Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Code Issues Projects Releases Wiki Activity

Implemented new OIDC redirect behavior (#954)

Browse Source
This commit is contained in:
Chad Scharf 2020-09-29 17:06:17 -04:00 committed by GitHub
parent 8f7389f153
commit 3b8cbe631f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bitwarden_license/src/Portal/Models/SsoConfigDataViewModel.cs
View File

@ -10,6 +10,7 @@ using U2F.Core.Utils;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text.RegularExpressions;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
namespace Bit.Portal.Models
{
@ -26,6 +27,7 @@ namespace Bit.Portal.Models
CallbackPath = configurationData.BuildCallbackPath(globalSettings.BaseServiceUri.Sso);
SignedOutCallbackPath = configurationData.BuildSignedOutCallbackPath(globalSettings.BaseServiceUri.Sso);
MetadataAddress = configurationData.MetadataAddress;
RedirectBehavior = configurationData.RedirectBehavior;
GetClaimsFromUserInfoEndpoint = configurationData.GetClaimsFromUserInfoEndpoint;
SpEntityId = configurationData.BuildSaml2ModulePath(globalSettings.BaseServiceUri.Sso);
SpAcsUrl = configurationData.BuildSaml2AcsUrl(globalSettings.BaseServiceUri.Sso);
@ -63,6 +65,8 @@ namespace Bit.Portal.Models
public string SignedOutCallbackPath { get; set; }
[Display(Name = "MetadataAddress")]
public string MetadataAddress { get; set; }
[Display(Name = "RedirectBehavior")]
public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; }
[Display(Name = "GetClaimsFromUserInfoEndpoint")]
public bool GetClaimsFromUserInfoEndpoint { get; set; }
@ -190,6 +194,7 @@ namespace Bit.Portal.Models
ClientSecret = ClientSecret,
MetadataAddress = MetadataAddress,
GetClaimsFromUserInfoEndpoint = GetClaimsFromUserInfoEndpoint,
RedirectBehavior = RedirectBehavior,
IdpEntityId = IdpEntityId,
IdpBindingType = IdpBindingType,
IdpSingleSignOnServiceUrl = IdpSingleSignOnServiceUrl,

9
bitwarden_license/src/Portal/Models/SsoConfigEditViewModel.cs
View File

@ -9,6 +9,7 @@ using Bit.Core.Models.Data;
using Bit.Core.Models.Table;
using Bit.Core.Services;
using Bit.Core.Sso;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Mvc.Rendering;
namespace Bit.Portal.Models
@ -54,6 +55,7 @@ namespace Bit.Portal.Models
public List<SelectListItem> BindingTypes { get; set; }
public List<SelectListItem> SigningBehaviors { get; set; }
public List<SelectListItem> SigningAlgorithms { get; set; }
public List<SelectListItem> RedirectBehaviors { get; set; }
public SsoConfig ToSsoConfig(Guid organizationId)
{
@ -103,6 +105,13 @@ namespace Bit.Portal.Models
SigningAlgorithms = SamlSigningAlgorithms.GetEnumerable().Select(a =>
new SelectListItem(a, a)).ToList();
RedirectBehaviors = Enum.GetNames(typeof(OpenIdConnectRedirectBehavior))
.Select(behavior => new SelectListItem
{
Value = behavior,
Text = i18nService.T(behavior),
}).ToList();
}
}
}

7
bitwarden_license/src/Portal/Views/Sso/Index.cshtml
View File

@ -119,6 +119,13 @@
<input asp-for="Data.MetadataAddress" class="form-control">
</div>
</div>
<div class="row">
<div class="col-7 form-group">
<label asp-for="Data.RedirectBehavior">@i18nService.T("RedirectBehavior")</label>
<select asp-for="Data.RedirectBehavior" asp-items="Model.RedirectBehaviors"
class="form-control"></select>
</div>
</div>
<div class="row">
<div class="col-7 form-group">
<div class="form-check">

3
bitwarden_license/src/Sso/Controllers/AccountController.cs
View File

@ -21,9 +21,6 @@ using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Bit.Core.Models.Api;
using Microsoft.AspNetCore.WebUtilities;
using Microsoft.Extensions.Primitives;
using System.Net;
namespace Bit.Sso.Controllers
{

1
bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs
View File

@ -315,6 +315,7 @@ namespace Bit.Core.Business.Sso
SignedOutCallbackPath = config.BuildSignedOutCallbackPath(),
MetadataAddress = config.MetadataAddress,
// Prevents URLs that go beyond 1024 characters which may break for some servers
AuthenticationMethod = config.RedirectBehavior,
GetClaimsFromUserInfoEndpoint = config.GetClaimsFromUserInfoEndpoint,
};

2
src/Core/Models/Data/SsoConfigurationData.cs
View File

@ -1,6 +1,7 @@
using System;
using Bit.Core.Enums;
using Bit.Core.Sso;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
namespace Bit.Core.Models.Data
{
@ -17,6 +18,7 @@ namespace Bit.Core.Models.Data
public string ClientId { get; set; }
public string ClientSecret { get; set; }
public string MetadataAddress { get; set; }
public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; } = OpenIdConnectRedirectBehavior.FormPost;
public bool GetClaimsFromUserInfoEndpoint { get; set; }
// SAML2 IDP

13
src/Core/Resources/SharedResources.en.resx
View File

@ -526,4 +526,17 @@
<data name="UserAlreadyExistsUseLinkViaSso" xml:space="preserve">
<value>User already exists, please link account to SSO after logging in</value>
</data>
<data name="RedirectGet" xml:space="preserve">
<value>Redirect GET</value>
<comment>An OIDC Connect Redirect Behavior, Redirect; Emits a 302 response
to redirect the user agent to the OpenID Connect provider using a GET request.</comment>
</data>
<data name="FormPost" xml:space="preserve">
<value>Form POST</value>
<comment>An OIDC Connect Redirect Behavior, Form POST; Emits an HTML form to
redirect the user agent to the OpenID Connect provider using a POST request.</comment>
</data>
<data name="RedirectBehavior" xml:space="preserve">
<value>OIDC Redirect Behavior</value>
</data>
</root>