dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Preparation for 1.0rc2 release

This commit is contained in:
Clément Oudot 2010-07-05 16:20:17 +00:00
parent 15cb8f6e29
commit 192dd9c8e1
17 changed files with 353 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build/lemonldap-ng/Doxyfile
View File

@ -31,7 +31,7 @@ PROJECT_NAME = Lemonldap::NG
# This could be handy for archiving the generated documentation or
# if some version control system is used.
PROJECT_NUMBER = 0.9.5
PROJECT_NUMBER = 1.0rc2
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put.

103
build/lemonldap-ng/changelog
View File

@ -1,3 +1,106 @@
lemonldap-ng (1.0rc2) unstable; urgency=low
* [LEMONLDAP-20] - Parameter remoteCookieName is not available in
Manager
* [LEMONLDAP-21] - Special characters from SAML attribute statement are
not well encoded
* [LEMONLDAP-41] - Lasso CRITICAL error in AuthSAML logout process
* [LEMONLDAP-42] - [SAML][SP] Attrubtes sent trought IDP initiated SSO are
not registered into session
* [LEMONLDAP-43] - [SAML][SP] IDP should not be read from IDP cookie, but
from SAML request or response
* [LEMONLDAP-50] - [SAML][SP] OneTimeUse flag should not reduce session
duration
* [LEMONLDAP-53] - [SAML][IDP] sendLogoutResponseAfterLogoutRequest method
does not exists
* [LEMONLDAP-54] - Handler parameters (https, port, etc.) are not taken
into account if only defined in Manager, and not in ini file
* [LEMONLDAP-62] - [SAML] samldate2timestamp is not returning correct
timestamp
* [LEMONLDAP-64] - SLO error with simpleSAMLphp
* [LEMONLDAP-68] - Failed to load signing key for
http://urlIDP/saml/metadata
* [LEMONLDAP-69] - domain cannot contain "-" in Manager
* [LEMONLDAP-71] - samlIDPSSODescriptorArtifactResolutionServiceArtifact
wrong binding in Manager
* [LEMONLDAP-72] - [SAML] UTF-8 encoded attributes are reencoded
* [LEMONLDAP-73] - [SAML] Initial URL is not kept when IDP is choosen in
AuthSAML
* [LEMONLDAP-74] - [error] Unable to open relaystate session
* [LEMONLDAP-75] - SSO HTTP-POST profile not declared in IDP metadata
* [LEMONLDAP-76] - [SAML] SOAP SLO denied on IDP
* [LEMONLDAP-77] - Error when no SessionNotOnOrAfter value in authn
statement
* [LEMONLDAP-78] - Request Denied on SOAP SLO request on IDP
* [LEMONLDAP-79] - Mandatory attributes are not requested
* [LEMONLDAP-81] - SessionNotOnOrAfter should be set explicitely
* [LEMONLDAP-82] - CDA always use secured cookie even if requested site is
a http one
* [LEMONLDAP-100] - Secondary SAML session should be destroyed when
primary session is deleted
* [LEMONLDAP-105] - Error on SLO request for already closed session
* [LEMONLDAP-109] - Do not send AttributeStatement when no attribute
should be sent
* [LEMONLDAP-112] - Handler/AuthBasic does not use local cache
* [LEMONLDAP-113] - Lemonldap::NG is not compatible with the use of a LDAP
server using a different encoding than UTF-8 for storing passwords
* [LEMONLDAP-114] - Bad usage of Apache::Session::searchOn() on portal
* [LEMONLDAP-115] - In info page, when clicking on "Continue", we are not
redirected to urldc
* [LEMONLDAP-119] - Special UTF-8 characters raise error in metadata
* [LEMONLDAP-122] - Secondary SAML session are not deleted on local IDP
logout
* [LEMONLDAP-124] - Stop info/confirm timer at 0
* [LEMONLDAP-37] - [SAML] Proxy restriction should include all known IDP,
and not only target IDP
* [LEMONLDAP-44] - [SAML][SP] IDP list when unknown IDP in IDP cookie
* [LEMONLDAP-46] - [logout] verify referer into logout process
* [LEMONLDAP-47] - [SAML] RequestedAuthnContext should always be
translated into authenticationLevel
* [LEMONLDAP-51] - [SAML][IDP] SAML sessionIndex value should be a crypted
value of LL::NG session_id
* [LEMONLDAP-55] - Distribute SympaAutoLogin Handler
* [LEMONLDAP-70] - Do not throw error if no SP or no IDP configured
* [LEMONLDAP-80] - POST fields should be hidden
* [LEMONLDAP-87] - Attribute format selection in Manager
* [LEMONLDAP-89] - Security keys in service metadata
* [LEMONLDAP-90] - Group IDP and SP options
* [LEMONLDAP-91] - SOAP configuration parameter is not needed in SAML
* [LEMONLDAP-98] - Add option to disable SAML conditions checks
* [LEMONLDAP-104] - Store entities metadata in raw format
* [LEMONLDAP-106] - Display OK or ERROR icons on HTTP REDIRECT and HTTP
POST SLO iframes
* [LEMONLDAP-107] - Manage asynchronous SLO request on closed SSO session
(SAML IDP)
* [LEMONLDAP-126] - Put SAML parameters in Manager
* [LEMONLDAP-2] - [SAML] Attribute authority
* [LEMONLDAP-10] - [SAML] Manage certificate in service metadata
* [LEMONLDAP-31] - [SAML] Proxy IDP
* [LEMONLDAP-32] - [SAML] Manage Artifact methods for SAML messages
emission in SP
* [LEMONLDAP-33] - [SAML] Check "Destination" attribute
* [LEMONLDAP-35] - [SAML] Manage SLO trough SOAP
* [LEMONLDAP-36] - [SAML] Check dates and other conditions in SLO requests
* [LEMONLDAP-40] - [SAML] Dedicated portal errors code for SAML errors
* [LEMONLDAP-49] - [SAML][IDP] Manage encrypted NameID
* [LEMONLDAP-52] - IssuerDB activation rule
* [LEMONLDAP-56] - [SAML][IDP] SLO trough HTTP-POST
* [LEMONLDAP-66] - [SAMl][IDP] Options to check message signatures
* [LEMONLDAP-67] - [SAML][IDP] Map NameID Format to local session keys
* [LEMONLDAP-86] - Do not parse metadata on each authentication
* [LEMONLDAP-88] - Better signature management
* [LEMONLDAP-108] - NameID unspecified format should use the default
NameID format
* [LEMONLDAP-110] - Store SAML token in session
* [LEMONLDAP-111] - Build SLO response request with other SLO request
status
* [LEMONLDAP-116] - Allow metadata edition in Manager
* [LEMONLDAP-3] - [SAML] Attribute authority declaration in metadata
* [LEMONLDAP-83] - Set NameID in attribute request
* [LEMONLDAP-84] - Check format and friendly name of requested attribute
* [LEMONLDAP-85] - Check requested attribute values
* [LEMONLDAP-96] - Add encryptionkey in Attribute Authority metadata
lemonldap-ng (1.0rc1) unstable; urgency=low
* Little Debian changes (see 0.9.4.1-2 Debian changelog)

13
build/lemonldap-ng/doc/3-Table-of-contents-fr.html
View File

@ -490,6 +490,19 @@
<span class="wikiexternallink"><a href=
"http://www.mediawiki.org/">Official website</a></span></td>
</tr>
<tr class="table-even">
<td><strong class="strong">Drupal</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/drupal_logo.png" alt=
"drupal_logo.png" /></td>
<td>CMS<br />
<br />
<span class="wikilink"><a href="5-Appli-Drupal.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.drupal.org/">Official website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnecteurs">Connecteurs</span></h4>

13
build/lemonldap-ng/doc/3-Table-of-contents.html
View File

@ -478,6 +478,19 @@
<span class="wikiexternallink"><a href=
"http://www.mediawiki.org/">Official website</a></span></td>
</tr>
<tr class="table-even">
<td><strong class="strong">Drupal</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/drupal_logo.png" alt=
"drupal_logo.png" /></td>
<td>CMS<br />
<br />
<span class="wikilink"><a href="5-Appli-Drupal.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.drupal.org/">Official website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnectors">Connectors</span></h4>

14
build/lemonldap-ng/doc/3.1-Install-prerequesites.html
View File

@ -200,6 +200,8 @@
<li>GLib</li>
<li>Crypt::OpenSSL::RSA</li>
<li>Convert::PEM;</li>
</ul>
<h5 class="heading-1-1-1-1"><span id="HCAS">CAS</span></h5>
@ -342,6 +344,18 @@
<td>0.91</td>
</tr>
<tr class="table-odd">
<td>1.0-rc2</td>
<td>0.97</td>
<td>0.94</td>
<td>0.94</td>
<td>0.92</td>
</tr>
</table>
</div>

191
build/lemonldap-ng/doc/5-Appli-Drupal.html Normal file
View File

@ -0,0 +1,191 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 25 March 2009), see www.w3.org" />
<title>Lemonldap::NG documentation: 5-Appli-Drupal.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HDrupal">Drupal</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HPresentation">Presentation</a></li>
<li>
<a href="#HIntegrationwithLemonLDAP3A3ANG">Integration with
LemonLDAP::NG</a>
<ul>
<li><a href="#HOnDrupalside">On Drupal side</a></li>
<li><a href="#HOnLemonLDAP3A3ANGside">On LemonLDAP::NG side</a></li>
</ul>
</li>
<li><a href="#HProtectonlytheadministrationpages">Protect only the
administration pages</a></li>
</ul>
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>Drupal is a CMS written in PHP. It can works with
external modules to extends its functionalities. One of this module can be
used to delegate authentication server to the web server: <span class=
"wikiexternallink"><a href=
"http://drupal.org/project/Webserver_auth">Webserver_auth</a></span>.
<h3 class="heading-1-1"><span id=
"HIntegrationwithLemonLDAP3A3ANG">Integration with
LemonLDAP::NG</span></h3>
<h4 class="heading-1-1-1"><span id="HOnDrupalside">On Drupal
side</span></h4>
<p class="paragraph"></p>Install <span class="wikiexternallink"><a href=
"http://drupal.org/project/Webserver_auth">Webserver_auth</a></span>
module, by downloading it, and unarchive it in the drupal modules/
directory.
<p class="paragraph"></p>Then go on administration interface and enable
the module.
<h4 class="heading-1-1-1"><span id="HOnLemonLDAP3A3ANGside">On
LemonLDAP::NG side</span></h4>
<p class="paragraph"></p>Declare a VirtualHost in Apache for Drupal and
active SSO, for example:
<p class="paragraph"></p>
<div class="code">
<pre>
&lt;VirtualHost *&gt;
ServerName drupal.example.com<br /><br /> # SSO protection
PerlHeaderParserHandler My::Package<br /><br /> # DocumentRoot
DocumentRoot /<span class="java-keyword">var</span>/www/html/drupal/
DirectoryIndex index.php<br /><br /> LogLevel warn
ErrorLog /<span class="java-keyword">var</span>/log/httpd/drupal-error.log
CustomLog /<span class=
"java-keyword">var</span>/log/httpd/drupal-access.log combined
&lt;/VirtualHost&gt;
</pre>
</div>
<p class="paragraph"></p>Then add this host in LemonLDAP::NG
Manager.<br />
<br />
If you are using LemonLDAP::NG as proxy, you can use this in your Druapl
Apache configuration:<br />
<br />
<div class="code">
<pre>
SetEnvIfNoCase Auth-User <span class="java-quote">"(.*)"</span> REMOTE_USER=$1
</pre>
</div><br />
<br />
You can also catch the logout page with this rule:<br />
<br />
<div class="code">
<pre>
q=logout =&gt; logout_app_sso
</pre>
</div>
<h3 class="heading-1-1"><span id=
"HProtectonlytheadministrationpages">Protect only the administration
pages</span></h3><br />
<br />
With the above solution, all the Drupal site will be protected, so no
anonymous access will be allowed.<br />
<br />
Drupal navigation is based on query strings (?q=admin, ?q=user,
etc.).<br />
<br />
You can create a special vhost and use mod_rewrite to witch between open
and protected hosts:<br />
<br />
<div class="code">
<pre>
&lt;VirtualHost *&gt;
ServerName drupal.example.com<br /><br /> # DocumentRoot
DocumentRoot /<span class="java-keyword">var</span>/www/html/drupal/
DirectoryIndex index.php<br /><br /> # Redirect admin pages
RewriteEngine On
RewriteCond %{QUERY_STRING} q=(admin|user)
RewriteRule ^/(.*)$ <span class="nobr"><a href=
"http://drupaladmin.example.com/$1">http://drupaladmin.example.com/$1</a></span> [R]<br /><br /> LogLevel warn
ErrorLog /<span class="java-keyword">var</span>/log/httpd/drupal-error.log
CustomLog /<span class=
"java-keyword">var</span>/log/httpd/drupal-access.log combined
&lt;/VirtualHost&gt;
&lt;VirtualHost *&gt;
ServerName admindrupal.example.com<br /><br /> # SSO protection
PerlHeaderParserHandler My::Package<br /><br /> # DocumentRoot
DocumentRoot /<span class="java-keyword">var</span>/www/html/drupal/
DirectoryIndex index.php<br /><br /> LogLevel warn
ErrorLog /<span class=
"java-keyword">var</span>/log/httpd/admindrupal-error.log
CustomLog /<span class=
"java-keyword">var</span>/log/httpd/admindrupal-access.log combined
&lt;/VirtualHost&gt;
</pre>
</div>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>

