UI for OIDC

TIER · Sep 23, 2022 · 31e2f7d · 31e2f7d
1 parent 2369e03
commit 31e2f7d
Show file tree

Hide file tree

Showing 22 changed files with 1,229 additions and 263 deletions.
diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties
@@ -134,6 +134,9 @@ value.DOUBLE=Double
 value.DURATION=Duration
 value.SPRING_BEAN_ID=Spring Bean ID
 
+value.oidc=OIDC (OpenID Connect)
+value.saml=SAML
+
 brand.header.title=Source Management
 brand.logo-link-label=Shibboleth
 brand.logo-link-description=Link to Shibboleth Website
@@ -221,6 +224,7 @@ label.select-protocol=Select Protocol
 label.nameid-format=NameID Format
 label.nameid-formats=NameID Formats
 label.name-and-entity-id=Name and Entity ID
+label.name-and-entity-id-protocol=Name, Entity ID, Protocol
 label.organization-information=Organization Information
 label.contact-information=Contact Information
 label.given-name=Given Name
@@ -289,6 +293,9 @@ label.finish-summary-validation=Finished!
 label.select-entity-id-to-copy=Select the Entity ID to copy
 label.metadata-source-name-dashboard-display-only=Service Provider Name (Dashboard Display Only)
 label.new-entity-id=New Entity ID
+label.metadata-source-protocol=Identity Protocol
+label.select-source-protocol=Select Protocol
+
 label.sections-to-copy=Sections to Copy?
 label.add-a-new-metadata-resolver=Add a new metadata source
 label.how-are-you-adding-the-metadata-information=How are you adding the metadata information?
@@ -416,6 +423,7 @@ label.remove-empty-entities-descriptors=Remove Empty Entities Descriptors?
 
 label.select-metadata-provider-type=Select Metadata Provider Type
 label.select-metadata-filter-type=Select Metadata Filter Type
+label.select-metadata-source-protocol=Select Metadata Source Protocol
 label.filter-list=Filter List
 label.common-attributes=Common Attributes
 label.reloading-attributes=Reloading Attributes
@@ -631,6 +639,7 @@ message.session-timeout=An error has occurred while saving. Your session may hav
 
 tooltip.entity-id=An entityID is the SAML identifier that uniquely names a service provider.
 tooltip.service-provider-name=Service Provider Name (Dashboard Display Only)
+tooltip.metadata-source-protocol=Identity Protocol
 tooltip.force-authn=Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process
 tooltip.ignore-request-signatures=Whether to skip validation of signatures on requests when dealing with badly broken or incompetently operated services
 tooltip.service-provider-name-dashboard-display-only=Service Provider Name (Dashboard Display Only)
@@ -794,3 +803,58 @@ value.algorithm-cbc-tripledes=CBC (TRIPLEDES) - http://www.w3.org/2001/04/xmlenc
 
 message.algorithms-unique=Each algorithm may only be used once.
 
+label.oauth-rp-extensions=OAuth Relying Party Extensions
+
+label.post-logout-redirect-uris=Post Logout Redirect URIs
+tooltip.post-logout-redirect-uris=Each value is defined in an extension element.
+label.default-acr-values=Default ACR Values
+tooltip.default-acr-values=Each value is defined in an extension element.
+label.request-uris=Request URIs
+tooltip.request-uris=Each value is defined in an extension element.
+label.audience=Audience
+tooltip.audience=Each value is defined in an extension element (the element itself is a standard SAML element imported from the Assertion schema).The audience claim is not drawn from any standard, but an extension supported by Shibboleth to control/validate the “resource” parameter used in various OAuth protocol extensions, particularly in the client_credentials grant flow.
+
+label.client-uri=Client URI
+tooltip.client-uri=OPTIONAL. URL of the home page of the Client. The value of this field MUST point to a valid Web page.
+label.responseTypes=Response Types
+tooltip.response-types=OPTIONAL. JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring that it will restrict itself to using. If omitted, the default is that the Client will use only the code Response Type. 
+label.sector-identifier-uri=Sector Identifier URI
+tooltip.sector-identifier-uri=OPTIONAL. URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values.
+label.id-token-encrypted-response-alg=ID Token Encrypted Response Algorithm.
+tooltip.id-token-encrypted-response-alg=REQUIRED for encrypting the ID Token issued to this Client. If this is requested, the response will be signed then encrypted.
+label.application-type=Application Type
+tooltip.application-type=OPTIONAL. Kind of the application. The default, if omitted, is web. The defined values are native or web.
+label.token-endpoint-auth-signing-alg=Token Endpoint Auth Signing Algorithm
+tooltip.token-endpoint-auth-signing-alg=OPTIONAL. JWS [JWS] alg algorithm [JWA] that MUST be used for signing the JWT [JWT] used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods.
+label.id-token-encrypted-response-enc=ID Token Encrypted Response Encoding
+tooltip.id-token-encrypted-response-enc=OPTIONAL. JWE enc algorithm [JWA] REQUIRED for encrypting the ID Token issued to this Client.
+label.require-auth-time=Require Auth Time
+tooltip.require-auth-time=OPTIONAL. Boolean value specifying whether the auth_time Claim in the ID Token is REQUIRED.
+label.user-info-encrypted-response-enc=User Info Encrypted Response Encoding
+tooltip.user-info-encrypted-response-enc=OPTIONAL. JWE enc algorithm [JWA] REQUIRED for encrypting UserInfo Responses.
+label.user-info-signed-response-alg=User Info Signed Response Algorithm
+tooltip.user-info-signed-response-alg=OPTIONAL. JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses.
+label.user-info-encrypted-response-alg=User Info Encrypted Response Algorithm
+tooltip.user-info-encrypted-response-alg=OPTIONAL. JWE [JWE] alg algorithm [JWA] REQUIRED for encrypting UserInfo Responses.
+label.grant-types=Grant Types
+tooltip.grant-types=OPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Types that the Client is declaring that it will restrict itself to using.
+label.software-id=Software ID
+tooltip.software-id=Unique identifier of software.
+label.request-object-encryption-enc=Requse Object Encryption Encoding
+tooltip.request-object-encryption-enc=OPTIONAL. JWE enc algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP.
+label.initiate-login-uri=Initiate Login URI
+tooltip.initiate-login-uri=OPTIONAL. URI using the https scheme that a third party can use to initiate a login by the RP
+label.request-object-encryption-alg=Request Object Encryption Algorithm
+tooltip.request-object-encryption-alg=OPTIONAL. JWE [JWE] alg algorithm [JWA] the RP is declaring that it may use for encrypting Request Objects sent to the OP.
+label.token-endpoint-auth-method=Token Endpoint Auth Method
+tooltip.token-endpoint-auth-method=OPTIONAL. Requested Client Authentication method for the Token Endpoint.
+label.request-object-signing-alg=Request Object Signing Algorithm
+tooltip.request-object-signing-alg=OPTIONAL. JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP.
+label.scopes=Scopes
+tooltip.scopes=Multiple-valued claims that map directly into XML Attributes in a metadata extension element.
+label.id-token-signed-response-alg=ID Token Signed Response Algorithm
+tooltip.id-token-signed-response-alg=OPTIONAL. JWS alg algorithm [JWA] REQUIRED for signing the ID Token issued to this Client.
+label.software-version=Software Version
+tooltip.software-version=Version of Software
+label.default-max-age=Default Max Age
+tooltip.default-max-age=Specifies that the End-User MUST be actively authenticated if the End-User was authenticated longer ago than the specified number of seconds.
diff --git a/backend/src/main/resources/metadata-sources-ui-schema.json b/backend/src/main/resources/metadata-sources-ui-schema.json
@@ -1,10 +1,24 @@
 {
     "type": "object",
     "required": [
+        "protocol",
         "serviceProviderName",
         "entityId"
     ],
     "properties": {
+        "protocol": {
+          "title": "label.metadata-source-protocol",
+          "description": "tooltip.metadata-source-protocol",
+          "type": "string",
+          "enum": [
+            "OIDC",
+            "SAML"
+          ],
+          "enumNames": [
+            "value.oidc",
+            "value.saml"
+          ]
+        },
         "serviceProviderName": {
             "title": "label.service-provider-name",
             "description": "tooltip.service-provider-name",
@@ -40,9 +54,6 @@
         },
         "securityInfo": {
             "type": "object",
-            "widget": {
-                "id": "fieldset"
-            },
             "dependencies": {
                 "authenticationRequestsSigned": {
                     "oneOf": [