SHIBUI-855 Added forceAuthN attribute

TIER · Sep 25, 2018 · b38c899 · b38c899
1 parent 6abc0a3
commit b38c899
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 0 deletions.
diff --git a/backend/src/main/resources/i18n/messages_en.properties b/backend/src/main/resources/i18n/messages_en.properties
@@ -322,6 +322,7 @@ label.attribute-eduPersonEntitlement=eduPersonEntitlement
 label.attribute-eduPersonAssurance=eduPersonAssurance
 label.attribute-eduPersonUniqueId=eduPersonUniqueId
 label.attribute-employeeNumber=employeeNumber
+label.force-authn=Force AuthN
 
 message.must-be-unique=Must be unique.
 message.name-must-be-unique=Name must be unique.
@@ -356,6 +357,7 @@ message.entity-id-min-unique=You must add at least one entity id target and they
 message.required-for-scripts=Required for Scripts
 message.required-for-regex=Required for Regex
 
+tooltip.force-authn=Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process
 tooltip.service-provider-name-dashboard-display-only=Service Provider Name (Dashboard Display Only)
 tooltip.service-provider-entity-id=Service Provider Entity ID
 tooltip.organization-name=Organization Name

diff --git a/backend/src/main/resources/i18n/messages_es.properties b/backend/src/main/resources/i18n/messages_es.properties
@@ -322,6 +322,7 @@ label.attribute-eduPersonEntitlement=(es) eduPersonEntitlement
 label.attribute-eduPersonAssurance=(es) eduPersonAssurance
 label.attribute-eduPersonUniqueId=(es) eduPersonUniqueId
 label.attribute-employeeNumber=(es) employeeNumber
+label.force-authn=(es) Force AuthN
 
 message.must-be-unique=(es) Must be unique.
 message.name-must-be-unique=(es) Name must be unique.
@@ -356,6 +357,7 @@ message.entity-id-min-unique=(es) You must add at least one entity id target and
 message.required-for-scripts=(es) Required for Scripts
 message.required-for-regex=(es) Required for Regex
 
+tooltip.force-authn=(es) Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process
 tooltip.service-provider-name-dashboard-display-only=(es) Service Provider Name (Dashboard Display Only)
 tooltip.service-provider-entity-id=(es) Service Provider Entity ID
 tooltip.organization-name=(es) Organization Name

diff --git a/ui/src/app/metadata/domain/component/forms/relying-party-form.component.html b/ui/src/app/metadata/domain/component/forms/relying-party-form.component.html
@@ -147,6 +147,23 @@
                     [attr.aria-label]="'tooltip.instruction' | translate"></i>
             </fieldset>
         </div>
+        <div class="form-group">
+            <fieldset aria-label="Force Authn? Checkbox - select for yes">
+                <div class="custom-control custom-checkbox custom-control-inline custom-control-reverse">
+                    <input disableValidation="true" type="checkbox" class="custom-control-input" formControlName="forceAuthn"
+                        [value]="true" id="forceAuthn" role="checkbox" aria-checked="false">
+                    <label class="custom-control-label" translate="label.force-authn" for="forceAuthn">
+                        Force AuthN
+                    </label>
+                </div>
+                <ng-template #tooltipForceAuthn>
+                    <translate-i18n key="tooltip.force-authn">Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user
+                    presence in the login process</translate-i18n>
+                </ng-template>
+                <i class="info-icon fa fa-fw fa-info-circle text-primary fa-lg" [ngbPopover]="tooltipForceAuthn"
+                    [attr.aria-label]="'tooltip.instruction' | translate"></i>
+            </fieldset>
+        </div>
         <div class="form-group">
             <fieldset aria-label="Omit not before condition? Checkbox - select for yes">
                 <div class="custom-control custom-checkbox custom-control-inline custom-control-reverse">

diff --git a/ui/src/app/metadata/domain/component/forms/relying-party-form.component.ts b/ui/src/app/metadata/domain/component/forms/relying-party-form.component.ts
@@ -46,6 +46,7 @@ export class RelyingPartyFormComponent extends ProviderFormFragmentComponent imp
                 turnOffEncryption: false,
                 useSha: false,
                 ignoreAuthenticationMethod: false,
+                forceAuthn: false,
                 omitNotBefore: false,
                 responderId: '',
                 nameIdFormats: this.nameIdFormatList,

diff --git a/ui/src/assets/schema/filter/entity-attributes.schema.json b/ui/src/assets/schema/filter/entity-attributes.schema.json
@@ -123,6 +123,12 @@
                     "type": "boolean",
                     "default": false
                 },
+                "forceAuthn": {
+                    "title": "label.force-authn",
+                    "description": "tooltip.force-authn",
+                    "type": "boolean",
+                    "default": false
+                },
                 "omitNotBefore": {
                     "title": "label.omit-not-before-condition",
                     "type": "boolean",