--- loncom/interface/domainprefs.pm 2021/09/27 03:26:24 1.387
+++ loncom/interface/domainprefs.pm 2021/10/07 15:51:15 1.388
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.387 2021/09/27 03:26:24 raeburn Exp $
+# $Id: domainprefs.pm,v 1.388 2021/10/07 15:51:15 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -7518,7 +7518,7 @@ sub print_wafproxy {
my $itemcount = 0;
my $datatable;
my %servers = &Apache::lonnet::internet_dom_servers($dom);
- my (%othercontrol,%otherdoms,%aliases,%values,$setdom,$showdom);
+ my (%othercontrol,%otherdoms,%aliases,%saml,%values,$setdom,$showdom);
my %lt = &wafproxy_titles();
foreach my $server (sort(keys(%servers))) {
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
@@ -7543,6 +7543,9 @@ sub print_wafproxy {
$showdom = 1;
}
}
+ if (ref($settings->{'saml'}) eq 'HASH') {
+ $saml{$dom} = $settings->{'saml'};
+ }
}
}
}
@@ -7562,6 +7565,9 @@ sub print_wafproxy {
my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain);
if (ref($config{'wafproxy'}) eq 'HASH') {
$aliases{$domain} = $config{'wafproxy'}{'alias'};
+ if (exists($config{'wafproxy'}{'saml'})) {
+ $saml{$domain} = $config{'wafproxy'}{'saml'};
+ }
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
$values{$domain}{$item} = $config{'wafproxy'}{$item};
}
@@ -7580,14 +7586,22 @@ sub print_wafproxy {
''.&Apache::lonnet::hostname($server).'| | ';
if ($othercontrol{$server}) {
$dom_in_effect = $othercontrol{$server};
- my $current;
+ my ($current,$forsaml);
if (ref($aliases{$dom_in_effect}) eq 'HASH') {
$current = $aliases{$dom_in_effect}{$server};
}
+ if (ref($saml{$dom_in_effect}) eq 'HASH') {
+ if ($saml{$dom_in_effect}{$server}) {
+ $forsaml = 1;
+ }
+ }
$aliasrows .= ''.
&mt('Alias').': ';
if ($current) {
$aliasrows .= $current;
+ if ($forsaml) {
+ $aliasrows .= ' ('.&mt('also for Shibboleth').')';
+ }
} else {
$aliasrows .= &mt('None');
}
@@ -7596,16 +7610,30 @@ sub print_wafproxy {
''.$dom_in_effect.'').') | ';
} else {
$dom_in_effect = $dom;
- my $current;
+ my ($current,$samlon,$samloff);
+ $samloff = ' checked="checked"';
if (ref($aliases{$dom}) eq 'HASH') {
if ($aliases{$dom}{$server}) {
$current = $aliases{$dom}{$server};
}
}
+ if (ref($saml{$dom}) eq 'HASH') {
+ if ($saml{$dom}{$server}) {
+ $samlon = $samloff;
+ undef($samloff);
+ }
+ }
$aliasrows .= ''.
&mt('Alias').': '.
' | ';
+ 'value="'.$current.'" size="30" />'.
+ (' 'x2).''.
+ &mt('Alias used for Shibboleth').': '.
+ '';
}
$aliasrows .= '';
$aliasinfo{$dom_in_effect} .= $aliasrows;
@@ -20236,8 +20264,8 @@ sub modify_selfenrollment {
sub modify_wafproxy {
my ($dom,$action,$lastactref,%domconfig) = @_;
my %servers = &Apache::lonnet::internet_dom_servers($dom);
- my (%othercontrol,%canset,%values,%curralias,%currvalue,@warnings,%wafproxy,
- %changes,%expirecache);
+ my (%othercontrol,%canset,%values,%curralias,%currsaml,%currvalue,@warnings,
+ %wafproxy,%changes,%expirecache,%expiresaml);
foreach my $server (sort(keys(%servers))) {
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
if ($serverhome eq $server) {
@@ -20252,6 +20280,9 @@ sub modify_wafproxy {
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
%curralias = %{$domconfig{'wafproxy'}{'alias'}};
}
+ if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') {
+ %currsaml = %{$domconfig{'wafproxy'}{'saml'}};
+ }
foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
$currvalue{$item} = $domconfig{'wafproxy'}{$item};
}
@@ -20259,6 +20290,7 @@ sub modify_wafproxy {
my $output;
if (keys(%canset)) {
%{$wafproxy{'alias'}} = ();
+ %{$wafproxy{'saml'}} = ();
foreach my $key (sort(keys(%canset))) {
if ($env{'form.wafproxy_'.$dom}) {
$wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key};
@@ -20266,11 +20298,21 @@ sub modify_wafproxy {
if ($wafproxy{'alias'}{$key} ne $curralias{$key}) {
$changes{'alias'} = 1;
}
+ if ($env{'form.wafproxy_alias_saml_'.$key}) {
+ $wafproxy{'saml'}{$key} = 1;
+ }
+ if ($wafproxy{'saml'}{$key} ne $currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
} else {
$wafproxy{'alias'}{$key} = '';
+ $wafproxy{'saml'}{$key} = '';
if ($curralias{$key}) {
$changes{'alias'} = 1;
}
+ if ($currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
}
if ($wafproxy{'alias'}{$key} eq '') {
if ($curralias{$key}) {
@@ -20278,11 +20320,20 @@ sub modify_wafproxy {
}
delete($wafproxy{'alias'}{$key});
}
+ if ($wafproxy{'saml'}{$key} eq '') {
+ if ($currsaml{$key}) {
+ $expiresaml{$key} = 1;
+ }
+ delete($wafproxy{'saml'}{$key});
+ }
}
unless (keys(%{$wafproxy{'alias'}})) {
delete($wafproxy{'alias'});
}
- # Localization for values in %warn occus in &mt() calls separately.
+ unless (keys(%{$wafproxy{'saml'}})) {
+ delete($wafproxy{'saml'});
+ }
+ # Localization for values in %warn occurs in &mt() calls separately.
my %warn = (
trusted => 'trusted IP range(s)',
vpnint => 'internal IP range(s) for VPN sessions(s)',
@@ -20350,6 +20401,9 @@ sub modify_wafproxy {
} else {
if (keys(%curralias)) {
$changes{'alias'} = 1;
+ }
+ if (keys(%currsaml)) {
+ $changes{'saml'} = 1;
}
if (keys(%currvalue)) {
foreach my $key (keys(%currvalue)) {
@@ -20402,6 +20456,23 @@ sub modify_wafproxy {
$lastactref->{'proxyalias'} = \%updates;
}
}
+ if ((exists($wafproxy{'saml'})) || (keys(%expiresaml))) {
+ my %samlupdates = %expiresaml;
+ foreach my $key (keys(%expiresaml)) {
+ &Apache::lonnet::devalidate_cache_new('proxysaml',$key);
+ }
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ my $cachetime = 24*60*60;
+ foreach my $key (keys(%{$wafproxy{'saml'}})) {
+ $samlupdates{$key} = 1;
+ &Apache::lonnet::do_cache_new('proxysaml',$key,$wafproxy{'saml'}{$key},
+ $cachetime);
+ }
+ }
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'proxysaml'} = \%samlupdates;
+ }
+ }
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'';
foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
@@ -20425,6 +20496,19 @@ sub modify_wafproxy {
unless ($numaliased) {
$output .= '- '.&mt('Aliases deleted for hostnames').'
';
}
+ } elsif ($item eq 'saml') {
+ my $shown;
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ if (keys(%{$wafproxy{'saml'}})) {
+ $shown = join(', ',sort(keys(%{$wafproxy{'saml'}})));
+ }
+ }
+ if ($shown) {
+ $output .= '- '.&mt('Alias used by Shibboleth for: [_1]',
+ $shown).'
';
+ } else {
+ $output .= '- '.&mt('No alias used for Shibboleth').'
';
+ }
} else {
if ($item eq 'remoteip') {
my %ip_methods = &remoteip_methods();
@@ -22218,7 +22302,7 @@ sub devalidate_remote_domconfs {
my %thismachine;
map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
my @posscached = ('domainconfig','domdefaults','ltitools','usersessions',
- 'directorysrch','passwdconf','cats','proxyalias');
+ 'directorysrch','passwdconf','cats','proxyalias','proxysaml');
my %cache_by_lonhost;
if (exists($cachekeys->{'samllanding'})) {
if (ref($cachekeys->{'samllanding'}) eq 'HASH') {
@@ -22244,7 +22328,7 @@ sub devalidate_remote_domconfs {
my @cached;
foreach my $name (@posscached) {
if ($cachekeys->{$name}) {
- if ($name eq 'proxyalias') {
+ if (($name eq 'proxyalias') || ($name eq 'proxysaml')) {
if (ref($cachekeys->{$name}) eq 'HASH') {
foreach my $key (keys(%{$cachekeys->{$name}})) {
push(@cached,&escape($name).':'.&escape($key));