From c645479800e5e5f07cfed68f7cb2540591a4d403 Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Thu, 26 Mar 2020 20:15:55 +0100
Subject: [PATCH 1/6] CORS: Add "origin" accessor to portal requests

---
 lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm
index 92931ad06..d6be65a46 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm
@@ -69,6 +69,7 @@ sub encodings     { $_[0]->env->{HTTP_ACCEPT_ENCODING} }
 sub languages     { $_[0]->env->{HTTP_ACCEPT_LANGUAGE} }
 sub authorization { $_[0]->env->{HTTP_AUTHORIZATION} }
 sub hostname      { $_[0]->env->{HTTP_HOST} }
+sub origin        { $_[0]->env->{HTTP_ORIGIN} }
 sub referer       { $_[0]->env->{REFERER} }
 sub query_string  { $_[0]->env->{QUERY_STRING} }
 

From 2440fc7866cb2408feed552c2f18c0d8a0cb0a47 Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Thu, 26 Mar 2020 20:18:37 +0100
Subject: [PATCH 2/6] use sendJSONresponse instead of handcrafting portal
 response

---
 .../lib/Lemonldap/NG/Portal/Main/Run.pm            | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index c131250e2..7384193d7 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -260,11 +260,15 @@ sub do {
     if ( !$self->conf->{noAjaxHook} and $req->wantJSON ) {
         $self->logger->debug('Processing to JSON response');
         if ( ( $err > 0 and !$req->id ) or $err eq PE_SESSIONNOTGRANTED ) {
-            return [
-                401,
-                [ 'WWW-Authenticate' => "SSO " . $self->conf->{portal} ],
-                [qq'{"result":0,"error":$err}']
-            ];
+            return $self->sendJSONresponse(
+                $req,
+                { result => 0, error => $err },
+                code    => 401,
+                headers => [
+                    'WWW-Authenticate' => "SSO " . $self->conf->{portal},
+                    "Content-Type"     => "application/javascript"
+                ],
+            );
         }
         elsif ( $err > 0 and $err != PE_PASSWORD_OK and $err != PE_LOGOUT_OK ) {
             return $self->sendJSONresponse(

From e1767abfda77e939ccfde2aa5ff355c24bcde519 Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Thu, 26 Mar 2020 20:19:38 +0100
Subject: [PATCH 3/6] CORS: special handling for AJAX SSL (#2110)

---
 .../lib/Lemonldap/NG/Portal/Main/Run.pm            | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 7384193d7..52216c5b7 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -1100,7 +1100,19 @@ sub corsPreflight {
 sub sendJSONresponse {
     my ( $self, $req, $j, %args ) = @_;
     my $res = Lemonldap::NG::Common::PSGI::sendJSONresponse(@_);
-    if ( $self->conf->{corsEnabled} ) {
+
+    # If this is a cross-domain request from the portal itself
+    # (Ajax SSL to a different VHost)
+    # we allow CORS
+    if ( $req->origin and index( $self->conf->{portal}, $req->origin ) == 0 ) {
+        $self->logger->debug('AJAX request from portal, allowing CORS');
+        push @{ $res->[1] },
+          "Access-Control-Allow-Origin"      => $req->origin,
+          "Access-Control-Allow-Methods"     => "*",
+          "Access-Control-Allow-Credentials" => "true";
+
+    }
+    elsif ( $self->conf->{corsEnabled} ) {
         my @cors = split /;/, $self->cors;
         push @{ $res->[1] }, @cors;
         $self->logger->debug('Apply following CORS policy :');

From 8c94bf0f13ed0cac351a80025602ac430a6e9309 Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Fri, 27 Mar 2020 19:08:23 +0100
Subject: [PATCH 4/6] Allow portal JSON responses to include a rendered HTML
 error block (#2110)

---
 lemonldap-ng-portal/MANIFEST                     |  1 +
 .../lib/Lemonldap/NG/Portal/Main/Request.pm      |  4 ++++
 .../lib/Lemonldap/NG/Portal/Main/Run.pm          | 16 +++++++++++++---
 .../site/templates/bootstrap/errormsg.tpl        |  7 +++++++
 4 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 lemonldap-ng-portal/site/templates/bootstrap/errormsg.tpl

diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index 2f8ee2573..f5d76e51e 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -392,6 +392,7 @@ site/templates/bootstrap/customLoginFooter.tpl
 site/templates/bootstrap/customLoginHeader.tpl
 site/templates/bootstrap/decryptvalue.tpl
 site/templates/bootstrap/error.tpl
+site/templates/bootstrap/errormsg.tpl
 site/templates/bootstrap/ext2fcheck.tpl
 site/templates/bootstrap/footer.tpl
 site/templates/bootstrap/globallogout.tpl
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm
index f2916c541..63e85c388 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm
@@ -80,6 +80,10 @@ has captcha => ( is => 'rw' );
 # Token
 has token => ( is => 'rw' );
 
+# Whether or not to include a HTML render of the error message
+# in error responses
+has wantErrorRender => ( is => 'rw' );
+
 # Error type
 sub error_type {
     my $req  = shift;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 52216c5b7..b348191de 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -260,9 +260,19 @@ sub do {
     if ( !$self->conf->{noAjaxHook} and $req->wantJSON ) {
         $self->logger->debug('Processing to JSON response');
         if ( ( $err > 0 and !$req->id ) or $err eq PE_SESSIONNOTGRANTED ) {
+            my $json = { result => 0, error => $err };
+            if ( $req->wantErrorRender ) {
+                $json->{html} = $self->loadTemplate(
+                    $req,
+                    'errormsg',
+                    params => {
+                        AUTH_ERROR      => $err,
+                        AUTH_ERROR_TYPE => $req->error_type,
+                    }
+                );
+            }
             return $self->sendJSONresponse(
-                $req,
-                { result => 0, error => $err },
+                $req, $json,
                 code    => 401,
                 headers => [
                     'WWW-Authenticate' => "SSO " . $self->conf->{portal},
@@ -1045,7 +1055,7 @@ sub registerLogin {
     }
 
     my $history = $req->sessionInfo->{_loginHistory} ||= {};
-    my $type    = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
+    my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
     $history->{$type} ||= [];
     $self->logger->debug("Current login saved into $type");
 
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/errormsg.tpl b/lemonldap-ng-portal/site/templates/bootstrap/errormsg.tpl
new file mode 100644
index 000000000..70530cb53
--- /dev/null
+++ b/lemonldap-ng-portal/site/templates/bootstrap/errormsg.tpl
@@ -0,0 +1,7 @@
+<TMPL_IF NAME="AUTH_ERROR">
+  <div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span>
+    <TMPL_IF LOCKTIME>
+      <TMPL_VAR NAME="LOCKTIME"> <span trspan="seconds">seconds</span>.
+    </TMPL_IF>
+  </div>
+</TMPL_IF>

From 05a23480b00e0cd58c9b384b3118340015062055 Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Fri, 27 Mar 2020 19:03:56 +0100
Subject: [PATCH 5/6] Remember selected choice tab when doing a page refresh in
 JS (#2110)

---
 lemonldap-ng-portal/site/coffee/portal.coffee              | 5 +++++
 .../site/htdocs/static/bootstrap/js/skin.js                | 7 ++++++-
 .../site/htdocs/static/bootstrap/js/skin.min.js            | 2 +-
 .../site/htdocs/static/bootstrap/js/skin.min.js.map        | 2 +-
 lemonldap-ng-portal/site/htdocs/static/common/js/portal.js | 3 +++
 .../site/htdocs/static/common/js/portal.min.js             | 2 +-
 .../site/htdocs/static/common/js/portal.min.js.map         | 2 +-
 7 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/lemonldap-ng-portal/site/coffee/portal.coffee b/lemonldap-ng-portal/site/coffee/portal.coffee
index d0fb426c8..aeeca46e9 100644
--- a/lemonldap-ng-portal/site/coffee/portal.coffee
+++ b/lemonldap-ng-portal/site/coffee/portal.coffee
@@ -227,6 +227,11 @@ datas = {}
 $(window).on 'load', () ->
 	# Get application/init variables
 	datas = getValues()
+
+	# Keep the currently selected tab
+	if "datas" of window && "choicetab" of window.datas
+		datas.choicetab = window.datas.choicetab;
+
 	# Export datas for other scripts
 	window.datas = datas
 
diff --git a/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.js b/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.js
index 98a833b4e..390dd86e4 100644
--- a/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.js
+++ b/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.js
@@ -1,4 +1,4 @@
-$(document).ready(function() {
+$(window).on("load", function() {
 
   // Adapt some class to fit Bootstrap theme
   $("div.message-positive").addClass("alert-success");
@@ -16,4 +16,9 @@ $(document).ready(function() {
     }
   });
 
+  // Remember selected tab
+  $('#authMenu .nav-link').on('click', function (e) {
+      window.datas.choicetab = e.target.hash.substr(1)
+  });
+
 });
diff --git a/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.min.js b/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.min.js
index 9de89e351..16b7c52aa 100644
--- a/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.min.js
@@ -1 +1 @@
-$(document).ready(function(){$("div.message-positive").addClass("alert-success"),$("div.message-warning").addClass("alert-warning"),$("div.message-negative").addClass("alert-danger"),$("table.info").addClass("table"),$(".notifCheck").addClass("checkbox"),$('.collapse li[class!="dropdown"]').on("click",function(){$(".navbar-toggler").hasClass("collapsed")||$(".navbar-toggler").trigger("click")})});
\ No newline at end of file
+$(window).on("load",function(){$("div.message-positive").addClass("alert-success"),$("div.message-warning").addClass("alert-warning"),$("div.message-negative").addClass("alert-danger"),$("table.info").addClass("table"),$(".notifCheck").addClass("checkbox"),$('.collapse li[class!="dropdown"]').on("click",function(){$(".navbar-toggler").hasClass("collapsed")||$(".navbar-toggler").trigger("click")}),$("#authMenu .nav-link").on("click",function(a){window.datas.choicetab=a.target.hash.substr(1)})});
\ No newline at end of file
diff --git a/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.min.js.map b/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.min.js.map
index 57bd24649..8c7979360 100644
--- a/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.min.js.map
@@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.js"],"names":["$","document","ready","addClass","on","hasClass","trigger"],"mappings":"AAAAA,EAAEC,UAAUC,MAAM,WAGhBF,EAAE,wBAAwBG,SAAS,iBACnCH,EAAE,uBAAuBG,SAAS,iBAClCH,EAAE,wBAAwBG,SAAS,gBAEnCH,EAAE,cAAcG,SAAS,SAEzBH,EAAE,eAAeG,SAAS,YAG1BH,EAAE,mCAAmCI,GAAG,QAAS,WAC1CJ,EAAE,mBAAmBK,SAAS,cACjCL,EAAE,mBAAmBM,QAAQ"}
\ No newline at end of file
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/bootstrap/js/skin.js"],"names":["$","window","on","addClass","hasClass","trigger","e","datas","choicetab","target","hash","substr"],"mappings":"AAAAA,EAAEC,QAAQC,GAAG,OAAQ,WAGnBF,EAAE,wBAAwBG,SAAS,iBACnCH,EAAE,uBAAuBG,SAAS,iBAClCH,EAAE,wBAAwBG,SAAS,gBAEnCH,EAAE,cAAcG,SAAS,SAEzBH,EAAE,eAAeG,SAAS,YAG1BH,EAAE,mCAAmCE,GAAG,QAAS,WAC1CF,EAAE,mBAAmBI,SAAS,cACjCJ,EAAE,mBAAmBK,QAAQ,WAKjCL,EAAE,uBAAuBE,GAAG,QAAS,SAAUI,GAC3CL,OAAOM,MAAMC,UAAYF,EAAEG,OAAOC,KAAKC,OAAO"}
\ No newline at end of file
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
index 0dc825253..4a2d7bc19 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
@@ -225,6 +225,9 @@ LemonLDAP::NG Portal jQuery scripts
   $(window).on('load', function() {
     var action, al, authMenuIndex, authMenuTabs, back_url, i, l, lang, langdiv, langs, langs2, len, len1, len2, len3, link, m, menuIndex, menuTabs, method, n, nl, nlangs, queryLang, queryString, re, ref, ref1, ref2, setCookieLang, urlParams;
     datas = getValues();
+    if ("datas" in window && "choicetab" in window.datas) {
+      datas.choicetab = window.datas.choicetab;
+    }
     window.datas = datas;
     $("#appslist").sortable({
       axis: "y",
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
index 8035e0494..87b2b1cad 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
@@ -1 +1 @@
-(function(){var D,e,I,C,_,M,N,R,t,U,f,i,A,l,J=[].indexOf||function(t){for(var e=0,n=this.length;e<n;e++)if(e in this&&this[e]===t)return e;return-1};l={},A=function(o){return $.getJSON(window.staticPrefix+"languages/"+o+".json",function(t){var e,n,a,r;for(e in l=t,n=window.datas.trOver.all)r=n[e],l[e]=r;if(window.datas.trOver[o])for(e in a=window.datas.trOver[o])r=a[e],l[e]=r;return $("[trspan]").each(function(){var t,e,n,a;for(t=$(this).attr("trspan").split(","),a=i(t.shift()),e=0,n=t.length;e<n;e++)r=t[e],a=a.replace(/%[sd]/,r);return $(this).html(a)}),$("[trmsg]").each(function(){if($(this).html(i("PE"+$(this).attr("trmsg"))),i("PE"+$(this).attr("trmsg")).match(/_hide_/))return $(this).parent().hide()}),$("[trplaceholder]").each(function(){return $(this).attr("placeholder",i($(this).attr("trplaceholder")))}),$("[localtime]").each(function(){var t;return t=new Date(1e3*$(this).attr("localtime")),$(this).text(t.toLocaleString())})})},i=function(t){return l[t]?l[t]:t},window.translate=i,C=function(){var r;return r={},$("script[type='application/init']").each(function(){var e,t,n,a;try{for(t in a=JSON.parse($(this).text()),n=[],a)n.push(r[t]=a[t]);return n}catch(t){return e=t,console.log("Parsing error",e),console.log("JSON",$(this).text())}}),console.log(r),r},f="#appslist",U=function(){return t("_appsListOrder",$(f).sortable("toArray").join())},M=function(t){return e("_oidcConsents",t,function(){return $("[partner='"+t+"']").hide()},function(t,e,n){return alert(e+" "+n)})},t=function(n,a,r,o){return $.ajax({type:"GET",url:D.scriptname+"/mysession/?gettoken",dataType:"json",error:o,success:function(t){var e;return(e={token:t.token})[n]=a,$.ajax({type:"PUT",url:D.scriptname+"/mysession/persistent",dataType:"json",data:e,success:r,error:o})}})},e=function(e,n,a,r){return $.ajax({type:"GET",url:D.scriptname+"/mysession/?gettoken",dataType:"json",error:r,success:function(t){return $.ajax({type:"DELETE",url:D.scriptname+"/mysession/persistent/"+e+"?sub="+n+"&token="+t.token,dataType:"json",success:a,error:r})}})},N=function(){var t,e,n,a,r,o,i,l,s,c,u,g,p;if(null==(c=$(f))||!D.appslistorder)return null;for(t=D.appslistorder.split(","),u=[],n=0,l=(o=c.sortable("toArray")).length;n<l;n++)u[p=o[n]]=p;for(i=0,s=t.length;i<s;i++)u[r=t[i]]&&(a=u[r],e=$(f+".ui-sortable").children("#"+a),g=$(f+".ui-sortable").children("#"+r),e.remove(),$(f+".ui-sortable").filter(":first").append(g));return 1},_=function(){return $.ajax({type:"POST",url:D.scriptname,data:{ping:1},dataType:"json",success:function(t){return null!=t.result&&1===t.result?setTimeout(_,D.pingInterval):location.reload(!0)},error:function(t,e,n){return location.reload(!0)}})},window.ping=_,I=function(t){var e,n,a,r,o;for(t+"=",n=decodeURIComponent(document.cookie).split(";"),o=new RegExp("^ *"+t+"="),a=0,r=n.length;a<r;a++)if((e=n[a]).match(o))return e=e.replace(o,"");return""},R=function(t,e,n){var a;return(a=new Date).setTime(a.getTime()+864e5*n),document.cookie=t+"="+e+"; expires="+a.toUTCString()+"; path=/"},D={},$(window).on("load",function(){var t,e,n,a,r,o,i,l,s,c,u,g,p,f,h,d,m,w,v,b,y,x,T,O,k,L,S,j,P,E,G;if(D=C(),window.datas=D,$("#appslist").sortable({axis:"y",cursor:"move",opacity:.5,revert:!0,items:"> div.category",update:function(){return U()}}),N(),$("div.message").fadeIn("slow"),$("input[name=timezone]").val(-(new Date).getTimezoneOffset()/60),v=$("#menu").tabs({active:0}),(w=$('#menu a[href="#'+D.displaytab+'"]').parent().index())<0&&(w=0),v.tabs("option","active",w),a=$("#authMenu").tabs({active:0}),(n=$('#authMenu a[href="#'+D.displaytab+'"]').parent().index())<0&&(n=0),a.tabs("option","active",n),D.choicetab&&a.tabs("option","active",$('#authMenu a[href="#'+D.choicetab+'"]').parent().index()),D.login?$("input[type=password]:first").focus():0===$("input[autofocus]").length&&$("input[type!=hidden]:first").focus(),D.newwindow&&$("#appslist a").attr("target","_blank"),$("p.removeOther").length&&(t=$("form.login").attr("action"),b=$("form.login").attr("method"),r="",-1!==t.indexOf("?")?t.substring(0,t.indexOf("?")):r=t+"?",$("form.login input[type=hidden]").each(function(t){return r+="&"+$(this).attr("name")+"="+$(this).val()}),d=$("p.removeOther a").attr("href")+"&method="+b+"&url="+btoa(r),$("p.removeOther a").attr("href",d)),(k=window.location.search)&&(console.log("Parsed queryString:",k),G=new URLSearchParams(k)),G&&((O=G.get("llnglanguage"))&&console.log("Get lang from parameter"),1===(E=G.get("setCookieLang"))&&console.log("Set lang cookie")),l||(l=I("llnglanguage"))&&!O&&console.log("Get lang from cookie"),l)J.call(window.availableLanguages,l)<0&&(l=window.availableLanguages[0],O||console.log("Get default lang"));else if(navigator){for(c=[],u=[],T=[navigator.language],navigator.languages&&(T=navigator.languages),o=0,g=(S=window.availableLanguages).length;o<g;o++)e=S[o],s+='<img class="langicon" src="'+window.staticPrefix+"common/"+e+'.png" title="'+e+'" alt="['+e+']"> ';for(i=0,p=T.length;i<p;i++)for(x=T[i],console.log("Navigator lang",x),m=0,f=(j=window.availableLanguages).length;m<f;m++)e=j[m],console.log(" Available lang",e),L=new RegExp("^"+e+"-?"),x.match(L)?(console.log("  Matching lang =",e),c.push(e)):e.substring(0,1)===x.substring(0,1)&&u.push(e);(l=c[0]?c[0]:u[0]?u[0]:window.availableLanguages[0])&&!O&&console.log("Get lang from navigator")}else(l=window.availableLanguages[0])&&!O&&console.log("Get lang from window");for(O?(console.log("Selected lang ->",O),E&&(console.log("Set lang ->",O),R("llnglanguage",O)),A(O)):(console.log("Selected lang ->",l),R("llnglanguage",l),A(l)),s="",y=0,h=(P=window.availableLanguages).length;y<h;y++)e=P[y],s+='<img class="langicon" src="'+window.staticPrefix+"common/"+e+'.png" title="'+e+'" alt="['+e+']"> ';return $("#languages").html(s),$(".langicon").on("click",function(){return l=$(this).attr("title"),R("llnglanguage",l),A(l)}),D.pingInterval&&0<D.pingInterval&&window.setTimeout(_,D.pingInterval),$(".localeDate").each(function(){var t;return t=new Date(1e3*$(this).attr("val")),$(this).text(t.toLocaleString())}),$(".oidcConsent").on("click",function(){return M($(this).attr("partner"))})})}).call(this);
\ No newline at end of file
+(function(){var D,e,I,C,_,M,N,R,t,U,d,i,A,l,J=[].indexOf||function(t){for(var e=0,n=this.length;e<n;e++)if(e in this&&this[e]===t)return e;return-1};l={},A=function(o){return $.getJSON(window.staticPrefix+"languages/"+o+".json",function(t){var e,n,a,r;for(e in l=t,n=window.datas.trOver.all)r=n[e],l[e]=r;if(window.datas.trOver[o])for(e in a=window.datas.trOver[o])r=a[e],l[e]=r;return $("[trspan]").each(function(){var t,e,n,a;for(t=$(this).attr("trspan").split(","),a=i(t.shift()),e=0,n=t.length;e<n;e++)r=t[e],a=a.replace(/%[sd]/,r);return $(this).html(a)}),$("[trmsg]").each(function(){if($(this).html(i("PE"+$(this).attr("trmsg"))),i("PE"+$(this).attr("trmsg")).match(/_hide_/))return $(this).parent().hide()}),$("[trplaceholder]").each(function(){return $(this).attr("placeholder",i($(this).attr("trplaceholder")))}),$("[localtime]").each(function(){var t;return t=new Date(1e3*$(this).attr("localtime")),$(this).text(t.toLocaleString())})})},i=function(t){return l[t]?l[t]:t},window.translate=i,C=function(){var r;return r={},$("script[type='application/init']").each(function(){var e,t,n,a;try{for(t in a=JSON.parse($(this).text()),n=[],a)n.push(r[t]=a[t]);return n}catch(t){return e=t,console.log("Parsing error",e),console.log("JSON",$(this).text())}}),console.log(r),r},d="#appslist",U=function(){return t("_appsListOrder",$(d).sortable("toArray").join())},M=function(t){return e("_oidcConsents",t,function(){return $("[partner='"+t+"']").hide()},function(t,e,n){return alert(e+" "+n)})},t=function(n,a,r,o){return $.ajax({type:"GET",url:D.scriptname+"/mysession/?gettoken",dataType:"json",error:o,success:function(t){var e;return(e={token:t.token})[n]=a,$.ajax({type:"PUT",url:D.scriptname+"/mysession/persistent",dataType:"json",data:e,success:r,error:o})}})},e=function(e,n,a,r){return $.ajax({type:"GET",url:D.scriptname+"/mysession/?gettoken",dataType:"json",error:r,success:function(t){return $.ajax({type:"DELETE",url:D.scriptname+"/mysession/persistent/"+e+"?sub="+n+"&token="+t.token,dataType:"json",success:a,error:r})}})},N=function(){var t,e,n,a,r,o,i,l,s,c,u,g,p;if(null==(c=$(d))||!D.appslistorder)return null;for(t=D.appslistorder.split(","),u=[],n=0,l=(o=c.sortable("toArray")).length;n<l;n++)u[p=o[n]]=p;for(i=0,s=t.length;i<s;i++)u[r=t[i]]&&(a=u[r],e=$(d+".ui-sortable").children("#"+a),g=$(d+".ui-sortable").children("#"+r),e.remove(),$(d+".ui-sortable").filter(":first").append(g));return 1},_=function(){return $.ajax({type:"POST",url:D.scriptname,data:{ping:1},dataType:"json",success:function(t){return null!=t.result&&1===t.result?setTimeout(_,D.pingInterval):location.reload(!0)},error:function(t,e,n){return location.reload(!0)}})},window.ping=_,I=function(t){var e,n,a,r,o;for(t+"=",n=decodeURIComponent(document.cookie).split(";"),o=new RegExp("^ *"+t+"="),a=0,r=n.length;a<r;a++)if((e=n[a]).match(o))return e=e.replace(o,"");return""},R=function(t,e,n){var a;return(a=new Date).setTime(a.getTime()+864e5*n),document.cookie=t+"="+e+"; expires="+a.toUTCString()+"; path=/"},D={},$(window).on("load",function(){var t,e,n,a,r,o,i,l,s,c,u,g,p,d,h,f,w,m,v,b,y,x,T,O,k,L,S,j,P,E,G;if(D=C(),"datas"in window&&"choicetab"in window.datas&&(D.choicetab=window.datas.choicetab),window.datas=D,$("#appslist").sortable({axis:"y",cursor:"move",opacity:.5,revert:!0,items:"> div.category",update:function(){return U()}}),N(),$("div.message").fadeIn("slow"),$("input[name=timezone]").val(-(new Date).getTimezoneOffset()/60),v=$("#menu").tabs({active:0}),(m=$('#menu a[href="#'+D.displaytab+'"]').parent().index())<0&&(m=0),v.tabs("option","active",m),a=$("#authMenu").tabs({active:0}),(n=$('#authMenu a[href="#'+D.displaytab+'"]').parent().index())<0&&(n=0),a.tabs("option","active",n),D.choicetab&&a.tabs("option","active",$('#authMenu a[href="#'+D.choicetab+'"]').parent().index()),D.login?$("input[type=password]:first").focus():0===$("input[autofocus]").length&&$("input[type!=hidden]:first").focus(),D.newwindow&&$("#appslist a").attr("target","_blank"),$("p.removeOther").length&&(t=$("form.login").attr("action"),b=$("form.login").attr("method"),r="",-1!==t.indexOf("?")?t.substring(0,t.indexOf("?")):r=t+"?",$("form.login input[type=hidden]").each(function(t){return r+="&"+$(this).attr("name")+"="+$(this).val()}),f=$("p.removeOther a").attr("href")+"&method="+b+"&url="+btoa(r),$("p.removeOther a").attr("href",f)),(k=window.location.search)&&(console.log("Parsed queryString:",k),G=new URLSearchParams(k)),G&&((O=G.get("llnglanguage"))&&console.log("Get lang from parameter"),1===(E=G.get("setCookieLang"))&&console.log("Set lang cookie")),l||(l=I("llnglanguage"))&&!O&&console.log("Get lang from cookie"),l)J.call(window.availableLanguages,l)<0&&(l=window.availableLanguages[0],O||console.log("Get default lang"));else if(navigator){for(c=[],u=[],T=[navigator.language],navigator.languages&&(T=navigator.languages),o=0,g=(S=window.availableLanguages).length;o<g;o++)e=S[o],s+='<img class="langicon" src="'+window.staticPrefix+"common/"+e+'.png" title="'+e+'" alt="['+e+']"> ';for(i=0,p=T.length;i<p;i++)for(x=T[i],console.log("Navigator lang",x),w=0,d=(j=window.availableLanguages).length;w<d;w++)e=j[w],console.log(" Available lang",e),L=new RegExp("^"+e+"-?"),x.match(L)?(console.log("  Matching lang =",e),c.push(e)):e.substring(0,1)===x.substring(0,1)&&u.push(e);(l=c[0]?c[0]:u[0]?u[0]:window.availableLanguages[0])&&!O&&console.log("Get lang from navigator")}else(l=window.availableLanguages[0])&&!O&&console.log("Get lang from window");for(O?(console.log("Selected lang ->",O),E&&(console.log("Set lang ->",O),R("llnglanguage",O)),A(O)):(console.log("Selected lang ->",l),R("llnglanguage",l),A(l)),s="",y=0,h=(P=window.availableLanguages).length;y<h;y++)e=P[y],s+='<img class="langicon" src="'+window.staticPrefix+"common/"+e+'.png" title="'+e+'" alt="['+e+']"> ';return $("#languages").html(s),$(".langicon").on("click",function(){return l=$(this).attr("title"),R("llnglanguage",l),A(l)}),D.pingInterval&&0<D.pingInterval&&window.setTimeout(_,D.pingInterval),$(".localeDate").each(function(){var t;return t=new Date(1e3*$(this).attr("val")),$(this).text(t.toLocaleString())}),$(".oidcConsent").on("click",function(){return M($(this).attr("partner"))})})}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js.map
index 51d434f04..494d4412a 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js.map
