-
Notifications
You must be signed in to change notification settings - Fork 2
/
ClientConfiguration.cs
95 lines (78 loc) · 3.11 KB
/
ClientConfiguration.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
//Copyright(c) 2022 MultiFactor
//Please see licence at
//https://github.com/MultifactorLab/MultiFactor.Ldap.Adapter/blob/main/LICENSE.md
using MultiFactor.Ldap.Adapter.Core.NameResolving;
using System.Collections.Generic;
using System.Linq;
namespace MultiFactor.Ldap.Adapter.Configuration
{
public class ClientConfiguration
{
public ClientConfiguration()
{
BypassSecondFactorWhenApiUnreachable = true; //by default
ServiceAccounts = new string[0];
ServiceAccountsOrganizationUnit = new string[0];
ActiveDirectoryGroup = new string[0];
ActiveDirectory2FaGroup = new string[0];
ActiveDirectory2FaBypassGroup = new string[0];
LoadActiveDirectoryNestedGroups = true;
UserNameTransformRules = new List<UserNameTransformRulesElement>();
TransformLdapIdentity = LdapIdentityFormat.None;
}
/// <summary>
/// Friendly client name
/// </summary>
public string Name { get; set; }
/// <summary>
/// LDAP server name or address
/// </summary>
public string LdapServer { get; set; }
/// <summary>
/// Bypass second factor when MultiFactor API is unreachable
/// </summary>
public bool BypassSecondFactorWhenApiUnreachable { get; set; }
/// <summary>
/// Service accounts list - bind requests from its will be ignored
/// </summary>
public string[] ServiceAccounts { get; set; }
/// <summary>
/// Service accounts OU - bind requests with this OU will be ignored
/// </summary>
public string[] ServiceAccountsOrganizationUnit { get; set; }
/// <summary>
/// Only members of this groups allowed to access (Optional)
/// </summary>
public string[] ActiveDirectoryGroup { get; set; }
/// <summary>
/// Only members of this groups required to pass 2fa to access (Optional)
/// </summary>
public string[] ActiveDirectory2FaGroup { get; set; }
/// <summary>
/// Members of this group should not pass 2fa to access (Optional)
/// </summary>
public string[] ActiveDirectory2FaBypassGroup { get; set; }
public bool LoadActiveDirectoryNestedGroups { get; set; }
/// <summary>
/// Username transfor rules
/// </summary>
public IList<UserNameTransformRulesElement> UserNameTransformRules { get; set; }
/// <summary>
/// Multifactor API KEY
/// </summary>
public string MultifactorApiKey { get; set; }
/// <summary>
/// API Secret
/// </summary>
public string MultifactorApiSecret { get; set; }
public LdapIdentityFormat TransformLdapIdentity { get; set; }
public AuthenticatedClientCacheConfig AuthenticationCacheLifetime { get; internal set; }
public bool CheckUserGroups()
{
return
ActiveDirectoryGroup.Any() ||
ActiveDirectory2FaGroup.Any() ||
ActiveDirectory2FaBypassGroup.Any();
}
}
}