* * @author Lukas Reschke * * @license GNU AGPL version 3 or any later version * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . * */ namespace OCA\User_SAML\Settings; use OCP\AppFramework\Http\TemplateResponse; use OCP\IL10N; use OCP\IURLGenerator; use OCP\Settings\ISettings; class Admin implements ISettings { /** @var IL10N */ private $l10n; /** @var IURLGenerator */ private $urlGenerator; /** * @param IL10N $l10n * @param IURLGenerator $urlGenerator */ public function __construct(IL10N $l10n, IURLGenerator $urlGenerator) { $this->l10n = $l10n; $this->urlGenerator = $urlGenerator; } /** * @return TemplateResponse */ public function getForm() { $serviceProviderFields = [ 'x509cert' => $this->l10n->t('X.509 certificate of the Service Provider'), 'privateKey' => $this->l10n->t('Private key of the Service Provider'), ]; $securityOfferFields = [ 'nameIdEncrypted' => $this->l10n->t('Indicates that the nameID of the sent by this SP will be encrypted.'), 'authnRequestsSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed. [Metadata of the SP will offer this info]'), 'logoutRequestSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed.'), 'logoutResponseSigned' => $this->l10n->t('Indicates whether the messages sent by this SP will be signed.'), 'signMetadata' => $this->l10n->t('Whether the metadata should be signed.'), ]; $securityRequiredFields = [ 'wantMessagesSigned' => $this->l10n->t('Indicates a requirement for the , and elements received by this SP to be signed.'), 'wantAssertionsSigned' => $this->l10n->t('Indicates a requirement for the elements received by this SP to be signed. [Metadata of the SP will offer this info]'), 'wantAssertionsEncrypted' => $this->l10n->t('Indicates a requirement for the elements received by this SP to be encrypted.'), 'wantNameId' => $this->l10n->t(' Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.'), 'wantNameIdEncrypted' => $this->l10n->t('Indicates a requirement for the NameID received by this SP to be encrypted.'), 'wantXMLValidation' => $this->l10n->t('Indicates if the SP will validate all received XMLs.'), ]; $generalSettings = [ 'uid_mapping' => [ 'text' => $this->l10n->t('Attribute to map the UID to.'), 'type' => 'line', 'required' => true, ], 'require_provisioned_account' => [ 'text' => $this->l10n->t('Only allow authentication if an account is existent on some other backend. (e.g. LDAP)'), 'type' => 'checkbox', ], ]; $params = [ 'sp' => $serviceProviderFields, 'security-offer' => $securityOfferFields, 'security-required' => $securityRequiredFields, 'general' => $generalSettings, ]; return new TemplateResponse('user_saml', 'admin', $params); } /** * @return string the section ID, e.g. 'sharing' */ public function getSection() { return 'saml'; } /** * @return int whether the form should be rather on the top or bottom of * the admin section. The forms are arranged in ascending order of the * priority values. It is required to return a value between 0 and 100. * * keep the server setting at the top, right after "server settings" */ public function getPriority() { return 0; } }