<liclass="level1"><divclass="li"> User module in authentication parameters now provides a “Same as authentication” value. You must revalidate it in the manager since all special values must be replaced by this <em>(Multi, Choice, Proxy, Slave, <abbrtitle="Security Assertion Markup Language">SAML</abbr>, OpenID*,…)</em></div>
</li>
<liclass="level1"><divclass="li"><strong>“Multi” doesn't exist anymore</strong>: it is replaced by the more powerful <ahref="authcombination.html"class="wikilink1"title="documentation:2.0:authcombination">Combination</a></div>
</li>
</ul>
<divclass="notewarning">Apache-ModPerl is no longer usable since version 2.4 <em>(many segfaults,…)</em>. LLNG doesn't use anymore ModPerl::Registry: all is now handle by FastCGI <em>(portal and manager)</em>.
<p>
<strong>For handlers, it is now recommended to migrate to Nginx !</strong>
<liclass="level1"><divclass="li"><ahref="https://en.wikipedia.org/wiki/Cross-site_request_forgery"class="urlextern"title="https://en.wikipedia.org/wiki/Cross-site_request_forgery"rel="nofollow">CSRF</a> protection <em>(Cross-Site Request Forgery)</em>: a token is build for each form. To disable it, set requireToken to 0 <em>(portal security parameters in the manager)</em></div>
</li>
<liclass="level1"><divclass="li"><ahref="https://en.wikipedia.org/wiki/Content_Security_Policy"class="urlextern"title="https://en.wikipedia.org/wiki/Content_Security_Policy"rel="nofollow">Content-Security-Policy</a> header: portal build dynamically this header. You can modify default values in the manager <em>(Général parameters » Advanced parameters » Security » Content-Security-Policy)</em></div>
<liclass="level1"><divclass="li"> SOAP server activation is now split in 2 parameters (configuration/sessions). You must set them else SOAP service will be disabled</div>
</li>
<liclass="level1"><divclass="li"> If you use “adminSessions” endpoint with “singleSession*” features, you must upgrade all portals in the same time</div>
</li>
<liclass="level1"><divclass="li"> SOAP services can be replaced by new REST services</div>
Portal has now many REST features and includes a plugin <abbrtitle="Application Programming Interface">API</abbr>. See Portal manpages to see how to write auth modules, issuers or other feature.
Portal is no more a big CGI object. it is written for Plack/PSGI. Little resume
</p>
<preclass="file">Portal object
|
+-> auth module
|
+-> userDB module
|
+-> issuer modules
|
+-> other plugins (notification,...)</pre>
<p>
The request is a separated object based on Lemonldap::NG::Portal::Main::Request which inherits from Lemonldap::NG::Common::PSGI::Request which inherits from Plack::Request. See manpages for more.