Skip to content

Commit

Permalink
Add oidcServiceMetadataTtl
Browse files Browse the repository at this point in the history
  • Loading branch information
guimard committed Nov 14, 2024
1 parent 2ee6ea9 commit 5f161f2
Show file tree
Hide file tree
Showing 9 changed files with 81 additions and 0 deletions.
1 change: 1 addition & 0 deletions Changes.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* Fix SAML regression
* Fix Captcha rule bug
* Add admin global logout
* Add oidcServiceMetadataTtl

## v2.20.0-3 _(2024-10-25)_
* Add ReCaptcha v3
Expand Down
1 change: 1 addition & 0 deletions full/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ RUN \
echo patch fixedLogout.patch && patch -p1 < fixedLogout.patch && \
echo patch matrix-token-exchange.patch && patch -p1 < matrix-token-exchange.patch && \
echo patch globalLogout.patch && patch -p1 < globalLogout.patch && \
echo patch metadata-ttl.patch && patch -p1 < metadata-ttl.patch && \
rm -f *.patch && \
LLNG_DEFAULTCONFFILE=/etc/lemonldap-ng/lemonldap-ng.ini \
perl -MLemonldap::NG::Manager::Build -e 'Lemonldap::NG::Manager::Build->run( \
Expand Down
23 changes: 23 additions & 0 deletions full/metadata-ttl.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
--- a/usr/share/perl5/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/usr/share/perl5/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -4942,6 +4942,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
type => 'bool',
documentation => 'Drop CORS headers from OIDC issuer responses',
},
+ oidcServiceMetadataTtl => {
+ type => 'int',
+ documentation => 'OIDC Metadata TTL',
+ },

# OpenID Connect metadata nodes
oidcOPMetaDataNodes => {
--- a/usr/share/perl5/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/usr/share/perl5/Lemonldap/NG/Manager/Build/Tree.pm
@@ -1583,6 +1583,7 @@ sub tree {
'oidcServiceIDTokenExpiration',
'oidcServiceAccessTokenExpiration',
'oidcServiceOfflineSessionExpiration',
+ 'oidcServiceMetadataTtl',
]
},
{
1 change: 1 addition & 0 deletions manager/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ RUN \
echo patch fixedLogout.patch && patch -p1 < fixedLogout.patch && \
echo patch matrix-token-exchange.patch && patch -p1 < matrix-token-exchange.patch && \
echo patch globalLogout.patch && patch -p1 < globalLogout.patch && \
echo patch metadata-ttl.patch && patch -p1 < metadata-ttl.patch && \
rm -f *.patch && \
LLNG_DEFAULTCONFFILE=/etc/lemonldap-ng/lemonldap-ng.ini \
perl -MLemonldap::NG::Manager::Build -e 'Lemonldap::NG::Manager::Build->run( \
Expand Down
23 changes: 23 additions & 0 deletions manager/metadata-ttl.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
--- a/usr/share/perl5/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/usr/share/perl5/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -4942,6 +4942,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
type => 'bool',
documentation => 'Drop CORS headers from OIDC issuer responses',
},
+ oidcServiceMetadataTtl => {
+ type => 'int',
+ documentation => 'OIDC Metadata TTL',
+ },

# OpenID Connect metadata nodes
oidcOPMetaDataNodes => {
--- a/usr/share/perl5/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/usr/share/perl5/Lemonldap/NG/Manager/Build/Tree.pm
@@ -1583,6 +1583,7 @@ sub tree {
'oidcServiceIDTokenExpiration',
'oidcServiceAccessTokenExpiration',
'oidcServiceOfflineSessionExpiration',
+ 'oidcServiceMetadataTtl',
]
},
{
1 change: 1 addition & 0 deletions portal/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ RUN for p in appgrid.patch jwt-type.patch app-scope.patch ignorepollers.patch \
fixedLogout.patch more-logs.patch \
matrix-token.patch redirect-ajax.patch recaptcha3.patch \
saml-regression.patch captcha-fix.patch \
metadata-ttl.patch \
; do echo patch $p && patch -p1 < $p; done && \
rm -f /*.patch && \
echo "# Install nginx configuration files" && \
Expand Down
15 changes: 15 additions & 0 deletions portal/metadata-ttl.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
--- a/usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
+++ b/usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
@@ -2704,8 +2704,11 @@ sub logout {
sub metadata {
my ( $self, $req ) = @_;
$req->data->{dropCsp} = 1 if $self->conf->{oidcDropCspHeaders};
+ my %args;
+ $args{ttl} = $self->conf->{oidcServiceMetadataTtl}
+ if $self->conf->{oidcServiceMetadataTtl};
return $self->p->sendJSONresponse( $req,
- $self->metadataDoc( $self->get_issuer($req) ) );
+ $self->metadataDoc( $self->get_issuer($req) ), %args );
}

# Store request parameters in %ENV
1 change: 1 addition & 0 deletions uwsgi-portal/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ RUN for p in appgrid.patch jwt-type.patch app-scope.patch ignorepollers.patch \
fixedLogout.patch more-logs.patch \
matrix-token.patch redirect-ajax.patch recaptcha3.patch \
saml-regression.patch captcha-fix.patch \
metadata-ttl.patch \
; do echo patch $p && patch -p1 < $p; done && \
rm -f /*.patch && \
echo "# Install nginx configuration files" && \
Expand Down
15 changes: 15 additions & 0 deletions uwsgi-portal/metadata-ttl.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
--- a/usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
+++ b/usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
@@ -2704,8 +2704,11 @@ sub logout {
sub metadata {
my ( $self, $req ) = @_;
$req->data->{dropCsp} = 1 if $self->conf->{oidcDropCspHeaders};
+ my %args;
+ $args{ttl} = $self->conf->{oidcServiceMetadataTtl}
+ if $self->conf->{oidcServiceMetadataTtl};
return $self->p->sendJSONresponse( $req,
- $self->metadataDoc( $self->get_issuer($req) ) );
+ $self->metadataDoc( $self->get_issuer($req) ), %args );
}

# Store request parameters in %ENV

0 comments on commit 5f161f2

Please sign in to comment.