Skip to content

[NEW] Setting to configure SAML context comparison #15229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sampaiodiego merged 4 commits into from
Sep 19, 2019
Merged

[NEW] Setting to configure SAML context comparison #15229

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
75f028f
Add new setting to configure SAML context comparison
pierre-lehnen-rc Aug 21, 2019
9b51478
Use setting values as i18n keys instead of the setting name+value
pierre-lehnen-rc Sep 19, 2019
4d32164
Merge branch 'develop' into saml-add-setting-to-configure-context-com…
sampaiodiego Sep 19, 2019
a542e27
Improve i18n order
sampaiodiego Sep 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions app/meteor-accounts-saml/server/saml_rocketchat.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,18 @@ Meteor.methods({
section: name,
i18nLabel: 'SAML_Custom_Authn_Context',
});
settings.add(`SAML_Custom_${ name }_authn_context_comparison`, 'exact', {
type: 'select',
values: [
{ key: 'better', i18nLabel: 'Better' },
{ key: 'exact', i18nLabel: 'Exact' },
{ key: 'maximum', i18nLabel: 'Maximum' },
{ key: 'minimum', i18nLabel: 'Minimum' },
],
group: 'SAML',
section: name,
i18nLabel: 'SAML_Custom_Authn_Context_Comparison',
});

settings.add(`SAML_Custom_${ name }_default_user_role`, 'user', {
type: 'string',
Expand Down Expand Up @@ -208,6 +220,7 @@ const getSamlConfigs = function(service) {
issuer: settings.get(`${ service.key }_issuer`),
logoutBehaviour: settings.get(`${ service.key }_logout_behaviour`),
customAuthnContext: settings.get(`${ service.key }_custom_authn_context`),
authnContextComparison: settings.get(`${ service.key }_authn_context_comparison`),
defaultUserRole: settings.get(`${ service.key }_default_user_role`),
roleAttributeName: settings.get(`${ service.key }_role_attribute_name`),
secret: {
Expand Down Expand Up @@ -261,6 +274,7 @@ const configureSamlService = function(samlConfigs) {
privateCert,
privateKey,
customAuthnContext: samlConfigs.customAuthnContext,
authnContextComparison: samlConfigs.authnContextComparison,
defaultUserRole: samlConfigs.defaultUserRole,
roleAttributeName: samlConfigs.roleAttributeName,
};
Expand Down
3 changes: 2 additions & 1 deletion app/meteor-accounts-saml/server/saml_utils.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,9 +96,10 @@ SAML.prototype.generateAuthorizeRequest = function(req) {
request += `<samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="${ this.options.identifierFormat }" AllowCreate="true"></samlp:NameIDPolicy>\n`;
}

const authnContextComparison = this.options.authnContextComparison || 'exact';
const authnContext = this.options.customAuthnContext || 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport';
request
+= '<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">'
+= `<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="${ authnContextComparison }">`
+ `<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">${ authnContext }</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n`
+ '</samlp:AuthnRequest>';

Expand Down
5 changes: 5 additions & 0 deletions packages/rocketchat-i18n/i18n/en.i18n.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -460,6 +460,7 @@
"ban-user": "Ban User",
"ban-user_description": "Permission to ban a user from a channel",
"Beta_feature_Depends_on_Video_Conference_to_be_enabled": "Beta feature. Depends on Video Conference to be enabled.",
"Better": "Better",
"Best_first_response_time": "Best first response time",
"Block_User": "Block User",
"Blockchain": "Blockchain",
Expand Down Expand Up @@ -1341,6 +1342,7 @@
"every_six_hours": "Once every six hours",
"every_day": "Once every day",
"Everyone_can_access_this_channel": "Everyone can access this channel",
"Exact": "Exact",
"Example_s": "Example: <code class=\"inline\">%s</code>",
"Exclude_Botnames": "Exclude Bots",
"Exclude_Botnames_Description": "Do not propagate messages from bots whose name matches the regular expression above. If left empty, all messages from bots will be propagated.",
Expand Down Expand Up @@ -2068,6 +2070,7 @@
"Max_length_is": "Max length is %s",
"Max_number_incoming_livechats_displayed": "Max number of items displayed in the queue",
"Max_number_incoming_livechats_displayed_description": "(Optional) Max number of items displayed in the incoming Livechats queue.",
"Maximum": "Maximum",
"Media": "Media",
"Medium": "Medium",
"Members_List": "Members List",
Expand Down Expand Up @@ -2176,6 +2179,7 @@
"meteor_status_try_now_waiting": "Try now",
"meteor_status_try_now_offline": "Connect again",
"Min_length_is": "Min length is %s",
"Minimum": "Minimum",
"Minimum_balance": "Minimum balance",
"minutes": "minutes",
"Mobile": "Mobile",
Expand Down Expand Up @@ -2660,6 +2664,7 @@
"Same_Style_For_Mentions": "Same style for mentions",
"SAML": "SAML",
"SAML_Custom_Authn_Context": "Custom Authn Context",
"SAML_Custom_Authn_Context_Comparison": "Authn Context Comparison",
"SAML_Custom_Cert": "Custom Certificate",
"SAML_Custom_Debug": "Enable Debug",
"SAML_Custom_Entry_point": "Custom Entry Point",
Expand Down