dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0'

This commit is contained in:
Xavier 2019-04-11 22:12:02 +02:00
parent 4d7a3b8a33 999c43b32d
commit 27bf1ea3d8
65 changed files with 539 additions and 266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
changelog
View File

@ -1,3 +1,54 @@
lemonldap-ng (2.0.3) bionic; urgency=medium
* Bugs:
* #1543: Redirection lost with CAS RP -> Choice -> SAML Discovery Protocol -> SAML IDP
* #1654: Password must change on AD still not fully working
* #1656: No IP shown in history logon
* #1667: [Security:medium] Option userControl is not applied anymore in standard login process
* #1671: Error in SP-initiated saml logout with multiple SP
* #1672: In SAML Issuer, environment variables to store current SP are not filled
* #1673: Application list display and specific rules
* #1675: [Security:minor] Using /logout instead of /?logout=1 does not work
* #1676: Active Directory connection information not saved
* #1679: Default jQuery URL in form replay has changed
* #1680: In form replay, POST data keys are not URL encoded
* #1682: LinkedIn OAuth2 authentication is not available in combination modules list
* #1683: Changing configuration option cspScript has no effect
* #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
* #1686: SOAP Portal WSDL file is invalid
* #1691: Password policy can't display messages
* #1692: Parameter base64 is ignored in setHiddenFormValue
* #1693: Information is not displayed in logout process
* #1698: Invalid pdata causes SAML login to fail after logout
* #1703: Fix faulty headers on a null value
* #1708: lmerror page loops on url parameter
* New features:
* #1632: Optionally let Ext2F module handle code generation
* #1658: CheckUser plugin
* #1661: Configuration viewer module
* #1664: Impersonation plugin
* #1697: Command-line tool to delete session for specific user(s)
* Improvements:
* #1549: Option to override IDP entityID
* #1595: Possibility to override message with a custom JSON file in template
* #1651: Disable cache on portal page
* #1653: Allow failback to default skin when a template is not found in custom theme
* #1660: Restore possibility to hide message in portal template
* #1666: Display errors on login form
* #1668: As IDP SAML, do not try to send SLO response if no SLO endpoint defined in SP metadata
* #1670: Display "authentication in progress" when using Ajax with Kerberos
* #1681: Change behavior with SAML mandatory/optional attributes in SAML Issuer
* #1687: Add granted log for user and connexion informations
* #1694: Disable CSRF token with AuthBasic
* #1696: Remove unnecessary antiframe protection in portal javascript
* #1699: Authentication level for REST and GPG authentication
* #1700: Update AuthBasic handler doc : REST server is required
* #1704: Append parameter to sort IDP, OP and CAS servers in Auth menu loop
-- Clément <clem.oudot@gmail.com> Thu, 11 Apr 2019 10:09:35 +0200
lemonldap-ng (2.0.2) bionic; urgency=medium
* Bugs:
@ -11,8 +62,8 @@ lemonldap-ng (2.0.2) bionic; urgency=medium
* #1618: Version in server signature is wrong
* #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager
* #1627: Display issue with GrantSession plugin
* #1628: GrantSession plugin discloses its message to unlogged users
* #1630: SSO cookie is sent to protected applications with Nginx-based ReverseProxy
* #1628: [Security:minor] GrantSession plugin discloses its message to unlogged users
* #1630: [Security:minor] SSO cookie is sent to protected applications with Nginx-based ReverseProxy
* #1636: SSL and Kerberos Auth Modules don t work with choice
* #1639: User must change password on AD is broken
* #1642: Unable to select skin from URL

7
debian/changelog vendored
View File

@ -1,3 +1,10 @@
lemonldap-ng (2.0.3-1) unstable; urgency=medium
* New release. See changes on our website:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
-- Clement OUDOT <clement@oodo.net> Thu, 11 Apr 2019 12:00:00 +0100
lemonldap-ng (2.0.2-1) unstable; urgency=medium
* New release. See changes on our website:

1
debian/liblemonldap-ng-manager-perl.install vendored
View File

@ -4,3 +4,4 @@
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli
/usr/share/lemonldap-ng/manager
/usr/share/lemonldap-ng/bin/lmConfigEditor
/usr/share/lemonldap-ng/bin/llngDeleteSession

4
doc/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1554841473" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1554967327" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1554841473" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1554967327" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/authcas.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcas</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authcas"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcas.html"/>
@ -122,6 +122,8 @@ Then create the list of <abbr title="Central Authentication Service">CAS</abbr>
</li>
<li class="level1"><div class="li"> <strong>Icon</strong>: Path to <abbr title="Central Authentication Service">CAS</abbr> Server icon. Used only if you have more than 1 <abbr title="Central Authentication Service">CAS</abbr> server declared</div>
</li>
<li class="level1"><div class="li"> <strong>Order</strong>: Number to sort <abbr title="Central Authentication Service">CAS</abbr> Servers display</div>
</li>
<li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
<ul>
<li class="level2"><div class="li"> <strong>Key</strong>: Service ID</div>

38
doc/pages/documentation/current/authcombination.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcombination</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authcombination"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcombination.html"/>
@ -159,11 +159,21 @@ For example:
</table></div>
<!-- EDIT6 TABLE [1133-1256] -->
<p>
Usually, you can&#039;t declare two modules of the same type if they don&#039;t have the same parameters. For example, usually you can&#039;t declare a MySQL <abbr title="Database Interface">DBI</abbr> and a PostgreSQL <abbr title="Database Interface">DBI</abbr>, because there is no extra field for PostgreSQL parameters. Now with Combination, you can declare some overloaded parameters. For example, if <abbr title="Database Interface">DBI</abbr> is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the “dbiChain” parameter.
Usually, you can&#039;t declare two modules of the same type if they don&#039;t have the same parameters. For example, usually you can&#039;t declare a MySQL <abbr title="Database Interface">DBI</abbr> and a PostgreSQL <abbr title="Database Interface">DBI</abbr>, because there is no extra field for PostgreSQL parameters. Now with Combination, you can declare some overloaded parameters.
</p>
<p>
For example, if <abbr title="Database Interface">DBI</abbr> is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the “dbiChain” parameter.
</p>
<p>
You can also override a complex key like ldapExportedVars, by setting a JSON value:
</p>
<pre class="code javascript"><span class="br0">&#123;</span><span class="st0">&quot;cn&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;cn&quot;</span><span class="sy0">,</span> <span class="st0">&quot;uid&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;sAMAccounName&quot;</span><span class="sy0">,</span> <span class="st0">&quot;mail&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;mail&quot;</span><span class="br0">&#125;</span></pre>
<div class="noteimportant">If your JSON is corrupted, LLNG will use it as string and just report a warning in logs.
</div>
<!-- EDIT5 SECTION "Modules declaration" [516-1670] -->
</div>
<!-- EDIT5 SECTION "Modules declaration" [516-1953] -->
<h3 class="sectionedit7" id="rule_chain">Rule chain</h3>
<div class="level3">
@ -212,7 +222,7 @@ Remember that schemes in rules are the names declared above.
<td class="col0 leftalign"> <code>[mySSL and myLDAP, myLDAP ]</code> </td><td class="col1"> Use mySSL and myLDAP to authentify, myLDAP to get user </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [2189-2620] --><div class="noteimportant">Note that “or” can&#039;t be used inside a scheme.
<!-- EDIT8 TABLE [2472-2903] --><div class="noteimportant">Note that “or” can&#039;t be used inside a scheme.
If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, myLDAP] or [myLDAP, myLDAP]</code>
</div><div class="table sectionedit9"><table class="inline table table-bordered table-striped">
@ -228,7 +238,7 @@ If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, my
<td class="col0"> <code>[myDBI1] and [myDBI2] or [myLDAP] and [myDBI2]</code> </td><td class="col1"> Try myDBI1 and myDBI2, if it fails, try myLDAP and myDBI2 </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [2793-3037] --><div class="noteimportant">You can&#039;t use brackets in a boolean expression and “and” has precedence on “or”.
<!-- EDIT9 TABLE [3076-3320] --><div class="noteimportant">You can&#039;t use brackets in a boolean expression and “and” has precedence on “or”.
<p>
If you think to “( [myLDAP] or [myDBI1] ) and [myDBI2]”, you must write <code>[myLDAP] and [myDBI2] or [myDBI1] and [myDBI2]</code>
</p>
@ -255,7 +265,7 @@ Test can use only the <code>$env</code> variable. It contains the FastCGI enviro
<td class="col0"> <code>if($env-&gt;{REMOTE_ADDR} =~ /^10\./) then [myLDAP] else if($env-&gt;{REMOTE_ADDR} =~ /^192/) then [myDBI1] else [myDBI2]</code> </td><td class="col1"> Chain tests </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [3373-3695] --><div class="noteimportant">Note that brackets can&#039;t be used except to enclose test.
<!-- EDIT10 TABLE [3656-3978] --><div class="noteimportant">Note that brackets can&#039;t be used except to enclose test.
<p>
If you wants to write <code>if(...) then if...</code>, you must write <code>if(not ...) then ... else if(...)...</code>
</p>
@ -275,7 +285,7 @@ The following rule is valid:
</p>
</div>
<!-- EDIT7 SECTION "Rule chain" [1671-4042] -->
<!-- EDIT7 SECTION "Rule chain" [1954-4325] -->
<h3 class="sectionedit11" id="combine_second_factor">Combine second factor</h3>
<div class="level3">
@ -300,7 +310,7 @@ Now if you want to authenticate users either by LDAP or LDAP+U2F <em>(to have 2
</ul>
</div>
<!-- EDIT11 SECTION "Combine second factor" [4043-4692] -->
<!-- EDIT11 SECTION "Combine second factor" [4326-4975] -->
<h3 class="sectionedit12" id="display_multiple_forms">Display multiple forms</h3>
<div class="level3">
@ -311,12 +321,12 @@ Combination module returns the form corresponding to the first authentication sc
<span class="re1">combinationForms</span> <span class="sy0">=</span><span class="re2"> standardform, openidform</span></pre>
</div>
<!-- EDIT12 SECTION "Display multiple forms" [4693-5021] -->
<!-- EDIT12 SECTION "Display multiple forms" [4976-5304] -->
<h2 class="sectionedit13" id="known_problems">Known problems</h2>
<div class="level2">
</div>
<!-- EDIT13 SECTION "Known problems" [5022-5049] -->
<!-- EDIT13 SECTION "Known problems" [5305-5332] -->
<h3 class="sectionedit14" id="federation_protocols">Federation protocols</h3>
<div class="level3">
@ -336,9 +346,9 @@ Combination module returns the form corresponding to the first authentication sc
<td class="col0"> <em><code>[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP] or [LDAP]</code></em> </td><td class="col1"> <code>[<abbr title="Security Assertion Markup Language">SAML</abbr>, <abbr title="Security Assertion Markup Language">SAML</abbr> and LDAP] or [LDAP]</code> </td><td class="col2"> Authentication is done by <abbr title="Security Assertion Markup Language">SAML</abbr> or LDAP but user must match an LDAP entry </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [5349-5681] -->
<!-- EDIT15 TABLE [5632-5964] -->
</div>
<!-- EDIT14 SECTION "Federation protocols" [5050-5682] -->
<!-- EDIT14 SECTION "Federation protocols" [5333-5965] -->
<h3 class="sectionedit16" id="authapache_authentication">Auth::Apache authentication</h3>
<div class="level3">
@ -356,7 +366,7 @@ To bypass this, follow the documentation of <a href="authapache.html" class="wik
</p>
</div>
<!-- EDIT16 SECTION "Auth::Apache authentication" [5683-6294] -->
<!-- EDIT16 SECTION "Auth::Apache authentication" [5966-6577] -->
<h3 class="sectionedit17" id="ssl_authentication">SSL authentication</h3>
<div class="level3">
@ -365,6 +375,6 @@ To chain SSL, you have to set “SSLRequire optional” in Apache configuration,
</p>
</div>
<!-- EDIT17 SECTION "SSL authentication" [6295-] --></div>
<!-- EDIT17 SECTION "SSL authentication" [6578-] --></div>
</body>
</html>

4
doc/pages/documentation/current/authopenidconnect.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authopenidconnect</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authopenidconnect"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authopenidconnect.html"/>
@ -433,6 +433,8 @@ So you can define for example:
</li>
<li class="level2"><div class="li"> <strong>Logo</strong>: Logo of the application</div>
</li>
<li class="level2"><div class="li"> <strong>Order</strong>: Number to sort buttons</div>
</li>
</ul>
</li>
</ul>

4
doc/pages/documentation/current/authsaml.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authsaml</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authsaml"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authsaml.html"/>
@ -311,6 +311,8 @@ Used only if you have more than 1 <abbr title="Security Assertion Markup Languag
</li>
<li class="level1"><div class="li"> <strong>Logo</strong>: Logo of the IDP</div>
</li>
<li class="level1"><div class="li"> <strong>Order</strong>: Number to sort IDP display</div>
</li>
</ul>
<div class="notetip">The chosen logo must be in Portal icons directory (<code>portal/static/common/icons/</code>). You can set a custom icon by setting the icon file name directly in the field and copy the logo file in portal icons directory
</div>

29
doc/pages/documentation/current/browseablesessionbackend.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:browseablesessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,browseablesessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="browseablesessionbackend.html"/>
@ -103,8 +103,11 @@ The following table list fields to index depending on the feature you want to in
<tr class="row4 roweven">
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> _session_kind ipAddr <em>WHATTOTRACE</em> </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> Password reset by email </td><td class="col1 centeralign"> user </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [871-1162] -->
<!-- EDIT3 TABLE [871-1199] -->
<p>
See Apache::Session::Browseable::* man page to see how use indexes.
</p>
@ -113,7 +116,7 @@ See Apache::Session::Browseable::* man page to see how use indexes.
</div><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [43-1685] -->
<!-- EDIT2 SECTION "Presentation" [43-1722] -->
<h2 class="sectionedit4" id="browseable_nosql">Browseable NoSQL</h2>
<div class="level2">
@ -140,15 +143,15 @@ You then just have to add the <code>Index</code> parameter in <code>General par
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1973-2130] -->
<!-- EDIT5 TABLE [2010-2167] -->
</div>
<!-- EDIT4 SECTION "Browseable NoSQL" [1686-2131] -->
<!-- EDIT4 SECTION "Browseable NoSQL" [1723-2168] -->
<h2 class="sectionedit6" id="browseable_sql">Browseable SQL</h2>
<div class="level2">
<div class="noteclassic">This documentation concerns PostgreSQL. Some adaptations are needed with other databases.
</div>
</div>
<!-- EDIT6 SECTION "Browseable SQL" [2132-2263] -->
<!-- EDIT6 SECTION "Browseable SQL" [2169-2300] -->
<h3 class="sectionedit7" id="prepare_database">Prepare database</h3>
<div class="level3">
@ -182,7 +185,7 @@ CREATE INDEX ip1 ON sessions USING BTREE (ipAddr);</pre>
<div class="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don&#039;t need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
</div>
</div>
<!-- EDIT7 SECTION "Prepare database" [2264-3898] -->
<!-- EDIT7 SECTION "Prepare database" [2301-3935] -->
<h3 class="sectionedit8" id="manager">Manager</h3>
<div class="level3">
@ -211,14 +214,14 @@ Go in the Manager and set the session module (<a href="https://metacpan.org/pod/
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr _session_kind _utime </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [4221-4566] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<!-- EDIT9 TABLE [4258-4603] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<p>
For databases like PostgreSQL, don&#039;t forget to add “Commit” with a value of 1
</p>
</div>
</div>
<!-- EDIT8 SECTION "Manager" [3899-4745] -->
<!-- EDIT8 SECTION "Manager" [3936-4782] -->
<h2 class="sectionedit10" id="browseable_ldap">Browseable LDAP</h2>
<div class="level2">
@ -272,9 +275,9 @@ You need to add the <code>Index</code> field and can also configure the <code>ld
<td class="col0 centeralign"> <strong>ldapAttributeIndex</strong> </td><td class="col1"> Attribute storing index </td><td class="col2"> ou </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [5097-5831] -->
<!-- EDIT11 TABLE [5134-5868] -->
</div>
<!-- EDIT10 SECTION "Browseable LDAP" [4746-5832] -->
<!-- EDIT10 SECTION "Browseable LDAP" [4783-5869] -->
<h2 class="sectionedit12" id="security">Security</h2>
<div class="level2">
@ -287,7 +290,7 @@ You can also use different user/password for your servers by overriding paramete
</p>
</div>
<!-- EDIT12 SECTION "Security" [5833-6052] -->
<!-- EDIT12 SECTION "Security" [5870-6089] -->
<h2 class="sectionedit13" id="performances">Performances</h2>
<div class="level2">
@ -329,6 +332,6 @@ CREATE INDEX _u1 ON sessions (_utime);
CREATE INDEX ip1 ON sessions (ipAddr) USING BTREE;</pre>
</div>
<!-- EDIT13 SECTION "Performances" [6053-] --></div>
<!-- EDIT13 SECTION "Performances" [6090-] --></div>
</body>
</html>

26
doc/pages/documentation/current/contribute.html
View File

@ -58,7 +58,7 @@
<li class="level3"><div class="li"><a href="#configure_git">Configure Git</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#import_project">Import Project</a></div></li>
<li class="level2"><div class="li"><a href="#import_project_and_using_git">Import Project and using Git</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#install_dependencies">Install dependencies</a></div></li>
@ -140,7 +140,7 @@ git config --list</pre>
</div>
<!-- EDIT3 SECTION "Install basic tools" [448-1151] -->
<h3 class="sectionedit4" id="import_project">Import Project</h3>
<h3 class="sectionedit4" id="import_project_and_using_git">Import Project and using Git</h3>
<div class="level3">
<p>
@ -157,6 +157,15 @@ git fetch upstream # import branch
git checkout v2.0 # to change branch
git fetch upstream</pre>
<p>
<em>import version branch</em>
<em>on linux station :</em>
</p>
<pre class="code">git checkout v2.0
git fetch upstream --all
git rebase upstream/v2.0 # to align to parent project remote branch
git push # to push to working remote branch</pre>
<p>
<em>on gitlab, create working branch, one per thematic</em>
<em>on linux station :</em>
@ -164,9 +173,9 @@ git fetch upstream</pre>
<pre class="code">git checkout workingbranch
git log
git status
git merge upstream/v2.0 # merge branch 2.0 in working branch
git commit -am &quot;explanations (#number gitlab ticket)&quot;
git commit --amend file(s) # to modify a commit
git rebase v2.0 # align local working branch to local 2.0
git checkout -- file(s) # revert
git push # to send on remote working branch</pre>
@ -175,7 +184,7 @@ On gitlab, submit merge request when tests are corrects.
</p>
</div>
<!-- EDIT4 SECTION "Import Project" [1152-1997] -->
<!-- EDIT4 SECTION "Import Project and using Git" [1152-2220] -->
<h2 class="sectionedit5" id="install_dependencies">Install dependencies</h2>
<div class="level2">
<pre class="code">aptitude install libapache-session-perl libcache-cache-perl libclone-perl libconfig-inifiles-perl libconvert-pem-perl libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl libcrypt-openssl-x509-perl libcrypt-rijndael-perl libdbi-perl libdigest-hmac-perl libemail-sender-perl libgd-securityimage-perl libhtml-template-perl libio-string-perl libjson-perl libmime-tools-perl libmouse-perl libnet-ldap-perl libplack-perl libregexp-assemble-perl libregexp-common-perl libsoap-lite-perl libstring-random-perl libunicode-string-perl liburi-perl libwww-perl libxml-simple-perl libxml-libxslt-perl libcrypt-urandom-perl libconvert-base32-perl
@ -183,8 +192,13 @@ aptitude install apache2 libapache2-mod-fcgid libapache2-mod-perl2 # install Ap
aptitude install nginx nginx-extras # install Nginx
aptitude install perltidy</pre>
<p>
<abbr title="Security Assertion Markup Language">SAML</abbr> :
</p>
<pre class="code">aptitude install liblasso-perl libglib-perl </pre>
</div>
<!-- EDIT5 SECTION "Install dependencies" [1998-2840] -->
<!-- EDIT5 SECTION "Install dependencies" [2221-3121] -->
<h2 class="sectionedit6" id="working_project">Working Project</h2>
<div class="level2">
<pre class="code">make test # or manager_test, portal_test, ... to launch unit tests
@ -200,6 +214,6 @@ make tidy # to magnify perl files (perl best pratices)
cd lemonldap-ng-portal &amp;&amp; prove t/XXXX # To launch specific unit test</pre>
</div>
<!-- EDIT6 SECTION "Working Project" [2841-] --></div>
<!-- EDIT6 SECTION "Working Project" [3122-] --></div>
</body>
</html>

4
doc/pages/documentation/current/dos
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1554841530" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1554967384" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/exploit
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1554841530" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1554967384" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/mitm
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1554841530" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1554967384" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

14
doc/pages/documentation/current/performances.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:performances</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,performances"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="performances.html"/>
@ -367,7 +367,7 @@ Analysis:
<div class="level3">
<p>
LDAP server can be a brake when you use LDAP groups recovery. You can avoid this by setting “memberOf” fields in your LDAP scheme:
LDAP server can slow you down when you use LDAP groups retrieval. You can avoid this by setting “memberOf” fields in your LDAP scheme:
</p>
<pre class="code ldif"><span class="re0">dn</span>:<span class="re1"> uid=foo,dmdName=people,dc=example,dc=com</span>
...
@ -375,7 +375,7 @@ LDAP server can be a brake when you use LDAP groups recovery. You can avoid this
<span class="re0">memberOf</span>:<span class="re1"> cn=su,dmdName=groups,dc=example,dc=com</span></pre>
<p>
So instead of using LDAP groups recovery, you just have to store “memberOf” field in your exported variables. With OpenLDAP, you can use the <a href="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" class="urlextern" title="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" rel="nofollow">memberof overlay</a> to do it automatically.
So instead of using LDAP groups retrieval, you just have to store “memberOf” field in your exported variables. With OpenLDAP, you can use the <a href="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" class="urlextern" title="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" rel="nofollow">memberof overlay</a> to do it automatically.
</p>
<div class="noteimportant">Don&#039;t forget to create an index on the field used to find users (uid by default)
</div><div class="notetip">To avoid having group dn stored in sessions datas, you can use a macro to rewrite memberOf:<ul>
@ -399,12 +399,12 @@ Now ldapgroups contains “admin su”
</div>
</div>
<!-- EDIT10 SECTION "LDAP performances" [10322-11451] -->
<!-- EDIT10 SECTION "LDAP performances" [10322-11456] -->
<h2 class="sectionedit11" id="manager_performances">Manager performances</h2>
<div class="level2">
</div>
<!-- EDIT11 SECTION "Manager performances" [11452-11485] -->
<!-- EDIT11 SECTION "Manager performances" [11457-11490] -->
<h3 class="sectionedit12" id="disable_unused_modules">Disable unused modules</h3>
<div class="level3">
@ -415,7 +415,7 @@ In lemonldap-ng.ini, set only modules that you will use. By default, configurati
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions</span></pre>
</div>
<!-- EDIT12 SECTION "Disable unused modules" [11486-11747] -->
<!-- EDIT12 SECTION "Disable unused modules" [11491-11752] -->
<h3 class="sectionedit13" id="use_static_html_files">Use static HTML files</h3>
<div class="level3">
@ -442,6 +442,6 @@ So manager <abbr title="HyperText Markup Language">HTML</abbr> templates will be
</p>
</div>
<!-- EDIT13 SECTION "Use static HTML files" [11748-] --></div>
<!-- EDIT13 SECTION "Use static HTML files" [11753-] --></div>
</body>
</html>

24
doc/pages/documentation/current/portalcustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:portalcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,portalcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="portalcustom.html"/>
@ -214,8 +214,7 @@ Then create symbolic links on template files, as you might not want to rewrite a
</p>
<pre class="code">cd /usr/share/lemonldap-ng/portal/templates/
mkdir myskin
cd myskin/
ln -s ../bootstrap/*.tpl .</pre>
cd myskin/</pre>
<p>
We include some template files that can be customized:
@ -234,10 +233,9 @@ We include some template files that can be customized:
</ul>
<p>
To use custom files, delete links and copy them into your skin folder:
To use custom files, copy them into your skin folder:
</p>
<pre class="code">rm -f custom*
cp ../bootstrap/custom* .</pre>
<pre class="code">cp ../bootstrap/custom* .</pre>
<p>
Then you can add your media to <code>myskin/images</code>, you will be able to use them in <abbr title="HyperText Markup Language">HTML</abbr> template with this code:
@ -265,7 +263,7 @@ To configure your new skin in Manager, select the custom skin, and enter your sk
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set portalSkin &#039;myskin&#039; portalSkinBackground &#039;&#039;</pre>
</div>
<!-- EDIT9 SECTION "Skin customization" [2473-4508] -->
<!-- EDIT9 SECTION "Skin customization" [2473-4450] -->
<h3 class="sectionedit10" id="messages">Messages</h3>
<div class="level3">
@ -316,7 +314,7 @@ You can also create a file called <code>all.json</code> to override messages in
</p>
</div>
<!-- EDIT10 SECTION "Messages" [4509-5651] -->
<!-- EDIT10 SECTION "Messages" [4451-5593] -->
<h3 class="sectionedit11" id="menu_tabs">Menu tabs</h3>
<div class="level3">
@ -332,7 +330,7 @@ This will allow one to display the tab directly with this <abbr title="Uniform R
</p>
</div>
<!-- EDIT11 SECTION "Menu tabs" [5652-5958] -->
<!-- EDIT11 SECTION "Menu tabs" [5594-5900] -->
<h3 class="sectionedit12" id="template_parameters">Template parameters</h3>
<div class="level3">
@ -360,7 +358,7 @@ You can also display environment variables, with the prefix <code>env_</code>:
<pre class="code file html4strict">Your IP is <span class="sc2">&lt;TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">&quot;env_REMOTE_ADDR&quot;</span>&gt;</span></pre>
</div>
<!-- EDIT12 SECTION "Template parameters" [5959-6606] -->
<!-- EDIT12 SECTION "Template parameters" [5901-6548] -->
<h2 class="sectionedit13" id="buttons">Buttons</h2>
<div class="level2">
@ -377,7 +375,7 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT13 SECTION "Buttons" [6607-7123] -->
<!-- EDIT13 SECTION "Buttons" [6549-7065] -->
<h2 class="sectionedit14" id="password_management">Password management</h2>
<div class="level2">
<ul>
@ -390,7 +388,7 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT14 SECTION "Password management" [7124-7574] -->
<!-- EDIT14 SECTION "Password management" [7066-7516] -->
<h2 class="sectionedit15" id="other_parameters">Other parameters</h2>
<div class="level2">
<ul>
@ -409,6 +407,6 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT15 SECTION "Other parameters" [7575-] --></div>
<!-- EDIT15 SECTION "Other parameters" [7517-] --></div>
</body>
</html>

4
doc/pages/documentation/current/stayconnected
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1554841530" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1554967384" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

6
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
View File

@ -25,10 +25,10 @@ our $doubleHashKeys = 'issuerDBGetParameters';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedVars)';
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:(?:PostLogoutRedirectUri|ExtraClaim)s|I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|Https|Port)|(?:exportedHeader|locationRule)s|post)';

3
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm
View File

@ -17,7 +17,7 @@ has languages => ( is => 'rw', isa => 'Str', default => 'en' );
has logLevel => ( is => 'rw', isa => 'Str', default => 'info' );
has portal => ( is => 'rw', isa => 'Str' );
has staticPrefix => ( is => 'rw', isa => 'Str' );
has templateDir => ( is => 'rw', isa => 'Str' );
has templateDir => ( is => 'rw', isa => 'Str|ArrayRef' );
has links => ( is => 'rw', isa => 'ArrayRef' );
has menuLinks => ( is => 'rw', isa => 'ArrayRef' );
has logger => ( is => 'rw' );
@ -250,6 +250,7 @@ sub sendHtml {
$htpl = HTML::Template->new(
filehandle => IO::File->new($template),
path => $self->templateDir,
search_path_on_include => 1,
die_on_bad_params => 0,
die_on_missing_include => 1,
cache => 0,

9
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -721,6 +721,9 @@ sub attributes {
'default' => 0,
'type' => 'bool'
},
'casSrvMetaDataOptionsSortNumber' => {
'type' => 'int'
},
'casSrvMetaDataOptionsUrl' => {
'msgFail' => '__badUrl__',
'test' =>
@ -1866,6 +1869,9 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
'default' => 'openid profile',
'type' => 'text'
},
'oidcOPMetaDataOptionsSortNumber' => {
'type' => 'int'
},
'oidcOPMetaDataOptionsStoreIDToken' => {
'default' => 0,
'type' => 'bool'
@ -2796,6 +2802,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
],
'type' => 'select'
},
'samlIDPMetaDataOptionsSortNumber' => {
'type' => 'int'
},
'samlIDPMetaDataOptionsSSOBinding' => {
'default' => '',
'select' => [ {

7
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -2298,6 +2298,7 @@ sub attributes {
samlIDPMetaDataOptionsUserAttribute => { type => 'text', },
samlIDPMetaDataOptionsDisplayName => { type => 'text', },
samlIDPMetaDataOptionsIcon => { type => 'text', },
samlIDPMetaDataOptionsSortNumber => { type => 'int', },
# SP keys
samlSPMetaDataExportedAttributes => {
@ -2769,6 +2770,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
type => 'text',
documentation => 'Path of CAS Server Icon',
},
casSrvMetaDataOptionsSortNumber => {
type => 'int',
documentation => 'Number to sort buttons',
},
# Fake attribute: used by manager REST API to agglomerate all nodes
# related to a CAS IDP partner
@ -3342,7 +3347,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
oidcOPMetaDataOptionsDisplayName => { type => 'text', },
oidcOPMetaDataOptionsIcon => { type => 'text', },
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
oidcOPMetaDataOptionsSortNumber => { type => 'int', },
oidcRPMetaDataOptionsRule => {
type => 'text',
test => $perlExpr,

7
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
View File

@ -94,7 +94,8 @@ sub cTrees {
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsDisplayName",
"samlIDPMetaDataOptionsIcon"
"samlIDPMetaDataOptionsIcon",
"samlIDPMetaDataOptionsSortNumber"
]
}
],
@ -178,7 +179,8 @@ sub cTrees {
form => 'simpleInputContainer',
nodes => [
'oidcOPMetaDataOptionsDisplayName',
'oidcOPMetaDataOptionsIcon'
'oidcOPMetaDataOptionsIcon',
'oidcOPMetaDataOptionsSortNumber'
]
},
],
@ -241,6 +243,7 @@ sub cTrees {
nodes => [
'casSrvMetaDataOptionsDisplayName',
'casSrvMetaDataOptionsIcon',
'casSrvMetaDataOptionsSortNumber',
]
},
],

20
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm
View File

@ -59,22 +59,24 @@ sub addRoutes {
['GET']
);
}
unless ( $self->{viewerAllowBrowser} || $conf->{viewerAllowBrowser} ) {
# Difference between confs
if ( $self->{viewerAllowDiff} ) {
$self->addRoute(
view => { diff => { ':conf1' => { ':conf2' => 'viewDiff' } } } )
->addRoute( 'viewDiff.html', undef, ['GET'] );
}
unless ( $self->{viewerAllowBrowser} ) {
$self->addRoute(
view => { ':cfgNum' => 'rejectKey' },
['GET']
);
}
# Difference between confs
if ( $self->{viewerAllowDiff} || $conf->{viewerAllowDiff} ) {
$self->addRoute(
view => { diff => { ':conf1' => { ':conf2' => 'viewDiff' } } } )
->addRoute( 'viewDiff.html', undef, ['GET'] );
}
# Other keys
$self->addRoute( view => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] );
else {
$self->addRoute( view => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] );
}
}
sub getConfByNum {

18
lemonldap-ng-manager/site/htdocs/static/js/conftree.js
View File

@ -126,6 +126,12 @@ function templates(tpl,key) {
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
"title" : "casSrvMetaDataOptionsIcon"
},
{
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
"title" : "casSrvMetaDataOptionsSortNumber",
"type" : "int"
}
],
"id" : "casSrvMetaDataOptionsDisplay",
@ -336,6 +342,12 @@ function templates(tpl,key) {
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
"title" : "oidcOPMetaDataOptionsIcon"
},
{
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
"title" : "oidcOPMetaDataOptionsSortNumber",
"type" : "int"
}
],
"id" : "oidcOPMetaDataOptionsDisplayParams",
@ -859,6 +871,12 @@ function templates(tpl,key) {
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
"title" : "samlIDPMetaDataOptionsIcon"
},
{
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
"title" : "samlIDPMetaDataOptionsSortNumber",
"type" : "int"
}
],
"id" : "samlIDPMetaDataOptionsDisplay",

2
lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js vendored
View File

File diff suppressed because one or more lines are too long

5
lemonldap-ng-manager/site/htdocs/static/languages/ar.json
View File

@ -128,6 +128,7 @@
"casSrvMetaDataOptionsDisplayName":"الاسم المطلوب عرضه",
"casSrvMetaDataOptionsGateway":"بوابة إثبات الهوية",
"casSrvMetaDataOptionsIcon":"مسارالأيقونة",
"casSrvMetaDataOptionsSortNumber":"Order",
"casSrvMetaDataOptionsRenew":"تجديد إثبات الهوية",
"casSrvMetaDataOptionsProxiedServices":"خدمات البروكسي",
"casSrvMetaDataOptionsUrl":" يو أر ل الخادم",
@ -499,6 +500,7 @@
"oidcOPMetaDataOptionsDisplayName":"عرض الاسم",
"oidcOPMetaDataOptionsDisplayParams":"عرض",
"oidcOPMetaDataOptionsIcon":"شعار",
"oidcOPMetaDataOptionsSortNumber":"Order",
"oidcOPMetaDataOptionsJWKSTimeout":"مهلة بيانات JWKS",
"oidcRPMetaDataOptionsLogoutSessionRequired":"جلسة مطلوب",
"oidcRPMetaDataOptionsLogoutType":"نوع",
@ -894,6 +896,7 @@
"samlIDPMetaDataOptionsDisplayParams":"عرض",
"samlIDPMetaDataOptionsIcon":"Logo",
"samlIDPMetaDataOptionsSecurity":"الحماية",
"samlIDPMetaDataOptionsSortNumber":"Order",
"samlIDPMetaDataOptionsStoreSAMLToken":"حفظ SAML توكن",
"samlIDPMetaDataOptionsRelayStateURL":"السماح بعنوان اليو آر إل ك RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
@ -983,4 +986,4 @@
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

5
lemonldap-ng-manager/site/htdocs/static/languages/de.json
View File

@ -128,6 +128,7 @@
"casSrvMetaDataOptionsDisplayName":"Angezeigter Name",
"casSrvMetaDataOptionsGateway":"Gateway authentication",
"casSrvMetaDataOptionsIcon":"Icon path",
"casSrvMetaDataOptionsSortNumber":"Order",
"casSrvMetaDataOptionsRenew":"Renew authentication",
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
"casSrvMetaDataOptionsUrl":"Server URL",
@ -499,6 +500,7 @@
"oidcOPMetaDataOptionsDisplayName":"Display name",
"oidcOPMetaDataOptionsDisplayParams":"Display",
"oidcOPMetaDataOptionsIcon":"Logo",
"oidcOPMetaDataOptionsSortNumber":"Order",
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
"oidcRPMetaDataOptionsLogoutType":"Type",
@ -894,6 +896,7 @@
"samlIDPMetaDataOptionsDisplayParams":"Display",
"samlIDPMetaDataOptionsIcon":"Logo",
"samlIDPMetaDataOptionsSecurity":"Security",
"samlIDPMetaDataOptionsSortNumber":"Order",
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
@ -983,4 +986,4 @@
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

3
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -128,6 +128,7 @@
"casSrvMetaDataOptionsDisplayName":"Name to display",
"casSrvMetaDataOptionsGateway":"Gateway authentication",
"casSrvMetaDataOptionsIcon":"Icon path",
"casSrvMetaDataOptionsSortNumber":"Order",
"casSrvMetaDataOptionsRenew":"Renew authentication",
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
"casSrvMetaDataOptionsUrl":"Server URL",
@ -499,6 +500,7 @@
"oidcOPMetaDataOptionsDisplayName":"Display name",
"oidcOPMetaDataOptionsDisplayParams":"Display",
"oidcOPMetaDataOptionsIcon":"Logo",
"oidcOPMetaDataOptionsSortNumber":"Order",
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
"oidcRPMetaDataOptionsLogoutType":"Type",
@ -894,6 +896,7 @@
"samlIDPMetaDataOptionsDisplayParams":"Display",
"samlIDPMetaDataOptionsIcon":"Logo",
"samlIDPMetaDataOptionsSecurity":"Security",
"samlIDPMetaDataOptionsSortNumber":"Order",
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",

3
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -128,6 +128,7 @@
"casSrvMetaDataOptionsDisplayName":"Nom à afficher",
"casSrvMetaDataOptionsGateway":"Authentification transparente",
"casSrvMetaDataOptionsIcon":"Chemin de l'icône",
"casSrvMetaDataOptionsSortNumber":"Ordre",
"casSrvMetaDataOptionsRenew":"Renouveller l'authentification",
"casSrvMetaDataOptionsProxiedServices":"Services mandatés",
"casSrvMetaDataOptionsUrl":"URL du serveur",
@ -499,6 +500,7 @@
"oidcOPMetaDataOptionsDisplayName":"Nom d'affichage",
"oidcOPMetaDataOptionsDisplayParams":"Affichage",
"oidcOPMetaDataOptionsIcon":"Logo",
"oidcOPMetaDataOptionsSortNumber":"Ordre",
"oidcOPMetaDataOptionsJWKSTimeout":"Durée de vie des données JWKS",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session requise",
"oidcRPMetaDataOptionsLogoutType":"Type",
@ -894,6 +896,7 @@
"samlIDPMetaDataOptionsDisplayParams":"Affichage",
"samlIDPMetaDataOptionsIcon":"Logo",
"samlIDPMetaDataOptionsSecurity":"Sécurité",
"samlIDPMetaDataOptionsSortNumber":"Ordre",
"samlIDPMetaDataOptionsStoreSAMLToken":"Conserver le jeton SAML",
"samlIDPMetaDataOptionsRelayStateURL":"Pemettre une URL dans le RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribut contenant l'identité de l'utilisateur",

