Skip to content

Commit c59f722

Browse files
jricherjricher
committed
enforce pairwise identifier consistency in UI, closes mitreid-connect#969 
1 parent 2496dc1 commit c59f722

File tree

2 files changed

+45
-7
lines changed

2 files changed

+45
-7
lines changed

openid-connect-server-webapp/src/main/webapp/resources/js/client.js

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -907,7 +907,26 @@ var ClientFormView = Backbone.View.extend({
907907
refreshTokenValiditySeconds = this.getFormTokenNumberValue($('#refreshTokenValidityTime input[type=text]').val(), $('#refreshTokenValidityTime select').val());
908908
}
909909
}
910-
910+
911+
// make sure that the subject identifier is consistent with the redirect URIs
912+
var subjectType = $('#subjectType input').filter(':checked').val();
913+
var redirectUris = this.redirectUrisCollection.pluck("item");
914+
var sectorIdentifierUri = $('#sectorIdentifierUri input').val();
915+
if (subjectType == 'PAIRWISE' && redirectUris.length > 1 && sectorIdentifierUri == '') {
916+
//Display an alert with an error message
917+
$('#modalAlert div.modal-header').html("Consistency error");
918+
$('#modalAlert div.modal-body').html("Pairwise identifiers cannot be used with multiple redirect URIs unless a sector identifier URI is also registered.");
919+
920+
$("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
921+
"backdrop" : "static",
922+
"keyboard" : true,
923+
"show" : true // ensure the modal is shown immediately
924+
});
925+
926+
return false;
927+
928+
}
929+
911930
// process the JWKS
912931
var jwksUri = null;
913932
var jwks = null;
@@ -947,7 +966,7 @@ var ClientFormView = Backbone.View.extend({
947966
clientId:$('#clientId input').val(),
948967
clientSecret: clientSecret,
949968
generateClientSecret:generateClientSecret,
950-
redirectUris: this.redirectUrisCollection.pluck("item"),
969+
redirectUris: redirectUris,
951970
clientDescription:$('#clientDescription textarea').val(),
952971
logoUri:$('#logoUri input').val(),
953972
grantTypes: grantTypes,
@@ -963,10 +982,10 @@ var ClientFormView = Backbone.View.extend({
963982
applicationType: $('#applicationType input').filter(':checked').val(),
964983
jwksUri: jwksUri,
965984
jwks: jwks,
966-
subjectType: $('#subjectType input').filter(':checked').val(),
985+
subjectType: subjectType,
967986
tokenEndpointAuthMethod: tokenEndpointAuthMethod,
968987
responseTypes: responseTypes,
969-
sectorIdentifierUri: $('#sectorIdentifierUri input').val(),
988+
sectorIdentifierUri: sectorIdentifierUri,
970989
initiateLoginUri: $('#initiateLoginUri input').val(),
971990
postLogoutRedirectUris: this.postLogoutRedirectUrisCollection.pluck('item'),
972991
reuseRefreshToken: $('#reuseRefreshToken').is(':checked'),

openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -388,6 +388,25 @@ var DynRegEditView = Backbone.View.extend({
388388
}
389389
}
390390

391+
// make sure that the subject identifier is consistent with the redirect URIs
392+
var subjectType = $('#subjectType input').filter(':checked').val();
393+
var redirectUris = this.redirectUrisCollection.pluck("item");
394+
var sectorIdentifierUri = $('#sectorIdentifierUri input').val();
395+
if (subjectType == 'PAIRWISE' && redirectUris.length > 1 && sectorIdentifierUri == '') {
396+
//Display an alert with an error message
397+
$('#modalAlert div.modal-header').html("Consistency error");
398+
$('#modalAlert div.modal-body').html("Pairwise identifiers cannot be used with multiple redirect URIs unless a sector identifier URI is also registered.");
399+
400+
$("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
401+
"backdrop" : "static",
402+
"keyboard" : true,
403+
"show" : true // ensure the modal is shown immediately
404+
});
405+
406+
return false;
407+
408+
}
409+
391410
// process the JWKS
392411
var jwksUri = null;
393412
var jwks = null;
@@ -422,7 +441,7 @@ var DynRegEditView = Backbone.View.extend({
422441

423442
var attrs = {
424443
client_name:$('#clientName input').val(),
425-
redirect_uris: this.redirectUrisCollection.pluck("item"),
444+
redirect_uris: redirectUris,
426445
logo_uri:$('#logoUri input').val(),
427446
grant_types: grantTypes,
428447
scope: scopes,
@@ -433,10 +452,10 @@ var DynRegEditView = Backbone.View.extend({
433452
application_type: $('#applicationType input').filter(':checked').val(),
434453
jwks_uri: jwksUri,
435454
jwks: jwks,
436-
subject_type: $('#subjectType input').filter(':checked').val(),
455+
subject_type: subjectType,
437456
token_endpoint_auth_method: $('#tokenEndpointAuthMethod input').filter(':checked').val(),
438457
response_types: responseTypes,
439-
sector_identifier_uri: $('#sectorIdentifierUri input').val(),
458+
sector_identifier_uri: sectorIdentifierUri,
440459
initiate_login_uri: $('#initiateLoginUri input').val(),
441460
post_logout_redirect_uris: this.postLogoutRedirectUrisCollection.pluck('item'),
442461
require_auth_time: $('#requireAuthTime input').is(':checked'),

0 commit comments

Comments
 (0)