Commit d21dfa92 authored by Clément OUDOT's avatar Clément OUDOT

Add SAML user attribute option in Manager (#1512)

parent 702faf0b
......@@ -28,7 +28,7 @@ our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedV
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:(?:PostLogoutRedirectUri|ExtraClaim)s|I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|Https|Port)|(?:exportedHeader|locationRule)s|post)';
......
......@@ -8,17 +8,17 @@ sub types {
'array' => {
'test' => sub {
1;
}
}
},
'authParamsText' => {
'test' => sub {
1;
}
}
},
'blackWhiteList' => {
'test' => sub {
1;
}
}
},
'bool' => {
'msgFail' => '__notABoolean__',
......@@ -36,17 +36,17 @@ sub types {
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'catAndAppList' => {
'test' => sub {
1;
}
}
},
'file' => {
'test' => sub {
1;
}
}
},
'hostname' => {
'form' => 'text',
......@@ -80,48 +80,48 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
if $_ =~ /exportedvars$/i and defined $conf->{$_}{$val};
}
return 1, "__unknownAttrOrMacro__: $val";
}
}
},
'longtext' => {
'test' => sub {
1;
}
}
},
'menuApp' => {
'test' => sub {
1;
}
}
},
'menuCat' => {
'test' => sub {
1;
}
}
},
'oidcmetadatajson' => {
'test' => sub {
1;
}
}
},
'oidcmetadatajwks' => {
'test' => sub {
1;
}
}
},
'oidcOPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'oidcRPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'password' => {
'msgFail' => '__malformedValue__',
'test' => sub {
1;
}
}
},
'pcre' => {
'form' => 'text',
......@@ -132,7 +132,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
}
};
return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
}
}
},
'PerlModule' => {
'form' => 'text',
......@@ -142,17 +142,17 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
'portalskin' => {
'test' => sub {
1;
}
}
},
'portalskinbackground' => {
'test' => sub {
1;
}
}
},
'post' => {
'test' => sub {
1;
}
}
},
'RSAPrivateKey' => {
'test' => sub {
......@@ -160,7 +160,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\nDEK-Info:.*\r?\n[\r\n]*)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'RSAPublicKey' => {
'test' => sub {
......@@ -168,7 +168,7 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?(?:Proc-Type:.*\r?\n
m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'RSAPublicKeyOrCertificate' => {
'test' => sub {
......@@ -176,37 +176,37 @@ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\
m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
}
}
},
'rule' => {
'test' => sub {
1;
}
}
},
'samlAssertion' => {
'test' => sub {
1;
}
}
},
'samlAttribute' => {
'test' => sub {
1;
}
}
},
'samlIDPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'samlService' => {
'test' => sub {
1;
}
}
},
'samlSPMetaDataNode' => {
'test' => sub {
1;
}
}
},
'select' => {
'test' => sub {
......@@ -216,19 +216,19 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
return $test
? 1
: ( 1, "Invalid value '$_[0]' for this select" );
}
}
},
'subContainer' => {
'keyTest' => qr/\w/,
'test' => sub {
1;
}
}
},
'text' => {
'msgFail' => '__malformedValue__',
'test' => sub {
1;
}
}
},
'trool' => {
'msgFail' => '__authorizedValues__: -1, 0, 1',
......@@ -1050,7 +1050,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'type' => 'keyTextContainer'
},
......@@ -1219,7 +1219,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
and defined $conf->{$_}{$val};
}
return 1, "__unknownAttrOrMacro__: $val";
}
}
},
'type' => 'doubleHash'
},
......@@ -1502,7 +1502,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}
}
},
'type' => 'ruleContainer'
},
......@@ -2700,6 +2700,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'bool'
},
'samlIDPMetaDataOptionsUserAttribute' => {
'type' => 'text'
},
'samlIDPMetaDataXML' => {
'test' => sub {
my $v = shift();
......
......@@ -2110,6 +2110,9 @@ sub attributes {
type => 'bool',
default => 0,
},
samlIDPMetaDataOptionsUserAttribute => {
type => 'text',
},
# SP keys
samlSPMetaDataExportedAttributes => {
......
......@@ -56,7 +56,8 @@ sub cTrees {
nodes => [
"samlIDPMetaDataOptionsAdaptSessionUtime",
"samlIDPMetaDataOptionsForceUTF8",
"samlIDPMetaDataOptionsStoreSAMLToken"
"samlIDPMetaDataOptionsStoreSAMLToken",
"samlIDPMetaDataOptionsUserAttribute"
]
},
{
......
......@@ -696,6 +696,11 @@ function templates(tpl,key) {
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsStoreSAMLToken",
"title" : "samlIDPMetaDataOptionsStoreSAMLToken",
"type" : "bool"
},
{
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsUserAttribute",
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsUserAttribute",
"title" : "samlIDPMetaDataOptionsUserAttribute"
}
],
"id" : "samlIDPMetaDataOptionsSession",
......
......@@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"الحماية",
"samlIDPMetaDataOptionsStoreSAMLToken":"حفظ SAML توكن",
"samlIDPMetaDataOptionsRelayStateURL":"السماح بعنوان اليو آر إل ك RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
"samlSPMetaDataNodes":"SAML Service Providers",
"samlSPMetaDataXML":"البيانات الوصفية",
"samlSPMetaDataExportedAttributes":"السمات المصدرة",
......
......@@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"Security",
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
"samlSPMetaDataNodes":"SAML Service Providers",
"samlSPMetaDataXML":"Metadata",
"samlSPMetaDataExportedAttributes":"Exported attributes",
......
......@@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"Sécurité",
"samlIDPMetaDataOptionsStoreSAMLToken":"Conserver le jeton SAML",
"samlIDPMetaDataOptionsRelayStateURL":"Pemettre une URL dans le RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribut contenant l'identité de l'utilisateur",
"samlSPMetaDataNodes":"Fournisseurs de service SAML",
"samlSPMetaDataXML":"Metadonnées",
"samlSPMetaDataExportedAttributes":"Attributs exportés",
......
......@@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"Sicurezza",
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
"samlIDPMetaDataOptionsRelayStateURL":"Consenti l'URL come RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
"samlSPMetaDataNodes":"Provider di servizi SAML",
"samlSPMetaDataXML":"Metadati",
"samlSPMetaDataExportedAttributes":"Attributi esportati",
......
......@@ -858,6 +858,7 @@
"samlIDPMetaDataOptionsSecurity":"Bảo mật",
"samlIDPMetaDataOptionsStoreSAMLToken":"Lưu trữ token SAML",
"samlIDPMetaDataOptionsRelayStateURL":"Cho phép URL như RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
"samlSPMetaDataNodes":"Trìn cung cấp dịch vụ SAML",
"samlSPMetaDataXML":"Mô-tả dữ liệu",
"samlSPMetaDataExportedAttributes":"Thuộc tính đã được xuất",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment