Merge branch 'v2.0'

changelog

@@ -1,3 +1,54 @@
+lemonldap-ng (2.0.3) bionic; urgency=medium
+
+  * Bugs:
+    * #1543: Redirection lost with CAS RP -> Choice -> SAML Discovery Protocol -> SAML IDP
+    * #1654: Password must change on AD still not fully working
+    * #1656: No IP shown in history logon
+    * #1667: [Security:medium] Option userControl is not applied anymore in standard login process
+    * #1671: Error in SP-initiated saml logout with multiple SP
+    * #1672: In SAML Issuer, environment variables to store current SP are not filled
+    * #1673: Application list display and specific rules
+    * #1675: [Security:minor] Using /logout instead of /?logout=1 does not work
+    * #1676: Active Directory connection information not saved
+    * #1679: Default jQuery URL in form replay has changed
+    * #1680: In form replay, POST data keys are not URL encoded
+    * #1682: LinkedIn OAuth2 authentication is not available in combination modules list
+    * #1683: Changing configuration option cspScript has no effect
+    * #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
+    * #1686: SOAP Portal WSDL file is invalid
+    * #1691: Password policy can't display messages
+    * #1692: Parameter base64 is ignored in setHiddenFormValue
+    * #1693: Information is not displayed in logout process
+    * #1698: Invalid pdata causes SAML login to fail after logout
+    * #1703: Fix faulty headers on a null value
+    * #1708: lmerror page loops on url parameter
+
+  * New features:
+    * #1632: Optionally let Ext2F module handle code generation
+    * #1658: CheckUser plugin
+    * #1661: Configuration viewer module
+    * #1664: Impersonation plugin
+    * #1697: Command-line tool to delete session for specific user(s)
+
+  * Improvements:
+    * #1549: Option to override IDP entityID
+    * #1595: Possibility to override message with a custom JSON file in template
+    * #1651: Disable cache on portal page
+    * #1653: Allow failback to default skin when a template is not found in custom theme
+    * #1660: Restore possibility to hide message in portal template
+    * #1666: Display errors on login form
+    * #1668: As IDP SAML, do not try to send SLO response if no SLO endpoint defined in SP metadata
+    * #1670: Display "authentication in progress" when using Ajax with Kerberos
+    * #1681: Change behavior with SAML mandatory/optional attributes in SAML Issuer
+    * #1687: Add granted log for user and connexion informations
+    * #1694: Disable CSRF token with AuthBasic
+    * #1696: Remove unnecessary antiframe protection in portal javascript
+    * #1699: Authentication level for REST and GPG authentication
+    * #1700: Update AuthBasic handler doc : REST server is required
+    * #1704: Append parameter to sort IDP, OP and CAS servers in Auth menu loop
+
+ -- Clément <clem.oudot@gmail.com>  Thu, 11 Apr 2019 10:09:35 +0200
+
 lemonldap-ng (2.0.2) bionic; urgency=medium
 
   * Bugs:
@@ -11,8 +62,8 @@ lemonldap-ng (2.0.2) bionic; urgency=medium
     * #1618: Version in server signature is wrong
     * #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager
     * #1627: Display issue with GrantSession plugin
-    * #1628: GrantSession plugin discloses its message to unlogged users
+    * #1628: [Security:minor] GrantSession plugin discloses its message to unlogged users
-    * #1630: SSO cookie is sent to protected applications with Nginx-based ReverseProxy
+    * #1630: [Security:minor] SSO cookie is sent to protected applications with Nginx-based ReverseProxy
     * #1636: SSL and Kerberos Auth Modules don t work with choice
     * #1639: User must change password on AD is broken
     * #1642: Unable to select skin from URL

debian/changelog

@@ -1,3 +1,10 @@
+lemonldap-ng (2.0.3-1) unstable; urgency=medium
+
+  * New release. See changes on our website:
+    https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
+
+ -- Clement OUDOT <clement@oodo.net>  Thu, 11 Apr 2019 12:00:00 +0100
+
 lemonldap-ng (2.0.2-1) unstable; urgency=medium
 
   * New release. See changes on our website:

debian/liblemonldap-ng-manager-perl.install

@@ -4,3 +4,4 @@
 /usr/share/lemonldap-ng/bin/lemonldap-ng-cli
 /usr/share/lemonldap-ng/manager
 /usr/share/lemonldap-ng/bin/lmConfigEditor
+/usr/share/lemonldap-ng/bin/llngDeleteSession

doc/pages/documentation/current/applications/img/icons.png

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1554841473" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1554967327" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/applications/img/loader.gif

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1554841473" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1554967327" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/authcas.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authcas</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,authcas"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authcas.html"/>
@@ -122,6 +122,8 @@ Then create the list of <abbr title="Central Authentication Service">CAS</abbr>
 </li>
 <li class="level1"><div class="li"> <strong>Icon</strong>: Path to <abbr title="Central Authentication Service">CAS</abbr> Server icon. Used only if you have more than 1 <abbr title="Central Authentication Service">CAS</abbr> server declared</div>
 </li>
+<li class="level1"><div class="li"> <strong>Order</strong>: Number to sort <abbr title="Central Authentication Service">CAS</abbr> Servers display</div>
+</li>
 <li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
 <ul>
 <li class="level2"><div class="li"> <strong>Key</strong>: Service ID</div>

doc/pages/documentation/current/authcombination.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authcombination</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,authcombination"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authcombination.html"/>
@@ -159,11 +159,21 @@ For example:
 </table></div>
 <!-- EDIT6 TABLE [1133-1256] -->
 <p>
-Usually, you can&#039;t declare two modules of the same type if they don&#039;t have the same parameters. For example, usually you can&#039;t declare a MySQL <abbr title="Database Interface">DBI</abbr> and a PostgreSQL <abbr title="Database Interface">DBI</abbr>, because there is no extra field for PostgreSQL parameters. Now with Combination, you can declare some overloaded parameters. For example, if <abbr title="Database Interface">DBI</abbr> is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the “dbiChain” parameter.
+Usually, you can&#039;t declare two modules of the same type if they don&#039;t have the same parameters. For example, usually you can&#039;t declare a MySQL <abbr title="Database Interface">DBI</abbr> and a PostgreSQL <abbr title="Database Interface">DBI</abbr>, because there is no extra field for PostgreSQL parameters. Now with Combination, you can declare some overloaded parameters.
 </p>
 
+<p>
+For example, if <abbr title="Database Interface">DBI</abbr> is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the “dbiChain” parameter.
+</p>
+
+<p>
+You can also override a complex key like ldapExportedVars, by setting a JSON value:
+</p>
+<pre class="code javascript"><span class="br0">&#123;</span><span class="st0">&quot;cn&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;cn&quot;</span><span class="sy0">,</span> <span class="st0">&quot;uid&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;sAMAccounName&quot;</span><span class="sy0">,</span> <span class="st0">&quot;mail&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;mail&quot;</span><span class="br0">&#125;</span></pre>
+<div class="noteimportant">If your JSON is corrupted, LLNG will use it as string and just report a warning in logs.
 </div>
-<!-- EDIT5 SECTION "Modules declaration" [516-1670] -->
+</div>
+<!-- EDIT5 SECTION "Modules declaration" [516-1953] -->
 <h3 class="sectionedit7" id="rule_chain">Rule chain</h3>
 <div class="level3">
 
@@ -212,7 +222,7 @@ Remember that schemes in rules are the names declared above.
 		<td class="col0 leftalign"> <code>[mySSL and myLDAP, myLDAP ]</code>         </td><td class="col1"> Use mySSL and myLDAP to authentify, myLDAP to get user </td>
 	</tr>
 </table></div>
-<!-- EDIT8 TABLE [2189-2620] --><div class="noteimportant">Note that “or” can&#039;t be used inside a scheme.
+<!-- EDIT8 TABLE [2472-2903] --><div class="noteimportant">Note that “or” can&#039;t be used inside a scheme.
 If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, myLDAP] or [myLDAP, myLDAP]</code>
 
 </div><div class="table sectionedit9"><table class="inline table table-bordered table-striped">
@@ -228,7 +238,7 @@ If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, my
 		<td class="col0"> <code>[myDBI1] and [myDBI2] or [myLDAP] and [myDBI2]</code> </td><td class="col1"> Try myDBI1 and myDBI2, if it fails, try myLDAP and myDBI2 </td>
 	</tr>
 </table></div>
-<!-- EDIT9 TABLE [2793-3037] --><div class="noteimportant">You can&#039;t use brackets in a boolean expression and “and” has precedence on “or”.
+<!-- EDIT9 TABLE [3076-3320] --><div class="noteimportant">You can&#039;t use brackets in a boolean expression and “and” has precedence on “or”.
 <p>
 If you think to “( [myLDAP] or [myDBI1] ) and [myDBI2]”, you must write <code>[myLDAP] and [myDBI2] or [myDBI1] and [myDBI2]</code>
 </p>
@@ -255,7 +265,7 @@ Test can use only the <code>$env</code> variable. It contains the FastCGI enviro
 		<td class="col0"> <code>if($env-&gt;{REMOTE_ADDR} =~ /^10\./) then [myLDAP] else if($env-&gt;{REMOTE_ADDR} =~ /^192/) then [myDBI1] else [myDBI2]</code> </td><td class="col1"> Chain tests </td>
 	</tr>
 </table></div>
-<!-- EDIT10 TABLE [3373-3695] --><div class="noteimportant">Note that brackets can&#039;t be used except to enclose test.
+<!-- EDIT10 TABLE [3656-3978] --><div class="noteimportant">Note that brackets can&#039;t be used except to enclose test.
 <p>
 If you wants to write <code>if(...) then if...</code>, you must write <code>if(not ...) then ... else if(...)...</code>
 </p>
@@ -275,7 +285,7 @@ The following rule is valid:
 </p>
 
 </div>
-<!-- EDIT7 SECTION "Rule chain" [1671-4042] -->
+<!-- EDIT7 SECTION "Rule chain" [1954-4325] -->
 <h3 class="sectionedit11" id="combine_second_factor">Combine second factor</h3>
 <div class="level3">
 
@@ -300,7 +310,7 @@ Now if you want to authenticate users either by LDAP or LDAP+U2F <em>(to have 2
 </ul>
 
 </div>
-<!-- EDIT11 SECTION "Combine second factor" [4043-4692] -->
+<!-- EDIT11 SECTION "Combine second factor" [4326-4975] -->
 <h3 class="sectionedit12" id="display_multiple_forms">Display multiple forms</h3>
 <div class="level3">
 
@@ -311,12 +321,12 @@ Combination module returns the form corresponding to the first authentication sc
 <span class="re1">combinationForms</span> <span class="sy0">=</span><span class="re2"> standardform, openidform</span></pre>
 
 </div>
-<!-- EDIT12 SECTION "Display multiple forms" [4693-5021] -->
+<!-- EDIT12 SECTION "Display multiple forms" [4976-5304] -->
 <h2 class="sectionedit13" id="known_problems">Known problems</h2>
 <div class="level2">
 
 </div>
-<!-- EDIT13 SECTION "Known problems" [5022-5049] -->
+<!-- EDIT13 SECTION "Known problems" [5305-5332] -->
 <h3 class="sectionedit14" id="federation_protocols">Federation protocols</h3>
 <div class="level3">
 
@@ -336,9 +346,9 @@ Combination module returns the form corresponding to the first authentication sc
 		<td class="col0"> <em><code>[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP] or [LDAP]</code></em> </td><td class="col1"> <code>[<abbr title="Security Assertion Markup Language">SAML</abbr>, <abbr title="Security Assertion Markup Language">SAML</abbr> and LDAP] or [LDAP]</code> </td><td class="col2"> Authentication is done by <abbr title="Security Assertion Markup Language">SAML</abbr> or LDAP but user must match an LDAP entry </td>
 	</tr>
 </table></div>
-<!-- EDIT15 TABLE [5349-5681] -->
+<!-- EDIT15 TABLE [5632-5964] -->
 </div>
-<!-- EDIT14 SECTION "Federation protocols" [5050-5682] -->
+<!-- EDIT14 SECTION "Federation protocols" [5333-5965] -->
 <h3 class="sectionedit16" id="authapache_authentication">Auth::Apache authentication</h3>
 <div class="level3">
 
