Commit c01c26af authored by Christophe Maudoux's avatar Christophe Maudoux

Append option to override Issuer OTT storage (#1993)

parent 0182b793
Pipeline #6896 passed with stage
in 13 minutes and 53 seconds
......@@ -305,9 +305,10 @@ languages = en, fr, vi, it, ar, de, fi
; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page.
;customPlugins = My::Package1, My::Package2
; To avoid bad/expired OTT if authssl and auth are served by different Load Balancers
; you can override OTT configuration to store Upgrade OTT into global storage
; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers
; you can override OTT configuration to store Upgrade or Issuer OTT into global storage
;forceGlobalStorageUpgradeOTT = 1
;forceGlobalStorageIssuerOTT = 1
[handler]
......
......@@ -541,6 +541,11 @@ sub attributes {
documentation =>
'Avoid asking confirmation when an Issuer asks to renew auth',
},
forceGlobalStorageIssuerOTT => {
type => 'bool',
documentation =>
'Force Issuer tokens be stored into Global Storage',
},
handlerInternalCache => {
type => 'int',
default => 15,
......@@ -1468,7 +1473,7 @@ sub attributes {
forceGlobalStorageUpgradeOTT => {
type => 'bool',
documentation =>
'Force upgrade tokens be stored into Global Storage',
'Force Upgrade tokens be stored into Global Storage',
},
# 2F
......
......@@ -56,7 +56,7 @@ my @notManagedAttributes = (
'max2FDevices', 'max2FDevicesNameLength', 'checkTime',
'mySessionAuthorizedRWKeys', 'handlerInternalCache',
'handlerServiceTokenTTL', 'impersonationPrefix', 'pdataDomain',
'forceGlobalStorageUpgradeOTT'
'forceGlobalStorageUpgradeOTT', 'forceGlobalStorageIssuerOTT'
);
# Words used either as attribute name and node title
......
......@@ -20,17 +20,14 @@ use Lemonldap::NG::Portal::Main::Constants qw(
extends 'Lemonldap::NG::Portal::Main::Plugin';
our $VERSION = '2.0.6';
our $VERSION = '2.0.7';
# PROPERTIES
has type => ( is => 'rw' );
has path => ( is => 'rw' );
has type => ( is => 'rw' );
has path => ( is => 'rw' );
has ipath => ( is => 'rw' );
has _ott => (
has _ott => (
is => 'rw',
lazy => 1,
default => sub {
......@@ -52,6 +49,12 @@ sub beforeLogout { 'logout' }
sub init {
my ($self) = @_;
if ( $self->conf->{forceGlobalStorageIssuerOTT} ) {
$self->logger->debug(
"-> Issuer tokens will be stored into global storage");
$self->_ott->cache(undef);
}
my $type = ref( $_[0] );
$type =~ s/.*:://;
$self->type($type);
......@@ -91,7 +94,7 @@ sub _redirect {
'Add ' . $self->ipath . ', ' . $self->ipath . 'Path in keepPdata' );
push @{ $req->pdata->{keepPdata} }, $self->ipath, $self->ipath . 'Path';
$req->{urldc} = $self->conf->{portal} . '/' . $self->path;
$req->pdata->{_url} = encode_base64($req->urldc, '');
$req->pdata->{_url} = encode_base64( $req->urldc, '' );
}
else {
$self->logger->debug('Not seen as Issuer request, skipping');
......
......@@ -29,7 +29,7 @@ sub init {
my ($self) = @_;
if ( $self->conf->{forceGlobalStorageUpgradeOTT} ) {
$self->logger->debug(
"Upgrade token will be stored into global storage");
"-> Upgrade tokens will be stored into global storage");
$self->ott->cache(undef);
}
$self->addAuthRoute( upgradesession => 'ask', ['GET'] );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment