Merge branch 'v2.0'
This commit is contained in:
commit
27bf1ea3d8
55
changelog
55
changelog
|
@ -1,3 +1,54 @@
|
||||||
|
lemonldap-ng (2.0.3) bionic; urgency=medium
|
||||||
|
|
||||||
|
* Bugs:
|
||||||
|
* #1543: Redirection lost with CAS RP -> Choice -> SAML Discovery Protocol -> SAML IDP
|
||||||
|
* #1654: Password must change on AD still not fully working
|
||||||
|
* #1656: No IP shown in history logon
|
||||||
|
* #1667: [Security:medium] Option userControl is not applied anymore in standard login process
|
||||||
|
* #1671: Error in SP-initiated saml logout with multiple SP
|
||||||
|
* #1672: In SAML Issuer, environment variables to store current SP are not filled
|
||||||
|
* #1673: Application list display and specific rules
|
||||||
|
* #1675: [Security:minor] Using /logout instead of /?logout=1 does not work
|
||||||
|
* #1676: Active Directory connection information not saved
|
||||||
|
* #1679: Default jQuery URL in form replay has changed
|
||||||
|
* #1680: In form replay, POST data keys are not URL encoded
|
||||||
|
* #1682: LinkedIn OAuth2 authentication is not available in combination modules list
|
||||||
|
* #1683: Changing configuration option cspScript has no effect
|
||||||
|
* #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
|
||||||
|
* #1686: SOAP Portal WSDL file is invalid
|
||||||
|
* #1691: Password policy can't display messages
|
||||||
|
* #1692: Parameter base64 is ignored in setHiddenFormValue
|
||||||
|
* #1693: Information is not displayed in logout process
|
||||||
|
* #1698: Invalid pdata causes SAML login to fail after logout
|
||||||
|
* #1703: Fix faulty headers on a null value
|
||||||
|
* #1708: lmerror page loops on url parameter
|
||||||
|
|
||||||
|
* New features:
|
||||||
|
* #1632: Optionally let Ext2F module handle code generation
|
||||||
|
* #1658: CheckUser plugin
|
||||||
|
* #1661: Configuration viewer module
|
||||||
|
* #1664: Impersonation plugin
|
||||||
|
* #1697: Command-line tool to delete session for specific user(s)
|
||||||
|
|
||||||
|
* Improvements:
|
||||||
|
* #1549: Option to override IDP entityID
|
||||||
|
* #1595: Possibility to override message with a custom JSON file in template
|
||||||
|
* #1651: Disable cache on portal page
|
||||||
|
* #1653: Allow failback to default skin when a template is not found in custom theme
|
||||||
|
* #1660: Restore possibility to hide message in portal template
|
||||||
|
* #1666: Display errors on login form
|
||||||
|
* #1668: As IDP SAML, do not try to send SLO response if no SLO endpoint defined in SP metadata
|
||||||
|
* #1670: Display "authentication in progress" when using Ajax with Kerberos
|
||||||
|
* #1681: Change behavior with SAML mandatory/optional attributes in SAML Issuer
|
||||||
|
* #1687: Add granted log for user and connexion informations
|
||||||
|
* #1694: Disable CSRF token with AuthBasic
|
||||||
|
* #1696: Remove unnecessary antiframe protection in portal javascript
|
||||||
|
* #1699: Authentication level for REST and GPG authentication
|
||||||
|
* #1700: Update AuthBasic handler doc : REST server is required
|
||||||
|
* #1704: Append parameter to sort IDP, OP and CAS servers in Auth menu loop
|
||||||
|
|
||||||
|
-- Clément <clem.oudot@gmail.com> Thu, 11 Apr 2019 10:09:35 +0200
|
||||||
|
|
||||||
lemonldap-ng (2.0.2) bionic; urgency=medium
|
lemonldap-ng (2.0.2) bionic; urgency=medium
|
||||||
|
|
||||||
* Bugs:
|
* Bugs:
|
||||||
|
@ -11,8 +62,8 @@ lemonldap-ng (2.0.2) bionic; urgency=medium
|
||||||
* #1618: Version in server signature is wrong
|
* #1618: Version in server signature is wrong
|
||||||
* #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager
|
* #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager
|
||||||
* #1627: Display issue with GrantSession plugin
|
* #1627: Display issue with GrantSession plugin
|
||||||
* #1628: GrantSession plugin discloses its message to unlogged users
|
* #1628: [Security:minor] GrantSession plugin discloses its message to unlogged users
|
||||||
* #1630: SSO cookie is sent to protected applications with Nginx-based ReverseProxy
|
* #1630: [Security:minor] SSO cookie is sent to protected applications with Nginx-based ReverseProxy
|
||||||
* #1636: SSL and Kerberos Auth Modules don t work with choice
|
* #1636: SSL and Kerberos Auth Modules don t work with choice
|
||||||
* #1639: User must change password on AD is broken
|
* #1639: User must change password on AD is broken
|
||||||
* #1642: Unable to select skin from URL
|
* #1642: Unable to select skin from URL
|
||||||
|
|
7
debian/changelog
vendored
7
debian/changelog
vendored
|
@ -1,3 +1,10 @@
|
||||||
|
lemonldap-ng (2.0.3-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* New release. See changes on our website:
|
||||||
|
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
|
||||||
|
|
||||||
|
-- Clement OUDOT <clement@oodo.net> Thu, 11 Apr 2019 12:00:00 +0100
|
||||||
|
|
||||||
lemonldap-ng (2.0.2-1) unstable; urgency=medium
|
lemonldap-ng (2.0.2-1) unstable; urgency=medium
|
||||||
|
|
||||||
* New release. See changes on our website:
|
* New release. See changes on our website:
|
||||||
|
|
1
debian/liblemonldap-ng-manager-perl.install
vendored
1
debian/liblemonldap-ng-manager-perl.install
vendored
|
@ -4,3 +4,4 @@
|
||||||
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli
|
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli
|
||||||
/usr/share/lemonldap-ng/manager
|
/usr/share/lemonldap-ng/manager
|
||||||
/usr/share/lemonldap-ng/bin/lmConfigEditor
|
/usr/share/lemonldap-ng/bin/lmConfigEditor
|
||||||
|
/usr/share/lemonldap-ng/bin/llngDeleteSession
|
||||||
|
|
|
@ -90,7 +90,7 @@
|
||||||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||||
|
|
||||||
<ul class="nav navbar-nav">
|
<ul class="nav navbar-nav">
|
||||||
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
||||||
|
|
||||||
</div><!-- /site -->
|
</div><!-- /site -->
|
||||||
|
|
||||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&1554841473" width="2" height="1" alt="" /></div>
|
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&1554967327" width="2" height="1" alt="" /></div>
|
||||||
<div id="screen__mode" class="no">
|
<div id="screen__mode" class="no">
|
||||||
<span class="visible-xs"></span>
|
<span class="visible-xs"></span>
|
||||||
<span class="visible-sm"></span>
|
<span class="visible-sm"></span>
|
||||||
|
|
|
@ -90,7 +90,7 @@
|
||||||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||||
|
|
||||||
<ul class="nav navbar-nav">
|
<ul class="nav navbar-nav">
|
||||||
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
||||||
|
|
||||||
</div><!-- /site -->
|
</div><!-- /site -->
|
||||||
|
|
||||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&1554841473" width="2" height="1" alt="" /></div>
|
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&1554967327" width="2" height="1" alt="" /></div>
|
||||||
<div id="screen__mode" class="no">
|
<div id="screen__mode" class="no">
|
||||||
<span class="visible-xs"></span>
|
<span class="visible-xs"></span>
|
||||||
<span class="visible-sm"></span>
|
<span class="visible-sm"></span>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<title>documentation:2.0:authcas</title>
|
<title>documentation:2.0:authcas</title>
|
||||||
<meta name="generator" content="DokuWiki"/>
|
<meta name="generator" content="DokuWiki"/>
|
||||||
<meta name="robots" content="index,follow"/>
|
<meta name="robots" content="noindex,nofollow"/>
|
||||||
<meta name="keywords" content="documentation,2.0,authcas"/>
|
<meta name="keywords" content="documentation,2.0,authcas"/>
|
||||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||||
<link rel="start" href="authcas.html"/>
|
<link rel="start" href="authcas.html"/>
|
||||||
|
@ -122,6 +122,8 @@ Then create the list of <abbr title="Central Authentication Service">CAS</abbr>
|
||||||
</li>
|
</li>
|
||||||
<li class="level1"><div class="li"> <strong>Icon</strong>: Path to <abbr title="Central Authentication Service">CAS</abbr> Server icon. Used only if you have more than 1 <abbr title="Central Authentication Service">CAS</abbr> server declared</div>
|
<li class="level1"><div class="li"> <strong>Icon</strong>: Path to <abbr title="Central Authentication Service">CAS</abbr> Server icon. Used only if you have more than 1 <abbr title="Central Authentication Service">CAS</abbr> server declared</div>
|
||||||
</li>
|
</li>
|
||||||
|
<li class="level1"><div class="li"> <strong>Order</strong>: Number to sort <abbr title="Central Authentication Service">CAS</abbr> Servers display</div>
|
||||||
|
</li>
|
||||||
<li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
|
<li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
|
||||||
<ul>
|
<ul>
|
||||||
<li class="level2"><div class="li"> <strong>Key</strong>: Service ID</div>
|
<li class="level2"><div class="li"> <strong>Key</strong>: Service ID</div>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<title>documentation:2.0:authcombination</title>
|
<title>documentation:2.0:authcombination</title>
|
||||||
<meta name="generator" content="DokuWiki"/>
|
<meta name="generator" content="DokuWiki"/>
|
||||||
<meta name="robots" content="index,follow"/>
|
<meta name="robots" content="noindex,nofollow"/>
|
||||||
<meta name="keywords" content="documentation,2.0,authcombination"/>
|
<meta name="keywords" content="documentation,2.0,authcombination"/>
|
||||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||||
<link rel="start" href="authcombination.html"/>
|
<link rel="start" href="authcombination.html"/>
|
||||||
|
@ -159,11 +159,21 @@ For example:
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT6 TABLE [1133-1256] -->
|
<!-- EDIT6 TABLE [1133-1256] -->
|
||||||
<p>
|
<p>
|
||||||
Usually, you can't declare two modules of the same type if they don't have the same parameters. For example, usually you can't declare a MySQL <abbr title="Database Interface">DBI</abbr> and a PostgreSQL <abbr title="Database Interface">DBI</abbr>, because there is no extra field for PostgreSQL parameters. Now with Combination, you can declare some overloaded parameters. For example, if <abbr title="Database Interface">DBI</abbr> is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the “dbiChain” parameter.
|
Usually, you can't declare two modules of the same type if they don't have the same parameters. For example, usually you can't declare a MySQL <abbr title="Database Interface">DBI</abbr> and a PostgreSQL <abbr title="Database Interface">DBI</abbr>, because there is no extra field for PostgreSQL parameters. Now with Combination, you can declare some overloaded parameters.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
For example, if <abbr title="Database Interface">DBI</abbr> is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the “dbiChain” parameter.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
You can also override a complex key like ldapExportedVars, by setting a JSON value:
|
||||||
|
</p>
|
||||||
|
<pre class="code javascript"><span class="br0">{</span><span class="st0">"cn"</span> <span class="sy0">=></span> <span class="st0">"cn"</span><span class="sy0">,</span> <span class="st0">"uid"</span> <span class="sy0">=></span> <span class="st0">"sAMAccounName"</span><span class="sy0">,</span> <span class="st0">"mail"</span> <span class="sy0">=></span> <span class="st0">"mail"</span><span class="br0">}</span></pre>
|
||||||
|
<div class="noteimportant">If your JSON is corrupted, LLNG will use it as string and just report a warning in logs.
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT5 SECTION "Modules declaration" [516-1670] -->
|
</div>
|
||||||
|
<!-- EDIT5 SECTION "Modules declaration" [516-1953] -->
|
||||||
<h3 class="sectionedit7" id="rule_chain">Rule chain</h3>
|
<h3 class="sectionedit7" id="rule_chain">Rule chain</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -212,7 +222,7 @@ Remember that schemes in rules are the names declared above.
|
||||||
<td class="col0 leftalign"> <code>[mySSL and myLDAP, myLDAP ]</code> </td><td class="col1"> Use mySSL and myLDAP to authentify, myLDAP to get user </td>
|
<td class="col0 leftalign"> <code>[mySSL and myLDAP, myLDAP ]</code> </td><td class="col1"> Use mySSL and myLDAP to authentify, myLDAP to get user </td>
|
||||||
</tr>
|
</tr>
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT8 TABLE [2189-2620] --><div class="noteimportant">Note that “or” can't be used inside a scheme.
|
<!-- EDIT8 TABLE [2472-2903] --><div class="noteimportant">Note that “or” can't be used inside a scheme.
|
||||||
If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, myLDAP] or [myLDAP, myLDAP]</code>
|
If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, myLDAP] or [myLDAP, myLDAP]</code>
|
||||||
|
|
||||||
</div><div class="table sectionedit9"><table class="inline table table-bordered table-striped">
|
</div><div class="table sectionedit9"><table class="inline table table-bordered table-striped">
|
||||||
|
@ -228,7 +238,7 @@ If you think to “[mySSL or myLDAP, myLDAP]”, you must write <code>[mySSL, my
|
||||||
<td class="col0"> <code>[myDBI1] and [myDBI2] or [myLDAP] and [myDBI2]</code> </td><td class="col1"> Try myDBI1 and myDBI2, if it fails, try myLDAP and myDBI2 </td>
|
<td class="col0"> <code>[myDBI1] and [myDBI2] or [myLDAP] and [myDBI2]</code> </td><td class="col1"> Try myDBI1 and myDBI2, if it fails, try myLDAP and myDBI2 </td>
|
||||||
</tr>
|
</tr>
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT9 TABLE [2793-3037] --><div class="noteimportant">You can't use brackets in a boolean expression and “and” has precedence on “or”.
|
<!-- EDIT9 TABLE [3076-3320] --><div class="noteimportant">You can't use brackets in a boolean expression and “and” has precedence on “or”.
|
||||||
<p>
|
<p>
|
||||||
If you think to “( [myLDAP] or [myDBI1] ) and [myDBI2]”, you must write <code>[myLDAP] and [myDBI2] or [myDBI1] and [myDBI2]</code>
|
If you think to “( [myLDAP] or [myDBI1] ) and [myDBI2]”, you must write <code>[myLDAP] and [myDBI2] or [myDBI1] and [myDBI2]</code>
|
||||||
</p>
|
</p>
|
||||||
|
@ -255,7 +265,7 @@ Test can use only the <code>$env</code> variable. It contains the FastCGI enviro
|
||||||
<td class="col0"> <code>if($env->{REMOTE_ADDR} =~ /^10\./) then [myLDAP] else if($env->{REMOTE_ADDR} =~ /^192/) then [myDBI1] else [myDBI2]</code> </td><td class="col1"> Chain tests </td>
|
<td class="col0"> <code>if($env->{REMOTE_ADDR} =~ /^10\./) then [myLDAP] else if($env->{REMOTE_ADDR} =~ /^192/) then [myDBI1] else [myDBI2]</code> </td><td class="col1"> Chain tests </td>
|
||||||
</tr>
|
</tr>
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT10 TABLE [3373-3695] --><div class="noteimportant">Note that brackets can't be used except to enclose test.
|
<!-- EDIT10 TABLE [3656-3978] --><div class="noteimportant">Note that brackets can't be used except to enclose test.
