1<?php
2/*
3** Zabbix
4** Copyright (C) 2001-2021 Zabbix SIA
5**
6** This program is free software; you can redistribute it and/or modify
7** it under the terms of the GNU General Public License as published by
8** the Free Software Foundation; either version 2 of the License, or
9** (at your option) any later version.
10**
11** This program is distributed in the hope that it will be useful,
12** but WITHOUT ANY WARRANTY; without even the implied warranty of
13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14** GNU General Public License for more details.
15**
16** You should have received a copy of the GNU General Public License
17** along with this program; if not, write to the Free Software
18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19**/
20
21
22/**
23 * @var CView $this
24 */
25
26$this->addJsFile('class.tab-indicators.js');
27$this->includeJsFile('administration.authentication.edit.js.php');
28
29// Authentication general fields and HTTP authentication fields.
30$auth_tab = (new CFormList('list_auth'))
31	->addRow(new CLabel(_('Default authentication'), 'authentication_type'),
32		(new CRadioButtonList('authentication_type', (int) $data['authentication_type']))
33			->setAttribute('autofocus', 'autofocus')
34			->addValue(_x('Internal', 'authentication'), ZBX_AUTH_INTERNAL)
35			->addValue(_('LDAP'), ZBX_AUTH_LDAP)
36			->setModern(true)
37			->removeId()
38	);
39
40// HTTP authentication fields.
41$http_tab = (new CFormList('list_http'))
42	->addRow(new CLabel(_('Enable HTTP authentication'), 'http_auth_enabled'),
43		(new CCheckBox('http_auth_enabled', ZBX_AUTH_HTTP_ENABLED))
44			->setChecked($data['http_auth_enabled'] == ZBX_AUTH_HTTP_ENABLED)
45			->setUncheckedValue(ZBX_AUTH_HTTP_DISABLED)
46	)
47	->addRow(new CLabel(_('Default login form'), 'label-http-login-form'),
48		(new CSelect('http_login_form'))
49			->setFocusableElementId('label-http-login-form')
50			->setValue($data['http_login_form'])
51			->addOptions(CSelect::createOptionsFromArray([
52				ZBX_AUTH_FORM_ZABBIX => _('Zabbix login form'),
53				ZBX_AUTH_FORM_HTTP => _('HTTP login form')
54			]))
55			->setDisabled($data['http_auth_enabled'] != ZBX_AUTH_HTTP_ENABLED)
56	)
57	->addRow(new CLabel(_('Remove domain name'), 'http_strip_domains'),
58		(new CTextBox('http_strip_domains', $data['http_strip_domains']))
59			->setEnabled($data['http_auth_enabled'])
60			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
61	)
62	->addRow(new CLabel(_('Case sensitive login'), 'http_case_sensitive'),
63		(new CCheckBox('http_case_sensitive', ZBX_AUTH_CASE_SENSITIVE))
64			->setChecked($data['http_case_sensitive'] == ZBX_AUTH_CASE_SENSITIVE)
65			->setEnabled($data['http_auth_enabled'] == ZBX_AUTH_HTTP_ENABLED)
66			->setUncheckedValue(ZBX_AUTH_CASE_INSENSITIVE)
67	);
68
69// LDAP configuration fields.
70if ($data['change_bind_password']) {
71	$password_box = [
72		new CVar('change_bind_password', 1),
73		(new CPassBox('ldap_bind_password', $data['ldap_bind_password']))
74			->setEnabled($data['ldap_enabled'])
75			->setWidth(ZBX_TEXTAREA_SMALL_WIDTH)
76	];
77}
78else {
79	$password_box = [
80		new CVar('action_passw_change', $data['action_passw_change']),
81		(new CButton('change_bind_password', _('Change password')))
82			->setEnabled($data['ldap_enabled'])
83			->addClass(ZBX_STYLE_BTN_GREY)
84	];
85}
86
87$ldap_tab = (new CFormList('list_ldap'))
88	->addRow(new CLabel(_('Enable LDAP authentication'), 'ldap_configured'),
89		$data['ldap_error']
90			? (new CLabel($data['ldap_error']))->addClass(ZBX_STYLE_RED)
91			: (new CCheckBox('ldap_configured', ZBX_AUTH_LDAP_ENABLED))
92				->setChecked($data['ldap_configured'] == ZBX_AUTH_LDAP_ENABLED)
93				->setUncheckedValue(ZBX_AUTH_LDAP_DISABLED)
94	)
95	->addRow((new CLabel(_('LDAP host'), 'ldap_host'))->setAsteriskMark(),
96		(new CTextBox('ldap_host', $data['ldap_host']))
97			->setEnabled($data['ldap_enabled'])
98			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
99			->setAriaRequired()
100	)
101	->addRow((new CLabel(_('Port'), 'ldap_port'))->setAsteriskMark(),
102		(new CNumericBox('ldap_port', $data['ldap_port'], 5))
103			->setEnabled($data['ldap_enabled'])
104			->setWidth(ZBX_TEXTAREA_NUMERIC_STANDARD_WIDTH)
105			->setAriaRequired()
106	)
107	->addRow((new CLabel(_('Base DN'), 'ldap_base_dn'))->setAsteriskMark(),
108		(new CTextBox('ldap_base_dn', $data['ldap_base_dn']))
109			->setEnabled($data['ldap_enabled'])
110			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
111			->setAriaRequired()
112	)
113	->addRow((new CLabel(_('Search attribute'), 'ldap_search_attribute'))->setAsteriskMark(),
114		(new CTextBox('ldap_search_attribute', $data['ldap_search_attribute']))
115			->setEnabled($data['ldap_enabled'])
116			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
117			->setAriaRequired()
118	)
119	->addRow(new CLabel(_('Bind DN'), 'ldap_bind_dn'),
120		(new CTextBox('ldap_bind_dn', $data['ldap_bind_dn']))
121			->setEnabled($data['ldap_enabled'])
122			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
123	)
124	->addRow(new CLabel(_('Case sensitive login'), 'ldap_case_sensitive'),
125		(new CCheckBox('ldap_case_sensitive', ZBX_AUTH_CASE_SENSITIVE))
126			->setChecked($data['ldap_case_sensitive'] == ZBX_AUTH_CASE_SENSITIVE)
127			->setEnabled($data['ldap_configured'] == ZBX_AUTH_LDAP_ENABLED)
128			->setUncheckedValue(ZBX_AUTH_CASE_INSENSITIVE)
129	)
130	->addRow(new CLabel(_('Bind password'), 'ldap_bind_password'), $password_box)
131	->addRow(_('Test authentication'), ' ['._('must be a valid LDAP user').']')
132	->addRow((new CLabel(_('Login'), 'ldap_test_user'))->setAsteriskMark(),
133		(new CTextBox('ldap_test_user', $data['ldap_test_user']))
134			->setEnabled($data['ldap_enabled'])
135			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
136			->setAriaRequired()
137	)
138	->addRow((new CLabel(_('User password'), 'ldap_test_password'))->setAsteriskMark(),
139		(new CPassBox('ldap_test_password', $data['ldap_test_password']))
140			->setEnabled($data['ldap_enabled'])
141			->setWidth(ZBX_TEXTAREA_SMALL_WIDTH)
142			->setAriaRequired()
143	);
144
145// SAML authentication fields.
146$saml_tab = (new CFormList('list_saml'))
147	->addRow(new CLabel(_('Enable SAML authentication'), 'saml_auth_enabled'),
148		$data['saml_error']
149			? (new CLabel($data['saml_error']))->addClass(ZBX_STYLE_RED)
150			: (new CCheckBox('saml_auth_enabled', ZBX_AUTH_SAML_ENABLED))
151				->setChecked($data['saml_auth_enabled'] == ZBX_AUTH_SAML_ENABLED)
152				->setUncheckedValue(ZBX_AUTH_SAML_DISABLED)
153	)
154	->addRow((new CLabel(_('IdP entity ID'), 'saml_idp_entityid'))->setAsteriskMark(),
155		(new CTextBox('saml_idp_entityid', $data['saml_idp_entityid'], false,
156			DB::getFieldLength('config', 'saml_idp_entityid')
157		))
158			->setEnabled($data['saml_enabled'])
159			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
160			->setAriaRequired()
161	)
162	->addRow((new CLabel(_('SSO service URL'), 'saml_sso_url'))->setAsteriskMark(),
163		(new CTextBox('saml_sso_url', $data['saml_sso_url'], false, DB::getFieldLength('config', 'saml_sso_url')))
164			->setEnabled($data['saml_enabled'])
165			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
166			->setAriaRequired()
167	)
168	->addRow(new CLabel(_('SLO service URL'), 'saml_slo_url'),
169		(new CTextBox('saml_slo_url', $data['saml_slo_url'], false, DB::getFieldLength('config', 'saml_slo_url')))
170			->setEnabled($data['saml_enabled'])
171			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
172	)
173	->addRow((new CLabel(_('Username attribute'), 'saml_username_attribute'))->setAsteriskMark(),
174		(new CTextBox('saml_username_attribute', $data['saml_username_attribute'], false,
175			DB::getFieldLength('config', 'saml_username_attribute')
176		))
177			->setEnabled($data['saml_enabled'])
178			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
179			->setAriaRequired()
180	)
181	->addRow((new CLabel(_('SP entity ID'), 'saml_sp_entityid'))->setAsteriskMark(),
182		(new CTextBox('saml_sp_entityid', $data['saml_sp_entityid'], false,
183			DB::getFieldLength('config', 'saml_sp_entityid')
184		))
185			->setEnabled($data['saml_enabled'])
186			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
187			->setAriaRequired()
188	)
189	->addRow(new CLabel(_('SP name ID format'), 'saml_nameid_format'),
190		(new CTextBox('saml_nameid_format', $data['saml_nameid_format'], false,
191			DB::getFieldLength('config', 'saml_nameid_format')
192		))
193			->setEnabled($data['saml_enabled'])
194			->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH)
195			->setAttribute('placeholder', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')
196	)
197	->addRow(_('Sign'),
198		(new CList())
199			->addClass(ZBX_STYLE_LIST_CHECK_RADIO)
200			->addItem((new CCheckBox('saml_sign_messages'))
201				->setLabel(_('Messages'))
202				->setChecked($data['saml_sign_messages'] == 1)
203				->setUncheckedValue(0)
204				->setEnabled($data['saml_enabled'])
205			)
206			->addItem((new CCheckBox('saml_sign_assertions'))
207				->setLabel(_('Assertions'))
208				->setChecked($data['saml_sign_assertions'] == 1)
209				->setUncheckedValue(0)
210				->setEnabled($data['saml_enabled'])
211			)
212			->addItem((new CCheckBox('saml_sign_authn_requests'))
213				->setLabel(_('AuthN requests'))
214				->setChecked($data['saml_sign_authn_requests'] == 1)
215				->setUncheckedValue(0)
216				->setEnabled($data['saml_enabled'])
217			)
218			->addItem((new CCheckBox('saml_sign_logout_requests'))
219				->setLabel(_('Logout requests'))
220				->setChecked($data['saml_sign_logout_requests'] == 1)
221				->setUncheckedValue(0)
222				->setEnabled($data['saml_enabled'])
223			)
224			->addItem((new CCheckBox('saml_sign_logout_responses'))
225				->setLabel(_('Logout responses'))
226				->setChecked($data['saml_sign_logout_responses'] == 1)
227				->setUncheckedValue(0)
228				->setEnabled($data['saml_enabled'])
229			)
230	)
231	->addRow(_('Encrypt'),
232		(new CList())
233			->addClass(ZBX_STYLE_LIST_CHECK_RADIO)
234			->addItem((new CCheckBox('saml_encrypt_nameid'))
235				->setLabel(_('Name ID'))
236				->setChecked($data['saml_encrypt_nameid'] == 1)
237				->setUncheckedValue(0)
238				->setEnabled($data['saml_enabled'])
239			)
240			->addItem((new CCheckBox('saml_encrypt_assertions'))
241				->setLabel(_('Assertions'))
242				->setChecked($data['saml_encrypt_assertions'] == 1)
243				->setUncheckedValue(0)
244				->setEnabled($data['saml_enabled'])
245			)
246	)
247	->addRow(new CLabel(_('Case sensitive login'), 'saml_case_sensitive'),
248		(new CCheckBox('saml_case_sensitive'))
249			->setChecked($data['saml_case_sensitive'] == ZBX_AUTH_CASE_SENSITIVE)
250			->setUncheckedValue(ZBX_AUTH_CASE_INSENSITIVE)
251			->setEnabled($data['saml_enabled'])
252	);
253
254(new CWidget())
255	->setTitle(_('Authentication'))
256	->addItem((new CForm())
257		->addVar('action', $data['action_submit'])
258		->addVar('db_authentication_type', $data['db_authentication_type'])
259		->setId('authentication-form')
260		->setName('form_auth')
261		->setAttribute('aria-labeledby', ZBX_STYLE_PAGE_TITLE)
262		->disablePasswordAutofill()
263		->addItem((new CTabView())
264			->setSelected($data['form_refresh'] ? null : 0)
265			->addTab('auth', _('Authentication'), $auth_tab)
266			->addTab('http', _('HTTP settings'), $http_tab, TAB_INDICATOR_AUTH_HTTP)
267			->addTab('ldap', _('LDAP settings'), $ldap_tab, TAB_INDICATOR_AUTH_LDAP)
268			->addTab('saml', _('SAML settings'), $saml_tab, TAB_INDICATOR_AUTH_SAML)
269			->setFooter(makeFormFooter(
270				(new CSubmit('update', _('Update'))),
271				[(new CSubmitButton(_('Test'), 'ldap_test', 1))
272					->addStyle(($data['form_refresh'] && CCookieHelper::get('tab') == 2) ? '' : 'display: none')
273					->setEnabled($data['ldap_enabled'])
274				]
275			))
276			->onTabChange('jQuery("[name=ldap_test]")[(ui.newTab.index() == 2) ? "show" : "hide"]()')
277	))
278	->show();
279