMetaDataNode/' + name, function(d, s) {
|
||||
$('>span', s).attr('name', name).attr('help', 'default').attr('id', 'text_' + rpId).attr('onclick', 'oidcRPMetaData(\'' + rpId + '\')');
|
||||
oidcRPMetaData(rpId);
|
||||
});
|
||||
}
|
||||
function delOidcRp(id) {
|
||||
var rpname = lmtext(id);
|
||||
if (confirm('Delete ' + rpname + ' ?')) {
|
||||
delKey(id);
|
||||
oidcRPMetaData(id);
|
||||
}
|
||||
}
|
||||
var cfgAttrDone = 0;
|
||||
function uploadConf(f) {
|
||||
if (! (f == 1)) f = 0;
|
||||
|
|
|
@ -53,6 +53,7 @@
|
|||
var text4newCondition='<lang en="New Condition" fr="Nouvelle Condition" />';
|
||||
var lang='<TMPL_VAR NAME="LANG">';
|
||||
var text4newOidcOp='<lang en="Provider name" fr="Nom du fournisseur" />';
|
||||
var text4newOidcRp='<lang en="Relaying party name" fr="Nom du relai" />';
|
||||
//]]></script>
|
||||
<script src="<TMPL_VAR NAME="DIR">/js/manager.js" type="text/JavaScript"></script>
|
||||
</head>
|
||||
|
@ -266,6 +267,16 @@
|
|||
<lang en="Delete provider" fr="Supprimer le fournisseur" />
|
||||
</button>
|
||||
|
||||
<button id="newoidcrpb" style="display:none;" onclick="newOidcRp();return false;" class="btn btn-success">
|
||||
<i class=" glyphicon glyphicon-plus-sign"></i>
|
||||
<lang en="New relaying party" fr="Nouveau relai" />
|
||||
</button>
|
||||
|
||||
<button id="deloidcrpb" style="display:none;" onclick="delOidcRp(currentId);" class="btn btn-danger">
|
||||
<i class=" glyphicon glyphicon-minus-sign"></i>
|
||||
<lang en="Delete relaying party" fr="Supprimer le relai" />
|
||||
</button>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- Buttons -->
|
||||
|
|
|
@ -43,6 +43,7 @@ sub confUpload {
|
|||
my $catid;
|
||||
my $postname;
|
||||
my $opname;
|
||||
my $rpname;
|
||||
|
||||
# 1. ANALYSE DATAS
|
||||
|
||||
|
@ -117,6 +118,12 @@ s/^text_(NewID_)?li_([\w\/\+\=]+)(\d)(?:_\d+)?$/decode_base64($2.'='x $3)/e;
|
|||
$opname = $name;
|
||||
}
|
||||
|
||||
# Get OIDC RP name
|
||||
if ( $id =~ /oidcRPMetaDataExportedVars\/([^\/]*)?$/ ) {
|
||||
$self->lmLog( "Entering RP $name", 'debug' );
|
||||
$rpname = $name;
|
||||
}
|
||||
|
||||
# Set menu category and application flags
|
||||
if ( $id =~ /applicationList/ ) {
|
||||
if ( $value =~ /^(.*)?\|(.*)?\|(.*)?\|(.*)?\|(.*?)$/ ) {
|
||||
|
@ -139,7 +146,7 @@ s/^text_(NewID_)?li_([\w\/\+\=]+)(\d)(?:_\d+)?$/decode_base64($2.'='x $3)/e;
|
|||
|
||||
# Special case: avoid bug with node created from parent node
|
||||
if ( $id =~
|
||||
/^(virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode|generalParameters\/authParams\/choiceParams)/
|
||||
/^(virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode|oidcRPMetaDataNode|generalParameters\/authParams\/choiceParams)/
|
||||
)
|
||||
{
|
||||
$self->lmLog( "Special trigger for $id (attribute $name)",
|
||||
|
@ -168,6 +175,10 @@ s/^samlSPMetaDataNode\/([^\/]*)?.*/samlSPMetaDataExportedAttributes\/$1\/$name/;
|
|||
$id =~
|
||||
s/^oidcOPMetaDataNode\/([^\/]*)?.*/oidcOPMetaDataExportedVars\/$1\/$name/;
|
||||
|
||||
# OIDC RP attribute
|
||||
$id =~
|
||||
s/^oidcRPMetaDataNode\/([^\/]*)?.*/oidcRPMetaDataExportedVars\/$1\/$name/;
|
||||
|
||||
# Authentication choice
|
||||
$id =~
|
||||
s/^generalParameters\/authParams\/choiceParams\/([^\/]*)?.*/authChoiceModules\/$name/;
|
||||
|
@ -213,13 +224,17 @@ s/^(samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions)\/(
|
|||
$id =~
|
||||
s/^(oidcOPMetaDataJSON|oidcOPMetaDataJWKS|oidcOPMetaDataExportedVars|oidcOPMetaDataOptions)\/([^\/]*)?\/(.*)$/$1\/$opname\/$3/;
|
||||
|
||||
# Set current OIDC RP name
|
||||
$id =~
|
||||
s/^(oidcRPMetaDataExportedVars|oidcRPMetaDataOptions)\/([^\/]*)?\/(.*)$/$1\/$rpname\/$3/;
|
||||
|
||||
# Set current POST URL name
|
||||
$id =~ s/^(post)\/([^\/]*)?\/(.*)$/$1\/$vhostname\/$postname/;
|
||||
|
||||
$self->lmLog( "id transformed into $id", 'debug' );
|
||||
|
||||
if ( $id =~
|
||||
/^(generalParameters|variables|virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode)/
|
||||
/^(generalParameters|variables|virtualHosts|samlIDPMetaDataNode|samlSPMetaDataNode|oidcOPMetaDataNode|oidcRPMetaDataNode)/
|
||||
)
|
||||
{
|
||||
$self->lmLog( "Ignoring attribute $name (id $id)", 'debug' );
|
||||
|
|
|
@ -311,6 +311,31 @@ sub cstruct {
|
|||
},
|
||||
);
|
||||
}
|
||||
elsif ( $k1 =~ /^oidcRPMetaDataNode/i ) {
|
||||
%$h = (
|
||||
%$h,
|
||||
oidcRPMetaDataNode => {
|
||||
$k2 => {
|
||||
_nodes =>
|
||||
[qw(oidcRPMetaDataExportedVars oidcRPMetaDataOptions)],
|
||||
oidcRPMetaDataExportedVars => {
|
||||
_nodes =>
|
||||
["hash:/oidcRPMetaDataExportedVars/$k2:vars:btext"],
|
||||
_js => 'hashRoot',
|
||||
},
|
||||
oidcRPMetaDataOptions => {
|
||||
_nodes => [
|
||||
qw(oidcRPMetaDataOptionsClientID oidcRPMetaDataOptionsClientSecret)
|
||||
],
|
||||
oidcRPMetaDataOptionsClientID =>
|
||||
"text:/oidcRPMetaDataOptions/$k2/oidcRPMetaDataOptionsClientID",
|
||||
oidcRPMetaDataOptionsClientSecret =>
|
||||
"password:/oidcRPMetaDataOptions/$k2/oidcRPMetaDataOptionsClientSecret",
|
||||
},
|
||||
},
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
return $h;
|
||||
}
|
||||
|
@ -322,7 +347,7 @@ sub struct {
|
|||
my $self = shift;
|
||||
return {
|
||||
_nodes => [
|
||||
qw(n:generalParameters n:variables n:virtualHosts n:samlServiceMetaData n:samlIDPMetaDataNode n:samlSPMetaDataNode n:oidcServiceMetaData n:oidcOPMetaDataNode)
|
||||
qw(n:generalParameters n:variables n:virtualHosts n:samlServiceMetaData n:samlIDPMetaDataNode n:samlSPMetaDataNode n:oidcServiceMetaData n:oidcOPMetaDataNode n:oidcRPMetaDataNode)
|
||||
],
|
||||
_help => 'default',
|
||||
|
||||
|
@ -1573,6 +1598,15 @@ sub struct {
|
|||
_js => 'oidcOPRoot',
|
||||
},
|
||||
|
||||
oidcRPMetaDataNode => {
|
||||
_nodes => [
|
||||
'nhash:/oidcRPMetaDataExportedVars:oidcRPMetaDataNode:oidcRPMetaData'
|
||||
],
|
||||
_upload => ['/oidcRPMetaDataOptions'],
|
||||
_help => 'oidcRP',
|
||||
_js => 'oidcRPRoot',
|
||||
},
|
||||
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -2327,6 +2361,25 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
},
|
||||
},
|
||||
|
||||
# OIDC RP
|
||||
oidcRPMetaDataExportedVars => {
|
||||
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
||||
keyMsgFail => 'Bad metadata name',
|
||||
'*' => {
|
||||
keyTest => qr/^\w([\w\-]*\w)?$/,
|
||||
keyMsgFail => 'Bad attribute name',
|
||||
test => sub { return 1; },
|
||||
},
|
||||
},
|
||||
oidcRPMetaDataOptions => {
|
||||
keyTest => qr/^[a-zA-Z](?:[\w\-\.]*\w)?$/,
|
||||
keyMsgFail => 'Bad metadata name',
|
||||
'*' => {
|
||||
test => sub { return 1; },
|
||||
keyTest => sub { return 1; },
|
||||
},
|
||||
},
|
||||
|
||||
};
|
||||
}
|
||||
## @method hashref subDefaultConf()
|
||||
|
|
|
@ -286,6 +286,11 @@ sub en {
|
|||
'Token endpoint authentication method',
|
||||
oidcParams => 'OpenID Connect parameters',
|
||||
oidcRPCallbackGetParam => 'Callback GET parameter',
|
||||
oidcRPMetaDataExportedVars => 'Exported attributes',
|
||||
oidcRPMetaDataNode => 'OpenID Connect Relaying Parties',
|
||||
oidcRPMetaDataOptions => 'Options',
|
||||
oidcRPMetaDataOptionsClientID => 'Client ID',
|
||||
oidcRPMetaDataOptionsClientSecret => 'Client secret',
|
||||
oidcRPStateTimeout => 'State session timeout',
|
||||
oidcServiceMetaData => 'OpenID Connect Service',
|
||||
oidcServiceMetaDataAuthorizeURI => 'Autorization',
|
||||
|
@ -830,6 +835,11 @@ sub fr {
|
|||
'Méthode d\'authentification pour l\'accès aux jetons',
|
||||
oidcParams => 'Paramètres OpenID Connect',
|
||||
oidcRPCallbackGetParam => 'Paramètre GET callback',
|
||||
oidcRPMetaDataExportedVars => 'Attributs exportés',
|
||||
oidcRPMetaDataNode => 'Relais OpenID Connect',
|
||||
oidcRPMetaDataOptions => 'Options',
|
||||
oidcRPMetaDataOptionsClientID => 'Identifiant',
|
||||
oidcRPMetaDataOptionsClientSecret => 'Mot de passe',
|
||||
oidcRPStateTimeout => 'Durée d\'une session state',
|
||||
oidcServiceMetaData => "Service OpenID Connect",
|
||||
oidcServiceMetaDataAuthorizeURI => "Autorisation",
|
||||
|
|
Loading…
Reference in New Issue
Block a user