@@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/portal.js"],"names":["datas","delKey","getCookie","getValues","ping","removeOidcConsent","restoreOrder","setCookie","setKey","setOrder","setSelector","translate","translatePage","translationFields","indexOf","item","i","l","this","length","lang","$","getJSON","window","staticPrefix","data","k","ref","ref1","v","trOver","all","each","args","len","txt","attr","split","shift","replace","html","match","parent","hide","d","Date","text","toLocaleString","str","values","e","results","tmp","JSON","parse","push","error1","console","log","sortable","join","partner","j","s","alert","key","val","success","error","ajax","type","url","dataType","token","sub","IDs","child","itemID","items","len1","list","rebuild","savedOrd","children","remove","filter","append","result","setTimeout","location","reload","t","cname","c","ca","re","decodeURIComponent","document","cookie","RegExp","name","value","exdays","setTime","getTime","toUTCString","on","action","al","authMenuIndex","authMenuTabs","back_url","langdiv","langs","langs2","len2","len3","link","m","menuIndex","menuTabs","method","n","nl","nlangs","queryLang","queryString","ref2","setCookieLang","urlParams","axis","cursor","opacity","revert","update","fadeIn","getTimezoneOffset","tabs","active","index","focus","substring","btoa","search","URLSearchParams","get","call","availableLanguages","navigator","language","languages"],"mappings":"CAMA,WACE,IAAIA,EAAOC,EAAQC,EAAWC,EAAiCC,EAAMC,EAAmBC,EAAcC,EAAWC,EAAQC,EAAUC,EAAaC,EAAWC,EAAeC,EACxKC,EAAU,GAAGA,SAAW,SAASC,GAAQ,IAAK,IAAIC,EAAI,EAAGC,EAAIC,KAAKC,OAAQH,EAAIC,EAAGD,IAAO,GAAIA,KAAKE,MAAQA,KAAKF,KAAOD,EAAM,OAAOC,EAAK,OAAQ,GAEjJH,EAAoB,GAEpBD,EAAgB,SAASQ,GACvB,OAAOC,EAAEC,QAAQC,OAAOC,aAAe,aAAeJ,EAAO,QAAS,SAASK,GAC7E,IAAIC,EAAGC,EAAKC,EAAMC,EAGlB,IAAKH,KAFLb,EAAoBY,EACpBE,EAAMJ,OAAOvB,MAAM8B,OAAOC,IAExBF,EAAIF,EAAID,GACRb,EAAkBa,GAAKG,EAEzB,GAAIN,OAAOvB,MAAM8B,OAAOV,GAEtB,IAAKM,KADLE,EAAOL,OAAOvB,MAAM8B,OAAOV,GAEzBS,EAAID,EAAKF,GACTb,EAAkBa,GAAKG,EAwB3B,OArBAR,EAAE,YAAYW,KAAK,WACjB,IAAIC,EAAMjB,EAAGkB,EAAKC,EAGlB,IAFAF,EAAOZ,EAAEH,MAAMkB,KAAK,UAAUC,MAAM,KACpCF,EAAMxB,EAAUsB,EAAKK,SAChBtB,EAAI,EAAGkB,EAAMD,EAAKd,OAAQH,EAAIkB,EAAKlB,IACtCa,EAAII,EAAKjB,GACTmB,EAAMA,EAAII,QAAQ,QAASV,GAE7B,OAAOR,EAAEH,MAAMsB,KAAKL,KAEtBd,EAAE,WAAWW,KAAK,WAIhB,GAFAX,EAAEH,MAAMsB,KAAK7B,EAAU,KAAQU,EAAEH,MAAMkB,KAAK,WACtCzB,EAAU,KAAQU,EAAEH,MAAMkB,KAAK,UAC7BK,MAAM,UACZ,OAAOpB,EAAEH,MAAMwB,SAASC,SAG5BtB,EAAE,mBAAmBW,KAAK,WACxB,OAAOX,EAAEH,MAAMkB,KAAK,cAAezB,EAAUU,EAAEH,MAAMkB,KAAK,qBAErDf,EAAE,eAAeW,KAAK,WAC3B,IAAIY,EAEJ,OADAA,EAAI,IAAIC,KAAiC,IAA5BxB,EAAEH,MAAMkB,KAAK,cACnBf,EAAEH,MAAM4B,KAAKF,EAAEG,uBAK5BpC,EAAY,SAASqC,GACnB,OAAInC,EAAkBmC,GACbnC,EAAkBmC,GAElBA,GAIXzB,OAAOZ,UAAYA,EAEnBR,EAAY,WACV,IAAI8C,EAkBJ,OAjBAA,EAAS,GACT5B,EAAE,mCAAmCW,KAAK,WACxC,IAAIkB,EAAGxB,EAAGyB,EAASC,EACnB,IAGE,IAAK1B,KAFL0B,EAAMC,KAAKC,MAAMjC,EAAEH,MAAM4B,QACzBK,EAAU,GACAC,EACRD,EAAQI,KAAKN,EAAOvB,GAAK0B,EAAI1B,IAE/B,OAAOyB,EACP,MAAOK,GAGP,OAFAN,EAAIM,EACJC,QAAQC,IAAI,gBAAiBR,GACtBO,QAAQC,IAAI,OAAQrC,EAAEH,MAAM4B,WAGvCW,QAAQC,IAAIT,GACLA,GAGTvC,EAAc,YAEdD,EAAW,WACT,OAAOD,EAAO,iBAAkBa,EAAEX,GAAaiD,SAAS,WAAWC,SAGrEvD,EAAoB,SAASwD,GAK3B,OAAO5D,EAAO,gBAAiB4D,EAAS,WACtC,OAAOxC,EAAE,aAAewC,EAAU,MAAMlB,QAJtC,SAASmB,EAAGC,EAAGb,GACjB,OAAOc,MAAMD,EAAI,IAAMb,MAO3B1C,EAAS,SAASyD,EAAKC,EAAKC,EAASC,GACnC,OAAO/C,EAAEgD,KAAK,CACZC,KAAM,MACNC,IAAKvE,EAAkB,WAAI,uBAC3BwE,SAAU,OACVJ,MAAOA,EACPD,QAAS,SAAS1C,GAChB,IAAImB,EAKJ,OAJAA,EAAI,CACF6B,MAAOhD,EAAKgD,QAEZR,GAAOC,EACF7C,EAAEgD,KAAK,CACZC,KAAM,MACNC,IAAKvE,EAAkB,WAAI,wBAC3BwE,SAAU,OACV/C,KAAMmB,EACNuB,QAASA,EACTC,MAAOA,QAMfnE,EAAS,SAASgE,EAAKS,EAAKP,EAASC,GACnC,OAAO/C,EAAEgD,KAAK,CACZC,KAAM,MACNC,IAAKvE,EAAkB,WAAI,uBAC3BwE,SAAU,OACVJ,MAAOA,EACPD,QAAS,SAAS1C,GAChB,OAAOJ,EAAEgD,KAAK,CACZC,KAAM,SACNC,IAAKvE,EAAkB,WAAI,yBAA2BiE,EAAM,QAAUS,EAAM,UAAYjD,EAAKgD,MAC7FD,SAAU,OACVL,QAASA,EACTC,MAAOA,QAMf9D,EAAe,WACb,IAAIqE,EAAKC,EAAO5D,EAAGD,EAAM8D,EAAQC,EAAO7D,EAAGiB,EAAK6C,EAAMC,EAAMC,EAASC,EAAUrD,EAE/E,GAAe,OADfmD,EAAO3D,EAAEX,MACeV,EAAqB,cAC3C,OAAO,KAKT,IAHA2E,EAAM3E,EAAqB,cAAEqC,MAAM,KAEnC4C,EAAU,GACLjE,EAAI,EAAGkB,GAFZ4C,EAAQE,EAAKrB,SAAS,YAEExC,OAAQH,EAAIkB,EAAKlB,IAEvCiE,EADApD,EAAIiD,EAAM9D,IACGa,EAEf,IAAKZ,EAAI,EAAG8D,EAAOJ,EAAIxD,OAAQF,EAAI8D,EAAM9D,IAEnCgE,EADJJ,EAASF,EAAI1D,MAEXF,EAAOkE,EAAQJ,GACfD,EAAQvD,EAAEX,EAAc,gBAAgByE,SAAS,IAAMpE,GACvDmE,EAAW7D,EAAEX,EAAc,gBAAgByE,SAAS,IAAMN,GAC1DD,EAAMQ,SACN/D,EAAEX,EAAc,gBAAgB2E,OAAO,UAAUC,OAAOJ,IAG5D,OAAO,GAOT9E,EAAO,WACL,OAAOiB,EAAEgD,KAAK,CACZC,KAAM,OACNC,IAAKvE,EAAkB,WACvByB,KAAM,CACJrB,KAAM,GAERoE,SAAU,OACVL,QAAS,SAAS1C,GAChB,OAAoB,MAAfA,EAAK8D,QAAmC,IAAhB9D,EAAK8D,OACzBC,WAAWpF,EAAMJ,EAAoB,cAErCyF,SAASC,QAAO,IAG3BtB,MAAO,SAASN,EAAG6B,EAAGzC,GACpB,OAAOuC,SAASC,QAAO,OAK7BnE,OAAOnB,KAAOA,EAEdF,EAAY,SAAS0F,GACnB,IAAIC,EAAGC,EAAI9E,EAAGkB,EAAW6D,EAIzB,IAHOH,EAAQ,IACfE,EAAKE,mBAAmBC,SAASC,QAAQ7D,MAAM,KAC/C0D,EAAK,IAAII,OAAO,MAAQP,EAAQ,KAC3B5E,EAAI,EAAGkB,EAAM4D,EAAG3E,OAAQH,EAAIkB,EAAKlB,IAEpC,IADA6E,EAAIC,EAAG9E,IACDyB,MAAMsD,GAEV,OADAF,EAAIA,EAAEtD,QAAQwD,EAAI,IAItB,MAAO,IAGTxF,EAAY,SAAS6F,EAAMC,EAAOC,GAChC,IAAI1D,EAGJ,OAFAA,EAAI,IAAIC,MACN0D,QAAQ3D,EAAE4D,UAAqB,MAATF,GACjBL,SAASC,OAASE,EAAO,IAAMC,EAAQ,aAAgBzD,EAAE6D,cAAiB,YAGnFzG,EAAQ,GAERqB,EAAEE,QAAQmF,GAAG,OAAQ,WACnB,IAAIC,EAAQC,EAAIC,EAAeC,EAAcC,EAAU/F,EAAGC,EAAGG,EAAM4F,EAASC,EAAOC,EAAQhF,EAAK6C,EAAMoC,EAAMC,EAAMC,EAAMC,EAAGC,EAAWC,EAAUC,EAAQC,EAAGC,EAAIC,EAAQC,EAAWC,EAAa/B,EAAIpE,EAAKC,EAAMmG,EAAMC,EAAeC,EAiFnO,GAhFAjI,EAAQG,IACRoB,OAAOvB,MAAQA,EACfqB,EAAE,aAAasC,SAAS,CACtBuE,KAAM,IACNC,OAAQ,OACRC,QAAS,GACTC,QAAQ,EACRvD,MAAO,iBACPwD,OAAQ,WACN,OAAO7H,OAGXH,IACAe,EAAE,eAAekH,OAAO,QACxBlH,EAAE,wBAAwB6C,MAAM,IAAIrB,MAAO2F,oBAAsB,IACjEhB,EAAWnG,EAAE,SAASoH,KAAK,CACzBC,OAAQ,KAEVnB,EAAYlG,EAAE,kBAAoBrB,EAAkB,WAAI,MAAM0C,SAASiG,SACvD,IACdpB,EAAY,GAEdC,EAASiB,KAAK,SAAU,SAAUlB,GAClCT,EAAezF,EAAE,aAAaoH,KAAK,CACjCC,OAAQ,KAEV7B,EAAgBxF,EAAE,sBAAwBrB,EAAkB,WAAI,MAAM0C,SAASiG,SAC3D,IAClB9B,EAAgB,GAElBC,EAAa2B,KAAK,SAAU,SAAU5B,GAClC7G,EAAiB,WACnB8G,EAAa2B,KAAK,SAAU,SAAUpH,EAAE,sBAAwBrB,EAAiB,UAAI,MAAM0C,SAASiG,SAElG3I,EAAa,MACfqB,EAAE,8BAA8BuH,QAEK,IAAjCvH,EAAE,oBAAoBF,QACxBE,EAAE,6BAA6BuH,QAG/B5I,EAAiB,WACnBqB,EAAE,eAAee,KAAK,SAAU,UAE9Bf,EAAE,iBAAiBF,SACrBwF,EAAStF,EAAE,cAAce,KAAK,UAC9BqF,EAASpG,EAAE,cAAce,KAAK,UAC9B2E,EAAW,IACkB,IAAzBJ,EAAO7F,QAAQ,KACjB6F,EAAOkC,UAAU,EAAGlC,EAAO7F,QAAQ,MAEnCiG,EAAWJ,EAAS,IAEtBtF,EAAE,iCAAiCW,KAAK,SAAS2G,GAC/C,OAAO5B,GAAY,IAAM1F,EAAEH,MAAMkB,KAAK,QAAU,IAAMf,EAAEH,MAAMgD,QAEhEmD,EAAOhG,EAAE,mBAAmBe,KAAK,QAAU,WAAaqF,EAAS,QAAUqB,KAAK/B,GAChF1F,EAAE,mBAAmBe,KAAK,OAAQiF,KAEpCS,EAAcvG,OAAOkE,SAASsD,UAE5BtF,QAAQC,IAAI,sBAAuBoE,GACnCG,EAAY,IAAIe,gBAAgBlB,IAE9BG,KACFJ,EAAYI,EAAUgB,IAAI,kBAExBxF,QAAQC,IAAI,2BAGQ,KADtBsE,EAAgBC,EAAUgB,IAAI,mBAE5BxF,QAAQC,IAAI,oBAGXtC,IACHA,EAAOlB,EAAU,mBACJ2H,GACXpE,QAAQC,IAAI,wBAGXtC,EAuCMN,EAAQoI,KAAK3H,OAAO4H,mBAAoB/H,GAAQ,IACzDA,EAAOG,OAAO4H,mBAAmB,GAC5BtB,GACHpE,QAAQC,IAAI,0BAzCd,GAAI0F,UAAW,CAQb,IAPAnC,EAAQ,GACRC,EAAS,GACTU,EAAS,CAACwB,UAAUC,UAChBD,UAAUE,YACZ1B,EAASwB,UAAUE,WAGhBtI,EAAI,EAAGkB,GADZP,EAAMJ,OAAO4H,oBACShI,OAAQH,EAAIkB,EAAKlB,IACrC4F,EAAKjF,EAAIX,GACTgG,GAAW,8BAAmCzF,OAAOC,aAAe,UAAYoF,EAAK,gBAAoBA,EAAK,WAAeA,EAAK,OAEpI,IAAK3F,EAAI,EAAG8D,EAAO6C,EAAOzG,OAAQF,EAAI8D,EAAM9D,IAI1C,IAHA0G,EAAKC,EAAO3G,GACZwC,QAAQC,IAAI,iBAAkBiE,GAEzBL,EAAI,EAAGH,GADZvF,EAAOL,OAAO4H,oBACUhI,OAAQmG,EAAIH,EAAMG,IACxCV,EAAKhF,EAAK0F,GACV7D,QAAQC,IAAI,kBAAmBkD,GAC/Bb,EAAK,IAAII,OAAO,IAAMS,EAAK,MACvBe,EAAGlF,MAAMsD,IACXtC,QAAQC,IAAI,oBAAqBkD,GACjCK,EAAM1D,KAAKqD,IACFA,EAAGiC,UAAU,EAAG,KAAOlB,EAAGkB,UAAU,EAAG,IAChD3B,EAAO3D,KAAKqD,IAIlBxF,EAAO6F,EAAM,GAAKA,EAAM,GAAKC,EAAO,GAAKA,EAAO,GAAK3F,OAAO4H,mBAAmB,MAClEtB,GACXpE,QAAQC,IAAI,gCAGdtC,EAAOG,OAAO4H,mBAAmB,MACpBtB,GACXpE,QAAQC,IAAI,wBAuBlB,IAdImE,GACFpE,QAAQC,IAAI,mBAAoBmE,GAC5BG,IACFvE,QAAQC,IAAI,cAAemE,GAC3BtH,EAAU,eAAgBsH,IAE5BjH,EAAciH,KAEdpE,QAAQC,IAAI,mBAAoBtC,GAChCb,EAAU,eAAgBa,GAC1BR,EAAcQ,IAEhB4F,EAAU,GAELU,EAAI,EAAGN,GADZW,EAAOxG,OAAO4H,oBACUhI,OAAQuG,EAAIN,EAAMM,IACxCd,EAAKmB,EAAKL,GACVV,GAAW,8BAAmCzF,OAAOC,aAAe,UAAYoF,EAAK,gBAAoBA,EAAK,WAAeA,EAAK,OAgBpI,OAdAvF,EAAE,cAAcmB,KAAKwE,GACrB3F,EAAE,aAAaqF,GAAG,QAAS,WAGzB,OAFAtF,EAAOC,EAAEH,MAAMkB,KAAK,SACpB7B,EAAU,eAAgBa,GACnBR,EAAcQ,KAEnBpB,EAAoB,cAA6B,EAAxBA,EAAoB,cAC/CuB,OAAOiE,WAAWpF,EAAMJ,EAAoB,cAE9CqB,EAAE,eAAeW,KAAK,WACpB,IAAI+B,EAEJ,OADAA,EAAI,IAAIlB,KAA2B,IAAtBxB,EAAEH,MAAMkB,KAAK,QACnBf,EAAEH,MAAM4B,KAAKiB,EAAEhB,oBAEjB1B,EAAE,gBAAgBqF,GAAG,QAAS,WACnC,OAAOrG,EAAkBgB,EAAEH,MAAMkB,KAAK,kBAIzC8G,KAAKhI"}
\ No newline at end of file
