Remove oidcServiceMetaDataIssuer (#1882)

098f60a8 · Maxime Besson · 40215168 · 098f60a8 · 098f60a8 · 098f60a8
Commit 098f60a8 authored Sep 16, 2019 by Maxime Besson
34 changed files
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
@@ -68,6 +68,6 @@ our $issuerParameters = {
  issuerOptions => [qw(issuersTimeout)],
 };
 our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlOverrideIDPEntityID)];
-our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)];
+our $oidcServiceParameters = [qw(oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)];

 1;
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@@ -2126,9 +2126,6 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
            'default' => 'introspect',
            'type'    => 'text'
        },
-        'oidcServiceMetaDataIssuer' => {
-            'type' => 'text'
-        },
        'oidcServiceMetaDataJWKSURI' => {
            'default' => 'jwks',
            'type'    => 'text'

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -3511,10 +3511,6 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
        },

        # OpenID Connect service
-        oidcServiceMetaDataIssuer => {
-            type          => 'text',
-            documentation => 'OpenID Connect issuer',
-        },
        oidcServiceMetaDataAuthorizeURI => {
            type          => 'text',
            default       => 'authorize',

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@@ -1134,7 +1134,6 @@ sub tree {
            title => 'oidcServiceMetaData',
            help  => 'openidconnectservice.html#service_configuration',
            nodes => [
-                'oidcServiceMetaDataIssuer',
                {
                    title => 'oidcServiceMetaDataEndPoints',
                    form  => 'simpleInputContainer',

--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@@ -596,7 +596,6 @@
 "oidcRPMetaDataOptionsRedirectUris":"عناوين إعادة التوجيه المسموح بها لتسجيل الدخول",
 "oidcRPMetaDataOptionsPostLogoutRedirectUris":"عناوين إعادة التوجيه المسموح بها للخروج",
 "oidcRPMetaDataOptionsExtraClaims":"ادعاءات إضافي",
-"oidcServiceMetaDataIssuer":"تعريف المرسل",
 "oidcServiceMetaDataTokenURI":"التوكن",
 "oidcServiceMetaDataUserInfoURI":"معلومات المستخدم",
 "oidcServiceMetaDataCheckSessionURI":"تحقق من الجلسة",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@@ -595,7 +595,6 @@
 "oidcRPMetaDataOptionsRedirectUris":"Allowed redirection addresses for login",
 "oidcRPMetaDataOptionsPostLogoutRedirectUris":"Allowed redirection addresses for logout",
 "oidcRPMetaDataOptionsExtraClaims":"Extra claims",
-"oidcServiceMetaDataIssuer":"Issuer identifier",
 "oidcServiceMetaDataTokenURI":"Token",
 "oidcServiceMetaDataUserInfoURI":"User Info",
 "oidcServiceMetaDataCheckSessionURI":"Check Session",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@@ -595,7 +595,6 @@
 "oidcRPMetaDataOptionsRedirectUris":"Allowed redirection addresses for login",
 "oidcRPMetaDataOptionsPostLogoutRedirectUris":"Allowed redirection addresses for logout",
 "oidcRPMetaDataOptionsExtraClaims":"Extra claims",
-"oidcServiceMetaDataIssuer":"Issuer identifier",
 "oidcServiceMetaDataTokenURI":"Token",
 "oidcServiceMetaDataUserInfoURI":"User Info",
 "oidcServiceMetaDataCheckSessionURI":"Check Session",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@@ -595,7 +595,6 @@
 "oidcRPMetaDataOptionsRedirectUris":"Adresses de redirection autorisées pour la connexion",
 "oidcRPMetaDataOptionsPostLogoutRedirectUris":"Adresses de redirection autorisées pour la déconnexion",
 "oidcRPMetaDataOptionsExtraClaims":"Déclarations (scopes/claims)",
-"oidcServiceMetaDataIssuer":"Identifiant du fournisseur",
 "oidcServiceMetaDataTokenURI":"Jeton",
 "oidcServiceMetaDataUserInfoURI":"Informations Utilisateur",
 "oidcServiceMetaDataCheckSessionURI":"Vérification de session",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@@ -595,7 +595,6 @@
 "oidcRPMetaDataOptionsRedirectUris":"Indirizzi di reindirizzazione consentiti per l'accesso",
 "oidcRPMetaDataOptionsPostLogoutRedirectUris":"Indirizzi di reindirizzazione consentiti per il logout",
 "oidcRPMetaDataOptionsExtraClaims":"Richieste supplementari",
-"oidcServiceMetaDataIssuer":"Identificatore dell'emittente",
 "oidcServiceMetaDataTokenURI":"Token",
 "oidcServiceMetaDataUserInfoURI":"Informazioni utente",
 "oidcServiceMetaDataCheckSessionURI":"Controlla sessione",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@@ -595,7 +595,6 @@
 "oidcRPMetaDataOptionsRedirectUris":"Allowed redirection addresses for login",
 "oidcRPMetaDataOptionsPostLogoutRedirectUris":"Allowed redirection addresses for logout",
 "oidcRPMetaDataOptionsExtraClaims":"Xác nhận bổ sung",
-"oidcServiceMetaDataIssuer":"Định danh Người phát hành",
 "oidcServiceMetaDataTokenURI":"Token",
 "oidcServiceMetaDataUserInfoURI":"Thông tin người dùng",
 "oidcServiceMetaDataCheckSessionURI":"Kiểm tra phiên",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@@ -595,7 +595,6 @@
 "oidcRPMetaDataOptionsRedirectUris":"Allowed redirection addresses for login",
 "oidcRPMetaDataOptionsPostLogoutRedirectUris":"Allowed redirection addresses for logout",
 "oidcRPMetaDataOptionsExtraClaims":"Extra claims",
-"oidcServiceMetaDataIssuer":"Issuer identifier",
 "oidcServiceMetaDataTokenURI":"令牌",
 "oidcServiceMetaDataUserInfoURI":"用户信息",
 "oidcServiceMetaDataCheckSessionURI":"Check Session",

--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
--- a/lemonldap-ng-manager/t/jsonfiles/15-combination.json
+++ b/lemonldap-ng-manager/t/jsonfiles/15-combination.json
@@ -2743,11 +2743,6 @@
 },
 {
  "_nodes": [{
-    "default": "http://auth.example.com",
-    "id": "oidcServiceMetaDataIssuer",
-    "title": "oidcServiceMetaDataIssuer"
-  },
-  {
    "_nodes": [{
      "default": "authorize",
      "id": "oidcServiceMetaDataAuthorizeURI",

--- a/lemonldap-ng-manager/t/jsonfiles/17-extra2f.json
+++ b/lemonldap-ng-manager/t/jsonfiles/17-extra2f.json
@@ -3948,11 +3948,6 @@
   },
   {
      "_nodes" : [
-         {
-            "default" : "http://auth.example.com",
-            "id" : "oidcServiceMetaDataIssuer",
-            "title" : "oidcServiceMetaDataIssuer"
-         },
         {
            "_nodes" : [
               {

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
@@ -43,7 +43,7 @@ has iss => (
    is      => 'ro',
    lazy    => 1,
    default => sub {
-        $_[0]->conf->{oidcServiceMetaDataIssuer} || $_[0]->conf->{portal};
+        $_[0]->conf->{portal};
    }
 );


--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t
@@ -229,7 +229,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t
@@ -327,7 +327,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com/",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t
@@ -280,7 +280,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com/",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t
@@ -327,7 +327,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com/",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
@@ -327,7 +327,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com/",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t
@@ -237,7 +237,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit-no-token.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit-no-token.t
@@ -228,7 +228,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t
@@ -228,7 +228,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t
@@ -133,7 +133,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-OIDC-RP-rule.t
+++ b/lemonldap-ng-portal/t/32-OIDC-RP-rule.t
@@ -145,7 +145,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t
+++ b/lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t
@@ -35,7 +35,6 @@ my $op = LLNG::Manager::Test->new( {
                    name        => "cn"
                }
            },
-            oidcServiceMetaDataIssuer             => "http://auth.op.com",
            oidcServiceMetaDataAuthorizeURI       => "authorize",
            oidcServiceMetaDataCheckSessionURI    => "checksession.html",
            oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/32-OIDC-Token-Security.t
+++ b/lemonldap-ng-portal/t/32-OIDC-Token-Security.t
@@ -35,7 +35,6 @@ my $op = LLNG::Manager::Test->new( {
                    name        => "cn"
                }
            },
-            oidcServiceMetaDataIssuer             => "http://auth.op.com",
            oidcServiceMetaDataAuthorizeURI       => "authorize",
            oidcServiceMetaDataCheckSessionURI    => "checksession.html",
            oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t
+++ b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t
@@ -355,7 +355,6 @@ sub op {
                        name        => "cn"
                    }
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t
+++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t
@@ -445,7 +445,6 @@ sub sp {
                        email => 'email',
                    },
                },
-                oidcServiceMetaDataIssuer             => "http://auth.sp.com",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",
                oidcServiceMetaDataEndSessionURI      => "logout",

--- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t
+++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t
@@ -425,7 +425,6 @@ sub sp {
                        email => 'email',
                    },
                },
-                oidcServiceMetaDataIssuer             => "http://auth.sp.com",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",
                oidcServiceMetaDataEndSessionURI      => "logout",

--- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t
+++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t
@@ -427,7 +427,6 @@ sub sp {
                        email => 'email',
                    },
                },
-                oidcServiceMetaDataIssuer             => "http://auth.sp.com",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",
                oidcServiceMetaDataEndSessionURI      => "logout",

--- a/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t
+++ b/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t
@@ -292,7 +292,6 @@ sub op {
                        email => 'email',
                    },
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",

--- a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t
+++ b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t
@@ -290,7 +290,6 @@ sub op {
                        email => 'email',
                    },
                },
-                oidcServiceMetaDataIssuer             => "http://auth.op.com",
                oidcServiceMetaDataAuthorizeURI       => "authorize",
                oidcServiceMetaDataCheckSessionURI    => "checksession.html",
                oidcServiceMetaDataJWKSURI            => "jwks",