Commit 72aecd6c authored by Clément OUDOT's avatar Clément OUDOT

Configuration of Authentication Class Ref (#184)

parent b9494d1b
......@@ -748,6 +748,21 @@ has 'oidcRPStateTimeout' => (
documentation => 'OpenID Connect Timeout of state sessions',
);
has 'oidcServiceMetaDataAuthnContext' => (
is => 'rw',
isa => 'HashRef',
default => sub {
return {
'loa-1' => 1,
'loa-2' => 2,
'loa-3' => 3,
'loa-4' => 4,
'loa-5' => 5
};
},
documentation => 'WebID exported variables',
);
has 'oidcServiceMetaDataAuthorizeURI' => (
is => 'rw',
isa => 'Str',
......
......@@ -128,6 +128,7 @@ sub unserialize {
|oidcOPMetaDataOptions
|oidcRPMetaDataExportedVars
|oidcRPMetaDataOptions
|oidcServiceMetaDataAuthnContext
|openIdExportedVars
|persistentStorageOptions
|portalSkinRules
......
......@@ -1605,7 +1605,7 @@ sub struct {
########
oidcServiceMetaData => {
_nodes => [
qw(oidcServiceMetaDataIssuer n:oidcServiceMetaDataEndPoints n:oidcServiceMetaDataSecurity)
qw(oidcServiceMetaDataIssuer n:oidcServiceMetaDataEndPoints cn:oidcServiceMetaDataAuthnContext n:oidcServiceMetaDataSecurity)
],
oidcServiceMetaDataIssuer => 'text:/oidcServiceMetaDataIssuer',
......@@ -1627,6 +1627,11 @@ sub struct {
'text:/oidcServiceMetaDataRegistrationURI',
},
oidcServiceMetaDataAuthnContext => {
_nodes => ['hash:/oidcServiceMetaDataAuthnContext:vars:btext'],
_js => 'hashRoot',
},
oidcServiceMetaDataSecurity => {
_nodes =>
[qw(oidcServicePrivateKeySig oidcServicePublicKeySig)],
......
......@@ -845,8 +845,17 @@ sub issuerForAuthUser {
my $id_token_exp = $self->{oidcRPMetaDataOptions}->{$rp}
->{oidcRPMetaDataOptionsIDTokenExpiration};
my $id_token_acr =
"loa-" . $self->{sessionInfo}->{authenticationLevel};
my $authenticationLevel =
$self->{sessionInfo}->{authenticationLevel};
my $id_token_acr;
foreach ( keys %{ $self->{oidcServiceMetaDataAuthnContext} } ) {
if ( $self->{oidcServiceMetaDataAuthnContext}->{$_} eq
$authenticationLevel )
{
$id_token_acr = $_;
last;
}
}
my $user_id_attribute = $self->{oidcRPMetaDataOptions}->{$rp}
->{oidcRPMetaDataOptionsUserIDAttr} || $self->{whatToTrace};
......@@ -858,15 +867,16 @@ sub issuerForAuthUser {
aud => [$client_id], # Audience
exp => $id_token_exp, # expiration
iat => time, # Issued time
auth_time =>
$self->{sessionInfo}->{_lastAuthnUTime}, # Authentication time
acr => $id_token_acr, # Authentication Context Class Reference
azp => $client_id, # Authorized party
# TODO amr
auth_time => $self->{sessionInfo}->{_lastAuthnUTime}
, # Authentication time
azp => $client_id, # Authorized party
# TODO amr
nonce => $oidc_request->{'nonce'} # Nonce
};
$id_token_payload_hash->{'at_hash'} = $at_hash if $at_hash;
$id_token_payload_hash->{'acr'} = $id_token_acr
if $id_token_acr;
# Create ID Token
my $id_token = $self->createIDToken( $id_token_payload_hash, $rp );
......@@ -965,8 +975,10 @@ sub issuerForAuthUser {
my $id_token_acr =
"loa-" . $self->{sessionInfo}->{authenticationLevel};
my $user_id_attribute = $self->{oidcRPMetaDataOptions}->{$rp}
->{oidcRPMetaDataOptionsUserIDAttr} || $self->{whatToTrace};
my $user_id_attribute =
$self->{oidcRPMetaDataOptions}->{$rp}
->{oidcRPMetaDataOptionsUserIDAttr}
|| $self->{whatToTrace};
my $user_id = $self->{sessionInfo}->{$user_id_attribute};
my $id_token_payload_hash = {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment