Configuration endpoint (#184)

10 years ago · cf4dfef9fb
parent 45ed174666
commit cf4dfef9fb
6 changed files with 63 additions and 0 deletions
--- a/3
+++ b/3
@ -353,6 +353,7 @@ install_portal_site:	install_conf_dir
 	@cp -pR -f ${SRCPORTALDIR}/example/index_skin.pl ${RPORTALDIR}/index.pl
 	@cp -pR -f ${SRCPORTALDIR}/example/mail.pl ${RPORTALDIR}
 	@cp -pR -f ${SRCPORTALDIR}/example/metadata.pl ${RPORTALDIR}
+	@cp -pR -f ${SRCPORTALDIR}/example/openid-configuration.pl ${RPORTALDIR}
 	@cp -pR -f ${SRCPORTALDIR}/example/cdc.pl ${RPORTALDIR}
 	@cp -pR -f ${SRCPORTALDIR}/example/register.pl ${RPORTALDIR}
 	@tar -cf - -C ${SRCPORTALDIR}/example/skins/ $$(ls ${SRCPORTALDIR}/example/skins/) |tar -xf - -C $(RPORTALSKINSDIR)
@ -653,6 +654,7 @@ debian-diff:
 	@$(DIFF) lemonldap-ng-portal/example/index_skin.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/index.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/mail.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/mail.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/metadata.pl ||true
+	@$(DIFF) lemonldap-ng-portal/example/openid-configuration.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/openid-configuration.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/cdc.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/register.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/register.pl ||true
 	@# Handler
@ -685,6 +687,7 @@ default-diff:
 	@$(DIFF) lemonldap-ng-portal/example/mail.pl $(LMPREFIX)/htdocs/portal/mail.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/register.pl $(LMPREFIX)/htdocs/portal/register.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(LMPREFIX)/htdocs/portal/metadata.pl ||true
+	@$(DIFF) lemonldap-ng-portal/example/openid-configuration.pl $(LMPREFIX)/htdocs/portal/openid-configuration.pl ||true
 	@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(LMPREFIX)/htdocs/portal/cdc.pl ||true
 	@# Handler
 	@$(DIFF) lemonldap-ng-handler/lib/Lemonldap/NG/Handler /usr/local/share/perl/$(PERLVERSION)/Lemonldap/NG/Handler ||true
--- a/_example/etc/portal-apache.conf
+++ b/_example/etc/portal-apache.conf
@ -75,6 +75,7 @@
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/oauth2/.* /index.pl
+        RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
    </IfModule>

    <Location />
--- a/_example/etc/portal-apache2.4.conf
+++ b/_example/etc/portal-apache2.4.conf
@ -69,6 +69,7 @@
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/oauth2/.* /index.pl
+        RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
    </IfModule>

    <Location />
--- a/_example/etc/portal-apache2.conf
+++ b/_example/etc/portal-apache2.conf
@ -74,6 +74,7 @@
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/oauth2/.* /index.pl
+        RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
    </IfModule>

    <Location />
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -8,6 +8,7 @@ example/index_skin.pl
 example/mail.pl
 example/metadata.pl
 example/oauth2.pl
+example/openid-configuration.pl
 example/PortalStatus.pl
 example/register.pl
 example/scripts/buildPortalWSDL
--- a/lemonldap-ng-portal/example/openid-configuration.pl
+++ b/lemonldap-ng-portal/example/openid-configuration.pl
@ -0,0 +1,56 @@
+#!/usr/bin/perl
+
+use Lemonldap::NG::Portal::SharedConf;
+use JSON;
+use strict;
+
+my $portal = Lemonldap::NG::Portal::SharedConf->new();
+
+my $issuerDBOpenIDConnectPath = $portal->{issuerDBOpenIDConnectPath};
+my $authorize_uri             = $portal->{oidcServiceMetaDataAuthorizeURI};
+my $token_uri                 = $portal->{oidcServiceMetaDataTokenURI};
+my $userinfo_uri              = $portal->{oidcServiceMetaDataUserInfoURI};
+
+my ($path) = ( $issuerDBOpenIDConnectPath =~ /(\w+)/ );
+my $issuer = $portal->{oidcServiceMetaDataIssuer};
+
+# Create OpenID configuration hash;
+my $configuration = {};
+$configuration->{issuer} = $issuer;
+$configuration->{authorization_endpoint} =
+  $issuer . $path . "/" . $authorize_uri;
+$configuration->{token_endpoint}    = $issuer . $path . "/" . $token_uri;
+$configuration->{userinfo_endpoint} = $issuer . $path . "/" . $userinfo_uri;
+
+# MANDATORY # $configuration->{jwks_uri}
+# RECOMMENDED # $configuration->{registration_endpoint}
+$configuration->{scopes_supported} = [qw/openid profile email address phone/];
+$configuration->{response_types_supported} = [
+    "code",
+    "id_token",
+    "id_token token",
+    "code id_token",
+    "code token",
+    "code id_token token"
+];
+
+# $configuration->{response_modes_supported}
+$configuration->{grant_types_supported} =
+  [qw/authorization_code implicit hybrid/];
+
+# $configuration->{acr_values_supported}
+# REQUIRED # $configuration->{subject_types_supported}
+$configuration->{id_token_signing_alg_values_supported} =
+  [qw/none RS256 RS384 RS512/];
+
+# $configuration->{id_token_encryption_alg_values_supported}
+# $configuration->{id_token_encryption_enc_values_supported}
+# $configuration->{userinfo_encryption_alg_values_supported}
+# $configuration->{userinfo_encryption_enc_values_supported}
+# $configuration->{request_object_signing_alg_values_supported}
+# $configuration->{request_object_encryption_alg_values_supported}
+
+my $json = encode_json $configuration;
+
+print $portal->header('application/json; charset=utf-8');
+print $json;