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/portal.js"],"names":["datas","delKey","getCookie","getValues","ping","removeOidcConsent","restoreOrder","setCookie","setKey","setOrder","setSelector","translate","translatePage","translationFields","indexOf","item","i","l","this","length","lang","$","getJSON","window","staticPrefix","data","k","ref","ref1","v","trOver","all","each","args","len","txt","attr","split","shift","replace","html","match","parent","hide","d","Date","text","toLocaleString","str","values","e","results","tmp","JSON","parse","push","error1","console","log","sortable","join","partner","j","s","alert","key","val","success","error","ajax","type","url","dataType","token","sub","IDs","child","itemID","items","len1","list","rebuild","savedOrd","children","remove","filter","append","result","setTimeout","location","reload","t","cname","c","ca","re","decodeURIComponent","document","cookie","RegExp","name","value","exdays","setTime","getTime","toUTCString","on","action","al","authMenuIndex","authMenuTabs","back_url","langdiv","langs","langs2","len2","len3","link","m","menuIndex","menuTabs","method","n","nl","nlangs","queryLang","queryString","ref2","setCookieLang","urlParams","choicetab","axis","cursor","opacity","revert","update","fadeIn","getTimezoneOffset","tabs","active","index","focus","substring","btoa","search","URLSearchParams","get","call","availableLanguages","navigator","language","languages"],"mappings":"CAMA,WACE,IAAIA,EAAOC,EAAQC,EAAWC,EAAiCC,EAAMC,EAAmBC,EAAcC,EAAWC,EAAQC,EAAUC,EAAaC,EAAWC,EAAeC,EACxKC,EAAU,GAAGA,SAAW,SAASC,GAAQ,IAAK,IAAIC,EAAI,EAAGC,EAAIC,KAAKC,OAAQH,EAAIC,EAAGD,IAAO,GAAIA,KAAKE,MAAQA,KAAKF,KAAOD,EAAM,OAAOC,EAAK,OAAQ,GAEjJH,EAAoB,GAEpBD,EAAgB,SAASQ,GACvB,OAAOC,EAAEC,QAAQC,OAAOC,aAAe,aAAeJ,EAAO,QAAS,SAASK,GAC7E,IAAIC,EAAGC,EAAKC,EAAMC,EAGlB,IAAKH,KAFLb,EAAoBY,EACpBE,EAAMJ,OAAOvB,MAAM8B,OAAOC,IAExBF,EAAIF,EAAID,GACRb,EAAkBa,GAAKG,EAEzB,GAAIN,OAAOvB,MAAM8B,OAAOV,GAEtB,IAAKM,KADLE,EAAOL,OAAOvB,MAAM8B,OAAOV,GAEzBS,EAAID,EAAKF,GACTb,EAAkBa,GAAKG,EAwB3B,OArBAR,EAAE,YAAYW,KAAK,WACjB,IAAIC,EAAMjB,EAAGkB,EAAKC,EAGlB,IAFAF,EAAOZ,EAAEH,MAAMkB,KAAK,UAAUC,MAAM,KACpCF,EAAMxB,EAAUsB,EAAKK,SAChBtB,EAAI,EAAGkB,EAAMD,EAAKd,OAAQH,EAAIkB,EAAKlB,IACtCa,EAAII,EAAKjB,GACTmB,EAAMA,EAAII,QAAQ,QAASV,GAE7B,OAAOR,EAAEH,MAAMsB,KAAKL,KAEtBd,EAAE,WAAWW,KAAK,WAIhB,GAFAX,EAAEH,MAAMsB,KAAK7B,EAAU,KAAQU,EAAEH,MAAMkB,KAAK,WACtCzB,EAAU,KAAQU,EAAEH,MAAMkB,KAAK,UAC7BK,MAAM,UACZ,OAAOpB,EAAEH,MAAMwB,SAASC,SAG5BtB,EAAE,mBAAmBW,KAAK,WACxB,OAAOX,EAAEH,MAAMkB,KAAK,cAAezB,EAAUU,EAAEH,MAAMkB,KAAK,qBAErDf,EAAE,eAAeW,KAAK,WAC3B,IAAIY,EAEJ,OADAA,EAAI,IAAIC,KAAiC,IAA5BxB,EAAEH,MAAMkB,KAAK,cACnBf,EAAEH,MAAM4B,KAAKF,EAAEG,uBAK5BpC,EAAY,SAASqC,GACnB,OAAInC,EAAkBmC,GACbnC,EAAkBmC,GAElBA,GAIXzB,OAAOZ,UAAYA,EAEnBR,EAAY,WACV,IAAI8C,EAkBJ,OAjBAA,EAAS,GACT5B,EAAE,mCAAmCW,KAAK,WACxC,IAAIkB,EAAGxB,EAAGyB,EAASC,EACnB,IAGE,IAAK1B,KAFL0B,EAAMC,KAAKC,MAAMjC,EAAEH,MAAM4B,QACzBK,EAAU,GACAC,EACRD,EAAQI,KAAKN,EAAOvB,GAAK0B,EAAI1B,IAE/B,OAAOyB,EACP,MAAOK,GAGP,OAFAN,EAAIM,EACJC,QAAQC,IAAI,gBAAiBR,GACtBO,QAAQC,IAAI,OAAQrC,EAAEH,MAAM4B,WAGvCW,QAAQC,IAAIT,GACLA,GAGTvC,EAAc,YAEdD,EAAW,WACT,OAAOD,EAAO,iBAAkBa,EAAEX,GAAaiD,SAAS,WAAWC,SAGrEvD,EAAoB,SAASwD,GAK3B,OAAO5D,EAAO,gBAAiB4D,EAAS,WACtC,OAAOxC,EAAE,aAAewC,EAAU,MAAMlB,QAJtC,SAASmB,EAAGC,EAAGb,GACjB,OAAOc,MAAMD,EAAI,IAAMb,MAO3B1C,EAAS,SAASyD,EAAKC,EAAKC,EAASC,GACnC,OAAO/C,EAAEgD,KAAK,CACZC,KAAM,MACNC,IAAKvE,EAAkB,WAAI,uBAC3BwE,SAAU,OACVJ,MAAOA,EACPD,QAAS,SAAS1C,GAChB,IAAImB,EAKJ,OAJAA,EAAI,CACF6B,MAAOhD,EAAKgD,QAEZR,GAAOC,EACF7C,EAAEgD,KAAK,CACZC,KAAM,MACNC,IAAKvE,EAAkB,WAAI,wBAC3BwE,SAAU,OACV/C,KAAMmB,EACNuB,QAASA,EACTC,MAAOA,QAMfnE,EAAS,SAASgE,EAAKS,EAAKP,EAASC,GACnC,OAAO/C,EAAEgD,KAAK,CACZC,KAAM,MACNC,IAAKvE,EAAkB,WAAI,uBAC3BwE,SAAU,OACVJ,MAAOA,EACPD,QAAS,SAAS1C,GAChB,OAAOJ,EAAEgD,KAAK,CACZC,KAAM,SACNC,IAAKvE,EAAkB,WAAI,yBAA2BiE,EAAM,QAAUS,EAAM,UAAYjD,EAAKgD,MAC7FD,SAAU,OACVL,QAASA,EACTC,MAAOA,QAMf9D,EAAe,WACb,IAAIqE,EAAKC,EAAO5D,EAAGD,EAAM8D,EAAQC,EAAO7D,EAAGiB,EAAK6C,EAAMC,EAAMC,EAASC,EAAUrD,EAE/E,GAAe,OADfmD,EAAO3D,EAAEX,MACeV,EAAqB,cAC3C,OAAO,KAKT,IAHA2E,EAAM3E,EAAqB,cAAEqC,MAAM,KAEnC4C,EAAU,GACLjE,EAAI,EAAGkB,GAFZ4C,EAAQE,EAAKrB,SAAS,YAEExC,OAAQH,EAAIkB,EAAKlB,IAEvCiE,EADApD,EAAIiD,EAAM9D,IACGa,EAEf,IAAKZ,EAAI,EAAG8D,EAAOJ,EAAIxD,OAAQF,EAAI8D,EAAM9D,IAEnCgE,EADJJ,EAASF,EAAI1D,MAEXF,EAAOkE,EAAQJ,GACfD,EAAQvD,EAAEX,EAAc,gBAAgByE,SAAS,IAAMpE,GACvDmE,EAAW7D,EAAEX,EAAc,gBAAgByE,SAAS,IAAMN,GAC1DD,EAAMQ,SACN/D,EAAEX,EAAc,gBAAgB2E,OAAO,UAAUC,OAAOJ,IAG5D,OAAO,GAOT9E,EAAO,WACL,OAAOiB,EAAEgD,KAAK,CACZC,KAAM,OACNC,IAAKvE,EAAkB,WACvByB,KAAM,CACJrB,KAAM,GAERoE,SAAU,OACVL,QAAS,SAAS1C,GAChB,OAAoB,MAAfA,EAAK8D,QAAmC,IAAhB9D,EAAK8D,OACzBC,WAAWpF,EAAMJ,EAAoB,cAErCyF,SAASC,QAAO,IAG3BtB,MAAO,SAASN,EAAG6B,EAAGzC,GACpB,OAAOuC,SAASC,QAAO,OAK7BnE,OAAOnB,KAAOA,EAEdF,EAAY,SAAS0F,GACnB,IAAIC,EAAGC,EAAI9E,EAAGkB,EAAW6D,EAIzB,IAHOH,EAAQ,IACfE,EAAKE,mBAAmBC,SAASC,QAAQ7D,MAAM,KAC/C0D,EAAK,IAAII,OAAO,MAAQP,EAAQ,KAC3B5E,EAAI,EAAGkB,EAAM4D,EAAG3E,OAAQH,EAAIkB,EAAKlB,IAEpC,IADA6E,EAAIC,EAAG9E,IACDyB,MAAMsD,GAEV,OADAF,EAAIA,EAAEtD,QAAQwD,EAAI,IAItB,MAAO,IAGTxF,EAAY,SAAS6F,EAAMC,EAAOC,GAChC,IAAI1D,EAGJ,OAFAA,EAAI,IAAIC,MACN0D,QAAQ3D,EAAE4D,UAAqB,MAATF,GACjBL,SAASC,OAASE,EAAO,IAAMC,EAAQ,aAAgBzD,EAAE6D,cAAiB,YAGnFzG,EAAQ,GAERqB,EAAEE,QAAQmF,GAAG,OAAQ,WACnB,IAAIC,EAAQC,EAAIC,EAAeC,EAAcC,EAAU/F,EAAGC,EAAGG,EAAM4F,EAASC,EAAOC,EAAQhF,EAAK6C,EAAMoC,EAAMC,EAAMC,EAAMC,EAAGC,EAAWC,EAAUC,EAAQC,EAAGC,EAAIC,EAAQC,EAAWC,EAAa/B,EAAIpE,EAAKC,EAAMmG,EAAMC,EAAeC,EAoFnO,GAnFAjI,EAAQG,IACJ,UAAWoB,QAAU,cAAeA,OAAOvB,QAC7CA,EAAMkI,UAAY3G,OAAOvB,MAAMkI,WAEjC3G,OAAOvB,MAAQA,EACfqB,EAAE,aAAasC,SAAS,CACtBwE,KAAM,IACNC,OAAQ,OACRC,QAAS,GACTC,QAAQ,EACRxD,MAAO,iBACPyD,OAAQ,WACN,OAAO9H,OAGXH,IACAe,EAAE,eAAemH,OAAO,QACxBnH,EAAE,wBAAwB6C,MAAM,IAAIrB,MAAO4F,oBAAsB,IACjEjB,EAAWnG,EAAE,SAASqH,KAAK,CACzBC,OAAQ,KAEVpB,EAAYlG,EAAE,kBAAoBrB,EAAkB,WAAI,MAAM0C,SAASkG,SACvD,IACdrB,EAAY,GAEdC,EAASkB,KAAK,SAAU,SAAUnB,GAClCT,EAAezF,EAAE,aAAaqH,KAAK,CACjCC,OAAQ,KAEV9B,EAAgBxF,EAAE,sBAAwBrB,EAAkB,WAAI,MAAM0C,SAASkG,SAC3D,IAClB/B,EAAgB,GAElBC,EAAa4B,KAAK,SAAU,SAAU7B,GAClC7G,EAAiB,WACnB8G,EAAa4B,KAAK,SAAU,SAAUrH,EAAE,sBAAwBrB,EAAiB,UAAI,MAAM0C,SAASkG,SAElG5I,EAAa,MACfqB,EAAE,8BAA8BwH,QAEK,IAAjCxH,EAAE,oBAAoBF,QACxBE,EAAE,6BAA6BwH,QAG/B7I,EAAiB,WACnBqB,EAAE,eAAee,KAAK,SAAU,UAE9Bf,EAAE,iBAAiBF,SACrBwF,EAAStF,EAAE,cAAce,KAAK,UAC9BqF,EAASpG,EAAE,cAAce,KAAK,UAC9B2E,EAAW,IACkB,IAAzBJ,EAAO7F,QAAQ,KACjB6F,EAAOmC,UAAU,EAAGnC,EAAO7F,QAAQ,MAEnCiG,EAAWJ,EAAS,IAEtBtF,EAAE,iCAAiCW,KAAK,SAAS4G,GAC/C,OAAO7B,GAAY,IAAM1F,EAAEH,MAAMkB,KAAK,QAAU,IAAMf,EAAEH,MAAMgD,QAEhEmD,EAAOhG,EAAE,mBAAmBe,KAAK,QAAU,WAAaqF,EAAS,QAAUsB,KAAKhC,GAChF1F,EAAE,mBAAmBe,KAAK,OAAQiF,KAEpCS,EAAcvG,OAAOkE,SAASuD,UAE5BvF,QAAQC,IAAI,sBAAuBoE,GACnCG,EAAY,IAAIgB,gBAAgBnB,IAE9BG,KACFJ,EAAYI,EAAUiB,IAAI,kBAExBzF,QAAQC,IAAI,2BAGQ,KADtBsE,EAAgBC,EAAUiB,IAAI,mBAE5BzF,QAAQC,IAAI,oBAGXtC,IACHA,EAAOlB,EAAU,mBACJ2H,GACXpE,QAAQC,IAAI,wBAGXtC,EAuCMN,EAAQqI,KAAK5H,OAAO6H,mBAAoBhI,GAAQ,IACzDA,EAAOG,OAAO6H,mBAAmB,GAC5BvB,GACHpE,QAAQC,IAAI,0BAzCd,GAAI2F,UAAW,CAQb,IAPApC,EAAQ,GACRC,EAAS,GACTU,EAAS,CAACyB,UAAUC,UAChBD,UAAUE,YACZ3B,EAASyB,UAAUE,WAGhBvI,EAAI,EAAGkB,GADZP,EAAMJ,OAAO6H,oBACSjI,OAAQH,EAAIkB,EAAKlB,IACrC4F,EAAKjF,EAAIX,GACTgG,GAAW,8BAAmCzF,OAAOC,aAAe,UAAYoF,EAAK,gBAAoBA,EAAK,WAAeA,EAAK,OAEpI,IAAK3F,EAAI,EAAG8D,EAAO6C,EAAOzG,OAAQF,EAAI8D,EAAM9D,IAI1C,IAHA0G,EAAKC,EAAO3G,GACZwC,QAAQC,IAAI,iBAAkBiE,GAEzBL,EAAI,EAAGH,GADZvF,EAAOL,OAAO6H,oBACUjI,OAAQmG,EAAIH,EAAMG,IACxCV,EAAKhF,EAAK0F,GACV7D,QAAQC,IAAI,kBAAmBkD,GAC/Bb,EAAK,IAAII,OAAO,IAAMS,EAAK,MACvBe,EAAGlF,MAAMsD,IACXtC,QAAQC,IAAI,oBAAqBkD,GACjCK,EAAM1D,KAAKqD,IACFA,EAAGkC,UAAU,EAAG,KAAOnB,EAAGmB,UAAU,EAAG,IAChD5B,EAAO3D,KAAKqD,IAIlBxF,EAAO6F,EAAM,GAAKA,EAAM,GAAKC,EAAO,GAAKA,EAAO,GAAK3F,OAAO6H,mBAAmB,MAClEvB,GACXpE,QAAQC,IAAI,gCAGdtC,EAAOG,OAAO6H,mBAAmB,MACpBvB,GACXpE,QAAQC,IAAI,wBAuBlB,IAdImE,GACFpE,QAAQC,IAAI,mBAAoBmE,GAC5BG,IACFvE,QAAQC,IAAI,cAAemE,GAC3BtH,EAAU,eAAgBsH,IAE5BjH,EAAciH,KAEdpE,QAAQC,IAAI,mBAAoBtC,GAChCb,EAAU,eAAgBa,GAC1BR,EAAcQ,IAEhB4F,EAAU,GAELU,EAAI,EAAGN,GADZW,EAAOxG,OAAO6H,oBACUjI,OAAQuG,EAAIN,EAAMM,IACxCd,EAAKmB,EAAKL,GACVV,GAAW,8BAAmCzF,OAAOC,aAAe,UAAYoF,EAAK,gBAAoBA,EAAK,WAAeA,EAAK,OAgBpI,OAdAvF,EAAE,cAAcmB,KAAKwE,GACrB3F,EAAE,aAAaqF,GAAG,QAAS,WAGzB,OAFAtF,EAAOC,EAAEH,MAAMkB,KAAK,SACpB7B,EAAU,eAAgBa,GACnBR,EAAcQ,KAEnBpB,EAAoB,cAA6B,EAAxBA,EAAoB,cAC/CuB,OAAOiE,WAAWpF,EAAMJ,EAAoB,cAE9CqB,EAAE,eAAeW,KAAK,WACpB,IAAI+B,EAEJ,OADAA,EAAI,IAAIlB,KAA2B,IAAtBxB,EAAEH,MAAMkB,KAAK,QACnBf,EAAEH,MAAM4B,KAAKiB,EAAEhB,oBAEjB1B,EAAE,gBAAgBqF,GAAG,QAAS,WACnC,OAAOrG,EAAkBgB,EAAEH,MAAMkB,KAAK,kBAIzC+G,KAAKjI"}
\ No newline at end of file

From 64473968884e6828844f1226cc50672ff29aa46f Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Thu, 26 Mar 2020 20:21:09 +0100
Subject: [PATCH 6/6] Improve SSL error reporting (#2110)

---
 .../lib/Lemonldap/NG/Portal/Auth/SSL.pm       | 14 +++++++++
 lemonldap-ng-portal/site/coffee/ssl.coffee    | 31 +++++++++++++------
 .../site/coffee/sslChoice.coffee              | 31 +++++++++++++------
 .../site/htdocs/static/common/js/ssl.js       | 26 ++++++++++------
 .../site/htdocs/static/common/js/ssl.min.js   |  2 +-
 .../htdocs/static/common/js/ssl.min.js.map    |  2 +-
 .../site/htdocs/static/common/js/sslChoice.js | 26 ++++++++++------
 .../htdocs/static/common/js/sslChoice.min.js  |  2 +-
 .../static/common/js/sslChoice.min.js.map     |  2 +-
 .../site/templates/bootstrap/login.tpl        | 16 +++++-----
 10 files changed, 101 insertions(+), 51 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm
index 284c38676..bc133274f 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm
@@ -31,6 +31,13 @@ sub init {
 # @return Lemonldap::NG::Portal constant
 sub extractFormInfo {
     my ( $self, $req ) = @_;
+
+    # If this is the ajax query, allow response to contain HTML code
+    # to update the portal error message
+    if ( $req->wantJSON ) {
+        $req->wantErrorRender(1);
+    }
+
     my $field = $self->conf->{SSLVar};
     if ( $req->env->{SSL_CLIENT_I_DN} ) {
         $self->logger->debug(
@@ -55,6 +62,12 @@ sub extractFormInfo {
         return PE_BADCERTIFICATE;
     }
     elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {
+
+        # If this is the AJAX query
+        if ( $req->wantJSON ) {
+            return PE_CERTIFICATEREQUIRED;
+        }
+
         $self->logger->debug( 'Append ' . $self->{Name} . ' init/script' );
         $req->data->{customScript} .= $self->{AjaxInitScript};
         $self->logger->debug(
@@ -68,6 +81,7 @@ sub extractFormInfo {
             $req->data->{customScript} .= $self->{AjaxInitScript};
             $self->logger->debug(
                 "Send init/script -> " . $req->data->{customScript} );
+            return PE_BADCERTIFICATE;
         }
         $self->userLogger->warn('No certificate found');
         return PE_CERTIFICATEREQUIRED;
diff --git a/lemonldap-ng-portal/site/coffee/ssl.coffee b/lemonldap-ng-portal/site/coffee/ssl.coffee
index 04571e691..d365bae13 100644
--- a/lemonldap-ng-portal/site/coffee/ssl.coffee
+++ b/lemonldap-ng-portal/site/coffee/ssl.coffee
@@ -5,12 +5,9 @@ tryssl = () ->
 	console.log 'path -> ', path
 	console.log 'Call URL -> ', window.datas.sslHost
 	$.ajax window.datas.sslHost,
-		dataType: 'jsonp'
-		# PE_BADCREDENTIALS
-		statusCode:
-			401: () ->
-				$('#lform').submit()
-				console.log 'Error code 401'
+		dataType: 'json',
+		xhrFields:
+			withCredentials: true
 		# If request succeed, cookie is set, posting form to get redirection
 		# or menu
 		success: (data) ->
@@ -18,9 +15,23 @@ tryssl = () ->
 			console.log 'Success -> ', data
 		# Case else, will display PE_BADCREDENTIALS or fallback to next auth
 		# backend
-		error: () ->
-			sendUrl path
-			console.log 'Error'
+		error: (result) ->
+			# If the AJAX query didn't fire at all, it's probably
+			# a bad certificate
+			if result.status == 0
+				# We couldn't send the request.
+				# if client verification is optional, this means
+				# the certificate was rejected (or some network error)
+				sendUrl path
+			# For compatibility with earlier configs, handle PE9 by posting form
+			if result.responseJSON && 'error' of result.responseJSON && result.responseJSON.error == "9"
+				sendUrl path
+
+			# If the server sent a html error description, display it
+			if result.responseJSON && 'html' of result.responseJSON
+				$('#errormsg').html(result.responseJSON.html);
+				$(window).trigger('load');
+			console.log 'Error during AJAX SSL authentication', result
 	false
 
 sendUrl = (path) ->
@@ -34,4 +45,4 @@ sendUrl = (path) ->
 	$('#lform').submit()
 
 $(document).ready ->
-	$('.sslclick').on 'click', tryssl
\ No newline at end of file
+	$('.sslclick').on 'click', tryssl
diff --git a/lemonldap-ng-portal/site/coffee/sslChoice.coffee b/lemonldap-ng-portal/site/coffee/sslChoice.coffee
index ebc35caa9..1b1da6765 100644
--- a/lemonldap-ng-portal/site/coffee/sslChoice.coffee
+++ b/lemonldap-ng-portal/site/coffee/sslChoice.coffee
@@ -5,12 +5,9 @@ tryssl = () ->
 	console.log 'path -> ', path
 	console.log 'Call URL -> ', window.datas.sslHost
 	$.ajax window.datas.sslHost,
-		dataType: 'jsonp'
-		# PE_BADCREDENTIALS
-		statusCode:
-			401: () ->
-				$('#lformSSL').submit()
-				console.log 'Error code 401'
+		dataType: 'json',
+		xhrFields:
+			withCredentials: true
 		# If request succeed, cookie is set, posting form to get redirection
 		# or menu
 		success: (data) ->
@@ -18,9 +15,23 @@ tryssl = () ->
 			console.log 'Success -> ', data
 		# Case else, will display PE_BADCREDENTIALS or fallback to next auth
 		# backend
-		error: () ->
-			sendUrl path
-			console.log 'Error'
+		error: (result) ->
+			# If the AJAX query didn't fire at all, it's probably
+			# a bad certificate
+			if result.status == 0
+				# We couldn't send the request.
+				# if client verification is optional, this means
+				# the certificate was rejected (or some network error)
+				sendUrl path
+			# For compatibility with earlier configs, handle PE9 by posting form
+			if result.responseJSON && 'error' of result.responseJSON && result.responseJSON.error == "9"
+				sendUrl path
+
+			# If the server sent a html error description, display it
+			if result.responseJSON && 'html' of result.responseJSON
+				$('#errormsg').html(result.responseJSON.html);
+				$(window).trigger('load');
+			console.log 'Error during AJAX SSL authentication', result
 	false
 
 sendUrl = (path) ->
@@ -34,4 +45,4 @@ sendUrl = (path) ->
 	$('#lformSSL').submit()
 
 $(document).ready ->
-	$('.sslclick').on 'click', tryssl
\ No newline at end of file
+	$('.sslclick').on 'click', tryssl
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js
index 078a6de79..2a9f924d3 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js
@@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
   var sendUrl, tryssl;
 
@@ -8,20 +8,26 @@
     console.log('path -> ', path);
     console.log('Call URL -> ', window.datas.sslHost);
     $.ajax(window.datas.sslHost, {
-      dataType: 'jsonp',
-      statusCode: {
-        401: function() {
-          $('#lform').submit();
-          return console.log('Error code 401');
-        }
+      dataType: 'json',
+      xhrFields: {
+        withCredentials: true
       },
       success: function(data) {
         sendUrl(path);
         return console.log('Success -> ', data);
       },
-      error: function() {
-        sendUrl(path);
-        return console.log('Error');
+      error: function(result) {
+        if (result.status === 0) {
+          sendUrl(path);
+        }
+        if (result.responseJSON && 'error' in result.responseJSON && result.responseJSON.error === "9") {
+          sendUrl(path);
+        }
+        if (result.responseJSON && 'html' in result.responseJSON) {
+          $('#errormsg').html(result.responseJSON.html);
+          $(window).trigger('load');
+        }
+        return console.log('Error during AJAX SSL authentication', result);
       }
     });
     return false;
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js
index ce57187c1..45298b2c6 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js
@@ -1 +1 @@
-(function(){var t,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"jsonp",statusCode:{401:function(){return $("#lform").submit(),console.log("Error code 401")}},success:function(o){return t(n),console.log("Success -> ",o)},error:function(){return t(n),console.log("Error")}}),!1},t=function(o){var n;return(n=$("#lform").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lform").attr("action",n),$("#lform").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
\ No newline at end of file
+(function(){var r,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"json",xhrFields:{withCredentials:!0},success:function(o){return r(n),console.log("Success -> ",o)},error:function(o){return 0===o.status&&r(n),o.responseJSON&&"error"in o.responseJSON&&"9"===o.responseJSON.error&&r(n),o.responseJSON&&"html"in o.responseJSON&&($("#errormsg").html(o.responseJSON.html),$(window).trigger("load")),console.log("Error during AJAX SSL authentication",o)}}),!1},r=function(o){var n;return(n=$("#lform").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lform").attr("action",n),$("#lform").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js.map
index 702cc06fd..91acebed7 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js.map
@@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","statusCode","401","submit","success","data","error","form_url","attr","match","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EAqBJ,OApBAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,QACVC,WAAY,CACVC,IAAK,WAEH,OADAJ,EAAE,UAAUK,SACLT,QAAQC,IAAI,oBAGvBS,QAAS,SAASC,GAEhB,OADAjB,EAAQE,GACDI,QAAQC,IAAI,cAAeU,IAEpCC,MAAO,WAEL,OADAlB,EAAQE,GACDI,QAAQC,IAAI,aAGhB,GAGTP,EAAU,SAASE,GACjB,IAAIiB,EASJ,OARAA,EAAWT,EAAE,UAAUU,KAAK,WACfC,MAAM,OACjBF,EAAWjB,EAEXiB,GAAsBjB,EAExBI,QAAQC,IAAI,sBAAuBY,GACnCT,EAAE,UAAUU,KAAK,SAAUD,GACpBT,EAAE,UAAUK,UAGrBL,EAAEY,UAAUC,MAAM,WAChB,OAAOb,EAAE,aAAac,GAAG,QAASvB,OAGnCwB,KAAKC"}
\ No newline at end of file
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","xhrFields","withCredentials","success","data","error","result","status","responseJSON","html","trigger","form_url","attr","match","submit","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EA2BJ,OA1BAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,OACVC,UAAW,CACTC,iBAAiB,GAEnBC,QAAS,SAASC,GAEhB,OADAhB,EAAQE,GACDI,QAAQC,IAAI,cAAeS,IAEpCC,MAAO,SAASC,GAWd,OAVsB,IAAlBA,EAAOC,QACTnB,EAAQE,GAENgB,EAAOE,cAAgB,UAAWF,EAAOE,cAA8C,MAA9BF,EAAOE,aAAaH,OAC/EjB,EAAQE,GAENgB,EAAOE,cAAgB,SAAUF,EAAOE,eAC1CV,EAAE,aAAaW,KAAKH,EAAOE,aAAaC,MACxCX,EAAEP,QAAQmB,QAAQ,SAEbhB,QAAQC,IAAI,uCAAwCW,OAGxD,GAGTlB,EAAU,SAASE,GACjB,IAAIqB,EASJ,OARAA,EAAWb,EAAE,UAAUc,KAAK,WACfC,MAAM,OACjBF,EAAWrB,EAEXqB,GAAsBrB,EAExBI,QAAQC,IAAI,sBAAuBgB,GACnCb,EAAE,UAAUc,KAAK,SAAUD,GACpBb,EAAE,UAAUgB,UAGrBhB,EAAEiB,UAAUC,MAAM,WAChB,OAAOlB,EAAE,aAAamB,GAAG,QAAS5B,OAGnC6B,KAAKC"}
\ No newline at end of file
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js
index 59d97dabd..6495d7883 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js
@@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.7
+// Generated by CoffeeScript 1.12.8
 (function() {
   var sendUrl, tryssl;
 
@@ -8,20 +8,26 @@
     console.log('path -> ', path);
     console.log('Call URL -> ', window.datas.sslHost);
     $.ajax(window.datas.sslHost, {
-      dataType: 'jsonp',
-      statusCode: {
-        401: function() {
-          $('#lformSSL').submit();
-          return console.log('Error code 401');
-        }
+      dataType: 'json',
+      xhrFields: {
+        withCredentials: true
       },
       success: function(data) {
         sendUrl(path);
         return console.log('Success -> ', data);
       },
-      error: function() {
-        sendUrl(path);
-        return console.log('Error');
+      error: function(result) {
+        if (result.status === 0) {
+          sendUrl(path);
+        }
+        if (result.responseJSON && 'error' in result.responseJSON && result.responseJSON.error === "9") {
+          sendUrl(path);
+        }
+        if (result.responseJSON && 'html' in result.responseJSON) {
+          $('#errormsg').html(result.responseJSON.html);
+          $(window).trigger('load');
+        }
+        return console.log('Error during AJAX SSL authentication', result);
       }
     });
     return false;
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js
index af9cc930b..b8d8e791a 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js
@@ -1 +1 @@
-(function(){var t,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"jsonp",statusCode:{401:function(){return $("#lformSSL").submit(),console.log("Error code 401")}},success:function(o){return t(n),console.log("Success -> ",o)},error:function(){return t(n),console.log("Error")}}),!1},t=function(o){var n;return(n=$("#lformSSL").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lformSSL").attr("action",n),$("#lformSSL").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
\ No newline at end of file
+(function(){var r,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"json",xhrFields:{withCredentials:!0},success:function(o){return r(n),console.log("Success -> ",o)},error:function(o){return 0===o.status&&r(n),o.responseJSON&&"error"in o.responseJSON&&"9"===o.responseJSON.error&&r(n),o.responseJSON&&"html"in o.responseJSON&&($("#errormsg").html(o.responseJSON.html),$(window).trigger("load")),console.log("Error during AJAX SSL authentication",o)}}),!1},r=function(o){var n;return(n=$("#lformSSL").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lformSSL").attr("action",n),$("#lformSSL").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js.map b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js.map
index 46d2ed6c4..6a1383a30 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js.map
@@ -1 +1 @@
-{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","statusCode","401","submit","success","data","error","form_url","attr","match","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EAqBJ,OApBAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,QACVC,WAAY,CACVC,IAAK,WAEH,OADAJ,EAAE,aAAaK,SACRT,QAAQC,IAAI,oBAGvBS,QAAS,SAASC,GAEhB,OADAjB,EAAQE,GACDI,QAAQC,IAAI,cAAeU,IAEpCC,MAAO,WAEL,OADAlB,EAAQE,GACDI,QAAQC,IAAI,aAGhB,GAGTP,EAAU,SAASE,GACjB,IAAIiB,EASJ,OARAA,EAAWT,EAAE,aAAaU,KAAK,WAClBC,MAAM,OACjBF,EAAWjB,EAEXiB,GAAsBjB,EAExBI,QAAQC,IAAI,sBAAuBY,GACnCT,EAAE,aAAaU,KAAK,SAAUD,GACvBT,EAAE,aAAaK,UAGxBL,EAAEY,UAAUC,MAAM,WAChB,OAAOb,EAAE,aAAac,GAAG,QAASvB,OAGnCwB,KAAKC"}
\ No newline at end of file
+{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","xhrFields","withCredentials","success","data","error","result","status","responseJSON","html","trigger","form_url","attr","match","submit","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EA2BJ,OA1BAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,OACVC,UAAW,CACTC,iBAAiB,GAEnBC,QAAS,SAASC,GAEhB,OADAhB,EAAQE,GACDI,QAAQC,IAAI,cAAeS,IAEpCC,MAAO,SAASC,GAWd,OAVsB,IAAlBA,EAAOC,QACTnB,EAAQE,GAENgB,EAAOE,cAAgB,UAAWF,EAAOE,cAA8C,MAA9BF,EAAOE,aAAaH,OAC/EjB,EAAQE,GAENgB,EAAOE,cAAgB,SAAUF,EAAOE,eAC1CV,EAAE,aAAaW,KAAKH,EAAOE,aAAaC,MACxCX,EAAEP,QAAQmB,QAAQ,SAEbhB,QAAQC,IAAI,uCAAwCW,OAGxD,GAGTlB,EAAU,SAASE,GACjB,IAAIqB,EASJ,OARAA,EAAWb,EAAE,aAAac,KAAK,WAClBC,MAAM,OACjBF,EAAWrB,EAEXqB,GAAsBrB,EAExBI,QAAQC,IAAI,sBAAuBgB,GACnCb,EAAE,aAAac,KAAK,SAAUD,GACvBb,EAAE,aAAagB,UAGxBhB,EAAEiB,UAAUC,MAAM,WAChB,OAAOlB,EAAE,aAAamB,GAAG,QAAS5B,OAGnC6B,KAAKC"}
\ No newline at end of file
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/login.tpl b/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
index ac03be8a9..ed834e622 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
@@ -4,13 +4,15 @@
 
   <TMPL_INCLUDE NAME="customLoginHeader.tpl">
 
-  <TMPL_IF NAME="AUTH_ERROR">
-    <div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span>
-      <TMPL_IF LOCKTIME>
-        <TMPL_VAR NAME="LOCKTIME"> <span trspan="seconds">seconds</span>.
-      </TMPL_IF>
-    </div>
-  </TMPL_IF>
+  <div id="errormsg">
+    <TMPL_IF NAME="AUTH_ERROR">
+      <div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span>
+        <TMPL_IF LOCKTIME>
+          <TMPL_VAR NAME="LOCKTIME"> <span trspan="seconds">seconds</span>.
+        </TMPL_IF>
+      </div>
+    </TMPL_IF>
+  </div>
 
   <TMPL_IF AUTH_LOOP>