From 04f5116c233304c14ff78773e0e34d6875811d79 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Fri, 15 Nov 2019 16:10:37 +0100 Subject: [PATCH 01/19] Fix Kerberos in session upgrade (#2010) --- .../Lemonldap/NG/Portal/Plugins/Upgrade.pm | 20 ++++++++++++------- .../site/coffee/kerberos.coffee | 7 +++++-- .../site/htdocs/static/common/js/kerberos.js | 8 ++++++-- .../htdocs/static/common/js/kerberos.min.js | 2 +- .../static/common/js/kerberos.min.js.map | 2 +- 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm index 7b9412f9d..ceb403f5d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm @@ -42,7 +42,7 @@ sub ask { my ( $self, $req ) = @_; # Check if auth is already running - if ( $req->param('upgrading') ) { + if ( $req->param('upgrading') or $req->param('kerberos') ) { # verify token return $self->confirm($req); @@ -69,12 +69,18 @@ sub confirm { # Disabled due to #1821 #$req->pdata->{keepPdata} = 1; my $upg; - if ( my $t = $req->param('upgrading') ) { - if ( $self->ott->getToken($t) ) { - $upg = 1; - } - else { - return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] ); + + if ( $req->param('kerberos') ) { + $upg = 1; + } + else { + if ( my $t = $req->param('upgrading') ) { + if ( $self->ott->getToken($t) ) { + $upg = 1; + } + else { + return $self->p->do( $req, [ sub { PE_TOKENEXPIRED } ] ); + } } } $req->steps( ['controlUrl'] ); diff --git a/lemonldap-ng-portal/site/coffee/kerberos.coffee b/lemonldap-ng-portal/site/coffee/kerberos.coffee index 2c2fab3fa..c99ca8295 100644 --- a/lemonldap-ng-portal/site/coffee/kerberos.coffee +++ b/lemonldap-ng-portal/site/coffee/kerberos.coffee @@ -1,7 +1,7 @@ # Launch Kerberos request $(document).ready -> - $.ajax portal + '?kerberos=1', + $.ajax (if window.location.href.match /\/upgradesession/ then window.location.href else portal )+ '?kerberos=1', dataType: 'json' # Called if browser can't find Kerberos ticket, will display # PE_BADCREDENTIALS @@ -11,7 +11,10 @@ $(document).ready -> # If request succeed cookie is set, posting form to get redirection # or menu success: (data) -> - $('#lform').submit() + if window.location.href.match /\/upgradesession/ + document.location = portal + else + $('#lform').submit() # Case else, will display PE_BADCREDENTIALS or fallback to next auth # backend error: () -> diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js index 8abb153a4..c8779304c 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js @@ -1,7 +1,7 @@ // Generated by CoffeeScript 1.12.8 (function() { $(document).ready(function() { - return $.ajax(portal + '?kerberos=1', { + return $.ajax((window.location.href.match(/\/upgradesession/) ? window.location.href : portal) + '?kerberos=1', { dataType: 'json', statusCode: { 401: function() { @@ -9,7 +9,11 @@ } }, success: function(data) { - return $('#lform').submit(); + if (window.location.href.match(/\/upgradesession/)) { + return document.location = portal; + } else { + return $('#lform').submit(); + } }, error: function() { return $('#lform').submit(); diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js index f3b599215..a387d3326 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js @@ -1 +1 @@ -(function(){$(document).ready(function(){return $.ajax(portal+"?kerberos=1",{dataType:"json",statusCode:{401:function(){return $("#lform").submit()}},success:function(r){return $("#lform").submit()},error:function(){return $("#lform").submit()}})})}).call(this); \ No newline at end of file +(function(){$(document).ready(function(){return $.ajax((window.location.href.match(/\/upgradesession/)?window.location.href:portal)+"?kerberos=1",{dataType:"json",statusCode:{401:function(){return $("#lform").submit()}},success:function(o){return window.location.href.match(/\/upgradesession/)?document.location=portal:$("#lform").submit()},error:function(){return $("#lform").submit()}})})}).call(this); \ No newline at end of file diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js.map index d0f103792..1f4d7d051 100644 --- a/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js.map +++ b/lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js"],"names":["$","document","ready","ajax","portal","dataType","statusCode","401","submit","success","data","error","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAOF,EAAEG,KAAKC,OAAS,cAAe,CACpCC,SAAU,OACVC,WAAY,CACVC,IAAK,WACH,OAAOP,EAAE,UAAUQ,WAGvBC,QAAS,SAASC,GAChB,OAAOV,EAAE,UAAUQ,UAErBG,MAAO,WACL,OAAOX,EAAE,UAAUQ,gBAKxBI,KAAKC"} \ No newline at end of file +{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/kerberos.js"],"names":["$","document","ready","ajax","window","location","href","match","portal","dataType","statusCode","401","submit","success","data","error","call","this"],"mappings":"CACA,WACEA,EAAEC,UAAUC,MAAM,WAChB,OAAOF,EAAEG,MAAMC,OAAOC,SAASC,KAAKC,MAAM,oBAAsBH,OAAOC,SAASC,KAAOE,QAAU,cAAe,CAC9GC,SAAU,OACVC,WAAY,CACVC,IAAK,WACH,OAAOX,EAAE,UAAUY,WAGvBC,QAAS,SAASC,GAChB,OAAIV,OAAOC,SAASC,KAAKC,MAAM,oBACtBN,SAASI,SAAWG,OAEpBR,EAAE,UAAUY,UAGvBG,MAAO,WACL,OAAOf,EAAE,UAAUY,gBAKxBI,KAAKC"} \ No newline at end of file From e4c5a9d723a93f19fa5c97aa97fe5ba293432c97 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sat, 14 Dec 2019 17:40:23 +0100 Subject: [PATCH 02/19] Fix #2005 & improve unit test --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm | 4 ++-- lemonldap-ng-portal/t/59-Secured-cookie-Refresh-and-Logout.t | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 94744a1e9..7e6165b55 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -174,8 +174,8 @@ sub refresh { $self->logger->debug( "Set session $req->{id} _updateTime with $data{_updateTime}"); $req->steps( [ - 'getUser', - @{ $self->betweenAuthAndData }, + #'getUser', Fix #2005 + #@{ $self->betweenAuthAndData }, 'setAuthSessionInfo', 'setSessionInfo', 'setMacros', diff --git a/lemonldap-ng-portal/t/59-Secured-cookie-Refresh-and-Logout.t b/lemonldap-ng-portal/t/59-Secured-cookie-Refresh-and-Logout.t index 0c350f3f8..8db638a02 100644 --- a/lemonldap-ng-portal/t/59-Secured-cookie-Refresh-and-Logout.t +++ b/lemonldap-ng-portal/t/59-Secured-cookie-Refresh-and-Logout.t @@ -18,6 +18,7 @@ my $client = LLNG::Manager::Test->new( { requireToken => 0, securedCookie => 1, https => 0, + whatToTrace => 'mail' } } ); From c21ab769002e332c1081021d9e364f9e5e6d96ad Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 15 Dec 2019 12:54:28 +0100 Subject: [PATCH 03/19] Better fix (#2005) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 7e6165b55..40712e553 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -164,7 +164,7 @@ sub refresh { my ( $self, $req ) = @_; $req->mustRedirect(1); my %data = %{ $req->userData }; - $req->user( $data{ $self->conf->{whatToTrace} } ); + $req->user( $data{_user} || $data{ $self->conf->{whatToTrace} } ); $req->id( $data{_session_id} ); $self->userLogger->notice( 'Refresh request for ' . $req->user ); foreach ( keys %data ) { @@ -174,8 +174,8 @@ sub refresh { $self->logger->debug( "Set session $req->{id} _updateTime with $data{_updateTime}"); $req->steps( [ - #'getUser', Fix #2005 - #@{ $self->betweenAuthAndData }, + 'getUser', + @{ $self->betweenAuthAndData }, 'setAuthSessionInfo', 'setSessionInfo', 'setMacros', @@ -237,7 +237,7 @@ sub do { } # Remove userData if authentication fails - if ( $err == PE_BADCREDENTIALS or $err == PE_BADOTP) { + if ( $err == PE_BADCREDENTIALS or $err == PE_BADOTP ) { $req->userData( {} ); } From 32ecf37be45c90a90070dcd96c311c62e0aa1614 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 22 Oct 2019 16:04:01 +0200 Subject: [PATCH 04/19] OIDC per-service macros portal code (#2042) --- .../site/htdocs/static/languages/tr.json | 1 + .../NG/Portal/Issuer/OpenIDConnect.pm | 17 +- .../Lemonldap/NG/Portal/Lib/OpenIDConnect.pm | 37 +++- lemonldap-ng-portal/t/32-OIDC-Macro.t | 192 ++++++++++++++++++ 4 files changed, 236 insertions(+), 11 deletions(-) create mode 100644 lemonldap-ng-portal/t/32-OIDC-Macro.t diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index 8ecc7f5f6..aa0f1133a 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -556,6 +556,7 @@ "oidcRPMetaDataOptionsPublic":"Açık istemci", "oidcRPMetaDataOptionsRequirePKCE":"PKCE gerektir", "oidcRPMetaDataOptionsRule":"Erişim kuralı", +"oidcRPMetaDataMacros":"Makrolar", "oidcOPMetaDataOptionsScope":"Kapsam", "oidcOPMetaDataOptionsStoreIDToken":"ID Jetonu Sakla", "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Jeton uç noktası doğrulama metodu", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index a1ab136c1..af82ed91c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -781,7 +781,7 @@ sub run { # No access_token # Claims must be set in id_token my $claims = - $self->buildUserInfoResponseFromId( + $self->buildUserInfoResponseFromId( $req, $oidc_request->{'scope'}, $rp, $req->id ); @@ -926,7 +926,8 @@ sub run { # No access_token # Claims must be set in id_token - my $claims = $self->buildUserInfoResponseFromId( + my $claims = + $self->buildUserInfoResponseFromId( $req, $oidc_request->{'scope'}, $rp, $req->id ); @@ -1261,9 +1262,10 @@ sub token { $id_token_payload_hash->{'at_hash'} = $at_hash if $at_hash; if ( $self->force_id_claims($rp) ) { - my $claims = - $self->buildUserInfoResponseFromId( $codeSession->data->{'scope'}, - $rp, $codeSession->data->{user_session_id} ); + my $claims = $self->buildUserInfoResponseFromId( + $req, $codeSession->data->{'scope'}, + $rp, $codeSession->data->{user_session_id} + ); foreach ( keys %$claims ) { $id_token_payload_hash->{$_} = $claims->{$_} @@ -1481,7 +1483,8 @@ sub token { # If we forced sending claims in ID token if ( $self->force_id_claims($rp) ) { my $claims = - $self->buildUserInfoResponse( $refreshSession->data->{scope}, + $self->buildUserInfoResponse( $req, + $refreshSession->data->{scope}, $rp, $session ); foreach ( keys %$claims ) { @@ -1594,7 +1597,7 @@ sub userInfo { } my $userinfo_response = - $self->buildUserInfoResponse( $scope, $rp, $session ); + $self->buildUserInfoResponse( $req, $scope, $rp, $session ); unless ($userinfo_response) { return $self->returnBearerError( 'invalid_request', 'Invalid request', 401 ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm index 901a65a60..f9414cb75 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm @@ -37,6 +37,7 @@ has oidcOPList => ( is => 'rw', default => sub { {} }, ); has oidcRPList => ( is => 'rw', default => sub { {} }, ); has rpAttributes => ( is => 'rw', default => sub { {} }, ); has spRules => ( is => 'rw', default => sub { {} } ); +has spMacros => ( is => 'rw', default => sub { {} } ); # return LWP::UserAgent object has ua => ( @@ -132,6 +133,22 @@ sub loadRPs { } $self->spRules->{$rp} = $rule; } + + # Load per-RP macros + my $macros = $self->conf->{oidcRPMetaDataMacros}->{$rp}; + for my $macroAttr ( keys %{$macros} ) { + my $macroRule = $macros->{$macroAttr}; + if ( length $macroRule ) { + $macroRule = $self->p->HANDLER->substitute($macroRule); + unless ( $macroRule = $self->p->HANDLER->buildSub($macroRule) ) + { + $self->error( 'OIDC RP macro error: ' + . $self->p->HANDLER->tsv->{jail}->error ); + return 0; + } + $self->spMacros->{$rp}->{$macroAttr} = $macroRule; + } + } } return 1; } @@ -1299,11 +1316,11 @@ sub getAttributesListFromClaim { # @param user_session_id User session identifier # @return hashref UserInfo data sub buildUserInfoResponseFromId { - my ( $self, $scope, $rp, $user_session_id ) = @_; + my ( $self, $req, $scope, $rp, $user_session_id ) = @_; my $session = $self->p->getApacheSession($user_session_id); return undef unless ($session); - return buildUserInfoResponse( $self, $scope, $rp, $session ); + return buildUserInfoResponse( $self, $req, $scope, $rp, $session ); } # Return Hash of UserInfo data @@ -1312,7 +1329,7 @@ sub buildUserInfoResponseFromId { # @param session SSO or offline session # @return hashref UserInfo data sub buildUserInfoResponse { - my ( $self, $scope, $rp, $session ) = @_; + my ( $self, $req, $scope, $rp, $session ) = @_; my $userinfo_response = {}; my $user_id_attribute = @@ -1335,7 +1352,19 @@ sub buildUserInfoResponse { my $session_key = $self->conf->{oidcRPMetaDataExportedVars}->{$rp}->{$attribute}; if ($session_key) { - my $session_value = $session->data->{$session_key}; + + my $session_value; + + # Lookup attribute in macros first + if ( $self->spMacros->{$rp}->{$session_key} ) { + $session_value = $self->spMacros->{$rp}->{$session_key} + ->( $req, $session->data ); + + # If not found, search in session + } + else { + $session_value = $session->data->{$session_key}; + } # Address is a JSON object if ( $claim eq "address" ) { diff --git a/lemonldap-ng-portal/t/32-OIDC-Macro.t b/lemonldap-ng-portal/t/32-OIDC-Macro.t new file mode 100644 index 000000000..1c55d99c6 --- /dev/null +++ b/lemonldap-ng-portal/t/32-OIDC-Macro.t @@ -0,0 +1,192 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; +} + +my $debug = 'error'; +my $res; +my $url; + +# Initialization +ok( my $op = op(), 'OP portal' ); + +ok( $res = $op->_get('/oauth2/jwks'), 'Get JWKS, endpoint /oauth2/jwks' ); +expectOK($res); +my $jwks = $res->[2]->[0]; + +ok( + $res = $op->_get('/.well-known/openid-configuration'), + 'Get metadata, endpoint /.well-known/openid-configuration' +); +expectOK($res); +my $metadata = $res->[2]->[0]; + +my $query = +"response_type=code&scope=openid%20profile%20email&client_id=rpid&state=af0ifjsldkj&redirect_uri=http%3A%2F%2Frp.com%2F"; + +# Push request to OP +ok( + $res = + $op->_get( "/oauth2/authorize", query => $query, accept => 'text/html' ), + "Start Authorization Code flow" +); +expectOK($res); + +# Try to authenticate to OP +$query = "user=french&password=french&$query"; +ok( + $res = $op->_post( + "/oauth2/authorize", + IO::String->new($query), + accept => 'text/html', + length => length($query), + ), + "Post authentication, endpoint $url" +); +my $idpId = expectCookie($res); +my ($code) = expectRedirection( $res, qr#http://rp.com/\?code=([^&]+)# ); + +# Get access token +$query = +"grant_type=authorization_code&code=$code&redirect_uri=http%3A%2F%2Frp.com%2F"; + +ok( + $res = $op->_post( + "/oauth2/token", + IO::String->new($query), + accept => 'text/html', + length => length($query), + custom => { + HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"), + }, + ), + "Post token" +); + +my $tokenresp = JSON::from_json( $res->[2]->[0] ); +ok( my $access_token = $tokenresp->{access_token}, 'Found access token' ); + +# Get Userinfo +ok( + $res = $op->_get( + "/oauth2/userinfo", + accept => 'text/html', + custom => { + HTTP_AUTHORIZATION => "Bearer " . $access_token, + }, + ), + "Post token" +); + +my $userinfo = JSON::from_json( $res->[2]->[0] ); +is( $userinfo->{family_name}, 'Accents', 'Correct macro value' ); + +clean_sessions(); +done_testing(); + +sub op { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.op.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBOpenIDConnectActivation => 1, + issuerDBOpenIDConnectRule => '$uid eq "french"', + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "extract_sn", + name => "cn" + } + }, + oidcServiceMetaDataIssuer => "http://auth.op.com", + oidcServiceMetaDataAuthorizeURI => "authorize", + oidcServiceMetaDataCheckSessionURI => "checksession.html", + oidcServiceMetaDataJWKSURI => "jwks", + oidcServiceMetaDataEndSessionURI => "logout", + oidcServiceMetaDataRegistrationURI => "register", + oidcServiceMetaDataTokenURI => "token", + oidcServiceMetaDataUserInfoURI => "userinfo", + oidcServiceAllowHybridFlow => 1, + oidcServiceAllowImplicitFlow => 1, + oidcServiceAllowDynamicRegistration => 1, + oidcServiceAllowAuthorizationCodeFlow => 1, + oidcRPMetaDataMacros => { + rp => { + extract_sn => '(split(/\s/, $cn))[1]', + } + }, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsIDTokenExpiration => 3600, + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsClientSecret => "rpsecret", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsAccessTokenExpiration => 3600, + } + }, + oidcOPMetaDataOptions => {}, + oidcOPMetaDataJSON => {}, + oidcOPMetaDataJWKS => {}, + oidcServiceMetaDataAuthnContext => { + 'loa-4' => 4, + 'loa-1' => 1, + 'loa-5' => 5, + 'loa-2' => 2, + 'loa-3' => 3 + }, + oidcServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt +GMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8TrH1PHFmHpy8/qE/S5OhinIpIi7eb +ABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH1caJ8lmiERFj7IvNKqEhzAk0pyDr +8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdykX5rx0h5SslG3jVWYhZ/SOb2aIzO +r0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO8093X5VVk9vaPRg0zxJQ0Do0YLyzkR +isSAIFb0tdKuDnjRGK6y/N2j6At2HjkxntbtGQIDAQABAoIBADYq6LxJd977LWy3 +0HT9nboFPIf+SM2qSEc/S5Po+6ipJBA4ZlZCMf7dHa6znet1TDpqA9iQ4YcqIHMH +6xZNQ7hhgSAzG9TrXBHqP+djDlrrGWotvjuy0IfS9ixFnnLWjrtAH9afRWLuG+a/ +NHNC1M6DiiTE0TzL/lpt/zzut3CNmWzH+t19X6UsxUg95AzooEeewEYkv25eumWD +mfQZfCtSlIw1sp/QwxeJa/6LJw7KcPZ1wXUm1BN0b9eiKt9Cmni1MS7elgpZlgGt +xtfGTZtNLQ7bgDiM8MHzUfPBhbceNSIx2BeCuOCs/7eaqgpyYHBbAbuBQex2H61l +Lcc3Tz0CgYEA4Kx/avpCPxnvsJ+nHVQm5d/WERuDxk4vH1DNuCYBvXTdVCGADf6a +F5No1JcTH3nPTyPWazOyGdT9LcsEJicLyD8vCM6hBFstG4XjqcAuqG/9DRsElpHQ +yi1zc5DNP7Vxmiz9wII0Mjy0abYKtxnXh9YK4a9g6wrcTpvShhIcIb8CgYEAzGzG +lorVCfX9jXULIznnR/uuP5aSnTEsn0xJeqTlbW0RFWLdj8aIL1peirh1X89HroB9 +GeTNqEJXD+3CVL2cx+BRggMDUmEz4hR59meZCDGUyT5fex4LIsceb/ESUl2jo6Sw +HXwWbN67rQ55N4oiOcOppsGxzOHkl5HdExKidycCgYEAr5Qev2tz+fw65LzfzHvH +Kj4S/KuT/5V6He731cFd+sEpdmX3vPgLVAFPG1Q1DZQT/rTzDDQKK0XX1cGiLG63 +NnaqOye/jbfzOF8Z277kt51NFMDYhRLPKDD82IOA4xjY/rPKWndmcxwdob8yAIWh +efY76sMz6ntCT+xWSZA9i+ECgYBWMZM2TIlxLsBfEbfFfZewOUWKWEGvd9l5vV/K +D5cRIYivfMUw5yPq2267jPUolayCvniBH4E7beVpuPVUZ7KgcEvNxtlytbt7muil +5Z6X3tf+VodJ0Swe2NhTmNEB26uwxzLe68BE3VFCsbSYn2y48HAq+MawPZr18bHG +ZfgMxwKBgHHRg6HYqF5Pegzk1746uH2G+OoCovk5ylGGYzcH2ghWTK4agCHfBcDt +EYqYAev/l82wi+OZ5O8U+qjFUpT1CVeUJdDs0o5u19v0UJjunU1cwh9jsxBZAWLy +PAGd6SWf4S3uQCTw6dLeMna25YIlPh5qPA6I/pAahe8e3nSu2ckl +-----END RSA PRIVATE KEY----- +", + oidcServicePublicKeySig => "-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2jsmIoFuWzMkilJaA8/ +/5/T30cnuzX9GImXUrFR2k9EKTMtGMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8T +rH1PHFmHpy8/qE/S5OhinIpIi7ebABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH +1caJ8lmiERFj7IvNKqEhzAk0pyDr8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdy +kX5rx0h5SslG3jVWYhZ/SOb2aIzOr0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO80 +93X5VVk9vaPRg0zxJQ0Do0YLyzkRisSAIFb0tdKuDnjRGK6y/N2j6At2Hjkxntbt +GQIDAQAB +-----END PUBLIC KEY----- +", + } + } + ); +} + From 2a15bb05234bdd45f205949c627ce8210def152c Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 22 Oct 2019 17:07:17 +0200 Subject: [PATCH 05/19] SAML per-service macros portal code (#2042) --- .../site/htdocs/static/languages/tr.json | 1 + .../lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 15 +- .../lib/Lemonldap/NG/Portal/Lib/SAML.pm | 17 ++ lemonldap-ng-portal/t/30-SAML-Macros.t | 196 ++++++++++++++++++ 4 files changed, 226 insertions(+), 3 deletions(-) create mode 100644 lemonldap-ng-portal/t/30-SAML-Macros.t diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index aa0f1133a..ef99fbd2d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -1022,6 +1022,7 @@ "samlSPMetaDataOptionsNotOnOrAfterTimeout":"notOnOrAfter süresi", "samlSPMetaDataOptionsForceUTF8":"UTF-8'e zorla", "samlSPMetaDataOptionsRule":"Erişim kuralı", +"samlSPMetaDataMacros":"Makrolar", "samlIDPName":"SAML IDP Adı", "samlServiceMetaData":"SAML2 Servisi", "samlEntityID":"Varlık Tanımlayıcı", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index 70e4b3f62..8662cf314 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -610,8 +610,17 @@ sub run { # Name is required next unless $name; - # Error if corresponding attribute is not in user session - my $value = $req->{sessionInfo}->{$_}; + # Lookup attribute value in SP macros or session + my $value; + if ( $self->spMacros->{$sp}->{$_} ) { + $value = $self->spMacros->{$sp}->{$_} + ->( $req, $req->{sessionInfo} ); + } + else { + $value = $req->{sessionInfo}->{$_}; + } + + # Check whether the value is required or not unless ( defined $value ) { if ($mandatory) { $self->logger->error( @@ -1478,7 +1487,7 @@ sub sloRelayTerm { my $session = $logout->get_session(); unless ($session) { - $self->logger->error( "Could not get session from logout" ); + $self->logger->error("Could not get session from logout"); return PE_SAML_SLO_ERROR; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm index badbd6950..c7bdd8d0b 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm @@ -30,6 +30,7 @@ has spList => ( is => 'rw', default => sub { {} } ); has idpList => ( is => 'rw', default => sub { {} } ); has idpRules => ( is => 'rw', default => sub { {} } ); has spRules => ( is => 'rw', default => sub { {} } ); +has spMacros => ( is => 'rw', default => sub { {} } ); # return LWP::UserAgent object has ua => ( @@ -417,6 +418,22 @@ sub loadSPs { $self->spRules->{$entityID} = $rule; } + # Load per-SP macros + my $macros = $self->conf->{samlSPMetaDataMacros}->{$_}; + for my $macroAttr ( keys %{$macros} ) { + my $macroRule = $macros->{$macroAttr}; + if ( length $macroRule ) { + $macroRule = $self->p->HANDLER->substitute($macroRule); + unless ( $macroRule = $self->p->HANDLER->buildSub($macroRule) ) + { + $self->error( 'SAML SP macro error: ' + . $self->p->HANDLER->tsv->{jail}->error ); + return 0; + } + $self->spMacros->{$entityID}->{$macroAttr} = $macroRule; + } + } + $self->logger->debug("SP $_ added"); } diff --git a/lemonldap-ng-portal/t/30-SAML-Macros.t b/lemonldap-ng-portal/t/30-SAML-Macros.t new file mode 100644 index 000000000..a3d6183fb --- /dev/null +++ b/lemonldap-ng-portal/t/30-SAML-Macros.t @@ -0,0 +1,196 @@ +use lib 'inc'; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; +use XML::LibXML; + +BEGIN { + require 't/test-lib.pm'; + require 't/saml-lib.pm'; +} + +my $debug = 'error'; +my ( $issuer, $res ); + +SKIP: { + eval "use Lasso"; + if ($@) { + skip 'Lasso not found'; + } + + # Initialization + ok( $issuer = issuer(), 'Issuer portal' ); + + ok( + $res = $issuer->_post( + '/', IO::String->new('user=french&password=french'), + length => 27 + ), + 'Auth query' + ); + expectOK($res); + my $idpId = expectCookie($res); + + # Query IdP to access to SP + ok( + $res = $issuer->_get( + '/saml/singleSignOn', + query => 'IDPInitiated=1&spConfKey=sp.com', + cookie => "lemonldap=$idpId", + accept => 'test/html' + ), + 'Query IdP to access to SP' + ); + expectOK($res); + ok( + $res->[2]->[0] =~ + m#[2]->[0] =~ + /load_xml( string => $s ); + my $xpc = XML::LibXML::XPathContext->new($dom); + $xpc->registerNs( 'saml', 'urn:oasis:names:tc:SAML:2.0:assertion' ); + + foreach my $value ( + $xpc->findnodes('//saml:Attribute[@Name="sn"]/saml:AttributeValue') ) + { + is( $value->textContent, 'Accents', 'Check Attribute' ); + } +} + +clean_sessions(); +done_testing(); + +sub issuer { + return LLNG::Manager::Test->new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.idp.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBSAMLActivation => 1, + samlSPMetaDataMacros => { + 'sp.com' => { + extracted_sn => '(split(/\s/, $cn))[1]' + } + }, + samlSPMetaDataOptions => { + 'sp.com' => { + samlSPMetaDataOptionsEncryptionMode => 'none', + samlSPMetaDataOptionsEnableIDPInitiatedURL => 1, + samlSPMetaDataOptionsSignSSOMessage => 1, + samlSPMetaDataOptionsSignSLOMessage => 1, + samlSPMetaDataOptionsCheckSSOMessageSignature => 1, + samlSPMetaDataOptionsCheckSLOMessageSignature => 1, + } + }, + samlSPMetaDataExportedAttributes => { + 'sp.com' => { + cn => +'1;cn;urn:oasis:names:tc:SAML:2.0:attrname-format:basic', + extracted_sn => +'1;sn;urn:oasis:names:tc:SAML:2.0:attrname-format:basic', + uid => +'1;uid;urn:oasis:names:tc:SAML:2.0:attrname-format:basic', + } + }, + samlOrganizationDisplayName => "IDP", + samlOrganizationName => "IDP", + samlOrganizationURL => "http://www.idp.com/", + samlServicePrivateKeyEnc => "-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAnfKBDG/K0TnGT7Xu8q1N45sNWvIK91SqNg8nvN2uVeKoHADT +csus5Xn3id5+8Q9TuMFsW9kIEeXiaPKXQa9ryfSNDhWDWloNkpGEeWif2BnHUu46 +Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnVDNfSEASVIppEBYjDX203ypmURIzU +6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+tBlcnMrkv/40DSUkehQIl2JmlFrl2 +Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5NMd0KFa6CwZUUSHJqH5GFy5Y2yl4l +g8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxIGQIDAQABAoIBAHnfqjX3eO8SfnP5 +NURp90Td2mNHirCn0qLd9NKl1ySMPR1GgeH9SQ7Umu32EcteAUL5dOw2PiTZVmeW +cKINgsWVftXUQcOQ4xIqWKb51QUBdy0FhxrZRSFjWxXt5iYK1PmzHfsax/g1/S9C +RnqtFyjOy1bywkSt9jiy+9YBR2B7BDhLHlILbijWn5zaecaV4YA+L1UK4M/mehdb ++0FVPavbGpnlqBRTY+7YXfZ/mRPCfn5DvO9lW1O0pJMmNdBh9kmm3DxHf6AkK47a +43gO/dRWiWo2rZ/+Jw7uyqOb23U0MydP7kia0p3tzCUBPsrlgnichYG5RNFp0wqy +3VT1TYECgYEA0Y9vENy1jJd+s7WbGrsRtSKxfZgtJr0yjSlQVYrIlwbZSGn+ndxq +V2vVlwIgLX3pz6T40BMfk6SNx08jjy0Sgn6OAM0ILrinno8yWcSAMCmfCU0S/3O1 +55bqtcnk4XTHBHzJ5OrnrPaW5ourvJz0lcWEKMg3BXxLzaF6ZRy85nECgYEAwPMD +LNAKLCDrUMyYFOpPyPLe7wvszcFvPipGgerSgFP1c6N7xaMUdHDYqBfuis1khPGF +YcMHeNBYmzX6yEGbp3lrB4PHpUySmTU3mv3u9I05aahInK21gXum3uRkCWyyIF6V +T/qeszl9mVOCp0CC4eG3IMVpaD0UKDEHVhERYCkCgYAjuTPRyA4a3Wh38ilysRkf +q75eDqcDx5Tqg3RyYKo5NK2troP9HSnzpSpQB8i8eI53G0RfFCN5479XjqIdMi3J +mRFUCZ+vd0L7wKVwsBK6Ix49U6o9adhElnGEc9pUpLeYiD1SjMjZr1+iBYVNLeRz +86vH1/mpMbsqXrCis/dvwQKBgGttomHr/w3s0jftget7PirrFrbP0+wHfDGHhjRF +kyhCFtJovrwefYALaIXGtVjw3LusYZA570oT7pGUb2naJZkMYEwR0jG1vZWx7KDO +K6JbkxDB0pPxn7JVL2bAkPYyX8boAohCSOQO6WBZ/8+xem3bp4OGhpa0EyoBik0g +OaVpAoGATj4SyYsE10hGT676iie8zy3fi5IPC3E+x4QlVuusaLtuY8LJA50stjtx +gUa/JAKlZZL+gvzvOviQIxyfIChXOdTt5uiOYkdHJDbAF3NSrji7hrXq4v8UZv75 +8hBrwJZIpy6y01dRlrriHmPRtEq1pk7JX2uUg0sP5g4BEcsaCbc= +-----END RSA PRIVATE KEY----- +", + samlServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtR/wgDqWB4Maho5V6TjcL/NbNfjgIh7GcgkrB5RZcVT1GTej +JlMjUQdgBKBuZXQN+7/29P6UcGq1kYalURq6S8SpeJ1ofp5rBEoD/TIkvU0JOcid +65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRyBIQzB0SIxSpnrsigqNsE1E94toDM +x4wovjHu/9ABAImREV7Sz83OeFF00/sghrjTEJOD/gHf04JCn9MgNOqvSTysr9LX +Wg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5yD41mi+hT8Rh+W8Je8rsiML4VMxz +sb1l9303asw6suo5bLTISKNSbu1nt1NkpNxzywIDAQABAoIBAQCQkbvPPfP+bwC/ +IeEk1IO7qkzFWa7czR+safD0jc6OjTdNN4F716Q6yt4zEzLKu8VliiW+C23EBQiD +7asKf4DvdTun0ExVtHDK7aEdeealSlXwz1ZtdypyILbtq1UGo/rR0v4x601rQPl0 +IrBmFf6D6FkqleNtLJmxguXpoVfLdYKNwkxH2ux+GOA9r2o5pUCQmJGDap5YWRuQ +uB71ewJjVWujaL3e1ac/5cP7/tqWmgAiOaN8sYdD6+oWOR47bHj8JKcMBSl4y2QC +dL31cGmmf5KqBbtISki3RXfHHjT7E3Z85CbESkKTZlEb1ar3XmepY6Z7V5UO16oz +fFE5R6khAoGBAOl9Qb+qYVVO5ugE65ORjYVeuXykANhM9ssiY5a6zuAakWzw7Zv3 +k6PXm9p7azlEXAlTnTXVwHYMyuuzZDvQ8LRV1iBOdPuIkUAmaQ5K9ASD7VcoHexh +k8DAKf9Ln7sTRaMdvgceRNczOmJOBIEpTZkssA/jVGXZsoyTWYl1en/ZAoGBAMaW +RnNbSNprEV2b8UeAJ6i77c4SXwu1I8X2NLtiLScb1ETBjfrdHmdlJglfyd/0gmhH +p/43Ku2iGUoY5KtuOI6QmahrJYQscRQhoj252VXadG6fNWWAlpgdCm9houhHb5BF +3zge/bTr0anUe9EA7Z/ymav12rEouoNjIlhI9C5DAoGATR85a2SMt8/TB0owwdJu +62GpZNkLCmcJkXkvaecUVAOSi2hdI4o4MwMRkK35cbX5rH74y4JqCtQY5pefgP53 +sykzDAK+MyMdzxGg2764MRGegI5Yq+5jDmSquo+xF+q6srEtRk6iMG7UVwosBLmu +zuxqzySoiOfKSRKWnYe3SakCgYEAwWMkVkAmETXE4oDzFSsS8/mW2l//mPocTTK3 +JWe1CunJ6+8FYbAlZJEW2ngismp8+CoXybNVpbZ+pC7buKoMf6EHUgCNt0pEEFO0 +mCG9KSMk0XlPWXpArP9S4yaUq1itpzSz7QYZES+4rIcU0HLz9RgeWFyCTJWaFErc +7laVG9sCgYBKOtk5WlIOP4BxSd2y4cYzohgwTZIs1/2kTEn1u4eH73M1xvAlHHFB +wSF5QXgDKJ8pPAOhNWpdLO/PdtnQn91nOvTNc+ShJZzjdbneUdQVpWpoBf72uA+N +6rIVf1JBUL2p7HFHaGdUZC7KGQ+yv6ZHrE1+7202nuDvJdvGEEdFsQ== +-----END RSA PRIVATE KEY----- +", + samlServicePublicKeyEnc => "-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfKBDG/K0TnGT7Xu8q1N +45sNWvIK91SqNg8nvN2uVeKoHADTcsus5Xn3id5+8Q9TuMFsW9kIEeXiaPKXQa9r +yfSNDhWDWloNkpGEeWif2BnHUu46Abu1UBWb0mH6VwcG1PR4qHruLis1odjQ1qnV +DNfSEASVIppEBYjDX203ypmURIzU6h53GRRRlf1BLWkbVn9ysmDeR57Xw5Rsx/+t +BlcnMrkv/40DSUkehQIl2JmlFrl2Caik+gU4pd20apA/pNLjBZF0OmGoS08AIR5N +Md0KFa6CwZUUSHJqH5GFy5Y2yl4lg8K0klAS9q7L7aXI+eFQZhkwidjpxXnHPyxI +GQIDAQAB +-----END PUBLIC KEY----- +", + samlServicePublicKeySig => "-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR/wgDqWB4Maho5V6Tjc +L/NbNfjgIh7GcgkrB5RZcVT1GTejJlMjUQdgBKBuZXQN+7/29P6UcGq1kYalURq6 +S8SpeJ1ofp5rBEoD/TIkvU0JOcid65wp+fdzXGXsfiZvHraU74jSCgjP/wqfVGRy +BIQzB0SIxSpnrsigqNsE1E94toDMx4wovjHu/9ABAImREV7Sz83OeFF00/sghrjT +EJOD/gHf04JCn9MgNOqvSTysr9LXWg/oUKQDEYeTq9ux6pq/oqv1MxwONbSZPtN5 +yD41mi+hT8Rh+W8Je8rsiML4VMxzsb1l9303asw6suo5bLTISKNSbu1nt1NkpNxz +ywIDAQAB +-----END PUBLIC KEY----- +", + samlSPMetaDataXML => { + "sp.com" => { + samlSPMetaDataXML => + samlSPMetaDataXML( 'sp', 'HTTP-Redirect' ) + }, + }, + } + } + ); +} From a4107931223f4b68cda720d7e41a655bfe280b4d Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 22 Oct 2019 18:52:04 +0200 Subject: [PATCH 06/19] CAS per-service macros portal code (#2042) --- .../site/htdocs/static/languages/tr.json | 1 + .../lib/Lemonldap/NG/Portal/Issuer/CAS.pm | 18 ++- .../lib/Lemonldap/NG/Portal/Lib/CAS.pm | 17 +++ lemonldap-ng-portal/t/32-CAS-Macros.t | 115 ++++++++++++++++++ 4 files changed, 148 insertions(+), 3 deletions(-) create mode 100644 lemonldap-ng-portal/t/32-CAS-Macros.t diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index ef99fbd2d..59b7e6d4d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -118,6 +118,7 @@ "casAppMetaDataOptions":"Seçenekler", "casAppMetaDataOptionsService":"Servis URL'si", "casAppMetaDataOptionsRule":"Kural", +"casAppMetaDataMacros":"Makrolar", "casAppMetaDataOptionsUserAttribute":"Kullanıcı niteliği", "casAppName":"CAS Uygulama Adı", "casAttr":"CAS girişi", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm index 8384ea8c4..d0fd85656 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm @@ -801,9 +801,21 @@ sub _validate2 { } foreach my $casAttribute ( keys %$ev ) { - my $localSessionValue = $localSession->data->{ $ev->{$casAttribute} }; - $attributes->{$casAttribute} = $localSessionValue - if defined $localSessionValue; + my $sessionAttr = $ev->{$casAttribute}; + my $value; + + # Lookup per-service macros first, and then local sessions + # + if ( $app and $self->spMacros->{$app}->{$sessionAttr} ) { + $value = $self->spMacros->{$app}->{$sessionAttr} + ->( $req, $localSession->data ); + } + else { + $value = $localSession->data->{$sessionAttr}; + } + + $attributes->{$casAttribute} = $value + if defined $value; } # Return success message diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm index c3eae9000..0fda78c76 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm @@ -26,6 +26,7 @@ has ua => ( has casSrvList => ( is => 'rw', default => sub { {} }, ); has casAppList => ( is => 'rw', default => sub { {} }, ); has spRules => ( is => 'rw', default => sub { {} }, ); +has spMacros => ( is => 'rw', default => sub { {} }, ); # RUNNING METHODS @@ -67,6 +68,22 @@ sub loadApp { } $self->spRules->{$_} = $rule; } + + # Load per-application macros + my $macros = $self->conf->{casAppMetaDataMacros}->{$_}; + for my $macroAttr ( keys %{$macros} ) { + my $macroRule = $macros->{$macroAttr}; + if ( length $macroRule ) { + $macroRule = $self->p->HANDLER->substitute($macroRule); + unless ( $macroRule = $self->p->HANDLER->buildSub($macroRule) ) + { + $self->error( 'SAML SP macro error: ' + . $self->p->HANDLER->tsv->{jail}->error ); + return 0; + } + $self->spMacros->{$_}->{$macroAttr} = $macroRule; + } + } } return 1; } diff --git a/lemonldap-ng-portal/t/32-CAS-Macros.t b/lemonldap-ng-portal/t/32-CAS-Macros.t new file mode 100644 index 000000000..a6f09b440 --- /dev/null +++ b/lemonldap-ng-portal/t/32-CAS-Macros.t @@ -0,0 +1,115 @@ +use lib 'inc'; +use Test::More; # skip_all => 'CAS is in rebuild'; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; +} + +my $debug = 'error'; +my ( $issuer, $res ); + +eval { require XML::Simple }; +plan skip_all => "Missing dependencies: $@" if ($@); + +ok( $issuer = issuer(), 'Issuer portal' ); +count(1); + +ok( + $res = $issuer->_get( + '/cas/login', + query => 'service=http://auth.sp.com/', + accept => 'text/html' + ), + 'Query CAS server' +); +count(1); +expectOK($res); +my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); + +# Try to authenticate to IdP +my $body = $res->[2]->[0]; +$body =~ s/^.*?//s; +$body =~ s#.*$##s; +my %fields = + ( $body =~ /new( { + ini => { + logLevel => $debug, + domain => 'idp.com', + portal => 'http://auth.idp.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBCASActivation => 1, + casAttr => 'uid', + casAppMetaDataOptions => { + sp => { + casAppMetaDataOptionsService => 'http://auth.sp.com/', + }, + }, + casAppMetaDataExportedVars => { + sp => { + cn => 'cn', + sn => 'extracted_sn', + mail => 'mail', + uid => 'uid', + }, + }, + casAppMetaDataMacros => { + sp => { + extracted_sn => '(split(/\s/, $cn))[1]', + } + }, + casAccessControlPolicy => 'error', + multiValuesSeparator => ';', + } + } + ); +} From bbef316754f6968763af6dd36640bd391b0fb8d6 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 29 Oct 2019 15:20:57 +0100 Subject: [PATCH 07/19] Add manager UI for per-service macros (#2042) --- .../lib/Lemonldap/NG/Common/Conf/Constants.pm | 2 +- .../Lemonldap/NG/Common/Conf/RESTServer.pm | 11 +++--- .../Lemonldap/NG/Common/Conf/ReConstants.pm | 12 +++---- .../lib/Lemonldap/NG/Manager/Attributes.pm | 33 +++++++++++++++++ .../lib/Lemonldap/NG/Manager/Build.pm | 14 ++++---- .../Lemonldap/NG/Manager/Build/Attributes.pm | 36 +++++++++++++++++++ .../lib/Lemonldap/NG/Manager/Build/CTrees.pm | 5 ++- .../lib/Lemonldap/NG/Manager/Conf/Parser.pm | 6 ++-- .../site/htdocs/static/js/conftree.js | 24 +++++++++++++ .../site/htdocs/static/js/conftree.min.js | 2 +- .../site/htdocs/static/js/conftree.min.js.map | 2 +- .../site/htdocs/static/languages/ar.json | 5 ++- .../site/htdocs/static/languages/de.json | 5 ++- .../site/htdocs/static/languages/en.json | 3 ++ .../site/htdocs/static/languages/fr.json | 3 ++ .../site/htdocs/static/languages/it.json | 5 ++- .../site/htdocs/static/languages/vi.json | 5 ++- .../site/htdocs/static/languages/zh.json | 5 ++- 18 files changed, 150 insertions(+), 28 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm index e2f0eba3b..136a4ff40 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm @@ -23,7 +23,7 @@ use constant HANDLERSECTION => "handler"; use constant MANAGERSECTION => "manager"; use constant SESSIONSEXPLORERSECTION => "sessionsExplorer"; use constant APPLYSECTION => "apply"; -our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/; +our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/; our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|AllowOffline|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|br(?:owsersDontStorePassword|uteForceProtection)|(?:(?:globalLogout|active)Tim|wsdlServ)er|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs))$/; our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' ); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm index 3df96e59b..348fc9b86 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm @@ -269,7 +269,9 @@ sub _samlMetaDataNodes { my ( $id, $resp ) = ( 1, [] ); # Return all exported attributes if asked - if ( $query =~ /^saml${type}MetaDataExportedAttributes$/ ) { + if ( $query =~ + /^saml${type}MetaDataExportedAttributes|samlSPMetaDataMacros$/ ) + { my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {}; return $self->sendError( $req, undef, 400 ) if ( $req->error ); @@ -380,7 +382,7 @@ sub _oidcMetaDataNodes { # Return all exported attributes if asked if ( $query =~ - /^(?:oidc${type}MetaDataExportedVars|oidcRPMetaDataOptionsExtraClaims)$/ +/^(?:oidc${type}MetaDataExportedVars|oidcRPMetaDataOptionsExtraClaims|oidcRPMetaDataMacros)$/ ) { my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {}; @@ -478,7 +480,7 @@ sub _casMetaDataNodes { # Return all exported attributes if asked if ( $query =~ -/^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices)$/ +/^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices|casAppMetaDataMacros)$/ ) { my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {}; @@ -549,7 +551,8 @@ sub authChoiceModules { if ($@) { $self->logger->error( "Bad value in choice over parameters, deleted ($@)"); - } else { + } + else { $data->[5] = [ map { [ $_, $over->{$_} ] } keys %{$over} ]; } } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm index fe984aa31..4eb7fa157 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm @@ -14,22 +14,22 @@ our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } ); our $specialNodeHash = { virtualHosts => [qw(exportedHeaders locationRules post vhostOptions)], samlIDPMetaDataNodes => [qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)], - samlSPMetaDataNodes => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions)], + samlSPMetaDataNodes => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions samlSPMetaDataMacros)], oidcOPMetaDataNodes => [qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars)], - oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)], + oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims oidcRPMetaDataMacros)], casSrvMetaDataNodes => [qw(casSrvMetaDataOptions casSrvMetaDataExportedVars)], - casAppMetaDataNodes => [qw(casAppMetaDataOptions casAppMetaDataExportedVars)], + casAppMetaDataNodes => [qw(casAppMetaDataOptions casAppMetaDataExportedVars casAppMetaDataMacros)], }; our $doubleHashKeys = 'issuerDBGetParameters'; our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|ombModule)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))'; our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s'; -our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:UserAttribut|Servic|Rul)e|ExportedVars)'; +our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:UserAttribut|Servic|Rul)e|(?:ExportedVar|Macro)s)'; our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)'; our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))'; -our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:(?:uthorizationCode|ccessToken)Expiration|llowOffline)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|ExportedVars)'; +our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:(?:uthorizationCode|ccessToken)Expiration|llowOffline)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)'; our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)'; -our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)'; +our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)'; our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)'; our $authParameters = { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index ebdf72680..909551a90 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -674,6 +674,17 @@ sub attributes { }, 'type' => 'keyTextContainer' }, + 'casAppMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, 'casAppMetaDataNodes' => { 'type' => 'casAppMetaDataNodeContainer' }, @@ -1993,6 +2004,17 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ }, 'type' => 'keyTextContainer' }, + 'oidcRPMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, 'oidcRPMetaDataNodes' => { 'type' => 'oidcRPMetaDataNodeContainer' }, @@ -3170,6 +3192,17 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] 'test' => qr/\w/, 'type' => 'samlAttributeContainer' }, + 'samlSPMetaDataMacros' => { + 'default' => {}, + 'test' => { + 'keyMsgFail' => '__badMacroName__', + 'keyTest' => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + 'test' => sub { + return perlExpr(@_); + } + }, + 'type' => 'keyTextContainer' + }, 'samlSPMetaDataNodes' => { 'type' => 'samlSPMetaDataNodeContainer' }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm index 6136c8b5c..92da24dff 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm @@ -184,11 +184,11 @@ our \@EXPORT = ( \@{ \$EXPORT_TAGS{'all'} } ); our \$specialNodeHash = { virtualHosts => [qw(exportedHeaders locationRules post vhostOptions)], samlIDPMetaDataNodes => [qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)], - samlSPMetaDataNodes => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions)], + samlSPMetaDataNodes => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions samlSPMetaDataMacros)], oidcOPMetaDataNodes => [qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars)], - oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)], + oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims oidcRPMetaDataMacros)], casSrvMetaDataNodes => [qw(casSrvMetaDataOptions casSrvMetaDataExportedVars)], - casAppMetaDataNodes => [qw(casAppMetaDataOptions casAppMetaDataExportedVars)], + casAppMetaDataNodes => [qw(casAppMetaDataOptions casAppMetaDataExportedVars casAppMetaDataMacros)], }; EOF @@ -277,11 +277,13 @@ $defaultAttr} exportedHeaders locationRules post vhostOptions samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions samlSPMetaDataXML - samlSPMetaDataExportedAttributes samlSPMetaDataOptions - oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions + samlSPMetaDataExportedAttributes samlSPMetaDataMacros + samlSPMetaDataOptions oidcOPMetaDataJSON + oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims - casAppMetaDataExportedVars casAppMetaDataOptions + oidcRPMetaDataMacros casAppMetaDataExportedVars + casAppMetaDataOptions casAppMetaDataMacros casSrvMetaDataExportedVars casSrvMetaDataOptions ) ) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 025f92b9d..762f44c7c 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -2138,6 +2138,18 @@ sub attributes { test => sub { return perlExpr(@_) }, documentation => 'CAS App rule', }, + casAppMetaDataMacros => { + type => 'keyTextContainer', + help => + 'exportedvars.html#extend_variables_using_macros_and_groups', + test => { + keyTest => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + keyMsgFail => '__badMacroName__', + test => sub { return perlExpr(@_) }, + }, + default => {}, + documentation => 'Macros', + }, # Fake attribute: used by manager REST API to agglomerate all nodes # related to a CAS SP partner @@ -2737,6 +2749,18 @@ sub attributes { test => sub { return perlExpr(@_) }, documentation => 'Rule to grant access to this SP', }, + samlSPMetaDataMacros => { + type => 'keyTextContainer', + help => + 'exportedvars.html#extend_variables_using_macros_and_groups', + test => { + keyTest => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + keyMsgFail => '__badMacroName__', + test => sub { return perlExpr(@_) }, + }, + default => {}, + documentation => 'Macros', + }, # AUTH, USERDB and PASSWORD MODULES authentication => { @@ -3828,6 +3852,18 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: test => sub { return perlExpr(@_) }, documentation => 'Rule to grant access to this RP', }, + oidcRPMetaDataMacros => { + type => 'keyTextContainer', + help => + 'exportedvars.html#extend_variables_using_macros_and_groups', + test => { + keyTest => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/, + keyMsgFail => '__badMacroName__', + test => sub { return perlExpr(@_) }, + }, + default => {}, + documentation => 'Macros', + }, }; } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index c80ae96ce..0771e35af 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -138,7 +138,8 @@ sub cTrees { ] } ] - } + }, + "samlSPMetaDataMacros", ], oidcOPMetaDataNode => [ 'oidcOPMetaDataJSON', @@ -224,6 +225,7 @@ sub cTrees { 'oidcRPMetaDataOptionsRule', ] }, + 'oidcRPMetaDataMacros', { title => 'oidcRPMetaDataOptionsDisplay', form => 'simpleInputContainer', @@ -266,6 +268,7 @@ sub cTrees { 'casAppMetaDataOptionsRule' ] }, + 'casAppMetaDataMacros', ], }; } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm index 96aaec34f..d89926e56 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm @@ -334,7 +334,7 @@ sub _scanNodes { hdebug(" SAML data is an array, serializing"); $leaf->{data} = join ';', @{ $leaf->{data} }; } - if ( $target =~ /^saml(?:S|ID)PMetaDataExportedAttributes$/ ) { + if ( $target =~ /^saml(?:S|ID)PMetaData(?:ExportedAttributes|Macros)$/ ) { if ( $leaf->{cnodes} ) { hdebug(" $target: unopened node"); $self->newConf->{$target}->{$key} = @@ -394,7 +394,7 @@ sub _scanNodes { hdebug(" $target"); $self->set( $target, $key, $leaf->{data} ); } - elsif ( $target =~ /^oidc(?:O|R)PMetaDataExportedVars$/ ) { + elsif ( $target =~ /^oidc(?:O|R)PMetaData(?:ExportedVars|Macros)$/ ) { hdebug(" $target"); if ( $leaf->{cnodes} ) { hdebug(' unopened'); @@ -463,7 +463,7 @@ sub _scanNodes { $self->_scanNodes($subNodes); $self->set( $target, $key, $leaf->{title}, $leaf->{data} ); } - elsif ( $target =~ /^cas(?:App|Srv)MetaDataExportedVars$/ ) { + elsif ( $target =~ /^cas(?:App|Srv)MetaData(?:ExportedVars|Macros)$/ ) { hdebug(" $target"); if ( $leaf->{cnodes} ) { hdebug(' unopened'); diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js index a180f07cf..1dd9950ac 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js @@ -57,6 +57,14 @@ function templates(tpl,key) { "id" : "casAppMetaDataOptions", "title" : "casAppMetaDataOptions", "type" : "simpleInputContainer" + }, + { + "cnodes" : tpl+"s/"+key+"/"+"casAppMetaDataMacros", + "default" : [], + "help" : "exportedvars.html#extend_variables_using_macros_and_groups", + "id" : tpl+"s/"+key+"/"+"casAppMetaDataMacros", + "title" : "casAppMetaDataMacros", + "type" : "keyTextContainer" } ] ; @@ -579,6 +587,14 @@ function templates(tpl,key) { "id" : "oidcRPMetaDataOptions", "title" : "oidcRPMetaDataOptions" }, + { + "cnodes" : tpl+"s/"+key+"/"+"oidcRPMetaDataMacros", + "default" : [], + "help" : "exportedvars.html#extend_variables_using_macros_and_groups", + "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataMacros", + "title" : "oidcRPMetaDataMacros", + "type" : "keyTextContainer" + }, { "_nodes" : [ { @@ -1120,6 +1136,14 @@ function templates(tpl,key) { "help" : "idpsaml.html#options", "id" : "samlSPMetaDataOptions", "title" : "samlSPMetaDataOptions" + }, + { + "cnodes" : tpl+"s/"+key+"/"+"samlSPMetaDataMacros", + "default" : [], + "help" : "exportedvars.html#extend_variables_using_macros_and_groups", + "id" : tpl+"s/"+key+"/"+"samlSPMetaDataMacros", + "title" : "samlSPMetaDataMacros", + "type" : "keyTextContainer" } ] ; diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js index 66bb51a5f..bcbb45f8a 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js @@ -1 +1 @@ -function templates(t,a){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+a+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casAppMetaDataOptionsService",id:t+"s/"+a+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{get:t+"s/"+a+"/casAppMetaDataOptionsRule",id:t+"s/"+a+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+a+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsUrl",id:t+"s/"+a+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsRenew",id:t+"s/"+a+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsGateway",id:t+"s/"+a+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/casSrvMetaDataOptionsIcon",id:t+"s/"+a+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"int"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+a+"/oidcOPMetaDataJSON",id:t+"s/"+a+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+a+"/oidcOPMetaDataJWKS",id:t+"s/"+a+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+a+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+a+"/oidcOPMetaDataOptionsScope",id:t+"s/"+a+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"client_secret_post",get:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"int"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{cnodes:t+"s/"+a+"/oidcRPMetaDataExportedVars",default:[{data:"mail",id:t+"s/"+a+"/oidcRPMetaDataExportedVars/email",title:"email",type:"keyText"},{data:"sn",id:t+"s/"+a+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"keyText"},{data:"cn",id:t+"s/"+a+"/oidcRPMetaDataExportedVars/name",title:"name",type:"keyText"}],id:t+"s/"+a+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",default:[],id:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"}],id:"oidcRPMetaDataOptionsAuthentication",title:"oidcRPMetaDataOptionsAuthentication",type:"simpleInputContainer"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{default:"HS512",get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"int"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",help:"openidconnectclaims.html",id:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{default:"front",get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"},{k:"back",v:"Back Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"}],id:"logout",title:"logout",type:"simpleInputContainer"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRule",id:t+"s/"+a+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"}],id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+a+"/samlIDPMetaDataXML",id:t+"s/"+a+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported_attributes",id:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"int"}],id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+a+"/samlSPMetaDataXML",id:t+"s/"+a+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported_attributes",id:t+"s/"+a+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+a+"/samlSPMetaDataOptionsRule",id:t+"s/"+a+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"}];case"virtualHost":return[{cnodes:t+"s/"+a+"/locationRules",default:[{data:"deny",id:t+"s/"+a+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+a+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+a+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+a+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/post",help:"formreplay.html",id:t+"s/"+a+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/vhostPort",id:t+"s/"+a+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+a+"/vhostHttps",id:t+"s/"+a+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+a+"/vhostMaintenance",id:t+"s/"+a+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+a+"/vhostAliases",id:t+"s/"+a+"/vhostAliases",title:"vhostAliases"},{default:"Main",get:t+"s/"+a+"/vhostType",id:t+"s/"+a+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+a+"/vhostAuthnLevel",id:t+"s/"+a+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"int"},{default:-1,get:t+"s/"+a+"/vhostServiceTokenTTL",id:t+"s/"+a+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file +function templates(t,a){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+a+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casAppMetaDataOptionsService",id:t+"s/"+a+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+a+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{get:t+"s/"+a+"/casAppMetaDataOptionsRule",id:t+"s/"+a+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{cnodes:t+"s/"+a+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend_variables_using_macros_and_groups",id:t+"s/"+a+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+a+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+a+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+a+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+a+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+a+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsUrl",id:t+"s/"+a+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsRenew",id:t+"s/"+a+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+a+"/casSrvMetaDataOptionsGateway",id:t+"s/"+a+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+a+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/casSrvMetaDataOptionsIcon",id:t+"s/"+a+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+a+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"int"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+a+"/oidcOPMetaDataJSON",id:t+"s/"+a+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+a+"/oidcOPMetaDataJWKS",id:t+"s/"+a+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+a+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+a+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+a+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+a+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+a+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+a+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+a+"/oidcOPMetaDataOptionsScope",id:t+"s/"+a+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+a+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+a+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+a+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"client_secret_post",get:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+a+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+a+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+a+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+a+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"}],id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+a+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"int"}],id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{cnodes:t+"s/"+a+"/oidcRPMetaDataExportedVars",default:[{data:"mail",id:t+"s/"+a+"/oidcRPMetaDataExportedVars/email",title:"email",type:"keyText"},{data:"sn",id:t+"s/"+a+"/oidcRPMetaDataExportedVars/family_name",title:"family_name",type:"keyText"},{data:"cn",id:t+"s/"+a+"/oidcRPMetaDataExportedVars/name",title:"name",type:"keyText"}],id:t+"s/"+a+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",default:[],id:t+"s/"+a+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+a+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+a+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+a+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"}],id:"oidcRPMetaDataOptionsAuthentication",title:"oidcRPMetaDataOptionsAuthentication",type:"simpleInputContainer"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+a+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{default:"HS512",get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+a+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"int"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+a+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+a+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+a+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"int"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",help:"openidconnectclaims.html",id:t+"s/"+a+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+a+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{default:"front",get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"},{k:"back",v:"Back Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{default:0,get:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+a+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"}],id:"logout",title:"logout",type:"simpleInputContainer"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsRule",id:t+"s/"+a+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"}],id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+a+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend_variables_using_macros_and_groups",id:t+"s/"+a+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+a+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+a+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+a+"/samlIDPMetaDataXML",id:t+"s/"+a+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported_attributes",id:t+"s/"+a+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+a+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+a+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+a+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+a+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+a+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+a+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+a+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowProxiedAuthn",title:"samlIDPMetaDataOptionsAllowProxiedAuthn",type:"bool"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+a+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+a+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+a+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+a+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+a+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+a+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"int"}],id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+a+"/samlSPMetaDataXML",id:t+"s/"+a+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+a+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported_attributes",id:t+"s/"+a+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+a+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+a+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+a+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+a+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+a+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+a+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+a+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+a+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+a+"/samlSPMetaDataOptionsRule",id:t+"s/"+a+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+a+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend_variables_using_macros_and_groups",id:t+"s/"+a+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+a+"/locationRules",default:[{data:"deny",id:t+"s/"+a+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+a+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+a+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+a+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+a+"/post",help:"formreplay.html",id:t+"s/"+a+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+a+"/vhostPort",id:t+"s/"+a+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+a+"/vhostHttps",id:t+"s/"+a+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+a+"/vhostMaintenance",id:t+"s/"+a+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+a+"/vhostAliases",id:t+"s/"+a+"/vhostAliases",title:"vhostAliases"},{default:"Main",get:t+"s/"+a+"/vhostType",id:t+"s/"+a+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+a+"/vhostAuthnLevel",id:t+"s/"+a+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"int"},{default:-1,get:t+"s/"+a+"/vhostServiceTokenTTL",id:t+"s/"+a+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map index 5aa3a710a..23f1b0857 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["lemonldap-ng-manager/site/htdocs/static/js/conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","select","k","v","help","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,gCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,sCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,wBACPC,MAAU,wBACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wCACxBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,4BACrBI,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,4BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,+BACVC,KAAS,SAGfF,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBS,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,MACNC,EAAM,QAGZN,MAAU,+BACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,+BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAI,gDACrBI,GAAOL,EAAI,KAAKC,EAAI,gDACpBS,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,sBAET,CACGD,EAAM,sBACNC,EAAM,wBAGZN,MAAU,+CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,gCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfF,GAAO,wBACPC,MAAU,yBAEb,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,QACVC,KAAS,WAEZ,CACGH,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,cACVC,KAAS,WAEZ,CACGH,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZE,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,SAGfF,GAAO,sCACPC,MAAU,sCACVC,KAAS,wBAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,mCAEb,CACGH,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBS,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZN,MAAU,sCACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,qCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBY,KAAS,2BACTR,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,QAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBK,MAAU,+CAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBS,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,iBAET,CACGD,EAAM,OACNC,EAAM,iBAGZN,MAAU,kCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,SAGfF,GAAO,SACPC,MAAU,SACVC,KAAS,wBAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,wBACPC,MAAU,yBAEb,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,qCACxBE,QAAY,GACZU,KAAS,oCACTR,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,wCAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,SAGfF,GAAO,kCACPC,MAAU,kCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBS,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,eACNC,EAAM,iBAGZN,MAAU,mCACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBS,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,YACNC,EAAM,SAGZN,MAAU,mCACVC,KAAS,WAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBS,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZN,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,YAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBS,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZN,MAAU,qCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBS,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,+BACNC,EAAM,gCAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,2BAGZN,MAAU,8CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfM,KAAS,wBACTR,GAAO,yBACPC,MAAU,yBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,qCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,qBACrBI,GAAOL,EAAI,KAAKC,EAAI,qBACpBK,MAAU,oBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZU,KAAS,mCACTR,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBS,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZN,MAAU,oCACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,mDACrBI,GAAOL,EAAI,KAAKC,EAAI,mDACpBK,MAAU,kDACVC,KAAS,OAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,2CACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,iCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBS,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZN,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfM,KAAS,uBACTR,GAAO,wBACPC,MAAU,0BAId,IAAK,cACH,MAAO,CACR,CACGJ,OAAWF,EAAI,KAAKC,EAAI,iBACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,yBACpBa,GAAO,UACPR,MAAU,UACVC,KAAS,SAGfM,KAAS,qCACTR,GAAOL,EAAI,KAAKC,EAAI,iBACpBK,MAAU,gBACVC,KAAS,iBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,mBACxBY,KAAS,uCACTR,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,QACxBY,KAAS,kBACTR,GAAOL,EAAI,KAAKC,EAAI,QACpBK,MAAU,OACVC,KAAS,iBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBK,MAAU,YACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,cACrBI,GAAOL,EAAI,KAAKC,EAAI,cACpBK,MAAU,aACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oBACrBI,GAAOL,EAAI,KAAKC,EAAI,oBACpBK,MAAU,mBACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gBACrBI,GAAOL,EAAI,KAAKC,EAAI,gBACpBK,MAAU,gBAEb,CACGH,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBS,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,MACNC,EAAM,OAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,eACNC,EAAM,gBAET,CACGD,EAAM,gBACNC,EAAM,kBAGZN,MAAU,YACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mBACrBI,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wBACrBI,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,QAGfM,KAAS,2BACTR,GAAO,eACPC,MAAU,eACVC,KAAS,yBAIb,QACE,MAAO,IAIX,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,QACnBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG"} \ No newline at end of file +{"version":3,"sources":["lemonldap-ng-manager/site/htdocs/static/js/conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,gCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,sCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,wCACxBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,4BACrBI,GAAOL,EAAI,KAAKC,EAAI,4BACpBK,MAAU,4BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBK,MAAU,+BACVC,KAAS,SAGfF,GAAO,wBACPC,MAAU,wBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,WAEZ,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,KACVC,KAAS,WAEZ,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,MACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gCACrBI,GAAOL,EAAI,KAAKC,EAAI,gCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,MACNC,EAAM,QAGZP,MAAU,+BACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,+BAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAI,gDACrBI,GAAOL,EAAI,KAAKC,EAAI,gDACpBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,sBAET,CACGD,EAAM,sBACNC,EAAM,wBAGZP,MAAU,+CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,gCACVC,KAAS,SAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfF,GAAO,wBACPC,MAAU,yBAEb,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,6BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,8BACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,QACVC,KAAS,WAEZ,CACGH,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,cACVC,KAAS,WAEZ,CACGH,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,OACVC,KAAS,YAGfF,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,6BACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZE,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,iCACrBI,GAAOL,EAAI,KAAKC,EAAI,iCACpBK,MAAU,iCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,YAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,+BACrBI,GAAOL,EAAI,KAAKC,EAAI,+BACpBK,MAAU,8BACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,SAGfF,GAAO,sCACPC,MAAU,sCACVC,KAAS,wBAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,mCAEb,CACGH,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,QACNC,EAAM,UAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,0CACrBI,GAAOL,EAAI,KAAKC,EAAI,0CACpBK,MAAU,yCACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,oDACrBI,GAAOL,EAAI,KAAKC,EAAI,oDACpBK,MAAU,mDACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,OAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,qCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBS,KAAS,2BACTL,GAAOL,EAAI,KAAKC,EAAI,sCACpBK,MAAU,qCACVC,KAAS,QAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBK,MAAU,+CAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,kCAEb,CACGH,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,iBAET,CACGD,EAAM,OACNC,EAAM,iBAGZP,MAAU,kCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,SAGfF,GAAO,SACPC,MAAU,SACVC,KAAS,wBAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,oBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,oCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,+BACPC,MAAU,+BACVC,KAAS,yBAIb,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,sBACrBI,GAAOL,EAAI,KAAKC,EAAI,sBACpBK,MAAU,qBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,qCACxBE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,oCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,wCAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kDACrBI,GAAOL,EAAI,KAAKC,EAAI,kDACpBK,MAAU,iDACVC,KAAS,SAGfF,GAAO,kCACPC,MAAU,kCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,eACNC,EAAM,iBAGZP,MAAU,mCACVC,KAAS,UAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,YACNC,EAAM,QAET,CACGD,EAAM,gBACNC,EAAM,YAET,CACGD,EAAM,YACNC,EAAM,SAGZP,MAAU,mCACVC,KAAS,WAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,uCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,wCACrBI,GAAOL,EAAI,KAAKC,EAAI,wCACpBK,MAAU,uCACVC,KAAS,YAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,sCACrBI,GAAOL,EAAI,KAAKC,EAAI,sCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,qCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,2CACrBI,GAAOL,EAAI,KAAKC,EAAI,2CACpBK,MAAU,0CACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,+CACrBI,GAAOL,EAAI,KAAKC,EAAI,+CACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,+BACNC,EAAM,gCAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,aACNC,EAAM,2BAGZP,MAAU,8CACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAGfG,KAAS,wBACTL,GAAO,yBACPC,MAAU,yBACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBK,MAAU,qCAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,8BACrBI,GAAOL,EAAI,KAAKC,EAAI,8BACpBK,MAAU,8BAEb,CACGG,IAAQT,EAAI,KAAKC,EAAI,oCACrBI,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,QAGfF,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAIb,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAI,qBACrBI,GAAOL,EAAI,KAAKC,EAAI,qBACpBK,MAAU,oBACVC,KAAS,QAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,oCACxBE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAI,oCACpBK,MAAU,mCACVC,KAAS,0BAEZ,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,qCACrBI,GAAOL,EAAI,KAAKC,EAAI,qCACpBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,IAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,QACNC,EAAM,SAET,CACGD,EAAM,OACNC,EAAM,oBAET,CACGD,EAAM,UACNC,EAAM,WAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,aACNC,EAAM,cAET,CACGD,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,oCACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,yCACrBI,GAAOL,EAAI,KAAKC,EAAI,yCACpBK,MAAU,yCAEb,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,mCACrBI,GAAOL,EAAI,KAAKC,EAAI,mCACpBK,MAAU,kCACVC,KAAS,QAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,mDACrBI,GAAOL,EAAI,KAAKC,EAAI,mDACpBK,MAAU,kDACVC,KAAS,OAEZ,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAI,4CACrBI,GAAOL,EAAI,KAAKC,EAAI,4CACpBK,MAAU,2CACVC,KAAS,OAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,kCACrBI,GAAOL,EAAI,KAAKC,EAAI,kCACpBK,MAAU,iCACVC,KAAS,SAGfF,GAAO,qCACPC,MAAU,qCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,QAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBK,MAAU,sCACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,iDACrBI,GAAOL,EAAI,KAAKC,EAAI,iDACpBK,MAAU,gDACVC,KAAS,SAGfF,GAAO,iCACPC,MAAU,iCACVC,KAAS,wBAEZ,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,uCACrBI,GAAOL,EAAI,KAAKC,EAAI,uCACpBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,WAET,CACGD,EAAM,YACNC,EAAM,cAGZP,MAAU,sCACVC,KAAS,UAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,8CACrBI,GAAOL,EAAI,KAAKC,EAAI,8CACpBK,MAAU,6CACVC,KAAS,QAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,6BACrBI,GAAOL,EAAI,KAAKC,EAAI,6BACpBK,MAAU,8BAGhBD,GAAO,gCACPC,MAAU,gCACVC,KAAS,yBAGfG,KAAS,uBACTL,GAAO,wBACPC,MAAU,yBAEb,CACGJ,OAAWF,EAAI,KAAKC,EAAI,wBACxBE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,qBAIb,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAI,iBACxBE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAI,yBACpBa,GAAO,UACPR,MAAU,UACVC,KAAS,SAGfG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAI,iBACpBK,MAAU,gBACVC,KAAS,iBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,mBACxBS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,oBAEZ,CACGL,OAAWF,EAAI,KAAKC,EAAI,QACxBS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAI,QACpBK,MAAU,OACVC,KAAS,iBAEZ,CACGC,OAAW,CACR,CACGL,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBK,MAAU,YACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,cACrBI,GAAOL,EAAI,KAAKC,EAAI,cACpBK,MAAU,aACVC,KAAS,SAEZ,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAI,oBACrBI,GAAOL,EAAI,KAAKC,EAAI,oBACpBK,MAAU,mBACVC,KAAS,QAEZ,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAI,gBACrBI,GAAOL,EAAI,KAAKC,EAAI,gBACpBK,MAAU,gBAEb,CACGH,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAI,aACrBI,GAAOL,EAAI,KAAKC,EAAI,aACpBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,aAET,CACGD,EAAM,MACNC,EAAM,OAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,WACNC,EAAM,YAET,CACGD,EAAM,OACNC,EAAM,QAET,CACGD,EAAM,SACNC,EAAM,UAET,CACGD,EAAM,cACNC,EAAM,eAET,CACGD,EAAM,eACNC,EAAM,gBAET,CACGD,EAAM,gBACNC,EAAM,kBAGZP,MAAU,YACVC,KAAS,UAEZ,CACGE,IAAQT,EAAI,KAAKC,EAAI,mBACrBI,GAAOL,EAAI,KAAKC,EAAI,mBACpBK,MAAU,kBACVC,KAAS,OAEZ,CACGJ,SAAa,EACbM,IAAQT,EAAI,KAAKC,EAAI,wBACrBI,GAAOL,EAAI,KAAKC,EAAI,wBACpBK,MAAU,uBACVC,KAAS,QAGfG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,yBAIb,QACE,MAAO,IAIX,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,QACnBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG"} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 4eae2e3fe..695b36f7b 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -118,6 +118,7 @@ "casAppMetaDataOptions":"خيارات", "casAppMetaDataOptionsService":"خدمة أل يو أر ل", "casAppMetaDataOptionsRule":"القاعدة", +"casAppMetaDataMacros":"ماكرو", "casAppMetaDataOptionsUserAttribute":"خاصّيّة المستخدم", "casAppName":"اسم التطبيق كاس", "casAttr":"تسجيل الدخول كاس", @@ -556,6 +557,7 @@ "oidcRPMetaDataOptionsPublic":"Public client", "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE", "oidcRPMetaDataOptionsRule":"قاعدة الدخول", +"oidcRPMetaDataMacros":"ماكرو", "oidcOPMetaDataOptionsScope":"نطاق", "oidcOPMetaDataOptionsStoreIDToken":"مخزن تعريف التوكن", "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"توكن نقطة النهاية لطريقة إثبات الهوية", @@ -1021,6 +1023,7 @@ "samlSPMetaDataOptionsNotOnOrAfterTimeout":"ليس على أو بعد المدة", "samlSPMetaDataOptionsForceUTF8":"فرضUTF-8 ", "samlSPMetaDataOptionsRule":"قاعدة الدخول", +"samlSPMetaDataMacros":"ماكرو", "samlIDPName":"اسم SAML IDP", "samlServiceMetaData":"خدمة 2 SAML", "samlEntityID":"معرف الكيان", @@ -1086,4 +1089,4 @@ "samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ", "samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين", "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP" -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index 48bb1ae1e..2a3814229 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -118,6 +118,7 @@ "casAppMetaDataOptions":"Optionen", "casAppMetaDataOptionsService":"Service URL", "casAppMetaDataOptionsRule":"Regel", +"casAppMetaDataMacros":"Macros", "casAppMetaDataOptionsUserAttribute":"User attribute", "casAppName":"CAS App Name", "casAttr":"CAS login", @@ -556,6 +557,7 @@ "oidcRPMetaDataOptionsPublic":"Public client", "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE", "oidcRPMetaDataOptionsRule":"Access rule", +"oidcRPMetaDataMacros":"Macros", "oidcOPMetaDataOptionsScope":"Scope", "oidcOPMetaDataOptionsStoreIDToken":"Store ID Token", "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method", @@ -1021,6 +1023,7 @@ "samlSPMetaDataOptionsNotOnOrAfterTimeout":"notOnOrAfter duration", "samlSPMetaDataOptionsForceUTF8":"Force UTF-8", "samlSPMetaDataOptionsRule":"Access rule", +"samlSPMetaDataMacros":"Macros", "samlIDPName":"SAML IDP Name", "samlServiceMetaData":"SAML2 Service", "samlEntityID":"Entity Identifier", @@ -1086,4 +1089,4 @@ "samlRelayStateTimeout":"RelayState session timeout", "samlUseQueryStringSpecific":"Use specific query_string method", "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP" -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index b78c20116..08b9630e9 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -118,6 +118,7 @@ "casAppMetaDataOptions":"Options", "casAppMetaDataOptionsService":"Service URL", "casAppMetaDataOptionsRule":"Rule", +"casAppMetaDataMacros":"Macros", "casAppMetaDataOptionsUserAttribute":"User attribute", "casAppName":"CAS App Name", "casAttr":"CAS login", @@ -556,6 +557,7 @@ "oidcRPMetaDataOptionsPublic":"Public client", "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE", "oidcRPMetaDataOptionsRule":"Access rule", +"oidcRPMetaDataMacros":"Macros", "oidcOPMetaDataOptionsScope":"Scope", "oidcOPMetaDataOptionsStoreIDToken":"Store ID Token", "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method", @@ -1021,6 +1023,7 @@ "samlSPMetaDataOptionsNotOnOrAfterTimeout":"notOnOrAfter duration", "samlSPMetaDataOptionsForceUTF8":"Force UTF-8", "samlSPMetaDataOptionsRule":"Access rule", +"samlSPMetaDataMacros":"Macros", "samlIDPName":"SAML IDP Name", "samlServiceMetaData":"SAML2 Service", "samlEntityID":"Entity Identifier", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index 94e27c3ed..9524249cf 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -118,6 +118,7 @@ "casAppMetaDataOptions":"Options", "casAppMetaDataOptionsService":"URL du service", "casAppMetaDataOptionsRule":"Règle", +"casAppMetaDataMacros":"Macros", "casAppMetaDataOptionsUserAttribute":"Attribut de l'utilisateur", "casAppName":"Nom de l'application CAS", "casAttr":"Identifiant CAS", @@ -556,6 +557,7 @@ "oidcRPMetaDataOptionsPublic":"Client public", "oidcRPMetaDataOptionsRequirePKCE":"PKCE requis", "oidcRPMetaDataOptionsRule":"Règle d'accès", +"oidcRPMetaDataMacros":"Macros", "oidcOPMetaDataOptionsScope":"Étendue", "oidcOPMetaDataOptionsStoreIDToken":"Conserver le jeton d'identité", "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Méthode d'authentification pour l'accès aux jetons", @@ -1021,6 +1023,7 @@ "samlSPMetaDataOptionsNotOnOrAfterTimeout":"Durée notOnOrAfter", "samlSPMetaDataOptionsForceUTF8":"Forcer l'UTF-8", "samlSPMetaDataOptionsRule":"Règle d'accès", +"samlSPMetaDataMacros":"Macros", "samlIDPName":"Nom du fournisseur d'identité SAML", "samlServiceMetaData":"Service SAML 2", "samlEntityID":"Identifiant d'entité", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index ddba3b73b..490c33f2c 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -118,6 +118,7 @@ "casAppMetaDataOptions":"Opzioni", "casAppMetaDataOptionsService":"URL del servizio", "casAppMetaDataOptionsRule":"Regola", +"casAppMetaDataMacros":"Macro", "casAppMetaDataOptionsUserAttribute":"Attributo utente", "casAppName":"Nome App CAS", "casAttr":"Login CAS", @@ -556,6 +557,7 @@ "oidcRPMetaDataOptionsPublic":"Cliente pubblico", "oidcRPMetaDataOptionsRequirePKCE":"Richiedi PKCE", "oidcRPMetaDataOptionsRule":"Regola di accesso", +"oidcRPMetaDataMacros":"Macro", "oidcOPMetaDataOptionsScope":"Scopo", "oidcOPMetaDataOptionsStoreIDToken":"Immagazzina ID Token", "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Metodo di autenticazione degli endpoint di token", @@ -1021,6 +1023,7 @@ "samlSPMetaDataOptionsNotOnOrAfterTimeout":"Durata di notOnOrAfter ", "samlSPMetaDataOptionsForceUTF8":"Forza UTF-8", "samlSPMetaDataOptionsRule":"Regola di accesso", +"samlSPMetaDataMacros":"Macro", "samlIDPName":"Nome di SAML IDP ", "samlServiceMetaData":"Servizio SAML 2", "samlEntityID":"Identificatore dell'entità", @@ -1086,4 +1089,4 @@ "samlRelayStateTimeout":"Timeout di sessione di RelayState", "samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string", "samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP" -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index db923a0a7..d3afd8819 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -118,6 +118,7 @@ "casAppMetaDataOptions":"Tùy chọn", "casAppMetaDataOptionsService":"Dịch vụ URL", "casAppMetaDataOptionsRule":"Quy tắc", +"casAppMetaDataMacros":"Macros", "casAppMetaDataOptionsUserAttribute":"thuộc tính người dùng", "casAppName":"Tên ứng dụng CAS", "casAttr":"Đăng nhập CAS ", @@ -556,6 +557,7 @@ "oidcRPMetaDataOptionsPublic":"Public client", "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE", "oidcRPMetaDataOptionsRule":"Quy tắc truy cập", +"oidcRPMetaDataMacros":"Macros", "oidcOPMetaDataOptionsScope":"Phạm vi", "oidcOPMetaDataOptionsStoreIDToken":"Mã thông báo Cửa hàng", "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Phương pháp xác thực thiết bị đầu cuối Token", @@ -1021,6 +1023,7 @@ "samlSPMetaDataOptionsNotOnOrAfterTimeout":"Thời gian notOnOrAfter ", "samlSPMetaDataOptionsForceUTF8":"Bắt buộc UTF-8", "samlSPMetaDataOptionsRule":"Quy tắc truy cập", +"samlSPMetaDataMacros":"Macros", "samlIDPName":"Tên SAML IDP ", "samlServiceMetaData":"Dịch vụ SAML 2", "samlEntityID":"Thực thể trình định danh", @@ -1086,4 +1089,4 @@ "samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ", "samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể", "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP" -} \ No newline at end of file +} diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index 5e4261348..4def332eb 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -118,6 +118,7 @@ "casAppMetaDataOptions":"选项", "casAppMetaDataOptionsService":"服务 URL", "casAppMetaDataOptionsRule":"规则", +"casAppMetaDataMacros":"Macros", "casAppMetaDataOptionsUserAttribute":"User attribute", "casAppName":"CAS App 名称", "casAttr":"CAS 登录", @@ -556,6 +557,7 @@ "oidcRPMetaDataOptionsPublic":"Public client", "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE", "oidcRPMetaDataOptionsRule":"Access rule", +"oidcRPMetaDataMacros":"Macros", "oidcOPMetaDataOptionsScope":"Scope", "oidcOPMetaDataOptionsStoreIDToken":"Store ID Token", "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method", @@ -1021,6 +1023,7 @@ "samlSPMetaDataOptionsNotOnOrAfterTimeout":"notOnOrAfter duration", "samlSPMetaDataOptionsForceUTF8":"Force UTF-8", "samlSPMetaDataOptionsRule":"Access rule", +"samlSPMetaDataMacros":"Macros", "samlIDPName":"SAML IDP Name", "samlServiceMetaData":"SAML2 Service", "samlEntityID":"Entity Identifier", @@ -1086,4 +1089,4 @@ "samlRelayStateTimeout":"RelayState session timeout", "samlUseQueryStringSpecific":"Use specific query_string method", "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP" -} \ No newline at end of file +} From 965c662683d4b3a23b894eeb2e4c9b0c0a86885d Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Mon, 16 Dec 2019 17:52:45 +0100 Subject: [PATCH 08/19] Fix unit test for #2042 --- lemonldap-ng-portal/t/32-OIDC-Macro.