Integrate API Documentation
This commit is contained in:
parent
f4bca12ab7
commit
df9525095e
8
Makefile
8
Makefile
|
@ -1183,3 +1183,11 @@ e2e_cert:
|
||||||
-reqexts SAN \
|
-reqexts SAN \
|
||||||
-extensions SAN \
|
-extensions SAN \
|
||||||
-config e2e-tests/openssl.cnf
|
-config e2e-tests/openssl.cnf
|
||||||
|
|
||||||
|
api_doc: doc/sources/manager-api/openapi-spec.yaml doc/sources/manager-api/config-codegen.json
|
||||||
|
@if [ -f "$(SWAGGER_CODEGEN)" ] ; then \
|
||||||
|
java -jar "$(SWAGGER_CODEGEN)" generate -i doc/sources/manager-api/openapi-spec.yaml -l html2 -o doc/pages/manager-api/ -c doc/sources/manager-api/config-codegen.json; \
|
||||||
|
else \
|
||||||
|
echo "Please run me with SWAGGER_CODEGEN=/path/to/swagger-codegen.jar"; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
|
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
|
||||||
|
|
||||||
# REST URLs
|
# REST URLs
|
||||||
|
RewriteCond "%{REQUEST_URI}" "!^/(?:doc)"
|
||||||
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
|
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
|
||||||
|
|
||||||
# 2) FastCGI engine
|
# 2) FastCGI engine
|
||||||
|
@ -83,6 +84,15 @@
|
||||||
</IfModule>
|
</IfModule>
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
|
# On-line documentation
|
||||||
|
Alias /doc/ __DEFDOCDIR__
|
||||||
|
<Directory __DEFDOCDIR__>
|
||||||
|
Require all granted
|
||||||
|
ErrorDocument 404 /notfound.html
|
||||||
|
Options +FollowSymLinks
|
||||||
|
DirectoryIndex index.html start.html
|
||||||
|
</Directory>
|
||||||
|
|
||||||
# Uncomment this if site if you use SSL only
|
# Uncomment this if site if you use SSL only
|
||||||
#Header set Strict-Transport-Security "max-age=15768000"
|
#Header set Strict-Transport-Security "max-age=15768000"
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
|
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
|
||||||
|
|
||||||
# REST URLs
|
# REST URLs
|
||||||
|
RewriteCond "%{REQUEST_URI}" "!^/(?:doc)"
|
||||||
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
|
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
|
||||||
|
|
||||||
# 2) FastCGI engine
|
# 2) FastCGI engine
|
||||||
|
@ -90,6 +91,21 @@
|
||||||
</IfModule>
|
</IfModule>
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
|
# On-line documentation
|
||||||
|
Alias /doc/ __DEFDOCDIR__
|
||||||
|
<Directory __DEFDOCDIR__>
|
||||||
|
<IfVersion >= 2.3>
|
||||||
|
Require all granted
|
||||||
|
</IfVersion>
|
||||||
|
<IfVersion < 2.3>
|
||||||
|
Order Deny,Allow
|
||||||
|
Allow from all
|
||||||
|
</IfVersion>
|
||||||
|
ErrorDocument 404 /notfound.html
|
||||||
|
Options +FollowSymLinks
|
||||||
|
DirectoryIndex index.html start.html
|
||||||
|
</Directory>
|
||||||
|
|
||||||
# Uncomment this if site if you use SSL only
|
# Uncomment this if site if you use SSL only
|
||||||
#Header set Strict-Transport-Security "max-age=15768000"
|
#Header set Strict-Transport-Security "max-age=15768000"
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
|
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
|
||||||
|
|
||||||
# REST URLs
|
# REST URLs
|
||||||
|
RewriteCond "%{REQUEST_URI}" "!^/(?:doc)"
|
||||||
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
|
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
|
||||||
|
|
||||||
# 2) FastCGI engine
|
# 2) FastCGI engine
|
||||||
|
@ -84,6 +85,16 @@
|
||||||
</IfModule>
|
</IfModule>
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
|
# On-line documentation
|
||||||
|
Alias /doc/ __DEFDOCDIR__
|
||||||
|
<Directory __DEFDOCDIR__>
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
ErrorDocument 404 /notfound.html
|
||||||
|
Options +FollowSymLinks
|
||||||
|
DirectoryIndex index.html start.html
|
||||||
|
</Directory>
|
||||||
|
|
||||||
# Uncomment this if site if you use SSL only
|
# Uncomment this if site if you use SSL only
|
||||||
#Header set Strict-Transport-Security "max-age=15768000"
|
#Header set Strict-Transport-Security "max-age=15768000"
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
|
@ -15,7 +15,13 @@ server {
|
||||||
#set_real_ip_from 127.0.0.1;
|
#set_real_ip_from 127.0.0.1;
|
||||||
#real_ip_header X-Forwarded-For;
|
#real_ip_header X-Forwarded-For;
