Lemonldap-NG-Manager
view release on metacpan or search on metacpan
lib/Lemonldap/NG/Manager/Build/Attributes.pm view on Meta::CPAN
},
oidcRPMetaDataNodes => {
type => 'oidcRPMetaDataNodeContainer',
help =>
'idpopenidconnect.html#configuration-of-relying-party-in-ll-ng',
},
oidcOPMetaDataOptions => { type => 'subContainer', },
oidcRPMetaDataOptions => { type => 'subContainer', },
# OpenID Connect providers
oidcOPMetaDataJSON => {
type => 'file',
keyTest => sub { 1 }
},
oidcOPMetaDataJWKS => {
type => 'file',
keyTest => sub { 1 }
},
oidcOPMetaDataExportedVars => {
type => 'keyTextContainer',
default => {
'cn' => 'name',
'sn' => 'family_name',
'mail' => 'email',
'uid' => 'sub'
}
},
oidcOPMetaDataOptionsConfigurationURI => { type => 'url', },
oidcOPMetaDataOptionsJWKSTimeout => { type => 'int', default => 0 },
oidcOPMetaDataOptionsUserAttribute => { type => 'text' },
oidcOPMetaDataOptionsClientID => { type => 'text', },
oidcOPMetaDataOptionsClientSecret => { type => 'password', },
oidcOPMetaDataOptionsScope =>
{ type => 'text', default => 'openid profile' },
oidcOPMetaDataOptionsDisplay => {
type => 'select',
select => [
{ k => '', v => '' },
{ k => 'page', v => 'page' },
{ k => 'popup', v => 'popup' },
{ k => 'touch', v => 'touch' },
{ k => 'wap', v => 'wap' },
],
default => "",
},
oidcOPMetaDataOptionsPrompt => { type => 'text' },
oidcOPMetaDataOptionsMaxAge => { type => 'int', default => 0 },
oidcOPMetaDataOptionsUiLocales => { type => 'text', },
oidcOPMetaDataOptionsAcrValues => { type => 'text', },
oidcOPMetaDataOptionsAuthEndpointExtraParams => {
type => 'keyTextContainer',
documentation =>
'Additional parameters for OpenID Connect Authorization endpoint',
},
oidcOPMetaDataOptionsTokenEndpointAuthMethod => {
type => 'select',
select => [
{ k => 'client_secret_post', v => 'client_secret_post' },
{ k => 'client_secret_basic', v => 'client_secret_basic' },
{ k => 'client_secret_jwt', v => 'client_secret_jwt' },
{ k => 'private_key_jwt', v => 'private_key_jwt' },
],
default => 'client_secret_post',
},
oidcOPMetaDataOptionsTokenEndpointAuthSigAlg => {
type => 'select',
select => oidcSigAlgorithmAlg,
default => 'RS256',
},
oidcOPMetaDataOptionsAuthnEndpointAuthMethod => {
type => 'select',
select =>
[ { k => '', v => 'None' }, { k => 'jws', v => 'Signed JWT' }, ],
},
oidcOPMetaDataOptionsAuthnEndpointAuthSigAlg => {
type => 'select',
select => oidcSigAlgorithmAlg,
default => 'RS256',
},
oidcOPMetaDataOptionsSigningKey => {
type => 'text',
help => 'Signature key used with this OP',
default => '',
},
oidcOPMetaDataOptionsCheckJWTSignature =>
{ type => 'bool', default => 1 },
oidcOPMetaDataOptionsIDTokenMaxAge => { type => 'int', default => 30 },
oidcOPMetaDataOptionsUseNonce => { type => 'bool', default => 1 },
oidcOPMetaDataOptionsDisplayName => { type => 'text', },
oidcOPMetaDataOptionsIcon => { type => 'text', },
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
oidcOPMetaDataOptionsSortNumber => { type => 'int', },
oidcOPMetaDataOptionsTooltip => { type => 'text', },
oidcOPMetaDataOptionsComment => { type => 'longtext', },
oidcOPMetaDataOptionsResolutionRule => {
type => 'longtext',
default => '',
},
oidcOPMetaDataOptionsRequirePkce => {
type => 'bool',
default => 0,
documentation => 'Use PKCE with this OP',
},
oidcOPMetaDataOptionsRequireIss => {
type => 'bool',
default => 0,
documentation =>
'Require iss parameter in authorization response (RFC 9207)',
},
oidcOPMetaDataOptionsUserinfoSource => {
type => 'select',
default => 'userinfo',
select => [
{ k => 'userinfo', v => 'Userinfo endpoint' },
{ k => 'id_token', v => 'ID Token' },
{ k => 'access_token', v => 'Access Token' },
],
documentation => "Source of userinfo",
},
oidcOPMetaDataOptionsNoJwtHeader => {
type => 'bool',
default => 0,
documentation => "Don't insert typ header",
},
# OpenID Connect relying parties
oidcRPMetaDataExportedVars => {
help => 'idpopenidconnect.html#exported-attributes',
type => 'oidcAttributeContainer',
keyTest => qr/\w/,
test => qr/\w/,
default => {
'name' => 'cn',
'preferred_username' => 'uid',
'email' => 'mail',
}
},
oidcRPMetaDataOptionsActivation => {
type => 'bool',
default => 1,
},
oidcRPMetaDataOptionsClientID => { type => 'text', },
oidcRPMetaDataOptionsClientSecret => { type => 'password', },
oidcRPMetaDataOptionsAuthMethod => {
type => 'select',
select => [
{ k => '', v => 'Any' },
{ k => 'client_secret_post', v => 'client_secret_post' },
{ k => 'client_secret_basic', v => 'client_secret_basic' },
{ k => 'client_secret_jwt', v => 'client_secret_jwt' },
{ k => 'private_key_jwt', v => 'private_key_jwt' },
],
},
oidcRPMetaDataOptionsAuthRequiredForAuthorize => {
type => 'bool',
default => 0,
},
oidcRPMetaDataOptionsDisplayName => { type => 'text', },
oidcRPMetaDataOptionsIcon => { type => 'text', },
oidcRPMetaDataOptionsUserIDAttr => { type => 'text', },
oidcRPMetaDataOptionsSigningKey => {
type => 'text',
help => 'Signature key used with this OP',
default => '',
},
oidcRPMetaDataOptionsIDTokenSignAlg => {
type => 'select',
select => [ { k => 'none', v => 'None' }, @{&oidcSigAlgorithmAlg} ],
default => 'RS256',
},
oidcRPMetaDataOptionsIDTokenExpiration => { type => 'intOrNull' },
oidcRPMetaDataOptionsIDTokenForceClaims =>
{ type => 'bool', default => 0 },
oidcRPMetaDataOptionsAccessTokenSignAlg => {
type => 'select',
select => oidcSigAlgorithmAlg,
default => 'RS256',
},
oidcRPMetaDataOptionsUserInfoSignAlg => {
type => 'select',
select => [
{ k => '', v => 'JSON' },
{ k => 'none', v => 'None' },
@{&oidcSigAlgorithmAlg},
],
default => '',
},
oidcRPMetaDataOptionsIntrospectionSignAlg => {
type => 'select',
select => [ { k => '', v => 'JSON' }, @{&oidcSigAlgorithmAlg}, ],
default => '',
documentation =>
'Introspection response signature algorithm (RFC 9701)',
},
oidcRPMetaDataOptionsIntrospectionEncKeyMgtAlg => {
type => 'select',
select => [ { k => '', v => 'None' }, @{&oidcEncAlgorithmAlg} ],
documentation =>
'"alg" for introspection response encryption (RFC 9701)',
},
oidcRPMetaDataOptionsIntrospectionEncContentEncAlg => {
type => 'select',
select => oidcEncAlgorithmEnc,
default => 'A256GCM',
documentation =>
'"enc" for introspection response encryption (RFC 9701)',
},
oidcRPMetaDataOptionsAccessTokenJWT => { type => 'bool', default => 0 },
oidcRPMetaDataOptionsAccessTokenClaims =>
{ type => 'bool', default => 0 },
oidcRPMetaDataOptionsAdditionalAudiences => { type => 'text' },
( run in 0.532 second using v1.01-cache-2.11-cpan-98e64b0badf )