Commit ce0f0d09 authored by Yadd's avatar Yadd
Browse files

s/CAS_/CAS/

parent 010e4e02
...@@ -23,7 +23,7 @@ use constant HANDLERSECTION => "handler"; ...@@ -23,7 +23,7 @@ use constant HANDLERSECTION => "handler";
use constant MANAGERSECTION => "manager"; use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer"; use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply"; use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CAS_proxiedService|macro)s|o(?:idc(?:OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions)|RPMetaData(?:(?:ExportedVar|Option)s|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/; our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idc(?:OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions)|RPMetaData(?:(?:ExportedVar|Option)s|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/;
our %EXPORT_TAGS = ( our %EXPORT_TAGS = (
......
...@@ -26,9 +26,9 @@ sub defaultValues { ...@@ -26,9 +26,9 @@ sub defaultValues {
'captchaStorageOptions' => { 'captchaStorageOptions' => {
'Directory' => '/var/lib/lemonldap-ng/captcha/' 'Directory' => '/var/lib/lemonldap-ng/captcha/'
}, },
'CAS_authnLevel' => 1,
'CAS_pgtFile' => '/tmp/pgt.txt',
'casAccessControlPolicy' => 'none', 'casAccessControlPolicy' => 'none',
'CASAuthnLevel' => 1,
'CASpgtFile' => '/tmp/pgt.txt',
'cda' => 0, 'cda' => 0,
'cfgNum' => 0, 'cfgNum' => 0,
'checkXSS' => 1, 'checkXSS' => 1,
......
...@@ -604,34 +604,6 @@ sub attributes { ...@@ -604,34 +604,6 @@ sub attributes {
}, },
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
}, },
'CAS_authnLevel' => {
'default' => 1,
'type' => 'int'
},
'CAS_CAFile' => {
'type' => 'text'
},
'CAS_gateway' => {
'type' => 'bool'
},
'CAS_pgtFile' => {
'default' => '/tmp/pgt.txt',
'type' => 'text'
},
'CAS_proxiedServices' => {
'keyMsgFail' => '__badCasProxyId__',
'keyTest' => qr/^\w+$/,
'type' => 'keyTextContainer'
},
'CAS_renew' => {
'type' => 'bool'
},
'CAS_url' => {
'msgFail' => '__badUrl__',
'test' =>
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
'type' => 'text'
},
'casAccessControlPolicy' => { 'casAccessControlPolicy' => {
'default' => 'none', 'default' => 'none',
'select' => [ 'select' => [
...@@ -656,12 +628,40 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.] ...@@ -656,12 +628,40 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'casAttributes' => { 'casAttributes' => {
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
}, },
'CASAuthnLevel' => {
'default' => 1,
'type' => 'int'
},
'CASCAFile' => {
'type' => 'text'
},
'CASgateway' => {
'type' => 'bool'
},
'CASpgtFile' => {
'default' => '/tmp/pgt.txt',
'type' => 'text'
},
'CASproxiedServices' => {
'keyMsgFail' => '__badCasProxyId__',
'keyTest' => qr/^\w+$/,
'type' => 'keyTextContainer'
},
'CASrenew' => {
'type' => 'bool'
},
'casStorage' => { 'casStorage' => {
'type' => 'PerlModule' 'type' => 'PerlModule'
}, },
'casStorageOptions' => { 'casStorageOptions' => {
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
}, },
'CASurl' => {
'msgFail' => '__badUrl__',
'test' =>
qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)/,
'type' => 'text'
},
'cda' => { 'cda' => {
'default' => 0, 'default' => 0,
'type' => 'bool' 'type' => 'bool'
......
...@@ -1841,25 +1841,25 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: ...@@ -1841,25 +1841,25 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
SSLVar => { type => 'text', }, SSLVar => { type => 'text', },
# CAS # CAS
CAS_authnLevel => { CASAuthnLevel => {
type => 'int', type => 'int',
default => 1, default => 1,
documentation => 'CAS authentication level', documentation => 'CAS authentication level',
}, },
CAS_url => { CASurl => {
type => 'text', type => 'text',
test => $url, test => $url,
msgFail => '__badUrl__', msgFail => '__badUrl__',
}, },
CAS_CAFile => { type => 'text', }, CASCAFile => { type => 'text', },
CAS_renew => { type => 'bool', }, CASrenew => { type => 'bool', },
CAS_gateway => { type => 'bool', }, CASgateway => { type => 'bool', },
CAS_pgtFile => { CASpgtFile => {
type => 'text', type => 'text',
default => '/tmp/pgt.txt', default => '/tmp/pgt.txt',
documentation => 'CAS PGT file', documentation => 'CAS PGT file',
}, },
CAS_proxiedServices => { CASproxiedServices => {
type => 'keyTextContainer', type => 'keyTextContainer',
keyTest => qr/^\w+$/, keyTest => qr/^\w+$/,
keyMsgFail => '__badCasProxyId__', keyMsgFail => '__badCasProxyId__',
......
...@@ -137,10 +137,10 @@ sub tree { ...@@ -137,10 +137,10 @@ sub tree {
title => 'casParams', title => 'casParams',
help => 'authcas.html', help => 'authcas.html',
nodes => [ nodes => [
'CAS_authnLevel', 'CAS_url', 'CASAuthnLevel', 'CASurl',
'CAS_CAFile', 'CAS_renew', 'CASCAFile', 'CASrenew',
'CAS_gateway', 'CAS_pgtFile', 'CASgateway', 'CASpgtFile',
'CAS_proxiedServices' 'CASproxiedServices'
] ]
}, },
{ {
......
...@@ -21,7 +21,7 @@ our $specialNodeHash = { ...@@ -21,7 +21,7 @@ our $specialNodeHash = {
our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' ); our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' );
our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))'; our $simpleHashKeys = '(?:(?:g(?:r(?:antSessionRule|oup)|lobalStorageOption|oogleExportedVar)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CASproxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s'; our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|(?:MaxAg|Scop)e|AcrValues)|ExportedVars|J(?:SON|WKS))'; our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|(?:MaxAg|Scop)e|AcrValues)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)'; our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|DisplayName|UserIDAttr)|ExportedVars)';
...@@ -33,7 +33,7 @@ our $authParameters = { ...@@ -33,7 +33,7 @@ our $authParameters = {
adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)], adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)],
apacheParams => [qw(apacheAuthnLevel)], apacheParams => [qw(apacheAuthnLevel)],
browseridParams => [qw(browserIdAuthnLevel browserIdAutoLogin browserIdVerificationURL browserIdSiteName browserIdSiteLogo browserIdBackgroundColor)], browseridParams => [qw(browserIdAuthnLevel browserIdAutoLogin browserIdVerificationURL browserIdSiteName browserIdSiteLogo browserIdBackgroundColor)],
casParams => [qw(CAS_authnLevel CAS_url CAS_CAFile CAS_renew CAS_gateway CAS_pgtFile CAS_proxiedServices)], casParams => [qw(CASAuthnLevel CASurl CASCAFile CASrenew CASgateway CASpgtFile CASproxiedServices)],
choiceParams => [qw(authChoiceParam authChoiceModules)], choiceParams => [qw(authChoiceParam authChoiceModules)],
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)], dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash)],
demoParams => [qw(demoExportedVars)], demoParams => [qw(demoExportedVars)],
......
...@@ -425,7 +425,7 @@ CAS authentication options : ...@@ -425,7 +425,7 @@ CAS authentication options :
=over =over
=item * CAS_url, CAS_CAFile, CAS_loginUrl, CAS_validationUrl : see =item * CASurl, CASCAFile, CASloginUrl, CASvalidationUrl : see
L<Lemonldap::NG::Portal::AuthCAS> for more L<Lemonldap::NG::Portal::AuthCAS> for more
=back =back
......
...@@ -45,8 +45,8 @@ sub extractFormInfo { ...@@ -45,8 +45,8 @@ sub extractFormInfo {
my $self = shift; my $self = shift;
my $cas = new AuthCAS( my $cas = new AuthCAS(
casUrl => $self->{CAS_url}, casUrl => $self->{CASurl},
CAFile => $self->{CAS_CAFile}, CAFile => $self->{CASCAFile},
); );
# Local URL # Local URL
...@@ -79,8 +79,8 @@ sub extractFormInfo { ...@@ -79,8 +79,8 @@ sub extractFormInfo {
# Act as a proxy if proxied services configured # Act as a proxy if proxied services configured
my $proxy = my $proxy =
ref( $self->{CAS_proxiedServices} ) eq 'HASH' ref( $self->{CASproxiedServices} ) eq 'HASH'
? ( %{ $self->{CAS_proxiedServices} } ? 1 : 0 ) ? ( %{ $self->{CASproxiedServices} } ? 1 : 0 )
: 0; : 0;
if ($proxy) { if ($proxy) {
...@@ -96,7 +96,7 @@ sub extractFormInfo { ...@@ -96,7 +96,7 @@ sub extractFormInfo {
$self->lmLog( "CAS Proxy URL: $proxy_url", 'debug' ); $self->lmLog( "CAS Proxy URL: $proxy_url", 'debug' );
$cas->proxyMode( $cas->proxyMode(
pgtFile => $self->{CAS_pgtFile}, pgtFile => $self->{CASpgtFile},
pgtCallbackUrl => $proxy_url pgtCallbackUrl => $proxy_url
); );
} }
...@@ -127,8 +127,8 @@ sub extractFormInfo { ...@@ -127,8 +127,8 @@ sub extractFormInfo {
# Build login URL # Build login URL
my $login_url = $cas->getServerLoginURL($local_url); my $login_url = $cas->getServerLoginURL($local_url);
$login_url .= '&renew=true' if $self->{CAS_renew}; $login_url .= '&renew=true' if $self->{CASrenew};
$login_url .= '&gateway=true' if $self->{CAS_gateway}; $login_url .= '&gateway=true' if $self->{CASgateway};
# Check Service Ticket # Check Service Ticket
my $ticket = $self->param('ticket'); my $ticket = $self->param('ticket');
...@@ -164,8 +164,8 @@ sub extractFormInfo { ...@@ -164,8 +164,8 @@ sub extractFormInfo {
} }
# Get a proxy ticket for each proxied service # Get a proxy ticket for each proxied service
foreach ( keys %{ $self->{CAS_proxiedServices} } ) { foreach ( keys %{ $self->{CASproxiedServices} } ) {
my $service = $self->{CAS_proxiedServices}->{$_}; my $service = $self->{CASproxiedServices}->{$_};
my $pt = $cas->retrievePT($service); my $pt = $cas->retrievePT($service);
unless ($pt) { unless ($pt) {
...@@ -196,7 +196,7 @@ sub setAuthSessionInfo { ...@@ -196,7 +196,7 @@ sub setAuthSessionInfo {
# Store user submitted login for basic rules # Store user submitted login for basic rules
$self->{sessionInfo}->{'_user'} = $self->{'user'}; $self->{sessionInfo}->{'_user'} = $self->{'user'};
$self->{sessionInfo}->{authenticationLevel} = $self->{CAS_authnLevel}; $self->{sessionInfo}->{authenticationLevel} = $self->{CASauthnLevel};
PE_OK; PE_OK;
} }
...@@ -222,8 +222,8 @@ sub authLogout { ...@@ -222,8 +222,8 @@ sub authLogout {
my $self = shift; my $self = shift;
my $cas = new AuthCAS( my $cas = new AuthCAS(
casUrl => $self->{CAS_url}, casUrl => $self->{CASurl},
CAFile => $self->{CAS_CAFile}, CAFile => $self->{CASCAFile},
); );
# Build CAS logout URL # Build CAS logout URL
...@@ -267,8 +267,8 @@ compatible portals with CAS authentication. ...@@ -267,8 +267,8 @@ compatible portals with CAS authentication.
my $portal = new Lemonldap::NG::Portal::Simple( my $portal = new Lemonldap::NG::Portal::Simple(
configStorage => {...}, # See Lemonldap::NG::Portal configStorage => {...}, # See Lemonldap::NG::Portal
authentication => 'CAS', authentication => 'CAS',
CAS_url => 'https://cas.myserver', CASurl => 'https://cas.myserver',
CAS_CAFile => '/etc/httpd/conf/ssl.crt/ca-bundle.crt', CASCAFile => '/etc/httpd/conf/ssl.crt/ca-bundle.crt',
); );
if($portal->process()) { if($portal->process()) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment