diff --git a/lemonldap-ng-common/lemonldap-ng.ini b/lemonldap-ng-common/lemonldap-ng.ini index 0afcb79ba..6e352212e 100644 --- a/lemonldap-ng-common/lemonldap-ng.ini +++ b/lemonldap-ng-common/lemonldap-ng.ini @@ -292,6 +292,11 @@ languages = en, fr, vi, it, ar, de, fi ; Set to 0 to disable error on XSS attack detection ;checkXSS = 0 +; pdata cookie domain +; pdata cookie could not be sent with cross domains AJAX request +; Null is default value +;pdataDomain = example.com + ; CUSTOM PLUGINS ; If you want to add custom plugins, set list here (comma separated) ; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page. diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index f2912a786..d50ea30a4 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -2216,6 +2216,13 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ 'default' => 3, 'type' => 'int' }, + 'pdataDomain' => { + 'default' => '', + 'msgFail' => '__badDomainName__', + 'test' => +qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/, + 'type' => 'text' + }, 'persistentStorage' => { 'type' => 'PerlModule' }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 3e8847244..9abec5559 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -968,6 +968,14 @@ sub attributes { documentation => 'DNS domain', flags => 'hp', }, + pdataDomain => { + type => 'text', + test => qr/^(?:$Regexp::Common::URI::RFC2396::hostname)?$/, + msgFail => '__badDomainName__', + default => '', + documentation => 'pdata cookie DNS domain', + flags => 'hp', + }, httpOnly => { default => 1, type => 'bool', diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 5074c6d9f..b5bf0d949 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -61,7 +61,16 @@ sub handler { name => $self->conf->{cookieName} . 'pdata', ( %{ $req->pdata } - ? ( value => uri_escape( JSON::to_json( $req->pdata ) ) ) + ? ( ( + $self->conf->{pdataDomain} + ? ( + value => uri_escape( JSON::to_json( $req->pdata ) ), + domain => $self->conf->{pdataDomain}, + ) + : ( value => uri_escape( JSON::to_json( $req->pdata ) ), + ) + ) + ) : ( value => '', expires => 'Wed, 21 Oct 2015 00:00:00 GMT' diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-MultipleSP.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-MultipleSP.t index 444f9a109..34dc2c45b 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-MultipleSP.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-MultipleSP.t @@ -331,6 +331,7 @@ sub issuer { ini => { logLevel => $debug, domain => 'idp.com', + pdataDomain => 'idp.com', portal => 'http://auth.idp.com', authentication => 'Demo', userDB => 'Same', @@ -464,6 +465,7 @@ sub sp { ini => { logLevel => $debug, domain => 'sp.com', + pdataDomain => 'sp.com', portal => 'http://auth.sp.com', authentication => 'SAML', userDB => 'Same',