Commit 8a07f47e authored by Clément OUDOT's avatar Clément OUDOT

Add krbRemoveDomain parameter (#707)

parent fbc30e13
......@@ -71,6 +71,7 @@ sub defaultValues {
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
......
......@@ -42,7 +42,7 @@ our $authParameters = {
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
demoParams => [qw(demoExportedVars)],
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret)],
kerberosParams => [qw(krbKeytab krbByJs krbAuthnLevel)],
kerberosParams => [qw(krbKeytab krbByJs krbAuthnLevel krbRemoveDomain)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
linkedinParams => [qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInFields linkedInUserField linkedInScope)],
nullParams => [qw(nullAuthnLevel)],
......
......@@ -1274,6 +1274,10 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
'krbKeytab' => {
'type' => 'text'
},
'krbRemoveDomain' => {
'default' => 1,
'type' => 'bool'
},
'ldapAllowResetExpiredPassword' => {
'default' => 0,
'type' => 'bool'
......
......@@ -2350,6 +2350,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => 3,
documentation => 'Null authentication level',
},
krbRemoveDomain => {
type => 'bool',
default => 1,
documentation => 'Remove domain in Kerberos username',
},
# Slave
slaveAuthnLevel => {
......
......@@ -209,7 +209,7 @@ sub tree {
{
title => 'kerberosParams',
help => 'authkerberos.html',
nodes => [ 'krbKeytab', 'krbByJs', 'krbAuthnLevel' ]
nodes => [ 'krbKeytab', 'krbByJs', 'krbAuthnLevel', 'krbRemoveDomain' ]
},
{
title => 'ldapParams',
......
......@@ -309,6 +309,7 @@
"krbAuthnLevel": "مستوى مصادقة كيربيروس",
"krbByJs": "استخدام طلب أجاكس",
"krbKeytab": "كيتاب",
"krbRemoveDomain": "Remove domain from Kerberos username",
"kerberosParams": "معايير كيربيروس",
"languages": "اللغات",
"latest": "الأحدث",
......
......@@ -309,6 +309,7 @@
"krbAuthnLevel": "Kerberos authn level",
"krbByJs": "Use Ajax request",
"krbKeytab": "keytab file",
"krbRemoveDomain": "Remove domain from Kerberos username",
"kerberosParams": "Kerberos parameters",
"languages": "Languages",
"latest": "Latest",
......
......@@ -309,6 +309,7 @@
"krbAuthnLevel": "Niveau d'authentification Kerberos",
"krbByJs": "Utilise une requête Ajax",
"krbKeytab": "Fichier keytab",
"krbRemoveDomain": "Supprimer le domaine du nom d'utilisateur",
"kerberosParams": "Paramètres Kerberos",
"languages": "Langues",
"latest": "Dernière",
......
......@@ -309,6 +309,7 @@
"krbAuthnLevel": "Livello Kerberos authn",
"krbByJs": "Utilizzare la richiesta Ajax",
"krbKeytab": "File keytab",
"krbRemoveDomain": "Remove domain from Kerberos username",
"kerberosParams": "Parametri di Kerberos",
"languages": "Lingue",
"latest": "Più recente",
......
......@@ -309,6 +309,7 @@
"krbAuthnLevel": "Cấp authn Kerberos",
"krbByJs": "Sử dụng yêu cầu Ajax",
"krbKeytab": "tệp keytab",
"krbRemoveDomain": "Remove domain from Kerberos username",
"kerberosParams": "Tham số Kerberos",
"languages": "Ngôn ngữ",
"latest": "Mới nhất",
......
......@@ -131,6 +131,10 @@ sub extractFormInfo {
return PE_ERROR;
}
$self->userLogger->notice("$client_name authentified by Kerberos");
$req->{_krbUser} = $client_name;
if ( $self->conf->{krbRemoveDomain} ) {
$client_name =~ s/^(.*)@.*$/$1/;
}
$req->user($client_name);
return PE_OK;
}
......@@ -146,6 +150,7 @@ sub authLogout {
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{krbAuthnLevel};
$req->{sessionInfo}->{_krbUser} = $req->{_krbUser};
PE_OK;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment