Commit dba8ab69 authored by Clément OUDOT's avatar Clément OUDOT

Options configuration for metadata import script (#1503)

parent a1cb06cf
...@@ -41,7 +41,7 @@ if ( $opts{help} or !$opts{metadata} ) { ...@@ -41,7 +41,7 @@ if ( $opts{help} or !$opts{metadata} ) {
my $spConfKeyPrefix = $opts{spconfprefix} || "sp-"; my $spConfKeyPrefix = $opts{spconfprefix} || "sp-";
my $idpConfKeyPrefix = $opts{spconfprefix} || "idp-"; my $idpConfKeyPrefix = $opts{spconfprefix} || "idp-";
# Set here attributs that are declared for your SP in the federation # Set here attributes that are declared for your SP in the federation
# They will be set as exported attributes for all IDP # They will be set as exported attributes for all IDP
my $exportedAttributes = { my $exportedAttributes = {
'cn' => '0;cn', 'cn' => '0;cn',
...@@ -56,6 +56,41 @@ my $exportedAttributes = { ...@@ -56,6 +56,41 @@ my $exportedAttributes = {
'supannEtuCursusAnnee' => '0;supannEtuCursusAnnee', 'supannEtuCursusAnnee' => '0;supannEtuCursusAnnee',
}; };
# Set here options that are applied on all SP from the federation
my $spOptions = {
'samlSPMetaDataOptionsCheckSLOMessageSignature' => 1,
'samlSPMetaDataOptionsCheckSSOMessageSignature' => 1,
'samlSPMetaDataOptionsEnableIDPInitiatedURL' => 0,
'samlSPMetaDataOptionsEncryptionMode' => 'none',
'samlSPMetaDataOptionsForceUTF8' => 1,
'samlSPMetaDataOptionsNameIDFormat' => '',
'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000,
'samlSPMetaDataOptionsOneTimeUse' => 0,
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000,
'samlSPMetaDataOptionsSignSLOMessage' => 1,
'samlSPMetaDataOptionsSignSSOMessage' => 1
};
# Set here options that are applied on all IDP from the federation
my $idpOptions = {
'samlIDPMetaDataOptionsAdaptSessionUtime' => 0,
'samlIDPMetaDataOptionsAllowLoginFromIDP' => 0,
'samlIDPMetaDataOptionsAllowProxiedAuthn' => 0,
'samlIDPMetaDataOptionsCheckAudience' => 1,
'samlIDPMetaDataOptionsCheckSLOMessageSignature' => 1,
'samlIDPMetaDataOptionsCheckSSOMessageSignature' => 1,
'samlIDPMetaDataOptionsCheckTime' => 1,
'samlIDPMetaDataOptionsEncryptionMode' => 'none',
'samlIDPMetaDataOptionsForceAuthn' => 0,
'samlIDPMetaDataOptionsForceUTF8' => 0,
'samlIDPMetaDataOptionsIsPassive' => 0,
'samlIDPMetaDataOptionsNameIDFormat' => 'transient',
'samlIDPMetaDataOptionsRelayStateURL' => 0,
'samlIDPMetaDataOptionsSignSLOMessage' => -1,
'samlIDPMetaDataOptionsSignSSOMessage' => -1,
'samlIDPMetaDataOptionsStoreSAMLToken' => 0
};
my $idpCounter = my $idpCounter =
{ 'found' => 0, 'updated' => 0, 'created' => 0, rejected => 0 }; { 'found' => 0, 'updated' => 0, 'created' => 0, rejected => 0 };
my $spCounter = { 'found' => 0, 'updated' => 0, 'created' => 0, rejected => 0 }; my $spCounter = { 'found' => 0, 'updated' => 0, 'created' => 0, rejected => 0 };
...@@ -186,9 +221,12 @@ foreach ...@@ -186,9 +221,12 @@ foreach
$lastConf->{samlIDPMetaDataExportedAttributes} $lastConf->{samlIDPMetaDataExportedAttributes}
->{ $idpList->{$entityID} } = $exportedAttributes; ->{ $idpList->{$entityID} } = $exportedAttributes;
# Update options
$lastConf->{samlIDPMetaDataOptions}->{ $idpList->{$entityID} }
= $idpOptions;
if ( $opts{verbose} ) { if ( $opts{verbose} ) {
print print "Update IDP $entityID in configuration\n";
"Update IDP $entityID metadata and attributes in configuration\n";
} }
$idpCounter->{updated}++; $idpCounter->{updated}++;
} }
...@@ -207,23 +245,8 @@ foreach ...@@ -207,23 +245,8 @@ foreach
$exportedAttributes; $exportedAttributes;
# Options # Options
$lastConf->{samlIDPMetaDataOptions}->{$confKey} = { $lastConf->{samlIDPMetaDataOptions}->{$confKey} = $idpOptions;
'samlIDPMetaDataOptionsAdaptSessionUtime' => 0,
'samlIDPMetaDataOptionsAllowLoginFromIDP' => 0,
'samlIDPMetaDataOptionsAllowProxiedAuthn' => 0,
'samlIDPMetaDataOptionsCheckAudience' => 1,
'samlIDPMetaDataOptionsCheckSLOMessageSignature' => 1,
'samlIDPMetaDataOptionsCheckSSOMessageSignature' => 1,
'samlIDPMetaDataOptionsCheckTime' => 1,
'samlIDPMetaDataOptionsEncryptionMode' => 'none',
'samlIDPMetaDataOptionsForceAuthn' => 0,
'samlIDPMetaDataOptionsForceUTF8' => 0,
'samlIDPMetaDataOptionsIsPassive' => 0,
'samlIDPMetaDataOptionsRelayStateURL' => 0,
'samlIDPMetaDataOptionsSignSLOMessage' => -1,
'samlIDPMetaDataOptionsSignSSOMessage' => -1,
'samlIDPMetaDataOptionsStoreSAMLToken' => 0
};
if ( $opts{verbose} ) { if ( $opts{verbose} ) {
print print
"Declare new IDP $entityID (configuration key $confKey)\n"; "Declare new IDP $entityID (configuration key $confKey)\n";
...@@ -306,9 +329,12 @@ foreach ...@@ -306,9 +329,12 @@ foreach
$lastConf->{samlSPMetaDataExportedAttributes} $lastConf->{samlSPMetaDataExportedAttributes}
->{ $spList->{$entityID} } = $requestedAttributes; ->{ $spList->{$entityID} } = $requestedAttributes;
# Update options
$lastConf->{samlSPMetaDataOptions}->{ $spList->{$entityID} } =
$spOptions;
if ( $opts{verbose} ) { if ( $opts{verbose} ) {
print print "Update SP $entityID in configuration\n";
"Update SP $entityID metadata and attributes in configuration\n";
} }
$spCounter->{updated}++; $spCounter->{updated}++;
} }
...@@ -326,19 +352,8 @@ foreach ...@@ -326,19 +352,8 @@ foreach
$requestedAttributes; $requestedAttributes;
# Options # Options
$lastConf->{samlSPMetaDataOptions}->{$confKey} = { $lastConf->{samlSPMetaDataOptions}->{$confKey} = $spOptions;
'samlSPMetaDataOptionsCheckSLOMessageSignature' => 1,
'samlSPMetaDataOptionsCheckSSOMessageSignature' => 1,
'samlSPMetaDataOptionsEnableIDPInitiatedURL' => 0,
'samlSPMetaDataOptionsEncryptionMode' => 'none',
'samlSPMetaDataOptionsForceUTF8' => 1,
'samlSPMetaDataOptionsNameIDFormat' => '',
'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000,
'samlSPMetaDataOptionsOneTimeUse' => 0,
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000,
'samlSPMetaDataOptionsSignSLOMessage' => 1,
'samlSPMetaDataOptionsSignSSOMessage' => 1
};
if ( $opts{verbose} ) { if ( $opts{verbose} ) {
print print
"Declare new SP $entityID (configuration key $confKey)\n"; "Declare new SP $entityID (configuration key $confKey)\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment