Store all issuer/auth parameters (#967)
This commit is contained in:
parent
396755a97c
commit
dc8b8a4d91
|
@ -34,10 +34,10 @@ my $ignoreKeys;
|
|||
my $mainTree;
|
||||
my @sessionTypes;
|
||||
my @simpleHashKeys;
|
||||
my $authParams;
|
||||
my $issuerParams;
|
||||
my $samlServiceParams;
|
||||
my $oidcServiceParams;
|
||||
my $authParameters;
|
||||
my $issuerParameters;
|
||||
my $samlServiceParameters;
|
||||
my $oidcServiceParameters;
|
||||
|
||||
my $attributes = Lemonldap::NG::Manager::Build::Attributes::attributes();
|
||||
my $jsonEnc = JSON->new()->allow_nonref;
|
||||
|
@ -153,7 +153,7 @@ sub run {
|
|||
my $exportedVars =
|
||||
'$'
|
||||
. join( 'Keys $', 'simpleHash', 'specialNode', sort keys %cnodesRe )
|
||||
. 'Keys $specialNodeHash @sessionTypes $authParameters';
|
||||
. 'Keys $specialNodeHash @sessionTypes $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters';
|
||||
print F <<EOF;
|
||||
# This file is generated by $module. Don't modify it by hand
|
||||
package Lemonldap::NG::Manager::Constants;
|
||||
|
@ -192,13 +192,22 @@ EOF
|
|||
foreach ( sort keys %cnodesRe ) {
|
||||
print F "our \$${_}Keys = '$cnodesRe{$_}';\n";
|
||||
}
|
||||
print F "\n";
|
||||
|
||||
$tmp = "our \$authParameters = {\n";
|
||||
while(my($k,$v) = each %$authParams) {
|
||||
$tmp .= " $k => [qw(".join(' ',@$v).")],\n";
|
||||
foreach (qw(authParameters issuerParameters)) {
|
||||
$tmp = "our \$$_ = {\n";
|
||||
no strict 'refs';
|
||||
foreach my $k ( sort keys %$$_ ) {
|
||||
my $v = $$_->{$k};
|
||||
$tmp .= " $k => [qw(" . join( ' ', @$v ) . ")],\n";
|
||||
}
|
||||
print F "$tmp};\n";
|
||||
}
|
||||
foreach (qw(samlServiceParameters oidcServiceParameters)) {
|
||||
no strict 'refs';
|
||||
$tmp = "our \$$_ = [qw(" . join( ' ', @$$_ ) . ")];\n";
|
||||
print F "$tmp";
|
||||
}
|
||||
|
||||
print F "\n$tmp};\n";
|
||||
|
||||
print F "\n1;\n";
|
||||
close F;
|
||||
|
@ -409,16 +418,35 @@ sub scanTree {
|
|||
elsif ( ref($leaf) ) {
|
||||
$jleaf->{title} = $jleaf->{id} = $leaf->{title};
|
||||
$jleaf->{type} = $leaf->{form} if ( $leaf->{form} );
|
||||
if ( $leaf->{title} =~ /^((?:oidc|saml)Service)MetaData$/ ) {
|
||||
no strict 'refs';
|
||||
my @tmp = $self->scanLeaf( $leaf->{nodes} );
|
||||
${ $1 . 'Parameters' } = \@tmp;
|
||||
}
|
||||
foreach my $n (qw(nodes nodes_cond)) {
|
||||
if ( $leaf->{$n} ) {
|
||||
$jleaf->{"_$n"} = [];
|
||||
$self->scanTree( $leaf->{$n}, $jleaf->{"_$n"}, $prefix,
|
||||
"$path.$nodeName\[$ord\]" );
|
||||
if ( $leaf->{title} eq 'authParams' and $n eq 'nodes_cond' ) {
|
||||
foreach my $sn (@{$leaf->{$n}}) {
|
||||
if (
|
||||
(
|
||||
$leaf->{title} eq 'authParams'
|
||||
and $n eq 'nodes_cond'
|
||||
)
|
||||
or $leaf->{title} eq 'issuerParams'
|
||||
)
|
||||
{
|
||||
my $vn = $leaf->{title};
|
||||
$vn =~ s/Params$/Parameters/;
|
||||
foreach my $sn ( @{ $leaf->{$n} } ) {
|
||||
no strict 'refs';
|
||||
my @cn = $self->scanLeaf( $sn->{nodes} );
|
||||
$authParams->{$sn->{title}} = \@cn;
|
||||
${$vn}->{ $sn->{title} } = \@cn;
|
||||
}
|
||||
}
|
||||
elsif ( $leaf->{title} eq 'issuerParams' ) {
|
||||
}
|
||||
if ( $n eq 'nodes_cond' ) {
|
||||
foreach my $sn ( @{ $jleaf->{"_$n"} } ) {
|
||||
$sn->{show} = 'false';
|
||||
}
|
||||
|
@ -499,11 +527,25 @@ sub scanTree {
|
|||
}
|
||||
|
||||
sub scanLeaf {
|
||||
my($self,$tree)=@_;
|
||||
my ( $self, $tree ) = @_;
|
||||
my @res;
|
||||
foreach my $k (@$tree) {
|
||||
if(ref $k) {
|
||||
push @res, $self->scanLeaf($k->{nodes});
|
||||
if ( ref $k ) {
|
||||
push @res, $self->scanLeaf1( $k->{nodes} || $k->{group} );
|
||||
}
|
||||
else {
|
||||
push @res, $k;
|
||||
}
|
||||
}
|
||||
return @res;
|
||||
}
|
||||
|
||||
sub scanLeaf1 {
|
||||
my ( $self, $tree ) = @_;
|
||||
my @res;
|
||||
foreach my $k (@$tree) {
|
||||
if ( ref $k ) {
|
||||
push @res, $self->scanLeaf( $k->{nodes} || $k->{group} );
|
||||
}
|
||||
else {
|
||||
push @res, $k;
|
||||
|
|
|
@ -7,7 +7,7 @@ use base qw(Exporter);
|
|||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $specialNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash @sessionTypes $authParameters)] );
|
||||
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $specialNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash @sessionTypes $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters)] );
|
||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
|
||||
|
@ -30,28 +30,36 @@ our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey
|
|||
our $virtualHostKeys = '(?:vhost(?:(?:Aliase|Http)s|Maintenance|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
||||
our $authParameters = {
|
||||
apacheParams => [qw(apacheAuthnLevel)],
|
||||
adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)],
|
||||
yubikeyParams => [qw(yubikeyAuthnLevel yubikeyClientID yubikeySecretKey yubikeyPublicIDSize)],
|
||||
openidParams => [qw(openIdAuthnLevel openIdExportedVars openIdSecret openIdIDPList)],
|
||||
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)],
|
||||
multiParams => [qw(multiAuthStack multiUserDBStack)],
|
||||
choiceParams => [qw(authChoiceParam authChoiceModules)],
|
||||
apacheParams => [qw(apacheAuthnLevel)],
|
||||
browseridParams => [qw(browserIdAuthnLevel browserIdAutoLogin browserIdVerificationURL browserIdSiteName browserIdSiteLogo browserIdBackgroundColor)],
|
||||
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
|
||||
proxyParams => [qw(soapAuthService remoteCookieName soapSessionService)],
|
||||
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName)],
|
||||
webiDParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
|
||||
casParams => [qw(CAS_authnLevel CAS_url CAS_CAFile CAS_renew CAS_gateway CAS_pgtFile CAS_proxiedServices)],
|
||||
choiceParams => [qw(authChoiceParam authChoiceModules)],
|
||||
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)],
|
||||
demoParams => [qw(demoExportedVars)],
|
||||
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)],
|
||||
nullParams => [qw(nullAuthnLevel)],
|
||||
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
|
||||
googleParams => [qw(googleAuthnLevel googleExportedVars)],
|
||||
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue)],
|
||||
multiParams => [qw(multiAuthStack multiUserDBStack)],
|
||||
nullParams => [qw(nullAuthnLevel)],
|
||||
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
|
||||
openidParams => [qw(openIdAuthnLevel openIdExportedVars openIdSecret openIdIDPList)],
|
||||
proxyParams => [qw(soapAuthService remoteCookieName soapSessionService)],
|
||||
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
|
||||
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
|
||||
slaveParams => [qw(slaveAuthnLevel slaveExportedVars slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent)],
|
||||
sslParams => [qw(SSLAuthnLevel SSLVar)],
|
||||
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
|
||||
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue)],
|
||||
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName)],
|
||||
webiDParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
|
||||
yubikeyParams => [qw(yubikeyAuthnLevel yubikeyClientID yubikeySecretKey yubikeyPublicIDSize)],
|
||||
};
|
||||
our $issuerParameters = {
|
||||
issuerDBCAS => [qw(issuerDBCASActivation issuerDBCASPath issuerDBCASRule casAttr casAttributes casAccessControlPolicy casStorage casStorageOptions)],
|
||||
issuerDBOpenID => [qw(issuerDBOpenIDActivation issuerDBOpenIDPath issuerDBOpenIDRule openIdIssuerSecret openIdAttr openIdSPList openIdSreg_fullname openIdSreg_nickname openIdSreg_language openIdSreg_postcode openIdSreg_timezone openIdSreg_country openIdSreg_gender openIdSreg_email openIdSreg_dob)],
|
||||
issuerDBOpenIDConnect => [qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)],
|
||||
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
|
||||
};
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleSignOnServiceSOAP samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter)];
|
||||
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)];
|
||||
|
||||
1;
|
||||
|
|
Loading…
Reference in New Issue
Block a user