1<?php 2/* 3** Zabbix 4** Copyright (C) 2001-2021 Zabbix SIA 5** 6** This program is free software; you can redistribute it and/or modify 7** it under the terms of the GNU General Public License as published by 8** the Free Software Foundation; either version 2 of the License, or 9** (at your option) any later version. 10** 11** This program is distributed in the hope that it will be useful, 12** but WITHOUT ANY WARRANTY; without even the implied warranty of 13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14** GNU General Public License for more details. 15** 16** You should have received a copy of the GNU General Public License 17** along with this program; if not, write to the Free Software 18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19**/ 20 21 22/** 23 * @var CView $this 24 */ 25 26$this->addJsFile('class.tab-indicators.js'); 27$this->includeJsFile('administration.authentication.edit.js.php'); 28 29// Authentication general fields and HTTP authentication fields. 30$auth_tab = (new CFormList('list_auth')) 31 ->addRow(new CLabel(_('Default authentication'), 'authentication_type'), 32 (new CRadioButtonList('authentication_type', (int) $data['authentication_type'])) 33 ->setAttribute('autofocus', 'autofocus') 34 ->addValue(_x('Internal', 'authentication'), ZBX_AUTH_INTERNAL) 35 ->addValue(_('LDAP'), ZBX_AUTH_LDAP) 36 ->setModern(true) 37 ->removeId() 38 ); 39 40// HTTP authentication fields. 41$http_tab = (new CFormList('list_http')) 42 ->addRow(new CLabel(_('Enable HTTP authentication'), 'http_auth_enabled'), 43 (new CCheckBox('http_auth_enabled', ZBX_AUTH_HTTP_ENABLED)) 44 ->setChecked($data['http_auth_enabled'] == ZBX_AUTH_HTTP_ENABLED) 45 ->setUncheckedValue(ZBX_AUTH_HTTP_DISABLED) 46 ) 47 ->addRow(new CLabel(_('Default login form'), 'label-http-login-form'), 48 (new CSelect('http_login_form')) 49 ->setFocusableElementId('label-http-login-form') 50 ->setValue($data['http_login_form']) 51 ->addOptions(CSelect::createOptionsFromArray([ 52 ZBX_AUTH_FORM_ZABBIX => _('Zabbix login form'), 53 ZBX_AUTH_FORM_HTTP => _('HTTP login form') 54 ])) 55 ->setDisabled($data['http_auth_enabled'] != ZBX_AUTH_HTTP_ENABLED) 56 ) 57 ->addRow(new CLabel(_('Remove domain name'), 'http_strip_domains'), 58 (new CTextBox('http_strip_domains', $data['http_strip_domains'])) 59 ->setEnabled($data['http_auth_enabled']) 60 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 61 ) 62 ->addRow(new CLabel(_('Case sensitive login'), 'http_case_sensitive'), 63 (new CCheckBox('http_case_sensitive', ZBX_AUTH_CASE_SENSITIVE)) 64 ->setChecked($data['http_case_sensitive'] == ZBX_AUTH_CASE_SENSITIVE) 65 ->setEnabled($data['http_auth_enabled'] == ZBX_AUTH_HTTP_ENABLED) 66 ->setUncheckedValue(ZBX_AUTH_CASE_INSENSITIVE) 67 ); 68 69// LDAP configuration fields. 70if ($data['change_bind_password']) { 71 $password_box = [ 72 new CVar('change_bind_password', 1), 73 (new CPassBox('ldap_bind_password', $data['ldap_bind_password'])) 74 ->setEnabled($data['ldap_enabled']) 75 ->setWidth(ZBX_TEXTAREA_SMALL_WIDTH) 76 ]; 77} 78else { 79 $password_box = [ 80 new CVar('action_passw_change', $data['action_passw_change']), 81 (new CButton('change_bind_password', _('Change password'))) 82 ->setEnabled($data['ldap_enabled']) 83 ->addClass(ZBX_STYLE_BTN_GREY) 84 ]; 85} 86 87$ldap_tab = (new CFormList('list_ldap')) 88 ->addRow(new CLabel(_('Enable LDAP authentication'), 'ldap_configured'), 89 $data['ldap_error'] 90 ? (new CLabel($data['ldap_error']))->addClass(ZBX_STYLE_RED) 91 : (new CCheckBox('ldap_configured', ZBX_AUTH_LDAP_ENABLED)) 92 ->setChecked($data['ldap_configured'] == ZBX_AUTH_LDAP_ENABLED) 93 ->setUncheckedValue(ZBX_AUTH_LDAP_DISABLED) 94 ) 95 ->addRow((new CLabel(_('LDAP host'), 'ldap_host'))->setAsteriskMark(), 96 (new CTextBox('ldap_host', $data['ldap_host'])) 97 ->setEnabled($data['ldap_enabled']) 98 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 99 ->setAriaRequired() 100 ) 101 ->addRow((new CLabel(_('Port'), 'ldap_port'))->setAsteriskMark(), 102 (new CNumericBox('ldap_port', $data['ldap_port'], 5)) 103 ->setEnabled($data['ldap_enabled']) 104 ->setWidth(ZBX_TEXTAREA_NUMERIC_STANDARD_WIDTH) 105 ->setAriaRequired() 106 ) 107 ->addRow((new CLabel(_('Base DN'), 'ldap_base_dn'))->setAsteriskMark(), 108 (new CTextBox('ldap_base_dn', $data['ldap_base_dn'])) 109 ->setEnabled($data['ldap_enabled']) 110 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 111 ->setAriaRequired() 112 ) 113 ->addRow((new CLabel(_('Search attribute'), 'ldap_search_attribute'))->setAsteriskMark(), 114 (new CTextBox('ldap_search_attribute', $data['ldap_search_attribute'])) 115 ->setEnabled($data['ldap_enabled']) 116 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 117 ->setAriaRequired() 118 ) 119 ->addRow(new CLabel(_('Bind DN'), 'ldap_bind_dn'), 120 (new CTextBox('ldap_bind_dn', $data['ldap_bind_dn'])) 121 ->setEnabled($data['ldap_enabled']) 122 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 123 ) 124 ->addRow(new CLabel(_('Case sensitive login'), 'ldap_case_sensitive'), 125 (new CCheckBox('ldap_case_sensitive', ZBX_AUTH_CASE_SENSITIVE)) 126 ->setChecked($data['ldap_case_sensitive'] == ZBX_AUTH_CASE_SENSITIVE) 127 ->setEnabled($data['ldap_configured'] == ZBX_AUTH_LDAP_ENABLED) 128 ->setUncheckedValue(ZBX_AUTH_CASE_INSENSITIVE) 129 ) 130 ->addRow(new CLabel(_('Bind password'), 'ldap_bind_password'), $password_box) 131 ->addRow(_('Test authentication'), ' ['._('must be a valid LDAP user').']') 132 ->addRow((new CLabel(_('Login'), 'ldap_test_user'))->setAsteriskMark(), 133 (new CTextBox('ldap_test_user', $data['ldap_test_user'])) 134 ->setEnabled($data['ldap_enabled']) 135 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 136 ->setAriaRequired() 137 ) 138 ->addRow((new CLabel(_('User password'), 'ldap_test_password'))->setAsteriskMark(), 139 (new CPassBox('ldap_test_password', $data['ldap_test_password'])) 140 ->setEnabled($data['ldap_enabled']) 141 ->setWidth(ZBX_TEXTAREA_SMALL_WIDTH) 142 ->setAriaRequired() 143 ); 144 145// SAML authentication fields. 146$saml_tab = (new CFormList('list_saml')) 147 ->addRow(new CLabel(_('Enable SAML authentication'), 'saml_auth_enabled'), 148 $data['saml_error'] 149 ? (new CLabel($data['saml_error']))->addClass(ZBX_STYLE_RED) 150 : (new CCheckBox('saml_auth_enabled', ZBX_AUTH_SAML_ENABLED)) 151 ->setChecked($data['saml_auth_enabled'] == ZBX_AUTH_SAML_ENABLED) 152 ->setUncheckedValue(ZBX_AUTH_SAML_DISABLED) 153 ) 154 ->addRow((new CLabel(_('IdP entity ID'), 'saml_idp_entityid'))->setAsteriskMark(), 155 (new CTextBox('saml_idp_entityid', $data['saml_idp_entityid'], false, 156 DB::getFieldLength('config', 'saml_idp_entityid') 157 )) 158 ->setEnabled($data['saml_enabled']) 159 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 160 ->setAriaRequired() 161 ) 162 ->addRow((new CLabel(_('SSO service URL'), 'saml_sso_url'))->setAsteriskMark(), 163 (new CTextBox('saml_sso_url', $data['saml_sso_url'], false, DB::getFieldLength('config', 'saml_sso_url'))) 164 ->setEnabled($data['saml_enabled']) 165 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 166 ->setAriaRequired() 167 ) 168 ->addRow(new CLabel(_('SLO service URL'), 'saml_slo_url'), 169 (new CTextBox('saml_slo_url', $data['saml_slo_url'], false, DB::getFieldLength('config', 'saml_slo_url'))) 170 ->setEnabled($data['saml_enabled']) 171 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 172 ) 173 ->addRow((new CLabel(_('Username attribute'), 'saml_username_attribute'))->setAsteriskMark(), 174 (new CTextBox('saml_username_attribute', $data['saml_username_attribute'], false, 175 DB::getFieldLength('config', 'saml_username_attribute') 176 )) 177 ->setEnabled($data['saml_enabled']) 178 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 179 ->setAriaRequired() 