diff options
Diffstat (limited to 'internal/configuration/schema')
| -rw-r--r-- | internal/configuration/schema/const.go | 28 | ||||
| -rw-r--r-- | internal/configuration/schema/identity_providers.go | 5 | ||||
| -rw-r--r-- | internal/configuration/schema/keys.go | 1 | ||||
| -rw-r--r-- | internal/configuration/schema/server.go | 42 | ||||
| -rw-r--r-- | internal/configuration/schema/types.go | 2 |
5 files changed, 58 insertions, 20 deletions
diff --git a/internal/configuration/schema/const.go b/internal/configuration/schema/const.go index 52c92d591..d5de64444 100644 --- a/internal/configuration/schema/const.go +++ b/internal/configuration/schema/const.go @@ -125,8 +125,32 @@ const ( ) const ( - blockCERTIFICATE = "CERTIFICATE" - blockRSAPRIVATEKEY = "RSA PRIVATE KEY" + blockCERTIFICATE = "CERTIFICATE" +) + +// Authorization Schemes. +const ( + SchemeBasic = "basic" + SchemeBearer = "bearer" +) + +// Authz values. +const ( + AuthzEndpointNameLegacy = "legacy" + AuthzEndpointNameAuthRequest = "auth-request" + AuthzEndpointNameExtAuthz = "ext-authz" + AuthzEndpointNameForwardAuth = "forward-auth" + + AuthzImplementationLegacy = "Legacy" + AuthzImplementationAuthRequest = "AuthRequest" + AuthzImplementationExtAuthz = "ExtAuthz" + AuthzImplementationForwardAuth = "ForwardAuth" + + AuthzStrategyHeaderCookieSession = "CookieSession" + AuthzStrategyHeaderAuthorization = "HeaderAuthorization" + AuthzStrategyHeaderProxyAuthorization = "HeaderProxyAuthorization" + AuthzStrategyHeaderAuthRequestProxyAuthorization = "HeaderAuthRequestProxyAuthorization" + AuthzStrategyHeaderLegacy = "HeaderLegacy" ) const ( diff --git a/internal/configuration/schema/identity_providers.go b/internal/configuration/schema/identity_providers.go index e755ba45b..2d1f6fcad 100644 --- a/internal/configuration/schema/identity_providers.go +++ b/internal/configuration/schema/identity_providers.go @@ -16,8 +16,8 @@ type IdentityProvidersOpenIDConnect struct { HMACSecret string `koanf:"hmac_secret" json:"hmac_secret" jsonschema:"title=HMAC Secret" jsonschema_description:"The HMAC Secret used to sign Access Tokens."` IssuerPrivateKeys []JWK `koanf:"issuer_private_keys" json:"issuer_private_keys" jsonschema:"title=Issuer Private Keys" jsonschema_description:"The Private Keys used to sign ID Tokens."` - IssuerCertificateChain X509CertificateChain `koanf:"issuer_certificate_chain" json:"issuer_certificate_chain" jsonschema:"title=Issuer Certificate Chain" jsonschema_description:"The Issuer Certificate Chain with an RSA Public Key used to sign ID Tokens."` - IssuerPrivateKey *rsa.PrivateKey `koanf:"issuer_private_key" json:"issuer_private_key" jsonschema:"title=Issuer Private Key" jsonschema_description:"The Issuer Private Key with an RSA Private Key used to sign ID Tokens."` + IssuerCertificateChain X509CertificateChain `koanf:"issuer_certificate_chain" json:"issuer_certificate_chain" jsonschema:"title=Issuer Certificate Chain,deprecated" jsonschema_description:"The Issuer Certificate Chain with an RSA Public Key used to sign ID Tokens."` + IssuerPrivateKey *rsa.PrivateKey `koanf:"issuer_private_key" json:"issuer_private_key" jsonschema:"title=Issuer Private Key,deprecated" jsonschema_description:"The Issuer Private Key with an RSA Private Key used to sign ID Tokens."` EnableClientDebugMessages bool `koanf:"enable_client_debug_messages" json:"enable_client_debug_messages" jsonschema:"default=false,title=Enable Client Debug Messages" jsonschema_description:"Enables additional debug messages for clients."` MinimumParameterEntropy int `koanf:"minimum_parameter_entropy" json:"minimum_parameter_entropy" jsonschema:"default=8,minimum=-1,title=Minimum Parameter Entropy" jsonschema_description:"The minimum entropy of the nonce parameter."` @@ -61,6 +61,7 @@ type IdentityProvidersOpenIDConnectDiscovery struct { ResponseObjectSigningAlgs []string RequestObjectSigningAlgs []string JWTResponseAccessTokens bool + BearerAuthorization bool } type IdentityProvidersOpenIDConnectLifespans struct { diff --git a/internal/configuration/schema/keys.go b/internal/configuration/schema/keys.go index de96acdb3..52a5e5a4a 100644 --- a/internal/configuration/schema/keys.go +++ b/internal/configuration/schema/keys.go @@ -318,6 +318,7 @@ var Keys = []string{ "server.endpoints.authz.*.implementation", "server.endpoints.authz.*.authn_strategies", "server.endpoints.authz.*.authn_strategies[].name", + "server.endpoints.authz.*.authn_strategies[].schemes", "server.buffers.read", "server.buffers.write", "server.timeouts.read", diff --git a/internal/configuration/schema/server.go b/internal/configuration/schema/server.go index bc9069c43..2a5e4f299 100644 --- a/internal/configuration/schema/server.go +++ b/internal/configuration/schema/server.go @@ -45,7 +45,8 @@ type ServerEndpointsAuthz struct { // ServerEndpointsAuthzAuthnStrategy is the Authz endpoints configuration for the HTTP server. type ServerEndpointsAuthzAuthnStrategy struct { - Name string `koanf:"name" json:"name" jsonschema:"enum=HeaderAuthorization,enum=HeaderProxyAuthorization,enum=HeaderAuthRequestProxyAuthorization,enum=HeaderLegacy,enum=CookieSession,title=Name" jsonschema_description:"The name of the Authorization strategy to use."` + Name string `koanf:"name" json:"name" jsonschema:"enum=HeaderAuthorization,enum=HeaderProxyAuthorization,enum=HeaderAuthRequestProxyAuthorization,enum=HeaderLegacy,enum=CookieSession,title=Name" jsonschema_description:"The name of the Authorization strategy to use."` + Schemes []string `koanf:"schemes" json:"schemes" jsonschema:"enum=basic,enum=bearer,default=basic,title=Authorization Schemes" jsonschema_description:"The name of the authorization schemes to allow with the header strategies."` } // ServerTLS represents the configuration of the http servers TLS options. @@ -74,39 +75,50 @@ var DefaultServerConfiguration = Server{ }, Endpoints: ServerEndpoints{ Authz: map[string]ServerEndpointsAuthz{ - "legacy": { - Implementation: "Legacy", + AuthzEndpointNameLegacy: { + Implementation: AuthzImplementationLegacy, + AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ + { + Name: AuthzStrategyHeaderLegacy, + }, + { + Name: AuthzStrategyHeaderCookieSession, + }, + }, }, - "auth-request": { - Implementation: "AuthRequest", + AuthzEndpointNameAuthRequest: { + Implementation: AuthzImplementationAuthRequest, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { - Name: "HeaderAuthRequestProxyAuthorization", + Name: AuthzStrategyHeaderAuthorization, + Schemes: []string{SchemeBasic}, }, { - Name: "CookieSession", + Name: AuthzStrategyHeaderCookieSession, }, }, }, - "forward-auth": { - Implementation: "ForwardAuth", + AuthzEndpointNameExtAuthz: { + Implementation: AuthzImplementationExtAuthz, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { - Name: "HeaderProxyAuthorization", + Name: AuthzStrategyHeaderAuthorization, + Schemes: []string{SchemeBasic}, }, { - Name: "CookieSession", + Name: AuthzStrategyHeaderCookieSession, }, }, }, - "ext-authz": { - Implementation: "ExtAuthz", + AuthzEndpointNameForwardAuth: { + Implementation: AuthzImplementationForwardAuth, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { - Name: "HeaderProxyAuthorization", + Name: AuthzStrategyHeaderAuthorization, + Schemes: []string{SchemeBasic}, }, { - Name: "CookieSession", + Name: AuthzStrategyHeaderCookieSession, }, }, }, diff --git a/internal/configuration/schema/types.go b/internal/configuration/schema/types.go index 7f0497c51..a7705db1f 100644 --- a/internal/configuration/schema/types.go +++ b/internal/configuration/schema/types.go @@ -604,7 +604,7 @@ var jsonschemaACLNetwork = jsonschema.Schema{ var jsonschemaACLSubject = jsonschema.Schema{ Type: jsonschema.TypeString, - Pattern: "^(user|group):.+$", + Pattern: "^(user|group|oauth2:client:):.+$", } var jsonschemaACLMethod = jsonschema.Schema{ |