|
||||||
|
|
||||||
rewrite ^/(.*)$ /api.psgi/$1 break;
|
location /doc/ {
|
||||||
|
alias /usr/share/doc/lemonldap-ng-doc/;
|
||||||
|
index index.html start.html;
|
||||||
|
}
|
||||||
|
location / {
|
||||||
|
rewrite ^/(.*)$ /api.psgi/$1;
|
||||||
|
}
|
||||||
|
|
||||||
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
|
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
|
||||||
|
|
||||||
|
@ -37,17 +43,18 @@ server {
|
||||||
# Uncomment this if you use https only
|
# Uncomment this if you use https only
|
||||||
#add_header Strict-Transport-Security "max-age=15768000";
|
#add_header Strict-Transport-Security "max-age=15768000";
|
||||||
|
|
||||||
# By default, access to this VHost is denied
|
|
||||||
# If you want to enable the manager APIs, you MUST
|
|
||||||
# implement a robust authentication scheme to protect this
|
|
||||||
# VHost since LemonLDAP::NG provides no protection to the
|
|
||||||
# Manager APIs yet
|
|
||||||
#
|
|
||||||
#allow 127.0.0.0/8;
|
|
||||||
#allow ::1/128;
|
|
||||||
deny all;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# By default, access to this VHost is denied
|
||||||
|
# If you want to enable the manager APIs, you MUST
|
||||||
|
# implement a robust authentication scheme to protect this
|
||||||
|
# VHost since LemonLDAP::NG provides no protection to the
|
||||||
|
# Manager APIs yet
|
||||||
|
#
|
||||||
|
#allow 127.0.0.0/8;
|
||||||
|
#allow ::1/128;
|
||||||
|
deny all;
|
||||||
|
|
||||||
# DEBIAN
|
# DEBIAN
|
||||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||||
#location /javascript/ {
|
#location /javascript/ {
|
||||||
|
|
|
@ -5,9 +5,14 @@
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<div class="container text-center">
|
<div class="container text-center">
|
||||||
<h1>LemonLDAP::NG offline documentation</h1>
|
<h1>LemonLDAP::NG Administrator documentation</h1>
|
||||||
<hr />
|
<hr />
|
||||||
<a href="pages/documentation/current/start.html" class="btn btn-lg btn-primary">Documentation</a>
|
<a href="pages/documentation/current/start.html" class="btn btn-lg btn-primary">Documentation</a>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="container text-center">
|
||||||
|
<h1>LemonLDAP::NG Manager API documentation</h1>
|
||||||
|
<hr />
|
||||||
|
<a href="pages/manager-api/index.html" class="btn btn-lg btn-primary">API Reference</a>
|
||||||
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Swagger Codegen Ignore
|
||||||
|
# Generated by swagger-codegen https://github.com/swagger-api/swagger-codegen
|
||||||
|
|
||||||
|
# Use this file to prevent files from being overwritten by the generator.
|
||||||
|
# The patterns follow closely to .gitignore or .dockerignore.
|
||||||
|
|
||||||
|
# As an example, the C# client generator defines ApiClient.cs.
|
||||||
|
# You can make changes and tell Swagger Codgen to ignore just this file by uncommenting the following line:
|
||||||
|
#ApiClient.cs
|
||||||
|
|
||||||
|
# You can match any string of characters against a directory, file or extension with a single asterisk (*):
|
||||||
|
#foo/*/qux
|
||||||
|
# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
|
||||||
|
|
||||||
|
# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
|
||||||
|
#foo/**/qux
|
||||||
|
# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
|
||||||
|
|
||||||
|
# You can also negate patterns with an exclamation (!).
|
||||||
|
# For example, you can ignore all files in a docs folder with the file extension .md:
|
||||||
|
#docs/*.md
|
||||||
|
# Then explicitly reverse the ignore rule for a single file:
|
||||||
|
#!docs/README.md
|
|
@ -0,0 +1 @@
|
||||||
|
3.0.18
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,6 @@
|
||||||
|
{ "appName": "LemonLDAP::NG",
|
||||||
|
"appDescription": "API documentation for the LemonLDAP::NG Manager API",
|
||||||
|
"infoUrl": "https://lemonldap-ng.org/",
|
||||||
|
"infoEmail": ""
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,785 @@
|
||||||
|
openapi: 3.0.1
|
||||||
|
info:
|
||||||
|
title: LemonLDAP::NG Manager API
|
||||||
|
description: The Manager API allows an administrator to modify the LemonLDAP::NG configuration programmatically. It is not meant to be accessed by end users.
|
||||||
|
version: 2.0.8
|
||||||
|
servers:
|
||||||
|
- url: /api/v1
|
||||||
|
tags:
|
||||||
|
- name: samlsp
|
||||||
|
description: SAML Service Providers
|
||||||
|
- name: oidcrp
|
||||||
|
description: OpenID Connect Relaying Parties
|
||||||
|
- name: 2fa
|
||||||
|
description: Registered Second Factors
|
||||||
|
|
||||||
|
paths:
|
||||||
|
/api/v1/providers/saml/sp:
|
||||||
|
post:
|
||||||
|
tags:
|
||||||
|
- samlsp
|
||||||
|
summary: Create a new SAML Service provider
|
||||||
|
operationId: addsamlsp
|
||||||
|
requestBody:
|
||||||
|
description: SAML Service provider to add
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/SamlSp'
|
||||||
|
required: true
|
||||||
|
responses:
|
||||||
|
201:
|
||||||
|
$ref: '#/components/responses/Created'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
409:
|
||||||
|
$ref: '#/components/responses/Conflict'
|
||||||
|
|
||||||
|
/api/v1/providers/saml/sp/findByConfKey:
|
||||||
|
get:
|
||||||
|
tags:
|
||||||
|
- samlsp
|
||||||
|
summary: Finds SAML Service providers by configuration key
|
||||||
|
description: Takes a search pattern to be tested against existing service providers
|
||||||
|
operationId: findSamlSpByConfKey
|
||||||
|
parameters:
|
||||||
|
- name: pattern
|
||||||
|
in: query
|
||||||
|
description: Search pattern
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
type: "string"
|
||||||
|
examples:
|
||||||
|
any:
|
||||||
|
summary: Any value
|
||||||
|
value: "*"
|
||||||
|
prefix:
|
||||||
|
summary: Given prefix
|
||||||
|
value: "zone1-*"
|
||||||
|
anywhere:
|
||||||
|
summary: Substring
|
||||||
|
value: "something"
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/ManySamlSp'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
|
||||||
|
/api/v1/providers/saml/sp/findByEntityId:
|
||||||
|
get:
|
||||||
|
tags:
|
||||||
|
- samlsp
|
||||||
|
summary: Finds SAML Service Provider by Entity ID
|
||||||
|
operationId: findSamlSpByEntityId
|
||||||
|
parameters:
|
||||||
|
- name: entityId
|
||||||
|
in: query
|
||||||
|
description: Entity ID to search
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
type: "string"
|
||||||
|
example: http://mysp.example.com/saml/metadata
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/OneSamlSp'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
/api/v1/providers/saml/sp/{confKey}:
|
||||||
|
get:
|
||||||
|
tags:
|
||||||
|
- samlsp
|
||||||
|
summary: Get SAML Service Provider by configuration key
|
||||||
|
description: Returns a single Service Provider
|
||||||
|
operationId: getSamlSpByConfKey
|
||||||
|
parameters:
|
||||||
|
- name: confKey
|
||||||
|
in: path
|
||||||
|
description: Configuration key of SAML Service Provider
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/OneSamlSp'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
put:
|
||||||
|
tags:
|
||||||
|
- samlsp
|
||||||
|
summary: Replaces a SAML Service
|
||||||
|
operationId: replaceSamlSp
|
||||||
|
parameters:
|
||||||
|
- name: confKey
|
||||||
|
in: path
|
||||||
|
description: Configuration key of SAML Service Provider that needs to be replaced
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
requestBody:
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/SamlSp'
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
409:
|
||||||
|
$ref: '#/components/responses/Conflict'
|
||||||
|
patch:
|
||||||
|
tags:
|
||||||
|
- samlsp
|
||||||
|
summary: Updates a SAML Service.
|
||||||
|
operationId: updateSamlSp
|
||||||
|
parameters:
|
||||||
|
- name: confKey
|
||||||
|
in: path
|
||||||
|
description: Configuration key of SAML Service Provider that needs to be updated
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
requestBody:
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/SamlSpUpdate'
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
409:
|
||||||
|
$ref: '#/components/responses/Conflict'
|
||||||
|
|
||||||
|
delete:
|
||||||
|
tags:
|
||||||
|
- samlsp
|
||||||
|
summary: Deletes a SAML Service Provider
|
||||||
|
operationId: deleteSamlSp
|
||||||
|
parameters:
|
||||||
|
- name: confKey
|
||||||
|
in: path
|
||||||
|
description: Configuration key of SAML Service Provider to delete
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
/api/v1/providers/oidc/rp:
|
||||||
|
post:
|
||||||
|
tags:
|
||||||
|
- oidcrp
|
||||||
|
summary: Create a new OpenID Connect Relaying Party
|
||||||
|
operationId: addoidcrp
|
||||||
|
requestBody:
|
||||||
|
description: OpenID Connect Relaying Party to add
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/OidcRp'
|
||||||
|
required: true
|
||||||
|
responses:
|
||||||
|
201:
|
||||||
|
$ref: '#/components/responses/Created'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
409:
|
||||||
|
$ref: '#/components/responses/Conflict'
|
||||||
|
/api/v1/providers/oidc/rp/findByConfKey:
|
||||||
|
get:
|
||||||
|
tags:
|
||||||
|
- oidcrp
|
||||||
|
summary: Finds OpenID Connect Relaying Partys by configuration key
|
||||||
|
description: Takes a search pattern to be tested against existing service providers
|
||||||
|
operationId: findOidcRpByConfKey
|
||||||
|
parameters:
|
||||||
|
- name: pattern
|
||||||
|
in: query
|
||||||
|
description: Search pattern
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
examples:
|
||||||
|
any:
|
||||||
|
summary: Any value
|
||||||
|
value: "*"
|
||||||
|
prefix:
|
||||||
|
summary: Given prefix
|
||||||
|
value: "zone1-*"
|
||||||
|
anywhere:
|
||||||
|
summary: Substring
|
||||||
|
value: "something"
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/ManyOidcRp'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
|
||||||
|
/api/v1/providers/oidc/rp/findByClientId:
|
||||||
|
get:
|
||||||
|
tags:
|
||||||
|
- oidcrp
|
||||||
|
summary: Finds OpenID Connect Relaying Party by Client ID
|
||||||
|
operationId: findOidcRpByClientId
|
||||||
|
parameters:
|
||||||
|
- name: clientId
|
||||||
|
in: query
|
||||||
|
description: Client ID to search
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
type: "string"
|
||||||
|
example: my_client_id
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/OneOidcRp'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
/api/v1/providers/oidc/rp/{confKey}:
|
||||||
|
get:
|
||||||
|
tags:
|
||||||
|
- oidcrp
|
||||||
|
summary: Get OpenID Connect Relaying Party by configuration key
|
||||||
|
description: Returns a single Service Provider
|
||||||
|
operationId: getOidcRpByConfKey
|
||||||
|
parameters:
|
||||||
|
- name: confKey
|
||||||
|
in: path
|
||||||
|
description: Configuration key of OpenID Connect Relaying Party
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/OneOidcRp'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
patch:
|
||||||
|
tags:
|
||||||
|
- oidcrp
|
||||||
|
summary: Updates an OpenID Connect Relaying Party
|
||||||
|
operationId: updateOidcRp
|
||||||
|
parameters:
|
||||||
|
- name: confKey
|
||||||
|
in: path
|
||||||
|
description: Configuration key of OpenID Connect Relaying Party that needs to be updated
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
requestBody:
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/OidcRpUpdate'
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
409:
|
||||||
|
$ref: '#/components/responses/Conflict'
|
||||||
|
put:
|
||||||
|
tags:
|
||||||
|
- oidcrp
|
||||||
|
summary: Replaces an OpenID Connect Relaying Party
|
||||||
|
operationId: replaceOidcRp
|
||||||
|
parameters:
|
||||||
|
- name: confKey
|
||||||
|
in: path
|
||||||
|
description: Configuration key of OpenID Connect Relaying Party that needs to be replaced
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
requestBody:
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/OidcRp'
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
409:
|
||||||
|
$ref: '#/components/responses/Conflict'
|
||||||
|
|
||||||
|
delete:
|
||||||
|
tags:
|
||||||
|
- oidcrp
|
||||||
|
summary: Deletes a OpenID Connect Relaying Party
|
||||||
|
operationId: deleteOidcRp
|
||||||
|
parameters:
|
||||||
|
- name: confKey
|
||||||
|
in: path
|
||||||
|
description: Configuration key of OpenID Connect Relaying Party to delete
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
400:
|
||||||
|
$ref: '#/components/responses/Error'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
'/api/v1/secondFactor/{uid}':
|
||||||
|
description: Second factors for a particular user
|
||||||
|
parameters:
|
||||||
|
- name: uid
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
get:
|
||||||
|
summary: List second factors for a user
|
||||||
|
description: ''
|
||||||
|
tags:
|
||||||
|
- 2fa
|
||||||
|
operationId: getSecondFactors
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/SecondFactors'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
delete:
|
||||||
|
summary: Delete all second factors for a user
|
||||||
|
description: ''
|
||||||
|
tags:
|
||||||
|
- 2fa
|
||||||
|
operationId: deleteSecondFactors
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
|
||||||
|
'/api/v1/secondFactor/{uid}/type/{type}':
|
||||||
|
description: Second factors of a given type for a particular user
|
||||||
|
parameters:
|
||||||
|
- name: uid
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
- name: type
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
get:
|
||||||
|
summary: List second factors for a user given its type
|
||||||
|
description: ''
|
||||||
|
tags:
|
||||||
|
- 2fa
|
||||||
|
operationId: getSecondFactorsByType
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/SecondFactors'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
|
||||||
|
delete:
|
||||||
|
summary: Delete all second factors of a given type for a user
|
||||||
|
description: ''
|
||||||
|
tags:
|
||||||
|
- 2fa
|
||||||
|
operationId: deleteSecondFactorsByType
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
|
||||||
|
'/api/v1/secondFactor/{uid}/id/{id}':
|
||||||
|
description: Second factors of a given id for a particular user
|
||||||
|
parameters:
|
||||||
|
- name: uid
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
- name: id
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
get:
|
||||||
|
summary: Get second factors for a user given its ID
|
||||||
|
description: ''
|
||||||
|
tags:
|
||||||
|
- 2fa
|
||||||
|
operationId: getSecondFactorsById
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
$ref: '#/components/responses/SecondFactors'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
|
||||||
|
delete:
|
||||||
|
summary: Delete a second factors for a user
|
||||||
|
description: ''
|
||||||
|
tags:
|
||||||
|
- 2fa
|
||||||
|
operationId: deleteSecondFactorsById
|
||||||
|
responses:
|
||||||
|
204:
|
||||||
|
$ref: '#/components/responses/NoContent'
|
||||||
|
404:
|
||||||
|
$ref: '#/components/responses/NotFound'
|
||||||
|
|
||||||
|
|
||||||
|
components:
|
||||||
|
schemas:
|
||||||
|
confKey:
|
||||||
|
type: string
|
||||||
|
pattern: '^\w[\w\.\-]*$'
|
||||||
|
Error:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
error:
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- error
|
||||||
|
SamlSp:
|
||||||
|
required:
|
||||||
|
- confKey
|
||||||
|
- metadata
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
confKey:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
metadata:
|
||||||
|
type: string
|
||||||
|
example: '<?xml version="1.0"?><EntityDescriptor...'
|
||||||
|
exportedAttributes:
|
||||||
|
type: object
|
||||||
|
items:
|
||||||
|
$ref: '#/components/schemas/samlAttribute'
|
||||||
|
macros:
|
||||||
|
type: object
|
||||||
|
example:
|
||||||
|
myMacroName: "$macro(rule)"
|
||||||
|
|
||||||
|
options:
|
||||||
|
$ref: '#/components/schemas/samlOptions'
|
||||||
|
SamlSpUpdate:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
metadata:
|
||||||
|
type: string
|
||||||
|
|
||||||
|
example: '<?xml version="1.0"?><EntityDescriptor...'
