mirror of
https://github.com/bitwarden/server.git
synced 2024-11-28 13:15:12 +01:00
Implemented new OIDC redirect behavior (#954)
This commit is contained in:
Chad Scharf
GitHub
parent
8f7389f153
commit
3b8cbe631f
@ -10,6 +10,7 @@ using U2F.Core.Utils;
|
|||||||
using System.Security.Cryptography;
|
using System.Security.Cryptography;
|
||||||
using System.Security.Cryptography.X509Certificates;
|
using System.Security.Cryptography.X509Certificates;
|
||||||
using System.Text.RegularExpressions;
|
using System.Text.RegularExpressions;
|
||||||
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||||
|
|
||||||
namespace Bit.Portal.Models
|
namespace Bit.Portal.Models
|
||||||
{
|
{
|
||||||
@ -26,6 +27,7 @@ namespace Bit.Portal.Models
|
|||||||
CallbackPath = configurationData.BuildCallbackPath(globalSettings.BaseServiceUri.Sso);
|
CallbackPath = configurationData.BuildCallbackPath(globalSettings.BaseServiceUri.Sso);
|
||||||
SignedOutCallbackPath = configurationData.BuildSignedOutCallbackPath(globalSettings.BaseServiceUri.Sso);
|
SignedOutCallbackPath = configurationData.BuildSignedOutCallbackPath(globalSettings.BaseServiceUri.Sso);
|
||||||
MetadataAddress = configurationData.MetadataAddress;
|
MetadataAddress = configurationData.MetadataAddress;
|
||||||
|
RedirectBehavior = configurationData.RedirectBehavior;
|
||||||
GetClaimsFromUserInfoEndpoint = configurationData.GetClaimsFromUserInfoEndpoint;
|
GetClaimsFromUserInfoEndpoint = configurationData.GetClaimsFromUserInfoEndpoint;
|
||||||
SpEntityId = configurationData.BuildSaml2ModulePath(globalSettings.BaseServiceUri.Sso);
|
SpEntityId = configurationData.BuildSaml2ModulePath(globalSettings.BaseServiceUri.Sso);
|
||||||
SpAcsUrl = configurationData.BuildSaml2AcsUrl(globalSettings.BaseServiceUri.Sso);
|
SpAcsUrl = configurationData.BuildSaml2AcsUrl(globalSettings.BaseServiceUri.Sso);
|
||||||
@ -63,6 +65,8 @@ namespace Bit.Portal.Models
|
|||||||
public string SignedOutCallbackPath { get; set; }
|
public string SignedOutCallbackPath { get; set; }
|
||||||
[Display(Name = "MetadataAddress")]
|
[Display(Name = "MetadataAddress")]
|
||||||
public string MetadataAddress { get; set; }
|
public string MetadataAddress { get; set; }
|
||||||
|
[Display(Name = "RedirectBehavior")]
|
||||||
|
public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; }
|
||||||
[Display(Name = "GetClaimsFromUserInfoEndpoint")]
|
[Display(Name = "GetClaimsFromUserInfoEndpoint")]
|
||||||
public bool GetClaimsFromUserInfoEndpoint { get; set; }
|
public bool GetClaimsFromUserInfoEndpoint { get; set; }
|
||||||
|
|
||||||
@ -190,6 +194,7 @@ namespace Bit.Portal.Models
|
|||||||
ClientSecret = ClientSecret,
|
ClientSecret = ClientSecret,
|
||||||
MetadataAddress = MetadataAddress,
|
MetadataAddress = MetadataAddress,
|
||||||
GetClaimsFromUserInfoEndpoint = GetClaimsFromUserInfoEndpoint,
|
GetClaimsFromUserInfoEndpoint = GetClaimsFromUserInfoEndpoint,
|
||||||
|
RedirectBehavior = RedirectBehavior,
|
||||||
IdpEntityId = IdpEntityId,
|
IdpEntityId = IdpEntityId,
|
||||||
IdpBindingType = IdpBindingType,
|
IdpBindingType = IdpBindingType,
|
||||||
IdpSingleSignOnServiceUrl = IdpSingleSignOnServiceUrl,
|
IdpSingleSignOnServiceUrl = IdpSingleSignOnServiceUrl,
|
||||||
|
|||||||
@ -9,6 +9,7 @@ using Bit.Core.Models.Data;
|
|||||||
using Bit.Core.Models.Table;
|
using Bit.Core.Models.Table;
|
||||||
using Bit.Core.Services;
|
using Bit.Core.Services;
|
||||||
using Bit.Core.Sso;
|
using Bit.Core.Sso;
|
||||||
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||||
using Microsoft.AspNetCore.Mvc.Rendering;
|
using Microsoft.AspNetCore.Mvc.Rendering;
|
||||||
|
|
||||||
namespace Bit.Portal.Models
|
namespace Bit.Portal.Models
|
||||||
@ -54,6 +55,7 @@ namespace Bit.Portal.Models
|
|||||||
public List<SelectListItem> BindingTypes { get; set; }
|
public List<SelectListItem> BindingTypes { get; set; }
|
||||||
public List<SelectListItem> SigningBehaviors { get; set; }
|
public List<SelectListItem> SigningBehaviors { get; set; }
|
||||||
public List<SelectListItem> SigningAlgorithms { get; set; }
|
public List<SelectListItem> SigningAlgorithms { get; set; }
|
||||||
|
public List<SelectListItem> RedirectBehaviors { get; set; }
|
||||||
|
|
||||||
public SsoConfig ToSsoConfig(Guid organizationId)
|
public SsoConfig ToSsoConfig(Guid organizationId)
|
||||||
{
|
{
|
||||||
@ -103,6 +105,13 @@ namespace Bit.Portal.Models
|
|||||||
|
|
||||||
SigningAlgorithms = SamlSigningAlgorithms.GetEnumerable().Select(a =>
|
SigningAlgorithms = SamlSigningAlgorithms.GetEnumerable().Select(a =>
|
||||||
new SelectListItem(a, a)).ToList();
|
new SelectListItem(a, a)).ToList();
|
||||||
|
|
||||||
|
RedirectBehaviors = Enum.GetNames(typeof(OpenIdConnectRedirectBehavior))
|
||||||
|
.Select(behavior => new SelectListItem
|
||||||
|
{
|
||||||
|
Value = behavior,
|
||||||
|
Text = i18nService.T(behavior),
|
||||||
|
}).ToList();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -119,6 +119,13 @@
|
|||||||
<input asp-for="Data.MetadataAddress" class="form-control">
|
<input asp-for="Data.MetadataAddress" class="form-control">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-7 form-group">
|
||||||
|
<label asp-for="Data.RedirectBehavior">@i18nService.T("RedirectBehavior")</label>
|
||||||
|
<select asp-for="Data.RedirectBehavior" asp-items="Model.RedirectBehaviors"
|
||||||
|
class="form-control"></select>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-7 form-group">
|
<div class="col-7 form-group">
|
||||||
<div class="form-check">
|
<div class="form-check">
|
||||||
|
|||||||
@ -21,9 +21,6 @@ using System.Linq;
|
|||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Bit.Core.Models.Api;
|
using Bit.Core.Models.Api;
|
||||||
using Microsoft.AspNetCore.WebUtilities;
|
|
||||||
using Microsoft.Extensions.Primitives;
|
|
||||||
using System.Net;
|
|
||||||
|
|
||||||
namespace Bit.Sso.Controllers
|
namespace Bit.Sso.Controllers
|
||||||
{
|
{
|
||||||
|
|||||||
@ -315,6 +315,7 @@ namespace Bit.Core.Business.Sso
|
|||||||
SignedOutCallbackPath = config.BuildSignedOutCallbackPath(),
|
SignedOutCallbackPath = config.BuildSignedOutCallbackPath(),
|
||||||
MetadataAddress = config.MetadataAddress,
|
MetadataAddress = config.MetadataAddress,
|
||||||
// Prevents URLs that go beyond 1024 characters which may break for some servers
|
// Prevents URLs that go beyond 1024 characters which may break for some servers
|
||||||
|
AuthenticationMethod = config.RedirectBehavior,
|
||||||
GetClaimsFromUserInfoEndpoint = config.GetClaimsFromUserInfoEndpoint,
|
GetClaimsFromUserInfoEndpoint = config.GetClaimsFromUserInfoEndpoint,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
using System;
|
using System;
|
||||||
using Bit.Core.Enums;
|
using Bit.Core.Enums;
|
||||||
using Bit.Core.Sso;
|
using Bit.Core.Sso;
|
||||||
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||||
|
|
||||||
namespace Bit.Core.Models.Data
|
namespace Bit.Core.Models.Data
|
||||||
{
|
{
|
||||||
@ -17,6 +18,7 @@ namespace Bit.Core.Models.Data
|
|||||||
public string ClientId { get; set; }
|
public string ClientId { get; set; }
|
||||||
public string ClientSecret { get; set; }
|
public string ClientSecret { get; set; }
|
||||||
public string MetadataAddress { get; set; }
|
public string MetadataAddress { get; set; }
|
||||||
|
public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; } = OpenIdConnectRedirectBehavior.FormPost;
|
||||||
public bool GetClaimsFromUserInfoEndpoint { get; set; }
|
public bool GetClaimsFromUserInfoEndpoint { get; set; }
|
||||||
|
|
||||||
// SAML2 IDP
|
// SAML2 IDP
|
||||||
|
|||||||
@ -526,4 +526,17 @@
|
|||||||
<data name="UserAlreadyExistsUseLinkViaSso" xml:space="preserve">
|
<data name="UserAlreadyExistsUseLinkViaSso" xml:space="preserve">
|
||||||
<value>User already exists, please link account to SSO after logging in</value>
|
<value>User already exists, please link account to SSO after logging in</value>
|
||||||
</data>
|
</data>
|
||||||
|
<data name="RedirectGet" xml:space="preserve">
|
||||||
|
<value>Redirect GET</value>
|
||||||
|
<comment>An OIDC Connect Redirect Behavior, Redirect; Emits a 302 response
|
||||||
|
to redirect the user agent to the OpenID Connect provider using a GET request.</comment>
|
||||||
|
</data>
|
||||||
|
<data name="FormPost" xml:space="preserve">
|
||||||
|
<value>Form POST</value>
|
||||||
|
<comment>An OIDC Connect Redirect Behavior, Form POST; Emits an HTML form to
|
||||||
|
redirect the user agent to the OpenID Connect provider using a POST request.</comment>
|
||||||
|
</data>
|
||||||
|
<data name="RedirectBehavior" xml:space="preserve">
|
||||||
|
<value>OIDC Redirect Behavior</value>
|
||||||
|
</data>
|
||||||
</root>
|
</root>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user