mirror of
https://github.com/bitwarden/server.git
synced 2024-11-28 13:15:12 +01:00
Implemented new OIDC redirect behavior (#954)
This commit is contained in:
parent
8f7389f153
commit
3b8cbe631f
@ -10,6 +10,7 @@ using U2F.Core.Utils;
|
||||
using System.Security.Cryptography;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using System.Text.RegularExpressions;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
||||
namespace Bit.Portal.Models
|
||||
{
|
||||
@ -26,6 +27,7 @@ namespace Bit.Portal.Models
|
||||
CallbackPath = configurationData.BuildCallbackPath(globalSettings.BaseServiceUri.Sso);
|
||||
SignedOutCallbackPath = configurationData.BuildSignedOutCallbackPath(globalSettings.BaseServiceUri.Sso);
|
||||
MetadataAddress = configurationData.MetadataAddress;
|
||||
RedirectBehavior = configurationData.RedirectBehavior;
|
||||
GetClaimsFromUserInfoEndpoint = configurationData.GetClaimsFromUserInfoEndpoint;
|
||||
SpEntityId = configurationData.BuildSaml2ModulePath(globalSettings.BaseServiceUri.Sso);
|
||||
SpAcsUrl = configurationData.BuildSaml2AcsUrl(globalSettings.BaseServiceUri.Sso);
|
||||
@ -63,6 +65,8 @@ namespace Bit.Portal.Models
|
||||
public string SignedOutCallbackPath { get; set; }
|
||||
[Display(Name = "MetadataAddress")]
|
||||
public string MetadataAddress { get; set; }
|
||||
[Display(Name = "RedirectBehavior")]
|
||||
public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; }
|
||||
[Display(Name = "GetClaimsFromUserInfoEndpoint")]
|
||||
public bool GetClaimsFromUserInfoEndpoint { get; set; }
|
||||
|
||||
@ -190,6 +194,7 @@ namespace Bit.Portal.Models
|
||||
ClientSecret = ClientSecret,
|
||||
MetadataAddress = MetadataAddress,
|
||||
GetClaimsFromUserInfoEndpoint = GetClaimsFromUserInfoEndpoint,
|
||||
RedirectBehavior = RedirectBehavior,
|
||||
IdpEntityId = IdpEntityId,
|
||||
IdpBindingType = IdpBindingType,
|
||||
IdpSingleSignOnServiceUrl = IdpSingleSignOnServiceUrl,
|
||||
|
@ -9,6 +9,7 @@ using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Table;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Sso;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
using Microsoft.AspNetCore.Mvc.Rendering;
|
||||
|
||||
namespace Bit.Portal.Models
|
||||
@ -54,6 +55,7 @@ namespace Bit.Portal.Models
|
||||
public List<SelectListItem> BindingTypes { get; set; }
|
||||
public List<SelectListItem> SigningBehaviors { get; set; }
|
||||
public List<SelectListItem> SigningAlgorithms { get; set; }
|
||||
public List<SelectListItem> RedirectBehaviors { get; set; }
|
||||
|
||||
public SsoConfig ToSsoConfig(Guid organizationId)
|
||||
{
|
||||
@ -103,6 +105,13 @@ namespace Bit.Portal.Models
|
||||
|
||||
SigningAlgorithms = SamlSigningAlgorithms.GetEnumerable().Select(a =>
|
||||
new SelectListItem(a, a)).ToList();
|
||||
|
||||
RedirectBehaviors = Enum.GetNames(typeof(OpenIdConnectRedirectBehavior))
|
||||
.Select(behavior => new SelectListItem
|
||||
{
|
||||
Value = behavior,
|
||||
Text = i18nService.T(behavior),
|
||||
}).ToList();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -119,6 +119,13 @@
|
||||
<input asp-for="Data.MetadataAddress" class="form-control">
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-7 form-group">
|
||||
<label asp-for="Data.RedirectBehavior">@i18nService.T("RedirectBehavior")</label>
|
||||
<select asp-for="Data.RedirectBehavior" asp-items="Model.RedirectBehaviors"
|
||||
class="form-control"></select>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-7 form-group">
|
||||
<div class="form-check">
|
||||
|
@ -21,9 +21,6 @@ using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
using Bit.Core.Models.Api;
|
||||
using Microsoft.AspNetCore.WebUtilities;
|
||||
using Microsoft.Extensions.Primitives;
|
||||
using System.Net;
|
||||
|
||||
namespace Bit.Sso.Controllers
|
||||
{
|
||||
|
@ -315,6 +315,7 @@ namespace Bit.Core.Business.Sso
|
||||
SignedOutCallbackPath = config.BuildSignedOutCallbackPath(),
|
||||
MetadataAddress = config.MetadataAddress,
|
||||
// Prevents URLs that go beyond 1024 characters which may break for some servers
|
||||
AuthenticationMethod = config.RedirectBehavior,
|
||||
GetClaimsFromUserInfoEndpoint = config.GetClaimsFromUserInfoEndpoint,
|
||||
};
|
||||
|
||||
|
@ -1,6 +1,7 @@
|
||||
using System;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Sso;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
||||
namespace Bit.Core.Models.Data
|
||||
{
|
||||
@ -17,6 +18,7 @@ namespace Bit.Core.Models.Data
|
||||
public string ClientId { get; set; }
|
||||
public string ClientSecret { get; set; }
|
||||
public string MetadataAddress { get; set; }
|
||||
public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; } = OpenIdConnectRedirectBehavior.FormPost;
|
||||
public bool GetClaimsFromUserInfoEndpoint { get; set; }
|
||||
|
||||
// SAML2 IDP
|
||||
|
@ -526,4 +526,17 @@
|
||||
<data name="UserAlreadyExistsUseLinkViaSso" xml:space="preserve">
|
||||
<value>User already exists, please link account to SSO after logging in</value>
|
||||
</data>
|
||||
<data name="RedirectGet" xml:space="preserve">
|
||||
<value>Redirect GET</value>
|
||||
<comment>An OIDC Connect Redirect Behavior, Redirect; Emits a 302 response
|
||||
to redirect the user agent to the OpenID Connect provider using a GET request.</comment>
|
||||
</data>
|
||||
<data name="FormPost" xml:space="preserve">
|
||||
<value>Form POST</value>
|
||||
<comment>An OIDC Connect Redirect Behavior, Form POST; Emits an HTML form to
|
||||
redirect the user agent to the OpenID Connect provider using a POST request.</comment>
|
||||
</data>
|
||||
<data name="RedirectBehavior" xml:space="preserve">
|
||||
<value>OIDC Redirect Behavior</value>
|
||||
</data>
|
||||
</root>
|
||||
|
Loading…
Reference in New Issue
Block a user