|
||||||
<p>
|
<p>
|
||||||
If you wants to write <code>if(...) then if...</code>, you must write <code>if(not ...) then ... else if(...)...</code>
|
If you wants to write <code>if(...) then if...</code>, you must write <code>if(not ...) then ... else if(...)...</code>
|
||||||
</p>
|
</p>
|
||||||
|
@ -275,7 +285,7 @@ The following rule is valid:
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT7 SECTION "Rule chain" [1671-4042] -->
|
<!-- EDIT7 SECTION "Rule chain" [1954-4325] -->
|
||||||
<h3 class="sectionedit11" id="combine_second_factor">Combine second factor</h3>
|
<h3 class="sectionedit11" id="combine_second_factor">Combine second factor</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -300,7 +310,7 @@ Now if you want to authenticate users either by LDAP or LDAP+U2F <em>(to have 2
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT11 SECTION "Combine second factor" [4043-4692] -->
|
<!-- EDIT11 SECTION "Combine second factor" [4326-4975] -->
|
||||||
<h3 class="sectionedit12" id="display_multiple_forms">Display multiple forms</h3>
|
<h3 class="sectionedit12" id="display_multiple_forms">Display multiple forms</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -311,12 +321,12 @@ Combination module returns the form corresponding to the first authentication sc
|
||||||
<span class="re1">combinationForms</span> <span class="sy0">=</span><span class="re2"> standardform, openidform</span></pre>
|
<span class="re1">combinationForms</span> <span class="sy0">=</span><span class="re2"> standardform, openidform</span></pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT12 SECTION "Display multiple forms" [4693-5021] -->
|
<!-- EDIT12 SECTION "Display multiple forms" [4976-5304] -->
|
||||||
<h2 class="sectionedit13" id="known_problems">Known problems</h2>
|
<h2 class="sectionedit13" id="known_problems">Known problems</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT13 SECTION "Known problems" [5022-5049] -->
|
<!-- EDIT13 SECTION "Known problems" [5305-5332] -->
|
||||||
<h3 class="sectionedit14" id="federation_protocols">Federation protocols</h3>
|
<h3 class="sectionedit14" id="federation_protocols">Federation protocols</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -336,9 +346,9 @@ Combination module returns the form corresponding to the first authentication sc
|
||||||
<td class="col0"> <em><code>[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP] or [LDAP]</code></em> </td><td class="col1"> <code>[<abbr title="Security Assertion Markup Language">SAML</abbr>, <abbr title="Security Assertion Markup Language">SAML</abbr> and LDAP] or [LDAP]</code> </td><td class="col2"> Authentication is done by <abbr title="Security Assertion Markup Language">SAML</abbr> or LDAP but user must match an LDAP entry </td>
|
<td class="col0"> <em><code>[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP] or [LDAP]</code></em> </td><td class="col1"> <code>[<abbr title="Security Assertion Markup Language">SAML</abbr>, <abbr title="Security Assertion Markup Language">SAML</abbr> and LDAP] or [LDAP]</code> </td><td class="col2"> Authentication is done by <abbr title="Security Assertion Markup Language">SAML</abbr> or LDAP but user must match an LDAP entry </td>
|
||||||
</tr>
|
</tr>
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT15 TABLE [5349-5681] -->
|
<!-- EDIT15 TABLE [5632-5964] -->
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT14 SECTION "Federation protocols" [5050-5682] -->
|
<!-- EDIT14 SECTION "Federation protocols" [5333-5965] -->
|
||||||
<h3 class="sectionedit16" id="authapache_authentication">Auth::Apache authentication</h3>
|
<h3 class="sectionedit16" id="authapache_authentication">Auth::Apache authentication</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -356,7 +366,7 @@ To bypass this, follow the documentation of <a href="authapache.html" class="wik
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT16 SECTION "Auth::Apache authentication" [5683-6294] -->
|
<!-- EDIT16 SECTION "Auth::Apache authentication" [5966-6577] -->
|
||||||
<h3 class="sectionedit17" id="ssl_authentication">SSL authentication</h3>
|
<h3 class="sectionedit17" id="ssl_authentication">SSL authentication</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -365,6 +375,6 @@ To chain SSL, you have to set “SSLRequire optional” in Apache configuration,
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT17 SECTION "SSL authentication" [6295-] --></div>
|
<!-- EDIT17 SECTION "SSL authentication" [6578-] --></div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<title>documentation:2.0:authopenidconnect</title>
|
<title>documentation:2.0:authopenidconnect</title>
|
||||||
<meta name="generator" content="DokuWiki"/>
|
<meta name="generator" content="DokuWiki"/>
|
||||||
<meta name="robots" content="index,follow"/>
|
<meta name="robots" content="noindex,nofollow"/>
|
||||||
<meta name="keywords" content="documentation,2.0,authopenidconnect"/>
|
<meta name="keywords" content="documentation,2.0,authopenidconnect"/>
|
||||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||||
<link rel="start" href="authopenidconnect.html"/>
|
<link rel="start" href="authopenidconnect.html"/>
|
||||||
|
@ -433,6 +433,8 @@ So you can define for example:
|
||||||
</li>
|
</li>
|
||||||
<li class="level2"><div class="li"> <strong>Logo</strong>: Logo of the application</div>
|
<li class="level2"><div class="li"> <strong>Logo</strong>: Logo of the application</div>
|
||||||
</li>
|
</li>
|
||||||
|
<li class="level2"><div class="li"> <strong>Order</strong>: Number to sort buttons</div>
|
||||||
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<title>documentation:2.0:authsaml</title>
|
<title>documentation:2.0:authsaml</title>
|
||||||
<meta name="generator" content="DokuWiki"/>
|
<meta name="generator" content="DokuWiki"/>
|
||||||
<meta name="robots" content="index,follow"/>
|
<meta name="robots" content="noindex,nofollow"/>
|
||||||
<meta name="keywords" content="documentation,2.0,authsaml"/>
|
<meta name="keywords" content="documentation,2.0,authsaml"/>
|
||||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||||
<link rel="start" href="authsaml.html"/>
|
<link rel="start" href="authsaml.html"/>
|
||||||
|
@ -311,6 +311,8 @@ Used only if you have more than 1 <abbr title="Security Assertion Markup Languag
|
||||||
</li>
|
</li>
|
||||||
<li class="level1"><div class="li"> <strong>Logo</strong>: Logo of the IDP</div>
|
<li class="level1"><div class="li"> <strong>Logo</strong>: Logo of the IDP</div>
|
||||||
</li>
|
</li>
|
||||||
|
<li class="level1"><div class="li"> <strong>Order</strong>: Number to sort IDP display</div>
|
||||||
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
<div class="notetip">The chosen logo must be in Portal icons directory (<code>portal/static/common/icons/</code>). You can set a custom icon by setting the icon file name directly in the field and copy the logo file in portal icons directory
|
<div class="notetip">The chosen logo must be in Portal icons directory (<code>portal/static/common/icons/</code>). You can set a custom icon by setting the icon file name directly in the field and copy the logo file in portal icons directory
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<title>documentation:2.0:browseablesessionbackend</title>
|
<title>documentation:2.0:browseablesessionbackend</title>
|
||||||
<meta name="generator" content="DokuWiki"/>
|
<meta name="generator" content="DokuWiki"/>
|
||||||
<meta name="robots" content="index,follow"/>
|
<meta name="robots" content="noindex,nofollow"/>
|
||||||
<meta name="keywords" content="documentation,2.0,browseablesessionbackend"/>
|
<meta name="keywords" content="documentation,2.0,browseablesessionbackend"/>
|
||||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||||
<link rel="start" href="browseablesessionbackend.html"/>
|
<link rel="start" href="browseablesessionbackend.html"/>
|
||||||
|
@ -103,8 +103,11 @@ The following table list fields to index depending on the feature you want to in
|
||||||
<tr class="row4 roweven">
|
<tr class="row4 roweven">
|
||||||
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> _session_kind ipAddr <em>WHATTOTRACE</em> </td>
|
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> _session_kind ipAddr <em>WHATTOTRACE</em> </td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr class="row5 rowodd">
|
||||||
|
<td class="col0"> Password reset by email </td><td class="col1 centeralign"> user </td>
|
||||||
|
</tr>
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT3 TABLE [871-1162] -->
|
<!-- EDIT3 TABLE [871-1199] -->
|
||||||
<p>
|
<p>
|
||||||
See Apache::Session::Browseable::* man page to see how use indexes.
|
See Apache::Session::Browseable::* man page to see how use indexes.
|
||||||
</p>
|
</p>
|
||||||
|
@ -113,7 +116,7 @@ See Apache::Session::Browseable::* man page to see how use indexes.
|
||||||
</div><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
|
</div><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT2 SECTION "Presentation" [43-1685] -->
|
<!-- EDIT2 SECTION "Presentation" [43-1722] -->
|
||||||
<h2 class="sectionedit4" id="browseable_nosql">Browseable NoSQL</h2>
|
<h2 class="sectionedit4" id="browseable_nosql">Browseable NoSQL</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
|
|
||||||
|
@ -140,15 +143,15 @@ You then just have to add the <code>Index</code> parameter in <code>General par
|
||||||
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
|
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
|
||||||
</tr>
|
</tr>
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT5 TABLE [1973-2130] -->
|
<!-- EDIT5 TABLE [2010-2167] -->
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT4 SECTION "Browseable NoSQL" [1686-2131] -->
|
<!-- EDIT4 SECTION "Browseable NoSQL" [1723-2168] -->
|
||||||
<h2 class="sectionedit6" id="browseable_sql">Browseable SQL</h2>
|
<h2 class="sectionedit6" id="browseable_sql">Browseable SQL</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
<div class="noteclassic">This documentation concerns PostgreSQL. Some adaptations are needed with other databases.
|
<div class="noteclassic">This documentation concerns PostgreSQL. Some adaptations are needed with other databases.
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT6 SECTION "Browseable SQL" [2132-2263] -->
|
<!-- EDIT6 SECTION "Browseable SQL" [2169-2300] -->
|
||||||
<h3 class="sectionedit7" id="prepare_database">Prepare database</h3>
|
<h3 class="sectionedit7" id="prepare_database">Prepare database</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -182,7 +185,7 @@ CREATE INDEX ip1 ON sessions USING BTREE (ipAddr);</pre>
|
||||||
<div class="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don't need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
|
<div class="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don't need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT7 SECTION "Prepare database" [2264-3898] -->
|
<!-- EDIT7 SECTION "Prepare database" [2301-3935] -->
|
||||||
<h3 class="sectionedit8" id="manager">Manager</h3>
|
<h3 class="sectionedit8" id="manager">Manager</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -211,14 +214,14 @@ Go in the Manager and set the session module (<a href="https://metacpan.org/pod/
|
||||||
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr _session_kind _utime </td>
|
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr _session_kind _utime </td>
|
||||||
</tr>
|
</tr>
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT9 TABLE [4221-4566] --><div class="notetip">Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.
|
<!-- EDIT9 TABLE [4258-4603] --><div class="notetip">Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.
|
||||||
<p>
|
<p>
|
||||||
For databases like PostgreSQL, don't forget to add “Commit” with a value of 1
|
For databases like PostgreSQL, don't forget to add “Commit” with a value of 1
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT8 SECTION "Manager" [3899-4745] -->
|
<!-- EDIT8 SECTION "Manager" [3936-4782] -->
|
||||||
<h2 class="sectionedit10" id="browseable_ldap">Browseable LDAP</h2>
|
<h2 class="sectionedit10" id="browseable_ldap">Browseable LDAP</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
|
|
||||||
|
@ -272,9 +275,9 @@ You need to add the <code>Index</code> field and can also configure the <code>ld
|
||||||
<td class="col0 centeralign"> <strong>ldapAttributeIndex</strong> </td><td class="col1"> Attribute storing index </td><td class="col2"> ou </td>
|
<td class="col0 centeralign"> <strong>ldapAttributeIndex</strong> </td><td class="col1"> Attribute storing index </td><td class="col2"> ou </td>
|
||||||
</tr>
|
</tr>
|
||||||
</table></div>
|
</table></div>
|
||||||
<!-- EDIT11 TABLE [5097-5831] -->
|
<!-- EDIT11 TABLE [5134-5868] -->
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT10 SECTION "Browseable LDAP" [4746-5832] -->
|
<!-- EDIT10 SECTION "Browseable LDAP" [4783-5869] -->
|
||||||
<h2 class="sectionedit12" id="security">Security</h2>
|
<h2 class="sectionedit12" id="security">Security</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
|
|
||||||
|
@ -287,7 +290,7 @@ You can also use different user/password for your servers by overriding paramete
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT12 SECTION "Security" [5833-6052] -->
|
<!-- EDIT12 SECTION "Security" [5870-6089] -->
|
||||||
<h2 class="sectionedit13" id="performances">Performances</h2>
|
<h2 class="sectionedit13" id="performances">Performances</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
|
|
||||||
|
@ -329,6 +332,6 @@ CREATE INDEX _u1 ON sessions (_utime);
|
||||||
CREATE INDEX ip1 ON sessions (ipAddr) USING BTREE;</pre>
|
CREATE INDEX ip1 ON sessions (ipAddr) USING BTREE;</pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT13 SECTION "Performances" [6053-] --></div>
|
<!-- EDIT13 SECTION "Performances" [6090-] --></div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -58,7 +58,7 @@
|
||||||
<li class="level3"><div class="li"><a href="#configure_git">Configure Git</a></div></li>
|
<li class="level3"><div class="li"><a href="#configure_git">Configure Git</a></div></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
<li class="level2"><div class="li"><a href="#import_project">Import Project</a></div></li>
|
<li class="level2"><div class="li"><a href="#import_project_and_using_git">Import Project and using Git</a></div></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
<li class="level1"><div class="li"><a href="#install_dependencies">Install dependencies</a></div></li>
|
<li class="level1"><div class="li"><a href="#install_dependencies">Install dependencies</a></div></li>
|
||||||
|
@ -140,7 +140,7 @@ git config --list</pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT3 SECTION "Install basic tools" [448-1151] -->
|
<!-- EDIT3 SECTION "Install basic tools" [448-1151] -->
|
||||||
<h3 class="sectionedit4" id="import_project">Import Project</h3>
|
<h3 class="sectionedit4" id="import_project_and_using_git">Import Project and using Git</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -157,6 +157,15 @@ git fetch upstream # import branch
|
||||||
git checkout v2.0 # to change branch
|
git checkout v2.0 # to change branch
|
||||||
git fetch upstream</pre>
|
git fetch upstream</pre>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<em>import version branch</em>
|
||||||
|
<em>on linux station :</em>
|
||||||
|
</p>
|
||||||
|
<pre class="code">git checkout v2.0
|
||||||
|
git fetch upstream --all
|
||||||
|
git rebase upstream/v2.0 # to align to parent project remote branch
|
||||||
|
git push # to push to working remote branch</pre>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<em>on gitlab, create working branch, one per thematic</em>
|
<em>on gitlab, create working branch, one per thematic</em>
|
||||||
<em>on linux station :</em>
|
<em>on linux station :</em>
|
||||||
|
@ -164,9 +173,9 @@ git fetch upstream</pre>
|
||||||
<pre class="code">git checkout workingbranch
|
<pre class="code">git checkout workingbranch
|
||||||
git log
|
git log
|
||||||
git status
|
git status
|
||||||
git merge upstream/v2.0 # merge branch 2.0 in working branch
|
|
||||||
git commit -am "explanations (#number gitlab ticket)"
|
git commit -am "explanations (#number gitlab ticket)"
|
||||||
git commit --amend file(s) # to modify a commit
|
git commit --amend file(s) # to modify a commit
|
||||||
|
git rebase v2.0 # align local working branch to local 2.0
|
||||||
git checkout -- file(s) # revert
|
git checkout -- file(s) # revert
|
||||||
git push # to send on remote working branch</pre>
|
git push # to send on remote working branch</pre>
|
||||||
|
|
||||||
|
@ -175,7 +184,7 @@ On gitlab, submit merge request when tests are corrects.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT4 SECTION "Import Project" [1152-1997] -->
|
<!-- EDIT4 SECTION "Import Project and using Git" [1152-2220] -->
|
||||||
<h2 class="sectionedit5" id="install_dependencies">Install dependencies</h2>
|
<h2 class="sectionedit5" id="install_dependencies">Install dependencies</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
<pre class="code">aptitude install libapache-session-perl libcache-cache-perl libclone-perl libconfig-inifiles-perl libconvert-pem-perl libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl libcrypt-openssl-x509-perl libcrypt-rijndael-perl libdbi-perl libdigest-hmac-perl libemail-sender-perl libgd-securityimage-perl libhtml-template-perl libio-string-perl libjson-perl libmime-tools-perl libmouse-perl libnet-ldap-perl libplack-perl libregexp-assemble-perl libregexp-common-perl libsoap-lite-perl libstring-random-perl libunicode-string-perl liburi-perl libwww-perl libxml-simple-perl libxml-libxslt-perl libcrypt-urandom-perl libconvert-base32-perl
|
<pre class="code">aptitude install libapache-session-perl libcache-cache-perl libclone-perl libconfig-inifiles-perl libconvert-pem-perl libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl libcrypt-openssl-x509-perl libcrypt-rijndael-perl libdbi-perl libdigest-hmac-perl libemail-sender-perl libgd-securityimage-perl libhtml-template-perl libio-string-perl libjson-perl libmime-tools-perl libmouse-perl libnet-ldap-perl libplack-perl libregexp-assemble-perl libregexp-common-perl libsoap-lite-perl libstring-random-perl libunicode-string-perl liburi-perl libwww-perl libxml-simple-perl libxml-libxslt-perl libcrypt-urandom-perl libconvert-base32-perl
|
||||||
|
@ -183,8 +192,13 @@ aptitude install apache2 libapache2-mod-fcgid libapache2-mod-perl2 # install Ap
|
||||||
aptitude install nginx nginx-extras # install Nginx
|
aptitude install nginx nginx-extras # install Nginx
|
||||||
aptitude install perltidy</pre>
|
aptitude install perltidy</pre>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<abbr title="Security Assertion Markup Language">SAML</abbr> :
|
||||||
|
</p>
|
||||||
|
<pre class="code">aptitude install liblasso-perl libglib-perl </pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT5 SECTION "Install dependencies" [1998-2840] -->
|
<!-- EDIT5 SECTION "Install dependencies" [2221-3121] -->
|
||||||
<h2 class="sectionedit6" id="working_project">Working Project</h2>
|
<h2 class="sectionedit6" id="working_project">Working Project</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
<pre class="code">make test # or manager_test, portal_test, ... to launch unit tests
|
<pre class="code">make test # or manager_test, portal_test, ... to launch unit tests
|
||||||
|
@ -200,6 +214,6 @@ make tidy # to magnify perl files (perl best pratices)
|
||||||
cd lemonldap-ng-portal && prove t/XXXX # To launch specific unit test</pre>
|
cd lemonldap-ng-portal && prove t/XXXX # To launch specific unit test</pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT6 SECTION "Working Project" [2841-] --></div>
|
<!-- EDIT6 SECTION "Working Project" [3122-] --></div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -90,7 +90,7 @@
|
||||||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||||
|
|
||||||
<ul class="nav navbar-nav">
|
<ul class="nav navbar-nav">
|
||||||
<li><a href="/documentation/2.0/dos?do=login&sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
<li><a href="/documentation/2.0/dos?do=login&sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
||||||
|
|
||||||
</div><!-- /site -->
|
</div><!-- /site -->
|
||||||
|
|
||||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&1554841530" width="2" height="1" alt="" /></div>
|
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&1554967384" width="2" height="1" alt="" /></div>
|
||||||
<div id="screen__mode" class="no">
|
<div id="screen__mode" class="no">
|
||||||
<span class="visible-xs"></span>
|
<span class="visible-xs"></span>
|
||||||
<span class="visible-sm"></span>
|
<span class="visible-sm"></span>
|
||||||
|
|
|
@ -90,7 +90,7 @@
|
||||||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||||
|
|
||||||
<ul class="nav navbar-nav">
|
<ul class="nav navbar-nav">
|
||||||
<li><a href="/documentation/2.0/exploit?do=login&sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
<li><a href="/documentation/2.0/exploit?do=login&sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
||||||
|
|
||||||
</div><!-- /site -->
|
</div><!-- /site -->
|
||||||
|
|
||||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&1554841530" width="2" height="1" alt="" /></div>
|
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&1554967384" width="2" height="1" alt="" /></div>
|
||||||
<div id="screen__mode" class="no">
|
<div id="screen__mode" class="no">
|
||||||
<span class="visible-xs"></span>
|
<span class="visible-xs"></span>
|
||||||
<span class="visible-sm"></span>
|
<span class="visible-sm"></span>
|
||||||
|
|
|
@ -90,7 +90,7 @@
|
||||||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||||
|
|
||||||
<ul class="nav navbar-nav">
|
<ul class="nav navbar-nav">
|
||||||
<li><a href="/documentation/2.0/mitm?do=login&sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
<li><a href="/documentation/2.0/mitm?do=login&sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
||||||
|
|
||||||
</div><!-- /site -->
|
</div><!-- /site -->
|
||||||
|
|
||||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&1554841530" width="2" height="1" alt="" /></div>
|
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&1554967384" width="2" height="1" alt="" /></div>
|
||||||
<div id="screen__mode" class="no">
|
<div id="screen__mode" class="no">
|
||||||
<span class="visible-xs"></span>
|
<span class="visible-xs"></span>
|
||||||
<span class="visible-sm"></span>
|
<span class="visible-sm"></span>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<title>documentation:2.0:performances</title>
|
<title>documentation:2.0:performances</title>
|
||||||
<meta name="generator" content="DokuWiki"/>
|
<meta name="generator" content="DokuWiki"/>
|
||||||
<meta name="robots" content="index,follow"/>
|
<meta name="robots" content="noindex,nofollow"/>
|
||||||
<meta name="keywords" content="documentation,2.0,performances"/>
|
<meta name="keywords" content="documentation,2.0,performances"/>
|
||||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||||
<link rel="start" href="performances.html"/>
|
<link rel="start" href="performances.html"/>
|
||||||
|
@ -367,7 +367,7 @@ Analysis:
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
LDAP server can be a brake when you use LDAP groups recovery. You can avoid this by setting “memberOf” fields in your LDAP scheme:
|
LDAP server can slow you down when you use LDAP groups retrieval. You can avoid this by setting “memberOf” fields in your LDAP scheme:
|
||||||
</p>
|
</p>
|
||||||
<pre class="code ldif"><span class="re0">dn</span>:<span class="re1"> uid=foo,dmdName=people,dc=example,dc=com</span>
|
<pre class="code ldif"><span class="re0">dn</span>:<span class="re1"> uid=foo,dmdName=people,dc=example,dc=com</span>
|
||||||
...
|
...
|
||||||
|
@ -375,7 +375,7 @@ LDAP server can be a brake when you use LDAP groups recovery. You can avoid this
|
||||||
<span class="re0">memberOf</span>:<span class="re1"> cn=su,dmdName=groups,dc=example,dc=com</span></pre>
|
<span class="re0">memberOf</span>:<span class="re1"> cn=su,dmdName=groups,dc=example,dc=com</span></pre>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
So instead of using LDAP groups recovery, you just have to store “memberOf” field in your exported variables. With OpenLDAP, you can use the <a href="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" class="urlextern" title="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" rel="nofollow">memberof overlay</a> to do it automatically.
|
So instead of using LDAP groups retrieval, you just have to store “memberOf” field in your exported variables. With OpenLDAP, you can use the <a href="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" class="urlextern" title="http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance" rel="nofollow">memberof overlay</a> to do it automatically.
|
||||||
</p>
|
</p>
|
||||||
<div class="noteimportant">Don't forget to create an index on the field used to find users (uid by default)
|
<div class="noteimportant">Don't forget to create an index on the field used to find users (uid by default)
|
||||||
</div><div class="notetip">To avoid having group dn stored in sessions datas, you can use a macro to rewrite memberOf:<ul>
|
</div><div class="notetip">To avoid having group dn stored in sessions datas, you can use a macro to rewrite memberOf:<ul>
|
||||||
|
@ -399,12 +399,12 @@ Now ldapgroups contains “admin su”
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT10 SECTION "LDAP performances" [10322-11451] -->
|
<!-- EDIT10 SECTION "LDAP performances" [10322-11456] -->
|
||||||
<h2 class="sectionedit11" id="manager_performances">Manager performances</h2>
|
<h2 class="sectionedit11" id="manager_performances">Manager performances</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT11 SECTION "Manager performances" [11452-11485] -->
|
<!-- EDIT11 SECTION "Manager performances" [11457-11490] -->
|
||||||
<h3 class="sectionedit12" id="disable_unused_modules">Disable unused modules</h3>
|
<h3 class="sectionedit12" id="disable_unused_modules">Disable unused modules</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -415,7 +415,7 @@ In lemonldap-ng.ini, set only modules that you will use. By default, configurati
|
||||||
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions</span></pre>
|
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions</span></pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT12 SECTION "Disable unused modules" [11486-11747] -->
|
<!-- EDIT12 SECTION "Disable unused modules" [11491-11752] -->
|
||||||
<h3 class="sectionedit13" id="use_static_html_files">Use static HTML files</h3>
|
<h3 class="sectionedit13" id="use_static_html_files">Use static HTML files</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -442,6 +442,6 @@ So manager <abbr title="HyperText Markup Language">HTML</abbr> templates will be
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT13 SECTION "Use static HTML files" [11748-] --></div>
|
<!-- EDIT13 SECTION "Use static HTML files" [11753-] --></div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<title>documentation:2.0:portalcustom</title>
|
<title>documentation:2.0:portalcustom</title>
|
||||||
<meta name="generator" content="DokuWiki"/>
|
<meta name="generator" content="DokuWiki"/>
|
||||||
<meta name="robots" content="index,follow"/>
|
<meta name="robots" content="noindex,nofollow"/>
|
||||||
<meta name="keywords" content="documentation,2.0,portalcustom"/>
|
<meta name="keywords" content="documentation,2.0,portalcustom"/>
|
||||||
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
||||||
<link rel="start" href="portalcustom.html"/>
|
<link rel="start" href="portalcustom.html"/>
|
||||||
|
@ -214,8 +214,7 @@ Then create symbolic links on template files, as you might not want to rewrite a
|
||||||
</p>
|
</p>
|
||||||
<pre class="code">cd /usr/share/lemonldap-ng/portal/templates/
|
<pre class="code">cd /usr/share/lemonldap-ng/portal/templates/
|
||||||
mkdir myskin
|
mkdir myskin
|
||||||
cd myskin/
|
cd myskin/</pre>
|
||||||
ln -s ../bootstrap/*.tpl .</pre>
|
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
We include some template files that can be customized:
|
We include some template files that can be customized:
|
||||||
|
@ -234,10 +233,9 @@ We include some template files that can be customized:
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
To use custom files, delete links and copy them into your skin folder:
|
To use custom files, copy them into your skin folder:
|
||||||
</p>
|
</p>
|
||||||
<pre class="code">rm -f custom*
|
<pre class="code">cp ../bootstrap/custom* .</pre>
|
||||||
cp ../bootstrap/custom* .</pre>
|
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Then you can add your media to <code>myskin/images</code>, you will be able to use them in <abbr title="HyperText Markup Language">HTML</abbr> template with this code:
|
Then you can add your media to <code>myskin/images</code>, you will be able to use them in <abbr title="HyperText Markup Language">HTML</abbr> template with this code:
|
||||||
|
@ -265,7 +263,7 @@ To configure your new skin in Manager, select the custom skin, and enter your sk
|
||||||
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set portalSkin 'myskin' portalSkinBackground ''</pre>
|
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set portalSkin 'myskin' portalSkinBackground ''</pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT9 SECTION "Skin customization" [2473-4508] -->
|
<!-- EDIT9 SECTION "Skin customization" [2473-4450] -->
|
||||||
<h3 class="sectionedit10" id="messages">Messages</h3>
|
<h3 class="sectionedit10" id="messages">Messages</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -316,7 +314,7 @@ You can also create a file called <code>all.json</code> to override messages in
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT10 SECTION "Messages" [4509-5651] -->
|
<!-- EDIT10 SECTION "Messages" [4451-5593] -->
|
||||||
<h3 class="sectionedit11" id="menu_tabs">Menu tabs</h3>
|
<h3 class="sectionedit11" id="menu_tabs">Menu tabs</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -332,7 +330,7 @@ This will allow one to display the tab directly with this <abbr title="Uniform R
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT11 SECTION "Menu tabs" [5652-5958] -->
|
<!-- EDIT11 SECTION "Menu tabs" [5594-5900] -->
|
||||||
<h3 class="sectionedit12" id="template_parameters">Template parameters</h3>
|
<h3 class="sectionedit12" id="template_parameters">Template parameters</h3>
|
||||||
<div class="level3">
|
<div class="level3">
|
||||||
|
|
||||||
|
@ -360,7 +358,7 @@ You can also display environment variables, with the prefix <code>env_</code>:
|
||||||
<pre class="code file html4strict">Your IP is <span class="sc2"><TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">"env_REMOTE_ADDR"</span>></span></pre>
|
<pre class="code file html4strict">Your IP is <span class="sc2"><TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">"env_REMOTE_ADDR"</span>></span></pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT12 SECTION "Template parameters" [5959-6606] -->
|
<!-- EDIT12 SECTION "Template parameters" [5901-6548] -->
|
||||||
<h2 class="sectionedit13" id="buttons">Buttons</h2>
|
<h2 class="sectionedit13" id="buttons">Buttons</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
|
|
||||||
|
@ -377,7 +375,7 @@ This node allows one to enable/disable buttons on the login page:
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT13 SECTION "Buttons" [6607-7123] -->
|
<!-- EDIT13 SECTION "Buttons" [6549-7065] -->
|
||||||
<h2 class="sectionedit14" id="password_management">Password management</h2>
|
<h2 class="sectionedit14" id="password_management">Password management</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
<ul>
|
<ul>
|
||||||
|
@ -390,7 +388,7 @@ This node allows one to enable/disable buttons on the login page:
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT14 SECTION "Password management" [7124-7574] -->
|
<!-- EDIT14 SECTION "Password management" [7066-7516] -->
|
||||||
<h2 class="sectionedit15" id="other_parameters">Other parameters</h2>
|
<h2 class="sectionedit15" id="other_parameters">Other parameters</h2>
|
||||||
<div class="level2">
|
<div class="level2">
|
||||||
<ul>
|
<ul>
|
||||||
|
@ -409,6 +407,6 @@ This node allows one to enable/disable buttons on the login page:
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<!-- EDIT15 SECTION "Other parameters" [7575-] --></div>
|
<!-- EDIT15 SECTION "Other parameters" [7517-] --></div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -90,7 +90,7 @@
|
||||||
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
|
||||||
|
|
||||||
<ul class="nav navbar-nav">
|
<ul class="nav navbar-nav">
|
||||||
<li><a href="/documentation/2.0/stayconnected?do=login&sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
<li><a href="/documentation/2.0/stayconnected?do=login&sectok=1a962bf9178779ca7104a99550b52c88" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ You've followed a link to a topic that doesn't exist yet. If permissio
|
||||||
|
|
||||||
</div><!-- /site -->
|
</div><!-- /site -->
|
||||||
|
|
||||||
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&1554841530" width="2" height="1" alt="" /></div>
|
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&1554967384" width="2" height="1" alt="" /></div>
|
||||||
<div id="screen__mode" class="no">
|
<div id="screen__mode" class="no">
|
||||||
<span class="visible-xs"></span>
|
<span class="visible-xs"></span>
|
||||||
<span class="visible-sm"></span>
|
<span class="visible-sm"></span>
|
||||||
|
|
|
@ -25,10 +25,10 @@ our $doubleHashKeys = 'issuerDBGetParameters';
|
||||||
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
|
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
|
||||||
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
|
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
|
||||||
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedVars)';
|
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedVars)';
|
||||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)';
|
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
|
||||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:(?:PostLogoutRedirectUri|ExtraClaim)s|I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
|
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:(?:PostLogoutRedirectUri|ExtraClaim)s|I(?:DToken(?:Expiration|SignAlg)|con)|Logout(?:SessionRequired|Type|Url)|AccessTokenExpiration|R(?:edirectUris|ule)|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
|
||||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ignS[LS]OMessage|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
||||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
|
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|S(?:essionNotOnOrAfterTimeout|ignS[LS]OMessage)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|ForceUTF8)|ExportedAttributes|XML)';
|
||||||
our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
our $virtualHostKeys = '(?:vhost(?:A(?:uthnLevel|liases)|(?:Maintenanc|Typ)e|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@ has languages => ( is => 'rw', isa => 'Str', default => 'en' );
|
||||||
has logLevel => ( is => 'rw', isa => 'Str', default => 'info' );
|
has logLevel => ( is => 'rw', isa => 'Str', default => 'info' );
|
||||||
has portal => ( is => 'rw', isa => 'Str' );
|
has portal => ( is => 'rw', isa => 'Str' );
|
||||||
has staticPrefix => ( is => 'rw', isa => 'Str' );
|
has staticPrefix => ( is => 'rw', isa => 'Str' );
|
||||||
has templateDir => ( is => 'rw', isa => 'Str' );
|
has templateDir => ( is => 'rw', isa => 'Str|ArrayRef' );
|
||||||
has links => ( is => 'rw', isa => 'ArrayRef' );
|
has links => ( is => 'rw', isa => 'ArrayRef' );
|
||||||
has menuLinks => ( is => 'rw', isa => 'ArrayRef' );
|
has menuLinks => ( is => 'rw', isa => 'ArrayRef' );
|
||||||
has logger => ( is => 'rw' );
|
has logger => ( is => 'rw' );
|
||||||
|
@ -250,6 +250,7 @@ sub sendHtml {
|
||||||
$htpl = HTML::Template->new(
|
$htpl = HTML::Template->new(
|
||||||
filehandle => IO::File->new($template),
|
filehandle => IO::File->new($template),
|
||||||
path => $self->templateDir,
|
path => $self->templateDir,
|
||||||
|
search_path_on_include => 1,
|
||||||
die_on_bad_params => 0,
|
die_on_bad_params => 0,
|
||||||
die_on_missing_include => 1,
|
die_on_missing_include => 1,
|
||||||
cache => 0,
|
cache => 0,
|
||||||
|
|
|
@ -721,6 +721,9 @@ sub attributes {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
},
|
},
|
||||||
|
'casSrvMetaDataOptionsSortNumber' => {
|
||||||
|
'type' => 'int'
|
||||||
|
},
|
||||||
'casSrvMetaDataOptionsUrl' => {
|
'casSrvMetaDataOptionsUrl' => {
|
||||||
'msgFail' => '__badUrl__',
|
'msgFail' => '__badUrl__',
|
||||||
'test' =>
|
'test' =>
|
||||||
|
@ -1866,6 +1869,9 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
||||||
'default' => 'openid profile',
|
'default' => 'openid profile',
|
||||||
'type' => 'text'
|
'type' => 'text'
|
||||||
},
|
},
|
||||||
|
'oidcOPMetaDataOptionsSortNumber' => {
|
||||||
|
'type' => 'int'
|
||||||
|
},
|
||||||
'oidcOPMetaDataOptionsStoreIDToken' => {
|
'oidcOPMetaDataOptionsStoreIDToken' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'bool'
|
'type' => 'bool'
|
||||||
|
@ -2796,6 +2802,9 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
],
|
],
|
||||||
'type' => 'select'
|
'type' => 'select'
|
||||||
},
|
},
|
||||||
|
'samlIDPMetaDataOptionsSortNumber' => {
|
||||||
|
'type' => 'int'
|
||||||
|
},
|
||||||
'samlIDPMetaDataOptionsSSOBinding' => {
|
'samlIDPMetaDataOptionsSSOBinding' => {
|
||||||
'default' => '',
|
'default' => '',
|
||||||
'select' => [ {
|
'select' => [ {
|
||||||
|
|
|
@ -2298,6 +2298,7 @@ sub attributes {
|
||||||
samlIDPMetaDataOptionsUserAttribute => { type => 'text', },
|
samlIDPMetaDataOptionsUserAttribute => { type => 'text', },
|
||||||
samlIDPMetaDataOptionsDisplayName => { type => 'text', },
|
samlIDPMetaDataOptionsDisplayName => { type => 'text', },
|
||||||
samlIDPMetaDataOptionsIcon => { type => 'text', },
|
samlIDPMetaDataOptionsIcon => { type => 'text', },
|
||||||
|
samlIDPMetaDataOptionsSortNumber => { type => 'int', },
|
||||||
|
|
||||||
# SP keys
|
# SP keys
|
||||||
samlSPMetaDataExportedAttributes => {
|
samlSPMetaDataExportedAttributes => {
|
||||||
|
@ -2769,6 +2770,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
||||||
type => 'text',
|
type => 'text',
|
||||||
documentation => 'Path of CAS Server Icon',
|
documentation => 'Path of CAS Server Icon',
|
||||||
},
|
},
|
||||||
|
casSrvMetaDataOptionsSortNumber => {
|
||||||
|
type => 'int',
|
||||||
|
documentation => 'Number to sort buttons',
|
||||||
|
},
|
||||||
|
|
||||||
# Fake attribute: used by manager REST API to agglomerate all nodes
|
# Fake attribute: used by manager REST API to agglomerate all nodes
|
||||||
# related to a CAS IDP partner
|
# related to a CAS IDP partner
|
||||||
|
@ -3342,7 +3347,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
||||||
oidcOPMetaDataOptionsDisplayName => { type => 'text', },
|
oidcOPMetaDataOptionsDisplayName => { type => 'text', },
|
||||||
oidcOPMetaDataOptionsIcon => { type => 'text', },
|
oidcOPMetaDataOptionsIcon => { type => 'text', },
|
||||||
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
|
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
|
||||||
|
oidcOPMetaDataOptionsSortNumber => { type => 'int', },
|
||||||
oidcRPMetaDataOptionsRule => {
|
oidcRPMetaDataOptionsRule => {
|
||||||
type => 'text',
|
type => 'text',
|
||||||
test => $perlExpr,
|
test => $perlExpr,
|
||||||
|
|
|
@ -94,7 +94,8 @@ sub cTrees {
|
||||||
form => 'simpleInputContainer',
|
form => 'simpleInputContainer',
|
||||||
nodes => [
|
nodes => [
|
||||||
"samlIDPMetaDataOptionsDisplayName",
|
"samlIDPMetaDataOptionsDisplayName",
|
||||||
"samlIDPMetaDataOptionsIcon"
|
"samlIDPMetaDataOptionsIcon",
|
||||||
|
"samlIDPMetaDataOptionsSortNumber"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
@ -178,7 +179,8 @@ sub cTrees {
|
||||||
form => 'simpleInputContainer',
|
form => 'simpleInputContainer',
|
||||||
nodes => [
|
nodes => [
|
||||||
'oidcOPMetaDataOptionsDisplayName',
|
'oidcOPMetaDataOptionsDisplayName',
|
||||||
'oidcOPMetaDataOptionsIcon'
|
'oidcOPMetaDataOptionsIcon',
|
||||||
|
'oidcOPMetaDataOptionsSortNumber'
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
|
@ -241,6 +243,7 @@ sub cTrees {
|
||||||
nodes => [
|
nodes => [
|
||||||
'casSrvMetaDataOptionsDisplayName',
|
'casSrvMetaDataOptionsDisplayName',
|
||||||
'casSrvMetaDataOptionsIcon',
|
'casSrvMetaDataOptionsIcon',
|
||||||
|
'casSrvMetaDataOptionsSortNumber',
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
|
|
|
@ -59,22 +59,24 @@ sub addRoutes {
|
||||||
['GET']
|
['GET']
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
unless ( $self->{viewerAllowBrowser} || $conf->{viewerAllowBrowser} ) {
|
|
||||||
|
# Difference between confs
|
||||||
|
if ( $self->{viewerAllowDiff} ) {
|
||||||
|
$self->addRoute(
|
||||||
|
view => { diff => { ':conf1' => { ':conf2' => 'viewDiff' } } } )
|
||||||
|
->addRoute( 'viewDiff.html', undef, ['GET'] );
|
||||||
|
}
|
||||||
|
unless ( $self->{viewerAllowBrowser} ) {
|
||||||
$self->addRoute(
|
$self->addRoute(
|
||||||
view => { ':cfgNum' => 'rejectKey' },
|
view => { ':cfgNum' => 'rejectKey' },
|
||||||
['GET']
|
['GET']
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
# Difference between confs
|
|
||||||
if ( $self->{viewerAllowDiff} || $conf->{viewerAllowDiff} ) {
|
|
||||||
$self->addRoute(
|
|
||||||
view => { diff => { ':conf1' => { ':conf2' => 'viewDiff' } } } )
|
|
||||||
->addRoute( 'viewDiff.html', undef, ['GET'] );
|
|
||||||
}
|
|
||||||
|
|
||||||
# Other keys
|
# Other keys
|
||||||
$self->addRoute( view => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] );
|
else {
|
||||||
|
$self->addRoute( view => { ':cfgNum' => { '*' => 'getKey' } }, ['GET'] );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub getConfByNum {
|
sub getConfByNum {
|
||||||
|
|
|
@ -126,6 +126,12 @@ function templates(tpl,key) {
|
||||||
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
|
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
|
||||||
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
|
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
|
||||||
"title" : "casSrvMetaDataOptionsIcon"
|
"title" : "casSrvMetaDataOptionsIcon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
|
||||||
|
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
|
||||||
|
"title" : "casSrvMetaDataOptionsSortNumber",
|
||||||
|
"type" : "int"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"id" : "casSrvMetaDataOptionsDisplay",
|
"id" : "casSrvMetaDataOptionsDisplay",
|
||||||
|
@ -336,6 +342,12 @@ function templates(tpl,key) {
|
||||||
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
|
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
|
||||||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
|
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
|
||||||
"title" : "oidcOPMetaDataOptionsIcon"
|
"title" : "oidcOPMetaDataOptionsIcon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
|
||||||
|
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
|
||||||
|
"title" : "oidcOPMetaDataOptionsSortNumber",
|
||||||
|
"type" : "int"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"id" : "oidcOPMetaDataOptionsDisplayParams",
|
"id" : "oidcOPMetaDataOptionsDisplayParams",
|
||||||
|
@ -859,6 +871,12 @@ function templates(tpl,key) {
|
||||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
|
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
|
||||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
|
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
|
||||||
"title" : "samlIDPMetaDataOptionsIcon"
|
"title" : "samlIDPMetaDataOptionsIcon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
|
||||||
|
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
|
||||||
|
"title" : "samlIDPMetaDataOptionsSortNumber",
|
||||||
|
"type" : "int"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"id" : "samlIDPMetaDataOptionsDisplay",
|
"id" : "samlIDPMetaDataOptionsDisplay",
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -128,6 +128,7 @@
|
||||||
"casSrvMetaDataOptionsDisplayName":"الاسم المطلوب عرضه",
|
"casSrvMetaDataOptionsDisplayName":"الاسم المطلوب عرضه",
|
||||||
"casSrvMetaDataOptionsGateway":"بوابة إثبات الهوية",
|
"casSrvMetaDataOptionsGateway":"بوابة إثبات الهوية",
|
||||||
"casSrvMetaDataOptionsIcon":"مسارالأيقونة",
|
"casSrvMetaDataOptionsIcon":"مسارالأيقونة",
|
||||||
|
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||||
"casSrvMetaDataOptionsRenew":"تجديد إثبات الهوية",
|
"casSrvMetaDataOptionsRenew":"تجديد إثبات الهوية",
|
||||||
"casSrvMetaDataOptionsProxiedServices":"خدمات البروكسي",
|
"casSrvMetaDataOptionsProxiedServices":"خدمات البروكسي",
|
||||||
"casSrvMetaDataOptionsUrl":" يو أر ل الخادم",
|
"casSrvMetaDataOptionsUrl":" يو أر ل الخادم",
|
||||||
|
@ -499,6 +500,7 @@
|
||||||
"oidcOPMetaDataOptionsDisplayName":"عرض الاسم",
|
"oidcOPMetaDataOptionsDisplayName":"عرض الاسم",
|
||||||
"oidcOPMetaDataOptionsDisplayParams":"عرض",
|
"oidcOPMetaDataOptionsDisplayParams":"عرض",
|
||||||
"oidcOPMetaDataOptionsIcon":"شعار",
|
"oidcOPMetaDataOptionsIcon":"شعار",
|
||||||
|
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||||
"oidcOPMetaDataOptionsJWKSTimeout":"مهلة بيانات JWKS",
|
"oidcOPMetaDataOptionsJWKSTimeout":"مهلة بيانات JWKS",
|
||||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"جلسة مطلوب",
|
"oidcRPMetaDataOptionsLogoutSessionRequired":"جلسة مطلوب",
|
||||||
"oidcRPMetaDataOptionsLogoutType":"نوع",
|
"oidcRPMetaDataOptionsLogoutType":"نوع",
|
||||||
|
@ -894,6 +896,7 @@
|
||||||
"samlIDPMetaDataOptionsDisplayParams":"عرض",
|
"samlIDPMetaDataOptionsDisplayParams":"عرض",
|
||||||
"samlIDPMetaDataOptionsIcon":"Logo",
|
"samlIDPMetaDataOptionsIcon":"Logo",
|
||||||
"samlIDPMetaDataOptionsSecurity":"الحماية",
|
"samlIDPMetaDataOptionsSecurity":"الحماية",
|
||||||
|
"samlIDPMetaDataOptionsSortNumber":"Order",
|
||||||
"samlIDPMetaDataOptionsStoreSAMLToken":"حفظ SAML توكن",
|
"samlIDPMetaDataOptionsStoreSAMLToken":"حفظ SAML توكن",
|
||||||
"samlIDPMetaDataOptionsRelayStateURL":"السماح بعنوان اليو آر إل ك RelayState",
|
"samlIDPMetaDataOptionsRelayStateURL":"السماح بعنوان اليو آر إل ك RelayState",
|
||||||
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
||||||
|
@ -983,4 +986,4 @@
|
||||||
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
|
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
|
||||||
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
|
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
|
||||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||||
}
|
}
|
|
@ -128,6 +128,7 @@
|
||||||
"casSrvMetaDataOptionsDisplayName":"Angezeigter Name",
|
"casSrvMetaDataOptionsDisplayName":"Angezeigter Name",
|
||||||
"casSrvMetaDataOptionsGateway":"Gateway authentication",
|
"casSrvMetaDataOptionsGateway":"Gateway authentication",
|
||||||
"casSrvMetaDataOptionsIcon":"Icon path",
|
"casSrvMetaDataOptionsIcon":"Icon path",
|
||||||
|
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||||
"casSrvMetaDataOptionsRenew":"Renew authentication",
|
"casSrvMetaDataOptionsRenew":"Renew authentication",
|
||||||
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
|
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
|
||||||
"casSrvMetaDataOptionsUrl":"Server URL",
|
"casSrvMetaDataOptionsUrl":"Server URL",
|
||||||
|
@ -499,6 +500,7 @@
|
||||||
"oidcOPMetaDataOptionsDisplayName":"Display name",
|
"oidcOPMetaDataOptionsDisplayName":"Display name",
|
||||||
"oidcOPMetaDataOptionsDisplayParams":"Display",
|
"oidcOPMetaDataOptionsDisplayParams":"Display",
|
||||||
"oidcOPMetaDataOptionsIcon":"Logo",
|
"oidcOPMetaDataOptionsIcon":"Logo",
|
||||||
|
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||||
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
|
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
|
||||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
|
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
|
||||||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||||
|
@ -894,6 +896,7 @@
|
||||||
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
||||||
"samlIDPMetaDataOptionsIcon":"Logo",
|
"samlIDPMetaDataOptionsIcon":"Logo",
|
||||||
"samlIDPMetaDataOptionsSecurity":"Security",
|
"samlIDPMetaDataOptionsSecurity":"Security",
|
||||||
|
"samlIDPMetaDataOptionsSortNumber":"Order",
|
||||||
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
|
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
|
||||||
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
|
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
|
||||||
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
||||||
|
@ -983,4 +986,4 @@
|
||||||
"samlRelayStateTimeout":"RelayState session timeout",
|
"samlRelayStateTimeout":"RelayState session timeout",
|
||||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||||
}
|
}
|
|
@ -128,6 +128,7 @@
|
||||||
"casSrvMetaDataOptionsDisplayName":"Name to display",
|
"casSrvMetaDataOptionsDisplayName":"Name to display",
|
||||||
"casSrvMetaDataOptionsGateway":"Gateway authentication",
|
"casSrvMetaDataOptionsGateway":"Gateway authentication",
|
||||||
"casSrvMetaDataOptionsIcon":"Icon path",
|
"casSrvMetaDataOptionsIcon":"Icon path",
|
||||||
|
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||||
"casSrvMetaDataOptionsRenew":"Renew authentication",
|
"casSrvMetaDataOptionsRenew":"Renew authentication",
|
||||||
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
|
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
|
||||||
"casSrvMetaDataOptionsUrl":"Server URL",
|
"casSrvMetaDataOptionsUrl":"Server URL",
|
||||||
|
@ -499,6 +500,7 @@
|
||||||
"oidcOPMetaDataOptionsDisplayName":"Display name",
|
"oidcOPMetaDataOptionsDisplayName":"Display name",
|
||||||
"oidcOPMetaDataOptionsDisplayParams":"Display",
|
"oidcOPMetaDataOptionsDisplayParams":"Display",
|
||||||
"oidcOPMetaDataOptionsIcon":"Logo",
|
"oidcOPMetaDataOptionsIcon":"Logo",
|
||||||
|
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||||
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
|
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
|
||||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
|
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
|
||||||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||||
|
@ -894,6 +896,7 @@
|
||||||
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
||||||
"samlIDPMetaDataOptionsIcon":"Logo",
|
"samlIDPMetaDataOptionsIcon":"Logo",
|
||||||
"samlIDPMetaDataOptionsSecurity":"Security",
|
"samlIDPMetaDataOptionsSecurity":"Security",
|
||||||
|
"samlIDPMetaDataOptionsSortNumber":"Order",
|
||||||
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
|
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
|
||||||
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
|
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
|
||||||
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
||||||
|
|
|
@ -128,6 +128,7 @@
|
||||||
"casSrvMetaDataOptionsDisplayName":"Nom à afficher",
|
"casSrvMetaDataOptionsDisplayName":"Nom à afficher",
|
||||||
"casSrvMetaDataOptionsGateway":"Authentification transparente",
|
"casSrvMetaDataOptionsGateway":"Authentification transparente",
|
||||||
"casSrvMetaDataOptionsIcon":"Chemin de l'icône",
|
"casSrvMetaDataOptionsIcon":"Chemin de l'icône",
|
||||||
|
"casSrvMetaDataOptionsSortNumber":"Ordre",
|
||||||
"casSrvMetaDataOptionsRenew":"Renouveller l'authentification",
|
"casSrvMetaDataOptionsRenew":"Renouveller l'authentification",
|
||||||
"casSrvMetaDataOptionsProxiedServices":"Services mandatés",
|
"casSrvMetaDataOptionsProxiedServices":"Services mandatés",
|
||||||
"casSrvMetaDataOptionsUrl":"URL du serveur",
|
"casSrvMetaDataOptionsUrl":"URL du serveur",
|
||||||
|
@ -499,6 +500,7 @@
|
||||||
"oidcOPMetaDataOptionsDisplayName":"Nom d'affichage",
|
"oidcOPMetaDataOptionsDisplayName":"Nom d'affichage",
|
||||||
"oidcOPMetaDataOptionsDisplayParams":"Affichage",
|
"oidcOPMetaDataOptionsDisplayParams":"Affichage",
|
||||||
"oidcOPMetaDataOptionsIcon":"Logo",
|
"oidcOPMetaDataOptionsIcon":"Logo",
|
||||||
|
"oidcOPMetaDataOptionsSortNumber":"Ordre",
|
||||||
"oidcOPMetaDataOptionsJWKSTimeout":"Durée de vie des données JWKS",
|
"oidcOPMetaDataOptionsJWKSTimeout":"Durée de vie des données JWKS",
|
||||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session requise",
|
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session requise",
|
||||||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||||
|
@ -894,6 +896,7 @@
|
||||||
"samlIDPMetaDataOptionsDisplayParams":"Affichage",
|
"samlIDPMetaDataOptionsDisplayParams":"Affichage",
|
||||||
"samlIDPMetaDataOptionsIcon":"Logo",
|
"samlIDPMetaDataOptionsIcon":"Logo",
|
||||||
"samlIDPMetaDataOptionsSecurity":"Sécurité",
|
"samlIDPMetaDataOptionsSecurity":"Sécurité",
|
||||||
|
"samlIDPMetaDataOptionsSortNumber":"Ordre",
|
||||||
"samlIDPMetaDataOptionsStoreSAMLToken":"Conserver le jeton SAML",
|
"samlIDPMetaDataOptionsStoreSAMLToken":"Conserver le jeton SAML",
|
||||||
"samlIDPMetaDataOptionsRelayStateURL":"Pemettre une URL dans le RelayState",
|
"samlIDPMetaDataOptionsRelayStateURL":"Pemettre une URL dans le RelayState",
|
||||||
"samlIDPMetaDataOptionsUserAttribute":"Attribut contenant l'identité de l'utilisateur",
|
"samlIDPMetaDataOptionsUserAttribute":"Attribut contenant l'identité de l'utilisateur",
|
||||||
|
|
|
@ -124,10 +124,11 @@
|
||||||
"casSrv":"Server CAS ",
|
"casSrv":"Server CAS ",
|
||||||
"casSrvMetaDataExportedVars":"Attributi esportati",
|
"casSrvMetaDataExportedVars":"Attributi esportati",
|
||||||
"casSrvMetaDataOptions":"Opzioni",
|
"casSrvMetaDataOptions":"Opzioni",
|
||||||
"casSrvMetaDataOptionsDisplay":"Display",
|
"casSrvMetaDataOptionsDisplay":"Visualizza ",
|
||||||
"casSrvMetaDataOptionsDisplayName":"Nome da visualizzare",
|
"casSrvMetaDataOptionsDisplayName":"Nome da visualizzare",
|
||||||
"casSrvMetaDataOptionsGateway":"Autenticazione gateway",
|
"casSrvMetaDataOptionsGateway":"Autenticazione gateway",
|
||||||
"casSrvMetaDataOptionsIcon":"Path icona",
|
"casSrvMetaDataOptionsIcon":"Path icona",
|
||||||
|
"casSrvMetaDataOptionsSortNumber":"Ordine",
|
||||||
"casSrvMetaDataOptionsRenew":"Rinnova l'autenticazione",
|
"casSrvMetaDataOptionsRenew":"Rinnova l'autenticazione",
|
||||||
"casSrvMetaDataOptionsProxiedServices":"Servizi Proxied",
|
"casSrvMetaDataOptionsProxiedServices":"Servizi Proxied",
|
||||||
"casSrvMetaDataOptionsUrl":"URL del server",
|
"casSrvMetaDataOptionsUrl":"URL del server",
|
||||||
|
@ -151,12 +152,12 @@
|
||||||
"clickHereToForce":"Clicca qui per forzare",
|
"clickHereToForce":"Clicca qui per forzare",
|
||||||
"checkState":"Attivazione",
|
"checkState":"Attivazione",
|
||||||
"checkStateSecret":"Segreto condiviso",
|
"checkStateSecret":"Segreto condiviso",
|
||||||
"checkUsers":"SSO profile Check",
|
"checkUsers":"Controllo del profilo SSO",
|
||||||
"checkUser":"Activation",
|
"checkUser":"Attivazione",
|
||||||
"checkUserIdRule":"Identities use rule",
|
"checkUserIdRule":"Uso della regola delle identità",
|
||||||
"checkUserHiddenAttributes":"Hidden attributes",
|
"checkUserHiddenAttributes":"Attributi nascosti",
|
||||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
"checkUserDisplayPersistentInfo":"Mostra sessione persistente",
|
||||||
"checkUserDisplayEmptyValues":"Display empty values",
|
"checkUserDisplayEmptyValues":"Mostra valori vuoti",
|
||||||
"choiceParams":"Scelta parametri",
|
"choiceParams":"Scelta parametri",
|
||||||
"chooseLogo":"Scegli logo",
|
"chooseLogo":"Scegli logo",
|
||||||
"chooseSkin":"Scegli interfaccia",
|
"chooseSkin":"Scegli interfaccia",
|
||||||
|
@ -243,13 +244,13 @@
|
||||||
"enabled":"Abilitato",
|
"enabled":"Abilitato",
|
||||||
"enterPassword":"Inserisci password (opzionale)",
|
"enterPassword":"Inserisci password (opzionale)",
|
||||||
"error":"Errore",
|
"error":"Errore",
|
||||||
"errors":"ERRORS",
|
"errors":"ERRORI",
|
||||||
"exportedAttr":"Attributi di SOAP/REST esportati",
|
"exportedAttr":"Attributi di SOAP/REST esportati",
|
||||||
"exportedHeaders":"Intestazioni esportate",
|
"exportedHeaders":"Intestazioni esportate",
|
||||||
"exportedVars":"Variabili esportate",
|
"exportedVars":"Variabili esportate",
|
||||||
"external2f":"2° fattore esterno",
|
"external2f":"2° fattore esterno",
|
||||||
"ext2fActivation":"Attivazione",
|
"ext2fActivation":"Attivazione",
|
||||||
"ext2fCodeActivation":"Code regex",
|
"ext2fCodeActivation":"Codice regex",
|
||||||
"ext2fAuthnLevel":"Livello di autenticazione",
|
"ext2fAuthnLevel":"Livello di autenticazione",
|
||||||
"ext2fLogo":"Logo",
|
"ext2fLogo":"Logo",
|
||||||
"ext2FSendCommand":"Invia comando",
|
"ext2FSendCommand":"Invia comando",
|
||||||
|
@ -273,8 +274,8 @@
|
||||||
"globalStorage":"Modulo Apache::Session",
|
"globalStorage":"Modulo Apache::Session",
|
||||||
"globalStorageOptions":"Parametri di modulo Apache::Session",
|
"globalStorageOptions":"Parametri di modulo Apache::Session",
|
||||||
"gpgAuthnLevel":"Livello di autenticazione",
|
"gpgAuthnLevel":"Livello di autenticazione",
|
||||||
"gpgDb":"GPG database",
|
"gpgDb":"Database GPG",
|
||||||
"gpgParams":"GPG parameters",
|
"gpgParams":"Parametri GPG",
|
||||||
"grantSessionRules":"Condizioni di apertura",
|
"grantSessionRules":"Condizioni di apertura",
|
||||||
"groups":"Gruppi",
|
"groups":"Gruppi",
|
||||||
"hashkey":"Chiave",
|
"hashkey":"Chiave",
|
||||||
|
@ -288,13 +289,13 @@
|
||||||
"hideTree":"Nascondi l'albero",
|
"hideTree":"Nascondi l'albero",
|
||||||
"httpOnly":"Protezione Javascript",
|
"httpOnly":"Protezione Javascript",
|
||||||
"https":"HTTPS",
|
"https":"HTTPS",
|
||||||
"impersonation":"Impersonation",
|
"impersonation":"Imitazione",
|
||||||
"impersonationRule":"Use rule",
|
"impersonationRule":"Usa la regola",
|
||||||
"impersonationIdRule":"Identities use rule",
|
"impersonationIdRule":"Le identità usano la regola",
|
||||||
"impersonationHiddenAttributes":"Hidden attributes",
|
"impersonationHiddenAttributes":"Attributi nascosti",
|
||||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
"impersonationMergeSSOgroups":"Unisci gruppi SSO falsificati e reali",
|
||||||
"impersonationPrefix":"Real attributes prefix",
|
"impersonationPrefix":"Prefisso degli attributi reali",
|
||||||
"impersonationSkipEmptyValues":"Skip empty values",
|
"impersonationSkipEmptyValues":"Salta valori vuoti",
|
||||||
"incompleteForm":"Mancano campi obbligatori",
|
"incompleteForm":"Mancano campi obbligatori",
|
||||||
"index":"Indice",
|
"index":"Indice",
|
||||||
"infoFormMethod":"Metodo per il modulo informazioni",
|
"infoFormMethod":"Metodo per il modulo informazioni",
|
||||||
|
@ -355,7 +356,7 @@
|
||||||
"ldapGroupAttributeNameSearch":"Attributi ricercati",
|
"ldapGroupAttributeNameSearch":"Attributi ricercati",
|
||||||
"ldapGroupAttributeNameUser":"Attributo origine utente",
|
"ldapGroupAttributeNameUser":"Attributo origine utente",
|
||||||
"ldapGroupBase":"Base di ricerca",
|
"ldapGroupBase":"Base di ricerca",
|
||||||
"ldapGroupDecodeSearchedValue":"Decode searched value",
|
"ldapGroupDecodeSearchedValue":"Decodifica il valore cercato",
|
||||||
"ldapGroupObjectClass":"Classe oggetto",
|
"ldapGroupObjectClass":"Classe oggetto",
|
||||||
"ldapGroupRecursive":"Ricorsivo",
|
"ldapGroupRecursive":"Ricorsivo",
|
||||||
"ldapGroups":"Gruppi",
|
"ldapGroups":"Gruppi",
|
||||||
|
@ -395,12 +396,12 @@
|
||||||
"lwpOpts":"Opzioni per le richieste del server",
|
"lwpOpts":"Opzioni per le richieste del server",
|
||||||
"lwpSslOpts":"Opzioni SSL per le richieste del server",
|
"lwpSslOpts":"Opzioni SSL per le richieste del server",
|
||||||
"macros":"Macro",
|
"macros":"Macro",
|
||||||
"mail2f":"Mail second factor",
|
"mail2f":"Mail secondo fattore",
|
||||||
"mail2fActivation":"Activation",
|
"mail2fActivation":"Attivazione",
|
||||||
"mail2fCodeRegex":"Code regex",
|
"mail2fCodeRegex":"Codice regex",
|
||||||
"mail2fTimeout":"Code timeout",
|
"mail2fTimeout":"Codice timeout",
|
||||||
"mail2fSubject":"Mail subject",
|
"mail2fSubject":"Oggetto della mail",
|
||||||
"mail2fBody":"Mail body",
|
"mail2fBody":"Corpo del messaggio",
|
||||||
"mail2fAuthnLevel":"Livello di autenticazione",
|
"mail2fAuthnLevel":"Livello di autenticazione",
|
||||||
"mail2fLogo":"Logo",
|
"mail2fLogo":"Logo",
|
||||||
"mailBody":"Successo contenuto di posta",
|
"mailBody":"Successo contenuto di posta",
|
||||||
|
@ -499,6 +500,7 @@
|
||||||
"oidcOPMetaDataOptionsDisplayName":"Visualizza nome",
|
"oidcOPMetaDataOptionsDisplayName":"Visualizza nome",
|
||||||
"oidcOPMetaDataOptionsDisplayParams":"Visualizza",
|
"oidcOPMetaDataOptionsDisplayParams":"Visualizza",
|
||||||
"oidcOPMetaDataOptionsIcon":"Logo",
|
"oidcOPMetaDataOptionsIcon":"Logo",
|
||||||
|
"oidcOPMetaDataOptionsSortNumber":"Ordine",
|
||||||
"oidcOPMetaDataOptionsJWKSTimeout":"Timeout dei dati di JWKS",
|
"oidcOPMetaDataOptionsJWKSTimeout":"Timeout dei dati di JWKS",
|
||||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Sessione necessaria",
|
"oidcRPMetaDataOptionsLogoutSessionRequired":"Sessione necessaria",
|
||||||
"oidcRPMetaDataOptionsLogoutType":"Tipo",
|
"oidcRPMetaDataOptionsLogoutType":"Tipo",
|
||||||
|
@ -649,7 +651,7 @@
|
||||||
"radiusSecret":"Segreto condiviso",
|
"radiusSecret":"Segreto condiviso",
|
||||||
"radiusServer":"Nome host del server",
|
"radiusServer":"Nome host del server",
|
||||||
"randomPasswordRegexp":"Regex per la generazione di password",
|
"randomPasswordRegexp":"Regex per la generazione di password",
|
||||||
"readOnlyMode":"Read-Only mode",
|
"readOnlyMode":"Modalità di sola lettura",
|
||||||
"redirectFormMethod":"Metodo per il modulo di reindirizzamento",
|
"redirectFormMethod":"Metodo per il modulo di reindirizzamento",
|
||||||
"redirection":"Redirezioni del gestore",
|
"redirection":"Redirezioni del gestore",
|
||||||
"reference":"Riferimento",
|
"reference":"Riferimento",
|
||||||
|
@ -889,11 +891,12 @@
|
||||||
"samlIDPMetaDataOptionsSession":"Sessioni",
|
"samlIDPMetaDataOptionsSession":"Sessioni",
|
||||||
"samlIDPMetaDataOptionsSignature":"Firma",
|
"samlIDPMetaDataOptionsSignature":"Firma",
|
||||||
"samlIDPMetaDataOptionsBinding":"Vincolante",
|
"samlIDPMetaDataOptionsBinding":"Vincolante",
|
||||||
"samlIDPMetaDataOptionsDisplay":"Display",
|
"samlIDPMetaDataOptionsDisplay":" Visualizza ",
|
||||||
"samlIDPMetaDataOptionsDisplayName":"Display name",
|
"samlIDPMetaDataOptionsDisplayName":"Nome da visualizzare",
|
||||||
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
"samlIDPMetaDataOptionsDisplayParams":" Visualizza ",
|
||||||
"samlIDPMetaDataOptionsIcon":"Logo",
|
"samlIDPMetaDataOptionsIcon":"Logo",
|
||||||
"samlIDPMetaDataOptionsSecurity":"Sicurezza",
|
"samlIDPMetaDataOptionsSecurity":"Sicurezza",
|
||||||
|
"samlIDPMetaDataOptionsSortNumber":"Ordine",
|
||||||
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
|
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
|
||||||
"samlIDPMetaDataOptionsRelayStateURL":"Consenti l'URL come RelayState",
|
"samlIDPMetaDataOptionsRelayStateURL":"Consenti l'URL come RelayState",
|
||||||
"samlIDPMetaDataOptionsUserAttribute":"Attributo che contiene l'identificatore dell'utente",
|
"samlIDPMetaDataOptionsUserAttribute":"Attributo che contiene l'identificatore dell'utente",
|
||||||
|
@ -982,5 +985,5 @@
|
||||||
"samlCommonDomainCookieWriter":"URL dell'autore",
|
"samlCommonDomainCookieWriter":"URL dell'autore",
|
||||||
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
|
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
|
||||||
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
|
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
|
||||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
"samlOverrideIDPEntityID":"Sostituisci l'ID entità quando agisce come IDP"
|
||||||
}
|
}
|
|
@ -128,6 +128,7 @@
|
||||||
"casSrvMetaDataOptionsDisplayName":"Tên để hiển thị",
|
"casSrvMetaDataOptionsDisplayName":"Tên để hiển thị",
|
||||||
"casSrvMetaDataOptionsGateway":"Xác thực Gateway",
|
"casSrvMetaDataOptionsGateway":"Xác thực Gateway",
|
||||||
"casSrvMetaDataOptionsIcon":"Đường dẫn Icon",
|
"casSrvMetaDataOptionsIcon":"Đường dẫn Icon",
|
||||||
|
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||||
"casSrvMetaDataOptionsRenew":"Gia hạn chứng thực",
|
"casSrvMetaDataOptionsRenew":"Gia hạn chứng thực",
|
||||||
"casSrvMetaDataOptionsProxiedServices":"Dịch vụ proxy",
|
"casSrvMetaDataOptionsProxiedServices":"Dịch vụ proxy",
|
||||||
"casSrvMetaDataOptionsUrl":"URL máy chủ",
|
"casSrvMetaDataOptionsUrl":"URL máy chủ",
|
||||||
|
@ -499,6 +500,7 @@
|
||||||
"oidcOPMetaDataOptionsDisplayName":"Tên hiển thị",
|
"oidcOPMetaDataOptionsDisplayName":"Tên hiển thị",
|
||||||
"oidcOPMetaDataOptionsDisplayParams":"Hiển thị",
|
"oidcOPMetaDataOptionsDisplayParams":"Hiển thị",
|
||||||
"oidcOPMetaDataOptionsIcon":"Logo",
|
"oidcOPMetaDataOptionsIcon":"Logo",
|
||||||
|
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||||
"oidcOPMetaDataOptionsJWKSTimeout":"Thời gian chờ của dữ liệu JWKS",
|
"oidcOPMetaDataOptionsJWKSTimeout":"Thời gian chờ của dữ liệu JWKS",
|
||||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Phiên yêu cầu",
|
"oidcRPMetaDataOptionsLogoutSessionRequired":"Phiên yêu cầu",
|
||||||
"oidcRPMetaDataOptionsLogoutType":"Loại",
|
"oidcRPMetaDataOptionsLogoutType":"Loại",
|
||||||
|
@ -894,6 +896,7 @@
|
||||||
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
||||||
"samlIDPMetaDataOptionsIcon":"Logo",
|
"samlIDPMetaDataOptionsIcon":"Logo",
|
||||||
"samlIDPMetaDataOptionsSecurity":"Bảo mật",
|
"samlIDPMetaDataOptionsSecurity":"Bảo mật",
|
||||||
|
"samlIDPMetaDataOptionsSortNumber":"Order",
|
||||||
"samlIDPMetaDataOptionsStoreSAMLToken":"Lưu trữ token SAML",
|
"samlIDPMetaDataOptionsStoreSAMLToken":"Lưu trữ token SAML",
|
||||||
"samlIDPMetaDataOptionsRelayStateURL":"Cho phép URL như RelayState",
|
"samlIDPMetaDataOptionsRelayStateURL":"Cho phép URL như RelayState",
|
||||||
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
||||||
|
@ -983,4 +986,4 @@
|
||||||
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
|
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
|
||||||
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
|
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
|
||||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||||
}
|
}
|
|
@ -128,6 +128,7 @@
|
||||||
"casSrvMetaDataOptionsDisplayName":"显示名称",
|
"casSrvMetaDataOptionsDisplayName":"显示名称",
|
||||||
"casSrvMetaDataOptionsGateway":"网关认证",
|
"casSrvMetaDataOptionsGateway":"网关认证",
|
||||||
"casSrvMetaDataOptionsIcon":"图标路径",
|
"casSrvMetaDataOptionsIcon":"图标路径",
|
||||||
|
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||||
"casSrvMetaDataOptionsRenew":"Renew authentication",
|
"casSrvMetaDataOptionsRenew":"Renew authentication",
|
||||||
"casSrvMetaDataOptionsProxiedServices":"代理服务",
|
"casSrvMetaDataOptionsProxiedServices":"代理服务",
|
||||||
"casSrvMetaDataOptionsUrl":"服务器 URL",
|
"casSrvMetaDataOptionsUrl":"服务器 URL",
|
||||||
|
@ -499,6 +500,7 @@
|
||||||
"oidcOPMetaDataOptionsDisplayName":"Display name",
|
"oidcOPMetaDataOptionsDisplayName":"Display name",
|
||||||
"oidcOPMetaDataOptionsDisplayParams":"Display",
|
"oidcOPMetaDataOptionsDisplayParams":"Display",
|
||||||
"oidcOPMetaDataOptionsIcon":"Logo",
|
"oidcOPMetaDataOptionsIcon":"Logo",
|
||||||
|
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||||
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
|
"oidcOPMetaDataOptionsJWKSTimeout":"JWKS data timeout",
|
||||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
|
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
|
||||||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||||
|
@ -894,6 +896,7 @@
|
||||||
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
"samlIDPMetaDataOptionsDisplayParams":"Display",
|
||||||
"samlIDPMetaDataOptionsIcon":"Logo",
|
"samlIDPMetaDataOptionsIcon":"Logo",
|
||||||
"samlIDPMetaDataOptionsSecurity":"Security",
|
"samlIDPMetaDataOptionsSecurity":"Security",
|
||||||
|
"samlIDPMetaDataOptionsSortNumber":"Order",
|
||||||
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
|
"samlIDPMetaDataOptionsStoreSAMLToken":"Store SAML Token",
|
||||||
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
|
"samlIDPMetaDataOptionsRelayStateURL":"Allow URL as RelayState",
|
||||||
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
"samlIDPMetaDataOptionsUserAttribute":"Attribute containing user identifier",
|
||||||
|
@ -983,4 +986,4 @@
|
||||||
"samlRelayStateTimeout":"RelayState session timeout",
|
"samlRelayStateTimeout":"RelayState session timeout",
|
||||||
"samlUseQueryStringSpecific":"Use specific query_string method",
|
"samlUseQueryStringSpecific":"Use specific query_string method",
|
||||||
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
|
||||||
}
|
}
|
|
@ -112,7 +112,7 @@
|
||||||
|
|
||||||
<!-- //if:jsminified
|
<!-- //if:jsminified
|
||||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/conftree.min.js"></script>
|
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/conftree.min.js"></script>
|
||||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/veiwDiff.min.js"></script>
|
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/viewDiff.min.js"></script>
|
||||||
//else -->
|
//else -->
|
||||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/conftree.js"></script>
|
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/conftree.js"></script>
|
||||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/viewDiff.js"></script>
|
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">js/viewDiff.js"></script>
|
||||||
|
|
|
@ -8,6 +8,7 @@ use JSON qw(from_json);
|
||||||
require 't/test-lib.pm';
|
require 't/test-lib.pm';
|
||||||
|
|
||||||
my $struct = 't/jsonfiles/70-diff.json';
|
my $struct = 't/jsonfiles/70-diff.json';
|
||||||
|
|
||||||
sub body {
|
sub body {
|
||||||
return IO::File->new( $struct, 'r' );
|
return IO::File->new( $struct, 'r' );
|
||||||
}
|
}
|
||||||
|
@ -19,9 +20,11 @@ count(1);
|
||||||
|
|
||||||
# Test that hidden key values are NOT sent
|
# Test that hidden key values are NOT sent
|
||||||
$res = &client->jsonResponse('/view/1/portalDisplayLogout');
|
$res = &client->jsonResponse('/view/1/portalDisplayLogout');
|
||||||
ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
|
ok( $res->{value} eq '_Hidden_', 'Key is hidden' )
|
||||||
|
or explain( $res, 'value => "_Hidden_"' );
|
||||||
$res = &client->jsonResponse('/view/1/samlIDPMetaDataNodes');
|
$res = &client->jsonResponse('/view/1/samlIDPMetaDataNodes');
|
||||||
ok( $res->{value} eq '_Hidden_', 'Key is hidden' );
|
ok( $res->{value} eq '_Hidden_', 'Key is hidden' )
|
||||||
|
or explain( $res, 'value => "_Hidden_"' );
|
||||||
count(2);
|
count(2);
|
||||||
|
|
||||||
# Try to display latest conf
|
# Try to display latest conf
|
||||||
|
@ -29,12 +32,17 @@ $res = &client->jsonResponse('/view/latest');
|
||||||
ok( $res->{cfgNum} eq '1', 'Browser is allowed' );
|
ok( $res->{cfgNum} eq '1', 'Browser is allowed' );
|
||||||
count(1);
|
count(1);
|
||||||
|
|
||||||
ok( $res = &client->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
|
ok(
|
||||||
"Request succeed" );
|
$res = &client->_post(
|
||||||
|
'/confs/', 'cfgNum=1&force=1', &body, 'application/json'
|
||||||
|
),
|
||||||
|
"Request succeed"
|
||||||
|
);
|
||||||
ok( $res->[0] == 200, "Result code is 200" );
|
ok( $res->[0] == 200, "Result code is 200" );
|
||||||
my $resBody;
|
my $resBody;
|
||||||
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
|
ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" );
|
||||||
count(3);
|
count(3);
|
||||||
|
|
||||||
foreach my $i ( 0 .. 1 ) {
|
foreach my $i ( 0 .. 1 ) {
|
||||||
ok(
|
ok(
|
||||||
$resBody->{details}->{__changes__}->[$i]->{key} =~
|
$resBody->{details}->{__changes__}->[$i]->{key} =~
|
||||||
|
@ -46,10 +54,11 @@ count(2);
|
||||||
|
|
||||||
# Try to compare confs 1 & 2
|
# Try to compare confs 1 & 2
|
||||||
$res = &client->jsonResponse('/view/diff/1/2');
|
$res = &client->jsonResponse('/view/diff/1/2');
|
||||||
|
|
||||||
# ok( $res->[1]->{captcha_login_enabled} eq '1', 'Key found' );
|
# ok( $res->[1]->{captcha_login_enabled} eq '1', 'Key found' );
|
||||||
ok( $res->[1]->{captcha_mail_enabled} eq '0', 'Key found' );
|
ok( $res->[1]->{captcha_mail_enabled} eq '0', 'Key found' );
|
||||||
ok( 6 == keys %{ $res->[1] }, 'Right number of keys found')
|
ok( 6 == keys %{ $res->[1] }, 'Right number of keys found' )
|
||||||
or print STDERR Dumper($res);
|
or print STDERR Dumper($res);
|
||||||
count(2);
|
count(2);
|
||||||
|
|
||||||
# Remove new conf
|
# Remove new conf
|
||||||
|
|
|
@ -21,13 +21,10 @@ ok(
|
||||||
'Client object'
|
'Client object'
|
||||||
);
|
);
|
||||||
|
|
||||||
# Try to display latest conf
|
|
||||||
my $res = $client2->jsonResponse('/view/1');
|
|
||||||
ok( $res->{value} eq '_Hidden_', 'Browser is NOT allowed' );
|
|
||||||
count(2);
|
|
||||||
|
|
||||||
# Try to compare confs 1 & 2
|
# Try to compare confs 1 & 2
|
||||||
ok( $res = $client2->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
|
ok( my $res = $client2->_post( '/confs/', 'cfgNum=1&force=1', &body, 'application/json' ),
|
||||||
"Request succeed" );
|
"Request succeed" );
|
||||||
ok( $res->[0] == 200, "Result code is 200" );
|
ok( $res->[0] == 200, "Result code is 200" );
|
||||||
my $resBody;
|
my $resBody;
|
||||||
|
@ -45,6 +42,11 @@ $res = $client2->jsonResponse('/view/diff/1/2');
|
||||||
ok( $res->{value} eq '_Hidden_', 'Diff is NOT allowed' );
|
ok( $res->{value} eq '_Hidden_', 'Diff is NOT allowed' );
|
||||||
count(1);
|
count(1);
|
||||||
|
|
||||||
|
# Try to display latest conf
|
||||||
|
$res = $client2->jsonResponse('/view/2');
|
||||||
|
ok( $res->{value} eq '_Hidden_', 'Browser is NOT allowed' );
|
||||||
|
count(2);
|
||||||
|
|
||||||
# Remove new conf
|
# Remove new conf
|
||||||
`rm -rf t/conf/lmConf-2.json`;
|
`rm -rf t/conf/lmConf-2.json`;
|
||||||
|
|
||||||
|
|
|
@ -128,7 +128,7 @@ sub run {
|
||||||
$self->p->updatePersistentSession( $req,
|
$self->p->updatePersistentSession( $req,
|
||||||
{ _2fDevices => to_json($_2fDevices) } );
|
{ _2fDevices => to_json($_2fDevices) } );
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
"Yubikey registration of $keyName succeeds for $user");
|
"Yubikey registration of $UBKName succeeds for $user");
|
||||||
|
|
||||||
return $self->p->sendHtml(
|
return $self->p->sendHtml(
|
||||||
$req, 'error',
|
$req, 'error',
|
||||||
|
|
|
@ -40,10 +40,16 @@ sub init {
|
||||||
$portalPath =~ s#^https?://[^/]+/?#/#;
|
$portalPath =~ s#^https?://[^/]+/?#/#;
|
||||||
|
|
||||||
foreach (@tab) {
|
foreach (@tab) {
|
||||||
my $name = $self->conf->{casSrvMetaDataOptions}->{$_}
|
my $name = $_;
|
||||||
|
$name =
|
||||||
|
$self->conf->{casSrvMetaDataOptions}->{$_}
|
||||||
|
->{casSrvMetaDataOptionsDisplayName}
|
||||||
|
if $self->conf->{casSrvMetaDataOptions}->{$_}
|
||||||
->{casSrvMetaDataOptionsDisplayName};
|
->{casSrvMetaDataOptionsDisplayName};
|
||||||
my $icon = $self->conf->{casSrvMetaDataOptions}->{$_}
|
my $icon = $self->conf->{casSrvMetaDataOptions}->{$_}
|
||||||
->{casSrvMetaDataOptionsIcon};
|
->{casSrvMetaDataOptionsIcon};
|
||||||
|
my $order = $self->conf->{casSrvMetaDataOptions}->{$_}
|
||||||
|
->{casSrvMetaDataOptionsSortNumber} // 0;
|
||||||
my $img_src;
|
my $img_src;
|
||||||
|
|
||||||
if ($icon) {
|
if ($icon) {
|
||||||
|
@ -52,15 +58,21 @@ sub init {
|
||||||
? $icon
|
? $icon
|
||||||
: $portalPath . $self->p->staticPrefix . "/common/" . $icon;
|
: $portalPath . $self->p->staticPrefix . "/common/" . $icon;
|
||||||
}
|
}
|
||||||
|
|
||||||
push @list,
|
push @list,
|
||||||
{
|
{
|
||||||
val => $_,
|
val => $_,
|
||||||
name => $name,
|
name => $name,
|
||||||
icon => $img_src,
|
icon => $img_src,
|
||||||
|
order => $order,
|
||||||
class => "openidconnect",
|
class => "openidconnect",
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@list =
|
||||||
|
sort {
|
||||||
|
$a->{order} <=> $b->{order}
|
||||||
|
or $a->{name} cmp $b->{name}
|
||||||
|
or $a->{val} cmp $b->{val}
|
||||||
|
} @list;
|
||||||
$self->srvList( \@list );
|
$self->srvList( \@list );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,7 @@ extends 'Lemonldap::NG::Portal::Main::Auth',
|
||||||
|
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
has opList => ( is => 'rw', default => sub { [] } );
|
has opList => ( is => 'rw', default => sub { [] } );
|
||||||
has opNumber => ( is => 'rw', default => 0 );
|
has opNumber => ( is => 'rw', default => 0 );
|
||||||
has path => ( is => 'rw', default => 'oauth2' );
|
has path => ( is => 'rw', default => 'oauth2' );
|
||||||
|
|
||||||
|
@ -41,10 +41,16 @@ sub init {
|
||||||
#$portalPath =~ s#^https?://[^/]+/?#/#;
|
#$portalPath =~ s#^https?://[^/]+/?#/#;
|
||||||
|
|
||||||
foreach (@tab) {
|
foreach (@tab) {
|
||||||
my $name = $self->conf->{oidcOPMetaDataOptions}->{$_}
|
my $name = $_;
|
||||||
|
$name =
|
||||||
|
$self->conf->{oidcOPMetaDataOptions}->{$_}
|
||||||
|
->{oidcOPMetaDataOptionsDisplayName}
|
||||||
|
if $self->conf->{oidcOPMetaDataOptions}->{$_}
|
||||||
->{oidcOPMetaDataOptionsDisplayName};
|
->{oidcOPMetaDataOptionsDisplayName};
|
||||||
my $icon = $self->conf->{oidcOPMetaDataOptions}->{$_}
|
my $icon = $self->conf->{oidcOPMetaDataOptions}->{$_}
|
||||||
->{oidcOPMetaDataOptionsIcon};
|
->{oidcOPMetaDataOptionsIcon};
|
||||||
|
my $order = $self->conf->{oidcOPMetaDataOptions}->{$_}
|
||||||
|
->{oidcOPMetaDataOptionsSortNumber} // 0;
|
||||||
my $img_src;
|
my $img_src;
|
||||||
|
|
||||||
if ($icon) {
|
if ($icon) {
|
||||||
|
@ -60,6 +66,7 @@ sub init {
|
||||||
name => $name,
|
name => $name,
|
||||||
icon => $img_src,
|
icon => $img_src,
|
||||||
class => "openidconnect",
|
class => "openidconnect",
|
||||||
|
order => $order
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
$self->addRouteFromConf(
|
$self->addRouteFromConf(
|
||||||
|
@ -72,6 +79,12 @@ sub init {
|
||||||
oidcServiceMetaDataFrontChannelURI => 'frontLogout',
|
oidcServiceMetaDataFrontChannelURI => 'frontLogout',
|
||||||
oidcServiceMetaDataBackChannelURI => 'backLogout',
|
oidcServiceMetaDataBackChannelURI => 'backLogout',
|
||||||
);
|
);
|
||||||
|
@list =
|
||||||
|
sort {
|
||||||
|
$a->{order} <=> $b->{order}
|
||||||
|
or $a->{name} cmp $b->{name}
|
||||||
|
or $a->{val} cmp $b->{val}
|
||||||
|
} @list;
|
||||||
$self->opList( [@list] );
|
$self->opList( [@list] );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -893,13 +893,11 @@ sub extractFormInfo {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Will try to use SAML Discovery Protocol for IDP resolution");
|
"Will try to use SAML Discovery Protocol for IDP resolution");
|
||||||
|
|
||||||
if ($req->urldc) {
|
if ( $req->urldc ) {
|
||||||
$req->pdata->{_url} = encode_base64($req->urldc, '');
|
$req->pdata->{_url} = encode_base64( $req->urldc, '' );
|
||||||
}
|
}
|
||||||
|
|
||||||
my $disco_url = $self->conf->{samlDiscoveryProtocolURL};
|
my $disco_url = $self->conf->{samlDiscoveryProtocolURL};
|
||||||
|
my $portal = $self->conf->{portal};
|
||||||
my $portal = $self->conf->{portal};
|
|
||||||
$disco_url .= ( $disco_url =~ /\?/ ? '&' : '?' )
|
$disco_url .= ( $disco_url =~ /\?/ ? '&' : '?' )
|
||||||
. build_urlencoded(
|
. build_urlencoded(
|
||||||
entityID => $self->getMetaDataURL( 'samlEntityID', 0, 1 ),
|
entityID => $self->getMetaDataURL( 'samlEntityID', 0, 1 ),
|
||||||
|
@ -947,6 +945,7 @@ sub extractFormInfo {
|
||||||
$idpName = $self->{idpList}->{$_}->{displayName}
|
$idpName = $self->{idpList}->{$_}->{displayName}
|
||||||
if $self->{idpList}->{$_}->{displayName};
|
if $self->{idpList}->{$_}->{displayName};
|
||||||
my $icon = $self->{idpList}->{$_}->{icon};
|
my $icon = $self->{idpList}->{$_}->{icon};
|
||||||
|
my $order = $self->{idpList}->{$_}->{order} // 0;
|
||||||
my $img_src = '';
|
my $img_src = '';
|
||||||
|
|
||||||
if ($icon) {
|
if ($icon) {
|
||||||
|
@ -957,14 +956,22 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
$self->logger->debug( "IDP "
|
$self->logger->debug( "IDP "
|
||||||
. $self->{idpList}->{$_}->{name}
|
. $self->{idpList}->{$_}->{name}
|
||||||
. " -> DisplayName : $idpName with Icon : $img_src" );
|
. " -> DisplayName : $idpName with Icon : $img_src at order : $order"
|
||||||
|
);
|
||||||
push @list,
|
push @list,
|
||||||
{
|
{
|
||||||
val => $_,
|
val => $_,
|
||||||
name => $idpName,
|
name => $idpName,
|
||||||
icon => $img_src,
|
icon => $img_src,
|
||||||
|
order => $order,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@list =
|
||||||
|
sort {
|
||||||
|
$a->{order} <=> $b->{order}
|
||||||
|
or $a->{name} cmp $b->{name}
|
||||||
|
or $a->{val} cmp $b->{val}
|
||||||
|
} @list;
|
||||||
$req->data->{list} = \@list;
|
$req->data->{list} = \@list;
|
||||||
$req->data->{confirmRemember} = 1;
|
$req->data->{confirmRemember} = 1;
|
||||||
|
|
||||||
|
|
|
@ -186,7 +186,7 @@ sub loadService {
|
||||||
|
|
||||||
# Create Lasso server with service metadata
|
# Create Lasso server with service metadata
|
||||||
my $server = $self->createServer(
|
my $server = $self->createServer(
|
||||||
$service_metadata->serviceToXML( $self->conf, ''),
|
$service_metadata->serviceToXML( $self->conf, '' ),
|
||||||
$self->conf->{samlServicePrivateKeySig},
|
$self->conf->{samlServicePrivateKeySig},
|
||||||
$self->conf->{samlServicePrivateKeySigPwd},
|
$self->conf->{samlServicePrivateKeySigPwd},
|
||||||
|
|
||||||
|
@ -295,6 +295,9 @@ sub loadIDPs {
|
||||||
$self->idpList->{$entityID}->{icon} =
|
$self->idpList->{$entityID}->{icon} =
|
||||||
$self->conf->{samlIDPMetaDataOptions}->{$_}
|
$self->conf->{samlIDPMetaDataOptions}->{$_}
|
||||||
->{samlIDPMetaDataOptionsIcon};
|
->{samlIDPMetaDataOptionsIcon};
|
||||||
|
$self->idpList->{$entityID}->{order} =
|
||||||
|
$self->conf->{samlIDPMetaDataOptions}->{$_}
|
||||||
|
->{samlIDPMetaDataOptionsSortNumber};
|
||||||
|
|
||||||
# Set rule
|
# Set rule
|
||||||
my $cond = $self->conf->{samlIDPMetaDataOptions}->{$_}
|
my $cond = $self->conf->{samlIDPMetaDataOptions}->{$_}
|
||||||
|
|
|
@ -184,8 +184,10 @@ sub send_mail {
|
||||||
foreach ( keys %cid ) {
|
foreach ( keys %cid ) {
|
||||||
$message->attach(
|
$message->attach(
|
||||||
Type => "image/" . ( $cid{$_} =~ m/\.(\w+)/ )[0],
|
Type => "image/" . ( $cid{$_} =~ m/\.(\w+)/ )[0],
|
||||||
Id => $_,
|
Id => $_,
|
||||||
Path => $self->p->{templateDir} . "/" . $cid{$_},
|
Path => $self->conf->{templateDir} . "/"
|
||||||
|
. $self->conf->{portalSkin} . "/"
|
||||||
|
. $cid{$_},
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -194,6 +194,8 @@ sub reloadConf {
|
||||||
$self->error("Template dir $self->{templateDir} doesn't exist");
|
$self->error("Template dir $self->{templateDir} doesn't exist");
|
||||||
return $self->fail;
|
return $self->fail;
|
||||||
}
|
}
|
||||||
|
$self->templateDir(
|
||||||
|
[ $self->{templateDir}, $self->conf->{templateDir} . '/bootstrap' ] );
|
||||||
|
|
||||||
$self->{staticPrefix} = $self->conf->{staticPrefix} || '/static';
|
$self->{staticPrefix} = $self->conf->{staticPrefix} || '/static';
|
||||||
$self->{languages} = $self->conf->{languages} || '/';
|
$self->{languages} = $self->conf->{languages} || '/';
|
||||||
|
|
|
@ -743,6 +743,7 @@ sub sendHtml {
|
||||||
my ( $self, $req, $template, %args ) = @_;
|
my ( $self, $req, $template, %args ) = @_;
|
||||||
|
|
||||||
my $templateDir = $self->conf->{templateDir} . '/' . $self->getSkin($req);
|
my $templateDir = $self->conf->{templateDir} . '/' . $self->getSkin($req);
|
||||||
|
$self->templateDir( [ $templateDir, @{ $self->templateDir } ] );
|
||||||
|
|
||||||
# Check template
|
# Check template
|
||||||
$args{templateDir} = $templateDir;
|
$args{templateDir} = $templateDir;
|
||||||
|
@ -878,6 +879,7 @@ sub lmError {
|
||||||
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
|
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
|
||||||
URL => $req->{urldc},
|
URL => $req->{urldc},
|
||||||
);
|
);
|
||||||
|
$req->pdata( {} );
|
||||||
|
|
||||||
# Error code
|
# Error code
|
||||||
$templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 )
|
$templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 )
|
||||||
|
@ -889,8 +891,8 @@ sub rebuildCookies {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my @tmp;
|
my @tmp;
|
||||||
for ( my $i = 0 ; $i < @{ $req->{respHeaders} } ; $i += 2 ) {
|
for ( my $i = 0 ; $i < @{ $req->{respHeaders} } ; $i += 2 ) {
|
||||||
push @tmp, $req->respHeaders->[0], $req->respHeaders->[1]
|
push @tmp, $req->respHeaders->[$i], $req->respHeaders->[ $i + 1 ]
|
||||||
unless ( $req->respHeaders->[0] eq 'Set-Cookie' );
|
unless ( $req->respHeaders->[$i] eq 'Set-Cookie' );
|
||||||
}
|
}
|
||||||
$req->{respHeaders} = \@tmp;
|
$req->{respHeaders} = \@tmp;
|
||||||
$self->buildCookie($req);
|
$self->buildCookie($req);
|
||||||
|
@ -1003,17 +1005,14 @@ sub _sumUpSession {
|
||||||
sub loadTemplate {
|
sub loadTemplate {
|
||||||
my ( $self, $name, %prm ) = @_;
|
my ( $self, $name, %prm ) = @_;
|
||||||
$name .= '.tpl';
|
$name .= '.tpl';
|
||||||
my $file =
|
|
||||||
$self->conf->{templateDir} . '/'
|
|
||||||
. $self->conf->{portalSkin} . '/'
|
|
||||||
. $name;
|
|
||||||
$file = $self->conf->{templateDir} . '/common/' . $name
|
|
||||||
unless ( -e $file );
|
|
||||||
unless ( -e $file ) {
|
|
||||||
die "Unable to find $name in $self->conf->{templateDir}";
|
|
||||||
}
|
|
||||||
my $tpl = HTML::Template->new(
|
my $tpl = HTML::Template->new(
|
||||||
filename => $file,
|
filename => $name,
|
||||||
|
path => [
|
||||||
|
$self->conf->{templateDir} . '/' . $self->conf->{portalSkin},
|
||||||
|
$self->conf->{templateDir} . '/bootstrap/',
|
||||||
|
$self->conf->{templateDir} . '/common/'
|
||||||
|
],
|
||||||
|
search_path_on_include => 1,
|
||||||
die_on_bad_params => 0,
|
die_on_bad_params => 0,
|
||||||
die_on_missing_include => 1,
|
die_on_missing_include => 1,
|
||||||
cache => 1,
|
cache => 1,
|
||||||
|
|
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Access not granted on SAML service",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Access not granted on OIDC service",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Access not granted on OID service",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Access not granted on GET service",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||||
"accept":"قبول",
|
"accept":"قبول",
|
||||||
"accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
|
"accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"رقم هاتفك",
|
"yourPhone":"رقم هاتفك",
|
||||||
"yourProfile":"ملفك الشخصي",
|
"yourProfile":"ملفك الشخصي",
|
||||||
"yourTotpKey":"Your TOTP key"
|
"yourTotpKey":"Your TOTP key"
|
||||||
}
|
}
|
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Zugang zum SAML-Service nicht genehmigt",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Zugang zum OIDC-Service nicht genehmigt",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Zugang zum OID-Service nicht genehmigt",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Zugang zum GET-Service nicht genehmigt",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
|
"2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
|
||||||
"accept":"Akzeptieren",
|
"accept":"Akzeptieren",
|
||||||
"accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
|
"accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"Ihre Telefonnummer",
|
"yourPhone":"Ihre Telefonnummer",
|
||||||
"yourProfile":"Ihr Profil",
|
"yourProfile":"Ihr Profil",
|
||||||
"yourTotpKey":"Your TOTP key"
|
"yourTotpKey":"Your TOTP key"
|
||||||
}
|
}
|
|
@ -67,7 +67,7 @@
|
||||||
"PE65":"Federation forbidden by security policy",
|
"PE65":"Federation forbidden by security policy",
|
||||||
"PE66":"The confirmation mail was already sent",
|
"PE66":"The confirmation mail was already sent",
|
||||||
"PE67":"Password field must be filled",
|
"PE67":"Password field must be filled",
|
||||||
"PE68":"Access non granted on CAS service",
|
"PE68":"Access not granted on CAS service",
|
||||||
"PE69":"Please provide your mail address",
|
"PE69":"Please provide your mail address",
|
||||||
"PE70":"No matching user",
|
"PE70":"No matching user",
|
||||||
"PE71":"Please provide your new password",
|
"PE71":"Please provide your new password",
|
||||||
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Access not granted on SAML service",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Access not granted on OIDC service",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Access not granted on OID service",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Access not granted on GET service",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||||
"accept":"Accept",
|
"accept":"Accept",
|
||||||
"accessDenied":"You have no access authorization for this application",
|
"accessDenied":"You have no access authorization for this application",
|
||||||
|
|
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Acceso no autorizado al servicio SAML",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Acceso no autorizado al servicio OIDC",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Acceso no autorizado al servicio OID",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Acceso no autorizado al servicio GET",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||||
"accept":"Accept",
|
"accept":"Accept",
|
||||||
"accessDenied":"You have no access authorization for this application",
|
"accessDenied":"You have no access authorization for this application",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"Your phone number",
|
"yourPhone":"Your phone number",
|
||||||
"yourProfile":"Your profile",
|
"yourProfile":"Your profile",
|
||||||
"yourTotpKey":"Your TOTP key"
|
"yourTotpKey":"Your TOTP key"
|
||||||
}
|
}
|
|
@ -67,7 +67,7 @@
|
||||||
"PE65":"Federation forbidden by security policy",
|
"PE65":"Federation forbidden by security policy",
|
||||||
"PE66":"La mail di conferma è già stata inviata",
|
"PE66":"La mail di conferma è già stata inviata",
|
||||||
"PE67":"Password mancante",
|
"PE67":"Password mancante",
|
||||||
"PE68":"Accesso non autorizzato al servizio CAS",
|
"PE68":"Acceso no autorizado al servicio CAS",
|
||||||
"PE69":"Inserisci il tuo indirizzo mail",
|
"PE69":"Inserisci il tuo indirizzo mail",
|
||||||
"PE70":"Nessun utente corrispondente",
|
"PE70":"Nessun utente corrispondente",
|
||||||
"PE71":"Inserisci la nuova password",
|
"PE71":"Inserisci la nuova password",
|
||||||
|
@ -87,24 +87,24 @@
|
||||||
"PE85":"Il sito remoto richiede una sessione più recente (e il plug-in di UpgradeSession non viene caricato). Disconnetti e riprova",
|
"PE85":"Il sito remoto richiede una sessione più recente (e il plug-in di UpgradeSession non viene caricato). Disconnetti e riprova",
|
||||||
"PE86":"Il tuo account è bloccato. Devi attendere 30 secondi prima di autenticarti di nuovo",
|
"PE86":"Il tuo account è bloccato. Devi attendere 30 secondi prima di autenticarti di nuovo",
|
||||||
"PE87":"È necessario eseguire nuovamente l'autenticazione per accedere al Portale",
|
"PE87":"È necessario eseguire nuovamente l'autenticazione per accedere al Portale",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Il tuo account deve avere un indirizzo e-mail per poter utilizzare l'autenticazione a doppio fattore",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Accesso non concesso sul servizio SAML",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Accesso non concesso sul servizio OIDC",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Accesso non concesso sul servizio OID",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Accesso non concesso sul servizio GET",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Accesso non concesso sul servizio IMPERSONATION",
|
||||||
"2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
|
"2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
|
||||||
"accept":"Accetta",
|
"accept":"Accetta",
|
||||||
"accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
|
"accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
|
||||||
"accountCreated":"Il tuo account è stato creato, la tua password temporanea è stata inviata all'indirizzo email.",
|
"accountCreated":"Il tuo account è stato creato, la tua password temporanea è stata inviata all'indirizzo email.",
|
||||||
"accountCreationSuccess":"Il tuo account è stato creato con successo.",
|
"accountCreationSuccess":"Il tuo account è stato creato con successo.",
|
||||||
"action":"Azione",
|
"action":"Azione",
|
||||||
"allowed":"Access ALLOWED",
|
"allowed":"Accesso CONSENTITO",
|
||||||
"anotherInformation":"Un'altra informazione:",
|
"anotherInformation":"Un'altra informazione:",
|
||||||
"areYouSure":"Sei sicuro?",
|
"areYouSure":"Sei sicuro?",
|
||||||
"askToRenew":"Questa applicazione richiede un'autenticazione più recente. Vuoi reautenticare?",
|
"askToRenew":"Questa applicazione richiede un'autenticazione più recente. Vuoi reautenticare?",
|
||||||
"askToUpgrade":"Questa applicazione richiede un livello di autenticazione superiore. Vuoi reautenticare?",
|
"askToUpgrade":"Questa applicazione richiede un livello di autenticazione superiore. Vuoi reautenticare?",
|
||||||
"attributes":"ATTRIBUTES",
|
"attributes":"ATTRIBUTI",
|
||||||
"authPortal":"Portale di autenticazione",
|
"authPortal":"Portale di autenticazione",
|
||||||
"authRemaining":"Rimangono ancora %s autenticazioni, modifica la password!",
|
"authRemaining":"Rimangono ancora %s autenticazioni, modifica la password!",
|
||||||
"autoAccept":"Accetta automaticamente in 30 secondi",
|
"autoAccept":"Accetta automaticamente in 30 secondi",
|
||||||
|
@ -117,7 +117,7 @@
|
||||||
"changeKey":"Genera nuova chiave",
|
"changeKey":"Genera nuova chiave",
|
||||||
"changePwd":"Cambia la tua password",
|
"changePwd":"Cambia la tua password",
|
||||||
"checkLastLogins":"Controllare i miei ultimi accessi",
|
"checkLastLogins":"Controllare i miei ultimi accessi",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Controlla il profilo SSO dell'utente",
|
||||||
"choose2f":"Scegli il tuo secondo fattore",
|
"choose2f":"Scegli il tuo secondo fattore",
|
||||||
"chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso",
|
"chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso",
|
||||||
"clickHere":"Per favore clicka qui",
|
"clickHere":"Per favore clicka qui",
|
||||||
|
@ -141,19 +141,19 @@
|
||||||
"errorMsg":"Messaggio di errore",
|
"errorMsg":"Messaggio di errore",
|
||||||
"fillTheForm":"Compila il modulo",
|
"fillTheForm":"Compila il modulo",
|
||||||
"firstName":"Nome",
|
"firstName":"Nome",
|
||||||
"forbidden":"Access FORBIDDEN",
|
"forbidden":"Accesso VIETATO",
|
||||||
"forgotPwd":"Password dimenticata?",
|
"forgotPwd":"Password dimenticata?",
|
||||||
"generatePwd":"Generare automaticamente la password",
|
"generatePwd":"Generare automaticamente la password",
|
||||||
"gotNewMessages":"Hai dei nuovi messaggi",
|
"gotNewMessages":"Hai dei nuovi messaggi",
|
||||||
"goToPortal":"Vai al portale",
|
"goToPortal":"Vai al portale",
|
||||||
"gplSoft":"Software libero coperto dalla licenza GPL",
|
"gplSoft":"Software libero coperto dalla licenza GPL",
|
||||||
"groups_sso":"SSO GROUPS",
|
"groups_sso":"GRUPPI SSO",
|
||||||
"headers":"HEADERS",
|
"headers":"INTESTAZIONI",
|
||||||
"id":"Id",
|
"id":"Id",
|
||||||
"imSure":"Sono sicuro",
|
"imSure":"Sono sicuro",
|
||||||
"info":"Informazioni",
|
"info":"Informazioni",
|
||||||
"ipAddr":"Indirizzo IP",
|
"ipAddr":"Indirizzo IP",
|
||||||
"key":"Key",
|
"key":"Chiave",
|
||||||
"lastFailedLogins":"Ultimi login non riusciti",
|
"lastFailedLogins":"Ultimi login non riusciti",
|
||||||
"lastLogins":"Ultimi accessi",
|
"lastLogins":"Ultimi accessi",
|
||||||
"lastName":"Cognome",
|
"lastName":"Cognome",
|
||||||
|
@ -212,7 +212,7 @@
|
||||||
"resetPwd":"Reimpostare la password",
|
"resetPwd":"Reimpostare la password",
|
||||||
"rightsReloadNeedsLogout":"Le ricariche dei diritti necessitano di disconnettersi e di riconnettersi",
|
"rightsReloadNeedsLogout":"Le ricariche dei diritti necessitano di disconnettersi e di riconnettersi",
|
||||||
"scope":"Ambito",
|
"scope":"Ambito",
|
||||||
"search":"Search",
|
"search":"Ricerca",
|
||||||
"selectIdP":"Seleziona il tuo provider di identità",
|
"selectIdP":"Seleziona il tuo provider di identità",
|
||||||
"service":"Servizio",
|
"service":"Servizio",
|
||||||
"sendPwd":"Inviami il link",
|
"sendPwd":"Inviami il link",
|
||||||
|
@ -220,7 +220,7 @@
|
||||||
"serviceProvidedBy":"Servizio offerto da",
|
"serviceProvidedBy":"Servizio offerto da",
|
||||||
"sessionsDeleted":"Le sessioni seguenti sono state chiuse",
|
"sessionsDeleted":"Le sessioni seguenti sono state chiuse",
|
||||||
"sfaManager":"2ndFA Manager",
|
"sfaManager":"2ndFA Manager",
|
||||||
"spoofId":"Spoofed Id",
|
"spoofId":"Id falsificato",
|
||||||
"SSOSessionInactive":"Sessione SSO inattiva",
|
"SSOSessionInactive":"Sessione SSO inattiva",
|
||||||
"stayConnected":"Resta connesso su questo dispositivo",
|
"stayConnected":"Resta connesso su questo dispositivo",
|
||||||
"submit":"Invia",
|
"submit":"Invia",
|
||||||
|
@ -238,11 +238,11 @@
|
||||||
"upgradeSession":"Sessione di aggiornamento",
|
"upgradeSession":"Sessione di aggiornamento",
|
||||||
"user":"Utente",
|
"user":"Utente",
|
||||||
"useYubikey":"Usa la tua Yubikey",
|
"useYubikey":"Usa la tua Yubikey",
|
||||||
"value":"Value",
|
"value":"Valore",
|
||||||
"verify":"Verifica",
|
"verify":"Verifica",
|
||||||
"VHnotFound":"Virtual Host not found",
|
"VHnotFound":"Host virtuale non trovato",
|
||||||
"wait":"Attendere",
|
"wait":"Attendere",
|
||||||
"waitingmessage":"Authentication in progress, please wait",
|
"waitingmessage":"Autenticazione in corso, attendere prego",
|
||||||
"warning":"Avvertimento",
|
"warning":"Avvertimento",
|
||||||
"welcomeOnPortal":"Benvenuto sul tuo portale di autenticazione protetta.",
|
"welcomeOnPortal":"Benvenuto sul tuo portale di autenticazione protetta.",
|
||||||
"yesResendMail":"Sì, rinvia e-mail",
|
"yesResendMail":"Sì, rinvia e-mail",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"Numero di telefono",
|
"yourPhone":"Numero di telefono",
|
||||||
"yourProfile":"Il tuo profilo",
|
"yourProfile":"Il tuo profilo",
|
||||||
"yourTotpKey":"La tua chiave TOTP"
|
"yourTotpKey":"La tua chiave TOTP"
|
||||||
}
|
}
|
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Onbevoegde toegang tot de SAML-service",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Onbevoegde toegang tot de OIDC-service",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Onbevoegde toegang tot de OID-service",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Onbevoegde toegang tot de GET-service",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||||
"accept":"Accept",
|
"accept":"Accept",
|
||||||
"accessDenied":"You have no access authorization for this application",
|
"accessDenied":"You have no access authorization for this application",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"Your phone number",
|
"yourPhone":"Your phone number",
|
||||||
"yourProfile":"Your profile",
|
"yourProfile":"Your profile",
|
||||||
"yourTotpKey":"Your TOTP key"
|
"yourTotpKey":"Your TOTP key"
|
||||||
}
|
}
|
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Acesso não autorizado ao serviço SAML",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Acesso não autorizado ao serviço OIDC",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Acesso não autorizado ao serviço OID",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Acesso não autorizado ao serviço GET",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||||
"accept":"Accept",
|
"accept":"Accept",
|
||||||
"accessDenied":"You have no access authorization for this application",
|
"accessDenied":"You have no access authorization for this application",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"Your phone number",
|
"yourPhone":"Your phone number",
|
||||||
"yourProfile":"Your profile",
|
"yourProfile":"Your profile",
|
||||||
"yourTotpKey":"Your TOTP key"
|
"yourTotpKey":"Your TOTP key"
|
||||||
}
|
}
|
|
@ -67,7 +67,7 @@
|
||||||
"PE65":"Federation forbidden by security policy",
|
"PE65":"Federation forbidden by security policy",
|
||||||
"PE66":"The confirmation mail was already sent",
|
"PE66":"The confirmation mail was already sent",
|
||||||
"PE67":"Password field must be filled",
|
"PE67":"Password field must be filled",
|
||||||
"PE68":"Access non granted on CAS service",
|
"PE68":"Access not granted on CAS service",
|
||||||
"PE69":"Vă rugăm să introduceţi adresa dvs. de e-mail",
|
"PE69":"Vă rugăm să introduceţi adresa dvs. de e-mail",
|
||||||
"PE70":"No matching user",
|
"PE70":"No matching user",
|
||||||
"PE71":"Please provide your new password",
|
"PE71":"Please provide your new password",
|
||||||
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Access not granted on SAML service",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Access not granted on OIDC service",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Access not granted on OID service",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Access not granted on GET service",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||||
"accept":"Accept",
|
"accept":"Accept",
|
||||||
"accessDenied":"You have no access authorization for this application",
|
"accessDenied":"You have no access authorization for this application",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"Your phone number",
|
"yourPhone":"Your phone number",
|
||||||
"yourProfile":"Your profile",
|
"yourProfile":"Your profile",
|
||||||
"yourTotpKey":"Your TOTP key"
|
"yourTotpKey":"Your TOTP key"
|
||||||
}
|
}
|
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Truy cập không được cấp trên dịch vụ SAML",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Truy cập không được cấp trên dịch vụ OIDC",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Truy cập không được cấp trên dịch vụ OID",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Truy cập không được cấp trên dịch vụ GET",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||||
"accept":"Chấp nhận",
|
"accept":"Chấp nhận",
|
||||||
"accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
|
"accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"Số điện thoại của bạn",
|
"yourPhone":"Số điện thoại của bạn",
|
||||||
"yourProfile":"Profile của bạn",
|
"yourProfile":"Profile của bạn",
|
||||||
"yourTotpKey":"Your TOTP key"
|
"yourTotpKey":"Your TOTP key"
|
||||||
}
|
}
|
|
@ -67,7 +67,7 @@
|
||||||
"PE65":"Federation forbidden by security policy",
|
"PE65":"Federation forbidden by security policy",
|
||||||
"PE66":"确认邮件已经发送",
|
"PE66":"确认邮件已经发送",
|
||||||
"PE67":"密码必须填写",
|
"PE67":"密码必须填写",
|
||||||
"PE68":"Access non granted on CAS service",
|
"PE68":"Access not granted on CAS service",
|
||||||
"PE69":"请提供您的邮箱",
|
"PE69":"请提供您的邮箱",
|
||||||
"PE70":"没有匹配用户",
|
"PE70":"没有匹配用户",
|
||||||
"PE71":"请提供您的新密码",
|
"PE71":"请提供您的新密码",
|
||||||
|
@ -88,11 +88,11 @@
|
||||||
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
"PE86":"Your account is locked. You must wait 30s before authenticate again",
|
||||||
"PE87":"You must authenticate again to access to Portal",
|
"PE87":"You must authenticate again to access to Portal",
|
||||||
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
"PE88":"Your account must have an e-mail address in order to use double factor authentication",
|
||||||
"PE89":"Access non granted on SAML service",
|
"PE89":"Access not granted on SAML service",
|
||||||
"PE90":"Access non granted on OIDC service",
|
"PE90":"Access not granted on OIDC service",
|
||||||
"PE91":"Access non granted on OID service",
|
"PE91":"Access not granted on OID service",
|
||||||
"PE92":"Access non granted on GET service",
|
"PE92":"Access not granted on GET service",
|
||||||
"PE93":"Access non granted on IMPERSONATION service",
|
"PE93":"Access not granted on IMPERSONATION service",
|
||||||
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
"2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
|
||||||
"accept":"Accept 方法",
|
"accept":"Accept 方法",
|
||||||
"accessDenied":"您无权访问此应用",
|
"accessDenied":"您无权访问此应用",
|
||||||
|
@ -259,4 +259,4 @@
|
||||||
"yourPhone":"您的电话号码",
|
"yourPhone":"您的电话号码",
|
||||||
"yourProfile":"您的档案",
|
"yourProfile":"您的档案",
|
||||||
"yourTotpKey":"Your TOTP key"
|
"yourTotpKey":"Your TOTP key"
|
||||||
}
|
}
|
|
@ -15,4 +15,4 @@
|
||||||
"requestIssuedFromIP":"الطلب قد أرسل من عنوان الآي بي",
|
"requestIssuedFromIP":"الطلب قد أرسل من عنوان الآي بي",
|
||||||
"yourLoginCodeIs":"Your login code is",
|
"yourLoginCodeIs":"Your login code is",
|
||||||
"yourLoginIs":"تسجيل الدخول الخاص بك هو"
|
"yourLoginIs":"تسجيل الدخول الخاص بك هو"
|
||||||
}
|
}
|
|
@ -4,7 +4,7 @@
|
||||||
"click2Register":"Clicca qui per confermare la registrazione del tuo account",
|
"click2Register":"Clicca qui per confermare la registrazione del tuo account",
|
||||||
"click2Reset":"Clicca qui per reimpostare la password",
|
"click2Reset":"Clicca qui per reimpostare la password",
|
||||||
"hello":"Salve",
|
"hello":"Salve",
|
||||||
"mail2fSubject":"[LemonLDAP::NG] Your login code",
|
"mail2fSubject":"[LemonLDAP :: NG] Il tuo codice di accesso",
|
||||||
"mailConfirmSubject":"Conferma reimpostazione password [LemonLDAP::NG] ",
|
"mailConfirmSubject":"Conferma reimpostazione password [LemonLDAP::NG] ",
|
||||||
"mailSubject":"[LemonLDAP::NG] La tua nuova password",
|
"mailSubject":"[LemonLDAP::NG] La tua nuova password",
|
||||||
"newPwdIs":"La tua nuova password é",
|
"newPwdIs":"La tua nuova password é",
|
||||||
|
@ -13,6 +13,6 @@
|
||||||
"registerConfirmSubject":"[LemonLDAP :: NG] Conferma registro account",
|
"registerConfirmSubject":"[LemonLDAP :: NG] Conferma registro account",
|
||||||
"registerDoneSubject":"[LemonLDAP::NG] Il tuo nuovo account",
|
"registerDoneSubject":"[LemonLDAP::NG] Il tuo nuovo account",
|
||||||
"requestIssuedFromIP":"La richiesta è stata emessa da IP",
|
"requestIssuedFromIP":"La richiesta è stata emessa da IP",
|
||||||
"yourLoginCodeIs":"Your login code is",
|
"yourLoginCodeIs":"Il tuo codice di accesso è",
|
||||||
"yourLoginIs":"Il tuo login é"
|
"yourLoginIs":"Il tuo login é"
|
||||||
}
|
}
|
|
@ -15,4 +15,4 @@
|
||||||
"requestIssuedFromIP":"Yêu cầu được gửi đi từ địa chỉ IP",
|
"requestIssuedFromIP":"Yêu cầu được gửi đi từ địa chỉ IP",
|
||||||
"yourLoginCodeIs":"Your login code is",
|
"yourLoginCodeIs":"Your login code is",
|
||||||
"yourLoginIs":"Đăng nhập của bạn là"
|
"yourLoginIs":"Đăng nhập của bạn là"
|
||||||
}
|
}
|
|
@ -15,4 +15,4 @@
|
||||||
"requestIssuedFromIP":"此请求来自IP地址",
|
"requestIssuedFromIP":"此请求来自IP地址",
|
||||||
"yourLoginCodeIs":"Your login code is",
|
"yourLoginCodeIs":"Your login code is",
|
||||||
"yourLoginIs":"您登陆的账户是"
|
"yourLoginIs":"您登陆的账户是"
|
||||||
}
|
}
|
|
@ -35,6 +35,8 @@ SKIP: {
|
||||||
'PE_PP_PASSWORD_EXPIRED', 'PE_PASSWORD_OK', 'PE_PP_ACCOUNT_LOCKED',
|
'PE_PP_PASSWORD_EXPIRED', 'PE_PASSWORD_OK', 'PE_PP_ACCOUNT_LOCKED',
|
||||||
'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_GRACE';
|
'PE_PP_PASSWORD_TOO_SHORT', 'PE_PP_GRACE';
|
||||||
|
|
||||||
|
my ( $user, $code, $postString, $match );
|
||||||
|
|
||||||
# 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED
|
# 1 - TEST PE_PP_CHANGE_AFTER_RESET AND PE_PP_PASSWORD_EXPIRED
|
||||||
# ------------------------------------------------------------
|
# ------------------------------------------------------------
|
||||||
foreach my $tpl (
|
foreach my $tpl (
|
||||||
|
@ -42,9 +44,9 @@ SKIP: {
|
||||||
[ 'expire', PE_PP_PASSWORD_EXPIRED ]
|
[ 'expire', PE_PP_PASSWORD_EXPIRED ]
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
my $user = $tpl->[0];
|
$user = $tpl->[0];
|
||||||
my $code = $tpl->[1];
|
$code = $tpl->[1];
|
||||||
my $postString = "user=$user&password=$user";
|
$postString = "user=$user&password=$user";
|
||||||
|
|
||||||
# Try to authenticate
|
# Try to authenticate
|
||||||
# -------------------
|
# -------------------
|
||||||
|
@ -56,7 +58,7 @@ SKIP: {
|
||||||
),
|
),
|
||||||
'Auth query'
|
'Auth query'
|
||||||
);
|
);
|
||||||
my $match = 'trmsg="' . $code . '"';
|
$match = 'trmsg="' . $code . '"';
|
||||||
ok( $res->[2]->[0] =~ /$match/, "Code is $code" );
|
ok( $res->[2]->[0] =~ /$match/, "Code is $code" );
|
||||||
|
|
||||||
#open F, '>../e2e-tests/conf/portal/result.html' or die $!;
|
#open F, '>../e2e-tests/conf/portal/result.html' or die $!;
|
||||||
|
@ -93,9 +95,9 @@ SKIP: {
|
||||||
|
|
||||||
# 2 - TEST PE_PP_GRACE
|
# 2 - TEST PE_PP_GRACE
|
||||||
# -------------------------
|
# -------------------------
|
||||||
my $user = 'grace';
|
$user = 'grace';
|
||||||
my $code = "ppGrace";
|
$code = "ppGrace";
|
||||||
my $postString = "user=$user&password=$user";
|
$postString = "user=$user&password=$user";
|
||||||
|
|
||||||
# Try to authenticate
|
# Try to authenticate
|
||||||
# -------------------
|
# -------------------
|
||||||
|
@ -107,14 +109,14 @@ SKIP: {
|
||||||
),
|
),
|
||||||
'Auth query'
|
'Auth query'
|
||||||
);
|
);
|
||||||
my $match = 'trmsg="' . $code . '"';
|
$match = 'trmsg="' . $code . '"';
|
||||||
ok( $res->[2]->[0] =~ /$match/, 'Grace remaining' );
|
ok( $res->[2]->[0] =~ /$match/, 'Grace remaining' );
|
||||||
|
|
||||||
# 3 - TEST PE_PP_ACCOUNT_LOCKED
|
# 3 - TEST PE_PP_ACCOUNT_LOCKED
|
||||||
# -------------------------
|
# -------------------------
|
||||||
my $user = 'lock';
|
$user = 'lock';
|
||||||
my $code = PE_PP_ACCOUNT_LOCKED;
|
$code = PE_PP_ACCOUNT_LOCKED;
|
||||||
my $postString = "user=$user&password=$user";
|
$postString = "user=$user&password=$user";
|
||||||
|
|
||||||
# Try to authenticate
|
# Try to authenticate
|
||||||
# -------------------
|
# -------------------
|
||||||
|
@ -126,7 +128,7 @@ SKIP: {
|
||||||
),
|
),
|
||||||
'Auth query'
|
'Auth query'
|
||||||
);
|
);
|
||||||
my $match = 'trmsg="' . $code . '"';
|
$match = 'trmsg="' . $code . '"';
|
||||||
ok( $res->[2]->[0] =~ /$match/, 'Account is locked' );
|
ok( $res->[2]->[0] =~ /$match/, 'Account is locked' );
|
||||||
|
|
||||||
# Try to change anyway
|
# Try to change anyway
|
||||||
|
|
|
@ -7,6 +7,7 @@ require 't/test-lib.pm';
|
||||||
my $mainTests = 5;
|
my $mainTests = 5;
|
||||||
|
|
||||||
SKIP: {
|
SKIP: {
|
||||||
|
skip "Manual skip of GPG test", $mainTests if ($ENV{LLNG_SKIP_GPG_TEST});
|
||||||
eval "use IPC::Run 'run',";
|
eval "use IPC::Run 'run',";
|
||||||
skip "Missing dependency", $mainTests if ($@);
|
skip "Missing dependency", $mainTests if ($@);
|
||||||
my $gpg = `which gpg`;
|
my $gpg = `which gpg`;
|
||||||
|
|
|
@ -12,7 +12,7 @@ BEGIN {
|
||||||
require 't/saml-lib.pm';
|
require 't/saml-lib.pm';
|
||||||
}
|
}
|
||||||
|
|
||||||
my $maintests = 20;
|
my $maintests = 24;
|
||||||
my $debug = 'error';
|
my $debug = 'error';
|
||||||
my %handlerOR = ( issuer => [], sp => [] );
|
my %handlerOR = ( issuer => [], sp => [] );
|
||||||
|
|
||||||
|
@ -64,6 +64,14 @@ SKIP: {
|
||||||
or explain( $res->[1],
|
or explain( $res->[1],
|
||||||
'Set-Cookie => lemonldapidp=0; domain=.sp.com; path=/; expires=-1d' );
|
'Set-Cookie => lemonldapidp=0; domain=.sp.com; path=/; expires=-1d' );
|
||||||
( $host, $url, $query ) = expectForm( $res, undef, undef, 'confirm', );
|
( $host, $url, $query ) = expectForm( $res, undef, undef, 'confirm', );
|
||||||
|
|
||||||
|
# IDP must be sorted
|
||||||
|
my @idp = map /val="http:\/\/(.+?)\/saml\/metadata">/g, $res->[2]->[0];
|
||||||
|
ok( $idp[0] eq 'auth.idp2.com', '1st = idp2' ) or print STDERR Dumper( \@idp );
|
||||||
|
ok( $idp[1] eq 'auth.z_idp2.com', '2nd = z_idp2' ) or print STDERR Dumper( \@idp );
|
||||||
|
ok( $idp[2] eq 'auth.idp3.com', '3rd = idp3' ) or print STDERR Dumper( \@idp );
|
||||||
|
ok( $idp[3] eq 'auth.idp.com', '4th= idp' ) or print STDERR Dumper( \@idp );
|
||||||
|
|
||||||
ok(
|
ok(
|
||||||
$res->[2]->[0] =~
|
$res->[2]->[0] =~
|
||||||
m%<img src="http://auth.sp.com/static/common/icons/sfa_manager.png" class="mr-2" alt="IDP2" title="IDP2" />%,
|
m%<img src="http://auth.sp.com/static/common/icons/sfa_manager.png" class="mr-2" alt="IDP2" title="IDP2" />%,
|
||||||
|
@ -248,6 +256,16 @@ sub sp {
|
||||||
uid => "1;uid",
|
uid => "1;uid",
|
||||||
cn => "0;cn"
|
cn => "0;cn"
|
||||||
},
|
},
|
||||||
|
idp3 => {
|
||||||
|
mail => "0;mail;;",
|
||||||
|
uid => "1;uid",
|
||||||
|
cn => "0;cn"
|
||||||
|
},
|
||||||
|
z_idp2 => {
|
||||||
|
mail => "0;mail;;",
|
||||||
|
uid => "1;uid",
|
||||||
|
cn => "0;cn"
|
||||||
|
},
|
||||||
},
|
},
|
||||||
samlIDPMetaDataOptions => {
|
samlIDPMetaDataOptions => {
|
||||||
idp => {
|
idp => {
|
||||||
|
@ -259,6 +277,7 @@ sub sp {
|
||||||
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
|
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
|
||||||
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
|
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
|
||||||
samlIDPMetaDataOptionsForceUTF8 => 1,
|
samlIDPMetaDataOptionsForceUTF8 => 1,
|
||||||
|
samlIDPMetaDataOptionsSortNumber => 2,
|
||||||
samlIDPMetaDataOptionsDisplayName =>
|
samlIDPMetaDataOptionsDisplayName =>
|
||||||
'idp_Test_DisplayName',
|
'idp_Test_DisplayName',
|
||||||
|
|
||||||
|
@ -274,6 +293,28 @@ sub sp {
|
||||||
samlIDPMetaDataOptionsForceUTF8 => 1,
|
samlIDPMetaDataOptionsForceUTF8 => 1,
|
||||||
samlIDPMetaDataOptionsIcon => 'icons/sfa_manager.png',
|
samlIDPMetaDataOptionsIcon => 'icons/sfa_manager.png',
|
||||||
},
|
},
|
||||||
|
idp3 => {
|
||||||
|
samlIDPMetaDataOptionsEncryptionMode => 'none',
|
||||||
|
samlIDPMetaDataOptionsSSOBinding => 'post',
|
||||||
|
samlIDPMetaDataOptionsSLOBinding => 'post',
|
||||||
|
samlIDPMetaDataOptionsSignSSOMessage => 1,
|
||||||
|
samlIDPMetaDataOptionsSignSLOMessage => 1,
|
||||||
|
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
|
||||||
|
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
|
||||||
|
samlIDPMetaDataOptionsForceUTF8 => 1,
|
||||||
|
samlIDPMetaDataOptionsSortNumber => 1,
|
||||||
|
samlIDPMetaDataOptionsDisplayName => 'Test_Sort',
|
||||||
|
},
|
||||||
|
z_idp2 => {
|
||||||
|
samlIDPMetaDataOptionsEncryptionMode => 'none',
|
||||||
|
samlIDPMetaDataOptionsSSOBinding => 'post',
|
||||||
|
samlIDPMetaDataOptionsSLOBinding => 'post',
|
||||||
|
samlIDPMetaDataOptionsSignSSOMessage => 1,
|
||||||
|
samlIDPMetaDataOptionsSignSLOMessage => 1,
|
||||||
|
samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
|
||||||
|
samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
|
||||||
|
samlIDPMetaDataOptionsForceUTF8 => 1,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
samlIDPMetaDataExportedAttributes => {
|
samlIDPMetaDataExportedAttributes => {
|
||||||
idp => {
|
idp => {
|
||||||
|
@ -284,6 +325,14 @@ sub sp {
|
||||||
"uid" => "0;uid;;",
|
"uid" => "0;uid;;",
|
||||||
"cn" => "1;cn;;",
|
"cn" => "1;cn;;",
|
||||||
},
|
},
|
||||||
|
idp3 => {
|
||||||
|
"uid" => "0;uid;;",
|
||||||
|
"cn" => "1;cn;;",
|
||||||
|
},
|
||||||
|
z_idp2 => {
|
||||||
|
"uid" => "0;uid;;",
|
||||||
|
"cn" => "1;cn;;",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
samlIDPMetaDataXML => {
|
samlIDPMetaDataXML => {
|
||||||
idp => {
|
idp => {
|
||||||
|
@ -293,7 +342,15 @@ sub sp {
|
||||||
idp2 => {
|
idp2 => {
|
||||||
samlIDPMetaDataXML =>
|
samlIDPMetaDataXML =>
|
||||||
samlIDPMetaDataXML( 'idp2', 'HTTP-POST' )
|
samlIDPMetaDataXML( 'idp2', 'HTTP-POST' )
|
||||||
}
|
},
|
||||||
|
idp3 => {
|
||||||
|
samlIDPMetaDataXML =>
|
||||||
|
samlIDPMetaDataXML( 'idp3', 'HTTP-POST' )
|
||||||
|
},
|
||||||
|
z_idp2 => {
|
||||||
|
samlIDPMetaDataXML =>
|
||||||
|
samlIDPMetaDataXML( 'z_idp2', 'HTTP-POST' )
|
||||||
|
},
|
||||||
},
|
},
|
||||||
samlOrganizationDisplayName => "SP",
|
samlOrganizationDisplayName => "SP",
|
||||||
samlOrganizationName => "SP",
|
samlOrganizationName => "SP",
|
||||||
|
|
|
@ -98,7 +98,7 @@ SKIP: {
|
||||||
);
|
);
|
||||||
my $proxyPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
my $proxyPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
||||||
|
|
||||||
my ( $url, $query ) =
|
( $url, $query ) =
|
||||||
expectRedirection( $res, qr#^http://discovery.example.com/# );
|
expectRedirection( $res, qr#^http://discovery.example.com/# );
|
||||||
|
|
||||||
# Return from WAYF
|
# Return from WAYF
|
||||||
|
|
|
@ -122,9 +122,7 @@ SKIP: {
|
||||||
);
|
);
|
||||||
my $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
my $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
|
||||||
|
|
||||||
|
( $url, $query ) =
|
||||||
|
|
||||||
my ( $url, $query ) =
|
|
||||||
expectRedirection( $res, qr#^http://discovery.example.com/# );
|
expectRedirection( $res, qr#^http://discovery.example.com/# );
|
||||||
|
|
||||||
# Return from WAYF
|
# Return from WAYF
|
||||||
|
|
|
@ -100,14 +100,12 @@ m%<a class="btn btn-secondary" href="http://auth.example.com/register\?skin=boot
|
||||||
s/^.*token=([^&]+).*$/token=$1&firstname=foo&lastname=bar&mail=foobar%40badwolf.org/,
|
s/^.*token=([^&]+).*$/token=$1&firstname=foo&lastname=bar&mail=foobar%40badwolf.org/,
|
||||||
'Token found'
|
'Token found'
|
||||||
);
|
);
|
||||||
my $token;
|
|
||||||
ok( $token = $1, ' Token value is defined' );
|
ok( $token = $1, ' Token value is defined' );
|
||||||
ok( $res->[2]->[0] =~ m#<img src="data:image/png;base64#,
|
ok( $res->[2]->[0] =~ m#<img src="data:image/png;base64#,
|
||||||
' Captcha image inserted' )
|
' Captcha image inserted' )
|
||||||
or print STDERR Dumper( $res->[2]->[0] );
|
or print STDERR Dumper( $res->[2]->[0] );
|
||||||
|
|
||||||
# Try to get captcha value
|
# Try to get captcha value
|
||||||
my ( $ts, $captcha );
|
|
||||||
ok( $ts = getCache()->get($token), ' Found token session' );
|
ok( $ts = getCache()->get($token), ' Found token session' );
|
||||||
$ts = eval { JSON::from_json($ts) };
|
$ts = eval { JSON::from_json($ts) };
|
||||||
ok( $captcha = $ts->{captcha}, ' Found captcha value' );
|
ok( $captcha = $ts->{captcha}, ' Found captcha value' );
|
||||||
|
|
|
@ -67,11 +67,23 @@ sub run {
|
||||||
my ( $req, $res );
|
my ( $req, $res );
|
||||||
$req = HTTP::Request->new( @{ JSON::from_json($_) } );
|
$req = HTTP::Request->new( @{ JSON::from_json($_) } );
|
||||||
$res = $server->request($req);
|
$res = $server->request($req);
|
||||||
|
my @flatten = &flatten($res);
|
||||||
print $out JSON::to_json(
|
print $out JSON::to_json(
|
||||||
[ $res->code, [ $res->flatten ], [ $res->content ] ] )
|
[ $res->code, [@flatten], [ $res->content ] ] )
|
||||||
. "\n";
|
. "\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Copy from HTTP::Headers code
|
||||||
|
sub flatten {
|
||||||
|
my ($self) = @_;
|
||||||
|
(
|
||||||
|
map {
|
||||||
|
my $k = $_;
|
||||||
|
map { ( $k => $_ ) } $self->header($_);
|
||||||
|
} $self->header_field_names
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
||||||
|
|
|
@ -144,6 +144,7 @@ BuildRequires: perl(Plack::Handler::FCGI)
|
||||||
BuildRequires: perl(Plack::Middleware)
|
BuildRequires: perl(Plack::Middleware)
|
||||||
BuildRequires: perl(Plack::Request)
|
BuildRequires: perl(Plack::Request)
|
||||||
BuildRequires: perl(Plack::Runner)
|
BuildRequires: perl(Plack::Runner)
|
||||||
|
BuildRequires: perl(Plack::Test)
|
||||||
BuildRequires: perl(Plack::Util)
|
BuildRequires: perl(Plack::Util)
|
||||||
BuildRequires: perl(Plack::Util::Accessor)
|
BuildRequires: perl(Plack::Util::Accessor)
|
||||||
BuildRequires: perl(POSIX)
|
BuildRequires: perl(POSIX)
|
||||||
|
@ -437,6 +438,8 @@ sed -i 's/nobody/%{lm_apacheuser}/' \
|
||||||
%{buildroot}%{lm_bindir}/lmConfigEditor
|
%{buildroot}%{lm_bindir}/lmConfigEditor
|
||||||
sed -i 's/nobody/%{lm_apacheuser}/g' \
|
sed -i 's/nobody/%{lm_apacheuser}/g' \
|
||||||
%{buildroot}%{lm_bindir}/lemonldap-ng-cli
|
%{buildroot}%{lm_bindir}/lemonldap-ng-cli
|
||||||
|
sed -i 's/nobody/%{lm_apacheuser}/g' \
|
||||||
|
%{buildroot}%{lm_bindir}/llngDeleteSession
|
||||||
sed -i 's/nobody/%{lm_apacheuser}/g' \
|
sed -i 's/nobody/%{lm_apacheuser}/g' \
|
||||||
%{buildroot}%{_sysconfdir}/default/llng-fastcgi-server
|
%{buildroot}%{_sysconfdir}/default/llng-fastcgi-server
|
||||||
|
|
||||||
|
@ -592,6 +595,7 @@ fi
|
||||||
%{lm_examplesdir}/manager
|
%{lm_examplesdir}/manager
|
||||||
%{lm_bindir}/lmConfigEditor
|
%{lm_bindir}/lmConfigEditor
|
||||||
%{lm_bindir}/lemonldap-ng-cli
|
%{lm_bindir}/lemonldap-ng-cli
|
||||||
|
%{lm_bindir}/llngDeleteSession
|
||||||
%{_mandir}/man1/lemonldap-ng-cli*
|
%{_mandir}/man1/lemonldap-ng-cli*
|
||||||
|
|
||||||
%files portal
|
%files portal
|
||||||
|
@ -656,6 +660,9 @@ fi
|
||||||
# Changelog
|
# Changelog
|
||||||
#==============================================================================
|
#==============================================================================
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 11 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.3-1
|
||||||
|
- Update to 2.0.3
|
||||||
|
|
||||||
* Tue Feb 12 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.2-1
|
* Tue Feb 12 2019 Clement Oudot <clem.oudot@gmail.com> - 2.0.2-1
|
||||||
- Update to 2.0.2
|
- Update to 2.0.2
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user