65
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -124,10 +124,11 @@
"casSrv":"Server CAS ",
"casSrvMetaDataExportedVars":"Attributi esportati",
"casSrvMetaDataOptions":"Opzioni",
"casSrvMetaDataOptionsDisplay":"Display",
"casSrvMetaDataOptionsDisplay":"Visualizza ",
"casSrvMetaDataOptionsDisplayName":"Nome da visualizzare",
"casSrvMetaDataOptionsGateway":"Autenticazione gateway",
"casSrvMetaDataOptionsIcon":"Path icona",
"casSrvMetaDataOptionsSortNumber":"Ordine",
"casSrvMetaDataOptionsRenew":"Rinnova l'autenticazione",
"casSrvMetaDataOptionsProxiedServices":"Servizi Proxied",
"casSrvMetaDataOptionsUrl":"URL del server",
@ -151,12 +152,12 @@
"clickHereToForce":"Clicca qui per forzare",
"checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso",
"checkUsers":"SSO profile Check",
"checkUser":"Activation",
"checkUserIdRule":"Identities use rule",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"checkUsers":"Controllo del profilo SSO",
"checkUser":"Attivazione",
"checkUserIdRule":"Uso della regola delle identità",
"checkUserHiddenAttributes":"Attributi nascosti",
"checkUserDisplayPersistentInfo":"Mostra sessione persistente",
"checkUserDisplayEmptyValues":"Mostra valori vuoti",
"choiceParams":"Scelta parametri",
"chooseLogo":"Scegli logo",
"chooseSkin":"Scegli interfaccia",
@ -243,13 +244,13 @@
"enabled":"Abilitato",
"enterPassword":"Inserisci password (opzionale)",
"error":"Errore",
"errors":"ERRORS",
"errors":"ERRORI",
"exportedAttr":"Attributi di SOAP/REST esportati",
"exportedHeaders":"Intestazioni esportate",
"exportedVars":"Variabili esportate",
"external2f":"2° fattore esterno",
"ext2fActivation":"Attivazione",
"ext2fCodeActivation":"Code regex",
"ext2fCodeActivation":"Codice regex",
"ext2fAuthnLevel":"Livello di autenticazione",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Invia comando",
@ -273,8 +274,8 @@
"globalStorage":"Modulo Apache::Session",
"globalStorageOptions":"Parametri di modulo Apache::Session",
"gpgAuthnLevel":"Livello di autenticazione",
"gpgDb":"GPG database",
"gpgParams":"GPG parameters",
"gpgDb":"Database GPG",
"gpgParams":"Parametri GPG",
"grantSessionRules":"Condizioni di apertura",
"groups":"Gruppi",
"hashkey":"Chiave",
@ -288,13 +289,13 @@
"hideTree":"Nascondi l'albero",
"httpOnly":"Protezione Javascript",
"https":"HTTPS",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationIdRule":"Identities use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"impersonation":"Imitazione",
"impersonationRule":"Usa la regola",
"impersonationIdRule":"Le identità usano la regola",
"impersonationHiddenAttributes":"Attributi nascosti",
"impersonationMergeSSOgroups":"Unisci gruppi SSO falsificati e reali",
"impersonationPrefix":"Prefisso degli attributi reali",
"impersonationSkipEmptyValues":"Salta valori vuoti",
"incompleteForm":"Mancano campi obbligatori",
"index":"Indice",
"infoFormMethod":"Metodo per il modulo informazioni",
@ -355,7 +356,7 @@
"ldapGroupAttributeNameSearch":"Attributi ricercati",
"ldapGroupAttributeNameUser":"Attributo origine utente",
"ldapGroupBase":"Base di ricerca",
"ldapGroupDecodeSearchedValue":"Decode searched value",
"ldapGroupDecodeSearchedValue":"Decodifica il valore cercato",
"ldapGroupObjectClass":"Classe oggetto",
"ldapGroupRecursive":"Ricorsivo",
"ldapGroups":"Gruppi",
@ -395,12 +396,12 @@
"lwpOpts":"Opzioni per le richieste del server",
"lwpSslOpts":"Opzioni SSL per le richieste del server",
"macros":"Macro",
"mail2f":"Mail second factor",
"mail2fActivation":"Activation",
"mail2fCodeRegex":"Code regex",
"mail2fTimeout":"Code timeout",
"mail2fSubject":"Mail subject",
"mail2fBody":"Mail body",
"mail2f":"Mail secondo fattore",
"mail2fActivation":"Attivazione",
"mail2fCodeRegex":"Codice regex",
"mail2fTimeout":"Codice timeout",
"mail2fSubject":"Oggetto della mail",
"mail2fBody":"Corpo del messaggio",
"mail2fAuthnLevel":"Livello di autenticazione",
"mail2fLogo":"Logo",
"mailBody":"Successo contenuto di posta",
@ -499,6 +500,7 @@
"oidcOPMetaDataOptionsDisplayName":"Visualizza nome",
"oidcOPMetaDataOptionsDisplayParams":"Visualizza",
"oidcOPMetaDataOptionsIcon":"Logo",
"oidcOPMetaDataOptionsSortNumber":"Ordine",
"oidcOPMetaDataOptionsJWKSTimeout":"Timeout dei dati di JWKS",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Sessione necessaria",
"oidcRPMetaDataOptionsLogoutType":"Tipo",
@ -649,7 +651,7 @@
"radiusSecret":"Segreto condiviso",
"radiusServer":"Nome host del server",
"randomPasswordRegexp":"Regex per la generazione di password",
"readOnlyMode":"Read-Only mode",
"readOnlyMode":"Modalità di sola lettura",
"redirectFormMethod":"Metodo per il modulo di reindirizzamento",
"redirection":"Redirezioni del gestore",
"reference":"Riferimento",
@ -889,11 +891,12 @@
"samlIDPMetaDataOptionsSession":"Sessioni",
"samlIDPMetaDataOptionsSignature":"Firma",
"samlIDPMetaDataOptionsBinding":"Vincolante",
"samlIDPMetaDataOptionsDisplay":"Display",
"samlIDPMetaDataOptionsDisplayName":"Display name",
"samlIDPMetaDataOptionsDisplayParams":"Display",
"samlIDPMetaDataOptionsDisplay":" Visualizza ",
"samlIDPMetaDataOptionsDisplayName":"Nome da visualizzare",
"samlIDPMetaDataOptionsDisplayParams":" Visualizza ",
"samlIDPMetaDataOptionsIcon":"Logo",
"samlIDPMetaDataOptionsSecurity":"Sicurezza",
"samlIDPMetaDataOptionsSortNumber":"Ordine",
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
"samlIDPMetaDataOptionsRelayStateURL":"Consenti l'URL come RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attributo che contiene l'identificatore dell'utente",
@ -982,5 +985,5 @@
"samlCommonDomainCookieWriter":"URL dell'autore",
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
"samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP"
}

5
lemonldap-ng-manager/site/htdocs/static/languages/vi.json
View File

@ -128,6 +128,7 @@
"casSrvMetaDataOptionsDisplayName":"Tên để hiển thị",
"casSrvMetaDataOptionsGateway":"Xác thực Gateway",
"casSrvMetaDataOptionsIcon":"Đường dẫn Icon",
"casSrvMetaDataOptionsSortNumber":"Order",
"casSrvMetaDataOptionsRenew":"Gia hạn chứng thực",
"casSrvMetaDataOptionsProxiedServices":"Dịch vụ proxy",
"casSrvMetaDataOptionsUrl":"URL máy chủ",
@ -499,6 +500,7 @@
"oidcOPMetaDataOptionsDisplayName":"Tên hiển thị",
"oidcOPMetaDataOptionsDisplayParams":"Hiển thị",
"oidcOPMetaDataOptionsIcon":"Logo",
"oidcOPMetaDataOptionsSortNumber":"Order",
"oidcOPMetaDataOptionsJWKSTimeout":"Thời gian chờ của dữ liệu JWKS",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Phiên yêu cầu",
"oidcRPMetaDataOptionsLogoutType":"Loại",
@ -894,6 +896,7 @@
"samlIDPMetaDataOptionsDisplayParams":"Display",
"samlIDPMetaDataOptionsIcon":"Logo",
"samlIDPMetaDataOptionsSecurity":"Bảo mật",
"samlIDPMetaDataOptionsSortNumber":"Order",
"samlIDPMetaDataOptionsStoreSAMLToken":"Lưu trữ token SAML",
"samlIDPMetaDataOptionsRelayStateURL":"Cho phép URL như RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
@ -983,4 +986,4 @@
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

5
lemonldap-ng-manager/site/htdocs/static/languages/zh.json
View File

@ -128,6 +128,7 @@
"casSrvMetaDataOptionsDisplayName":"显示名称",
"casSrvMetaDataOptionsGateway":"网关认证",
"casSrvMetaDataOptionsIcon":"图标路径",
"casSrvMetaDataOptionsSortNumber":"Order",
"casSrvMetaDataOptionsRenew":"Renew authentication",
"casSrvMetaDataOptionsProxiedServices":"代理服务",
"casSrvMetaDataOptionsUrl":"服务器 URL",
@ -499,6 +500,7 @@
"oidcOPMetaDataOptionsDisplayName":"Display name",
"oidcOPMetaDataOptionsDisplayParams":"Display",
"oidcOPMetaDataOptionsIcon":"Logo",
"oidcOPMetaDataOptionsSortNumber":"Order",
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
"oidcRPMetaDataOptionsLogoutType":"Type",
@ -894,6 +896,7 @@
"samlIDPMetaDataOptionsDisplayParams":"Display",
"samlIDPMetaDataOptionsIcon":"Logo",
"samlIDPMetaDataOptionsSecurity":"Security",
"samlIDPMetaDataOptionsSortNumber":"Order",
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
@ -983,4 +986,4 @@
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

2
lemonldap-ng-manager/site/templates/viewDiff.tpl
View File

@ -112,7 +112,7 @@
<!-- //if:jsminified
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/conftree.min.js"></script>
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/veiwDiff.min.js"></script>
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/viewDiff.min.js"></script>
//else -->
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/conftree.js"></script>
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/viewDiff.js"></script>

21
lemonldap-ng-manager/t/70-viewer.t
View File

@ -8,6 +8,7 @@ use JSON qw(from_json);
require 't/test-lib.pm';
my $struct = 't/jsonfiles/70-diff.json';
sub body {
return IO::File->new( $struct, 'r' );
}
@ -19,9 +20,11 @@ count(1);
# Test that hidden key values are NOT sent
$res = &client->jsonResponse('/view/1/portalDisplayLogout');
ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
ok( $res->{value} eq '_Hidden_', 'Key is hidden' )
or explain( $res, 'value => "_Hidden_"' );
$res = &client->jsonResponse('/view/1/samlIDPMetaDataNodes');
ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
ok( $res->{value} eq '_Hidden_', 'Key is hidden' )
or explain( $res, 'value => "_Hidden_"' );
count(2);
# Try to display latest conf
@ -29,12 +32,17 @@ $res = &client->jsonResponse('/view/latest');
ok( $res->{cfgNum} eq '1', 'Browser is allowed' );
count(1);
ok( $res = &client->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
"Request succeed" );
ok(
$res = &client->_post(
'/confs/', 'cfgNum=1&force=1', &body, 'application/json'
),
"Request succeed"
);
ok( $res->[0] == 200, "Result code is 200" );
my $resBody;
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
count(3);
foreach my $i ( 0 .. 1 ) {
ok(
$resBody->{details}->{__changes__}->[$i]->{key} =~
@ -46,10 +54,11 @@ count(2);
# Try to compare confs 1 & 2
$res = &client->jsonResponse('/view/diff/1/2');
# ok( $res->[1]->{captcha_login_enabled} eq '1', 'Key found' );
ok( $res->[1]->{captcha_mail_enabled} eq '0', 'Key found' );
ok( 6 == keys %{ $res->[1] }, 'Right number of keys found')
or print STDERR Dumper($res);
ok( 6 == keys %{ $res->[1] }, 'Right number of keys found' )
or print STDERR Dumper($res);
count(2);
# Remove new conf

12
lemonldap-ng-manager/t/71-viewer-with-no-diff.t
View File

@ -21,13 +21,10 @@ ok(
'Client object'
);
# Try to display latest conf
my $res = $client2->jsonResponse('/view/1');
ok( $res->{value} eq '_Hidden_', 'Browser is NOT allowed' );
count(2);
# Try to compare confs 1 & 2
ok( $res = $client2->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
ok( my $res = $client2->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
"Request succeed" );
ok( $res->[0] == 200, "Result code is 200" );
my $resBody;
@ -45,6 +42,11 @@ $res = $client2->jsonResponse('/view/diff/1/2');
ok( $res->{value} eq '_Hidden_', 'Diff is NOT allowed' );
count(1);
# Try to display latest conf
$res = $client2->jsonResponse('/view/2');
ok( $res->{value} eq '_Hidden_', 'Browser is NOT allowed' );
count(2);
# Remove new conf
`rm -rf t/conf/lmConf-2.json`;

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
View File

@ -128,7 +128,7 @@ sub run {
$self->p->updatePersistentSession( $req,
{ _2fDevices => to_json($_2fDevices) } );
$self->userLogger->notice(
"Yubikey registration of $keyName succeeds for $user");
"Yubikey registration of $UBKName succeeds for $user");
return $self->p->sendHtml(
$req, 'error',

16
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
View File

@ -40,10 +40,16 @@ sub init {
$portalPath =~ s#^https?://[^/]+/?#/#;
foreach (@tab) {
my $name = $self->conf->{casSrvMetaDataOptions}->{$_}
my $name = $_;
$name =
$self->conf->{casSrvMetaDataOptions}->{$_}
->{casSrvMetaDataOptionsDisplayName}
if $self->conf->{casSrvMetaDataOptions}->{$_}
->{casSrvMetaDataOptionsDisplayName};
my $icon = $self->conf->{casSrvMetaDataOptions}->{$_}
->{casSrvMetaDataOptionsIcon};
my $order = $self->conf->{casSrvMetaDataOptions}->{$_}
->{casSrvMetaDataOptionsSortNumber} // 0;
my $img_src;
if ($icon) {
@ -52,15 +58,21 @@ sub init {
? $icon
: $portalPath . $self->p->staticPrefix . "/common/" . $icon;
}
push @list,
{
val => $_,
name => $name,
icon => $img_src,
order => $order,
class => "openidconnect",
};
}
@list =
sort {
$a->{order} <=> $b->{order}
or $a->{name} cmp $b->{name}
or $a->{val} cmp $b->{val}
} @list;
$self->srvList( \@list );
return 1;
}

17
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
View File

@ -16,7 +16,7 @@ extends 'Lemonldap::NG::Portal::Main::Auth',
# INTERFACE
has opList => ( is => 'rw', default => sub { [] } );
has opList => ( is => 'rw', default => sub { [] } );
has opNumber => ( is => 'rw', default => 0 );
has path => ( is => 'rw', default => 'oauth2' );
@ -41,10 +41,16 @@ sub init {
#$portalPath =~ s#^https?://[^/]+/?#/#;
foreach (@tab) {
my $name = $self->conf->{oidcOPMetaDataOptions}->{$_}
my $name = $_;
$name =
$self->conf->{oidcOPMetaDataOptions}->{$_}
->{oidcOPMetaDataOptionsDisplayName}
if $self->conf->{oidcOPMetaDataOptions}->{$_}
->{oidcOPMetaDataOptionsDisplayName};
my $icon = $self->conf->{oidcOPMetaDataOptions}->{$_}
->{oidcOPMetaDataOptionsIcon};
my $order = $self->conf->{oidcOPMetaDataOptions}->{$_}
->{oidcOPMetaDataOptionsSortNumber} // 0;
my $img_src;
if ($icon) {
@ -60,6 +66,7 @@ sub init {
name => $name,
icon => $img_src,
class => "openidconnect",
order => $order
};
}
$self->addRouteFromConf(
@ -72,6 +79,12 @@ sub init {
oidcServiceMetaDataFrontChannelURI => 'frontLogout',
oidcServiceMetaDataBackChannelURI => 'backLogout',
);
@list =
sort {
$a->{order} <=> $b->{order}
or $a->{name} cmp $b->{name}
or $a->{val} cmp $b->{val}
} @list;
$self->opList( [@list] );
return 1;
}

25
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
View File

@ -893,13 +893,11 @@ sub extractFormInfo {
$self->logger->debug(
"Will try to use SAML Discovery Protocol for IDP resolution");
if ($req->urldc) {
$req->pdata->{_url} = encode_base64($req->urldc, '');
if ( $req->urldc ) {
$req->pdata->{_url} = encode_base64( $req->urldc, '' );
}
my $disco_url = $self->conf->{samlDiscoveryProtocolURL};
my $portal = $self->conf->{portal};
my $portal = $self->conf->{portal};
$disco_url .= ( $disco_url =~ /\?/ ? '&' : '?' )
. build_urlencoded(
entityID => $self->getMetaDataURL( 'samlEntityID', 0, 1 ),
@ -947,6 +945,7 @@ sub extractFormInfo {
$idpName = $self->{idpList}->{$_}->{displayName}
if $self->{idpList}->{$_}->{displayName};
my $icon = $self->{idpList}->{$_}->{icon};
my $order = $self->{idpList}->{$_}->{order} // 0;
my $img_src = '';
if ($icon) {
@ -957,14 +956,22 @@ sub extractFormInfo {
}
$self->logger->debug( "IDP "
. $self->{idpList}->{$_}->{name}
. " -> DisplayName : $idpName with Icon : $img_src" );
. " -> DisplayName : $idpName with Icon : $img_src at order : $order"
);
push @list,
{
val => $_,
name => $idpName,
icon => $img_src,
val => $_,
name => $idpName,
icon => $img_src,
order => $order,
};
}
@list =
sort {
$a->{order} <=> $b->{order}
or $a->{name} cmp $b->{name}
or $a->{val} cmp $b->{val}
} @list;
$req->data->{list} = \@list;
$req->data->{confirmRemember} = 1;

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
View File

@ -186,7 +186,7 @@ sub loadService {
# Create Lasso server with service metadata
my $server = $self->createServer(
$service_metadata->serviceToXML( $self->conf, ''),
$service_metadata->serviceToXML( $self->conf, '' ),
$self->conf->{samlServicePrivateKeySig},
$self->conf->{samlServicePrivateKeySigPwd},
@ -295,6 +295,9 @@ sub loadIDPs {
$self->idpList->{$entityID}->{icon} =
$self->conf->{samlIDPMetaDataOptions}->{$_}
->{samlIDPMetaDataOptionsIcon};
$self->idpList->{$entityID}->{order} =
$self->conf->{samlIDPMetaDataOptions}->{$_}
->{samlIDPMetaDataOptionsSortNumber};
# Set rule
my $cond = $self->conf->{samlIDPMetaDataOptions}->{$_}

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm
View File

@ -184,8 +184,10 @@ sub send_mail {
foreach ( keys %cid ) {
$message->attach(
Type => "image/" . ( $cid{$_} =~ m/\.(\w+)/ )[0],
Id => $_,
Path => $self->p->{templateDir} . "/" . $cid{$_},
Id => $_,
Path => $self->conf->{templateDir} . "/"
. $self->conf->{portalSkin} . "/"
. $cid{$_},
);
}
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
View File

@ -194,6 +194,8 @@ sub reloadConf {
$self->error("Template dir $self->{templateDir} doesn't exist");
return $self->fail;
}
$self->templateDir(
[ $self->{templateDir}, $self->conf->{templateDir} . '/bootstrap' ] );
$self->{staticPrefix} = $self->conf->{staticPrefix} || '/static';
$self->{languages} = $self->conf->{languages} || '/';

23
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -743,6 +743,7 @@ sub sendHtml {
my ( $self, $req, $template, %args ) = @_;
my $templateDir = $self->conf->{templateDir} . '/' . $self->getSkin($req);
$self->templateDir( [ $templateDir, @{ $self->templateDir } ] );
# Check template
$args{templateDir} = $templateDir;
@ -878,6 +879,7 @@ sub lmError {
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
URL => $req->{urldc},
);
$req->pdata( {} );
# Error code
$templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 )
@ -889,8 +891,8 @@ sub rebuildCookies {
my ( $self, $req ) = @_;
my @tmp;
for ( my $i = 0 ; $i < @{ $req->{respHeaders} } ; $i += 2 ) {
push @tmp, $req->respHeaders->[0], $req->respHeaders->[1]
unless ( $req->respHeaders->[0] eq 'Set-Cookie' );
push @tmp, $req->respHeaders->[$i], $req->respHeaders->[ $i + 1 ]
unless ( $req->respHeaders->[$i] eq 'Set-Cookie' );
}
$req->{respHeaders} = \@tmp;
$self->buildCookie($req);
@ -1003,17 +1005,14 @@ sub _sumUpSession {
sub loadTemplate {
my ( $self, $name, %prm ) = @_;
$name .= '.tpl';
my $file =
$self->conf->{templateDir} . '/'
. $self->conf->{portalSkin} . '/'
. $name;
$file = $self->conf->{templateDir} . '/common/' . $name
unless ( -e $file );
unless ( -e $file ) {
die "Unable to find $name in $self->conf->{templateDir}";
}
my $tpl = HTML::Template->new(
filename => $file,
filename => $name,
path => [
$self->conf->{templateDir} . '/' . $self->conf->{portalSkin},
$self->conf->{templateDir} . '/bootstrap/',
$self->conf->{templateDir} . '/common/'
],
search_path_on_include => 1,
die_on_bad_params => 0,
die_on_missing_include => 1,
cache => 1,

12
lemonldap-ng-portal/site/htdocs/static/languages/ar.json
View File

@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Access not granted on SAML service",
"PE90":"Access not granted on OIDC service",
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"قبول",
"accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
@ -259,4 +259,4 @@
"yourPhone":"رقم هاتفك",
"yourProfile":"ملفك الشخصي",
"yourTotpKey":"Your TOTP key"
}
}

12
lemonldap-ng-portal/site/htdocs/static/languages/de.json
View File

@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Zugang zum SAML-Service nicht genehmigt",
"PE90":"Zugang zum OIDC-Service nicht genehmigt",
"PE91":"Zugang zum OID-Service nicht genehmigt",
"PE92":"Zugang zum GET-Service nicht genehmigt",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
"accept":"Akzeptieren",
"accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
@ -259,4 +259,4 @@
"yourPhone":"Ihre Telefonnummer",
"yourProfile":"Ihr Profil",
"yourTotpKey":"Your TOTP key"
}
}

12
lemonldap-ng-portal/site/htdocs/static/languages/en.json
View File

@ -67,7 +67,7 @@
"PE65":"Federation forbidden by security policy",
"PE66":"The confirmation mail was already sent",
"PE67":"Password field must be filled",
"PE68":"Access non granted on CAS service",
"PE68":"Access not granted on CAS service",
"PE69":"Please provide your mail address",
"PE70":"No matching user",
"PE71":"Please provide your new password",
@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Access not granted on SAML service",
"PE90":"Access not granted on OIDC service",
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",

12
lemonldap-ng-portal/site/htdocs/static/languages/es.json
View File

@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Acceso no autorizado al servicio SAML",
"PE90":"Acceso no autorizado al servicio OIDC",
"PE91":"Acceso no autorizado al servicio OID",
"PE92":"Acceso no autorizado al servicio GET",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}

40
lemonldap-ng-portal/site/htdocs/static/languages/it.json
View File

@ -67,7 +67,7 @@
"PE65":"Federation forbidden by security policy",
"PE66":"La mail di conferma è già stata inviata",
"PE67":"Password mancante",
"PE68":"Accesso non autorizzato al servizio CAS",
"PE68":"Acceso no autorizado al servicio CAS",
"PE69":"Inserisci il tuo indirizzo mail",
"PE70":"Nessun utente corrispondente",
"PE71":"Inserisci la nuova password",
@ -87,24 +87,24 @@
"PE85":"Il sito remoto richiede una sessione più recente (e il plug-in di UpgradeSession non viene caricato). Disconnetti e riprova",
"PE86":"Il tuo account è bloccato. Devi attendere 30 secondi prima di autenticarti di nuovo",
"PE87":"È necessario eseguire nuovamente l'autenticazione per accedere al Portale",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE88":"Il tuo account deve avere un indirizzo e-mail per poter utilizzare l'autenticazione a doppio fattore",
"PE89":"Accesso non concesso sul servizio SAML",
"PE90":"Accesso non concesso sul servizio OIDC",
"PE91":"Accesso non concesso sul servizio OID",
"PE92":"Accesso non concesso sul servizio GET",
"PE93":"Accesso non concesso sul servizio IMPERSONATION",
"2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
"accept":"Accetta",
"accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
"accountCreated":"Il tuo account è stato creato, la tua password temporanea è stata inviata all'indirizzo email.",
"accountCreationSuccess":"Il tuo account è stato creato con successo.",
"action":"Azione",
"allowed":"Access ALLOWED",
"allowed":"Accesso CONSENTITO",
"anotherInformation":"Un'altra informazione:",
"areYouSure":"Sei sicuro?",
"askToRenew":"Questa applicazione richiede un'autenticazione più recente. Vuoi reautenticare?",
"askToUpgrade":"Questa applicazione richiede un livello di autenticazione superiore. Vuoi reautenticare?",
"attributes":"ATTRIBUTES",
"attributes":"ATTRIBUTI",
"authPortal":"Portale di autenticazione",
"authRemaining":"Rimangono ancora %s autenticazioni, modifica la password!",
"autoAccept":"Accetta automaticamente in 30 secondi",
@ -117,7 +117,7 @@
"changeKey":"Genera nuova chiave",
"changePwd":"Cambia la tua password",
"checkLastLogins":"Controllare i miei ultimi accessi",
"checkUser":"Check user SSO profile",
"checkUser":"Controlla il profilo SSO dell'utente",
"choose2f":"Scegli il tuo secondo fattore",
"chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso",
"clickHere":"Per favore clicka qui",
@ -141,19 +141,19 @@
"errorMsg":"Messaggio di errore",
"fillTheForm":"Compila il modulo",
"firstName":"Nome",
"forbidden":"Access FORBIDDEN",
"forbidden":"Accesso VIETATO",
"forgotPwd":"Password dimenticata?",
"generatePwd":"Generare automaticamente la password",
"gotNewMessages":"Hai dei nuovi messaggi",
"goToPortal":"Vai al portale",
"gplSoft":"Software libero coperto dalla licenza GPL",
"groups_sso":"SSO GROUPS",
"headers":"HEADERS",
"groups_sso":"GRUPPI SSO",
"headers":"INTESTAZIONI",
"id":"Id",
"imSure":"Sono sicuro",
"info":"Informazioni",
"ipAddr":"Indirizzo IP",
"key":"Key",
"key":"Chiave",
"lastFailedLogins":"Ultimi login non riusciti",
"lastLogins":"Ultimi accessi",
"lastName":"Cognome",
@ -212,7 +212,7 @@
"resetPwd":"Reimpostare la password",
"rightsReloadNeedsLogout":"Le ricariche dei diritti necessitano di disconnettersi e di riconnettersi",
"scope":"Ambito",
"search":"Search",
"search":"Ricerca",
"selectIdP":"Seleziona il tuo provider di identità",
"service":"Servizio",
"sendPwd":"Inviami il link",
@ -220,7 +220,7 @@
"serviceProvidedBy":"Servizio offerto da",
"sessionsDeleted":"Le sessioni seguenti sono state chiuse",
"sfaManager":"2ndFA Manager",
"spoofId":"Spoofed Id",
"spoofId":"Id falsificato",
"SSOSessionInactive":"Sessione SSO inattiva",
"stayConnected":"Resta connesso su questo dispositivo",
"submit":"Invia",
@ -238,11 +238,11 @@
"upgradeSession":"Sessione di aggiornamento",
"user":"Utente",
"useYubikey":"Usa la tua Yubikey",
"value":"Value",
"value":"Valore",
"verify":"Verifica",
"VHnotFound":"Virtual Host not found",
"VHnotFound":"Host virtuale non trovato",
"wait":"Attendere",
"waitingmessage":"Authentication in progress, please wait",
"waitingmessage":"Autenticazione in corso, attendere prego",
"warning":"Avvertimento",
"welcomeOnPortal":"Benvenuto sul tuo portale di autenticazione protetta.",
"yesResendMail":"Sì, rinvia e-mail",
@ -259,4 +259,4 @@
"yourPhone":"Numero di telefono",
"yourProfile":"Il tuo profilo",
"yourTotpKey":"La tua chiave TOTP"
}
}

12
lemonldap-ng-portal/site/htdocs/static/languages/nl.json
View File

@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Onbevoegde toegang tot de SAML-service",
"PE90":"Onbevoegde toegang tot de OIDC-service",
"PE91":"Onbevoegde toegang tot de OID-service",
"PE92":"Onbevoegde toegang tot de GET-service",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}

12
lemonldap-ng-portal/site/htdocs/static/languages/pt.json
View File

@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Acesso não autorizado ao serviço SAML",
"PE90":"Acesso não autorizado ao serviço OIDC",
"PE91":"Acesso não autorizado ao serviço OID",
"PE92":"Acesso não autorizado ao serviço GET",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}

14
lemonldap-ng-portal/site/htdocs/static/languages/ro.json
View File

@ -67,7 +67,7 @@
"PE65":"Federation forbidden by security policy",
"PE66":"The confirmation mail was already sent",
"PE67":"Password field must be filled",
"PE68":"Access non granted on CAS service",
"PE68":"Access not granted on CAS service",
"PE69":"Vă rugăm să introduceţi adresa dvs. de e-mail",
"PE70":"No matching user",
"PE71":"Please provide your new password",
@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Access not granted on SAML service",
"PE90":"Access not granted on OIDC service",
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept",
"accessDenied":"You have no access authorization for this application",
@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}

12
lemonldap-ng-portal/site/htdocs/static/languages/vi.json
View File

@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Truy cập không được cấp trên dịch vụ SAML",
"PE90":"Truy cập không được cấp trên dịch vụ OIDC",
"PE91":"Truy cập không được cấp trên dịch vụ OID",
"PE92":"Truy cập không được cấp trên dịch vụ GET",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Chấp nhận",
"accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
@ -259,4 +259,4 @@
"yourPhone":"Số điện thoại của bạn",
"yourProfile":"Profile của bạn",
"yourTotpKey":"Your TOTP key"
}
}

14
lemonldap-ng-portal/site/htdocs/static/languages/zh.json
View File

@ -67,7 +67,7 @@
"PE65":"Federation forbidden by security policy",
"PE66":"确认邮件已经发送",
"PE67":"密码必须填写",
"PE68":"Access non granted on CAS service",
"PE68":"Access not granted on CAS service",
"PE69":"请提供您的邮箱",
"PE70":"没有匹配用户",
"PE71":"请提供您的新密码",
@ -88,11 +88,11 @@
"PE86":"Your account is locked. You must wait 30s before authenticate again",
"PE87":"You must authenticate again to access to Portal",
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
"PE89":"Access non granted on SAML service",
"PE90":"Access non granted on OIDC service",
"PE91":"Access non granted on OID service",
"PE92":"Access non granted on GET service",
"PE93":"Access non granted on IMPERSONATION service",
"PE89":"Access not granted on SAML service",
"PE90":"Access not granted on OIDC service",
"PE91":"Access not granted on OID service",
"PE92":"Access not granted on GET service",
"PE93":"Access not granted on IMPERSONATION service",
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
"accept":"Accept 方法",
"accessDenied":"您无权访问此应用",
@ -259,4 +259,4 @@
"yourPhone":"您的电话号码",
"yourProfile":"您的档案",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/templates/common/mail/ar.json
View File

@ -15,4 +15,4 @@
"requestIssuedFromIP":"الطلب قد أرسل من عنوان الآي بي",
"yourLoginCodeIs":"Your login code is",
"yourLoginIs":"تسجيل الدخول الخاص بك هو"
}
}

6
lemonldap-ng-portal/site/templates/common/mail/it.json
View File

@ -4,7 +4,7 @@
"click2Register":"Clicca qui per confermare la registrazione del tuo account",
"click2Reset":"Clicca qui per reimpostare la password",
"hello":"Salve",
"mail2fSubject":"[LemonLDAP::NG] Your login code",
"mail2fSubject":"[LemonLDAP :: NG] Il tuo codice di accesso",
"mailConfirmSubject":"Conferma reimpostazione password [LemonLDAP::NG] ",
"mailSubject":"[LemonLDAP::NG] La tua nuova password",
"newPwdIs":"La tua nuova password é",
@ -13,6 +13,6 @@
"registerConfirmSubject":"[LemonLDAP :: NG] Conferma registro account",
"registerDoneSubject":"[LemonLDAP::NG] Il tuo nuovo account",
"requestIssuedFromIP":"La richiesta è stata emessa da IP",
"yourLoginCodeIs":"Your login code is",
"yourLoginCodeIs":"Il tuo codice di accesso è",
"yourLoginIs":"Il tuo login é"
}
}

2
lemonldap-ng-portal/site/templates/common/mail/vi.json
View File

@ -15,4 +15,4 @@
"requestIssuedFromIP":"Yêu cầu được gửi đi từ địa chỉ IP",
"yourLoginCodeIs":"Your login code is",
"yourLoginIs":"Đăng nhập của bạn là"
}
}

2
lemonldap-ng-portal/site/templates/common/mail/zh_CN.json
View File

@ -15,4 +15,4 @@
"requestIssuedFromIP":"此请求来自IP地址",
"yourLoginCodeIs":"Your login code is",
"yourLoginIs":"您登陆的账户是"
}
}

26
lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t
View File

@ -35,6 +35,8 @@ SKIP: {
'PE_PP_PASSWORD_EXPIRED', 'PE_PASSWORD_OK', 'PE_PP_ACCOUNT_LOCKED',
'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_GRACE';
my ( $user, $code, $postString, $match );
# 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED
# ------------------------------------------------------------
foreach my $tpl (
@ -42,9 +44,9 @@ SKIP: {
[ 'expire', PE_PP_PASSWORD_EXPIRED ]
)
{
my $user = $tpl->[0];
my $code = $tpl->[1];
my $postString = "user=$user&password=$user";
$user = $tpl->[0];
$code = $tpl->[1];
$postString = "user=$user&password=$user";
# Try to authenticate
# -------------------
@ -56,7 +58,7 @@ SKIP: {
),
'Auth query'
);
my $match = 'trmsg="' . $code . '"';
$match = 'trmsg="' . $code . '"';
ok( $res->[2]->[0] =~ /$match/, "Code is $code" );
#open F, '>../e2e-tests/conf/portal/result.html' or die $!;
@ -93,9 +95,9 @@ SKIP: {
# 2 - TEST PE_PP_GRACE
# -------------------------
my $user = 'grace';
my $code = "ppGrace";
my $postString = "user=$user&password=$user";
$user = 'grace';
$code = "ppGrace";
$postString = "user=$user&password=$user";
# Try to authenticate
# -------------------
@ -107,14 +109,14 @@ SKIP: {
),
'Auth query'
);
my $match = 'trmsg="' . $code . '"';
$match = 'trmsg="' . $code . '"';
ok( $res->[2]->[0] =~ /$match/, 'Grace remaining' );
# 3 - TEST PE_PP_ACCOUNT_LOCKED
# -------------------------
my $user = 'lock';
my $code = PE_PP_ACCOUNT_LOCKED;
my $postString = "user=$user&password=$user";
$user = 'lock';
$code = PE_PP_ACCOUNT_LOCKED;
$postString = "user=$user&password=$user";
# Try to authenticate
# -------------------
@ -126,7 +128,7 @@ SKIP: {
),
'Auth query'
);
my $match = 'trmsg="' . $code . '"';
$match = 'trmsg="' . $code . '"';
ok( $res->[2]->[0] =~ /$match/, 'Account is locked' );
# Try to change anyway

1
lemonldap-ng-portal/t/29-AuthGPG.t
View File

@ -7,6 +7,7 @@ require 't/test-lib.pm';
my $mainTests = 5;
SKIP: {
skip "Manual skip of GPG test", $mainTests if ($ENV{LLNG_SKIP_GPG_TEST});
eval "use IPC::Run 'run',";
skip "Missing dependency", $mainTests if ($@);
my $gpg = `which gpg`;

61
lemonldap-ng-portal/t/30-Auth-SAML-with-choice.t
View File

@ -12,7 +12,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 20;
my $maintests = 24;
my $debug = 'error';
my %handlerOR = ( issuer => [], sp => [] );
@ -64,6 +64,14 @@ SKIP: {
or explain( $res->[1],
'Set-Cookie => lemonldapidp=0; domain=.sp.com; path=/; expires=-1d' );
( $host, $url, $query ) = expectForm( $res, undef, undef, 'confirm', );
# IDP must be sorted
my @idp = map /val="http:\/\/(.+?)\/saml\/metadata">/g, $res->[2]->[0];
ok( $idp[0] eq 'auth.idp2.com', '1st = idp2' ) or print STDERR Dumper( \@idp );
ok( $idp[1] eq 'auth.z_idp2.com', '2nd = z_idp2' ) or print STDERR Dumper( \@idp );
ok( $idp[2] eq 'auth.idp3.com', '3rd = idp3' ) or print STDERR Dumper( \@idp );
ok( $idp[3] eq 'auth.idp.com', '4th= idp' ) or print STDERR Dumper( \@idp );
ok(
$res->[2]->[0] =~
m%<img src="http://auth.sp.com/static/common/icons/sfa_manager.png" class="mr-2" alt="IDP2" title="IDP2" />%,
@ -248,6 +256,16 @@ sub sp {
uid => "1;uid",
cn => "0;cn"
},
idp3 => {
mail => "0;mail;;",
uid => "1;uid",
cn => "0;cn"
},
z_idp2 => {
mail => "0;mail;;",
uid => "1;uid",
cn => "0;cn"
},
},
samlIDPMetaDataOptions => {
idp => {
@ -259,6 +277,7 @@ sub sp {
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
samlIDPMetaDataOptionsForceUTF8 => 1,
samlIDPMetaDataOptionsSortNumber => 2,
samlIDPMetaDataOptionsDisplayName =>
'idp_Test_DisplayName',
@ -274,6 +293,28 @@ sub sp {
samlIDPMetaDataOptionsForceUTF8 => 1,
samlIDPMetaDataOptionsIcon => 'icons/sfa_manager.png',
},
idp3 => {
samlIDPMetaDataOptionsEncryptionMode => 'none',
samlIDPMetaDataOptionsSSOBinding => 'post',
samlIDPMetaDataOptionsSLOBinding => 'post',
samlIDPMetaDataOptionsSignSSOMessage => 1,
samlIDPMetaDataOptionsSignSLOMessage => 1,
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
samlIDPMetaDataOptionsForceUTF8 => 1,
samlIDPMetaDataOptionsSortNumber => 1,
samlIDPMetaDataOptionsDisplayName => 'Test_Sort',
},
z_idp2 => {
samlIDPMetaDataOptionsEncryptionMode => 'none',
samlIDPMetaDataOptionsSSOBinding => 'post',
samlIDPMetaDataOptionsSLOBinding => 'post',
samlIDPMetaDataOptionsSignSSOMessage => 1,
samlIDPMetaDataOptionsSignSLOMessage => 1,
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
samlIDPMetaDataOptionsForceUTF8 => 1,
},
},
samlIDPMetaDataExportedAttributes => {
idp => {
@ -284,6 +325,14 @@ sub sp {
"uid" => "0;uid;;",
"cn" => "1;cn;;",
},
idp3 => {
"uid" => "0;uid;;",
"cn" => "1;cn;;",
},
z_idp2 => {
"uid" => "0;uid;;",
"cn" => "1;cn;;",
},
},
samlIDPMetaDataXML => {
idp => {
@ -293,7 +342,15 @@ sub sp {
idp2 => {
samlIDPMetaDataXML =>
samlIDPMetaDataXML( 'idp2', 'HTTP-POST' )
}
},
idp3 => {
samlIDPMetaDataXML =>
samlIDPMetaDataXML( 'idp3', 'HTTP-POST' )
},
z_idp2 => {
samlIDPMetaDataXML =>
samlIDPMetaDataXML( 'z_idp2', 'HTTP-POST' )
},
},
samlOrganizationDisplayName => "SP",
samlOrganizationName => "SP",

2
lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST-with-WAYF.t
View File

@ -98,7 +98,7 @@ SKIP: {
);
my $proxyPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
my ( $url, $query ) =
( $url, $query ) =
expectRedirection( $res, qr#^http://discovery.example.com/# );
# Return from WAYF

4
lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t
View File

@ -122,9 +122,7 @@ SKIP: {
);
my $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
my ( $url, $query ) =
( $url, $query ) =
expectRedirection( $res, qr#^http://discovery.example.com/# );
# Return from WAYF

2
lemonldap-ng-portal/t/42-Register-Demo-with-captcha.t
View File

@ -100,14 +100,12 @@ m%<a class="btn btn-secondary" href="http://auth.example.com/register\?skin=boot
s/^.*token=([^&]+).*$/token=$1&firstname=foo&lastname=bar&mail=foobar%40badwolf.org/,
'Token found'
);
my $token;
ok( $token = $1, ' Token value is defined' );
ok( $res->[2]->[0] =~ m#<img src="data:image/png;base64#,
' Captcha image inserted' )
or print STDERR Dumper( $res->[2]->[0] );
# Try to get captcha value
my ( $ts, $captcha );
ok( $ts = getCache()->get($token), ' Found token session' );
$ts = eval { JSON::from_json($ts) };
ok( $captcha = $ts->{captcha}, ' Found captcha value' );

14
lemonldap-ng-portal/t/lib/Lemonldap/NG/Handler/Test.pm
View File

@ -67,11 +67,23 @@ sub run {
my ( $req, $res );
$req = HTTP::Request->new( @{ JSON::from_json($_) } );
$res = $server->request($req);
my @flatten = &flatten($res);
print $out JSON::to_json(
[ $res->code, [ $res->flatten ], [ $res->content ] ] )
[ $res->code, [@flatten], [ $res->content ] ] )
. "\n";
}
}
# Copy from HTTP::Headers code
sub flatten {
my ($self) = @_;
(
map {
my $k = $_;
map { ( $k => $_ ) } $self->header($_);
} $self->header_field_names
);
}
1;

7
rpm/lemonldap-ng.spec
View File

@ -144,6 +144,7 @@ BuildRequires: perl(Plack::Handler::FCGI)
BuildRequires: perl(Plack::Middleware)
BuildRequires: perl(Plack::Request)
BuildRequires: perl(Plack::Runner)
BuildRequires: perl(Plack::Test)
BuildRequires: perl(Plack::Util)
BuildRequires: perl(Plack::Util::Accessor)
BuildRequires: perl(POSIX)
@ -437,6 +438,8 @@ sed -i 's/nobody/%{lm_apacheuser}/' \
%{buildroot}%{lm_bindir}/lmConfigEditor
sed -i 's/nobody/%{lm_apacheuser}/g' \
%{buildroot}%{lm_bindir}/lemonldap-ng-cli
sed -i 's/nobody/%{lm_apacheuser}/g' \
%{buildroot}%{lm_bindir}/llngDeleteSession
sed -i 's/nobody/%{lm_apacheuser}/g' \
%{buildroot}%{_sysconfdir}/default/llng-fastcgi-server
@ -592,6 +595,7 @@ fi
%{lm_examplesdir}/manager
%{lm_bindir}/lmConfigEditor
%{lm_bindir}/lemonldap-ng-cli
%{lm_bindir}/llngDeleteSession
%{_mandir}/man1/lemonldap-ng-cli*
%files portal
@ -656,6 +660,9 @@ fi
# Changelog
#==============================================================================
%changelog
* Thu Apr 11 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.3-1
- Update to 2.0.3
* Tue Feb 12 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.2-1
- Update to 2.0.2