Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-26 03:31:34 +01:00
Code Issues Projects Releases Wiki Activity

Allow SHA1 inbound sigs from Idp (#1047)

Browse Source
This commit is contained in:
Chad Scharf 2020-12-18 11:26:52 -05:00 committed by GitHub
parent fd293dd183
commit 246cac1a33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bitwarden_license/src/Portal/Models/SsoConfigDataViewModel.cs
View File

@ -47,6 +47,7 @@ namespace Bit.Portal.Models
SpSigningBehavior = configurationData.SpSigningBehavior;
SpWantAssertionsSigned = configurationData.SpWantAssertionsSigned;
SpValidateCertificates = configurationData.SpValidateCertificates;
SpMinIncomingSigningAlgorithm = configurationData.SpMinIncomingSigningAlgorithm ?? SamlSigningAlgorithms.Sha256;
}
[Required]
@ -86,6 +87,8 @@ namespace Bit.Portal.Models
public bool SpWantAssertionsSigned { get; set; }
[Display(Name = "SpValidateCertificates")]
public bool SpValidateCertificates { get; set; }
[Display(Name = "MinIncomingSigningAlgorithm")]
public string SpMinIncomingSigningAlgorithm { get; set; }
// SAML2 IDP
[Display(Name = "EntityId")]
@ -211,6 +214,7 @@ namespace Bit.Portal.Models
SpSigningBehavior = SpSigningBehavior,
SpWantAssertionsSigned = SpWantAssertionsSigned,
SpValidateCertificates = SpValidateCertificates,
SpMinIncomingSigningAlgorithm = SpMinIncomingSigningAlgorithm,
};
}

7
bitwarden_license/src/Portal/Views/Sso/Index.cshtml
View File

@ -194,6 +194,13 @@
class="form-control"></select>
</div>
</div>
<div class="row">
<div class="col-7 form-group">
<label asp-for="Data.SpMinIncomingSigningAlgorithm">@i18nService.T("MinIncomingSigningAlgorithm")</label>
<select asp-for="Data.SpMinIncomingSigningAlgorithm" asp-items="Model.SigningAlgorithms"
class="form-control"></select>
</div>
</div>
<div class="form-group">
<div class="form-check">
<input asp-for="Data.SpWantAssertionsSigned" type="checkbox" class="form-check-input">

5
bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs
View File

@ -9,6 +9,7 @@ using Bit.Core.Enums;
using Bit.Core.Models.Data;
using Bit.Core.Models.Table;
using Bit.Core.Repositories;
using Bit.Core.Sso;
using Bit.Sso.Models;
using Bit.Sso.Utilities;
using IdentityModel;
@ -358,6 +359,10 @@ namespace Bit.Core.Business.Sso
AuthenticateRequestSigningBehavior = GetSigningBehavior(config.SpSigningBehavior),
ValidateCertificates = config.SpValidateCertificates,
};
if (!string.IsNullOrWhiteSpace(config.SpMinIncomingSigningAlgorithm))
{
spOptions.MinIncomingSigningAlgorithm = config.SpMinIncomingSigningAlgorithm;
}
if (!string.IsNullOrWhiteSpace(config.SpOutboundSigningAlgorithm))
{
spOptions.OutboundSigningAlgorithm = config.SpOutboundSigningAlgorithm;

1
src/Core/Models/Data/SsoConfigurationData.cs
View File

@ -39,6 +39,7 @@ namespace Bit.Core.Models.Data
public Saml2SigningBehavior SpSigningBehavior { get; set; } = Saml2SigningBehavior.IfIdpWantAuthnRequestsSigned;
public bool SpWantAssertionsSigned { get; set; }
public bool SpValidateCertificates { get; set; }
public string SpMinIncomingSigningAlgorithm { get; set; } = SamlSigningAlgorithms.Sha256;
public string BuildCallbackPath(string ssoUri = null)
{

3
src/Core/Resources/SharedResources.en.resx
View File

@ -331,6 +331,9 @@
<data name="SigningBehavior" xml:space="preserve">
<value>Signing Behavior</value>
</data>
<data name="MinIncomingSigningAlgorithm" xml:space="preserve">
<value>Minimum Incoming Signing Algorithm</value>
</data>
<data name="BindingType" xml:space="preserve">
<value>Binding Type</value>
</data>