|
||||||
|
macros:
|
||||||
|
type: object
|
||||||
|
example:
|
||||||
|
myMacroName: "$macro(rule)"
|
||||||
|
exportedAttributes:
|
||||||
|
type: object
|
||||||
|
items:
|
||||||
|
$ref: '#/components/schemas/samlAttribute'
|
||||||
|
options:
|
||||||
|
$ref: '#/components/schemas/samlOptions'
|
||||||
|
samlOptions:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
checkSSOMessageSignature:
|
||||||
|
type: boolean
|
||||||
|
default: 1
|
||||||
|
sessionNotOnOrAfterTimeout:
|
||||||
|
type: integer
|
||||||
|
default: 72000
|
||||||
|
signSLOMessage:
|
||||||
|
type: integer
|
||||||
|
minimum: -1
|
||||||
|
maximum: 1
|
||||||
|
default: -1
|
||||||
|
enableIDPInitiatedURL:
|
||||||
|
type: boolean
|
||||||
|
oneTimeUse:
|
||||||
|
type: boolean
|
||||||
|
checkSLOMessageSignature:
|
||||||
|
type: boolean
|
||||||
|
default: 1
|
||||||
|
encryptionMode:
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- none
|
||||||
|
- nameid
|
||||||
|
- assertion
|
||||||
|
default: none
|
||||||
|
notOnOrAfterTimeout:
|
||||||
|
type: integer
|
||||||
|
default: 72000
|
||||||
|
rule:
|
||||||
|
type: string
|
||||||
|
forceUTF8:
|
||||||
|
type: boolean
|
||||||
|
default: 1
|
||||||
|
signSSOMessage:
|
||||||
|
type: integer
|
||||||
|
minimum: -1
|
||||||
|
maximum: 1
|
||||||
|
default: -1
|
||||||
|
nameIDSessionKey:
|
||||||
|
type: string
|
||||||
|
nameIDFormat:
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- unspecified
|
||||||
|
- email
|
||||||
|
- x509
|
||||||
|
- windows
|
||||||
|
- kerberos
|
||||||
|
- entity
|
||||||
|
- persistent
|
||||||
|
- transient
|
||||||
|
- encrypted
|
||||||
|
|
||||||
|
samlAttribute:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
mandatory:
|
||||||
|
type: boolean
|
||||||
|
friendlyName:
|
||||||
|
type: string
|
||||||
|
format:
|
||||||
|
type: string
|
||||||
|
example: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'
|
||||||
|
OidcRp:
|
||||||
|
required:
|
||||||
|
- confKey
|
||||||
|
- clientId
|
||||||
|
- redirectUris
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
confKey:
|
||||||
|
$ref: '#/components/schemas/confKey'
|
||||||
|
clientId:
|
||||||
|
type: string
|
||||||
|
redirectUris:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
minItems: 1
|
||||||
|
format: "uri"
|
||||||
|
exportedVars:
|
||||||
|
type: object
|
||||||
|
example:
|
||||||
|
email: mail
|
||||||
|
family_name: sn
|
||||||
|
name: cn
|
||||||
|
extraClaims:
|
||||||
|
type: object
|
||||||
|
example:
|
||||||
|
myscope: "myattr1 myattr2 myattr3"
|
||||||
|
macros:
|
||||||
|
type: object
|
||||||
|
example:
|
||||||
|
myMacroName: "$macro(rule)"
|
||||||
|
options:
|
||||||
|
$ref: '#/components/schemas/OidcOptions'
|
||||||
|
OidcOptions:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
logoutUrl:
|
||||||
|
type: string
|
||||||
|
format: url
|
||||||
|
clientSecret:
|
||||||
|
type: string
|
||||||
|
format: password
|
||||||
|
displayName:
|
||||||
|
type: string
|
||||||
|
allowOffline:
|
||||||
|
type: boolean
|
||||||
|
rule:
|
||||||
|
type: string
|
||||||
|
IDTokenSignAlg:
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- none
|
||||||
|
- HS256
|
||||||
|
- HS384
|
||||||
|
- HS512
|
||||||
|
- RS256
|
||||||
|
- RS384
|
||||||
|
- RS512
|
||||||
|
default: HS512
|
||||||
|
refreshToken:
|
||||||
|
type: boolean
|
||||||
|
public:
|
||||||
|
type: boolean
|
||||||
|
postLogoutRedirectUris:
|
||||||
|
type: string
|
||||||
|
logoutType:
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- front
|
||||||
|
- back
|
||||||
|
default: front
|
||||||
|
accessTokenExpiration:
|
||||||
|
type: integer
|
||||||
|
IDTokenForceClaims:
|
||||||
|
type: boolean
|
||||||
|
requirePKCE:
|
||||||
|
type: boolean
|
||||||
|
offlineSessionExpiration:
|
||||||
|
type: integer
|
||||||
|
redirectUris:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
bypassConsent:
|
||||||
|
type: boolean
|
||||||
|
logoutSessionRequired:
|
||||||
|
type: boolean
|
||||||
|
clientId:
|
