feat: multiple fixes and enhancements

2022-08-03 21:06:02 +02:00
parent cd86b6d29a
commit cd4c8ceabe
10 changed files with 56 additions and 10 deletions
--- a/templates/cadoles-pod-hydra-remote-user-v1.conf.j2
+++ b/templates/cadoles-pod-hydra-remote-user-v1.conf.j2
@ -4,6 +4,7 @@ PODMAN_ARGS="\
    --replace --name 'cadoles-pod-hydra-remote-user-v1' \
    -v /etc/hydra-remote-user/conf.d:/var/www/config/remote_user \
    -v /etc/hydra-remote-user/apache.conf:/etc/apache2/sites-available/000-default.conf \
+    -v /etc/hosts:/etc/hosts:ro \
    -e APP_ENV=prod \
    -e 'APP_DEBUG={{ hydra_saml_debug }}' \
    -e 'HTTP_BASE_URL={{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}' \
--- a/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
+++ b/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
@ -3,6 +3,7 @@ PODMAN_ARGS="\
    --network=slirp4netns:allow_host_loopback=true \
    --replace --name 'cadoles-pod-shibboleth-sp-v3' \
    -e 'SP_ENTITY_ID={{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}' \
+    -e 'SP_LOG_LEVEL={{ hydra_saml_sp_log_level }}' \
    -e 'IDP_ENTITY_ID={{ hydra_saml_idp_entity_id }}' \
    -e 'IDP_METADATA_URL={{ hydra_saml_idp_metadata_url }}' \
    -e 'APACHE_BACKEND_URL=http://10.0.2.2:3003' \
@ -10,6 +11,9 @@ PODMAN_ARGS="\
    -e 'SP_HANDLER_BASE_PATH={{ haproxy_hydra_saml_base_path }}' \
    -e 'SP_SESSIONS_REDIRECT_LIMIT=host+allow' \
    -e 'SP_SESSIONS_REDIRECT_ALLOW={{ hydra_saml_allowed_redirects | join(',') }}' \
+    -e 'SP_INCLUDE_DEFAULT_ATTRIBUTES_MAPPING={{ hydra_saml_include_sp_default_attributes_mapping }}' \
+    -e 'SP_INCLUDE_DEFAULT_ATTRIBUTES_POLICY={{ hydra_saml_include_sp_default_attributes_policy }}' \
    -v '/etc/shibboleth/attribute-map.inc.xml:/etc/shibboleth/attribute-map.inc.xml' \
+    -v '/etc/shibboleth/attribute-policy.inc.xml:/etc/shibboleth/attribute-policy.inc.xml' \
    -v '/etc/shibboleth/credentials:/etc/shibboleth/credentials' \
 "
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@ -71,6 +71,7 @@ http-request set-header X-Forwarded-Port {{ haproxy_forwarded_port }}
 # Backend Hydra
 backend hydra
    balance roundrobin
+    http-request set-path %[path,regsub(^{{ haproxy_hydra_base_path }},)]
    server hydra 127.0.0.1:4444 check

 # Backend Hydra Dispatcher
--- a/templates/hydra-dispatcher-apps.yml.j2
+++ b/templates/hydra-dispatcher-apps.yml.j2
@ -7,9 +7,7 @@ hydra:
      login_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_passwordless_base_path }}/login"
      consent_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_passwordless_base_path }}/consent"
      logout_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_passwordless_base_path }}/logout"
-      attributes_rewrite_rules:
-        email:
-          - consent.session.id_token.email
+      attributes_rewrite_rules: {{ hydra_passwordless_attributes_rewrite_rules | to_json }}
      icon_url: "{{ hydra_passwordless_app_icon_url }}"
 {% endif %}
 {% if enable_hydra_saml %}
@ -19,8 +17,6 @@ hydra:
      login_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}/login"
      consent_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}/consent"
      logout_url: "{{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}/logout"
-      attributes_rewrite_rules:
-        email:
-          - consent.session.id_token.email
+      attributes_rewrite_rules: {{ hydra_saml_attributes_rewrite_rules | to_json }}
      icon_url: "{{ hydra_saml_app_icon_url }}"
 {% endif %}
--- a/templates/shibboleth-attribute-map.inc.xml.j2
+++ b/templates/shibboleth-attribute-map.inc.xml.j2
@ -1,3 +1,7 @@
 {% for item in saml_attributes %}
-<Attribute name="{{ item.name }}" nameFormat="{{ item.nameFormat }}" id="{{ item.id }}" />
+<Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}>
+    {% if item.attributeDecoder is defined %}
+        <AttributeDecoder {% for key,value in item.attributeDecoder.items() %}{{ key }}="{{ value }}" {% endfor %}/>
+    {% endif %}
+</Attribute>
 {% endfor %}
--- a/templates/shibboleth-attribute-policy.inc.xml.j2
+++ b/templates/shibboleth-attribute-policy.inc.xml.j2
@ -0,0 +1,14 @@
+{%- macro xmlnode(node) -%}
+<{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}>
+{% if node.children is defined %}
+{% for child in node.children %}
+    {{ xmlnode(child) }}
+{% endfor %}
+{% endif %}
+{% if node.children is defined %}
+</{{node.tag}}>
+{% endif %}
+{%- endmacro -%}
+{%- for node in saml_attribute_policies %}
+{{ xmlnode(node) }}
+{% endfor -%}