Configuration of adaptative authentication level plugin in Manager (#2336)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm

@@ -29,7 +29,7 @@ use constant DEFAULTCONFBACKEND => "File";
 use constant DEFAULTCONFBACKENDOPTIONS => (
     dirName => '/usr/local/lemonldap-ng/data/conf',
 );
-our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
+our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
 our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
 
 our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm

@@ -22,7 +22,7 @@ our $specialNodeHash = {
 };
 
 our $doubleHashKeys = 'issuerDBGetParameters';
-our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|ombModule)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
+our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|ombModule)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))';
 our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
 our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|Servic|Rul)e|AuthnLevel)|(?:ExportedVar|Macro)s)';
 our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -263,6 +263,18 @@ sub attributes {
             'default' => 1,
             'type'    => 'bool'
         },
+        'adaptativeAuthenticationLevelRules' => {
+            'keyMsgFail' => '__badRegexp__',
+            'keyTest'    => sub {
+                eval {
+                    do {
+                        qr/$_[0]/;
+                    }
+                };
+                return $@ ? 0 : 1;
+            },
+            'type' => 'keyTextContainer'
+        },
         'ADPwdExpireWarning' => {
             'default' => 0,
             'type'    => 'int'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -2107,6 +2107,18 @@ sub attributes {
             documentation => 'List of auto signin rules',
         },
 
+	# Adaptative Authentication Level plugin
+        adaptativeAuthenticationLevelRules => {
+            type => 'keyTextContainer',
+                keyTest => sub {
+                    eval { qr/$_[0]/ };
+                    return $@ ? 0 : 1;
+                },
+                keyMsgFail => '__badRegexp__',
+            documentation => 'Adaptative authentication level rules',
+            flags         => 'p',
+        },
+
         ## Virtualhosts
 
         # Fake attribute: used by manager REST API to agglomerate all other

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -641,6 +641,7 @@ sub tree {
                     nodes => [
                         'stayConnected',
                         'portalStatus',
+			'adaptativeAuthenticationLevelRules',
                         'upgradeSession',
                         'refreshSessions',
                         {

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -28,6 +28,7 @@
 "2ndFA":"Second Factors",
 "actives":"مفعلة",
 "activeTimer":"قبول تلقائي للوقت",
+"adaptativeAuthenticationLevelRules":"Adaptative authentication rules",
 "addAppCasPartner":"إضافة تطبيق كاس",
 "addIDPSamlPartner":"أضف IDP SAML",
 "addOidcOp":"إضافة أوبين أيدي كونيكت بروفيدر",

lemonldap-ng-manager/site/htdocs/static/languages/de.json

@@ -28,6 +28,7 @@
 "2ndFA":"Second Factors",
 "actives":"Enabled",
 "activeTimer":"Auto accept time",
+"adaptativeAuthenticationLevelRules":"Adaptative authentication rules",
 "addAppCasPartner":"Add CAS application",
 "addIDPSamlPartner":"Add SAML IDP",
 "addOidcOp":"Add OpenID Connect Provider",

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -28,6 +28,7 @@
 "2ndFA":"Second Factors",
 "actives":"Enabled",
 "activeTimer":"Auto accept time",
+"adaptativeAuthenticationLevelRules":"Adaptative authentication rules",
 "addAppCasPartner":"Add CAS application",
 "addIDPSamlPartner":"Add SAML IDP",
 "addOidcOp":"Add OpenID Connect Provider",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -28,6 +28,7 @@
 "2ndFA":"Seconds Facteurs",
 "actives":"Actives",
 "activeTimer":"Délai d'acceptation automatique",
+"adaptativeAuthenticationLevelRules":"Règles d'authentification adaptative",
 "addAppCasPartner":"Ajouter une application CAS",
 "addIDPSamlPartner":"Ajouter un FI SAML",
 "addOidcOp":"Ajouter un fournisseur OpenID Connect",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -28,6 +28,7 @@
 "2ndFA":"Secondi fattori",
 "actives":"Attivi",
 "activeTimer":"Auto accettazione tempo",
+"adaptativeAuthenticationLevelRules":"Adaptative authentication rules",
 "addAppCasPartner":"Aggiungi applicazione CAS",
 "addIDPSamlPartner":"Aggiungi SAML IDP",
 "addOidcOp":"Aggiungere OpenID Connect Provider",

lemonldap-ng-manager/site/htdocs/static/languages/pl.json

@@ -28,6 +28,7 @@
 "2ndFA":"Drugie czynniki",
 "actives":"Włączone",
 "activeTimer":"Czas automatycznej akceptacji",
+"adaptativeAuthenticationLevelRules":"Adaptative authentication rules",
 "addAppCasPartner":"Dodaj aplikację CAS",
 "addIDPSamlPartner":"Dodaj SAML IDP",
 "addOidcOp":"Dodaj dostawcę OpenID Connect",

lemonldap-ng-manager/site/htdocs/static/languages/tr.json

@@ -28,6 +28,7 @@
 "2ndFA":"İki Faktörlü Kimlik Doğrulama",
 "actives":"Etkin",
 "activeTimer":"Otomatik kabul süresi",
+"adaptativeAuthenticationLevelRules":"Adaptative authentication rules",
 "addAppCasPartner":"CAS uygulaması ekle",
 "addIDPSamlPartner":"SAML IDP ekle",
 "addOidcOp":"OpenID Connect Sağlayıcısı Ekle",

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -28,6 +28,7 @@
 "2ndFA":"Second Factors",
 "actives":"Hoạt động",
 "activeTimer":"Tự động chấp nhận thời gian",
+"adaptativeAuthenticationLevelRules":"Adaptative authentication rules",
 "addAppCasPartner":"Thêm ứng dụng CAS",
 "addIDPSamlPartner":"Thêm SAML IDP",
 "addOidcOp":"Thêm nhà cung cấp kết nối OpenID",

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -28,6 +28,7 @@
 "2ndFA":"Second Factors",
 "actives":"Enabled",
 "activeTimer":"自动接收时间",
+"adaptativeAuthenticationLevelRules":"Adaptative authentication rules",
 "addAppCasPartner":"增加CAS应用",
 "addIDPSamlPartner":"增加SAML IDP",
 "addOidcOp":"增加OpenID Connect Provider",