Client & Central Controller updates to support additonal OIDC features (#1848)
Client side: * Fix compatibility with OneLogin * Requested scopes vary by OIDC provider. Different providers have different Controller side: *Update Postgres queries to latest Central schema * Added Central Controller support for the different providers * Base OIDC provider details are still attached to an org. Client ID & group/email lists are now associated with individual networks.
This commit is contained in:
parent
a59f82093a
commit
0ae09577f6
11 changed files with 175 additions and 68 deletions
|
@ -195,6 +195,8 @@ namespace ZeroTier {
|
|||
#define ZT_NETWORKCONFIG_DICT_KEY_STATE "ssos"
|
||||
// client ID
|
||||
#define ZT_NETWORKCONFIG_DICT_KEY_CLIENT_ID "ssocid"
|
||||
// SSO Provider
|
||||
#define ZT_NETWORKCONFIG_DICT_KEY_SSO_PROVIDER "ssop"
|
||||
|
||||
// AuthInfo fields -- used by ncSendError for sso
|
||||
|
||||
|
@ -212,6 +214,8 @@ namespace ZeroTier {
|
|||
#define ZT_AUTHINFO_DICT_KEY_STATE "aS"
|
||||
// Client ID
|
||||
#define ZT_AUTHINFO_DICT_KEY_CLIENT_ID "aCID"
|
||||
// SSO Provider
|
||||
#define ZT_AUTHINFO_DICT_KEY_SSO_PROVIDER "aSSOp"
|
||||
|
||||
// Legacy fields -- these are obsoleted but are included when older clients query
|
||||
|
||||
|
@ -289,6 +293,7 @@ public:
|
|||
memset(ssoNonce, 0, sizeof(ssoNonce));
|
||||
memset(ssoState, 0, sizeof(ssoState));
|
||||
memset(ssoClientID, 0, sizeof(ssoClientID));
|
||||
strncpy(ssoProvider, "default", sizeof(ssoProvider));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -699,6 +704,15 @@ public:
|
|||
* oidc client id
|
||||
*/
|
||||
char ssoClientID[256];
|
||||
|
||||
/**
|
||||
* oidc provider
|
||||
*
|
||||
* because certain providers require specific scopes to be requested
|
||||
* and others to be not requested in order to make everything work
|
||||
* correctly
|
||||
**/
|
||||
char ssoProvider[64];
|
||||
};
|
||||
|
||||
} // namespace ZeroTier
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue