From e75809a5f75dd92335a3e4af6c24ebd039ab48bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?=
Date: Wed, 5 Feb 2020 18:03:42 +0100
Subject: [PATCH] Add setting to specify a different signature algorithm
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Julius Härtl
---
js/admin.js | 12 ++++++++++++
lib/SAMLSettings.php | 1 +
lib/Settings/Admin.php | 6 +++++-
templates/admin.php | 19 ++++++++++++++-----
tests/unit/Settings/AdminTest.php | 4 ++++
5 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/js/admin.js b/js/admin.js
index 5952f4c..c932053 100644
--- a/js/admin.js
+++ b/js/admin.js
@@ -322,6 +322,18 @@ $(function() {
});
});
+ $('#user-saml-security input[type="text"], #user-saml-security textarea').change(function(e) {
+ var el = $(this);
+ $.when(el.focusout()).then(function() {
+ var key = $(this).attr('name');
+ OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val());
+ });
+ if (e.keyCode === 13) {
+ var key = $(this).attr('name');
+ OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val());
+ }
+ });
+
$('#user-saml-attribute-mapping input[type="text"], #user-saml-attribute-mapping textarea').change(function(e) {
var el = $(this);
$.when(el.focusout()).then(function() {
diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
index 0cde99a..cee5f09 100644
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@@ -119,6 +119,7 @@ class SAMLSettings {
'wantXMLValidation' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantXMLValidation', '0') === '1') ? true : false,
'requestedAuthnContext' => false,
'lowercaseUrlencoding' => ($this->config->getAppValue('user_saml', $prefix . 'security-lowercaseUrlencoding', '0') === '1') ? true : false,
+ 'signatureAlgorithm' => $this->config->getAppValue('user_saml', $prefix . 'security-signatureAlgorithm', null)
],
'sp' => [
'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),
diff --git a/lib/Settings/Admin.php b/lib/Settings/Admin.php
index 3377148..6a7cf87 100644
--- a/lib/Settings/Admin.php
+++ b/lib/Settings/Admin.php
@@ -75,7 +75,7 @@ class Admin implements ISettings {
'authnRequestsSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]'),
'logoutRequestSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed.'),
'logoutResponseSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed.'),
- 'signMetadata' => $this->l10n->t('Whether the metadata should be signed.'),
+ 'signMetadata' => $this->l10n->t('Whether the metadata should be signed.')
];
$securityRequiredFields = [
'wantMessagesSigned' => $this->l10n->t('Indicates a requirement for the , and elements received by this SP to be signed.'),
@@ -87,6 +87,10 @@ class Admin implements ISettings {
];
$securityGeneral = [
'lowercaseUrlencoding' => $this->l10n->t('ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.'),
+ 'signatureAlgorithm' => [
+ 'type' => 'line',
+ 'text' => $this->l10n->t('Algorithm that the toolkit will use on signing process.')
+ ]
];
$generalSettings = [
'uid_mapping' => [
diff --git a/templates/admin.php b/templates/admin.php
index 562c86c..2745322 100644
--- a/templates/admin.php
+++ b/templates/admin.php
@@ -177,11 +177,20 @@ style('user_saml', 'admin');
t('General')) ?>
- $text): ?>
-
-
-
-
+ $attribute): ?>
+
+
+
+
+ class="required" placeholder="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+
+
+
+
+
+
+
+
diff --git a/tests/unit/Settings/AdminTest.php b/tests/unit/Settings/AdminTest.php
index 4ee60d5..2331169 100644
--- a/tests/unit/Settings/AdminTest.php
+++ b/tests/unit/Settings/AdminTest.php
@@ -80,6 +80,10 @@ class AdminTest extends \Test\TestCase {
];
$securityGeneral = [
'lowercaseUrlencoding' => 'ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.',
+ 'signatureAlgorithm' => [
+ 'type' => 'line',
+ 'text' => 'Algorithm that the toolkit will use on signing process.'
+ ]
];
$generalSettings = [
'idp0_display_name' => [