Closed t-woerner closed 7 months ago
t-woerner
commented
7 months ago auth_uri, dev_auth_uri, token_uri, userinfo_uri, keys_uri need to start with https:// or http://. currently it allows any string for example : auth_uri: xyz://github.com/login/
The command line is behaving the same. Therefore needs to be verified for FreeIPA first.
rjeffman
commented
7 months ago auth_uri, dev_auth_uri, token_uri, userinfo_uri, keys_uri need to start with https:// or http://. currently it allows any string for example : auth_uri: xyz://github.com/login/
The command line is behaving the same. Therefore needs to be verified for FreeIPA first.
Maybe it works this way to be protocol agnostic and be ready for any other protocol that might be used now or in the future?
The uri parameters auth_uri, dev_auth_uri, token_uri, userinfo_uri and keys_uri have not been validated before. Also the base_url was not normalized. The auth_uri, dev_auth_uri, token_uri and userinfo_uri need to be set for new entries, but might be empty or empty string for reset or updates.
The ipaidpclientsecret needs to be decoded from binary string in find_idp result to not trigger no change ipd_mod calls.
The code for validate_uri and base_url normalization has been copied from the ipaserver idp plugin.
ansible_freeipa_module: urlparse from urllib.parse is imported and also exported. urlparse is needed for validate_uri in ipaidp module.
Resolves: RHEL-17954, RHEL-17955, RHEL-17957 and RHEL-17958