727 lines
38 KiB
HTML
727 lines
38 KiB
HTML
<!--
|
|
Copyright 2014 The MITRE Corporation
|
|
and the MIT Kerberos and Internet Trust Consortium
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
<!-- client -->
|
|
|
|
<script type="text/html" id="tmpl-client">
|
|
<td>
|
|
<% if (count == 0) { %>
|
|
<span class="label label-important">0</span>
|
|
<% } else if (count != null) { %>
|
|
<span class="label label-info"><%= count %></span>
|
|
<% } else { %>
|
|
<span class="label label-warning">?</span>
|
|
<% } %>
|
|
</td>
|
|
|
|
<td>
|
|
<div>
|
|
<span title="<%= client.clientId %>"><%= client.clientName != null ? client.clientName : ( client.clientId.substr(0,8) + '...' ) %></span>
|
|
</div>
|
|
<div>
|
|
<% if (client.dynamicallyRegistered) { %>
|
|
<span class="label label-inverse dynamically-registered"><i class="icon-globe icon-white"></i></span>
|
|
<% } %>
|
|
<small class="muted" title="<%= hoverCreationDate %>">Registered <%= displayCreationDate %></small>
|
|
</div>
|
|
</td>
|
|
|
|
<td>
|
|
<div class="client-more-info-block"></div>
|
|
<div class="scope-list"></div>
|
|
</td>
|
|
|
|
<td>
|
|
<button class="btn btn-edit"><i class="icon-edit"></i> Edit</button>
|
|
<% if (whiteList != null) { %>
|
|
<button class="btn btn-warning btn-whitelist"><i class="icon-wrench icon-white"></i> Whitelist</button>
|
|
<% } else { %>
|
|
<button class="btn btn-warning btn-whitelist"><i class="icon-plus-sign icon-white"></i> Whitelist</button>
|
|
<% } %>
|
|
<button class="btn btn-danger btn-delete pull-right"><i class="icon-trash icon-white"></i> Delete</button>
|
|
</td>
|
|
|
|
</script>
|
|
|
|
<script type="text/html" id="tmpl-client-more-info-block">
|
|
<% if (client.clientDescription || client.clientUri || client.policyUri || client.tosUri || client.contacts != null && client.contacts.length > 0) { %>
|
|
<div class="muted moreInformationContainer">
|
|
<% if (client.clientUri || client.policyUri || client.tosUri || client.contacts) { %>
|
|
<div class="toggleMoreInformation" style="cursor: pointer;">
|
|
<i class="icon-chevron-right"></i> <small>more information</small>
|
|
</div>
|
|
<div class="moreInformation hide">
|
|
<%=client.clientDescription%>
|
|
<ul>
|
|
<% if (client.clientUri) { %>
|
|
<li>Home page: <a href="<%= client.clientUri %>"><%= client.clientUri %></a></li>
|
|
<% } %>
|
|
<% if (client.policyUri) { %>
|
|
<li>Policy: <a href="<%= client.policyUri %>"><%= client.policyUri %></a></li>
|
|
<% } %>
|
|
<% if (client.tosUri) { %>
|
|
<li>Terms of Service: <a href="<%= client.tosUri %>"><%= client.tosUri %></a></li>
|
|
<% } %>
|
|
<% if (client.contacts != null && client.contacts.length > 0) { %>
|
|
<li>Administrative Contacts: <%= client.contacts.join(', ') %></li>
|
|
<% } %>
|
|
</ul>
|
|
</div>
|
|
<% } %>
|
|
</div>
|
|
<% } %>
|
|
</script>
|
|
|
|
<script type="text/html" id="tmpl-client-table">
|
|
<div class="well well-small">
|
|
<button class="btn btn-small refresh-table"><i class="icon-refresh"></i> Refresh</button>
|
|
<button class="btn btn-small btn-primary new-client"><i class="icon-plus icon-white"></i> New Client</button>
|
|
<div class="form-search pull-right">
|
|
<div class="input-append">
|
|
<input type="text" class="search-query" placeholder="Search...">
|
|
<button class="btn">×</button>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div id="client-table-search-empty" class="alert alert-warning">
|
|
There are no clients that match your search criteria.
|
|
</div>
|
|
|
|
<div id="client-table-empty" class="alert alert-info">
|
|
There are no registered clients on this server.
|
|
</div>
|
|
|
|
<div class="pagination paginator"></div>
|
|
|
|
<table id="client-table" class="table table-hover table-striped">
|
|
<thead>
|
|
<tr>
|
|
<th></th>
|
|
<th>Client</th>
|
|
<th>Information</th>
|
|
<th></th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
</tbody>
|
|
</table>
|
|
|
|
<div class="pagination paginator"></div>
|
|
|
|
<div class="well well-small">
|
|
<button class="btn btn-small refresh-table"><i class="icon-refresh"></i> Refresh</button>
|
|
<button class="btn btn-small btn-primary new-client"><i class="icon-plus icon-white"></i> New Client</button>
|
|
</div>
|
|
</script>
|
|
|
|
<script type="text/html" id="tmpl-client-form">
|
|
|
|
<h1><%=(id == null ? 'New' : 'Edit')%> Client</h1>
|
|
|
|
|
|
<form class="form-horizontal tabbable">
|
|
<fieldset>
|
|
<div class="well well-small">
|
|
<button class="btn btn-small btn-save btn-success"><i class="icon-ok-circle icon-white"></i> Save</button>
|
|
<button class="btn btn-small btn-cancel"><i class="icon-ban-circle"></i> Cancel</button>
|
|
|
|
</div>
|
|
|
|
<ul class="nav nav-tabs">
|
|
<li class="active"><a data-target="#client-main-tab" data-toggle="tab" href="#">Main</a></li>
|
|
<li><a data-target="#client-access-tab" data-toggle="tab" href="#">Access</a></li>
|
|
<li><a data-target="#client-secret-tab" data-toggle="tab" href="#">Credentials</a></li>
|
|
<li><a data-target="#client-token-tab" data-toggle="tab" href="#">Tokens</a></li>
|
|
<li><a data-target="#client-crypto-tab" data-toggle="tab" href="#">Crypto</a></li>
|
|
<li><a data-target="#client-other-tab" data-toggle="tab" href="#">Other</a></li>
|
|
</ul>
|
|
|
|
<div class="tab-content">
|
|
<div class="tab-pane active" id="client-main-tab">
|
|
|
|
<div class="control-group" id="createdAt">
|
|
<label class="control-label">Registered at</label>
|
|
<div class="controls">
|
|
<%=createdAt%>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="clientName">
|
|
<label class="control-label">Client name</label>
|
|
<div class="controls">
|
|
<input value="<%=clientName%>" maxlength="100" type="text" class="" placeholder="Type something">
|
|
<p class="help-block">Human-readable application name</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="clientId">
|
|
<label class="control-label">Client ID</label>
|
|
<div class="controls">
|
|
<input value="<%=clientId%>" maxlength="100" type="text" class="" placeholder="Type something">
|
|
<p class="help-block">Unique identifier. If you leave this blank it will be automatically generated.</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="redirectUris">
|
|
<label class="control-label">Redirect URI(s)</label>
|
|
<div class="controls">
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="clientDescription">
|
|
<label class="control-label">Description</label>
|
|
<div class="controls">
|
|
<textarea class="input-xlarge" placeholder="Type a description" maxlength="200"
|
|
rows="3"><%=clientDescription%></textarea>
|
|
<p class="help-block">Human-readable text description</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="logoUri">
|
|
<label class="control-label">Logo</label>
|
|
<div class="controls">
|
|
<input placeholder="http://" value="<%=logoUri%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">URL that points to a logo image, will be displayed on approval page</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="logoBlock">
|
|
<div class="controls">
|
|
<!-- TODO: this should be an internally-served placeholder graphic -->
|
|
<img src="http://placehold.it/275x200&text=Enter a logo URL" alt="logo" id="logoPreview" width="275px" class="thumbnail" />
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="tosUri">
|
|
<label class="control-label">Terms of Service</label>
|
|
<div class="controls">
|
|
<input placeholder="http://" value="<%=tosUri%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">URL for the Terms of Service of this client, will be displayed to the user</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="policyUri">
|
|
<label class="control-label">Policy Statement</label>
|
|
<div class="controls">
|
|
<input placeholder="http://" value="<%=policyUri%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">URL for the Policy Statement of this client, will be displayed to the user</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="clientUri">
|
|
<label class="control-label">Home Page</label>
|
|
<div class="controls">
|
|
<input placeholder="http://" value="<%=clientUri%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">URL for the client's home page, will be displayed to the user</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="applicationType">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Application Type</label>
|
|
<div class="controls">
|
|
<label class="radio inline">
|
|
<input type="radio" name="applicationType" value="NATIVE" <%=(applicationType == 'NATIVE' ? 'checked' : '')%>> Native
|
|
</label>
|
|
<label class="radio inline">
|
|
<input type="radio" name="applicationType" value="WEB" <%=(applicationType == 'WEB' ? 'checked' : '')%>> Web
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="contacts">
|
|
<label class="control-label">Contacts</label>
|
|
<div class="controls">
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
<div class="tab-pane" id="client-access-tab">
|
|
|
|
<div class="control-group" id="scope">
|
|
<label class="control-label">Scope</label>
|
|
<div class="controls">
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="grantTypes">
|
|
<label class="control-label">Grant Types</label>
|
|
|
|
<div class="controls">
|
|
|
|
<label class="checkbox">
|
|
<input id="grantTypes-authorization_code" type="checkbox"
|
|
<%=($.inArray("authorization_code", grantTypes) > -1 ? 'checked' : '')%>>
|
|
authorization code
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="grantTypes-client_credentials" type="checkbox"
|
|
<%=($.inArray("client_credentials", grantTypes) > -1 ? 'checked' : '')%>> client credentials
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="grantTypes-password" type="checkbox" <%=($.inArray("password", grantTypes) > -1 ? 'checked' : '')%>> password
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="grantTypes-implicit" type="checkbox" <%=($.inArray("implicit", grantTypes) > -1 ? 'checked' : '')%>> implicit
|
|
</label>
|
|
<!--
|
|
<label class="checkbox">
|
|
<input id="grantTypes-refresh_token" type="checkbox" <%=($.inArray("refresh_token", grantTypes) > -1 ? 'checked' : '')%>> refresh
|
|
</label>
|
|
-->
|
|
<label class="checkbox">
|
|
<input id="grantTypes-redelegate" type="checkbox" <%=($.inArray("urn:ietf:params:oauth:grant_type:redelegate", grantTypes) > -1 ? 'checked' : '')%>> redelegate
|
|
</label>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="responseTypes">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Response Types</label>
|
|
|
|
<div class="controls">
|
|
<label class="checkbox">
|
|
<input id="responseTypes-code" type="checkbox" <%=($.inArray("code", responseTypes) > -1 ? 'checked' : '')%>> code
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="responseTypes-token" type="checkbox" <%=($.inArray("token", responseTypes) > -1 ? 'checked' : '')%>> token
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="responseTypes-idtoken" type="checkbox" <%=($.inArray("id_token", responseTypes) > -1 ? 'checked' : '')%>> id_token
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="responseTypes-token-idtoken" type="checkbox" <%=($.inArray("token id_token", responseTypes) > -1 ? 'checked' : '')%>> token id_token
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="responseTypes-code-idtoken" type="checkbox" <%=($.inArray("code id_token", responseTypes) > -1 ? 'checked' : '')%>> code id_token
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="responseTypes-code-token" type="checkbox" <%=($.inArray("code token", responseTypes) > -1 ? 'checked' : '')%>> code token
|
|
</label>
|
|
<label class="checkbox">
|
|
<input id="responseTypes-code-token-idtoken" type="checkbox" <%=($.inArray("code token id_token", responseTypes) > -1 ? 'checked' : '')%>> code token id_token
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="allowIntrospection">
|
|
<label class="control-label">Introspection</label>
|
|
<div class="controls">
|
|
<label class="checkbox">
|
|
<input type="checkbox" <%=(allowIntrospection == true ? 'checked' : '')%>> Allow calls to the Introspection Endpoint?
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="subjectType">
|
|
<label class="control-label">Subject Type</label>
|
|
<div class="controls">
|
|
<label class="radio inline">
|
|
<input type="radio" name="subjectType" value="PUBLIC" <%=(subjectType == 'PUBLIC' ? 'checked' : '')%>> Public
|
|
</label>
|
|
<label class="radio inline">
|
|
<input type="radio" name="subjectType" value="PAIRWISE" <%=(subjectType == 'PAIRWISE' ? 'checked' : '')%>> Pairwise
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="sectorIdentifierUri">
|
|
<label class="control-label">Sector Identifier URI</label>
|
|
<div class="controls">
|
|
<input placeholder="http://" value="<%=sectorIdentifierUri%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">Sector Identifier for JavaScript</p>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="tab-pane" id="client-secret-tab">
|
|
|
|
<div class="control-group" id="tokenEndpointAuthMethod">
|
|
<label class="control-label">Token Endpoint Authentication Method</label>
|
|
<div class="controls">
|
|
<label class="radio">
|
|
<input type="radio" name="tokenEndpointAuthMethod" value="SECRET_BASIC" <%=(tokenEndpointAuthMethod == 'SECRET_BASIC' ? 'checked' : '')%>> Client Secret over HTTP Basic
|
|
</label>
|
|
<label class="radio">
|
|
<input type="radio" name="tokenEndpointAuthMethod" value="SECRET_POST" <%=(tokenEndpointAuthMethod == 'SECRET_POST' ? 'checked' : '')%>> Client Secret over HTTP POST
|
|
</label>
|
|
<label class="radio">
|
|
<input type="radio" name="tokenEndpointAuthMethod" value="SECRET_JWT" <%=(tokenEndpointAuthMethod == 'SECRET_JWT' ? 'checked' : '')%>> Client Secret via symmetrically-signed JWT assertion
|
|
</label>
|
|
<label class="radio">
|
|
<input type="radio" name="tokenEndpointAuthMethod" value="PRIVATE_KEY" <%=(tokenEndpointAuthMethod == 'PRIVATE_KEY' ? 'checked' : '')%>> Asymmetrically-signed JWT assertion
|
|
</label>
|
|
<label class="radio">
|
|
<input type="radio" name="tokenEndpointAuthMethod" value="NONE" <%=(tokenEndpointAuthMethod == 'NONE' ? 'checked' : '')%>> No authentication
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="requireClientSecret">
|
|
<label class="control-label">Client Secret</label>
|
|
<div class="controls">
|
|
<label class="checkbox">
|
|
<input type="checkbox" <%=(requireClientSecret == true ? 'checked' : '')%>> Require client secret?
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="clientSecretPanel">
|
|
|
|
<div class="control-group" id="generateClientSecret">
|
|
<div class="controls">
|
|
<label class="checkbox">
|
|
<input type="checkbox" <%=(generateClientSecret == true ? 'checked' : '')%>> Generate a new client secret?
|
|
</label>
|
|
<p class="help-block">New secret will be generated when you click 'Save'</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="displayClientSecret">
|
|
<div class="controls">
|
|
<label class="checkbox">
|
|
<input type="checkbox" <%=(displayClientSecret == true ? 'checked' : '')%>> Display/edit client secret:
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group">
|
|
<div class="controls">
|
|
<div id="clientSecret" class="span3">
|
|
<input value="<%=clientSecret%>" maxlength="100" type="text" placeholder="Type a secret">
|
|
</div>
|
|
<div id="clientSecretGenerated" class="span3">
|
|
<span class="uneditable-input">Generate on Save</span>
|
|
</div>
|
|
<div id="clientSecretHidden" class="span3">
|
|
<span class="uneditable-input span3">* * * * * * * * * * * *</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="control-group" id="jwksUri">
|
|
<label class="control-label">JWK Set</label>
|
|
<div class="controls">
|
|
<input placeholder="http://" value="<%=jwksUri%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">URL for the client's JSON Web Key set</p>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="tab-pane" id="client-token-tab">
|
|
<div class="control-group" id="accessTokenValidityTime">
|
|
<label class="control-label">Access Token Timeout</label>
|
|
<div class="controls">
|
|
<div>
|
|
<label class="checkbox">
|
|
<input type="checkbox" id="disableAccessTokenTimeout" <%=(accessTokenValiditySeconds == null ? 'checked' : '')%>/> Access tokens do not time out
|
|
</label>
|
|
</div>
|
|
<div>
|
|
<input type="text" class="" value="<%=(accessTokenValiditySeconds == null ? '' : accessTokenValiditySeconds)%>" id="access-token-timeout-time" size="16" style="width:8em;">
|
|
<select id="access-token-timeout-unit" style="width:8em;">
|
|
<option>seconds</option>
|
|
<option>minutes</option>
|
|
<option>hours</option>
|
|
</select>
|
|
</div>
|
|
<p class="help-block">Enter this time in seconds, minutes, or hours.</p>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="control-group" id="idTokenValidityTime">
|
|
<label class="control-label">ID Token Timeout</label>
|
|
<div class="controls">
|
|
<div>
|
|
<input type="text" class="" value="<%=(idTokenValiditySeconds == null ? '' : idTokenValiditySeconds)%>" id="id-token-timeout-time" size="16" style="width:8em;">
|
|
<select id="id-token-timeout-unit" style="width:8em;">
|
|
<option>seconds</option>
|
|
<option>minutes</option>
|
|
<option>hours</option>
|
|
</select>
|
|
</div>
|
|
<p class="help-block">Enter this time in seconds, minutes, or hours.</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group">
|
|
<label class="control-label">Refresh Tokens</label>
|
|
<div class="controls">
|
|
<label class="checkbox">
|
|
<input type="checkbox" id="allowRefresh" <%=(allowRefresh == true ? 'checked' : '')%>> Refresh tokens are issued for this client
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="refreshTokenValidityTime">
|
|
<div class="controls">
|
|
<div>
|
|
<label class="checkbox">
|
|
<input type="checkbox" id="reuseRefreshToken" <%=(reuseRefreshToken == true ? 'checked' : '')%>> Refresh tokens for this client are re-used
|
|
</label>
|
|
</div>
|
|
<div>
|
|
<label class="checkbox">
|
|
<input type="checkbox" id="disableRefreshTokenTimeout" <%=(refreshTokenValiditySeconds == null ? 'checked' : '')%>/> Refresh tokens do not time out
|
|
</label>
|
|
</div>
|
|
<div>
|
|
<input type="text" class="" value="<%=(refreshTokenValiditySeconds == null ? '' : refreshTokenValiditySeconds)%>" id="refresh-token-timeout-time" size="16" style="width:8em;">
|
|
<select id="refresh-token-timeout-unit" style="width:8em;">
|
|
<option>seconds</option>
|
|
<option>minutes</option>
|
|
<option>hours</option>
|
|
</select>
|
|
</div>
|
|
<p class="help-block">Enter this time in seconds, minutes, or hours.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="tab-pane" id="client-crypto-tab">
|
|
<div class="control-group" id="requestObjectSigningAlg">
|
|
<label class="control-label">Request Object Signing Algorithm</label>
|
|
<div class="controls">
|
|
<select>
|
|
<option value="default" <%=requestObjectSigningAlg == null ? 'selected ' : ''%>>Use server default</option>
|
|
<option value="none" <%=requestObjectSigningAlg == "none" ? 'selected' : ''%>>No digital signature</option>
|
|
<option value="HS256" <%=requestObjectSigningAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
|
|
<option value="HS384" <%=requestObjectSigningAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
|
|
<option value="HS512" <%=requestObjectSigningAlg == "HS512" ? 'selected' : ''%>>HMAC using SHA-512 hash algorithm</option>
|
|
<option value="RS256" <%=requestObjectSigningAlg == "RS256" ? 'selected' : ''%>>RSASSA using SHA-256 hash algorithm</option>
|
|
<option value="RS384" <%=requestObjectSigningAlg == "RS384" ? 'selected' : ''%>>RSASSA using SHA-384 hash algorithm</option>
|
|
<option value="RS512" <%=requestObjectSigningAlg == "RS512" ? 'selected' : ''%>>RSASSA using SHA-512 hash algorithm</option>
|
|
<option value="ES256" <%=requestObjectSigningAlg == "ES256" ? 'selected' : ''%>>ECDSA using P-256 curve and SHA-256 hash algorithm</option>
|
|
<option value="ES384" <%=requestObjectSigningAlg == "ES384" ? 'selected' : ''%>>ECDSA using P-384 curve and SHA-384 hash algorithm</option>
|
|
<option value="ES512" <%=requestObjectSigningAlg == "ES512" ? 'selected' : ''%>>ECDSA using P-512 curve and SHA-512 hash algorithm</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="userInfoSignedResponseAlg">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> User Info Endpoint Signing Algorithm</label>
|
|
<div class="controls">
|
|
<select>
|
|
<option value="default" <%=userInfoSignedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
|
|
<option value="none" <%=userInfoSignedResponseAlg == "none" ? 'selected' : ''%>>No digital signature</option>
|
|
<option value="HS256" <%=userInfoSignedResponseAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
|
|
<option value="HS384" <%=userInfoSignedResponseAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
|
|
<option value="HS512" <%=userInfoSignedResponseAlg == "HS512" ? 'selected' : ''%>>HMAC using SHA-512 hash algorithm</option>
|
|
<option value="RS256" <%=userInfoSignedResponseAlg == "RS256" ? 'selected' : ''%>>RSASSA using SHA-256 hash algorithm</option>
|
|
<option value="RS384" <%=userInfoSignedResponseAlg == "RS384" ? 'selected' : ''%>>RSASSA using SHA-384 hash algorithm</option>
|
|
<option value="RS512" <%=userInfoSignedResponseAlg == "RS512" ? 'selected' : ''%>>RSASSA using SHA-512 hash algorithm</option>
|
|
<option value="ES256" <%=userInfoSignedResponseAlg == "ES256" ? 'selected' : ''%>>ECDSA using P-256 curve and SHA-256 hash algorithm</option>
|
|
<option value="ES384" <%=userInfoSignedResponseAlg == "ES384" ? 'selected' : ''%>>ECDSA using P-384 curve and SHA-384 hash algorithm</option>
|
|
<option value="ES512" <%=userInfoSignedResponseAlg == "ES512" ? 'selected' : ''%>>ECDSA using P-512 curve and SHA-512 hash algorithm</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="userInfoEncryptedResponseAlg">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> User Info Endpoint Encryption Algorithm</label>
|
|
<div class="controls">
|
|
<select>
|
|
<option value="default" <%=userInfoEncryptedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
|
|
<option value="none" <%=userInfoEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
|
|
<option value="RSA1_5" <%=userInfoEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
|
|
<option value="RSA-OAEP" <%=userInfoEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
|
|
<option value="A128KW" <%=userInfoEncryptedResponseAlg == "A128KW" ? 'selected' : ''%>>AES Key Wrap Algorithm using 128 bit keys </option>
|
|
<option value="A256KW" <%=userInfoEncryptedResponseAlg == "A256KW" ? 'selected' : ''%>>AES Key Wrap Algorithm using 256 bit keys</option>
|
|
<option value="dir" <%=userInfoEncryptedResponseAlg == "dir" ? 'selected' : ''%>>Direct use of a shared symmetric key as the Content Master Key (CMK) for the block encryption step</option>
|
|
<option value="ECDH-ES" <%=userInfoEncryptedResponseAlg == "ECDH-ES" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using the Concat KDF, with the agreed-upon key being used directly as the Content Master Key (CMK)</option>
|
|
<option value="ECDH-ES+A128KW" <%=userInfoEncryptedResponseAlg == "ECDH-ES+A128KW" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per ECDH-ES and Section 4.7, but where the agreed-upon key is used to wrap the Content Master Key (CMK) with the A128KW function</option>
|
|
<option value="ECDH-ES+A256KW" <%=userInfoEncryptedResponseAlg == "ECDH-ES+A256KW" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per ECDH-ES and Section 4.7, but where the agreed-upon key is used to wrap the Content Master Key (CMK) with the A256KW function</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="userInfoEncryptedResponseEnc">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> User Info Endpoint Encryption Method</label>
|
|
<div class="controls">
|
|
<select>
|
|
<option value="default" <%=userInfoEncryptedResponseEnc == null ? 'selected ' : ''%>>Use server default</option>
|
|
<option value="none" <%=userInfoEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
|
|
<option value="A128CBC+HS256" <%=userInfoEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
|
|
<option value="A256CBC+HS512" <%=userInfoEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
|
|
<option value="A128GCM" <%=userInfoEncryptedResponseEnc == "A128GCM" ? 'selected' : ''%>>AES GCM using 128 bit keys</option>
|
|
<option value="A256GCM" <%=userInfoEncryptedResponseEnc == "A256GCM" ? 'selected' : ''%>>AES GCM using 256 bit keys</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="idTokenSignedResponseAlg">
|
|
<label class="control-label">ID Token Signing Algorithm</label>
|
|
<div class="controls">
|
|
<select>
|
|
<option value="default" <%=idTokenSignedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
|
|
<option value="none" <%=idTokenSignedResponseAlg == "none" ? 'selected' : ''%>>No digital signature</option>
|
|
<option value="HS256" <%=idTokenSignedResponseAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
|
|
<option value="HS384" <%=idTokenSignedResponseAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
|
|
<option value="HS512" <%=idTokenSignedResponseAlg == "HS512" ? 'selected' : ''%>>HMAC using SHA-512 hash algorithm</option>
|
|
<option value="RS256" <%=idTokenSignedResponseAlg == "RS256" ? 'selected' : ''%>>RSASSA using SHA-256 hash algorithm</option>
|
|
<option value="RS384" <%=idTokenSignedResponseAlg == "RS384" ? 'selected' : ''%>>RSASSA using SHA-384 hash algorithm</option>
|
|
<option value="RS512" <%=idTokenSignedResponseAlg == "RS512" ? 'selected' : ''%>>RSASSA using SHA-512 hash algorithm</option>
|
|
<option value="ES256" <%=idTokenSignedResponseAlg == "ES256" ? 'selected' : ''%>>ECDSA using P-256 curve and SHA-256 hash algorithm</option>
|
|
<option value="ES384" <%=idTokenSignedResponseAlg == "ES384" ? 'selected' : ''%>>ECDSA using P-384 curve and SHA-384 hash algorithm</option>
|
|
<option value="ES512" <%=idTokenSignedResponseAlg == "ES512" ? 'selected' : ''%>>ECDSA using P-512 curve and SHA-512 hash algorithm</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="idTokenEncryptedResponseAlg">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> ID Token Encryption Algorithm</label>
|
|
<div class="controls">
|
|
<select>
|
|
<option value="default" <%=idTokenEncryptedResponseAlg == null ? 'selected ' : ''%>>Use server default</option>
|
|
<option value="none" <%=idTokenEncryptedResponseAlg == "none" ? 'selected' : ''%>>No encryption</option>
|
|
<option value="RSA1_5" <%=idTokenEncryptedResponseAlg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
|
|
<option value="RSA-OAEP" <%=idTokenEncryptedResponseAlg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
|
|
<option value="A128KW" <%=idTokenEncryptedResponseAlg == "A128KW" ? 'selected' : ''%>>Advanced Encryption Standard (AES) Key Wrap Algorithm using 128 bit keys </option>
|
|
<option value="A256KW" <%=idTokenEncryptedResponseAlg == "A256KW" ? 'selected' : ''%>>AES Key Wrap Algorithm using 256 bit keys</option>
|
|
<option value="dir" <%=idTokenEncryptedResponseAlg == "dir" ? 'selected' : ''%>>Direct use of a shared symmetric key as the Content Master Key (CMK) for the block encryption step</option>
|
|
<option value="ECDH-ES" <%=idTokenEncryptedResponseAlg == "ECDH-ES" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using the Concat KDF, with the agreed-upon key being used directly as the Content Master Key (CMK)</option>
|
|
<option value="ECDH-ES+A128KW" <%=idTokenEncryptedResponseAlg == "ECDH-ES+A128KW" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per ECDH-ES and Section 4.7, but where the agreed-upon key is used to wrap the Content Master Key (CMK) with the A128KW function</option>
|
|
<option value="ECDH-ES+A256KW" <%=idTokenEncryptedResponseAlg == "ECDH-ES+A256KW" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per ECDH-ES and Section 4.7, but where the agreed-upon key is used to wrap the Content Master Key (CMK) with the A256KW function</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="idTokenEncryptedResponseEnc">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> ID Token Encryption Method</label>
|
|
<div class="controls">
|
|
<select>
|
|
<option value="default" <%=idTokenEncryptedResponseEnc == null ? 'selected ' : ''%>>Use server default</option>
|
|
<option value="none" <%=idTokenEncryptedResponseEnc == "none" ? 'selected' : ''%>>No encryption</option>
|
|
<option value="A128CBC+HS256" <%=idTokenEncryptedResponseEnc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
|
|
<option value="A256CBC+HS512" <%=idTokenEncryptedResponseEnc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
|
|
<option value="A128GCM" <%=idTokenEncryptedResponseEnc == "A128GCM" ? 'selected' : ''%>>AES GCM using 128 bit keys</option>
|
|
<option value="A256GCM" <%=idTokenEncryptedResponseEnc == "A256GCM" ? 'selected' : ''%>>AES GCM using 256 bit keys</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="tokenEndpointAuthSigningAlg">
|
|
<label class="control-label">Token Endpoint Authentication Signing Algorithm</label>
|
|
<div class="controls">
|
|
<select>
|
|
