Client & Central Controller updates to support additonal OIDC features (#1848)

Client side:
* Fix compatibility with OneLogin
* Requested scopes vary by OIDC provider. Different providers have different

Controller side:
*Update Postgres queries to latest Central schema
* Added Central Controller support for the different providers
* Base OIDC provider details are still attached to an org. Client ID & group/email lists are now associated with individual networks.
This commit is contained in:
Grant Limberg 2023-01-19 15:39:15 -08:00 committed by GitHub
parent a59f82093a
commit 0ae09577f6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 175 additions and 68 deletions

View file

@ -195,6 +195,8 @@ namespace ZeroTier {
#define ZT_NETWORKCONFIG_DICT_KEY_STATE "ssos"
// client ID
#define ZT_NETWORKCONFIG_DICT_KEY_CLIENT_ID "ssocid"
// SSO Provider
#define ZT_NETWORKCONFIG_DICT_KEY_SSO_PROVIDER "ssop"
// AuthInfo fields -- used by ncSendError for sso
@ -212,6 +214,8 @@ namespace ZeroTier {
#define ZT_AUTHINFO_DICT_KEY_STATE "aS"
// Client ID
#define ZT_AUTHINFO_DICT_KEY_CLIENT_ID "aCID"
// SSO Provider
#define ZT_AUTHINFO_DICT_KEY_SSO_PROVIDER "aSSOp"
// Legacy fields -- these are obsoleted but are included when older clients query
@ -289,6 +293,7 @@ public:
memset(ssoNonce, 0, sizeof(ssoNonce));
memset(ssoState, 0, sizeof(ssoState));
memset(ssoClientID, 0, sizeof(ssoClientID));
strncpy(ssoProvider, "default", sizeof(ssoProvider));
}
/**
@ -699,6 +704,15 @@ public:
* oidc client id
*/
char ssoClientID[256];
/**
* oidc provider
*
* because certain providers require specific scopes to be requested
* and others to be not requested in order to make everything work
* correctly
**/
char ssoProvider[64];
};
} // namespace ZeroTier