Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Maxime Besson
lemonldap-ng
Commits
ce0f0d09
Commit
ce0f0d09
authored
Mar 31, 2016
by
Yadd
Browse files
s/CAS_/CAS/
parent
010e4e02
Changes
10
Expand all
Hide whitespace changes
Inline
Side-by-side
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
View file @
ce0f0d09
...
...
@@ -23,7 +23,7 @@ use constant HANDLERSECTION => "handler";
use
constant
MANAGERSECTION
=>
"
manager
";
use
constant
SESSIONSEXPLORERSECTION
=>
"
sessionsExplorer
";
use
constant
APPLYSECTION
=>
"
apply
";
our
$hashParameters
=
qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CAS
_
proxiedService|macro)s|o(?:idc(?:OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions)|RPMetaData(?:(?:ExportedVar|Option)s|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/
;
our
$hashParameters
=
qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idc(?:OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions)|RPMetaData(?:(?:ExportedVar|Option)s|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/
;
our
%EXPORT_TAGS
=
(
...
...
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View file @
ce0f0d09
...
...
@@ -26,9 +26,9 @@ sub defaultValues {
'
captchaStorageOptions
'
=>
{
'
Directory
'
=>
'
/var/lib/lemonldap-ng/captcha/
'
},
'
CAS_authnLevel
'
=>
1
,
'
CAS_pgtFile
'
=>
'
/tmp/pgt.txt
',
'
casAccessControlPolicy
'
=>
'
none
',
'
CASAuthnLevel
'
=>
1
,
'
CASpgtFile
'
=>
'
/tmp/pgt.txt
',
'
cda
'
=>
0
,
'
cfgNum
'
=>
0
,
'
checkXSS
'
=>
1
,
...
...
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View file @
ce0f0d09
...
...
@@ -604,34 +604,6 @@ sub attributes {
},
'
type
'
=>
'
keyTextContainer
'
},
'
CAS_authnLevel
'
=>
{
'
default
'
=>
1
,
'
type
'
=>
'
int
'
},
'
CAS_CAFile
'
=>
{
'
type
'
=>
'
text
'
},
'
CAS_gateway
'
=>
{
'
type
'
=>
'
bool
'
},
'
CAS_pgtFile
'
=>
{
'
default
'
=>
'
/tmp/pgt.txt
',
'
type
'
=>
'
text
'
},
'
CAS_proxiedServices
'
=>
{
'
keyMsgFail
'
=>
'
__badCasProxyId__
',
'
keyTest
'
=>
qr/^\w+$/
,
'
type
'
=>
'
keyTextContainer
'
},
'
CAS_renew
'
=>
{
'
type
'
=>
'
bool
'
},
'
CAS_url
'
=>
{
'
msgFail
'
=>
'
__badUrl__
',
'
test
'
=>
qr/(?:(?:https?):\/
\
/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/
,
'
type
'
=>
'
text
'
},
'
casAccessControlPolicy
'
=>
{
'
default
'
=>
'
none
',
'
select
'
=>
[
...
...
@@ -656,12 +628,40 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'
casAttributes
'
=>
{
'
type
'
=>
'
keyTextContainer
'
},
'
CASAuthnLevel
'
=>
{
'
default
'
=>
1
,
'
type
'
=>
'
int
'
},
'
CASCAFile
'
=>
{
'
type
'
=>
'
text
'
},
'
CASgateway
'
=>
{
'
type
'
=>
'
bool
'
},
'
CASpgtFile
'
=>
{
'
default
'
=>
'
/tmp/pgt.txt
',
'
type
'
=>
'
text
'
},
'
CASproxiedServices
'
=>
{
'
keyMsgFail
'
=>
'
__badCasProxyId__
',
'
keyTest
'
=>
qr/^\w+$/
,
'
type
'
=>
'
keyTextContainer
'
},
'
CASrenew
'
=>
{
'
type
'
=>
'
bool
'
},
'
casStorage
'
=>
{
'
type
'
=>
'
PerlModule
'
},
'
casStorageOptions
'
=>
{
'
type
'
=>
'
keyTextContainer
'
},
'
CASurl
'
=>
{
'
msgFail
'
=>
'
__badUrl__
',
'
test
'
=>
qr/(?:(?:https?):\/
\
/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/
,
'
type
'
=>
'
text
'
},
'
cda
'
=>
{
'
default
'
=>
0
,
'
type
'
=>
'
bool
'
...