4
build/lemonldap-ng/doc/5-Appli-MediaWiki.html
View File

@ -147,9 +147,7 @@ $_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
ServerName mediawiki.example.com<br /><br /> # SSO protection
PerlHeaderParserHandler My::Package<br /><br /> # DocumentRoot
DocumentRoot /<span class="java-keyword">var</span>/www/html/mediawiki/
DirectoryIndex index.php<br /><br /> LogLevel debug
ErrorDocument 403 <span class="nobr"><a href=
"http://auth.example.com/error&amp;#45;sso.pl">http://auth.example.com/error-sso.pl</a></span>
DirectoryIndex index.php<br /><br /> LogLevel warn
ErrorLog /<span class=
"java-keyword">var</span>/log/httpd/mediawiki-error.log
CustomLog /<span class=

1
build/lemonldap-ng/doc/index.html
View File

@ -103,6 +103,7 @@
<li><a href="4.9-Several-independant-portals.html">4.9 Several independant portals</a></li>
<li><a href="5-Appli-Bugzilla.html">5 Appli Bugzilla</a></li>
<li><a href="5-Appli-Dokuwiki.html">5 Appli Dokuwiki</a></li>
<li><a href="5-Appli-Drupal.html">5 Appli Drupal</a></li>
<li><a href="5-Appli-GLPI.html">5 Appli GLPI</a></li>
<li><a href="5-Appli-GRR.html">5 Appli GRR</a></li>
<li><a href="5-Appli-HTTP-Basic-Authentication.html">5 Appli HTTP Basic Authentication</a></li>

2
build/lemonldap-ng/scripts/doc.pl
View File

@ -94,6 +94,7 @@ my $docs = {
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppLiferay' => '5-Appli-Liferay.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppZimbra' => '5-Appli-Zimbra.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppMediaWiki' => '5-Appli-MediaWiki.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppDrupal' => '5-Appli-Drupal.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppTomcatValve' => '5-Appli-Tomcat-Valve.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppBasicAuthentication' => '5-Appli-HTTP-Basic-Authentication.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocAppSelfMade' => '5-Appli-self-made.html',
@ -276,6 +277,7 @@ while ( my ( $url, $file ) = each %$docs ) {
s#/xwiki/bin/view/NG/DocAppLiferay#5-Appli-Liferay.html#g;
s#/xwiki/bin/view/NG/DocAppZimbra#5-Appli-Zimbra.html#g;
s#/xwiki/bin/view/NG/DocAppMediaWiki#5-Appli-MediaWiki.html#g;
s#/xwiki/bin/view/NG/DocAppDrupal#5-Appli-Drupal.html#g;
s#/xwiki/bin/view/NG/DocAppTomcatValve#5-Appli-Tomcat-Valve.html#g;
s#/xwiki/bin/view/NG/DocAppBasicAuthentication#5-Appli-HTTP-Basic-Authentication.html#g;
s#/xwiki/bin/view/NG/DocAppselfMade#5-Appli-self-made.html#g;

2
modules/lemonldap-ng-common/META.yml
View File

@ -1,6 +1,6 @@
--- #YAML:1.0
name: Lemonldap-NG-Common
version: 0.96
version: 0.97
abstract: Common files for Lemonldap::NG infrastructure
author:
- Xavier Guimard <x.guimard@free.fr>, Clément Oudot <clement@oodo.net>

2
modules/lemonldap-ng-common/lib/Lemonldap/NG/Common.pm
View File

@ -1,6 +1,6 @@
package Lemonldap::NG::Common;
our $VERSION = '0.96';
our $VERSION = '0.97';
use strict;

2
modules/lemonldap-ng-handler/META.yml
View File

@ -1,6 +1,6 @@
--- #YAML:1.0
name: Lemonldap-NG-Handler
version: 0.93
version: 0.94
abstract: The Apache protection module part of
author:
- Xavier Guimard <x.guimard@free.fr>

2
modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler.pm
View File

@ -5,7 +5,7 @@
# Alias for Lemonldap::NG::Handler::SharedConf
package Lemonldap::NG::Handler;
our $VERSION = "0.93";
our $VERSION = "0.94";
use Lemonldap::NG::Handler::SharedConf;
use base qw(Lemonldap::NG::Handler::SharedConf);

10
modules/lemonldap-ng-manager/META.yml
View File

@ -1,17 +1,21 @@
--- #YAML:1.0
name: Lemonldap-NG-Manager
version: 0.93
version: 0.94
abstract: Perl extension for managing Lemonldap::NG Web-SSO
author:
- Xavier Guimard <x.guimard@free.fr>
- Xavier Guimard <x.guimard@free.fr>, Clément Oudot <clement@oodo.net>, Thomas Chemineau <thomas.chemineau@gmail.com>
license: perl
distribution_type: module
configure_requires:
ExtUtils::MakeMaker: 0
build_requires:
IO::String: 0
Convert::PEM: 0
Crypt::OpenSSL::RSA: 0
IO::String: 0
requires:
CGI: 3.08
Convert::PEM: 0
Crypt::OpenSSL::RSA: 0
HTML::Template: 0
IO::String: 0
Lemonldap::NG::Common: 0.96

2
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
View File

@ -11,7 +11,7 @@ use Lemonldap::NG::Manager::Help; #inherits
use Lemonldap::NG::Common::Conf; #link protected conf Configuration
use Lemonldap::NG::Common::Conf::Constants; #inherits
our $VERSION = '0.93';
our $VERSION = '0.94';
our @ISA = qw(
Lemonldap::NG::Handler::CGI
Lemonldap::NG::Manager::Downloader

2
modules/lemonldap-ng-portal/META.yml
View File

@ -1,6 +1,6 @@
--- #YAML:1.0
name: Lemonldap-NG-Portal
version: 0.91
version: 0.92
abstract: The authentication portal part of Lemonldap::NG Web-SSO
author:
- Xavier Guimard <x.guimard@free.fr>, Clément Oudot <clement@oodo.net>, Thomas Chemineau <thomas.chemineau@gmail.com>, Mikael Ates <mikael.ates@univ-st-etienne.fr>

2
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
View File

@ -5,7 +5,7 @@
# Alias for Lemonldap::NG::SharedConf
package Lemonldap::NG::Portal;
our $VERSION = '0.91';
our $VERSION = '0.92';
use Lemonldap::NG::Portal::SharedConf;
use base 'Lemonldap::NG::Portal::SharedConf';