Add manager UI for per-service macros (#2042)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm

@@ -23,7 +23,7 @@ use constant HANDLERSECTION  => "handler";
 use constant MANAGERSECTION  => "manager";
 use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
 use constant APPLYSECTION            => "apply";
-our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
+our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
 our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|AllowOffline|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|br(?:owsersDontStorePassword|uteForceProtection)|(?:(?:globalLogout|active)Tim|wsdlServ)er|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs))$/;
 
 our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm

@@ -269,7 +269,9 @@ sub _samlMetaDataNodes {
     my ( $id, $resp ) = ( 1, [] );
 
     # Return all exported attributes if asked
-    if ( $query =~ /^saml${type}MetaDataExportedAttributes$/ ) {
+    if ( $query =~
+        /^saml${type}MetaDataExportedAttributes|samlSPMetaDataMacros$/ )
+    {
         my $pk =
           eval { $self->getConfKey( $req, $query )->{$partner} } // {};
         return $self->sendError( $req, undef, 400 ) if ( $req->error );
@@ -380,7 +382,7 @@ sub _oidcMetaDataNodes {
 
     # Return all exported attributes if asked
     if ( $query =~
-        /^(?:oidc${type}MetaDataExportedVars|oidcRPMetaDataOptionsExtraClaims)$/
+/^(?:oidc${type}MetaDataExportedVars|oidcRPMetaDataOptionsExtraClaims|oidcRPMetaDataMacros)$/
       )
     {
         my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {};
@@ -478,7 +480,7 @@ sub _casMetaDataNodes {
 
     # Return all exported attributes if asked
     if ( $query =~
-/^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices)$/
+/^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices|casAppMetaDataMacros)$/
       )
     {
         my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {};
@@ -549,7 +551,8 @@ sub authChoiceModules {
                 if ($@) {
                     $self->logger->error(
                         "Bad value in choice over parameters, deleted ($@)");
-                } else {
+                }
+                else {
                     $data->[5] = [ map { [ $_, $over->{$_} ] } keys %{$over} ];
                 }
             }

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm

@@ -14,22 +14,22 @@ our @EXPORT      = ( @{ $EXPORT_TAGS{'all'} } );
 our $specialNodeHash = {
     virtualHosts         => [qw(exportedHeaders locationRules post vhostOptions)],
     samlIDPMetaDataNodes => [qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)],
-    samlSPMetaDataNodes  => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions)],
+    samlSPMetaDataNodes  => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions samlSPMetaDataMacros)],
     oidcOPMetaDataNodes  => [qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars)],
-    oidcRPMetaDataNodes  => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)],
+    oidcRPMetaDataNodes  => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims oidcRPMetaDataMacros)],
     casSrvMetaDataNodes  => [qw(casSrvMetaDataOptions casSrvMetaDataExportedVars)],
-    casAppMetaDataNodes  => [qw(casAppMetaDataOptions casAppMetaDataExportedVars)],
+    casAppMetaDataNodes  => [qw(casAppMetaDataOptions casAppMetaDataExportedVars casAppMetaDataMacros)],
 };
 
 our $doubleHashKeys = 'issuerDBGetParameters';
 our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|ombModule)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
 our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
-our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:UserAttribut|Servic|Rul)e|ExportedVars)';
+our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:UserAttribut|Servic|Rul)e|(?:ExportedVar|Macro)s)';
 our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
 our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
-our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:(?:uthorizationCode|ccessToken)Expiration|llowOffline)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|ExportedVars)';
+our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:(?:uthorizationCode|ccessToken)Expiration|llowOffline)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|Macro)s)';
 our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
-our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
+our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
 our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
 
 our $authParameters = {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -674,6 +674,17 @@ sub attributes {
             },
             'type' => 'keyTextContainer'
         },
+        'casAppMetaDataMacros' => {
+            'default' => {},
+            'test'    => {
+                'keyMsgFail' => '__badMacroName__',
+                'keyTest'    => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
+                'test'       => sub {
+                    return perlExpr(@_);
+                }
+            },
+            'type' => 'keyTextContainer'
+        },
         'casAppMetaDataNodes' => {
             'type' => 'casAppMetaDataNodeContainer'
         },
@@ -1993,6 +2004,17 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
             },
             'type' => 'keyTextContainer'
         },
+        'oidcRPMetaDataMacros' => {
+            'default' => {},
+            'test'    => {
+                'keyMsgFail' => '__badMacroName__',
+                'keyTest'    => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
+                'test'       => sub {
+                    return perlExpr(@_);
+                }
+            },
+            'type' => 'keyTextContainer'
+        },
         'oidcRPMetaDataNodes' => {
             'type' => 'oidcRPMetaDataNodeContainer'
         },
@@ -3170,6 +3192,17 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'test'       => qr/\w/,
             'type'       => 'samlAttributeContainer'
         },
+        'samlSPMetaDataMacros' => {
+            'default' => {},
+            'test'    => {
+                'keyMsgFail' => '__badMacroName__',
+                'keyTest'    => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
+                'test'       => sub {
+                    return perlExpr(@_);
+                }
+            },
+            'type' => 'keyTextContainer'
+        },
         'samlSPMetaDataNodes' => {
             'type' => 'samlSPMetaDataNodeContainer'
         },

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm

@@ -184,11 +184,11 @@ our \@EXPORT      = ( \@{ \$EXPORT_TAGS{'all'} } );
 our \$specialNodeHash = {
     virtualHosts         => [qw(exportedHeaders locationRules post vhostOptions)],
     samlIDPMetaDataNodes => [qw(samlIDPMetaDataXML samlIDPMetaDataExportedAttributes samlIDPMetaDataOptions)],
-    samlSPMetaDataNodes  => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions)],
+    samlSPMetaDataNodes  => [qw(samlSPMetaDataXML samlSPMetaDataExportedAttributes samlSPMetaDataOptions samlSPMetaDataMacros)],
     oidcOPMetaDataNodes  => [qw(oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions oidcOPMetaDataExportedVars)],
-    oidcRPMetaDataNodes  => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)],
+    oidcRPMetaDataNodes  => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims oidcRPMetaDataMacros)],
     casSrvMetaDataNodes  => [qw(casSrvMetaDataOptions casSrvMetaDataExportedVars)],
-    casAppMetaDataNodes  => [qw(casAppMetaDataOptions casAppMetaDataExportedVars)],
+    casAppMetaDataNodes  => [qw(casAppMetaDataOptions casAppMetaDataExportedVars casAppMetaDataMacros)],
 };
 
 EOF
@@ -277,11 +277,13 @@ $defaultAttr}
         exportedHeaders locationRules post vhostOptions
         samlIDPMetaDataXML samlIDPMetaDataExportedAttributes
         samlIDPMetaDataOptions samlSPMetaDataXML
-        samlSPMetaDataExportedAttributes samlSPMetaDataOptions
-        oidcOPMetaDataJSON oidcOPMetaDataJWKS oidcOPMetaDataOptions
+        samlSPMetaDataExportedAttributes samlSPMetaDataMacros
+        samlSPMetaDataOptions oidcOPMetaDataJSON
+        oidcOPMetaDataJWKS oidcOPMetaDataOptions
         oidcOPMetaDataExportedVars oidcRPMetaDataOptions
         oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims
-        casAppMetaDataExportedVars casAppMetaDataOptions
+        oidcRPMetaDataMacros casAppMetaDataExportedVars
+        casAppMetaDataOptions casAppMetaDataMacros
         casSrvMetaDataExportedVars casSrvMetaDataOptions
         )
       )

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -2138,6 +2138,18 @@ sub attributes {
             test          => sub { return perlExpr(@_) },
             documentation => 'CAS App rule',
         },
+        casAppMetaDataMacros => {
+            type => 'keyTextContainer',
+            help =>
+              'exportedvars.html#extend_variables_using_macros_and_groups',
+            test       => {
+                keyTest       => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
+                keyMsgFail    => '__badMacroName__',
+                test       => sub { return perlExpr(@_) },
+            },
+            default       => {},
+            documentation => 'Macros',
+        },
 
         # Fake attribute: used by manager REST API to agglomerate all nodes
         # related to a CAS SP partner
@@ -2737,6 +2749,18 @@ sub attributes {
             test          => sub { return perlExpr(@_) },
             documentation => 'Rule to grant access to this SP',
         },
+        samlSPMetaDataMacros => {
+            type => 'keyTextContainer',
+            help =>
+              'exportedvars.html#extend_variables_using_macros_and_groups',
+            test       => {
+                keyTest       => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
+                keyMsgFail    => '__badMacroName__',
+                test       => sub { return perlExpr(@_) },
+            },
+            default       => {},
+            documentation => 'Macros',
+        },
 
         # AUTH, USERDB and PASSWORD MODULES
         authentication => {
@@ -3828,6 +3852,18 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
             test          => sub { return perlExpr(@_) },
             documentation => 'Rule to grant access to this RP',
         },
+        oidcRPMetaDataMacros => {
+            type => 'keyTextContainer',
+            help =>
+              'exportedvars.html#extend_variables_using_macros_and_groups',
+            test       => {
+                keyTest       => qr/^[_a-zA-Z][a-zA-Z0-9_]*$/,
+                keyMsgFail    => '__badMacroName__',
+                test       => sub { return perlExpr(@_) },
+            },
+            default       => {},
+            documentation => 'Macros',
+        },
     };
 }
 

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm

@@ -138,7 +138,8 @@ sub cTrees {
                         ]
                     }
                 ]
-            }
+            },
+            "samlSPMetaDataMacros",
         ],
         oidcOPMetaDataNode => [
             'oidcOPMetaDataJSON',
@@ -224,6 +225,7 @@ sub cTrees {
                     'oidcRPMetaDataOptionsRule',
                 ]
             },
+            'oidcRPMetaDataMacros',
             {
                 title => 'oidcRPMetaDataOptionsDisplay',
                 form  => 'simpleInputContainer',
@@ -266,6 +268,7 @@ sub cTrees {
                     'casAppMetaDataOptionsRule'
                 ]
             },
+            'casAppMetaDataMacros',
         ],
     };
 }

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm

@@ -334,7 +334,7 @@ sub _scanNodes {
                     hdebug("  SAML data is an array, serializing");
                     $leaf->{data} = join ';', @{ $leaf->{data} };
                 }
-                if ( $target =~ /^saml(?:S|ID)PMetaDataExportedAttributes$/ ) {
+                if ( $target =~ /^saml(?:S|ID)PMetaData(?:ExportedAttributes|Macros)$/ ) {
                     if ( $leaf->{cnodes} ) {
                         hdebug("  $target: unopened node");
                         $self->newConf->{$target}->{$key} =
@@ -394,7 +394,7 @@ sub _scanNodes {
                     hdebug("  $target");
                     $self->set( $target, $key, $leaf->{data} );
                 }
-                elsif ( $target =~ /^oidc(?:O|R)PMetaDataExportedVars$/ ) {
+                elsif ( $target =~ /^oidc(?:O|R)PMetaData(?:ExportedVars|Macros)$/ ) {
                     hdebug("  $target");
                     if ( $leaf->{cnodes} ) {
                         hdebug('    unopened');
@@ -463,7 +463,7 @@ sub _scanNodes {
                     $self->_scanNodes($subNodes);
                     $self->set( $target, $key, $leaf->{title}, $leaf->{data} );
                 }
-                elsif ( $target =~ /^cas(?:App|Srv)MetaDataExportedVars$/ ) {
+                elsif ( $target =~ /^cas(?:App|Srv)MetaData(?:ExportedVars|Macros)$/ ) {
                     hdebug("  $target");
                     if ( $leaf->{cnodes} ) {
                         hdebug('    unopened');

lemonldap-ng-manager/site/htdocs/static/js/conftree.js

@@ -57,6 +57,14 @@ function templates(tpl,key) {
       "id" : "casAppMetaDataOptions",
       "title" : "casAppMetaDataOptions",
       "type" : "simpleInputContainer"
+   },
+   {
+      "cnodes" : tpl+"s/"+key+"/"+"casAppMetaDataMacros",
+      "default" : [],
+      "help" : "exportedvars.html#extend_variables_using_macros_and_groups",
+      "id" : tpl+"s/"+key+"/"+"casAppMetaDataMacros",
+      "title" : "casAppMetaDataMacros",
+      "type" : "keyTextContainer"
    }
 ]
 ;
@@ -579,6 +587,14 @@ function templates(tpl,key) {
       "id" : "oidcRPMetaDataOptions",
       "title" : "oidcRPMetaDataOptions"
    },
+   {
+      "cnodes" : tpl+"s/"+key+"/"+"oidcRPMetaDataMacros",
+      "default" : [],
+      "help" : "exportedvars.html#extend_variables_using_macros_and_groups",
+      "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataMacros",
+      "title" : "oidcRPMetaDataMacros",
+      "type" : "keyTextContainer"
+   },
    {
       "_nodes" : [
          {
@@ -1120,6 +1136,14 @@ function templates(tpl,key) {
       "help" : "idpsaml.html#options",
       "id" : "samlSPMetaDataOptions",
       "title" : "samlSPMetaDataOptions"
+   },
+   {
+      "cnodes" : tpl+"s/"+key+"/"+"samlSPMetaDataMacros",
+      "default" : [],
+      "help" : "exportedvars.html#extend_variables_using_macros_and_groups",
+      "id" : tpl+"s/"+key+"/"+"samlSPMetaDataMacros",
+      "title" : "samlSPMetaDataMacros",
+      "type" : "keyTextContainer"
    }
 ]
 ;

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -118,6 +118,7 @@
 "casAppMetaDataOptions":"خيارات",
 "casAppMetaDataOptionsService":"خدمة أل يو أر ل",
 "casAppMetaDataOptionsRule":"القاعدة",
+"casAppMetaDataMacros":"ماكرو",
 "casAppMetaDataOptionsUserAttribute":"خاصّيّة المستخدم",
 "casAppName":"اسم التطبيق كاس",
 "casAttr":"تسجيل الدخول كاس",
@@ -556,6 +557,7 @@
 "oidcRPMetaDataOptionsPublic":"Public client",
 "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE",
 "oidcRPMetaDataOptionsRule":"قاعدة الدخول",
+"oidcRPMetaDataMacros":"ماكرو",
 "oidcOPMetaDataOptionsScope":"نطاق",
 "oidcOPMetaDataOptionsStoreIDToken":"مخزن تعريف التوكن",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"توكن نقطة النهاية لطريقة إثبات الهوية",
@@ -1021,6 +1023,7 @@
 "samlSPMetaDataOptionsNotOnOrAfterTimeout":"ليس على أو بعد المدة",
 "samlSPMetaDataOptionsForceUTF8":"فرضUTF-8  ",
 "samlSPMetaDataOptionsRule":"قاعدة الدخول",
+"samlSPMetaDataMacros":"ماكرو",
 "samlIDPName":"اسم SAML IDP",
 "samlServiceMetaData":"خدمة 2 SAML",
 "samlEntityID":"معرف الكيان",
@@ -1086,4 +1089,4 @@
 "samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
 "samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/de.json

@@ -118,6 +118,7 @@
 "casAppMetaDataOptions":"Optionen",
 "casAppMetaDataOptionsService":"Service URL",
 "casAppMetaDataOptionsRule":"Regel",
+"casAppMetaDataMacros":"Macros",
 "casAppMetaDataOptionsUserAttribute":"User attribute",
 "casAppName":"CAS App Name",
 "casAttr":"CAS login",
@@ -556,6 +557,7 @@
 "oidcRPMetaDataOptionsPublic":"Public client",
 "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE",
 "oidcRPMetaDataOptionsRule":"Access rule",
+"oidcRPMetaDataMacros":"Macros",
 "oidcOPMetaDataOptionsScope":"Scope",
 "oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method",
@@ -1021,6 +1023,7 @@
 "samlSPMetaDataOptionsNotOnOrAfterTimeout":"notOnOrAfter duration",
 "samlSPMetaDataOptionsForceUTF8":"Force UTF-8",
 "samlSPMetaDataOptionsRule":"Access rule",
+"samlSPMetaDataMacros":"Macros",
 "samlIDPName":"SAML IDP Name",
 "samlServiceMetaData":"SAML2 Service",
 "samlEntityID":"Entity Identifier",
@@ -1086,4 +1089,4 @@
 "samlRelayStateTimeout":"RelayState session timeout",
 "samlUseQueryStringSpecific":"Use specific query_string method",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -118,6 +118,7 @@
 "casAppMetaDataOptions":"Options",
 "casAppMetaDataOptionsService":"Service URL",
 "casAppMetaDataOptionsRule":"Rule",
+"casAppMetaDataMacros":"Macros",
 "casAppMetaDataOptionsUserAttribute":"User attribute",
 "casAppName":"CAS App Name",
 "casAttr":"CAS login",
@@ -556,6 +557,7 @@
 "oidcRPMetaDataOptionsPublic":"Public client",
 "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE",
 "oidcRPMetaDataOptionsRule":"Access rule",
+"oidcRPMetaDataMacros":"Macros",
 "oidcOPMetaDataOptionsScope":"Scope",
 "oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method",
@@ -1021,6 +1023,7 @@
 "samlSPMetaDataOptionsNotOnOrAfterTimeout":"notOnOrAfter duration",
 "samlSPMetaDataOptionsForceUTF8":"Force UTF-8",
 "samlSPMetaDataOptionsRule":"Access rule",
+"samlSPMetaDataMacros":"Macros",
 "samlIDPName":"SAML IDP Name",
 "samlServiceMetaData":"SAML2 Service",
 "samlEntityID":"Entity Identifier",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -118,6 +118,7 @@
 "casAppMetaDataOptions":"Options",
 "casAppMetaDataOptionsService":"URL du service",
 "casAppMetaDataOptionsRule":"Règle",
+"casAppMetaDataMacros":"Macros",
 "casAppMetaDataOptionsUserAttribute":"Attribut de l'utilisateur",
 "casAppName":"Nom de l'application CAS",
 "casAttr":"Identifiant CAS",
@@ -556,6 +557,7 @@
 "oidcRPMetaDataOptionsPublic":"Client public",
 "oidcRPMetaDataOptionsRequirePKCE":"PKCE requis",
 "oidcRPMetaDataOptionsRule":"Règle d'accès",
+"oidcRPMetaDataMacros":"Macros",
 "oidcOPMetaDataOptionsScope":"Étendue",
 "oidcOPMetaDataOptionsStoreIDToken":"Conserver le jeton d'identité",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Méthode d'authentification pour l'accès aux jetons",
@@ -1021,6 +1023,7 @@
 "samlSPMetaDataOptionsNotOnOrAfterTimeout":"Durée notOnOrAfter",
 "samlSPMetaDataOptionsForceUTF8":"Forcer l'UTF-8",
 "samlSPMetaDataOptionsRule":"Règle d'accès",
+"samlSPMetaDataMacros":"Macros",
 "samlIDPName":"Nom du fournisseur d'identité SAML",
 "samlServiceMetaData":"Service SAML 2",
 "samlEntityID":"Identifiant d'entité",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -118,6 +118,7 @@
 "casAppMetaDataOptions":"Opzioni",
 "casAppMetaDataOptionsService":"URL del servizio",
 "casAppMetaDataOptionsRule":"Regola",
+"casAppMetaDataMacros":"Macro",
 "casAppMetaDataOptionsUserAttribute":"Attributo utente",
 "casAppName":"Nome App CAS",
 "casAttr":"Login CAS",
@@ -556,6 +557,7 @@
 "oidcRPMetaDataOptionsPublic":"Cliente pubblico",
 "oidcRPMetaDataOptionsRequirePKCE":"Richiedi PKCE",
 "oidcRPMetaDataOptionsRule":"Regola di accesso",
+"oidcRPMetaDataMacros":"Macro",
 "oidcOPMetaDataOptionsScope":"Scopo",
 "oidcOPMetaDataOptionsStoreIDToken":"Immagazzina ID Token",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Metodo di autenticazione degli endpoint di token",
@@ -1021,6 +1023,7 @@
 "samlSPMetaDataOptionsNotOnOrAfterTimeout":"Durata di notOnOrAfter ",
 "samlSPMetaDataOptionsForceUTF8":"Forza UTF-8",
 "samlSPMetaDataOptionsRule":"Regola di accesso",
+"samlSPMetaDataMacros":"Macro",
 "samlIDPName":"Nome di SAML IDP ",
 "samlServiceMetaData":"Servizio SAML 2",
 "samlEntityID":"Identificatore dell'entità",
@@ -1086,4 +1089,4 @@
 "samlRelayStateTimeout":"Timeout di sessione di RelayState",
 "samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
 "samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -118,6 +118,7 @@
 "casAppMetaDataOptions":"Tùy chọn",
 "casAppMetaDataOptionsService":"Dịch vụ URL",
 "casAppMetaDataOptionsRule":"Quy tắc",
+"casAppMetaDataMacros":"Macros",
 "casAppMetaDataOptionsUserAttribute":"thuộc tính người dùng",
 "casAppName":"Tên ứng dụng CAS",
 "casAttr":"Đăng nhập CAS ",
@@ -556,6 +557,7 @@
 "oidcRPMetaDataOptionsPublic":"Public client",
 "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE",
 "oidcRPMetaDataOptionsRule":"Quy tắc truy cập",
+"oidcRPMetaDataMacros":"Macros",
 "oidcOPMetaDataOptionsScope":"Phạm vi",
 "oidcOPMetaDataOptionsStoreIDToken":"Mã thông báo Cửa hàng",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Phương pháp xác thực thiết bị đầu cuối Token",
@@ -1021,6 +1023,7 @@
 "samlSPMetaDataOptionsNotOnOrAfterTimeout":"Thời gian notOnOrAfter ",
 "samlSPMetaDataOptionsForceUTF8":"Bắt buộc UTF-8",
 "samlSPMetaDataOptionsRule":"Quy tắc truy cập",
+"samlSPMetaDataMacros":"Macros",
 "samlIDPName":"Tên SAML IDP ",
 "samlServiceMetaData":"Dịch vụ SAML 2",
 "samlEntityID":"Thực thể trình định danh",
@@ -1086,4 +1089,4 @@
 "samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
 "samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -118,6 +118,7 @@
 "casAppMetaDataOptions":"选项",
 "casAppMetaDataOptionsService":"服务 URL",
 "casAppMetaDataOptionsRule":"规则",
+"casAppMetaDataMacros":"Macros",
 "casAppMetaDataOptionsUserAttribute":"User attribute",
 "casAppName":"CAS App 名称",
 "casAttr":"CAS 登录",
@@ -556,6 +557,7 @@
 "oidcRPMetaDataOptionsPublic":"Public client",
 "oidcRPMetaDataOptionsRequirePKCE":"Require PKCE",
 "oidcRPMetaDataOptionsRule":"Access rule",
+"oidcRPMetaDataMacros":"Macros",
 "oidcOPMetaDataOptionsScope":"Scope",
 "oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
 "oidcOPMetaDataOptionsTokenEndpointAuthMethod":"Token endpoint authentication method",
@@ -1021,6 +1023,7 @@
 "samlSPMetaDataOptionsNotOnOrAfterTimeout":"notOnOrAfter duration",
 "samlSPMetaDataOptionsForceUTF8":"Force UTF-8",
 "samlSPMetaDataOptionsRule":"Access rule",
+"samlSPMetaDataMacros":"Macros",
 "samlIDPName":"SAML IDP Name",
 "samlServiceMetaData":"SAML2 Service",
 "samlEntityID":"Entity Identifier",
@@ -1086,4 +1089,4 @@
 "samlRelayStateTimeout":"RelayState session timeout",
 "samlUseQueryStringSpecific":"Use specific query_string method",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}