@@ -356,7 +366,7 @@ To bypass this, follow the documentation of <a href="authapache.html" class="wik
 </p>
 
 </div>
-<!-- EDIT16 SECTION "Auth::Apache authentication" [5683-6294] -->
+<!-- EDIT16 SECTION "Auth::Apache authentication" [5966-6577] -->
 <h3 class="sectionedit17" id="ssl_authentication">SSL authentication</h3>
 <div class="level3">
 
@@ -365,6 +375,6 @@ To chain SSL, you have to set “SSLRequire optional” in Apache configuration,
 </p>
 
 </div>
-<!-- EDIT17 SECTION "SSL authentication" [6295-] --></div>
+<!-- EDIT17 SECTION "SSL authentication" [6578-] --></div>
 </body>
 </html>

doc/pages/documentation/current/authopenidconnect.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authopenidconnect</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,authopenidconnect"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authopenidconnect.html"/>
@@ -433,6 +433,8 @@ So you can define for example:
 </li>
 <li class="level2"><div class="li"> <strong>Logo</strong>: Logo of the application</div>
 </li>
+<li class="level2"><div class="li"> <strong>Order</strong>: Number to sort buttons</div>
+</li>
 </ul>
 </li>
 </ul>

doc/pages/documentation/current/authsaml.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authsaml</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,authsaml"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authsaml.html"/>
@@ -311,6 +311,8 @@ Used only if you have more than 1 <abbr title="Security Assertion Markup Languag
 </li>
 <li class="level1"><div class="li"> <strong>Logo</strong>: Logo of the IDP</div>
 </li>
+<li class="level1"><div class="li"> <strong>Order</strong>: Number to sort IDP display</div>
+</li>
 </ul>
 <div class="notetip">The chosen logo must be in Portal icons directory (<code>portal/static/common/icons/</code>). You can set a custom icon by setting the icon file name directly in the field and copy the logo file in portal icons directory
 </div>

doc/pages/documentation/current/browseablesessionbackend.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:browseablesessionbackend</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,browseablesessionbackend"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="browseablesessionbackend.html"/>
@@ -103,8 +103,11 @@ The following table list fields to index depending on the feature you want to in
 	<tr class="row4 roweven">
 		<td class="col0"> Session restrictions </td><td class="col1 centeralign">  _session_kind ipAddr <em>WHATTOTRACE</em>  </td>
 	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0"> Password reset by email </td><td class="col1 centeralign">  user  </td>
+	</tr>
 </table></div>
-<!-- EDIT3 TABLE [871-1162] -->
+<!-- EDIT3 TABLE [871-1199] -->
 <p>
 See Apache::Session::Browseable::* man page to see how use indexes.
 </p>
@@ -113,7 +116,7 @@ See Apache::Session::Browseable::* man page to see how use indexes.
 </div><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
 </div>
 </div>
-<!-- EDIT2 SECTION "Presentation" [43-1685] -->
+<!-- EDIT2 SECTION "Presentation" [43-1722] -->
 <h2 class="sectionedit4" id="browseable_nosql">Browseable NoSQL</h2>
 <div class="level2">
 
@@ -140,15 +143,15 @@ You then just have to add the <code>Index</code> parameter  in <code>General par
 		<td class="col0 centeralign">  <strong>Index</strong>  </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
 	</tr>
 </table></div>
-<!-- EDIT5 TABLE [1973-2130] -->
+<!-- EDIT5 TABLE [2010-2167] -->
 </div>
-<!-- EDIT4 SECTION "Browseable NoSQL" [1686-2131] -->
+<!-- EDIT4 SECTION "Browseable NoSQL" [1723-2168] -->
 <h2 class="sectionedit6" id="browseable_sql">Browseable SQL</h2>
 <div class="level2">
 <div class="noteclassic">This documentation concerns PostgreSQL. Some adaptations are needed with other databases.
 </div>
 </div>
-<!-- EDIT6 SECTION "Browseable SQL" [2132-2263] -->
+<!-- EDIT6 SECTION "Browseable SQL" [2169-2300] -->
 <h3 class="sectionedit7" id="prepare_database">Prepare database</h3>
 <div class="level3">
 
@@ -182,7 +185,7 @@ CREATE INDEX ip1  ON sessions USING BTREE (ipAddr);</pre>
 <div class="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don&#039;t need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
 </div>
 </div>
-<!-- EDIT7 SECTION "Prepare database" [2264-3898] -->
+<!-- EDIT7 SECTION "Prepare database" [2301-3935] -->
 <h3 class="sectionedit8" id="manager">Manager</h3>
 <div class="level3">
 
@@ -211,14 +214,14 @@ Go in the Manager and set the session module (<a href="https://metacpan.org/pod/
 		<td class="col0 centeralign">  <strong>Index</strong>  </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr _session_kind _utime </td>
 	</tr>
 </table></div>
-<!-- EDIT9 TABLE [4221-4566] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
+<!-- EDIT9 TABLE [4258-4603] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
 <p>
 For databases like PostgreSQL, don&#039;t forget to add “Commit” with a value of 1
 </p>
 
 </div>
 </div>
-<!-- EDIT8 SECTION "Manager" [3899-4745] -->
+<!-- EDIT8 SECTION "Manager" [3936-4782] -->
 <h2 class="sectionedit10" id="browseable_ldap">Browseable LDAP</h2>
 <div class="level2">
 
@@ -272,9 +275,9 @@ You need to add the <code>Index</code> field and can also configure the <code>ld
 		<td class="col0 centeralign">  <strong>ldapAttributeIndex</strong>  </td><td class="col1"> Attribute storing index </td><td class="col2"> ou </td>
 	</tr>
 </table></div>
-<!-- EDIT11 TABLE [5097-5831] -->
+<!-- EDIT11 TABLE [5134-5868] -->
 </div>
-<!-- EDIT10 SECTION "Browseable LDAP" [4746-5832] -->
+<!-- EDIT10 SECTION "Browseable LDAP" [4783-5869] -->
 <h2 class="sectionedit12" id="security">Security</h2>
 <div class="level2">
 
@@ -287,7 +290,7 @@ You can also use different user/password for your servers by overriding paramete
 </p>
 
 </div>
-<!-- EDIT12 SECTION "Security" [5833-6052] -->
+<!-- EDIT12 SECTION "Security" [5870-6089] -->
 <h2 class="sectionedit13" id="performances">Performances</h2>
 <div class="level2">
 
@@ -329,6 +332,6 @@ CREATE INDEX _u1 ON sessions (_utime);
 CREATE INDEX ip1 ON sessions (ipAddr) USING BTREE;</pre>
 
 </div>
-<!-- EDIT13 SECTION "Performances" [6053-] --></div>
+<!-- EDIT13 SECTION "Performances" [6090-] --></div>
 </body>
 </html>

doc/pages/documentation/current/contribute.html

@@ -58,7 +58,7 @@
 <li class="level3"><div class="li"><a href="#configure_git">Configure Git</a></div></li>
 </ul>
 </li>
-<li class="level2"><div class="li"><a href="#import_project">Import Project</a></div></li>
+<li class="level2"><div class="li"><a href="#import_project_and_using_git">Import Project and using Git</a></div></li>
 </ul>
 </li>
 <li class="level1"><div class="li"><a href="#install_dependencies">Install dependencies</a></div></li>
@@ -140,7 +140,7 @@ git config --list</pre>
 
 </div>
 <!-- EDIT3 SECTION "Install basic tools" [448-1151] -->
-<h3 class="sectionedit4" id="import_project">Import Project</h3>
+<h3 class="sectionedit4" id="import_project_and_using_git">Import Project and using Git</h3>
 <div class="level3">
 
 <p>
@@ -157,6 +157,15 @@ git fetch upstream  # import branch
 git checkout v2.0 # to change branch
 git fetch upstream</pre>
 
+<p>
+<em>import version branch</em>
+<em>on linux station :</em>
+</p>
+<pre class="code">git checkout v2.0
+git fetch upstream --all
+git rebase upstream/v2.0 # to align to parent project remote branch
+git push # to push to working remote branch</pre>
+
 <p>
 <em>on gitlab, create working branch, one per thematic</em>
 <em>on linux station :</em>
@@ -164,9 +173,9 @@ git fetch upstream</pre>
 <pre class="code">git checkout workingbranch
 git log
 git status
-git merge upstream/v2.0  # merge branch 2.0 in working branch
 git commit -am &quot;explanations (#number gitlab ticket)&quot;
 git commit --amend file(s) # to modify a commit
+git rebase v2.0 # align local working branch to local 2.0
 git checkout -- file(s) # revert
 git push # to send on remote working branch</pre>
 
@@ -175,7 +184,7 @@ On gitlab, submit merge request when tests are corrects.
 </p>
 
 </div>
-<!-- EDIT4 SECTION "Import Project" [1152-1997] -->
+<!-- EDIT4 SECTION "Import Project and using Git" [1152-2220] -->
 <h2 class="sectionedit5" id="install_dependencies">Install dependencies</h2>
 <div class="level2">
 <pre class="code">aptitude install libapache-session-perl libcache-cache-perl libclone-perl libconfig-inifiles-perl libconvert-pem-perl libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl libcrypt-openssl-x509-perl libcrypt-rijndael-perl libdbi-perl libdigest-hmac-perl libemail-sender-perl libgd-securityimage-perl libhtml-template-perl libio-string-perl libjson-perl libmime-tools-perl libmouse-perl libnet-ldap-perl libplack-perl libregexp-assemble-perl libregexp-common-perl libsoap-lite-perl libstring-random-perl libunicode-string-perl liburi-perl libwww-perl libxml-simple-perl libxml-libxslt-perl libcrypt-urandom-perl libconvert-base32-perl
@@ -183,8 +192,13 @@ aptitude install apache2 libapache2-mod-fcgid libapache2-mod-perl2  # install Ap
 aptitude install nginx nginx-extras  # install Nginx
 aptitude install perltidy</pre>
 
+<p>
+   <abbr title="Security Assertion Markup Language">SAML</abbr> :
+</p>
+<pre class="code">aptitude install liblasso-perl libglib-perl </pre>
+
 </div>
-<!-- EDIT5 SECTION "Install dependencies" [1998-2840] -->
+<!-- EDIT5 SECTION "Install dependencies" [2221-3121] -->
 <h2 class="sectionedit6" id="working_project">Working Project</h2>
 <div class="level2">
 <pre class="code">make test # or manager_test, portal_test, ... to launch unit tests
@@ -200,6 +214,6 @@ make tidy # to magnify perl files (perl best pratices)
 cd lemonldap-ng-portal &amp;&amp; prove t/XXXX # To launch specific unit test</pre>
 
 </div>
-<!-- EDIT6 SECTION "Working Project" [2841-] --></div>
+<!-- EDIT6 SECTION "Working Project" [3122-] --></div>
 </body>
 </html>

doc/pages/documentation/current/dos

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/dos?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/dos?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1554841530" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1554967384" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/exploit

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/exploit?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/exploit?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1554841530" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1554967384" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/mitm

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/mitm?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/mitm?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1554841530" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1554967384" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/performances.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:performances</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,performances"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="performances.html"/>
@@ -367,7 +367,7 @@ Analysis:
 <div class="level3">
 
 <p>
-LDAP server can be a brake when you use LDAP groups recovery. You can avoid this by setting “memberOf” fields in your LDAP scheme:
+LDAP server can slow you down when you use LDAP groups retrieval. You can avoid this by setting “memberOf” fields in your LDAP scheme:
 </p>
 <pre class="code ldif"><span class="re0">dn</span>:<span class="re1"> uid=foo,dmdName=people,dc=example,dc=com</span>
 ...
@@ -375,7 +375,7 @@ LDAP server can be a brake when you use LDAP groups recovery. You can avoid this
 <span class="re0">memberOf</span>:<span class="re1"> cn=su,dmdName=groups,dc=example,dc=com</span></pre>
 
 <p>
-So instead of using LDAP groups recovery, you just have to store “memberOf” field in your exported variables. With OpenLDAP, you can use the <a href="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" class="urlextern" title="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance"  rel="nofollow">memberof overlay</a> to do it automatically.
+So instead of using LDAP groups retrieval, you just have to store “memberOf” field in your exported variables. With OpenLDAP, you can use the <a href="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" class="urlextern" title="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance"  rel="nofollow">memberof overlay</a> to do it automatically.
 </p>
 <div class="noteimportant">Don&#039;t forget to create an index on the field used to find users (uid by default)
 </div><div class="notetip">To avoid having group dn stored in sessions datas, you can use a macro to rewrite memberOf:<ul>
@@ -399,12 +399,12 @@ Now ldapgroups contains “admin su”
 
 </div>
 </div>
-<!-- EDIT10 SECTION "LDAP performances" [10322-11451] -->
+<!-- EDIT10 SECTION "LDAP performances" [10322-11456] -->
 <h2 class="sectionedit11" id="manager_performances">Manager performances</h2>
 <div class="level2">
 
 </div>
-<!-- EDIT11 SECTION "Manager performances" [11452-11485] -->
+<!-- EDIT11 SECTION "Manager performances" [11457-11490] -->
 <h3 class="sectionedit12" id="disable_unused_modules">Disable unused modules</h3>
 <div class="level3">
 
@@ -415,7 +415,7 @@ In lemonldap-ng.ini, set only modules that you will use. By default, configurati
 <span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions</span></pre>
 
 </div>
-<!-- EDIT12 SECTION "Disable unused modules" [11486-11747] -->
+<!-- EDIT12 SECTION "Disable unused modules" [11491-11752] -->
 <h3 class="sectionedit13" id="use_static_html_files">Use static HTML files</h3>
 <div class="level3">
 
@@ -442,6 +442,6 @@ So manager <abbr title="HyperText Markup Language">HTML</abbr> templates will be
 </p>
 
 </div>
-<!-- EDIT13 SECTION "Use static HTML files" [11748-] --></div>
+<!-- EDIT13 SECTION "Use static HTML files" [11753-] --></div>
 </body>
 </html>

doc/pages/documentation/current/portalcustom.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:portalcustom</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,portalcustom"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="portalcustom.html"/>
@@ -214,8 +214,7 @@ Then create symbolic links on template files, as you might not want to rewrite a
 </p>
 <pre class="code">cd /usr/share/lemonldap-ng/portal/templates/
 mkdir myskin
-cd myskin/
+cd myskin/</pre>
-ln -s ../bootstrap/*.tpl .</pre>
 
 <p>
 We include some template files that can be customized:
@@ -234,10 +233,9 @@ We include some template files that can be customized:
 </ul>
 
 <p>
-To use custom files, delete links and copy them into your skin folder:
+To use custom files, copy them into your skin folder:
 </p>
-<pre class="code">rm -f custom*
+<pre class="code">cp ../bootstrap/custom* .</pre>
-cp ../bootstrap/custom* .</pre>
 
 <p>
 Then you can add your media to <code>myskin/images</code>, you will be able to use them in <abbr title="HyperText Markup Language">HTML</abbr> template with this code:
@@ -265,7 +263,7 @@ To configure your new skin in Manager, select the custom skin, and enter your sk
 <pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set portalSkin &#039;myskin&#039; portalSkinBackground &#039;&#039;</pre>
 
 </div>
-<!-- EDIT9 SECTION "Skin customization" [2473-4508] -->
+<!-- EDIT9 SECTION "Skin customization" [2473-4450] -->
 <h3 class="sectionedit10" id="messages">Messages</h3>
 <div class="level3">
 
@@ -316,7 +314,7 @@ You can also create a file called <code>all.json</code> to override messages in
 </p>
 
 </div>
-<!-- EDIT10 SECTION "Messages" [4509-5651] -->
+<!-- EDIT10 SECTION "Messages" [4451-5593] -->
 <h3 class="sectionedit11" id="menu_tabs">Menu tabs</h3>
 <div class="level3">
 
@@ -332,7 +330,7 @@ This will allow one to display the tab directly with this <abbr title="Uniform R
 </p>
 
 </div>
-<!-- EDIT11 SECTION "Menu tabs" [5652-5958] -->
+<!-- EDIT11 SECTION "Menu tabs" [5594-5900] -->
 <h3 class="sectionedit12" id="template_parameters">Template parameters</h3>
 <div class="level3">
 
@@ -360,7 +358,7 @@ You can also display environment variables, with the prefix <code>env_</code>:
 <pre class="code file html4strict">Your IP is <span class="sc2">&lt;TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">&quot;env_REMOTE_ADDR&quot;</span>&gt;</span></pre>
 
 </div>
-<!-- EDIT12 SECTION "Template parameters" [5959-6606] -->
+<!-- EDIT12 SECTION "Template parameters" [5901-6548] -->
 <h2 class="sectionedit13" id="buttons">Buttons</h2>
 <div class="level2">
 
@@ -377,7 +375,7 @@ This node allows one to enable/disable buttons on the login page:
 </ul>
 
 </div>
-<!-- EDIT13 SECTION "Buttons" [6607-7123] -->
+<!-- EDIT13 SECTION "Buttons" [6549-7065] -->
 <h2 class="sectionedit14" id="password_management">Password management</h2>
 <div class="level2">
 <ul>
@@ -390,7 +388,7 @@ This node allows one to enable/disable buttons on the login page:
 </ul>
 
 </div>
-<!-- EDIT14 SECTION "Password management" [7124-7574] -->
+<!-- EDIT14 SECTION "Password management" [7066-7516] -->
 <h2 class="sectionedit15" id="other_parameters">Other parameters</h2>
 <div class="level2">
 <ul>
@@ -409,6 +407,6 @@ This node allows one to enable/disable buttons on the login page:
 </ul>
 
 </div>
-<!-- EDIT15 SECTION "Other parameters" [7575-] --></div>
+<!-- EDIT15 SECTION "Other parameters" [7517-] --></div>
 </body>
 </html>

doc/pages/documentation/current/stayconnected

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=1a962bf9178779ca7104a99550b52c88"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1554841530" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1554967384" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm

@@ -25,10 +25,10 @@ our $doubleHashKeys = 'issuerDBGetParameters';
 our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
 our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
 our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedVars)';
-our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)';
+our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
-our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
+our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
 our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:(?:PostLogoutRedirectUri|ExtraClaim)s|I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
-our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
+our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
 our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
 our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|Https|Port)|(?:exportedHeader|locationRule)s|post)';
 

lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm

@@ -17,7 +17,7 @@ has languages    => ( is => 'rw', isa     => 'Str', default => 'en' );
 has logLevel     => ( is => 'rw', isa     => 'Str', default => 'info' );
 has portal       => ( is => 'rw', isa     => 'Str' );
 has staticPrefix => ( is => 'rw', isa     => 'Str' );
-has templateDir  => ( is => 'rw', isa     => 'Str' );
+has templateDir  => ( is => 'rw', isa     => 'Str|ArrayRef' );
 has links        => ( is => 'rw', isa     => 'ArrayRef' );
 has menuLinks    => ( is => 'rw', isa     => 'ArrayRef' );
 has logger     => ( is => 'rw' );
@@ -250,6 +250,7 @@ sub sendHtml {
         $htpl = HTML::Template->new(
             filehandle             => IO::File->new($template),
             path                   => $self->templateDir,
+            search_path_on_include => 1,
             die_on_bad_params      => 0,
             die_on_missing_include => 1,
             cache                  => 0,

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -721,6 +721,9 @@ sub attributes {
             'default' => 0,
             'type'    => 'bool'
         },
+        'casSrvMetaDataOptionsSortNumber' => {
+            'type' => 'int'
+        },
         'casSrvMetaDataOptionsUrl' => {
             'msgFail' => '__badUrl__',
             'test' =>
@@ -1866,6 +1869,9 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
             'default' => 'openid profile',
             'type'    => 'text'
         },
+        'oidcOPMetaDataOptionsSortNumber' => {
+            'type' => 'int'
+        },
         'oidcOPMetaDataOptionsStoreIDToken' => {
             'default' => 0,
             'type'    => 'bool'
@@ -2796,6 +2802,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             ],
             'type' => 'select'
         },
+        'samlIDPMetaDataOptionsSortNumber' => {
+            'type' => 'int'
+        },
         'samlIDPMetaDataOptionsSSOBinding' => {
             'default' => '',
             'select'  => [ {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -2298,6 +2298,7 @@ sub attributes {
         samlIDPMetaDataOptionsUserAttribute => { type => 'text', },
         samlIDPMetaDataOptionsDisplayName   => { type => 'text', },
         samlIDPMetaDataOptionsIcon          => { type => 'text', },
+        samlIDPMetaDataOptionsSortNumber    => { type => 'int', },
 
         # SP keys
         samlSPMetaDataExportedAttributes => {
@@ -2769,6 +2770,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
             type          => 'text',
             documentation => 'Path of CAS Server Icon',
         },
+        casSrvMetaDataOptionsSortNumber => {
+            type => 'int',
+            documentation => 'Number to sort buttons',
+        },
 
         # Fake attribute: used by manager REST API to agglomerate all nodes
         # related to a CAS IDP partner
@@ -3342,7 +3347,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
         oidcOPMetaDataOptionsDisplayName  => { type => 'text', },
         oidcOPMetaDataOptionsIcon         => { type => 'text', },
         oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
-
+        oidcOPMetaDataOptionsSortNumber   => { type => 'int', },
         oidcRPMetaDataOptionsRule => {
             type          => 'text',
             test          => $perlExpr,

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm

@@ -94,7 +94,8 @@ sub cTrees {
                 form  => 'simpleInputContainer',
                 nodes => [
                     "samlIDPMetaDataOptionsDisplayName",
-                    "samlIDPMetaDataOptionsIcon"
+                    "samlIDPMetaDataOptionsIcon",
+                    "samlIDPMetaDataOptionsSortNumber"
                 ]
             }
         ],
@@ -178,7 +179,8 @@ sub cTrees {
                 form  => 'simpleInputContainer',
                 nodes => [
                     'oidcOPMetaDataOptionsDisplayName',
-                    'oidcOPMetaDataOptionsIcon'
+                    'oidcOPMetaDataOptionsIcon',
+                    'oidcOPMetaDataOptionsSortNumber'
                 ]
             },
         ],
@@ -241,6 +243,7 @@ sub cTrees {
                 nodes => [
                     'casSrvMetaDataOptionsDisplayName',
                     'casSrvMetaDataOptionsIcon',
+                    'casSrvMetaDataOptionsSortNumber',
                 ]
             },
         ],

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm

@@ -59,22 +59,24 @@ sub addRoutes {
             ['GET']
         );
     }
-    unless ( $self->{viewerAllowBrowser} || $conf->{viewerAllowBrowser} ) {
+
+    # Difference between confs
+    if ( $self->{viewerAllowDiff} ) {
+        $self->addRoute(
+            view => { diff => { ':conf1' => { ':conf2' => 'viewDiff' } } } )
+          ->addRoute( 'viewDiff.html', undef, ['GET'] );
+    }
+    unless ( $self->{viewerAllowBrowser} ) {
         $self->addRoute(
             view => { ':cfgNum' => 'rejectKey' },
             ['GET']
         );
     }
 
-    # Difference between confs
-    if ( $self->{viewerAllowDiff} || $conf->{viewerAllowDiff} ) {
-        $self->addRoute(
-            view => { diff => { ':conf1' => { ':conf2' => 'viewDiff' } } } )
-          ->addRoute( 'viewDiff.html', undef, ['GET'] );
-    }
-
     # Other keys
-    $self->addRoute( view => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] );
+    else {
+        $self->addRoute( view => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] );
+    }
 }
 
 sub getConfByNum {

lemonldap-ng-manager/site/htdocs/static/js/conftree.js

@@ -126,6 +126,12 @@ function templates(tpl,key) {
             "get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
             "id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
             "title" : "casSrvMetaDataOptionsIcon"
+         },
+         {
+            "get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
+            "id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
+            "title" : "casSrvMetaDataOptionsSortNumber",
+            "type" : "int"
          }
       ],
       "id" : "casSrvMetaDataOptionsDisplay",
@@ -336,6 +342,12 @@ function templates(tpl,key) {
             "get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
             "id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
             "title" : "oidcOPMetaDataOptionsIcon"
+         },
+         {
+            "get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
+            "id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
+            "title" : "oidcOPMetaDataOptionsSortNumber",
+            "type" : "int"
          }
       ],
       "id" : "oidcOPMetaDataOptionsDisplayParams",
@@ -859,6 +871,12 @@ function templates(tpl,key) {
             "get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
             "id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
             "title" : "samlIDPMetaDataOptionsIcon"
+         },
+         {
+            "get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
+            "id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
+            "title" : "samlIDPMetaDataOptionsSortNumber",
+            "type" : "int"
          }
       ],
       "id" : "samlIDPMetaDataOptionsDisplay",

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -128,6 +128,7 @@
 "casSrvMetaDataOptionsDisplayName":"الاسم المطلوب عرضه",
 "casSrvMetaDataOptionsGateway":"بوابة إثبات الهوية",
 "casSrvMetaDataOptionsIcon":"مسارالأيقونة",
+"casSrvMetaDataOptionsSortNumber":"Order",
 "casSrvMetaDataOptionsRenew":"تجديد إثبات الهوية",
 "casSrvMetaDataOptionsProxiedServices":"خدمات البروكسي",
 "casSrvMetaDataOptionsUrl":" يو أر ل الخادم",
@@ -499,6 +500,7 @@
 "oidcOPMetaDataOptionsDisplayName":"عرض الاسم",
 "oidcOPMetaDataOptionsDisplayParams":"عرض",
 "oidcOPMetaDataOptionsIcon":"شعار",
+"oidcOPMetaDataOptionsSortNumber":"Order",
 "oidcOPMetaDataOptionsJWKSTimeout":"مهلة بيانات JWKS",
 "oidcRPMetaDataOptionsLogoutSessionRequired":"جلسة مطلوب",
 "oidcRPMetaDataOptionsLogoutType":"نوع",
@@ -894,6 +896,7 @@
 "samlIDPMetaDataOptionsDisplayParams":"عرض",
 "samlIDPMetaDataOptionsIcon":"Logo",
 "samlIDPMetaDataOptionsSecurity":"الحماية",
+"samlIDPMetaDataOptionsSortNumber":"Order",
 "samlIDPMetaDataOptionsStoreSAMLToken":"حفظ SAML توكن",
 "samlIDPMetaDataOptionsRelayStateURL":"السماح بعنوان اليو آر إل ك RelayState",
 "samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
@@ -983,4 +986,4 @@
 "samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
 "samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/de.json

@@ -128,6 +128,7 @@
 "casSrvMetaDataOptionsDisplayName":"Angezeigter Name",
 "casSrvMetaDataOptionsGateway":"Gateway authentication",
 "casSrvMetaDataOptionsIcon":"Icon path",
+"casSrvMetaDataOptionsSortNumber":"Order",
 "casSrvMetaDataOptionsRenew":"Renew authentication",
 "casSrvMetaDataOptionsProxiedServices":"Proxied services",
 "casSrvMetaDataOptionsUrl":"Server URL",
@@ -499,6 +500,7 @@
 "oidcOPMetaDataOptionsDisplayName":"Display name",
 "oidcOPMetaDataOptionsDisplayParams":"Display",
 "oidcOPMetaDataOptionsIcon":"Logo",
+"oidcOPMetaDataOptionsSortNumber":"Order",
 "oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
 "oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
 "oidcRPMetaDataOptionsLogoutType":"Type",
@@ -894,6 +896,7 @@
 "samlIDPMetaDataOptionsDisplayParams":"Display",
 "samlIDPMetaDataOptionsIcon":"Logo",
 "samlIDPMetaDataOptionsSecurity":"Security",
+"samlIDPMetaDataOptionsSortNumber":"Order",
 "samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
 "samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
 "samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
@@ -983,4 +986,4 @@
 "samlRelayStateTimeout":"RelayState session timeout",
 "samlUseQueryStringSpecific":"Use specific query_string method",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -128,6 +128,7 @@
 "casSrvMetaDataOptionsDisplayName":"Name to display",
 "casSrvMetaDataOptionsGateway":"Gateway authentication",
 "casSrvMetaDataOptionsIcon":"Icon path",
+"casSrvMetaDataOptionsSortNumber":"Order",
 "casSrvMetaDataOptionsRenew":"Renew authentication",
 "casSrvMetaDataOptionsProxiedServices":"Proxied services",
 "casSrvMetaDataOptionsUrl":"Server URL",
@@ -499,6 +500,7 @@
 "oidcOPMetaDataOptionsDisplayName":"Display name",
 "oidcOPMetaDataOptionsDisplayParams":"Display",
 "oidcOPMetaDataOptionsIcon":"Logo",
+"oidcOPMetaDataOptionsSortNumber":"Order",
 "oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
 "oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
 "oidcRPMetaDataOptionsLogoutType":"Type",
@@ -894,6 +896,7 @@
 "samlIDPMetaDataOptionsDisplayParams":"Display",
 "samlIDPMetaDataOptionsIcon":"Logo",
 "samlIDPMetaDataOptionsSecurity":"Security",
+"samlIDPMetaDataOptionsSortNumber":"Order",
 "samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
 "samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
 "samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -128,6 +128,7 @@
 "casSrvMetaDataOptionsDisplayName":"Nom à afficher",
 "casSrvMetaDataOptionsGateway":"Authentification transparente",
 "casSrvMetaDataOptionsIcon":"Chemin de l'icône",
+"casSrvMetaDataOptionsSortNumber":"Ordre",
 "casSrvMetaDataOptionsRenew":"Renouveller l'authentification",
 "casSrvMetaDataOptionsProxiedServices":"Services mandatés",
 "casSrvMetaDataOptionsUrl":"URL du serveur",
@@ -499,6 +500,7 @@
 "oidcOPMetaDataOptionsDisplayName":"Nom d'affichage",
 "oidcOPMetaDataOptionsDisplayParams":"Affichage",
 "oidcOPMetaDataOptionsIcon":"Logo",
+"oidcOPMetaDataOptionsSortNumber":"Ordre",
 "oidcOPMetaDataOptionsJWKSTimeout":"Durée de vie des données JWKS",
 "oidcRPMetaDataOptionsLogoutSessionRequired":"Session requise",
 "oidcRPMetaDataOptionsLogoutType":"Type",
@@ -894,6 +896,7 @@
 "samlIDPMetaDataOptionsDisplayParams":"Affichage",
 "samlIDPMetaDataOptionsIcon":"Logo",
 "samlIDPMetaDataOptionsSecurity":"Sécurité",
+"samlIDPMetaDataOptionsSortNumber":"Ordre",
 "samlIDPMetaDataOptionsStoreSAMLToken":"Conserver le jeton SAML",
 "samlIDPMetaDataOptionsRelayStateURL":"Pemettre une URL dans le RelayState",
 "samlIDPMetaDataOptionsUserAttribute":"Attribut contenant l'identité de l'utilisateur",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -124,10 +124,11 @@
 "casSrv":"Server CAS ",
 "casSrvMetaDataExportedVars":"Attributi esportati",
 "casSrvMetaDataOptions":"Opzioni",
-"casSrvMetaDataOptionsDisplay":"Display",
+"casSrvMetaDataOptionsDisplay":"Visualizza ",
 "casSrvMetaDataOptionsDisplayName":"Nome da visualizzare",
 "casSrvMetaDataOptionsGateway":"Autenticazione gateway",
 "casSrvMetaDataOptionsIcon":"Path icona",
+"casSrvMetaDataOptionsSortNumber":"Ordine",
 "casSrvMetaDataOptionsRenew":"Rinnova l'autenticazione",
 "casSrvMetaDataOptionsProxiedServices":"Servizi Proxied",
 "casSrvMetaDataOptionsUrl":"URL del server",
@@ -151,12 +152,12 @@
 "clickHereToForce":"Clicca qui per forzare",
 "checkState":"Attivazione",
 "checkStateSecret":"Segreto condiviso",
-"checkUsers":"SSO profile Check",
+"checkUsers":"Controllo del profilo SSO",
-"checkUser":"Activation",
+"checkUser":"Attivazione",
-"checkUserIdRule":"Identities use rule",
+"checkUserIdRule":"Uso della regola delle identità",
-"checkUserHiddenAttributes":"Hidden attributes",
+"checkUserHiddenAttributes":"Attributi nascosti",
-"checkUserDisplayPersistentInfo":"Display persistent session",
+"checkUserDisplayPersistentInfo":"Mostra sessione persistente",
-"checkUserDisplayEmptyValues":"Display empty values",
+"checkUserDisplayEmptyValues":"Mostra valori vuoti",
 "choiceParams":"Scelta parametri",
 "chooseLogo":"Scegli logo",
 "chooseSkin":"Scegli interfaccia",
@@ -243,13 +244,13 @@
 "enabled":"Abilitato",
 "enterPassword":"Inserisci password (opzionale)",
 "error":"Errore",
-"errors":"ERRORS",
+"errors":"ERRORI",
 "exportedAttr":"Attributi di SOAP/REST esportati",
 "exportedHeaders":"Intestazioni esportate",
 "exportedVars":"Variabili esportate",
 "external2f":"2° fattore esterno",
 "ext2fActivation":"Attivazione",
-"ext2fCodeActivation":"Code regex",
+"ext2fCodeActivation":"Codice regex",
 "ext2fAuthnLevel":"Livello di autenticazione",
 "ext2fLogo":"Logo",
 "ext2FSendCommand":"Invia comando",
@@ -273,8 +274,8 @@
 "globalStorage":"Modulo Apache::Session",
 "globalStorageOptions":"Parametri di modulo Apache::Session",
 "gpgAuthnLevel":"Livello di autenticazione",
-"gpgDb":"GPG database",
+"gpgDb":"Database GPG",
-"gpgParams":"GPG parameters",
+"gpgParams":"Parametri GPG",
 "grantSessionRules":"Condizioni di apertura",
 "groups":"Gruppi",
 "hashkey":"Chiave",
@@ -288,13 +289,13 @@
 "hideTree":"Nascondi l'albero",
 "httpOnly":"Protezione Javascript",
 "https":"HTTPS",
-"impersonation":"Impersonation",
+"impersonation":"Imitazione",
-"impersonationRule":"Use rule",
+"impersonationRule":"Usa la regola",
-"impersonationIdRule":"Identities use rule",
+"impersonationIdRule":"Le identità usano la regola",
-"impersonationHiddenAttributes":"Hidden attributes",
+"impersonationHiddenAttributes":"Attributi nascosti",
-"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
+"impersonationMergeSSOgroups":"Unisci gruppi SSO falsificati e reali",
-"impersonationPrefix":"Real attributes prefix",
+"impersonationPrefix":"Prefisso degli attributi reali",
-"impersonationSkipEmptyValues":"Skip empty values",
+"impersonationSkipEmptyValues":"Salta valori vuoti",
 "incompleteForm":"Mancano campi obbligatori",
 "index":"Indice",
 "infoFormMethod":"Metodo per il modulo informazioni",
@@ -355,7 +356,7 @@
 "ldapGroupAttributeNameSearch":"Attributi ricercati",
 "ldapGroupAttributeNameUser":"Attributo origine utente",
 "ldapGroupBase":"Base di ricerca",
-"ldapGroupDecodeSearchedValue":"Decode searched value",
+"ldapGroupDecodeSearchedValue":"Decodifica il valore cercato",
 "ldapGroupObjectClass":"Classe oggetto",
 "ldapGroupRecursive":"Ricorsivo",
 "ldapGroups":"Gruppi",
@@ -395,12 +396,12 @@
 "lwpOpts":"Opzioni per le richieste del server",
 "lwpSslOpts":"Opzioni SSL per le richieste del server",
 "macros":"Macro",
-"mail2f":"Mail second factor",
+"mail2f":"Mail secondo fattore",
-"mail2fActivation":"Activation",
+"mail2fActivation":"Attivazione",
-"mail2fCodeRegex":"Code regex",
+"mail2fCodeRegex":"Codice regex",
-"mail2fTimeout":"Code timeout",
+"mail2fTimeout":"Codice timeout",
-"mail2fSubject":"Mail subject",
+"mail2fSubject":"Oggetto della mail",
-"mail2fBody":"Mail body",
+"mail2fBody":"Corpo del messaggio",
 "mail2fAuthnLevel":"Livello di autenticazione",
 "mail2fLogo":"Logo",
 "mailBody":"Successo contenuto di posta",
@@ -499,6 +500,7 @@
 "oidcOPMetaDataOptionsDisplayName":"Visualizza nome",
 "oidcOPMetaDataOptionsDisplayParams":"Visualizza",
 "oidcOPMetaDataOptionsIcon":"Logo",
+"oidcOPMetaDataOptionsSortNumber":"Ordine",
 "oidcOPMetaDataOptionsJWKSTimeout":"Timeout dei dati di JWKS",
 "oidcRPMetaDataOptionsLogoutSessionRequired":"Sessione necessaria",
 "oidcRPMetaDataOptionsLogoutType":"Tipo",
@@ -649,7 +651,7 @@
 "radiusSecret":"Segreto condiviso",
 "radiusServer":"Nome host del server",
 "randomPasswordRegexp":"Regex per la generazione di password",
-"readOnlyMode":"Read-Only mode",
+"readOnlyMode":"Modalità di sola lettura",
 "redirectFormMethod":"Metodo per il modulo di reindirizzamento",
 "redirection":"Redirezioni del gestore",
 "reference":"Riferimento",
@@ -889,11 +891,12 @@
 "samlIDPMetaDataOptionsSession":"Sessioni",
 "samlIDPMetaDataOptionsSignature":"Firma",
 "samlIDPMetaDataOptionsBinding":"Vincolante",
-"samlIDPMetaDataOptionsDisplay":"Display",
+"samlIDPMetaDataOptionsDisplay":" Visualizza  ",
-"samlIDPMetaDataOptionsDisplayName":"Display name",
+"samlIDPMetaDataOptionsDisplayName":"Nome da visualizzare",
-"samlIDPMetaDataOptionsDisplayParams":"Display",
+"samlIDPMetaDataOptionsDisplayParams":" Visualizza ",
 "samlIDPMetaDataOptionsIcon":"Logo",
 "samlIDPMetaDataOptionsSecurity":"Sicurezza",
+"samlIDPMetaDataOptionsSortNumber":"Ordine",
 "samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
 "samlIDPMetaDataOptionsRelayStateURL":"Consenti l'URL come RelayState",
 "samlIDPMetaDataOptionsUserAttribute":"Attributo che contiene l'identificatore dell'utente",
@@ -982,5 +985,5 @@
 "samlCommonDomainCookieWriter":"URL dell'autore",
 "samlRelayStateTimeout":"Timeout di sessione di RelayState",
 "samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
-"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
+"samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -128,6 +128,7 @@
 "casSrvMetaDataOptionsDisplayName":"Tên để hiển thị",
 "casSrvMetaDataOptionsGateway":"Xác thực Gateway",
 "casSrvMetaDataOptionsIcon":"Đường dẫn Icon",
+"casSrvMetaDataOptionsSortNumber":"Order",
 "casSrvMetaDataOptionsRenew":"Gia hạn chứng thực",
 "casSrvMetaDataOptionsProxiedServices":"Dịch vụ proxy",
 "casSrvMetaDataOptionsUrl":"URL máy chủ",
@@ -499,6 +500,7 @@
 "oidcOPMetaDataOptionsDisplayName":"Tên hiển thị",
 "oidcOPMetaDataOptionsDisplayParams":"Hiển thị",
 "oidcOPMetaDataOptionsIcon":"Logo",
+"oidcOPMetaDataOptionsSortNumber":"Order",
 "oidcOPMetaDataOptionsJWKSTimeout":"Thời gian chờ của dữ liệu JWKS",
 "oidcRPMetaDataOptionsLogoutSessionRequired":"Phiên yêu cầu",
 "oidcRPMetaDataOptionsLogoutType":"Loại",
@@ -894,6 +896,7 @@
 "samlIDPMetaDataOptionsDisplayParams":"Display",
 "samlIDPMetaDataOptionsIcon":"Logo",
 "samlIDPMetaDataOptionsSecurity":"Bảo mật",
+"samlIDPMetaDataOptionsSortNumber":"Order",
 "samlIDPMetaDataOptionsStoreSAMLToken":"Lưu trữ token SAML",
 "samlIDPMetaDataOptionsRelayStateURL":"Cho phép URL như RelayState",
 "samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
@@ -983,4 +986,4 @@
 "samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
 "samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -128,6 +128,7 @@
 "casSrvMetaDataOptionsDisplayName":"显示名称",
 "casSrvMetaDataOptionsGateway":"网关认证",
 "casSrvMetaDataOptionsIcon":"图标路径",
+"casSrvMetaDataOptionsSortNumber":"Order",
 "casSrvMetaDataOptionsRenew":"Renew authentication",
 "casSrvMetaDataOptionsProxiedServices":"代理服务",
 "casSrvMetaDataOptionsUrl":"服务器 URL",
@@ -499,6 +500,7 @@
 "oidcOPMetaDataOptionsDisplayName":"Display name",
 "oidcOPMetaDataOptionsDisplayParams":"Display",
 "oidcOPMetaDataOptionsIcon":"Logo",
+"oidcOPMetaDataOptionsSortNumber":"Order",
 "oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
 "oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
 "oidcRPMetaDataOptionsLogoutType":"Type",
@@ -894,6 +896,7 @@
 "samlIDPMetaDataOptionsDisplayParams":"Display",
 "samlIDPMetaDataOptionsIcon":"Logo",
 "samlIDPMetaDataOptionsSecurity":"Security",
+"samlIDPMetaDataOptionsSortNumber":"Order",
 "samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
 "samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
 "samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
@@ -983,4 +986,4 @@
 "samlRelayStateTimeout":"RelayState session timeout",
 "samlUseQueryStringSpecific":"Use specific query_string method",
 "samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
-}
+}

lemonldap-ng-manager/site/templates/viewDiff.tpl

@@ -112,7 +112,7 @@
 
   <!-- //if:jsminified
     <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/conftree.min.js"></script>
-    <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/veiwDiff.min.js"></script>
+    <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/viewDiff.min.js"></script>
   //else -->
     <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/conftree.js"></script>
     <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/viewDiff.js"></script>

lemonldap-ng-manager/t/70-viewer.t

@@ -8,6 +8,7 @@ use JSON qw(from_json);
 require 't/test-lib.pm';
 
 my $struct = 't/jsonfiles/70-diff.json';
+
 sub body {
     return IO::File->new( $struct, 'r' );
 }
@@ -19,9 +20,11 @@ count(1);
 
 # Test that hidden key values are NOT sent
 $res = &client->jsonResponse('/view/1/portalDisplayLogout');
-ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
+ok( $res->{value} eq '_Hidden_', 'Key is hidden' )
+  or explain( $res, 'value => "_Hidden_"' );
 $res = &client->jsonResponse('/view/1/samlIDPMetaDataNodes');
-ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
+ok( $res->{value} eq '_Hidden_', 'Key is hidden' )
+  or explain( $res, 'value => "_Hidden_"' );
 count(2);
 
 # Try to display latest conf
@@ -29,12 +32,17 @@ $res = &client->jsonResponse('/view/latest');
 ok( $res->{cfgNum} eq '1', 'Browser is allowed' );
 count(1);
 
-ok( $res = &client->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
+ok(
-    "Request succeed" );
+    $res = &client->_post(
+        '/confs/', 'cfgNum=1&force=1', &body, 'application/json'
+    ),
+    "Request succeed"
+);
 ok( $res->[0] == 200, "Result code is 200" );
 my $resBody;
 ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
 count(3);
+
 foreach my $i ( 0 .. 1 ) {
     ok(
         $resBody->{details}->{__changes__}->[$i]->{key} =~
@@ -46,10 +54,11 @@ count(2);
 
 # Try to compare confs 1 & 2
 $res = &client->jsonResponse('/view/diff/1/2');
+
 # ok( $res->[1]->{captcha_login_enabled} eq '1', 'Key found' );
 ok( $res->[1]->{captcha_mail_enabled} eq '0', 'Key found' );
-ok( 6 == keys %{ $res->[1] }, 'Right number of keys found')
+ok( 6 == keys %{ $res->[1] },                 'Right number of keys found' )
-or print STDERR Dumper($res);
+  or print STDERR Dumper($res);
 count(2);
 
 # Remove new conf

lemonldap-ng-manager/t/71-viewer-with-no-diff.t

@@ -21,13 +21,10 @@ ok(
     'Client object'
 );
 
-# Try to display latest conf
+
-my $res = $client2->jsonResponse('/view/1');
-ok( $res->{value} eq '_Hidden_', 'Browser is NOT allowed' );
-count(2);
 
 # Try to compare confs 1 & 2
-ok( $res = $client2->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
+ok( my $res = $client2->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
     "Request succeed" );
 ok( $res->[0] == 200, "Result code is 200" );
 my $resBody;
@@ -45,6 +42,11 @@ $res = $client2->jsonResponse('/view/diff/1/2');
 ok( $res->{value} eq '_Hidden_', 'Diff is NOT allowed' );
 count(1);
 
+# Try to display latest conf
+$res = $client2->jsonResponse('/view/2');
+ok( $res->{value} eq '_Hidden_', 'Browser is NOT allowed' );
+count(2);
+
 # Remove new conf
 `rm -rf t/conf/lmConf-2.json`;
 

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm

@@ -128,7 +128,7 @@ sub run {
             $self->p->updatePersistentSession( $req,
                 { _2fDevices => to_json($_2fDevices) } );
             $self->userLogger->notice(
-                "Yubikey registration of $keyName succeeds for $user");
+                "Yubikey registration of $UBKName succeeds for $user");
 
             return $self->p->sendHtml(
                 $req, 'error',

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm

@@ -40,10 +40,16 @@ sub init {
     $portalPath =~ s#^https?://[^/]+/?#/#;
 
     foreach (@tab) {
-        my $name = $self->conf->{casSrvMetaDataOptions}->{$_}
+        my $name = $_;
+        $name =
+          $self->conf->{casSrvMetaDataOptions}->{$_}
+          ->{casSrvMetaDataOptionsDisplayName}
+          if $self->conf->{casSrvMetaDataOptions}->{$_}
           ->{casSrvMetaDataOptionsDisplayName};
         my $icon = $self->conf->{casSrvMetaDataOptions}->{$_}
           ->{casSrvMetaDataOptionsIcon};
+        my $order = $self->conf->{casSrvMetaDataOptions}->{$_}
+          ->{casSrvMetaDataOptionsSortNumber} // 0;
         my $img_src;
 
         if ($icon) {
@@ -52,15 +58,21 @@ sub init {
               ? $icon
               : $portalPath . $self->p->staticPrefix . "/common/" . $icon;
         }
-
         push @list,
           {
             val   => $_,
             name  => $name,
             icon  => $img_src,
+            order => $order,
             class => "openidconnect",
           };
     }
+    @list =
+      sort {
+             $a->{order} <=> $b->{order}
+          or $a->{name} cmp $b->{name}
+          or $a->{val} cmp $b->{val}
+      } @list;
     $self->srvList( \@list );
     return 1;
 }

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm

@@ -16,7 +16,7 @@ extends 'Lemonldap::NG::Portal::Main::Auth',
 
 # INTERFACE
 
-has opList   => ( is => 'rw', default => sub { [] } );
+has opList => ( is => 'rw', default => sub { [] } );
 has opNumber => ( is => 'rw', default => 0 );
 has path     => ( is => 'rw', default => 'oauth2' );
 
@@ -41,10 +41,16 @@ sub init {
     #$portalPath =~ s#^https?://[^/]+/?#/#;
 
     foreach (@tab) {
-        my $name = $self->conf->{oidcOPMetaDataOptions}->{$_}
+        my $name = $_;
+        $name =
+          $self->conf->{oidcOPMetaDataOptions}->{$_}
+          ->{oidcOPMetaDataOptionsDisplayName}
+          if $self->conf->{oidcOPMetaDataOptions}->{$_}
           ->{oidcOPMetaDataOptionsDisplayName};
         my $icon = $self->conf->{oidcOPMetaDataOptions}->{$_}
           ->{oidcOPMetaDataOptionsIcon};
+        my $order = $self->conf->{oidcOPMetaDataOptions}->{$_}
+          ->{oidcOPMetaDataOptionsSortNumber} // 0;
         my $img_src;
 
         if ($icon) {
@@ -60,6 +66,7 @@ sub init {
             name  => $name,
             icon  => $img_src,
             class => "openidconnect",
+            order => $order
           };
     }
     $self->addRouteFromConf(
@@ -72,6 +79,12 @@ sub init {
         oidcServiceMetaDataFrontChannelURI => 'frontLogout',
         oidcServiceMetaDataBackChannelURI  => 'backLogout',
     );
+    @list =
+      sort {
+             $a->{order} <=> $b->{order}
+          or $a->{name} cmp $b->{name}
+          or $a->{val} cmp $b->{val}
+      } @list;
     $self->opList( [@list] );
     return 1;
 }

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm

@@ -893,13 +893,11 @@ sub extractFormInfo {
         $self->logger->debug(
             "Will try to use SAML Discovery Protocol for IDP resolution");
 
-        if ($req->urldc) {
+        if ( $req->urldc ) {
-            $req->pdata->{_url} = encode_base64($req->urldc, '');
+            $req->pdata->{_url} = encode_base64( $req->urldc, '' );
         }
-
         my $disco_url = $self->conf->{samlDiscoveryProtocolURL};
-
+        my $portal    = $self->conf->{portal};
-        my $portal = $self->conf->{portal};
         $disco_url .= ( $disco_url =~ /\?/ ? '&' : '?' )
           . build_urlencoded(
             entityID      => $self->getMetaDataURL( 'samlEntityID', 0, 1 ),
@@ -947,6 +945,7 @@ sub extractFormInfo {
             $idpName = $self->{idpList}->{$_}->{displayName}
               if $self->{idpList}->{$_}->{displayName};
             my $icon    = $self->{idpList}->{$_}->{icon};
+            my $order   = $self->{idpList}->{$_}->{order} // 0;
             my $img_src = '';
 
             if ($icon) {
@@ -957,14 +956,22 @@ sub extractFormInfo {
             }
             $self->logger->debug( "IDP "
                   . $self->{idpList}->{$_}->{name}
-                  . " -> DisplayName : $idpName with Icon : $img_src" );
+                  . " -> DisplayName : $idpName with Icon : $img_src at order : $order"
+            );
             push @list,
               {
-                val  => $_,
+                val   => $_,
-                name => $idpName,
+                name  => $idpName,
-                icon => $img_src,
+                icon  => $img_src,
+                order => $order,
               };
         }
+        @list =
+          sort {
+                 $a->{order} <=> $b->{order}
+              or $a->{name} cmp $b->{name}
+              or $a->{val} cmp $b->{val}
+          } @list;
         $req->data->{list}            = \@list;
         $req->data->{confirmRemember} = 1;
 

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm

@@ -186,7 +186,7 @@ sub loadService {
 
     # Create Lasso server with service metadata
     my $server = $self->createServer(
-        $service_metadata->serviceToXML( $self->conf, ''),
+        $service_metadata->serviceToXML( $self->conf, '' ),
         $self->conf->{samlServicePrivateKeySig},
         $self->conf->{samlServicePrivateKeySigPwd},
 
@@ -295,6 +295,9 @@ sub loadIDPs {
         $self->idpList->{$entityID}->{icon} =
           $self->conf->{samlIDPMetaDataOptions}->{$_}
           ->{samlIDPMetaDataOptionsIcon};
+        $self->idpList->{$entityID}->{order} =
+          $self->conf->{samlIDPMetaDataOptions}->{$_}
+          ->{samlIDPMetaDataOptionsSortNumber};
 
         # Set rule
         my $cond = $self->conf->{samlIDPMetaDataOptions}->{$_}

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm

@@ -184,8 +184,10 @@ sub send_mail {
             foreach ( keys %cid ) {
                 $message->attach(
                     Type => "image/" . ( $cid{$_} =~ m/\.(\w+)/ )[0],
-                    Id   => $_,
+                    Id => $_,
-                    Path => $self->p->{templateDir} . "/" . $cid{$_},
+                    Path => $self->conf->{templateDir} . "/"
+                      . $self->conf->{portalSkin} . "/"
+                      . $cid{$_},
                 );
             }
         }

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm

@@ -194,6 +194,8 @@ sub reloadConf {
         $self->error("Template dir $self->{templateDir} doesn't exist");
         return $self->fail;
     }
+    $self->templateDir(
+        [ $self->{templateDir}, $self->conf->{templateDir} . '/bootstrap' ] );
 
     $self->{staticPrefix} = $self->conf->{staticPrefix} || '/static';
     $self->{languages}    = $self->conf->{languages}    || '/';

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm

@@ -743,6 +743,7 @@ sub sendHtml {
     my ( $self, $req, $template, %args ) = @_;
 
     my $templateDir = $self->conf->{templateDir} . '/' . $self->getSkin($req);
+    $self->templateDir( [ $templateDir, @{ $self->templateDir } ] );
 
     # Check template
     $args{templateDir} = $templateDir;
@@ -878,6 +879,7 @@ sub lmError {
         LOGOUT_URL => $self->conf->{portal} . "?logout=1",
         URL        => $req->{urldc},
     );
+    $req->pdata( {} );
 
     # Error code
     $templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 )
@@ -889,8 +891,8 @@ sub rebuildCookies {
     my ( $self, $req ) = @_;
     my @tmp;
     for ( my $i = 0 ; $i < @{ $req->{respHeaders} } ; $i += 2 ) {
-        push @tmp, $req->respHeaders->[0], $req->respHeaders->[1]
+        push @tmp, $req->respHeaders->[$i], $req->respHeaders->[ $i + 1 ]
-          unless ( $req->respHeaders->[0] eq 'Set-Cookie' );
+          unless ( $req->respHeaders->[$i] eq 'Set-Cookie' );
     }
     $req->{respHeaders} = \@tmp;
     $self->buildCookie($req);
@@ -1003,17 +1005,14 @@ sub _sumUpSession {
 sub loadTemplate {
     my ( $self, $name, %prm ) = @_;
     $name .= '.tpl';
-    my $file =
-        $self->conf->{templateDir} . '/'
-      . $self->conf->{portalSkin} . '/'
-      . $name;
-    $file = $self->conf->{templateDir} . '/common/' . $name
-      unless ( -e $file );
-    unless ( -e $file ) {
-        die "Unable to find $name in $self->conf->{templateDir}";
-    }
     my $tpl = HTML::Template->new(
-        filename               => $file,
+        filename => $name,
+        path     => [
+            $self->conf->{templateDir} . '/' . $self->conf->{portalSkin},
+            $self->conf->{templateDir} . '/bootstrap/',
+            $self->conf->{templateDir} . '/common/'
+        ],
+        search_path_on_include => 1,
         die_on_bad_params      => 0,
         die_on_missing_include => 1,
         cache                  => 1,

lemonldap-ng-portal/site/htdocs/static/languages/ar.json

@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Access not granted on SAML service",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Access not granted on OIDC service",
-"PE91":"Access non granted on OID service",
+"PE91":"Access not granted on OID service",
-"PE92":"Access non granted on GET service",
+"PE92":"Access not granted on GET service",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"قبول",
 "accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
@@ -259,4 +259,4 @@
 "yourPhone":"رقم هاتفك",
 "yourProfile":"ملفك الشخصي",
 "yourTotpKey":"Your TOTP key"
-}
+}

lemonldap-ng-portal/site/htdocs/static/languages/de.json

@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Zugang zum SAML-Service nicht genehmigt",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Zugang zum OIDC-Service nicht genehmigt",
-"PE91":"Access non granted on OID service",
+"PE91":"Zugang zum OID-Service nicht genehmigt",
-"PE92":"Access non granted on GET service",
+"PE92":"Zugang zum GET-Service nicht genehmigt",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
 "accept":"Akzeptieren",
 "accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
@@ -259,4 +259,4 @@
 "yourPhone":"Ihre Telefonnummer",
 "yourProfile":"Ihr Profil",
 "yourTotpKey":"Your TOTP key"
-}
+}

lemonldap-ng-portal/site/htdocs/static/languages/en.json

@@ -67,7 +67,7 @@
 "PE65":"Federation forbidden by security policy",
 "PE66":"The confirmation mail was already sent",
 "PE67":"Password field must be filled",
-"PE68":"Access non granted on CAS service",
+"PE68":"Access not granted on CAS service",
 "PE69":"Please provide your mail address",
 "PE70":"No matching user",
 "PE71":"Please provide your new password",
@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Access not granted on SAML service",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Access not granted on OIDC service",
-"PE91":"Access non granted on OID service",
+"PE91":"Access not granted on OID service",
-"PE92":"Access non granted on GET service",
+"PE92":"Access not granted on GET service",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",

lemonldap-ng-portal/site/htdocs/static/languages/es.json

@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Acceso no autorizado al servicio SAML",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Acceso no autorizado al servicio OIDC",
-"PE91":"Access non granted on OID service",
+"PE91":"Acceso no autorizado al servicio OID",
-"PE92":"Access non granted on GET service",
+"PE92":"Acceso no autorizado al servicio GET",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",
@@ -259,4 +259,4 @@
 "yourPhone":"Your phone number",
 "yourProfile":"Your profile",
 "yourTotpKey":"Your TOTP key"
-}
+}

lemonldap-ng-portal/site/htdocs/static/languages/it.json

@@ -67,7 +67,7 @@
 "PE65":"Federation forbidden by security policy",
 "PE66":"La mail di conferma è già stata inviata",
 "PE67":"Password mancante",
-"PE68":"Accesso non autorizzato al servizio CAS",
+"PE68":"Acceso no autorizado al servicio CAS",
 "PE69":"Inserisci il tuo indirizzo mail",
 "PE70":"Nessun utente corrispondente",
 "PE71":"Inserisci la nuova password",
@@ -87,24 +87,24 @@
 "PE85":"Il sito remoto richiede una sessione più recente (e il plug-in di UpgradeSession non viene caricato). Disconnetti e riprova",
 "PE86":"Il tuo account è bloccato. Devi attendere 30 secondi prima di autenticarti di nuovo",
 "PE87":"È necessario eseguire nuovamente l'autenticazione per accedere al Portale",
-"PE88":"Your account must have an e-mail address in order to use double factor authentication",
+"PE88":"Il tuo account deve avere un indirizzo e-mail per poter utilizzare l'autenticazione a doppio fattore",
-"PE89":"Access non granted on SAML service",
+"PE89":"Accesso non concesso sul servizio SAML",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Accesso non concesso sul servizio OIDC",
-"PE91":"Access non granted on OID service",
+"PE91":"Accesso non concesso sul servizio OID",
-"PE92":"Access non granted on GET service",
+"PE92":"Accesso non concesso sul servizio GET",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Accesso non concesso sul servizio IMPERSONATION",
 "2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
 "accept":"Accetta",
 "accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
 "accountCreated":"Il tuo account è stato creato, la tua password temporanea è stata inviata all'indirizzo email.",
 "accountCreationSuccess":"Il tuo account è stato creato con successo.",
 "action":"Azione",
-"allowed":"Access ALLOWED",
+"allowed":"Accesso CONSENTITO",
 "anotherInformation":"Un'altra informazione:",
 "areYouSure":"Sei sicuro?",
 "askToRenew":"Questa applicazione richiede un'autenticazione più recente. Vuoi reautenticare?",
 "askToUpgrade":"Questa applicazione richiede un livello di autenticazione superiore. Vuoi reautenticare?",
-"attributes":"ATTRIBUTES",
+"attributes":"ATTRIBUTI",
 "authPortal":"Portale di autenticazione",
 "authRemaining":"Rimangono ancora %s autenticazioni, modifica la password!",
 "autoAccept":"Accetta automaticamente in 30 secondi",
@@ -117,7 +117,7 @@
 "changeKey":"Genera nuova chiave",
 "changePwd":"Cambia la tua password",
 "checkLastLogins":"Controllare i miei ultimi accessi",
-"checkUser":"Check user SSO profile",
+"checkUser":"Controlla il profilo SSO dell'utente",
 "choose2f":"Scegli il tuo secondo fattore",
 "chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso",
 "clickHere":"Per favore clicka qui",
@@ -141,19 +141,19 @@
 "errorMsg":"Messaggio di errore",
 "fillTheForm":"Compila il modulo",
 "firstName":"Nome",
-"forbidden":"Access FORBIDDEN",
+"forbidden":"Accesso VIETATO",
 "forgotPwd":"Password dimenticata?",
 "generatePwd":"Generare automaticamente la password",
 "gotNewMessages":"Hai dei nuovi messaggi",
 "goToPortal":"Vai al portale",
 "gplSoft":"Software libero coperto dalla licenza GPL",
-"groups_sso":"SSO GROUPS",
+"groups_sso":"GRUPPI SSO",
-"headers":"HEADERS",
+"headers":"INTESTAZIONI",
 "id":"Id",
 "imSure":"Sono sicuro",
 "info":"Informazioni",
 "ipAddr":"Indirizzo IP",
-"key":"Key",
+"key":"Chiave",
 "lastFailedLogins":"Ultimi login non riusciti",
 "lastLogins":"Ultimi accessi",
 "lastName":"Cognome",
@@ -212,7 +212,7 @@
 "resetPwd":"Reimpostare la password",
 "rightsReloadNeedsLogout":"Le ricariche dei diritti necessitano di disconnettersi e di riconnettersi",
 "scope":"Ambito",
-"search":"Search",
+"search":"Ricerca",
 "selectIdP":"Seleziona il tuo provider di identità",
 "service":"Servizio",
 "sendPwd":"Inviami il link",
@@ -220,7 +220,7 @@
 "serviceProvidedBy":"Servizio offerto da",
 "sessionsDeleted":"Le sessioni seguenti sono state chiuse",
 "sfaManager":"2ndFA Manager",
-"spoofId":"Spoofed Id",
+"spoofId":"Id falsificato",
 "SSOSessionInactive":"Sessione SSO inattiva",
 "stayConnected":"Resta connesso su questo dispositivo",
 "submit":"Invia",
@@ -238,11 +238,11 @@
 "upgradeSession":"Sessione di aggiornamento",
 "user":"Utente",
 "useYubikey":"Usa la tua Yubikey",
-"value":"Value",
+"value":"Valore",
 "verify":"Verifica",
-"VHnotFound":"Virtual Host not found",
+"VHnotFound":"Host virtuale non trovato",
 "wait":"Attendere",
-"waitingmessage":"Authentication in progress, please wait",
+"waitingmessage":"Autenticazione in corso, attendere prego",
 "warning":"Avvertimento",
 "welcomeOnPortal":"Benvenuto sul tuo portale di autenticazione protetta.",
 "yesResendMail":"Sì, rinvia e-mail",
@@ -259,4 +259,4 @@
 "yourPhone":"Numero di telefono",
 "yourProfile":"Il tuo profilo",
 "yourTotpKey":"La tua chiave TOTP"
-}
+}

lemonldap-ng-portal/site/htdocs/static/languages/nl.json

@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Onbevoegde toegang tot de SAML-service",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Onbevoegde toegang tot de OIDC-service",
-"PE91":"Access non granted on OID service",
+"PE91":"Onbevoegde toegang tot de OID-service",
-"PE92":"Access non granted on GET service",
+"PE92":"Onbevoegde toegang tot de GET-service",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",
@@ -259,4 +259,4 @@
 "yourPhone":"Your phone number",
 "yourProfile":"Your profile",
 "yourTotpKey":"Your TOTP key"
-}
+}

lemonldap-ng-portal/site/htdocs/static/languages/pt.json

@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Acesso não autorizado ao serviço SAML",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Acesso não autorizado ao serviço OIDC",
-"PE91":"Access non granted on OID service",
+"PE91":"Acesso não autorizado ao serviço OID",
-"PE92":"Access non granted on GET service",
+"PE92":"Acesso não autorizado ao serviço GET",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",
@@ -259,4 +259,4 @@
 "yourPhone":"Your phone number",
 "yourProfile":"Your profile",
 "yourTotpKey":"Your TOTP key"
-}
+}

lemonldap-ng-portal/site/htdocs/static/languages/ro.json

@@ -67,7 +67,7 @@
 "PE65":"Federation forbidden by security policy",
 "PE66":"The confirmation mail was already sent",
 "PE67":"Password field must be filled",
-"PE68":"Access non granted on CAS service",
+"PE68":"Access not granted on CAS service",
 "PE69":"Vă rugăm să introduceţi adresa dvs. de e-mail",
 "PE70":"No matching user",
 "PE71":"Please provide your new password",
@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Access not granted on SAML service",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Access not granted on OIDC service",
-"PE91":"Access non granted on OID service",
+"PE91":"Access not granted on OID service",
-"PE92":"Access non granted on GET service",
+"PE92":"Access not granted on GET service",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",
@@ -259,4 +259,4 @@
 "yourPhone":"Your phone number",
 "yourProfile":"Your profile",
 "yourTotpKey":"Your TOTP key"
-}
+}

lemonldap-ng-portal/site/htdocs/static/languages/vi.json

@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Truy cập không được cấp trên dịch vụ SAML",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Truy cập không được cấp trên dịch vụ OIDC",
-"PE91":"Access non granted on OID service",
+"PE91":"Truy cập không được cấp trên dịch vụ OID",
-"PE92":"Access non granted on GET service",
+"PE92":"Truy cập không được cấp trên dịch vụ GET",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Chấp nhận",
 "accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
@@ -259,4 +259,4 @@
 "yourPhone":"Số điện thoại của bạn",
 "yourProfile":"Profile của bạn",
 "yourTotpKey":"Your TOTP key"
-}
+}

lemonldap-ng-portal/site/htdocs/static/languages/zh.json

@@ -67,7 +67,7 @@
 "PE65":"Federation forbidden by security policy",
 "PE66":"确认邮件已经发送",
 "PE67":"密码必须填写",
-"PE68":"Access non granted on CAS service",
+"PE68":"Access not granted on CAS service",
 "PE69":"请提供您的邮箱",
 "PE70":"没有匹配用户",
 "PE71":"请提供您的新密码",
@@ -88,11 +88,11 @@
 "PE86":"Your account is locked. You must wait 30s before authenticate again",
 "PE87":"You must authenticate again to access to Portal",
 "PE88":"Your account must have an e-mail address in order to use double factor authentication",
-"PE89":"Access non granted on SAML service",
+"PE89":"Access not granted on SAML service",
-"PE90":"Access non granted on OIDC service",
+"PE90":"Access not granted on OIDC service",
-"PE91":"Access non granted on OID service",
+"PE91":"Access not granted on OID service",
-"PE92":"Access non granted on GET service",
+"PE92":"Access not granted on GET service",
-"PE93":"Access non granted on IMPERSONATION service",
+"PE93":"Access not granted on IMPERSONATION service",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept 方法",
 "accessDenied":"您无权访问此应用",
@@ -259,4 +259,4 @@
 "yourPhone":"您的电话号码",
 "yourProfile":"您的档案",
 "yourTotpKey":"Your TOTP key"
-}
+}

lemonldap-ng-portal/site/templates/common/mail/ar.json

@@ -15,4 +15,4 @@
 "requestIssuedFromIP":"الطلب قد أرسل من عنوان الآي بي",
 "yourLoginCodeIs":"Your login code is",
 "yourLoginIs":"تسجيل الدخول الخاص بك هو"
-}
+}

lemonldap-ng-portal/site/templates/common/mail/it.json

@@ -4,7 +4,7 @@
 "click2Register":"Clicca qui per confermare la registrazione del tuo account",
 "click2Reset":"Clicca qui per reimpostare la password",
 "hello":"Salve",
-"mail2fSubject":"[LemonLDAP::NG] Your login code",
+"mail2fSubject":"[LemonLDAP :: NG] Il tuo codice di accesso",
 "mailConfirmSubject":"Conferma reimpostazione password [LemonLDAP::NG] ",
 "mailSubject":"[LemonLDAP::NG] La tua nuova password",
 "newPwdIs":"La tua nuova password é",
@@ -13,6 +13,6 @@
 "registerConfirmSubject":"[LemonLDAP :: NG] Conferma registro account",
 "registerDoneSubject":"[LemonLDAP::NG] Il tuo nuovo account",
 "requestIssuedFromIP":"La richiesta è stata emessa da IP",
-"yourLoginCodeIs":"Your login code is",
+"yourLoginCodeIs":"Il tuo codice di accesso è",
 "yourLoginIs":"Il tuo login é"
-}
+}

lemonldap-ng-portal/site/templates/common/mail/vi.json

@@ -15,4 +15,4 @@
 "requestIssuedFromIP":"Yêu cầu được gửi đi từ địa chỉ IP",
 "yourLoginCodeIs":"Your login code is",
 "yourLoginIs":"Đăng nhập của bạn là"
-}
+}

lemonldap-ng-portal/site/templates/common/mail/zh_CN.json

@@ -15,4 +15,4 @@
 "requestIssuedFromIP":"此请求来自IP地址",
 "yourLoginCodeIs":"Your login code is",
 "yourLoginIs":"您登陆的账户是"
-}
+}

lemonldap-ng-portal/t/21-Auth-LDAP-Policy.t

@@ -35,6 +35,8 @@ SKIP: {
       'PE_PP_PASSWORD_EXPIRED', 'PE_PASSWORD_OK', 'PE_PP_ACCOUNT_LOCKED',
       'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_GRACE';
 
+    my ( $user, $code, $postString, $match );
+
     # 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED
     # ------------------------------------------------------------
     foreach my $tpl (
@@ -42,9 +44,9 @@ SKIP: {
         [ 'expire', PE_PP_PASSWORD_EXPIRED ]
       )
     {
-        my $user       = $tpl->[0];
+        $user       = $tpl->[0];
-        my $code       = $tpl->[1];
+        $code       = $tpl->[1];
-        my $postString = "user=$user&password=$user";
+        $postString = "user=$user&password=$user";
 
         # Try to authenticate
         # -------------------
@@ -56,7 +58,7 @@ SKIP: {
             ),
             'Auth query'
         );
-        my $match = 'trmsg="' . $code . '"';
+        $match = 'trmsg="' . $code . '"';
         ok( $res->[2]->[0] =~ /$match/, "Code is $code" );
 
         #open F, '>../e2e-tests/conf/portal/result.html' or die $!;
@@ -93,9 +95,9 @@ SKIP: {
 
     # 2 - TEST PE_PP_GRACE
     # -------------------------
-    my $user       = 'grace';
+    $user       = 'grace';
-    my $code       = "ppGrace";
+    $code       = "ppGrace";
-    my $postString = "user=$user&password=$user";
+    $postString = "user=$user&password=$user";
 
     # Try to authenticate
     # -------------------
@@ -107,14 +109,14 @@ SKIP: {
         ),
         'Auth query'
     );
-    my $match = 'trmsg="' . $code . '"';
+    $match = 'trmsg="' . $code . '"';
     ok( $res->[2]->[0] =~ /$match/, 'Grace remaining' );
 
     # 3 - TEST PE_PP_ACCOUNT_LOCKED
     # -------------------------
-    my $user       = 'lock';
+    $user       = 'lock';
-    my $code       = PE_PP_ACCOUNT_LOCKED;
+    $code       = PE_PP_ACCOUNT_LOCKED;
-    my $postString = "user=$user&password=$user";
+    $postString = "user=$user&password=$user";
 
     # Try to authenticate
     # -------------------
@@ -126,7 +128,7 @@ SKIP: {
         ),
         'Auth query'
     );
-    my $match = 'trmsg="' . $code . '"';
+    $match = 'trmsg="' . $code . '"';
     ok( $res->[2]->[0] =~ /$match/, 'Account is locked' );
 
     # Try to change anyway

lemonldap-ng-portal/t/29-AuthGPG.t

@@ -7,6 +7,7 @@ require 't/test-lib.pm';
 my $mainTests = 5;
 
 SKIP: {
+    skip "Manual skip of GPG test", $mainTests if ($ENV{LLNG_SKIP_GPG_TEST});
     eval "use IPC::Run 'run',";
     skip "Missing dependency", $mainTests if ($@);
     my $gpg = `which gpg`;

lemonldap-ng-portal/t/30-Auth-SAML-with-choice.t

@@ -12,7 +12,7 @@ BEGIN {
     require 't/saml-lib.pm';
 }
 
-my $maintests = 20;
+my $maintests = 24;
 my $debug     = 'error';
 my %handlerOR = ( issuer => [], sp => [] );
 
@@ -64,6 +64,14 @@ SKIP: {
       or explain( $res->[1],
         'Set-Cookie => lemonldapidp=0; domain=.sp.com; path=/; expires=-1d' );
     ( $host, $url, $query ) = expectForm( $res, undef, undef, 'confirm', );
+
+    # IDP must be sorted
+    my @idp = map /val="http:\/\/(.+?)\/saml\/metadata">/g, $res->[2]->[0];
+    ok( $idp[0] eq 'auth.idp2.com', '1st = idp2' ) or print STDERR Dumper( \@idp );
+    ok( $idp[1] eq 'auth.z_idp2.com', '2nd = z_idp2' ) or print STDERR Dumper( \@idp );
+    ok( $idp[2] eq 'auth.idp3.com', '3rd = idp3' ) or print STDERR Dumper( \@idp );
+    ok( $idp[3] eq 'auth.idp.com', '4th= idp' )  or print STDERR Dumper( \@idp );
+
     ok(
         $res->[2]->[0] =~
 m%<img src="http://auth.sp.com/static/common/icons/sfa_manager.png" class="mr-2" alt="IDP2" title="IDP2" />%,
@@ -248,6 +256,16 @@ sub sp {
                         uid  => "1;uid",
                         cn   => "0;cn"
                     },
+                    idp3 => {
+                        mail => "0;mail;;",
+                        uid  => "1;uid",
+                        cn   => "0;cn"
+                    },
+                    z_idp2 => {
+                        mail => "0;mail;;",
+                        uid  => "1;uid",
+                        cn   => "0;cn"
+                    },
                 },
                 samlIDPMetaDataOptions => {
                     idp => {
@@ -259,6 +277,7 @@ sub sp {
                         samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
                         samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
                         samlIDPMetaDataOptionsForceUTF8                => 1,
+                        samlIDPMetaDataOptionsSortNumber               => 2,
                         samlIDPMetaDataOptionsDisplayName =>
                           'idp_Test_DisplayName',
 
@@ -274,6 +293,28 @@ sub sp {
                         samlIDPMetaDataOptionsForceUTF8                => 1,
                         samlIDPMetaDataOptionsIcon => 'icons/sfa_manager.png',
                     },
+                    idp3 => {
+                        samlIDPMetaDataOptionsEncryptionMode => 'none',
+                        samlIDPMetaDataOptionsSSOBinding     => 'post',
+                        samlIDPMetaDataOptionsSLOBinding     => 'post',
+                        samlIDPMetaDataOptionsSignSSOMessage => 1,
+                        samlIDPMetaDataOptionsSignSLOMessage => 1,
+                        samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
+                        samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
+                        samlIDPMetaDataOptionsForceUTF8                => 1,
+                        samlIDPMetaDataOptionsSortNumber               => 1,
+                        samlIDPMetaDataOptionsDisplayName => 'Test_Sort',
+                    },
+                    z_idp2 => {
+                        samlIDPMetaDataOptionsEncryptionMode => 'none',
+                        samlIDPMetaDataOptionsSSOBinding     => 'post',
+                        samlIDPMetaDataOptionsSLOBinding     => 'post',
+                        samlIDPMetaDataOptionsSignSSOMessage => 1,
+                        samlIDPMetaDataOptionsSignSLOMessage => 1,
+                        samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
+                        samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
+                        samlIDPMetaDataOptionsForceUTF8                => 1,
+                    },
                 },
                 samlIDPMetaDataExportedAttributes => {
                     idp => {
@@ -284,6 +325,14 @@ sub sp {
                         "uid" => "0;uid;;",
                         "cn"  => "1;cn;;",
                     },
+                    idp3 => {
+                        "uid" => "0;uid;;",
+                        "cn"  => "1;cn;;",
+                    },
+                    z_idp2 => {
+                        "uid" => "0;uid;;",
+                        "cn"  => "1;cn;;",
+                    },
                 },
                 samlIDPMetaDataXML => {
                     idp => {
@@ -293,7 +342,15 @@ sub sp {
                     idp2 => {
                         samlIDPMetaDataXML =>
                           samlIDPMetaDataXML( 'idp2', 'HTTP-POST' )
-                    }
+                    },
+                    idp3 => {
+                        samlIDPMetaDataXML =>
+                          samlIDPMetaDataXML( 'idp3', 'HTTP-POST' )
+                    },
+                    z_idp2 => {
+                        samlIDPMetaDataXML =>
+                          samlIDPMetaDataXML( 'z_idp2', 'HTTP-POST' )
+                    },
                 },
                 samlOrganizationDisplayName => "SP",
                 samlOrganizationName        => "SP",

lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST-with-WAYF.t

@@ -98,7 +98,7 @@ SKIP: {
     );
     my $proxyPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
 
-    my ( $url, $query ) =
+    ( $url, $query ) =
       expectRedirection( $res, qr#^http://discovery.example.com/# );
 
     # Return from WAYF

lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t

@@ -122,9 +122,7 @@ SKIP: {
     );
     my $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
 
-
+    ( $url, $query ) =
-
-    my ( $url, $query ) =
       expectRedirection( $res, qr#^http://discovery.example.com/# );
 
     # Return from WAYF

lemonldap-ng-portal/t/42-Register-Demo-with-captcha.t

@@ -100,14 +100,12 @@ m%<a class="btn btn-secondary" href="http://auth.example.com/register\?skin=boot
 s/^.*token=([^&]+).*$/token=$1&firstname=foo&lastname=bar&mail=foobar%40badwolf.org/,
         'Token found'
     );
-    my $token;
     ok( $token = $1, ' Token value is defined' );
     ok( $res->[2]->[0] =~ m#<img src="data:image/png;base64#,
         ' Captcha image inserted' )
       or print STDERR Dumper( $res->[2]->[0] );
 
     # Try to get captcha value
-    my ( $ts, $captcha );
     ok( $ts = getCache()->get($token), ' Found token session' );
     $ts = eval { JSON::from_json($ts) };
     ok( $captcha = $ts->{captcha}, ' Found captcha value' );

lemonldap-ng-portal/t/lib/Lemonldap/NG/Handler/Test.pm

@@ -67,11 +67,23 @@ sub run {
         my ( $req, $res );
         $req = HTTP::Request->new( @{ JSON::from_json($_) } );
         $res = $server->request($req);
+        my @flatten = &flatten($res);
         print $out JSON::to_json(
-            [ $res->code, [ $res->flatten ], [ $res->content ] ] )
+            [ $res->code, [@flatten], [ $res->content ] ] )
           . "\n";
     }
 }
 
+# Copy from HTTP::Headers code
+sub flatten {
+    my ($self) = @_;
+    (
+        map {
+            my $k = $_;
+            map { ( $k => $_ ) } $self->header($_);
+        } $self->header_field_names
+    );
+}
+
 1;
 

rpm/lemonldap-ng.spec

@@ -144,6 +144,7 @@ BuildRequires:  perl(Plack::Handler::FCGI)
 BuildRequires:  perl(Plack::Middleware)
 BuildRequires:  perl(Plack::Request)
 BuildRequires:  perl(Plack::Runner)
+BuildRequires:  perl(Plack::Test)
 BuildRequires:  perl(Plack::Util)
 BuildRequires:  perl(Plack::Util::Accessor)
 BuildRequires:  perl(POSIX)
@@ -437,6 +438,8 @@ sed -i 's/nobody/%{lm_apacheuser}/' \
     %{buildroot}%{lm_bindir}/lmConfigEditor
 sed -i 's/nobody/%{lm_apacheuser}/g' \
     %{buildroot}%{lm_bindir}/lemonldap-ng-cli
+sed -i 's/nobody/%{lm_apacheuser}/g' \
+    %{buildroot}%{lm_bindir}/llngDeleteSession
 sed -i 's/nobody/%{lm_apacheuser}/g' \
     %{buildroot}%{_sysconfdir}/default/llng-fastcgi-server
 
@@ -592,6 +595,7 @@ fi
 %{lm_examplesdir}/manager
 %{lm_bindir}/lmConfigEditor
 %{lm_bindir}/lemonldap-ng-cli
+%{lm_bindir}/llngDeleteSession
 %{_mandir}/man1/lemonldap-ng-cli*
 
 %files portal
@@ -656,6 +660,9 @@ fi
 # Changelog
 #==============================================================================
 %changelog
+* Thu Apr 11 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.3-1
+- Update to 2.0.3
+
 * Tue Feb 12 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.2-1
 - Update to 2.0.2