mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-23 02:04:46 +02:00
[Web] add ignore ssl option for keycloak and generic-oidc provider
This commit is contained in:
parent
ec4b9b088c
commit
c8c4cfd939
@ -2222,6 +2222,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$_data['ignore_ssl_error'] = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
|
||||
switch ($_data['authsource']) {
|
||||
case "keycloak":
|
||||
$_data['server_url'] = (!empty($_data['server_url'])) ? rtrim($_data['server_url'], '/') : null;
|
||||
@ -2230,14 +2231,14 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
||||
$_data['import_users'] = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
|
||||
$_data['sync_interval'] = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
|
||||
$_data['sync_interval'] = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
|
||||
$required_settings = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval');
|
||||
$required_settings = array('authsource', 'server_url', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version', 'mailpassword_flow', 'periodic_sync', 'import_users', 'sync_interval', 'ignore_ssl_error');
|
||||
break;
|
||||
case "generic-oidc":
|
||||
$_data['authorize_url'] = (!empty($_data['authorize_url'])) ? $_data['authorize_url'] : null;
|
||||
$_data['token_url'] = (!empty($_data['token_url'])) ? $_data['token_url'] : null;
|
||||
$_data['userinfo_url'] = (!empty($_data['userinfo_url'])) ? $_data['userinfo_url'] : null;
|
||||
$_data['client_scopes'] = (!empty($_data['client_scopes'])) ? $_data['client_scopes'] : "openid profile email";
|
||||
$required_settings = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes');
|
||||
$required_settings = array('authsource', 'authorize_url', 'token_url', 'client_id', 'client_secret', 'redirect_url', 'userinfo_url', 'client_scopes', 'ignore_ssl_error');
|
||||
break;
|
||||
case "ldap":
|
||||
$_data['host'] = (!empty($_data['host'])) ? str_replace(" ", "", $_data['host']) : "";
|
||||
@ -2249,7 +2250,6 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
||||
$_data['import_users'] = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
|
||||
$_data['use_ssl'] = isset($_data['use_ssl']) ? boolval($_data['use_ssl']) : false;
|
||||
$_data['use_tls'] = isset($_data['use_tls']) && !$_data['use_ssl'] ? boolval($_data['use_tls']) : false;
|
||||
$_data['ignore_ssl_error'] = isset($_data['ignore_ssl_error']) ? boolval($_data['ignore_ssl_error']) : false;
|
||||
$_data['sync_interval'] = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
|
||||
$_data['sync_interval'] = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
|
||||
$required_settings = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval', 'use_ssl', 'use_tls', 'ignore_ssl_error');
|
||||
@ -2416,6 +2416,13 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
||||
case "keycloak":
|
||||
if ($settings['server_url'] && $settings['realm'] && $settings['client_id'] &&
|
||||
$settings['client_secret'] && $settings['redirect_url'] && $settings['version']){
|
||||
$guzzyClient = new GuzzleHttp\Client([
|
||||
'defaults' => [
|
||||
\GuzzleHttp\RequestOptions::CONNECT_TIMEOUT => 5,
|
||||
\GuzzleHttp\RequestOptions::ALLOW_REDIRECTS => true],
|
||||
\GuzzleHttp\RequestOptions::VERIFY => !$settings['ignore_ssl_error'],
|
||||
]
|
||||
);
|
||||
$provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([
|
||||
'authServerUrl' => $settings['server_url'],
|
||||
'realm' => $settings['realm'],
|
||||
@ -2427,11 +2434,19 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
||||
// 'encryptionKeyPath' => '../key.pem' // optional
|
||||
// 'encryptionKey' => 'contents_of_key_or_certificate' // optional
|
||||
]);
|
||||
$provider->setHttpClient($guzzyClient);
|
||||
}
|
||||
break;
|
||||
case "generic-oidc":
|
||||
if ($settings['client_id'] && $settings['client_secret'] && $settings['redirect_url'] &&
|
||||
$settings['authorize_url'] && $settings['token_url'] && $settings['userinfo_url']){
|
||||
$guzzyClient = new GuzzleHttp\Client([
|
||||
'defaults' => [
|
||||
\GuzzleHttp\RequestOptions::CONNECT_TIMEOUT => 5,
|
||||
\GuzzleHttp\RequestOptions::ALLOW_REDIRECTS => true],
|
||||
\GuzzleHttp\RequestOptions::VERIFY => !$settings['ignore_ssl_error'],
|
||||
]
|
||||
);
|
||||
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
|
||||
'clientId' => $settings['client_id'],
|
||||
'clientSecret' => $settings['client_secret'],
|
||||
@ -2441,6 +2456,7 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
||||
'urlResourceOwnerDetails' => $settings['userinfo_url'],
|
||||
'scopes' => $settings['client_scopes']
|
||||
]);
|
||||
$provider->setHttpClient($guzzyClient);
|
||||
}
|
||||
break;
|
||||
case "ldap":
|
||||
@ -2468,7 +2484,6 @@ function identity_provider($_action = null, $_data = null, $_extra = null) {
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
return $provider;
|
||||
break;
|
||||
case "verify-sso":
|
||||
|
@ -157,6 +157,16 @@
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row mb-2">
|
||||
<div class="col-md-3 d-flex align-items-center justify-content-md-end">
|
||||
<label class="control-label">{{ lang.admin.ignore_ssl_error }}</label>
|
||||
</div>
|
||||
<div class="col-12 col-md-9">
|
||||
<div class="form-check form-switch">
|
||||
<input class="form-check-input" type="checkbox" role="switch" name="ignore_ssl_error" value="1" {% if iam_settings.ignore_ssl_error == 1 %}checked{% endif %}>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row mb-2">
|
||||
<div class="col-md-3 d-flex align-items-center justify-content-md-end">
|
||||
<label class="control-label">{{ lang.admin.iam_periodic_full_sync }}</label>
|
||||
@ -316,6 +326,16 @@
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
<div class="row mb-4">
|
||||
<div class="col-md-3 d-flex align-items-center justify-content-md-end">
|
||||
<label class="control-label">{{ lang.admin.ignore_ssl_error }}</label>
|
||||
</div>
|
||||
<div class="col-12 col-md-9">
|
||||
<div class="form-check form-switch">
|
||||
<input class="form-check-input" type="checkbox" role="switch" name="ignore_ssl_error" value="1" {% if iam_settings.ignore_ssl_error == 1 %}checked{% endif %}>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row mt-4 mb-2">
|
||||
<div class="offset-md-3 col-12 col-md-9 d-flex flex-wrap">
|
||||
<div class="btn-group mb-2">
|
||||
|
Loading…
Reference in New Issue
Block a user