||||||
|
type: string
|
||||||
|
IDTokenExpiration:
|
||||||
|
type: integer
|
||||||
|
authorizationCodeExpiration:
|
||||||
|
type: integer
|
||||||
|
icon:
|
||||||
|
type: string
|
||||||
|
userIDAttr:
|
||||||
|
type: string
|
||||||
|
|
||||||
|
OidcRpUpdate:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
clientId:
|
||||||
|
type: string
|
||||||
|
exportedVars:
|
||||||
|
type: object
|
||||||
|
example:
|
||||||
|
email: mail
|
||||||
|
family_name: sn
|
||||||
|
name: cn
|
||||||
|
extraClaims:
|
||||||
|
type: object
|
||||||
|
example:
|
||||||
|
myscope: "myattr1 myattr2 myattr3"
|
||||||
|
macros:
|
||||||
|
type: object
|
||||||
|
example:
|
||||||
|
myMacroName: "$macro(rule)"
|
||||||
|
options:
|
||||||
|
$ref: '#/components/schemas/OidcOptions'
|
||||||
|
|
||||||
|
SecondFactor:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- type
|
||||||
|
- id
|
||||||
|
properties:
|
||||||
|
id:
|
||||||
|
type: string
|
||||||
|
description: "An opaque idenfifier for this particular token"
|
||||||
|
type:
|
||||||
|
type: string
|
||||||
|
description: "The type of token in use"
|
||||||
|
example: "TOTP, U2F, UBK (Yubikey)"
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
description: "A user-set description of the token"
|
||||||
|
SecondFactors:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
$ref: "#/components/schemas/SecondFactor"
|
||||||
|
|
||||||
|
|
||||||
|
responses:
|
||||||
|
NoContent:
|
||||||
|
description: Successful modification
|
||||||
|
Created:
|
||||||
|
description: Successful creation
|
||||||
|
OneOidcRp:
|
||||||
|
description: Return an OpenID Connect Provider
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/OidcRp'
|
||||||
|
OneSamlSp:
|
||||||
|
description: Return a SAML Provider
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/SamlSp'
|
||||||
|
ManyOidcRp:
|
||||||
|
description: Return a list of OpenID Connect Providers
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
$ref: '#/components/schemas/OidcRp'
|
||||||
|
ManySamlSp:
|
||||||
|
description: Return a list of SAML Providers
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
$ref: '#/components/schemas/SamlSp'
|
||||||
|
NotFound:
|
||||||
|
description: The specified resource was not found
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/Error'
|
||||||
|
Conflict:
|
||||||
|
description: The specified object could not be created because its configuration key, client_id or entityID already exists
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/Error'
|
||||||
|
Error:
|
||||||
|
description: An error was encountered when processing the request
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/Error'
|
||||||
|
SecondFactor:
|
||||||
|
description: Return a second factor
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: "#/components/schemas/SecondFactor"
|
||||||
|
SecondFactors:
|
||||||
|
description: Return a list of second factors
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: "#/components/schemas/SecondFactors"
|
||||||
|
|
||||||
|
|
|
@ -210,6 +210,7 @@ site/htdocs/static/logos/zh.png
|
||||||
site/htdocs/static/reverseTree.json
|
site/htdocs/static/reverseTree.json
|
||||||
site/htdocs/static/struct.json
|
site/htdocs/static/struct.json
|
||||||
site/templates/2ndfa.tpl
|
site/templates/2ndfa.tpl
|
||||||
|
site/templates/api.tpl
|
||||||
site/templates/diff.tpl
|
site/templates/diff.tpl
|
||||||
site/templates/footer.tpl
|
site/templates/footer.tpl
|
||||||
site/templates/header.tpl
|
site/templates/header.tpl
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>LemonLDAP::NG Manager API</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css"/>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="container text-center">
|
||||||
|
<h1>LemonLDAP::NG Manager API</h1>
|
||||||
|
<hr />
|
||||||
|
<a href="/doc/pages/manager-api/index.html" class="btn btn-lg btn-primary">API Reference</a>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
Loading…
Reference in New Issue