<option value="default" <%=tokenEndpointAuthSigningAlg == null ? 'selected ' : ''%>>Use server default</option>
|
|
<option value="none" <%=tokenEndpointAuthSigningAlg == "none" ? 'selected' : ''%>>No digital signature</option>
|
|
<option value="HS256" <%=tokenEndpointAuthSigningAlg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
|
|
<option value="HS384" <%=tokenEndpointAuthSigningAlg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
|
|
<option value="HS512" <%=tokenEndpointAuthSigningAlg == "HS512" ? 'selected' : ''%>>HMAC using SHA-512 hash algorithm</option>
|
|
<option value="RS256" <%=tokenEndpointAuthSigningAlg == "RS256" ? 'selected' : ''%>>RSASSA using SHA-256 hash algorithm</option>
|
|
<option value="RS384" <%=tokenEndpointAuthSigningAlg == "RS384" ? 'selected' : ''%>>RSASSA using SHA-384 hash algorithm</option>
|
|
<option value="RS512" <%=tokenEndpointAuthSigningAlg == "RS512" ? 'selected' : ''%>>RSASSA using SHA-512 hash algorithm</option>
|
|
<option value="ES256" <%=tokenEndpointAuthSigningAlg == "ES256" ? 'selected' : ''%>>ECDSA using P-256 curve and SHA-256 hash algorithm</option>
|
|
<option value="ES384" <%=tokenEndpointAuthSigningAlg == "ES384" ? 'selected' : ''%>>ECDSA using P-384 curve and SHA-384 hash algorithm</option>
|
|
<option value="ES512" <%=tokenEndpointAuthSigningAlg == "ES512" ? 'selected' : ''%>>ECDSA using P-512 curve and SHA-512 hash algorithm</option>
|
|
</select>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<div class="tab-pane" id="client-other-tab">
|
|
|
|
<div class="control-group" id="initiateLoginUri">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Initiate Login</label>
|
|
<div class="controls">
|
|
<input placeholder="http://" value="<%=initiateLoginUri%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">URL to initiate login on the client</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="postLogoutRedirectUri">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Post-Logout Redirect</label>
|
|
<div class="controls">
|
|
<input placeholder="http://" value="<%=postLogoutRedirectUri%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">URL to redirect the client to after a logout operation</p>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="control-group" id="requireAuthTime">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Require Auth Time</label>
|
|
<div class="controls">
|
|
<label class="checkbox">
|
|
<input type="checkbox" <%=(requireAuthTime == true ? 'checked' : '')%>> Always require that the auth_time claim be sent in the id token
|
|
</label>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="defaultMaxAge">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Default Max Age</label>
|
|
<div class="controls">
|
|
<input placeholder="" value="<%=defaultMaxAge%>" maxlength="1000" type="text" class=""/>
|
|
<p class="help-block">Default maximum session age before re-prompting</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="requestUris">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Request URIs</label>
|
|
<div class="controls">
|
|
</div>
|
|
</div>
|
|
|
|
<div class="control-group" id="defaultAcrValues">
|
|
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Default ACR Values</label>
|
|
<div class="controls">
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div class="well well-small">
|
|
<button class="btn btn-small btn-save btn-success"><i class="icon-ok-circle icon-white"></i> Save</button>
|
|
<button class="btn btn-small btn-cancel"><i class="icon-ban-circle"></i> Cancel</button>
|
|
</div>
|
|
|
|
</fieldset>
|
|
</form>
|
|
|
|
</script>
|
|
|
|
<script type="text/html" id="tmpl-client-saved">
|
|
|
|
<div>
|
|
<strong>ID:</strong> <input type="text" readonly style="cursor: text" class="token-full input-xxlarge" value="<%= clientId %>" />
|
|
|
|
</div>
|
|
<% if (generateClientSecret && clientSecret != null && clientSecret != '') { %>
|
|
<div>
|
|
<strong>Secret:</strong> <button class="btn btn-mini" id="clientSaveShow">Show Secret</button>
|
|
<input type="text" id="savedClientSecret" readonly style="cursor: text" class="token-full input-xxlarge" value="<%= clientSecret %>" />
|
|
</div>
|
|
<% } else { %>
|
|
<div>
|
|
<strong>Secret:</strong> <i>unchanged</i>
|
|
</div>
|
|
<% } %>
|
|
|
|
</script>
|