180 ) 181 ->addRow((new CLabel(_('SP entity ID'), 'saml_sp_entityid'))->setAsteriskMark(), 182 (new CTextBox('saml_sp_entityid', $data['saml_sp_entityid'], false, 183 DB::getFieldLength('config', 'saml_sp_entityid') 184 )) 185 ->setEnabled($data['saml_enabled']) 186 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 187 ->setAriaRequired() 188 ) 189 ->addRow(new CLabel(_('SP name ID format'), 'saml_nameid_format'), 190 (new CTextBox('saml_nameid_format', $data['saml_nameid_format'], false, 191 DB::getFieldLength('config', 'saml_nameid_format') 192 )) 193 ->setEnabled($data['saml_enabled']) 194 ->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH) 195 ->setAttribute('placeholder', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient') 196 ) 197 ->addRow(_('Sign'), 198 (new CList()) 199 ->addClass(ZBX_STYLE_LIST_CHECK_RADIO) 200 ->addItem((new CCheckBox('saml_sign_messages')) 201 ->setLabel(_('Messages')) 202 ->setChecked($data['saml_sign_messages'] == 1) 203 ->setUncheckedValue(0) 204 ->setEnabled($data['saml_enabled']) 205 ) 206 ->addItem((new CCheckBox('saml_sign_assertions')) 207 ->setLabel(_('Assertions')) 208 ->setChecked($data['saml_sign_assertions'] == 1) 209 ->setUncheckedValue(0) 210 ->setEnabled($data['saml_enabled']) 211 ) 212 ->addItem((new CCheckBox('saml_sign_authn_requests')) 213 ->setLabel(_('AuthN requests')) 214 ->setChecked($data['saml_sign_authn_requests'] == 1) 215 ->setUncheckedValue(0) 216 ->setEnabled($data['saml_enabled']) 217 ) 218 ->addItem((new CCheckBox('saml_sign_logout_requests')) 219 ->setLabel(_('Logout requests')) 220 ->setChecked($data['saml_sign_logout_requests'] == 1) 221 ->setUncheckedValue(0) 222 ->setEnabled($data['saml_enabled']) 223 ) 224 ->addItem((new CCheckBox('saml_sign_logout_responses')) 225 ->setLabel(_('Logout responses')) 226 ->setChecked($data['saml_sign_logout_responses'] == 1) 227 ->setUncheckedValue(0) 228 ->setEnabled($data['saml_enabled']) 229 ) 230 ) 231 ->addRow(_('Encrypt'), 232 (new CList()) 233 ->addClass(ZBX_STYLE_LIST_CHECK_RADIO) 234 ->addItem((new CCheckBox('saml_encrypt_nameid')) 235 ->setLabel(_('Name ID')) 236 ->setChecked($data['saml_encrypt_nameid'] == 1) 237 ->setUncheckedValue(0) 238 ->setEnabled($data['saml_enabled']) 239 ) 240 ->addItem((new CCheckBox('saml_encrypt_assertions')) 241 ->setLabel(_('Assertions')) 242 ->setChecked($data['saml_encrypt_assertions'] == 1) 243 ->setUncheckedValue(0) 244 ->setEnabled($data['saml_enabled']) 245 ) 246 ) 247 ->addRow(new CLabel(_('Case sensitive login'), 'saml_case_sensitive'), 248 (new CCheckBox('saml_case_sensitive')) 249 ->setChecked($data['saml_case_sensitive'] == ZBX_AUTH_CASE_SENSITIVE) 250 ->setUncheckedValue(ZBX_AUTH_CASE_INSENSITIVE) 251 ->setEnabled($data['saml_enabled']) 252 ); 253 254(new CWidget()) 255 ->setTitle(_('Authentication')) 256 ->addItem((new CForm()) 257 ->addVar('action', $data['action_submit']) 258 ->addVar('db_authentication_type', $data['db_authentication_type']) 259 ->setId('authentication-form') 260 ->setName('form_auth') 261 ->setAttribute('aria-labeledby', ZBX_STYLE_PAGE_TITLE) 262 ->disablePasswordAutofill() 263 ->addItem((new CTabView()) 264 ->setSelected($data['form_refresh'] ? null : 0) 265 ->addTab('auth', _('Authentication'), $auth_tab) 266 ->addTab('http', _('HTTP settings'), $http_tab, TAB_INDICATOR_AUTH_HTTP) 267 ->addTab('ldap', _('LDAP settings'), $ldap_tab, TAB_INDICATOR_AUTH_LDAP) 268 ->addTab('saml', _('SAML settings'), $saml_tab, TAB_INDICATOR_AUTH_SAML) 269 ->setFooter(makeFormFooter( 270 (new CSubmit('update', _('Update'))), 271 [(new CSubmitButton(_('Test'), 'ldap_test', 1)) 272 ->addStyle(($data['form_refresh'] && CCookieHelper::get('tab') == 2) ? '' : 'display: none') 273 ->setEnabled($data['ldap_enabled']) 274 ] 275 )) 276 ->onTabChange('jQuery("[name=ldap_test]")[(ui.newTab.index() == 2) ? "show" : "hide"]()') 277 )) 278 ->show(); 279