...
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View file @
ce0f0d09
...
...
@@ -1841,25 +1841,25 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
SSLVar
=>
{
type
=>
'
text
',
},
# CAS
CAS
_a
uthnLevel
=>
{
CAS
A
uthnLevel
=>
{
type
=>
'
int
',
default
=>
1
,
documentation
=>
'
CAS authentication level
',
},
CAS
_
url
=>
{
CASurl
=>
{
type
=>
'
text
',
test
=>
$url
,
msgFail
=>
'
__badUrl__
',
},
CAS
_
CAFile
=>
{
type
=>
'
text
',
},
CAS
_
renew
=>
{
type
=>
'
bool
',
},
CAS
_
gateway
=>
{
type
=>
'
bool
',
},
CAS
_
pgtFile
=>
{
CASCAFile
=>
{
type
=>
'
text
',
},
CASrenew
=>
{
type
=>
'
bool
',
},
CASgateway
=>
{
type
=>
'
bool
',
},
CASpgtFile
=>
{
type
=>
'
text
',
default
=>
'
/tmp/pgt.txt
',
documentation
=>
'
CAS PGT file
',
},
CAS
_
proxiedServices
=>
{
CASproxiedServices
=>
{
type
=>
'
keyTextContainer
',
keyTest
=>
qr/^\w+$/
,
keyMsgFail
=>
'
__badCasProxyId__
',
...
...
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View file @
ce0f0d09
...
...
@@ -137,10 +137,10 @@ sub tree {
title
=>
'
casParams
',
help
=>
'
authcas.html
',
nodes
=>
[
'
CAS
_a
uthnLevel
',
'
CAS
_
url
',
'
CAS
_
CAFile
',
'
CAS
_
renew
',
'
CAS
_
gateway
',
'
CAS
_
pgtFile
',
'
CAS
_
proxiedServices
'
'
CAS
A
uthnLevel
',
'
CASurl
',
'
CASCAFile
',
'
CASrenew
',
'
CASgateway
',
'
CASpgtFile
',
'
CASproxiedServices
'
]
},
{
...
...
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm
View file @
ce0f0d09
...
...
@@ -21,7 +21,7 @@ our $specialNodeHash = {
our
@sessionTypes
=
(
'
captcha
',
'
remoteGlobal
',
'
cas
',
'
global
',
'
localSession
',
'
persistent
',
'
saml
',
'
oidc
'
);
our
$simpleHashKeys
=
'
(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CAS
_
proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))
';
our
$simpleHashKeys
=
'
(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))
';
our
$specialNodeKeys
=
'
(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s
';
our
$oidcOPMetaDataNodeKeys
=
'
oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|(?:MaxAg|Scop)e|AcrValues)|ExportedVars|J(?:SON|WKS))
';
our
$oidcRPMetaDataNodeKeys
=
'
oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)
';
...
...
@@ -33,7 +33,7 @@ our $authParameters = {
adParams
=>
[
qw(ADPwdMaxAge ADPwdExpireWarning)
],
apacheParams
=>
[
qw(apacheAuthnLevel)
],
browseridParams
=>
[
qw(browserIdAuthnLevel browserIdAutoLogin browserIdVerificationURL browserIdSiteName browserIdSiteLogo browserIdBackgroundColor)
],
casParams
=>
[
qw(CAS
_a
uthnLevel CAS
_
url CAS
_
CAFile CAS
_
renew CAS
_
gateway CAS
_
pgtFile CAS
_
proxiedServices)
],
casParams
=>
[
qw(CAS
A
uthnLevel CASurl CASCAFile CASrenew CASgateway CASpgtFile CASproxiedServices)
],
choiceParams
=>
[
qw(authChoiceParam authChoiceModules)
],
dbiParams
=>
[
qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)
],
demoParams
=>
[
qw(demoExportedVars)
],
...
...
lemonldap-ng-manager/site/static/reverseTree.json
View file @
ce0f0d09
This diff is collapsed.
Click to expand it.
lemonldap-ng-manager/site/static/struct.json
View file @
ce0f0d09
This diff is collapsed.
Click to expand it.
lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
View file @
ce0f0d09
...
...
@@ -425,7 +425,7 @@ CAS authentication options :
=over
=item * CAS
_
url, CAS
_
CAFile, CAS
_
loginUrl, CAS
_
validationUrl : see
=item * CASurl, CASCAFile, CASloginUrl, CASvalidationUrl : see
L<Lemonldap::NG::Portal::AuthCAS> for more
=back
...
...
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthCAS.pm
View file @
ce0f0d09
...
...
@@ -45,8 +45,8 @@ sub extractFormInfo {
my
$self
=
shift
;
my
$cas
=
new
AuthCAS
(
casUrl
=>
$self
->
{
CAS
_
url
},
CAFile
=>
$self
->
{
CAS
_
CAFile
},
casUrl
=>
$self
->
{
CASurl
},
CAFile
=>
$self
->
{
CASCAFile
},
);
# Local URL
...
...
@@ -79,8 +79,8 @@ sub extractFormInfo {
# Act as a proxy if proxied services configured
my
$proxy
=
ref
(
$self
->
{
CAS
_
proxiedServices
}
)
eq
'
HASH
'
?
(
%
{
$self
->
{
CAS
_
proxiedServices
}
}
?
1
:
0
)
ref
(
$self
->
{
CASproxiedServices
}
)
eq
'
HASH
'
?
(
%
{
$self
->
{
CASproxiedServices
}
}
?
1
:
0
)
:
0
;
if
(
$proxy
)
{
...
...
@@ -96,7 +96,7 @@ sub extractFormInfo {
$self
->
lmLog
(
"
CAS Proxy URL:
$proxy_url
",
'
debug
'
);
$cas
->
proxyMode
(
pgtFile
=>
$self
->
{
CAS
_
pgtFile
},
pgtFile
=>
$self
->
{
CASpgtFile
},
pgtCallbackUrl
=>
$proxy_url
);
}
...
...
@@ -127,8 +127,8 @@ sub extractFormInfo {
# Build login URL
my
$login_url
=
$cas
->
getServerLoginURL
(
$local_url
);
$login_url
.=
'
&renew=true
'
if
$self
->
{
CAS
_
renew
};
$login_url
.=
'
&gateway=true
'
if
$self
->
{
CAS
_
gateway
};
$login_url
.=
'
&renew=true
'
if
$self
->
{
CASrenew
};
$login_url
.=
'
&gateway=true
'
if
$self
->
{
CASgateway
};
# Check Service Ticket
my
$ticket
=
$self
->
param
('
ticket
');
...
...
@@ -164,8 +164,8 @@ sub extractFormInfo {
}
# Get a proxy ticket for each proxied service
foreach
(
keys
%
{
$self
->
{
CAS
_
proxiedServices
}
}
)
{
my
$service
=
$self
->
{
CAS
_
proxiedServices
}
->
{
$_
};
foreach
(
keys
%
{
$self
->
{
CASproxiedServices
}
}
)
{
my
$service
=
$self
->
{
CASproxiedServices
}
->
{
$_
};
my
$pt
=
$cas
->
retrievePT
(
$service
);
unless
(
$pt
)
{
...
...
@@ -196,7 +196,7 @@ sub setAuthSessionInfo {
# Store user submitted login for basic rules
$self
->
{
sessionInfo
}
->
{'
_user
'}
=
$self
->
{'
user
'};
$self
->
{
sessionInfo
}
->
{
authenticationLevel
}
=
$self
->
{
CAS
_
authnLevel
};
$self
->
{
sessionInfo
}
->
{
authenticationLevel
}
=
$self
->
{
CASauthnLevel
};
PE_OK
;
}
...
...
@@ -222,8 +222,8 @@ sub authLogout {
my
$self
=
shift
;
my
$cas
=
new
AuthCAS
(
casUrl
=>
$self
->
{
CAS
_
url
},
CAFile
=>
$self
->
{
CAS
_
CAFile
},
casUrl
=>
$self
->
{
CASurl
},
CAFile
=>
$self
->
{
CASCAFile
},
);
# Build CAS logout URL
...
...
@@ -267,8 +267,8 @@ compatible portals with CAS authentication.
my $portal = new Lemonldap::NG::Portal::Simple(
configStorage => {...}, # See Lemonldap::NG::Portal
authentication => 'CAS',
CAS
_
url => 'https://cas.myserver',
CAS
_
CAFile => '/etc/httpd/conf/ssl.crt/ca-bundle.crt',
CASurl => 'https://cas.myserver',
CASCAFile => '/etc/httpd/conf/ssl.crt/ca-bundle.crt',
);
if($portal->process()) {
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment