yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-06-27 04:22:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Fix-20125] OIDC: Allow max_age to be optional (#20721)

Browse Source 
* Make Max Age Optional

* spotless fix
This commit is contained in:
Mohit Yadav 2025-04-09 15:09:57 +05:30 committed by GitHub
parent 6db8454649
commit 3a01ad7da5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
conf/openmetadata.yaml
View File

@ -214,6 +214,7 @@ authenticationConfiguration:
maxClockSkew: ${OIDC_MAX_CLOCK_SKEW:-""} maxClockSkew: ${OIDC_MAX_CLOCK_SKEW:-""}
tokenValidity: ${OIDC_OM_REFRESH_TOKEN_VALIDITY:-"3600"} # in seconds tokenValidity: ${OIDC_OM_REFRESH_TOKEN_VALIDITY:-"3600"} # in seconds
customParams: ${OIDC_CUSTOM_PARAMS:-} customParams: ${OIDC_CUSTOM_PARAMS:-}
maxAge: ${OIDC_MAX_AGE:-"0"}
samlConfiguration: samlConfiguration:
debugMode: ${SAML_DEBUG_MODE:-false} debugMode: ${SAML_DEBUG_MODE:-false}
idp: idp:

2
docker/development/docker-compose-gcp.yml
View File

@ -120,6 +120,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
@ -331,6 +332,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}

2
docker/development/docker-compose-postgres.yml
View File

@ -118,6 +118,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
@ -334,6 +335,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}

2
docker/development/docker-compose.yml
View File

@ -116,6 +116,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
@ -329,6 +330,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}

2
docker/docker-compose-openmetadata/docker-compose-openmetadata.yml
View File

@ -61,6 +61,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
@ -272,6 +273,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}

2
docker/docker-compose-quickstart/docker-compose-postgres.yml
View File

@ -109,6 +109,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
@ -320,6 +321,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}

2
docker/docker-compose-quickstart/docker-compose.yml
View File

@ -107,6 +107,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}
@ -318,6 +319,7 @@ services:
OIDC_TENANT: ${OIDC_TENANT:-""} OIDC_TENANT: ${OIDC_TENANT:-""}
OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""} OIDC_MAX_CLOCK_SKEW: ${OIDC_MAX_CLOCK_SKEW:-""}
OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}} OIDC_CUSTOM_PARAMS: ${OIDC_CUSTOM_PARAMS:-{}}
OIDC_MAX_AGE: ${OIDC_MAX_AGE:-"0"}
# For SAML Authentication # For SAML Authentication
# SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false} # SAML_DEBUG_MODE: ${SAML_DEBUG_MODE:-false}
# SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""} # SAML_IDP_ENTITY_ID: ${SAML_IDP_ENTITY_ID:-""}

7
openmetadata-service/src/main/java/org/openmetadata/service/security/AuthenticationCodeFlowHandler.java
View File

@ -128,6 +128,7 @@ public class AuthenticationCodeFlowHandler {
private final ClientAuthentication clientAuthentication; private final ClientAuthentication clientAuthentication;
private final String principalDomain; private final String principalDomain;
private final int tokenValidity; private final int tokenValidity;
private final String maxAge;
public AuthenticationCodeFlowHandler( public AuthenticationCodeFlowHandler(
AuthenticationConfiguration authenticationConfiguration, AuthenticationConfiguration authenticationConfiguration,
@ -153,6 +154,7 @@ public class AuthenticationCodeFlowHandler {
validatePrincipalClaimsMapping(claimsMapping); validatePrincipalClaimsMapping(claimsMapping);
this.principalDomain = authorizerConfiguration.getPrincipalDomain(); this.principalDomain = authorizerConfiguration.getPrincipalDomain();
this.tokenValidity = authenticationConfiguration.getOidcConfiguration().getTokenValidity(); this.tokenValidity = authenticationConfiguration.getOidcConfiguration().getTokenValidity();
this.maxAge = authenticationConfiguration.getOidcConfiguration().getMaxAge();
} }
private OidcClient buildOidcClient(OidcClientConfig clientConfig) { private OidcClient buildOidcClient(OidcClientConfig clientConfig) {
@ -269,7 +271,10 @@ public class AuthenticationCodeFlowHandler {
} else { } else {
params.put(OidcConfiguration.PROMPT, "login"); params.put(OidcConfiguration.PROMPT, "login");
} }
params.put(OidcConfiguration.MAX_AGE, "0");
if (!nullOrEmpty(maxAge)) {
params.put(OidcConfiguration.MAX_AGE, maxAge);
}
String location = buildLoginAuthenticationRequestUrl(params); String location = buildLoginAuthenticationRequestUrl(params);
LOG.debug("Authentication request url: {}", location); LOG.debug("Authentication request url: {}", location);

4
openmetadata-spec/src/main/resources/json/schema/security/client/oidcClientConfig.json
View File

@ -77,6 +77,10 @@
"callbackUrl": { "callbackUrl": {
"description": "Callback Url.", "description": "Callback Url.",
"type": "string" "type": "string"
},
"maxAge": {
"description": "Validity for the JWT Token created from SAML Response",
"type": "string"
} }
}, },
"additionalProperties": false "additionalProperties": false

4
openmetadata-ui/src/main/resources/ui/src/generated/security/client/oidcClientConfig.ts
View File

@ -38,6 +38,10 @@ export interface OidcClientConfig {
* Client ID. * Client ID.
*/ */
id?: string; id?: string;
/**
* Validity for the JWT Token created from SAML Response
*/
maxAge?: string;
/** /**
* Max Clock Skew * Max Clock Skew
*/ */