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/t/32-OIDC-Macro.t b/lemonldap-ng-portal/t/32-OIDC-Macro.t index 1c55d99c6..9cd96d730 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Macro.t +++ b/lemonldap-ng-portal/t/32-OIDC-Macro.t @@ -51,7 +51,7 @@ ok( "Post authentication, endpoint $url" ); my $idpId = expectCookie($res); -my ($code) = expectRedirection( $res, qr#http://rp.com/\?code=([^&]+)# ); +my ($code) = expectRedirection( $res, qr#http://rp.com/\?.*code=([^&]+)# ); # Get access token $query = From f7f526b82520ec1fbabb6e30bd0a3b108fac7643 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 17 Dec 2019 10:59:45 +0100 Subject: [PATCH 09/19] Fix #1882 in refresh token code --- .../lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index af82ed91c..187d1e1ac 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -1245,7 +1245,7 @@ sub token { my $id_token_acr = "loa-" . $apacheSession->data->{authenticationLevel}; my $id_token_payload_hash = { - iss => $self->conf->{oidcServiceMetaDataIssuer}, # Issuer Identifier + iss => $self->iss, # Issuer Identifier sub => $user_id, # Subject Identifier aud => [$client_id], # Audience exp => $id_token_exp, # expiration @@ -1464,7 +1464,7 @@ sub token { my $id_token_acr = "loa-0"; my $id_token_payload_hash = { - iss => $self->conf->{oidcServiceMetaDataIssuer}, # Issuer Identifier + iss => $self->iss, # Issuer Identifier sub => $user_id, # Subject Identifier aud => [$client_id], # Audience exp => $id_token_exp, # expiration From 006cb00f8cd5b77a87d9f056dae0f87e3334b2c0 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 17 Dec 2019 11:10:47 +0100 Subject: [PATCH 10/19] Update unit tests for #1882 --- .../t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t | 1 - .../t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t | 1 - .../32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t | 1 - .../t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t | 1 - .../t/32-Auth-and-issuer-OIDC-authorization_code.t | 1 - lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t | 1 - .../t/32-Auth-and-issuer-OIDC-implicit-no-token.t | 1 - lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t | 1 - lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t | 1 - lemonldap-ng-portal/t/32-OIDC-Macro.t | 1 - lemonldap-ng-portal/t/32-OIDC-Offline-Session.t | 1 - lemonldap-ng-portal/t/32-OIDC-RP-rule.t | 1 - lemonldap-ng-portal/t/32-OIDC-Refresh-Token.t | 1 - lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t | 1 - lemonldap-ng-portal/t/32-OIDC-Token-Security.t | 1 - lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t | 1 - lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t | 1 - lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t | 1 - lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t | 1 - lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t | 1 - lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t | 1 - 21 files changed, 21 deletions(-) diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t index a0ccbd261..cefef0a6f 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t @@ -212,7 +212,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t index effccb3a9..97ae6d89c 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t @@ -325,7 +325,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com/", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t index 94b8d55ea..921802997 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t @@ -279,7 +279,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com/", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t index 3901335ef..50b7fc8bb 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t @@ -321,7 +321,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com/", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t index 525f3b105..6d97965d7 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t @@ -325,7 +325,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com/", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t index bf51dcce1..11388a801 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t @@ -237,7 +237,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit-no-token.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit-no-token.t index 8073ee912..a9c6d4c45 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit-no-token.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit-no-token.t @@ -228,7 +228,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t index ca4dd043f..eafb8238e 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t @@ -228,7 +228,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t index b45df6d3b..0d7691fec 100644 --- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t +++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t @@ -133,7 +133,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-OIDC-Macro.t b/lemonldap-ng-portal/t/32-OIDC-Macro.t index 9cd96d730..e23b3f5ea 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Macro.t +++ b/lemonldap-ng-portal/t/32-OIDC-Macro.t @@ -108,7 +108,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-OIDC-Offline-Session.t b/lemonldap-ng-portal/t/32-OIDC-Offline-Session.t index 06c2250e4..8157215f3 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Offline-Session.t +++ b/lemonldap-ng-portal/t/32-OIDC-Offline-Session.t @@ -29,7 +29,6 @@ my $op = LLNG::Manager::Test->new( { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-OIDC-RP-rule.t b/lemonldap-ng-portal/t/32-OIDC-RP-rule.t index 9455a1a3c..8ecab88ea 100644 --- a/lemonldap-ng-portal/t/32-OIDC-RP-rule.t +++ b/lemonldap-ng-portal/t/32-OIDC-RP-rule.t @@ -145,7 +145,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-OIDC-Refresh-Token.t b/lemonldap-ng-portal/t/32-OIDC-Refresh-Token.t index d8851cbec..1eeae5ff5 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Refresh-Token.t +++ b/lemonldap-ng-portal/t/32-OIDC-Refresh-Token.t @@ -29,7 +29,6 @@ my $op = LLNG::Manager::Test->new( { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t b/lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t index 178bbe057..39b234e41 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t +++ b/lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t @@ -35,7 +35,6 @@ my $op = LLNG::Manager::Test->new( { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/32-OIDC-Token-Security.t b/lemonldap-ng-portal/t/32-OIDC-Token-Security.t index 9d3e56682..efffa02cc 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Token-Security.t +++ b/lemonldap-ng-portal/t/32-OIDC-Token-Security.t @@ -35,7 +35,6 @@ my $op = LLNG::Manager::Test->new( { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t index beee5d271..e1ec284b1 100644 --- a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t +++ b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t @@ -353,7 +353,6 @@ sub op { name => "cn" } }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t index 299a03196..fb41e6273 100644 --- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t +++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t @@ -444,7 +444,6 @@ sub sp { email => 'email', }, }, - oidcServiceMetaDataIssuer => "http://auth.sp.com", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", oidcServiceMetaDataEndSessionURI => "logout", diff --git a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t index 0eed1344d..85e1a4799 100644 --- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t +++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t @@ -424,7 +424,6 @@ sub sp { email => 'email', }, }, - oidcServiceMetaDataIssuer => "http://auth.sp.com", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", oidcServiceMetaDataEndSessionURI => "logout", diff --git a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t index ac52156ae..fea5eb921 100644 --- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t +++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t @@ -426,7 +426,6 @@ sub sp { email => 'email', }, }, - oidcServiceMetaDataIssuer => "http://auth.sp.com", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", oidcServiceMetaDataEndSessionURI => "logout", diff --git a/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t b/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t index 92b965691..fc8db9d23 100644 --- a/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t +++ b/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t @@ -293,7 +293,6 @@ sub op { email => 'email', }, }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", diff --git a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t index 881b913cf..c93567c1d 100644 --- a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t +++ b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t @@ -291,7 +291,6 @@ sub op { email => 'email', }, }, - oidcServiceMetaDataIssuer => "http://auth.op.com", oidcServiceMetaDataAuthorizeURI => "authorize", oidcServiceMetaDataCheckSessionURI => "checksession.html", oidcServiceMetaDataJWKSURI => "jwks", From a19bc1ff96bec5fa4cf5761a07ce9af28b386d5d Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 18 Dec 2019 21:52:38 +0100 Subject: [PATCH 11/19] Prevent to store notifications with time & Improve unit tests (#2012) --- .../lib/Lemonldap/NG/Common/Notifications/JSON.pm | 4 ++++ .../lib/Lemonldap/NG/Common/Notifications/XML.pm | 3 +++ lemonldap-ng-portal/t/40-Notifications-JSON-Server.t | 4 ++-- lemonldap-ng-portal/t/40-Notifications-XML-Server.t | 4 ++-- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm index 62e773d82..f09a37602 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm @@ -34,6 +34,9 @@ sub newNotification { $self->logger->error("$err"); return ( 0, "$err" ); } + + # Prevent to store time. Keep date only + $tmp =~ s/^(\d{4}-\d{2}-\d{2}).*$/$1/; push @data, $tmp; } @@ -44,6 +47,7 @@ sub newNotification { } push @data, ( $notif->{condition} ); + $notif->{date} =~ s/^(\d{4}-\d{2}-\d{2}).*$/$1/; my $body = to_json($notif); push @notifs, [ @data, $body ]; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm index a6298971e..967bcfc96 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm @@ -45,6 +45,9 @@ sub newNotification { $self->logger->error("$err"); return 0; } + + # Prevent to store time. Keep date only + $tmp =~ s/^(\d{4}-\d{2}-\d{2}).*$/$1/; push @data, $tmp; } diff --git a/lemonldap-ng-portal/t/40-Notifications-JSON-Server.t b/lemonldap-ng-portal/t/40-Notifications-JSON-Server.t index 9b967d921..b7bc41a44 100644 --- a/lemonldap-ng-portal/t/40-Notifications-JSON-Server.t +++ b/lemonldap-ng-portal/t/40-Notifications-JSON-Server.t @@ -7,7 +7,7 @@ BEGIN { } my $json = '{ -"date": "2016-05-30", +"date": "2016-05-30 15:35:10", "reference": "testref", "uid": "dwho", "title": "Test title", @@ -42,7 +42,7 @@ my $jsonall = '{ my $notifs = q%[{ "uid": "dwho", - "date": "2019-11-15", + "date": "2019-11-15 15:35:10", "reference": "ABC1", "title": "You have new authorizations", "subtitle": "Application 1", diff --git a/lemonldap-ng-portal/t/40-Notifications-XML-Server.t b/lemonldap-ng-portal/t/40-Notifications-XML-Server.t index bbbc716e3..4b91ba94c 100644 --- a/lemonldap-ng-portal/t/40-Notifications-XML-Server.t +++ b/lemonldap-ng-portal/t/40-Notifications-XML-Server.t @@ -43,7 +43,7 @@ LWP::Protocol::PSGI->register( ); my $xml = ' - + Test title Test subtitle This is a test text @@ -57,7 +57,7 @@ my $xmlbis = ' '; my $combined = ' - + Test title Test subtitle This is a test text From 24ab56ce7e17516bc3c95d88fcf1335484118821 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Thu, 19 Dec 2019 06:55:49 +0100 Subject: [PATCH 12/19] Update JS libs (fixes some little security issues) --- .../bwr/angular-animate/angular-animate.js | 4 +- .../angular-animate/angular-animate.min.js | 4 +- .../static/bwr/angular-aria/angular-aria.js | 4 +- .../bwr/angular-aria/angular-aria.min.js | 4 +- .../bwr/angular-cookies/angular-cookies.js | 4 +- .../angular-cookies/angular-cookies.min.js | 4 +- .../site/htdocs/static/bwr/angular/angular.js | 92 ++- .../htdocs/static/bwr/angular/angular.min.js | 14 +- .../static/bwr/angular/angular.min.js.map | 2 +- .../bwr/bootstrap/dist/css/bootstrap-grid.css | 184 ++++- .../bootstrap/dist/css/bootstrap-grid.css.map | 2 +- .../bootstrap/dist/css/bootstrap-grid.min.css | 4 +- .../dist/css/bootstrap-grid.min.css.map | 2 +- .../bootstrap/dist/css/bootstrap-reboot.css | 12 +- .../dist/css/bootstrap-reboot.css.map | 2 +- .../dist/css/bootstrap-reboot.min.css | 4 +- .../dist/css/bootstrap-reboot.min.css.map | 2 +- .../bwr/bootstrap/dist/css/bootstrap.css | 600 +++++++++----- .../bwr/bootstrap/dist/css/bootstrap.css.map | 2 +- .../bwr/bootstrap/dist/css/bootstrap.min.css | 4 +- .../bootstrap/dist/css/bootstrap.min.css.map | 2 +- .../bwr/bootstrap/dist/js/bootstrap.bundle.js | 739 ++++++++++-------- .../bootstrap/dist/js/bootstrap.bundle.js.map | 2 +- .../bootstrap/dist/js/bootstrap.bundle.min.js | 30 +- .../dist/js/bootstrap.bundle.min.js.map | 2 +- .../static/bwr/bootstrap/dist/js/bootstrap.js | 668 +++++++++------- .../bwr/bootstrap/dist/js/bootstrap.js.map | 2 +- .../bwr/bootstrap/dist/js/bootstrap.min.js | 5 +- .../bootstrap/dist/js/bootstrap.min.js.map | 2 +- .../static/bwr/jquery-ui/jquery-ui.min.js | 202 +---- .../static/bwr/jquery-ui/jquery-ui.min.js.map | 1 - .../static/bwr/jquery/dist/jquery.min.js | 27 +- .../static/bwr/jquery/dist/jquery.min.js.map | 1 - .../static/bwr/qrious/dist/qrious.min.js | 46 +- .../static/bwr/qrious/dist/qrious.min.js.map | 2 +- 35 files changed, 1490 insertions(+), 1191 deletions(-) delete mode 100644 lemonldap-ng-portal/site/htdocs/static/bwr/jquery-ui/jquery-ui.min.js.map delete mode 100644 lemonldap-ng-portal/site/htdocs/static/bwr/jquery/dist/jquery.min.js.map diff --git a/lemonldap-ng-manager/site/htdocs/static/bwr/angular-animate/angular-animate.js b/lemonldap-ng-manager/site/htdocs/static/bwr/angular-animate/angular-animate.js index 820727fd0..4c1d5f207 100644 --- a/lemonldap-ng-manager/site/htdocs/static/bwr/angular-animate/angular-animate.js +++ b/lemonldap-ng-manager/site/htdocs/static/bwr/angular-animate/angular-animate.js @@ -1,5 +1,5 @@ /** - * @license AngularJS v1.7.8 + * @license AngularJS v1.7.9 * (c) 2010-2018 Google, Inc. http://angularjs.org * License: MIT */ @@ -4252,7 +4252,7 @@ angular.module('ngAnimate', [], function initAngularHelpers() { isFunction = angular.isFunction; isElement = angular.isElement; }) - .info({ angularVersion: '1.7.8' }) + .info({ angularVersion: '1.7.9' }) .directive('ngAnimateSwap', ngAnimateSwapDirective) .directive('ngAnimateChildren', $$AnimateChildrenDirective) diff --git a/lemonldap-ng-manager/site/htdocs/static/bwr/angular-animate/angular-animate.min.js b/lemonldap-ng-manager/site/htdocs/static/bwr/angular-animate/angular-animate.min.js index 22c2806ef..96dcfb63e 100644 --- a/lemonldap-ng-manager/site/htdocs/static/bwr/angular-animate/angular-animate.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/bwr/angular-animate/angular-animate.min.js @@ -1,5 +1,5 @@ /* - AngularJS v1.7.8 + AngularJS v1.7.9 (c) 2010-2018 Google, Inc. http://angularjs.org License: MIT */ @@ -11,7 +11,7 @@ f=!a[b]||a[b+"-remove"]):-1===c&&(d="removeClass",f=a[b]||a[b+"-add"]);f&&(k[d]. b:a:b}function Ka(a,b,c){var d=Object.create(null),f=a.getComputedStyle(b)||{};s(c,function(a,c){var b=f[a];if(b){var L=b.charAt(0);if("-"===L||"+"===L||0<=L)b=Va(b);0===b&&(b=null);d[c]=b}});return d}function Va(a){var b=0;a=a.split(/\s*,\s*/);s(a,function(a){"s"===a.charAt(a.length-1)&&(a=a.substring(0,a.length-1));a=parseFloat(a)||0;b=b?Math.max(a,b):a});return b}function ya(a){return 0===a||null!=a}function La(a,b){var c=M,d=a+"s";b?c+="Duration":d+=" linear all";return[c,d]}function Ma(a,b,c){s(c, function(c){a[c]=za(a[c])?a[c]:b.style.getPropertyValue(c)})}var M,Aa,ca,Ba;void 0===Y.ontransitionend&&void 0!==Y.onwebkittransitionend?(M="WebkitTransition",Aa="webkitTransitionEnd transitionend"):(M="transition",Aa="transitionend");void 0===Y.onanimationend&&void 0!==Y.onwebkitanimationend?(ca="WebkitAnimation",Ba="webkitAnimationEnd animationend"):(ca="animation",Ba="animationend");var qa=ca+"Delay",Ca=ca+"Duration",na=M+"Delay",Na=M+"Duration",Pa=z.$$minErr("ng"),ra={blockTransitions:function(a, b){var c=b?"-"+b+"s":"";ma(a,[na,c]);return[na,c]}},Wa={transitionDuration:Na,transitionDelay:na,transitionProperty:M+"Property",animationDuration:Ca,animationDelay:qa,animationIterationCount:ca+"IterationCount"},Xa={transitionDuration:Na,transitionDelay:na,animationDuration:Ca,animationDelay:qa},Da,wa,s,Z,za,sa,Ea,ta,G,R,A,N;z.module("ngAnimate",[],function(){N=z.noop;Da=z.copy;wa=z.extend;A=z.element;s=z.forEach;Z=z.isArray;G=z.isString;ta=z.isObject;R=z.isUndefined;za=z.isDefined;Ea=z.isFunction; -sa=z.isElement}).info({angularVersion:"1.7.8"}).directive("ngAnimateSwap",["$animate",function(a){return{restrict:"A",transclude:"element",terminal:!0,priority:550,link:function(b,c,d,f,k){var e,Q;b.$watchCollection(d.ngAnimateSwap||d["for"],function(b){e&&a.leave(e);Q&&(Q.$destroy(),Q=null);(b||0===b)&&k(function(b,d){e=b;Q=d;a.enter(b,null,c)})})}}}]).directive("ngAnimateChildren",["$interpolate",function(a){return{link:function(b,c,d){function f(a){c.data("$$ngAnimateChildren","on"===a||"true"=== +sa=z.isElement}).info({angularVersion:"1.7.9"}).directive("ngAnimateSwap",["$animate",function(a){return{restrict:"A",transclude:"element",terminal:!0,priority:550,link:function(b,c,d,f,k){var e,Q;b.$watchCollection(d.ngAnimateSwap||d["for"],function(b){e&&a.leave(e);Q&&(Q.$destroy(),Q=null);(b||0===b)&&k(function(b,d){e=b;Q=d;a.enter(b,null,c)})})}}}]).directive("ngAnimateChildren",["$interpolate",function(a){return{link:function(b,c,d){function f(a){c.data("$$ngAnimateChildren","on"===a||"true"=== a)}var k=d.ngAnimateChildren;G(k)&&0===k.length?c.data("$$ngAnimateChildren",!0):(f(a(k)(b)),d.$observe("ngAnimateChildren",f))}}}]).factory("$$rAFScheduler",["$$rAF",function(a){function b(a){d=d.concat(a);c()}function c(){if(d.length){for(var b=d.shift(),e=0;e 4096 bytes)!");h.cookie=b}}e.module("ngCookies",["ng"]).info({angularVersion:"1.7.8"}).provider("$cookies",[function(){var d=this.defaults={};this.$get=["$$cookieReader","$$cookieWriter",function(k,l){return{get:function(a){return k()[a]},getObject:function(a){return(a=this.get(a))?e.fromJson(a):a},getAll:function(){return k()},put:function(a,h,f){l(a,h,f?e.extend({},d,f):d)},putObject:function(a,d,f){this.put(a,e.toJson(d),f)},remove:function(a,h){l(a,void 0,h?e.extend({},d,h):d)}}}]}]);m.$inject= +c+" > 4096 bytes)!");h.cookie=b}}e.module("ngCookies",["ng"]).info({angularVersion:"1.7.9"}).provider("$cookies",[function(){var d=this.defaults={};this.$get=["$$cookieReader","$$cookieWriter",function(k,l){return{get:function(a){return k()[a]},getObject:function(a){return(a=this.get(a))?e.fromJson(a):a},getAll:function(){return k()},put:function(a,h,f){l(a,h,f?e.extend({},d,f):d)},putObject:function(a,d,f){this.put(a,e.toJson(d),f)},remove:function(a,h){l(a,void 0,h?e.extend({},d,h):d)}}}]}]);m.$inject= ["$document","$log","$browser"];e.module("ngCookies").provider("$$cookieWriter",function(){this.$get=m})})(window,window.angular); //# sourceMappingURL=angular-cookies.min.js.map diff --git a/lemonldap-ng-manager/site/htdocs/static/bwr/angular/angular.js b/lemonldap-ng-manager/site/htdocs/static/bwr/angular/angular.js index fdfcdfd84..61cc19073 100644 --- a/lemonldap-ng-manager/site/htdocs/static/bwr/angular/angular.js +++ b/lemonldap-ng-manager/site/htdocs/static/bwr/angular/angular.js @@ -1,5 +1,5 @@ /** - * @license AngularJS v1.7.8 + * @license AngularJS v1.7.9 * (c) 2010-2018 Google, Inc. http://angularjs.org * License: MIT */ @@ -99,7 +99,7 @@ function isValidObjectMaxDepth(maxDepth) { function minErr(module, ErrorConstructor) { ErrorConstructor = ErrorConstructor || Error; - var url = 'https://errors.angularjs.org/1.7.8/'; + var url = 'https://errors.angularjs.org/1.7.9/'; var regex = url.replace('.', '\\.') + '[\\s\\S]*'; var errRegExp = new RegExp(regex, 'g'); @@ -481,8 +481,10 @@ function baseExtend(dst, objs, deep) { } else if (isElement(src)) { dst[key] = src.clone(); } else { - if (!isObject(dst[key])) dst[key] = isArray(src) ? [] : {}; - baseExtend(dst[key], [src], true); + if (key !== '__proto__') { + if (!isObject(dst[key])) dst[key] = isArray(src) ? [] : {}; + baseExtend(dst[key], [src], true); + } } } else { dst[key] = src; @@ -2805,11 +2807,11 @@ function toDebugString(obj, maxDepth) { var version = { // These placeholder strings will be replaced by grunt's `build` task. // They need to be double- or single-quoted. - full: '1.7.8', + full: '1.7.9', major: 1, minor: 7, - dot: 8, - codeName: 'enthusiastic-oblation' + dot: 9, + codeName: 'pollution-eradication' }; @@ -2959,7 +2961,7 @@ function publishExternalAPI(angular) { }); } ]) - .info({ angularVersion: '1.7.8' }); + .info({ angularVersion: '1.7.9' }); } /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * @@ -7460,7 +7462,7 @@ function $TemplateCacheProvider() { * * This example show how you might use `$doCheck` to trigger changes in your component's inputs even if the * actual identity of the component doesn't change. (Be aware that cloning and deep equality checks on large - * arrays or objects can have a negative impact on your application performance) + * arrays or objects can have a negative impact on your application performance.) * * * @@ -7783,7 +7785,7 @@ function $TemplateCacheProvider() { * would result in the whole app "stalling" until all templates are loaded asynchronously - even in the * case when only one deeply nested directive has `templateUrl`. * - * Template loading is asynchronous even if the template has been preloaded into the {@link $templateCache} + * Template loading is asynchronous even if the template has been preloaded into the {@link $templateCache}. * * You can specify `templateUrl` as a string representing the URL or as a function which takes two * arguments `tElement` and `tAttrs` (described in the `compile` function api below) and returns @@ -7844,7 +7846,7 @@ function $TemplateCacheProvider() { * own templates or compile functions. Compiling these directives results in an infinite loop and * stack overflow errors. * - * This can be avoided by manually using $compile in the postLink function to imperatively compile + * This can be avoided by manually using `$compile` in the postLink function to imperatively compile * a directive's template instead of relying on automatic template compilation via `template` or * `templateUrl` declaration or manual compilation inside the compile function. * @@ -7948,17 +7950,17 @@ function $TemplateCacheProvider() { * * * `true` - transclude the content (i.e. the child nodes) of the directive's element. * * `'element'` - transclude the whole of the directive's element including any directives on this - * element that defined at a lower priority than this directive. When used, the `template` + * element that are defined at a lower priority than this directive. When used, the `template` * property is ignored. * * **`{...}` (an object hash):** - map elements of the content onto transclusion "slots" in the template. * - * **Mult-slot transclusion** is declared by providing an object for the `transclude` property. + * **Multi-slot transclusion** is declared by providing an object for the `transclude` property. * * This object is a map where the keys are the name of the slot to fill and the value is an element selector * used to match the HTML to the slot. The element selector should be in normalized form (e.g. `myElement`) * and will match the standard element variants (e.g. `my-element`, `my:element`, `data-my-element`, etc). * - * For further information check out the guide on {@link guide/directive#matching-directives Matching Directives} + * For further information check out the guide on {@link guide/directive#matching-directives Matching Directives}. * * If the element selector is prefixed with a `?` then that slot is optional. * @@ -7983,7 +7985,7 @@ function $TemplateCacheProvider() { * * * If you want to manually control the insertion and removal of the transcluded content in your directive - * then you must use this transclude function. When you call a transclude function it returns a a jqLite/JQuery + * then you must use this transclude function. When you call a transclude function it returns a jqLite/JQuery * object that contains the compiled DOM, which is linked to the correct transclusion scope. * * When you call a transclusion function you can pass in a **clone attach function**. This function accepts @@ -8068,8 +8070,8 @@ function $TemplateCacheProvider() { * The {@link ng.$compile.directive.Attributes Attributes} object - passed as a parameter in the * `link()` or `compile()` functions. It has a variety of uses. * - * * *Accessing normalized attribute names:* Directives like 'ngBind' can be expressed in many ways: - * 'ng:bind', `data-ng-bind`, or 'x-ng-bind'. The attributes object allows for normalized access + * * *Accessing normalized attribute names:* Directives like `ngBind` can be expressed in many ways: + * `ng:bind`, `data-ng-bind`, or `x-ng-bind`. The attributes object allows for normalized access * to the attributes. * * * *Directive inter-communication:* All directives share the same instance of the attributes @@ -8110,25 +8112,24 @@ function $TemplateCacheProvider() {