Commit 5723f2e9 authored by Christophe Maudoux's avatar Christophe Maudoux

Merge branch 'IdSpoofing' into 'v2.0'

Id spoofing

See merge request lemonldap-ng/lemonldap-ng!63
parents 285b1f81 bf7deb0f
......@@ -64,30 +64,34 @@ sub defaultValues {
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
},
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'idSpoofingHiddenAttributes' => '_2fDevices _loginHistory',
'idSpoofingPrefix' => 'real_',
'idSpoofingRule' => 1,
'idSpoofingSkipEmptyValues' => 1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'cn' => 'cn',
'mail' => 'mail',
'uid' => 'uid'
......
......@@ -1195,6 +1195,26 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
'default' => -1,
'type' => 'trool'
},
'idSpoofing' => {
'default' => 0,
'type' => 'bool'
},
'idSpoofingHiddenAttributes' => {
'default' => '_2fDevices _loginHistory',
'type' => 'text'
},
'idSpoofingPrefix' => {
'default' => 'real_',
'type' => 'text'
},
'idSpoofingRule' => {
'default' => 1,
'type' => 'boolOrExpr'
},
'idSpoofingSkipEmptyValues' => {
'default' => 1,
'type' => 'bool'
},
'infoFormMethod' => {
'default' => 'get',
'select' => [ {
......
......@@ -416,6 +416,59 @@ sub attributes {
type => 'text',
documentation => 'Secret token for CheckState plugin',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory hGroups',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
idSpoofing => {
default => 0,
type => 'bool',
documentation => 'Enable IdSpoofing plugin',
flags => 'p',
},
idSpoofingPrefix => {
type => 'text',
default => 'real_',
documentation => 'Prefix to rename real session attributes',
flags => 'p',
},
idSpoofingRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'IdSpoofing activation rule',
},
idSpoofingHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory',
documentation => 'Attributes to skip',
flags => 'p',
},
idSpoofingSkipEmptyValues => {
default => 1,
type => 'bool',
documentation => 'Skip session empty values',
flags => 'p',
},
skipRenewConfirmation => {
type => 'bool',
default => 0,
......@@ -578,30 +631,6 @@ sub attributes {
documentation => 'Enable Cross Domain Authentication',
flags => 'hp',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory hGroups',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
checkXSS => {
default => 1,
type => 'bool',
......
......@@ -648,6 +648,18 @@ sub tree {
'checkUserDisplayEmptyValues',
]
},
{
title => 'spoofingIds',
help => 'idspoofing.html',
form => 'simpleInputContainer',
nodes => [
'idSpoofing',
'idSpoofingRule',
'idSpoofingPrefix',
'idSpoofingHiddenAttributes',
'idSpoofingSkipEmptyValues',
]
},
]
},
{
......
......@@ -629,6 +629,18 @@ sub tests {
return 1;
},
# Warn if IdSpoofing plugin is enabled
checkIdSpoofing => sub {
return 1 unless ( $conf->{idSpoofing} );
return ( -1,
'"IdSpoofing" plugin is enabled!!!'
)
if ( $conf->{idSpoofing} );
# Return
return 1;
},
};
}
......
......@@ -286,6 +286,12 @@
"hideTree":"إخفاء الشجرة",
"httpOnly":"الحماية بواسطة جافا سكريبت",
"https":"إتش تي تي بي س",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"الحقول المطلوبة مفقودة",
"index":"فهرس",
"infoFormMethod":"طريقة للحصول على معلومات الإستمارة",
......
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
......@@ -286,6 +286,12 @@
"hideTree":"Masquer l'arbre",
"httpOnly":"Protection contre javascript",
"https":"HTTPS",
"spoofingIds":"Usurpation d'identité",
"idSpoofing":"Activation",
"idSpoofingRule":"Règle d'utilisation",
"idSpoofingHiddenAttributes":"Attributs masqués",
"idSpoofingPrefix":"Préfix des vrais attributs",
"idSpoofingSkipEmptyValues":"Ignorer les valeurs nulles",
"incompleteForm":"Des champs requis manquent",
"index":"Index",
"infoFormMethod":"Méthode du formulaire d'information",
......
......@@ -286,6 +286,12 @@
"hideTree":"Nascondi l'albero",
"httpOnly":"Protezione Javascript",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Mancano campi obbligatori",
"index":"Indice",
"infoFormMethod":"Metodo per il modulo informazioni",
......
......@@ -286,6 +286,12 @@
"hideTree":"Ẩn cây",
"httpOnly":"Bảo vệ Javascript",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Các trường bắt buộc bị thiếu",
"index":"Chỉ mục",
"infoFormMethod":"Phương pháp cho mẫu thông tin",
......
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"spoofingIds":"Id Spoofing",
"idSpoofing":"Activation",
"idSpoofingRule":"Use rule",
"idSpoofingHiddenAttributes":"Hidden attributes",
"idSpoofingPrefix":"Real attributes prefix",
"idSpoofingSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Main::Constants;
use strict;
use Exporter 'import';
our $VERSION = '2.0.2';
our $VERSION = '2.0.3';
use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main';
use constant {
......@@ -98,7 +98,7 @@ use constant {
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
PE_OID_SERVICE_NOT_ALLOWED => 91,
PE_GET_SERVICE_NOT_ALLOWED => 92,
PE_IDSPOOFING_SERVICE_NOT_ALLOWED => 93,
};
# EXPORTER PARAMETERS
......@@ -126,7 +126,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTAUTHN
PE_MUSTHAVEMAIL PE_SAML_SERVICE_NOT_ALLOWED PE_OIDC_SERVICE_NOT_ALLOWED
PE_OID_SERVICE_NOT_ALLOWED PE_GET_SERVICE_NOT_ALLOWED
PE_OID_SERVICE_NOT_ALLOWED PE_GET_SERVICE_NOT_ALLOWED PE_IDSPOOFING_SERVICE_NOT_ALLOWED
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
......
......@@ -291,6 +291,7 @@ sub display {
REGISTER_URL => $self->conf->{registerUrl},
HIDDEN_INPUTS => $self->buildHiddenForm($req),
STAYCONNECTED => $self->conf->{stayConnected},
SPOOFID => $self->conf->{idSpoofing},
(
$req->data->{customScript}
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
......
......@@ -26,6 +26,7 @@ our @pList = (
checkState => '::Plugins::CheckState',
portalForceAuthn => '::Plugins::ForceAuthn',
checkUser => '::Plugins::CheckUser',
idSpoofing => '::Plugins::IdSpoofing',
);
##@method list enabledPlugins
......
package Lemonldap::NG::Portal::Plugins::IdSpoofing;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants
qw( PE_OK PE_BADCREDENTIALS PE_IDSPOOFING_SERVICE_NOT_ALLOWED );
our $VERSION = '2.0.3';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
use constant endAuth => 'run';
has rule => ( is => 'rw', default => sub {1} );
sub hAttr {
$_[0]->{conf}->{idSpoofingHiddenAttributes} . ' '
. $_[0]->{conf}->{hiddenAttributes};
}
sub init {
my ($self) = @_;
# Parse activation rule
my $hd = $self->p->HANDLER;
$self->logger->debug(
"IdSpoofing rule -> " . $self->conf->{idSpoofingRule} );
my $rule
= $hd->buildSub( $hd->substitute( $self->conf->{idSpoofingRule} ) );
unless ($rule) {
$self->error( "Bad IdSpoofing rule -> " . $hd->tsv->{jail}->error );
return 0;
}
$self->{rule} = $rule;
return 1;
}
# RUNNING METHOD
sub run {
my ( $self, $req ) = @_;
my $spoofId = $req->param('spoofId') || '';
# Skip if no submitted SpoofId
return PE_OK unless $spoofId;
# Check activation rule
unless ( $self->rule->( $req, $req->sessionInfo ) ) {
$self->userLogger->error('IdSpoofing service not authorized');
return PE_IDSPOOFING_SERVICE_NOT_ALLOWED;
}
# Fill spoof session
my ( $realSession, $spoofSession ) = ( {}, {} );
$self->logger->debug("Spoofing Id: $spoofId...");
my $spk = '';
foreach my $k ( keys %{ $req->{sessionInfo} } ) {
if ( $self->{conf}->{idSpoofingSkipEmptyValues} ) {
next unless defined $req->{sessionInfo}->{$k};
}
$spk = "$self->{conf}->{idSpoofingPrefix}$k";
unless ( $self->hAttr =~ /\b$k\b/ ) {
$realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk");
}
}
$req->{user} = $spoofId;
$spoofSession = $self->_userDatas($req);
$spoofSession = { %$spoofSession, %$realSession };
# Main session
#$self->p->updatePersistentSession( $req, $spoofSession ); #?????
$self->p->updateSession( $req, $spoofSession );
return PE_OK;
}
sub _userDatas {
my ( $self, $req ) = @_;
$req->{sessionInfo} = {};
# Search user in database
$req->steps(
[ 'getUser', 'setSessionInfo',
'setMacros', 'setGroups',
#'setPersistentSessionInfo', 'setLocalGroups'
'setLocalGroups'
]
);
if ( my $error = $self->p->process($req) ) {
if ( $error == PE_BADCREDENTIALS ) {
$self->userLogger->warn(
'IdSpoofing requested for an unvalid user ('
. $req->{user}
. ")" );
}
$self->logger->debug("Process returned error: $error");
return $req->error($error);
}
$self->logger->debug("Populating spoofed session...");
return $req->{sessionInfo};
}
1;
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"قبول",
"accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"الخدمة المقدمة من قبل",
"sessionsDeleted":"الجلسات التالية تم غلقها",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"جلسة الدخول الموحد غير نشطة",
"stayConnected":"ابق على اتصال على هذا الجهاز",
"submit":"قدم",
......
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
"accept":"Akzeptieren",
"accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Dienst angeboten von",
"sessionsDeleted":"Die folgenden Sitzungen wurden geschlossen",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"SSO Sitzung inaktiv",
"stayConnected":"Auf diesem Gerät verbunden bleiben",
"submit":"Absenden",
......
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Service provided by",
"sessionsDeleted":"The following sessions have been closed",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"SSO session inactive",
"stayConnected": "Stay connected on this device",
"submit":"Submit",
......
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Service provided by",
"sessionsDeleted":"The following sessions have been closed",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"SSO session inactive",
"stayConnected":"Stay connected on this device",
"submit":"Submit",
......
......@@ -92,6 +92,7 @@
"PE90":"Accès non autorisé au service OIDC",
"PE91":"Accès non autorisé au service OID",
"PE92":"Accès non autorisé au service GET",
"PE93":"Accès non autorisé au service IdSpoofing",
"2fRegRequired":"Ce service requiert une authentification à deux facteurs. Enregistrez un équipement ici et retournez au portail.",
"accept":"Accepter",
"accessDenied":"Vous n'avez pas les droits d'accès à cette application",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Ce service est fourni par",
"sessionsDeleted":"Les sessions suivantes ont été fermées",
"sfaManager":"Gestionnaire 2ndFA",
"spoofId":"Identifiant usurpé",
"SSOSessionInactive":"Session SSO inactive",
"stayConnected": "Rester connecté sur cet appareil",
"submit":"Envoyer",
......
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
"accept":"Accetta",
"accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Servizio offerto da",
"sessionsDeleted":"Le sessioni seguenti sono state chiuse",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"Sessione SSO inattiva",
"stayConnected":"Resta connesso su questo dispositivo",
"submit":"Invia",
......
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Service provided by",
"sessionsDeleted":"The following sessions have been closed",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"SSO session inactive",
"stayConnected":"Stay connected on this device",
"submit":"Submit",
......
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Service provided by",
"sessionsDeleted":"The following sessions have been closed",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"SSO session inactive",
"stayConnected":"Stay connected on this device",
"submit":"Submit",
......
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Service provided by",
"sessionsDeleted":"The following sessions have been closed",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"SSO session inactive",
"stayConnected":"Stay connected on this device",
"submit":"Submit",
......
......@@ -92,6 +92,7 @@
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Chấp nhận",
"accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Dịch vụ được cung cấp bởi",
"sessionsDeleted":"Các phiên làm việc sau đã được đóng lại",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"Phiên SSO không hoạt động",
"stayConnected":"Giữ kết nối trên thiết bị này",
"submit":"Gửi",
......
......@@ -88,11 +88,12 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IdSpoofing service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept 方法",
"accessDenied":"您无权访问此应用",
"accountCreated":"您的账号已创建,临时密码已发送至您的邮箱",
......@@ -218,6 +219,7 @@
"serviceProvidedBy":"Service provided by",
"sessionsDeleted":"The following sessions have been closed",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"SSOSessionInactive":"SSO session inactive",
"stayConnected":"Stay connected on this device",
"submit":"提交",
......
......@@ -13,6 +13,15 @@
<input name="password" type="password" class="form-control" trplaceholder="password" required aria-required="true"/>
</div>
<TMPL_IF NAME="SPOOFID">
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-user"></i> </span>
</div>
<input name="spoofId" type="text" class="form-control" trplaceholder="spoofId" aria-required="false"/>
</div>
</TMPL_IF>
<TMPL_IF NAME=CAPTCHA_SRC>
<div class="form-group">
<img src="<TMPL_VAR NAME=CAPTCHA_SRC>" class="img-thumbnail" />
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment