rememberAuthChoice: resolve conflicts with 2.0 branch (#2737)
This commit is contained in:
commit
a99dbbe998
232
INSTALL
232
INSTALL
|
@ -29,15 +29,10 @@ package for Debian works fine).
|
|||
|
||||
1.1.2 - Perl prereq
|
||||
|
||||
Perl modules:
|
||||
Apache::Session, Net::LDAP, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache,
|
||||
DBI, XML::Simple, SOAP::Lite, HTML::Template, XML::LibXML, XML::LibXSLT
|
||||
Perl modules: use `perl scripts/dependencies-list.pl` to see needed list
|
||||
|
||||
With Debian:
|
||||
apt-get install libapache-session-perl libnet-ldap-perl libcache-cache-perl \
|
||||
libdbi-perl perl-modules libwww-perl libcache-cache-perl \
|
||||
libxml-simple-perl libhtml-template-perl libsoap-lite-perl \
|
||||
libxml-libxml-perl libxml-libxslt-perl
|
||||
apt-get build-dep lemonldap-ng
|
||||
|
||||
1.2 - BUILDING
|
||||
--------------
|
||||
|
@ -52,6 +47,8 @@ With Debian:
|
|||
By default, all is installed in /usr/local/lemonldap-ng except Perl libraries
|
||||
which are installed in a directory included in @INC.
|
||||
|
||||
Documentation is then available in /usr/local/lemonldap-ng/doc
|
||||
|
||||
1.2.2 - Install on Debian
|
||||
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
|
@ -62,223 +59,4 @@ which are installed in a directory included in @INC.
|
|||
Here, all is installed in /var/lib/lemonldap-ng, /etc/lemonldap-ng except Perl
|
||||
libraries which are installed in /usr/share/perl5/Lemonldap/NG/
|
||||
|
||||
1.3 - EXAMPLE CONFIGURATION
|
||||
---------------------------
|
||||
|
||||
If you have build Debian packages, configuration is done by Debconf. See
|
||||
/usr/share/doc/liblemonldap-ng-common/README.Debian to use it.
|
||||
|
||||
After build, you have a new file named example/apache.conf. You just have to
|
||||
include this file in Apache configuration:
|
||||
|
||||
# in httpd.conf (with Apache1)
|
||||
include /path/to/lemonldap-ng/source/example/apache.conf
|
||||
# or in apache2.conf (with Apache2)
|
||||
include /path/to/lemonldap-ng/source/example/apache2.conf
|
||||
|
||||
Modify your /etc/hosts file to include:
|
||||
|
||||
127.0.0.1 auth.example.com test1.example.com manager.example.com test2.example.com
|
||||
|
||||
Use a browser to connect to http://manager.example.com/ and specify your LDAP
|
||||
settings. If you don't set managerDn and managerPassword, Lemonldap::NG will
|
||||
use an anonymous bind to find user dn.
|
||||
|
||||
Next, restart Apache use your prefered browser and try to connect to
|
||||
http://test1.example.com/. You'll be redirect to auth.example.com. Try
|
||||
to authenticate yourself with a valid account and the protected page will
|
||||
appear. You will find other explanations on this page.
|
||||
|
||||
the file /usr/local/lemonldap-ng/etc/storage.conf
|
||||
(/etc/lemonldap-ng/storage.conf on Debian systems) can be modified to change
|
||||
configuration database.
|
||||
|
||||
-------------------------
|
||||
2 - ADVANCED INSTALLATION
|
||||
-------------------------
|
||||
|
||||
It is recommended to install the example first then to adapt it.
|
||||
|
||||
2.1 - PREREQ
|
||||
|
||||
2.1.1 - Apache
|
||||
|
||||
To use Lemonldap::NG, you have to run a LDAP server and of course an Apache
|
||||
server compiled with mod-perl (version 1.3 or 2.x). Generaly, the version of
|
||||
Apache proposed with your Linux distribution match, but some distributions used
|
||||
an experimental version of mod_perl with Apache2 (mod_perl-1.99) which does
|
||||
not work with Lemonldap::NG. With such distributions (like Debian-3.1), you
|
||||
have to use Apache-1.3 or to use a mod_perl backport (www.backports.org
|
||||
package for Debian works fine).
|
||||
|
||||
For Apache2, you can use both mpm-worker and mpm-prefork. Mpm-worker works
|
||||
faster and Lemonldap::NG use the thread system for best performance. If you
|
||||
have to use mpm-prefork (for example if you use PHP), Lemonldap::NG will work
|
||||
anyway.
|
||||
|
||||
You can use Lemonldap::NG in an heterogene world: the authentication portal and
|
||||
the manager can work in any version of Apache 1.3 or more even if mod_perl is
|
||||
not compiled, with ModPerl::Registry or not... Only the handler (site protector)
|
||||
need mod_perl. The different handlers can run on different servers with
|
||||
different versions of Apache/mod_perl.
|
||||
|
||||
2.1.2 - Perl prereq
|
||||
|
||||
Warning: Handler and Portal parts both need Lemonldap::NG::Manager components
|
||||
to access to configuration.
|
||||
|
||||
Manager:
|
||||
--------
|
||||
Apache::Session, MIME::Base64, CGI, LWP::UserAgent, DBI, XML::Simple,
|
||||
SOAP::Lite, XML::LibXML, XML::LibXSLT, Lemonldap::NG::Common
|
||||
|
||||
With Debian:
|
||||
apt-get install perl-modules libxml-simple-perl libdbi-perl libwww-perl
|
||||
# If you want to use SOAP
|
||||
apt-get install libsoap-lite-perl
|
||||
|
||||
Portal:
|
||||
-------
|
||||
Apache::Session, Net::LDAP, MIME::Base64, CGI, Cache::Cache, DBI, XML::Simple,
|
||||
SOAP::Lite, HTML::Template, XML::LibXML, Lemonldap::NG::Common
|
||||
|
||||
With Debian:
|
||||
apt-get install libapache-session-perl libnet-ldap-perl perl-modules
|
||||
|
||||
Handler:
|
||||
--------
|
||||
Apache::Session, MIME::Base64, CGI, LWP::UserAgent, Cache::Cache, DBI,
|
||||
XML::Simple, SOAP::Lite, Lemonldap::NG::Common
|
||||
|
||||
With Debian:
|
||||
apt-get install libapache-session-perl libwww-perl libcache-cache-perl
|
||||
|
||||
2.2 - SOFTWARE INSTALLATION
|
||||
---------------------------
|
||||
|
||||
If you just want to install a handler or a portal or a manager:
|
||||
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*/Lemonldap-NG-(Portal|Handler|Manager)
|
||||
$ perl Makefile.PL && make && make test
|
||||
$ sudo make install
|
||||
|
||||
else for a complete install:
|
||||
|
||||
$ tar xzf lemonldap-ng-*.tar.gz
|
||||
$ cd lemonldap-ng-*
|
||||
$ make && make test
|
||||
$ sudo make install
|
||||
|
||||
See prereq in §1.1.2
|
||||
|
||||
2.3 - LEMONLDAP::NG INSTALLATION
|
||||
--------------------------------
|
||||
|
||||
2.3.1 - Database configuration
|
||||
|
||||
2.3.1.1 - Lemonldap::NG Configuration database
|
||||
|
||||
If you use DBI or another system to share Lemonldap::NG configuration, you have
|
||||
to initialize the database. An example is given in example/lmConfig.mysql for
|
||||
MySQL.
|
||||
|
||||
2.3.1.2 - Apache::Session database
|
||||
|
||||
The choice of Apache::Session::* module is free. See Apache::Session::Store::*
|
||||
or Apache::Session::* to know how to configure the module. For example, if you
|
||||
want to use Apache::Session::MySQL, you can create the database like this:
|
||||
|
||||
CREATE DATABASE sessions (
|
||||
id char(32),
|
||||
a_session text
|
||||
);
|
||||
|
||||
2.3.2 - Manager configuration
|
||||
|
||||
Copy example/manager.cgi and personalize it if you want (see
|
||||
Lemonldap::NG::Manager). You have to set in particular configStorage. For
|
||||
example with MySQL:
|
||||
|
||||
$my $manager = Lemonldap::NG::Manager->new ( {
|
||||
dbiChain => "DBI:mysql:database=mybase;host=1.2.3.4",
|
||||
dbiUser => "lemonldap-ng",
|
||||
dbiPassword => "mypass",
|
||||
} );
|
||||
|
||||
Securise Manager access with Apache: Lemonldap::NG does not securise the manager
|
||||
itself yet:
|
||||
|
||||
SSLEngine On
|
||||
Order Deny, Allow
|
||||
Deny from all
|
||||
Allow from admin-network/netmask
|
||||
AuthType Basic
|
||||
...
|
||||
|
||||
After configuration, you can also protect the manager with an Lemonldap::NG
|
||||
handler.
|
||||
|
||||
2.3.3 - Configuration edition
|
||||
|
||||
Connect to the manager with your browser start configure your Web-SSO. You have
|
||||
to set at least some parameters:
|
||||
|
||||
a) General parameters :
|
||||
|
||||
* Authentication parameters -> portal : URL to access to the authentication
|
||||
portal
|
||||
* Domain : the cookie domain. All protected VirtualHosts have to be under it
|
||||
|
||||
* LDAP parameters -> LDAP Server
|
||||
|
||||
* LDAP parameters -> LDAP Accout and password : required only if anonymous
|
||||
binds are not accepted
|
||||
|
||||
* Session Storage -> Apache::Session module : how to store user sessions.
|
||||
You can use all module that
|
||||
inherit from Apache::Session
|
||||
like Apache::Session::MySQL
|
||||
|
||||
* Session Storage -> Apache::Session Module parameters :
|
||||
see Apache::Session::<Choosen module>
|
||||
|
||||
b) User groups :
|
||||
|
||||
Use the "New Group" button to add your first group. On the left, set the
|
||||
keyword which will be used later and set on the right the corresponding rule:
|
||||
you can use :
|
||||
|
||||
* an LDAP filter (it will be tested with the user uid)
|
||||
|
||||
or
|
||||
|
||||
* a Perl condition enclosed with {}. All variables declared in "General
|
||||
parameters -> LDAP attributes" can be used with a "$". For example:
|
||||
MyGroup / { $uid eq "foo" or $uid eq "bar" }
|
||||
|
||||
c) Virtual hosts
|
||||
|
||||
You have to create a virtual host for each Apache host (virtual or real)
|
||||
protected by Lemonldap::NG even if just a sub-directory is protected. Else,
|
||||
user who want to access to the protected area will be rejected with a "500
|
||||
Internal Server Error" message and the apache logs will explain the problem.
|
||||
|
||||
Each virtual host has 2 groups of parameters:
|
||||
|
||||
* Headers: the headers added to the apache request. Default :
|
||||
Auth-User => $uid
|
||||
* Rules: subdivised in 2 categories:
|
||||
* default : the default rule
|
||||
* personalized rules: association of a Perl regular expression and
|
||||
a condition. For example:
|
||||
^/restricted.*$ / $groups =~ /\bMyGroup\b/
|
||||
|
||||
|
||||
-------------
|
||||
3 - DEBUGGING
|
||||
-------------
|
||||
|
||||
Lemonldap::NG uses simply the Apache log system. So use LogLevel to choose
|
||||
information to display.
|
||||
|
||||
Documentation is then available in /usr/share/doc/lemonldap-ng
|
||||
|
|
5
Makefile
5
Makefile
|
@ -475,6 +475,7 @@ e2e-tests/conf/apache2.pid: start_web_server
|
|||
|
||||
start_web_server: all prepare_test_server
|
||||
# Clean old server if launched
|
||||
mkdir -p e2e-tests/conf
|
||||
@if test "$(TESTBACKEND)" = "DBI"; then \
|
||||
echo 'create table lmConfig (cfgNum int, data text);'|sqlite3 e2e-tests/conf/config.db; \
|
||||
echo 'create table sessions (id text, a_session text, LastUpdated int);'|sqlite3 e2e-tests/conf/sessions.db; \
|
||||
|
@ -1164,13 +1165,13 @@ test-diff:
|
|||
done
|
||||
|
||||
tidy: clean
|
||||
@if perltidy -v|grep v20210717 >/dev/null; then \
|
||||
@if perltidy -v|grep v20220217 >/dev/null; then \
|
||||
for f in `find lemon*/ -type f \( -name '*.pm' -or -name '*.pl' -or -name '*.fcgi' -or -name '*.t' \)`; do \
|
||||
echo -n $$f; \
|
||||
perltidy -se -b $$f; \
|
||||
echo; \
|
||||
done; \
|
||||
else echo "Wrong perltidy version, please install Perl::Tidy@20210717" ; exit 1 ;\
|
||||
else echo "Wrong perltidy version, please install Perl::Tidy@20220217" ; exit 1 ;\
|
||||
fi
|
||||
find lemon*/ -name '*.bak' -delete
|
||||
$(MAKE) json
|
||||
|
|
|
@ -64,7 +64,7 @@ Build-Depends-Indep: gsfonts <!nocheck>,
|
|||
python3-sphinx,
|
||||
python3-sphinx-bootstrap-theme,
|
||||
perl
|
||||
Standards-Version: 4.6.0
|
||||
Standards-Version: 4.6.1
|
||||
Vcs-Browser: https://salsa.debian.org/perl-team/modules/packages/lemonldap-ng
|
||||
Vcs-Git: https://salsa.debian.org/perl-team/modules/packages/lemonldap-ng.git
|
||||
Homepage: https://lemonldap-ng.org/
|
||||
|
@ -138,6 +138,17 @@ Description: Lemonldap::NG FastCGI server
|
|||
Lemonldap::NG FastCGI server provides a Nginx auth_request server that handles
|
||||
also LLNG Portal and Manager.
|
||||
|
||||
Package: liblemonldap-ng-ssoaas-apache-client-perl
|
||||
Architecture: all
|
||||
Section: web
|
||||
Depends: ${misc:Depends},
|
||||
${perl:Depends}
|
||||
Breaks: liblemonldap-ng-handler-perl (<< 2.0.14~)
|
||||
Description: Lemonldap::NG SSOaaS client for Apache
|
||||
Lemonldap::NG is a complete Web-SSO system that provides a SSO-as-a-Service
|
||||
system, natively usable with Nginx. Lemonldap::NG::SSOaaS::Apache::Client
|
||||
permits one to enroll an Apache server into Lemonldap::NG's SSOaaS service.
|
||||
|
||||
Package: lemonldap-ng-uwsgi-app
|
||||
Architecture: all
|
||||
Section: web
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
usr/share/perl5/Lemonldap/NG/SSOaaS/Apache
|
||||
usr/share/man/man3/Lemonldap::NG::SSOaaS::Apache*
|
|
@ -764,7 +764,7 @@
|
|||
"type" : "object",
|
||||
"properties" : {
|
||||
"service" : {
|
||||
"type" : "string"
|
||||
"type" : "array"
|
||||
},
|
||||
"userAttribute" : {
|
||||
"type" : "string",
|
||||
|
@ -880,6 +880,9 @@
|
|||
"type" : "string",
|
||||
"format" : "url"
|
||||
},
|
||||
"logoutBypassConfirm" : {
|
||||
"type" : "boolean"
|
||||
},
|
||||
"clientSecret" : {
|
||||
"type" : "string",
|
||||
"format" : "password"
|
||||
|
|
|
@ -63,23 +63,48 @@ Then, go in ``CAS parameters``:
|
|||
|
||||
- **Authentication level**: authentication level for this module.
|
||||
|
||||
Then create the list of CAS servers in the manager. For each, set:
|
||||
Then create the list of CAS servers in the manager.
|
||||
|
||||
Options
|
||||
~~~~~~~
|
||||
|
||||
- **Server URL** *(required)*: CAS server URL (must use https://)
|
||||
- **Renew authentication** *(default: disabled)*: force authentication
|
||||
renewal on CAS server
|
||||
- **Gateways authentication** *(default: disabled)*: force transparent
|
||||
authentication on CAS server
|
||||
|
||||
Proxied services
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
In this section, set the list of services for which a proxy ticket is
|
||||
requested:
|
||||
|
||||
- **Key**: Service ID
|
||||
- **Value** Service URL (CAS service identifier)
|
||||
|
||||
Display
|
||||
~~~~~~~
|
||||
- **Display Name**: Name to display. Required if you have more than 1
|
||||
CAS server declared
|
||||
- **Icon**: Path to CAS Server icon. Used only if you have more than 1
|
||||
CAS server declared
|
||||
- **Order**: Number to sort CAS Servers display
|
||||
- **Proxied services**: list of services for which a proxy ticket is
|
||||
requested:
|
||||
- **Resolution Rule**: rule that will be applied to preselect a CAS server for
|
||||
a user. You have access to all environment variable *(like user IP address)*
|
||||
and all session keys.
|
||||
|
||||
- **Key**: Service ID
|
||||
- **Value** Service URL (CAS service identifier)
|
||||
For example, to preselect this server for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this server when the ``MY_SRV`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_SRV"
|
||||
|
||||
- **Order**: Number to sort CAS Servers display
|
||||
|
||||
|
||||
.. tip::
|
||||
|
|
|
@ -74,12 +74,12 @@ Connection
|
|||
|
||||
- More than one server can be set here separated by spaces or
|
||||
commas. They will be tested in the specified order.
|
||||
- To use TLS, set ``ldap+tls://server`` and to use LDAPS, set
|
||||
- To use StartTLS, set ``ldap+tls://server`` and to use LDAPS, set
|
||||
``ldaps://server`` instead of server name.
|
||||
- If you use TLS, you can set any of the
|
||||
- If you use StartTLS or LDAPS, you can set any of the
|
||||
`Net::LDAP <http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod>`__
|
||||
start_tls() sub like
|
||||
``ldap+tls://server/verify=none&capath=/etc/ssl``. You can
|
||||
start_tls() options in the URL, such as ``ldap+tls://server/verify=none``
|
||||
or ``ldaps://server/cafile=/etc/ssl/ca.pem&sslversion=tlsv1_2``. You can
|
||||
also use cafile and capath parameters.
|
||||
|
||||
- **Server port**: TCP port used by LDAP server if different from the standard
|
||||
|
@ -208,7 +208,7 @@ Password
|
|||
- **Allow a user to reset his expired password**: if activated, the
|
||||
user will be prompted to change password if his password is expired
|
||||
(default: disabled)
|
||||
- **Search for user before password change**: this option forces the password
|
||||
- **Search for user before password change**: this option forces the password
|
||||
change module to search for the user again, refreshing its DN. This feature
|
||||
is only useful in rare cases when you use LDAP as the password module, but
|
||||
not as the UserDB module. (default: enabled)
|
||||
|
|
|
@ -210,42 +210,59 @@ So you can define by example:
|
|||
Options
|
||||
^^^^^^^
|
||||
|
||||
- **Configuration**:
|
||||
Configuration
|
||||
"""""""""""""
|
||||
|
||||
- **Configuration endpoint**: URL of OP configuration endpoint
|
||||
- **JWKS data timeout**: After this time, LL::NG will do a request
|
||||
to get a fresh version of JWKS data. Set to 0 to disable it.
|
||||
- **Client ID**: Client ID given by OP
|
||||
- **Client secret**: Client secret given by OP
|
||||
- **Store ID token**: Allows one to store the ID Token (JWT) inside
|
||||
user session. Do not enable it unless you need to replay this token
|
||||
on an application, or if you need the id_token_hint parameter when
|
||||
using logout.
|
||||
- **Configuration endpoint**: URL of OP configuration endpoint
|
||||
- **JWKS data timeout**: After this time, LL::NG will do a request
|
||||
to get a fresh version of JWKS data. Set to 0 to disable it.
|
||||
- **Client ID**: Client ID given by OP
|
||||
- **Client secret**: Client secret given by OP
|
||||
- **Store ID token**: Allows one to store the ID Token (JWT) inside
|
||||
user session. Do not enable it unless you need to replay this token
|
||||
on an application, or if you need the id_token_hint parameter when
|
||||
using logout.
|
||||
|
||||
- **Protocol**:
|
||||
Protocol
|
||||
""""""""
|
||||
- **Scope**: Value of scope parameter (example: openid profile). The
|
||||
``openid`` scope is mandatory.
|
||||
- **Display**: Value of display parameter (example: page)
|
||||
- **Prompt**: Value of prompt parameter (example: consent)
|
||||
- **Max age**: Value of max_age parameter (example: 3600)
|
||||
- **UI locales**: Value of ui_locales parameter (example: en-GB en
|
||||
fr-FR fr)
|
||||
- **ACR values**: Value acr_values parameters (example: loa-1)
|
||||
- **Token endpoint authentication method**: Choice between
|
||||
``client_secret_post`` and ``client_secret_basic``
|
||||
- **Check JWT signature**: Set to 0 to disable JWT signature
|
||||
checking
|
||||
- **ID Token max age**: If defined, LL::NG will check the ID Token
|
||||
date and reject it if too old
|
||||
- **Use Nonce**: If enabled, a nonce will be sent, and verified from
|
||||
the ID Token
|
||||
|
||||
- **Scope**: Value of scope parameter (example: openid profile). The
|
||||
``openid`` scope is mandatory.
|
||||
- **Display**: Value of display parameter (example: page)
|
||||
- **Prompt**: Value of prompt parameter (example: consent)
|
||||
- **Max age**: Value of max_age parameter (example: 3600)
|
||||
- **UI locales**: Value of ui_locales parameter (example: en-GB en
|
||||
fr-FR fr)
|
||||
- **ACR values**: Value acr_values parameters (example: loa-1)
|
||||
- **Token endpoint authentication method**: Choice between
|
||||
``client_secret_post`` and ``client_secret_basic``
|
||||
- **Check JWT signature**: Set to 0 to disable JWT signature
|
||||
checking
|
||||
- **ID Token max age**: If defined, LL::NG will check the ID Token
|
||||
date and reject it if too old
|
||||
- **Use Nonce**: If enabled, a nonce will be sent, and verified from
|
||||
the ID Token
|
||||
Display
|
||||
"""""""
|
||||
|
||||
- **Display**:
|
||||
- **Display name**: Name of the application
|
||||
- **Logo**: Logo of the application
|
||||
- **Resolution Rule**: rule that will be applied to preselect an OP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
- **Display name**: Name of the application
|
||||
- **Logo**: Logo of the application
|
||||
- **Order**: Number to sort buttons
|
||||
For example, to preselect this OP for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this OP when the ``MY_OP`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_OP"
|
||||
|
||||
- **Order**: Number to sort buttons
|
||||
|
||||
|
||||
.. attention::
|
||||
|
@ -254,4 +271,4 @@ Options
|
|||
with ``verify_hostname => 0`` and ``SSL_verify_mode => 0``.
|
||||
|
||||
|
||||
Go to: ``General Parameters > Advanced Parameters > Security > SSL options for server requests``
|
||||
Go to: ``General Parameters > Advanced Parameters > Security > SSL options for server requests``
|
||||
|
|
|
@ -111,20 +111,6 @@ For each attribute, you can set:
|
|||
Options
|
||||
^^^^^^^
|
||||
|
||||
General options
|
||||
'''''''''''''''
|
||||
|
||||
- **Resolution Rule**: rule that will be applied to preselect an IDP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
For example, to preselect this IDP for users coming from 129.168.0.0/16
|
||||
network and member of "admin" group:
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/ and $groups =~ /\badmin\b/
|
||||
|
||||
Authentication request
|
||||
''''''''''''''''''''''
|
||||
|
||||
|
@ -212,8 +198,6 @@ Used only if at least 2 SAML Identity Providers are declared
|
|||
|
||||
- **Display name**: Name of the IDP
|
||||
- **Logo**: Logo of the IDP
|
||||
- **Order**: Number used for sorting IDP display
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
|
@ -222,6 +206,23 @@ Used only if at least 2 SAML Identity Providers are declared
|
|||
icon file name directly in the field and copy the logo file in portal
|
||||
icons directory
|
||||
|
||||
- **Resolution Rule**: rule that will be applied to preselect an IDP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
For example, to preselect this IDP for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this IDP when the ``MY_IDP`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_IDP"
|
||||
|
||||
- **Order**: Number used for sorting IDP display
|
||||
|
||||
.. |image0| image:: /documentation/manager-saml-metadata.png
|
||||
:class: align-center
|
||||
.. |image1| image:: /documentation/manager-saml-attributes.png
|
||||
|
|
|
@ -31,3 +31,18 @@ Go in ``General parameters`` > ``Portal`` > ``Captcha``:
|
|||
- **Activation in register form**: set to 1 to display captcha in
|
||||
register form
|
||||
- **Size**: length of captcha
|
||||
- **Captcha module**: allows you to use a custom Captcha module, see
|
||||
:ref:`below <customcaptcha>`. Leave it blank to use the default Captcha
|
||||
implementation
|
||||
- **Captcha module options**: options for the custom Captcha module
|
||||
|
||||
.. _customcaptcha:
|
||||
|
||||
Custom Captcha modules
|
||||
----------------------
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
If the default Captcha does not meet your requirements, you can replace it with
|
||||
a different implementation. See the ``Lemonldap::NG::Portal::Captcha`` manual
|
||||
page for details on how to implement a Captcha module.
|
||||
|
|
|
@ -50,7 +50,7 @@ master_doc = 'start'
|
|||
|
||||
# General information about the project.
|
||||
project = u'LemonLDAP::NG'
|
||||
copyright = u'2021, LemonLDAP::NG'
|
||||
copyright = u'2022, LemonLDAP::NG'
|
||||
author = u'LemonLDAP::NG'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
|
|
|
@ -128,6 +128,21 @@ configuration.
|
|||
instanceName = LLNG_Demo
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
|
||||
It is possible to use environment variable placeholders anywhere in
|
||||
configuration. Those placeholders will be replaced by each LLNG component
|
||||
using environment variables set locally.
|
||||
The format is: ``%SERVERENV:VariableName%``.
|
||||
To enable this feature, you must edit ``lemonldap-ng.ini`` to set
|
||||
``useServerEnv`` value in [configuration] section:
|
||||
|
||||
.. code:: ini
|
||||
|
||||
[configuration]
|
||||
useServerEnv = 1
|
||||
|
||||
|
||||
Manager API
|
||||
-----------
|
||||
|
|
|
@ -16,19 +16,19 @@ DecryptValue plugin can be allowed or denied for specific users.
|
|||
- **Use rule**: Select which users may use this plugin
|
||||
- **Decrypt functions**: Set functions used for decrypting ciphered
|
||||
values. Each function is tested until one succeeds. Let it blank
|
||||
to use internal decrypt function.
|
||||
to use internal ``decrypt`` extended function.
|
||||
|
||||
|
||||
.. danger::
|
||||
.. attention::
|
||||
|
||||
The ciphered value is the first parameter passed to custom functions.
|
||||
|
||||
The ``Encryption key`` is passed to custom funtions as second parameter
|
||||
(see :ref:`Security settings<security-configure-security-settings>`).
|
||||
|
||||
Custom functions must be defined into
|
||||
``Lemonldap::NG::Portal::My::Plugin`` and set:
|
||||
``My::Plugin`` and set:
|
||||
|
||||
::
|
||||
|
||||
My::Plugin::function1 My::Plugin::function2
|
||||
|
||||
|
||||
|
||||
.. |image0| image:: /documentation/beta.png
|
||||
:width: 100px
|
||||
|
|
|
@ -57,14 +57,14 @@ Debian dist LL::NG version
|
|||
=========== ========================== ======================================== ===================================================== ============================================================ =================================== =============================================================
|
||||
*6* *Squeeze* *0.9.4.1* |maybe| No known vulnerability *None* *February 2016* *April 2019*
|
||||
*7* *Wheezy* `1.1.2 </documentation/1.1/>`__ |maybe| No known vulnerability *None* *May 2018* *June 2020*
|
||||
**8** Jessie `1.3.3 </documentation/1.3/>`__ |clean| CVE-2019-19791 tagged as minor **None** [1]_ June 2020 June 2022, possibly 2024
|
||||
**9** Stretch `1.9.7 </documentation/1.9/>`__ |clean| CVE-2019-19791 tagged as minor `Debian LTS Team <https://www.debian.org/lts/>`__ June 2022 Probably 2024
|
||||
*8* *Jessie* `1.3.3 </documentation/1.3/>`__ |maybe| CVE-2019-19791 tagged as minor **None** [1]_ June 2020 *June 2022*
|
||||
*9* *Stretch* `1.9.7 </documentation/1.9/>`__ |maybe| CVE-2019-19791 tagged as minor `Debian LTS Team <https://www.debian.org/lts/>`__ June 2022 Possibly 2024
|
||||
\ *Stretch-backports* `2.0.2 </documentation/2.0/>`__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941 *None* *June 2019*
|
||||
\ *Stretch-backports-sloppy* `2.0.11 </documentation/2.0/>`__ |maybe| *None* *August 2021*
|
||||
**10** Buster `2.0.2 </documentation/2.0/>`__ |clean| CVE-2019-19791 tagged as minor `Debian Security Team <https://security-team.debian.org/>`__ June 2024 Probably 2026
|
||||
**10** Buster `2.0.2 </documentation/2.0/>`__ |clean| CVE-2019-19791 tagged as minor `Debian Security Team <https://security-team.debian.org/>`__ June 2024 June 2026
|
||||
\ Buster-backports `2.0.14 </documentation/2.0/>`__ |clean| LL::NG Team, "best effort" [3]_ Maybe until Debian 12 release [4]_
|
||||
\ *Buster-backports-sloppy* *Adds libauthen-webauthn-perl only* |clean| LL::NG Team, "best effort" [3]_ June 2024
|
||||
**11** Bullseye `2.0.11 </documentation/2.0/>`__ |clean| `Debian Security Team <https://security-team.debian.org/>`__ July 2026 Probably 2028
|
||||
**11** Bullseye `2.0.11 </documentation/2.0/>`__ |clean| `Debian Security Team <https://security-team.debian.org/>`__ July 2026 June 2028
|
||||
\ Bullseye-backports `2.0.14 </documentation/2.0/>`__ |clean| LL::NG Team, "best effort" [3]_ Maybe until Debian 13 release [4]_
|
||||
**Next** Testing/Unstable Latest [5]_ |clean| LL::NG Team
|
||||
=========== ========================== ======================================== ===================================================== ============================================================ =================================== =============================================================
|
||||
|
@ -91,6 +91,7 @@ Ubuntu dist LL::NG version Secured
|
|||
20.04 Focal [9]_ `2.0.7 </documentation/2.0/>`__ |bad| CVE-2020-24660, CVE-2021-35472, CVE-2021-35473, CVE-2021-40874 None
|
||||
20.10 Groovy `2.0.8 </documentation/2.0/>`__ |bad| CVE-2020-24660, CVE-2021-35472, CVE-2021-35473, CVE-2021-40874 None
|
||||
21.04 Hirsute `2.0.11 </documentation/2.0/>`__ |bad| CVE-2021-35472, CVE-2021-35473, CVE-2021-40874 None
|
||||
22.04 Jammy `2.0.13 </documentation/2.0/>`__ |bad| CVE-2021-40874 None
|
||||
=========== ============= ================================ ==================================================================== ===========
|
||||
|
||||
Bug report
|
||||
|
|
|
@ -5,109 +5,109 @@ Error codes list
|
|||
|
||||
This page references all Portal error codes.
|
||||
|
||||
.. code-block:: perl
|
||||
|
||||
PE_IDPCHOICE => -5,
|
||||
PE_SENDRESPONSE => -4,
|
||||
PE_INFO => -3,
|
||||
PE_REDIRECT => -2,
|
||||
PE_DONE => -1,
|
||||
PE_OK => 0,
|
||||
PE_SESSIONEXPIRED => 1,
|
||||
PE_FORMEMPTY => 2,
|
||||
PE_WRONGMANAGERACCOUNT => 3,
|
||||
PE_USERNOTFOUND => 4,
|
||||
PE_BADCREDENTIALS => 5,
|
||||
PE_LDAPCONNECTFAILED => 6,
|
||||
PE_LDAPERROR => 7,
|
||||
PE_APACHESESSIONERROR => 8,
|
||||
PE_FIRSTACCESS => 9,
|
||||
PE_BADCERTIFICATE => 10,
|
||||
PE_NO_PASSWORD_BE => 20,
|
||||
PE_PP_ACCOUNT_LOCKED => 21,
|
||||
PE_PP_PASSWORD_EXPIRED => 22,
|
||||
PE_CERTIFICATEREQUIRED => 23,
|
||||
PE_ERROR => 24,
|
||||
PE_PP_CHANGE_AFTER_RESET => 25,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
|
||||
PE_PP_PASSWORD_TOO_SHORT => 29,
|
||||
PE_PP_PASSWORD_TOO_YOUNG => 30,
|
||||
PE_PP_PASSWORD_IN_HISTORY => 31,
|
||||
PE_PP_GRACE => 32,
|
||||
PE_PP_EXP_WARNING => 33,
|
||||
PE_PASSWORD_MISMATCH => 34,
|
||||
PE_PASSWORD_OK => 35,
|
||||
PE_NOTIFICATION => 36,
|
||||
PE_BADURL => 37,
|
||||
PE_NOSCHEME => 38,
|
||||
PE_BADOLDPASSWORD => 39,
|
||||
PE_MALFORMEDUSER => 40,
|
||||
PE_SESSIONNOTGRANTED => 41,
|
||||
PE_CONFIRM => 42,
|
||||
PE_MAILFORMEMPTY => 43,
|
||||
PE_BADMAILTOKEN => 44,
|
||||
PE_MAILERROR => 45,
|
||||
PE_MAILOK => 46,
|
||||
PE_LOGOUT_OK => 47,
|
||||
PE_SAML_ERROR => 48,
|
||||
PE_SAML_LOAD_SERVICE_ERROR => 49,
|
||||
PE_SAML_LOAD_IDP_ERROR => 50,
|
||||
PE_SAML_SSO_ERROR => 51,
|
||||
PE_SAML_UNKNOWN_ENTITY => 52,
|
||||
PE_SAML_DESTINATION_ERROR => 53,
|
||||
PE_SAML_CONDITIONS_ERROR => 54,
|
||||
PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
|
||||
PE_SAML_SLO_ERROR => 56,
|
||||
PE_SAML_SIGNATURE_ERROR => 57,
|
||||
PE_SAML_ART_ERROR => 58,
|
||||
PE_SAML_SESSION_ERROR => 59,
|
||||
PE_SAML_LOAD_SP_ERROR => 60,
|
||||
PE_SAML_ATTR_ERROR => 61,
|
||||
PE_OPENID_EMPTY => 62,
|
||||
PE_OPENID_BADID => 63,
|
||||
PE_MISSINGREQATTR => 64,
|
||||
PE_BADPARTNER => 65,
|
||||
PE_MAILCONFIRMATION_ALREADY_SENT => 66,
|
||||
PE_PASSWORDFORMEMPTY => 67,
|
||||
PE_CAS_SERVICE_NOT_ALLOWED => 68,
|
||||
PE_MAILFIRSTACCESS => 69,
|
||||
PE_MAILNOTFOUND => 70,
|
||||
PE_PASSWORDFIRSTACCESS => 71,
|
||||
PE_MAILCONFIRMOK => 72,
|
||||
PE_RADIUSCONNECTFAILED => 73,
|
||||
PE_MUST_SUPPLY_OLD_PASSWORD => 74,
|
||||
PE_FORBIDDENIP => 75,
|
||||
PE_CAPTCHAERROR => 76,
|
||||
PE_CAPTCHAEMPTY => 77,
|
||||
PE_REGISTERFIRSTACCESS => 78,
|
||||
PE_REGISTERFORMEMPTY => 79,
|
||||
PE_REGISTERALREADYEXISTS => 80,
|
||||
PE_NOTOKEN => 81,
|
||||
PE_TOKENEXPIRED => 82,
|
||||
PE_U2FFAILED => 83,
|
||||
PE_UNAUTHORIZEDPARTNER => 84,
|
||||
PE_RENEWSESSION => 85,
|
||||
PE_WAIT => 86,
|
||||
PE_MUSTAUTHN => 87,
|
||||
PE_MUSTHAVEMAIL => 88,
|
||||
PE_SAML_SERVICE_NOT_ALLOWED => 89,
|
||||
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
|
||||
PE_OID_SERVICE_NOT_ALLOWED => 91,
|
||||
PE_GET_SERVICE_NOT_ALLOWED => 92,
|
||||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
|
||||
PE_ISSUERMISSINGREQATTR => 94,
|
||||
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
|
||||
PE_BADOTP => 96,
|
||||
PE_RESETCERTIFICATE_INVALID => 97,
|
||||
PE_RESETCERTIFICATE_FORMEMPTY => 98,
|
||||
PE_RESETCERTIFICATE_FIRSTACCESS => 99,
|
||||
PE_PP_NOT_ALLOWED_CHARACTER => 100,
|
||||
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
|
||||
PE_UPGRADESESSION => 102,
|
||||
PE_NO_SECOND_FACTORS => 103,
|
||||
PE_BAD_DEVOPS_FILE => 104,
|
||||
PE_FILENOTFOUND => 105,
|
||||
PE_OIDC_AUTH_ERROR => 106
|
||||
|
||||
```
|
||||
PE_IDPCHOICE => -5,
|
||||
PE_SENDRESPONSE => -4,
|
||||
PE_INFO => -3,
|
||||
PE_REDIRECT => -2,
|
||||
PE_DONE => -1,
|
||||
PE_OK => 0,
|
||||
PE_SESSIONEXPIRED => 1,
|
||||
PE_FORMEMPTY => 2,
|
||||
PE_WRONGMANAGERACCOUNT => 3,
|
||||
PE_USERNOTFOUND => 4,
|
||||
PE_BADCREDENTIALS => 5,
|
||||
PE_LDAPCONNECTFAILED => 6,
|
||||
PE_LDAPERROR => 7,
|
||||
PE_APACHESESSIONERROR => 8,
|
||||
PE_FIRSTACCESS => 9,
|
||||
PE_BADCERTIFICATE => 10,
|
||||
PE_NO_PASSWORD_BE => 20,
|
||||
PE_PP_ACCOUNT_LOCKED => 21,
|
||||
PE_PP_PASSWORD_EXPIRED => 22,
|
||||
PE_CERTIFICATEREQUIRED => 23,
|
||||
PE_ERROR => 24,
|
||||
PE_PP_CHANGE_AFTER_RESET => 25,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
|
||||
PE_PP_PASSWORD_TOO_SHORT => 29,
|
||||
PE_PP_PASSWORD_TOO_YOUNG => 30,
|
||||
PE_PP_PASSWORD_IN_HISTORY => 31,
|
||||
PE_PP_GRACE => 32,
|
||||
PE_PP_EXP_WARNING => 33,
|
||||
PE_PASSWORD_MISMATCH => 34,
|
||||
PE_PASSWORD_OK => 35,
|
||||
PE_NOTIFICATION => 36,
|
||||
PE_BADURL => 37,
|
||||
PE_NOSCHEME => 38,
|
||||
PE_BADOLDPASSWORD => 39,
|
||||
PE_MALFORMEDUSER => 40,
|
||||
PE_SESSIONNOTGRANTED => 41,
|
||||
PE_CONFIRM => 42,
|
||||
PE_MAILFORMEMPTY => 43,
|
||||
PE_BADMAILTOKEN => 44,
|
||||
PE_MAILERROR => 45,
|
||||
PE_MAILOK => 46,
|
||||
PE_LOGOUT_OK => 47,
|
||||
PE_SAML_ERROR => 48,
|
||||
PE_SAML_LOAD_SERVICE_ERROR => 49,
|
||||
PE_SAML_LOAD_IDP_ERROR => 50,
|
||||
PE_SAML_SSO_ERROR => 51,
|
||||
PE_SAML_UNKNOWN_ENTITY => 52,
|
||||
PE_SAML_DESTINATION_ERROR => 53,
|
||||
PE_SAML_CONDITIONS_ERROR => 54,
|
||||
PE_SAML_IDPSSOINITIATED_NOTALLOWED => 55,
|
||||
PE_SAML_SLO_ERROR => 56,
|
||||
PE_SAML_SIGNATURE_ERROR => 57,
|
||||
PE_SAML_ART_ERROR => 58,
|
||||
PE_SAML_SESSION_ERROR => 59,
|
||||
PE_SAML_LOAD_SP_ERROR => 60,
|
||||
PE_SAML_ATTR_ERROR => 61,
|
||||
PE_OPENID_EMPTY => 62,
|
||||
PE_OPENID_BADID => 63,
|
||||
PE_MISSINGREQATTR => 64,
|
||||
PE_BADPARTNER => 65,
|
||||
PE_MAILCONFIRMATION_ALREADY_SENT => 66,
|
||||
PE_PASSWORDFORMEMPTY => 67,
|
||||
PE_CAS_SERVICE_NOT_ALLOWED => 68,
|
||||
PE_MAILFIRSTACCESS => 69,
|
||||
PE_MAILNOTFOUND => 70,
|
||||
PE_PASSWORDFIRSTACCESS => 71,
|
||||
PE_MAILCONFIRMOK => 72,
|
||||
PE_RADIUSCONNECTFAILED => 73,
|
||||
PE_MUST_SUPPLY_OLD_PASSWORD => 74,
|
||||
PE_FORBIDDENIP => 75,
|
||||
PE_CAPTCHAERROR => 76,
|
||||
PE_CAPTCHAEMPTY => 77,
|
||||
PE_REGISTERFIRSTACCESS => 78,
|
||||
PE_REGISTERFORMEMPTY => 79,
|
||||
PE_REGISTERALREADYEXISTS => 80,
|
||||
PE_NOTOKEN => 81,
|
||||
PE_TOKENEXPIRED => 82,
|
||||
PE_U2FFAILED => 83,
|
||||
PE_UNAUTHORIZEDPARTNER => 84,
|
||||
PE_RENEWSESSION => 85,
|
||||
PE_WAIT => 86,
|
||||
PE_MUSTAUTHN => 87,
|
||||
PE_MUSTHAVEMAIL => 88,
|
||||
PE_SAML_SERVICE_NOT_ALLOWED => 89,
|
||||
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
|
||||
PE_OID_SERVICE_NOT_ALLOWED => 91,
|
||||
PE_GET_SERVICE_NOT_ALLOWED => 92,
|
||||
PE_IMPERSONATION_SERVICE_NOT_ALLOWED => 93,
|
||||
PE_ISSUERMISSINGREQATTR => 94,
|
||||
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED => 95,
|
||||
PE_BADOTP => 96,
|
||||
PE_RESETCERTIFICATE_INVALID => 97,
|
||||
PE_RESETCERTIFICATE_FORMEMPTY => 98,
|
||||
PE_RESETCERTIFICATE_FIRSTACCESS => 99,
|
||||
PE_PP_NOT_ALLOWED_CHARACTER => 100,
|
||||
PE_PP_NOT_ALLOWED_CHARACTERS => 101,
|
||||
PE_UPGRADESESSION => 102,
|
||||
PE_NO_SECOND_FACTORS => 103,
|
||||
PE_BAD_DEVOPS_FILE => 104,
|
||||
PE_FILENOTFOUND => 105,
|
||||
PE_OIDC_AUTH_ERROR => 106
|
||||
```
|
|
@ -18,12 +18,12 @@ This is also true for:
|
|||
|
||||
Inside this jail, you can access to:
|
||||
|
||||
* all session values and CGI environment variables (through `$ENV{<HTTP_NAME>}`)
|
||||
* All session values and CGI environment variables (through `$ENV{<HTTP_NAME>}`)
|
||||
* Core Perl subroutines (split, pop, map, etc.)
|
||||
* :doc:`Custom functions<customfunctions>`
|
||||
* The `encode_base64 <http://perldoc.perl.org/MIME/Base64.html>`__ subroutine
|
||||
* Information about current request
|
||||
* Extended functions:
|
||||
* Extended functions except basic, iso2unicode and unicode2iso:
|
||||
|
||||
* basic_
|
||||
* checkDate_
|
||||
|
@ -36,9 +36,11 @@ Inside this jail, you can access to:
|
|||
* inGroup_ (|new| in version 2.0.8)
|
||||
* isInNet6_
|
||||
* iso2unicode_
|
||||
* iso2unicodeSafe_ (|new| in version 2.0.15)
|
||||
* listMatch_ (|new| in version 2.0.7)
|
||||
* token_
|
||||
* unicode2iso_
|
||||
* unicode2isoSafe_ (|new| in version 2.0.15)
|
||||
* varIsInUri_ (|new| in version 2.0.7)
|
||||
|
||||
|
||||
|
@ -53,48 +55,71 @@ Inside this jail, you can access to:
|
|||
Extended Functions List
|
||||
-----------------------
|
||||
|
||||
date
|
||||
~~~~
|
||||
basic
|
||||
~~~~~
|
||||
|
||||
Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT
|
||||
by calling ``date(1)``
|
||||
.. attention::
|
||||
|
||||
::
|
||||
This function is not compliant with the :doc:`Safe jail<safejail>`,
|
||||
you will have to disable the jail to use it.
|
||||
|
||||
For example: date(1) lt '19551018080000'
|
||||
|
||||
dateToTime
|
||||
~~~~~~~~~~
|
||||
This function builds the ``Authorization`` HTTP header employed in
|
||||
:doc:`HTTP Basic authentication scheme<applications/authbasic>`. It will
|
||||
convert `user` and `password` parameters from UTF-8 to ISO-8859-1.
|
||||
|
||||
.. versionadded:: 2.0.12
|
||||
Functions parameters:
|
||||
|
||||
Converts a string date into epoch time.
|
||||
|
||||
The date format is the LDAP date syntax, for example for the 1st March
|
||||
2009 (GMT):
|
||||
|
||||
::
|
||||
|
||||
20090301000000Z
|
||||
|
||||
The date may end with a differential timezone that is interpreted to
|
||||
adjust the epoch time, for example for the 1st March 2009 (+0100):
|
||||
|
||||
::
|
||||
|
||||
20090301000000+0100
|
||||
- **user**
|
||||
- **password**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
dateToTime($ssoStartDate) lt dateToTime(date(1))
|
||||
basic($uid,$_password)
|
||||
|
||||
checkDate
|
||||
~~~~~~~~~
|
||||
|
||||
This function checks date of current request, and compare it to
|
||||
a start date and an end date. It returns 1 if this matches, 0 else.
|
||||
|
||||
|
||||
The date format corresponds to LDAP date syntax, for example for the 1st of March
|
||||
2009 (GMT)
|
||||
|
||||
::
|
||||
|
||||
20090301000000Z
|
||||
|
||||
|new| Since version 2.0.12, the date may end with a differential timezone,
|
||||
for example for the 1st of March 2009 (+0100):
|
||||
|
||||
::
|
||||
|
||||
20090301000000+0100
|
||||
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **start**: Start date (GMT unless, |new| since version 2.0.12, a
|
||||
differential timezone is included)
|
||||
- **end**: End date (GMT unless, |new| since version 2.0.12, a
|
||||
differential timezone is included)
|
||||
- **default_access** (optional): Which result to return if **start** and
|
||||
**end** dates are empty
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
checkDate($ssoStartDate, $ssoEndDate)
|
||||
|
||||
checkLogonHours
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
This function will check the day and the hour of current request, and
|
||||
compare it to allowed days and hours. It returns 1 if this match, 0
|
||||
This function checks the day and the hour of current request, and
|
||||
compare it to allowed days and hours. It returns 1 if matches, 0
|
||||
else. By default, the allowed days and hours is an hexadecimal
|
||||
value, representing each hour of the week. A day has 24 hours, and a
|
||||
week 7 days, so the value contains 168 bits, converted into 42
|
||||
|
@ -112,12 +137,12 @@ For example, for a full access, excepted week-end:
|
|||
You can use the binary value from the logonHours attribute of Active
|
||||
Directory, or create a custom attribute in your LDAP schema.
|
||||
|
||||
Functions parameters:
|
||||
Function parameters:
|
||||
|
||||
- **logon_hours**: string representing allowed logon hours (GMT)
|
||||
- **logon_hours**: String representing allowed logon hours (GMT)
|
||||
- **syntax** (optional): ``hexadecimal`` (default) or ``octetstring``
|
||||
- **time_correction** (optional): hours to add or to subtract
|
||||
- **default_access** (optional): what result to return if
|
||||
- **time_correction** (optional): Hours to add or to subtract
|
||||
- **default_access** (optional): Which result to return if
|
||||
**logon_hours** is empty
|
||||
|
||||
Simple usage example:
|
||||
|
@ -156,113 +181,58 @@ rejected. You can allow these users instead of reject them:
|
|||
|
||||
checkLogonHours($ssoLogonHours, '', '', '1')
|
||||
|
||||
date
|
||||
~~~~
|
||||
|
||||
checkDate
|
||||
~~~~~~~~~
|
||||
|
||||
This function will check the date of current request, and compare it to
|
||||
a start date and an end date. It returns 1 if this match, 0 else.
|
||||
|
||||
|
||||
The date format is the LDAP date syntax, for example for the 1st of March
|
||||
2009 (GMT)
|
||||
Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT
|
||||
by calling ``date(1)``
|
||||
|
||||
::
|
||||
|
||||
20090301000000Z
|
||||
For example: date(1) lt '19551018080000'
|
||||
|
||||
|new| Since version 2.0.12, the date may end with a differential timezone,
|
||||
for example for the 1st of March 2009 (+0100):
|
||||
dateToTime
|
||||
~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.12
|
||||
|
||||
Used for converting a string date into epoch time.
|
||||
|
||||
The date format is the LDAP date syntax, for example for the 1st March
|
||||
2009 (GMT):
|
||||
|
||||
::
|
||||
|
||||
20090301000000Z
|
||||
|
||||
The date may end with a differential timezone that is interpreted to
|
||||
adjust the epoch time, for example for the 1st March 2009 (+0100):
|
||||
|
||||
::
|
||||
|
||||
20090301000000+0100
|
||||
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **start**: Start date (GMT unless, |new| since version 2.0.12, a
|
||||
differential timezone is included)
|
||||
- **end**: End date (GMT unless, |new| since version 2.0.12, a
|
||||
differential timezone is included)
|
||||
- **default_access** (optional): what result to return if **start** and
|
||||
**end** are empty
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
checkDate($ssoStartDate, $ssoEndDate)
|
||||
dateToTime($ssoStartDate) lt dateToTime(date(1))
|
||||
|
||||
encrypt
|
||||
~~~~~~~
|
||||
|
||||
basic
|
||||
~~~~~
|
||||
.. tip::
|
||||
|
||||
.. attention::
|
||||
Since version 2.0, this function is now compliant with
|
||||
:doc:`Safe jail<safejail>`.
|
||||
|
||||
This function is not compliant with
|
||||
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
|
||||
it.
|
||||
|
||||
This function builds the ``Authorization`` HTTP header used in
|
||||
:doc:`HTTP Basic authentication scheme<applications/authbasic>`. It will
|
||||
force conversion from UTF-8 to ISO-8859-1 of user and password data.
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **user**
|
||||
- **password**
|
||||
|
||||
Simple usage example:
|
||||
This function uses the secret key of LL::NG configuration to crypt a data.
|
||||
This can be used for anonymizing identifier given to the protected
|
||||
application.
|
||||
|
||||
::
|
||||
|
||||
basic($uid,$_password)
|
||||
|
||||
|
||||
unicode2iso
|
||||
~~~~~~~~~~~
|
||||
|
||||
|
||||
.. attention::
|
||||
|
||||
This function is not compliant with
|
||||
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
|
||||
it.
|
||||
|
||||
This function convert a string from UTF-8 to ISO-8859-1.
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
unicode2iso($name)
|
||||
|
||||
iso2unicode
|
||||
~~~~~~~~~~~
|
||||
|
||||
|
||||
.. attention::
|
||||
|
||||
This function is not compliant with
|
||||
:doc:`Safe jail<safejail>`, you will need to disable the jail to use
|
||||
it.
|
||||
|
||||
This function convert a string from ISO-8859-1 to UTF-8.
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
iso2unicode($name)
|
||||
encrypt($_whatToTrace)
|
||||
|
||||
groupMatch
|
||||
~~~~~~~~~~
|
||||
|
@ -316,6 +286,71 @@ Example::
|
|||
|
||||
$_2fDevices =~ /"type":\s*"TOTP"/s
|
||||
|
||||
inGroup
|
||||
~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.8
|
||||
|
||||
This function lets you test if the user is in a given group. It is
|
||||
case-insensitive.
|
||||
|
||||
Usage example:
|
||||
|
||||
::
|
||||
|
||||
inGroup('admins')
|
||||
|
||||
inGroup('test users')
|
||||
|
||||
The function returns 1 if the user belongs to the given group, and 0 if
|
||||
they don't.
|
||||
|
||||
isInNet6
|
||||
~~~~~~~~
|
||||
|
||||
Function to check if an IPv6 address is in a subnet. Example *check if
|
||||
IP address is local*:
|
||||
|
||||
.. code-block:: perl
|
||||
|
||||
isInNet6($ipAddr, 'fe80::/10')
|
||||
|
||||
iso2unicode
|
||||
~~~~~~~~~~~
|
||||
|
||||
.. attention::
|
||||
|
||||
This function is not compliant with :doc:`Safe jail<safejail>`.
|
||||
You will have to disable the jail to use it.
|
||||
|
||||
This function converts a string from ISO-8859-1 to UTF-8.
|
||||
|
||||
Function parameter:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
iso2unicode($name)
|
||||
|
||||
iso2unicodeSafe
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
This function converts a string from ISO-8859-1 to UTF-8
|
||||
but it is not as portable as the original one.
|
||||
|
||||
Functions parameters:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
iso2unicodeSafe($name)
|
||||
|
||||
.. _listMatch:
|
||||
|
||||
listMatch
|
||||
|
@ -346,42 +381,6 @@ Simple usage example:
|
|||
The function returns 1 if the value was found, and 0 if it was not
|
||||
found.
|
||||
|
||||
inGroup
|
||||
~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.8
|
||||
|
||||
This function lets you test if the user is in a given group. It is
|
||||
case-insensitive.
|
||||
|
||||
Usage example:
|
||||
|
||||
::
|
||||
|
||||
inGroup('admins')
|
||||
|
||||
inGroup('test users')
|
||||
|
||||
The function returns 1 if the user belongs to the given group, and 0 if
|
||||
they don't.
|
||||
|
||||
encrypt
|
||||
~~~~~~~
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
Since version 2.0, this function is now compliant with
|
||||
:doc:`Safe jail<safejail>`.
|
||||
|
||||
This function uses the secret key of LLNG configuration to crypt a data.
|
||||
This can be used for anonymizing identifier given to the protected
|
||||
application.
|
||||
|
||||
::
|
||||
|
||||
encrypt($_whatToTrace)
|
||||
|
||||
token
|
||||
~~~~~
|
||||
|
||||
|
@ -392,16 +391,6 @@ This function generates token used for
|
|||
|
||||
token($_session_id,'webapp1.example.com','webapp2.example.com')
|
||||
|
||||
isInNet6
|
||||
~~~~~~~~
|
||||
|
||||
Function to check if an IPv6 address is in a subnet. Example *check if
|
||||
IP address is local*:
|
||||
|
||||
.. code-block:: perl
|
||||
|
||||
isInNet6($ipAddr, 'fe80::/10')
|
||||
|
||||
varIsInUri
|
||||
~~~~~~~~~~
|
||||
|
||||
|
@ -433,3 +422,39 @@ Example *check if $uid is in /check-auth/ URI*:
|
|||
:width: 35px
|
||||
.. |image1| image:: /documentation/new.png
|
||||
:width: 35px
|
||||
|
||||
unicode2iso
|
||||
~~~~~~~~~~~
|
||||
|
||||
.. attention::
|
||||
|
||||
This function is not compliant with :doc:`Safe jail<safejail>`.
|
||||
You will have to disable the jail to use it.
|
||||
|
||||
This function convert a string from UTF-8 to ISO-8859-1.
|
||||
|
||||
Function parameter:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
unicode2iso($name)
|
||||
|
||||
unicode2isoSafe
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
This function convert a string from UTF-8 to ISO-8859-1
|
||||
but it is not as portable as the original one.
|
||||
|
||||
Function parameter:
|
||||
|
||||
- **string**
|
||||
|
||||
Simple usage example:
|
||||
|
||||
::
|
||||
|
||||
unicode2isoSafe($name)
|
|
@ -30,6 +30,9 @@ All parameters are configured in "General Parameters » Portal Parameters
|
|||
/ Verification to an external provider. You must also use *$code*
|
||||
which is the value entered by user; Example:
|
||||
``/usr/local/bin/verify --uid $uid --code $code``
|
||||
- **Re-send interval**: Set this to a non-empty value to allow the user to
|
||||
re-send the code in case a transmission error occured. The value sets how
|
||||
many seconds the user has to wait before each attempt
|
||||
- **Authentication level** (Optional): if you want to overwrite the
|
||||
value sent by your authentication module, you can define here the new
|
||||
authentication level. Example: 5
|
||||
|
|
|
@ -100,6 +100,7 @@ Sample code::
|
|||
|
||||
sub addClaimToUserInfo {
|
||||
my ( $self, $req, $userinfo, $rp, $session_data) = @_;
|
||||
my $scope = $session_data->{_scope};
|
||||
$userinfo->{"userinfo_hook"} = 1;
|
||||
return PE_OK;
|
||||
}
|
||||
|
@ -178,6 +179,61 @@ Sample code::
|
|||
}
|
||||
|
||||
|
||||
oidcGotOnlineRefresh
|
||||
~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
This hook is triggered when LemonLDAP::NG handles a Refresh Token grant for an
|
||||
online session
|
||||
|
||||
The hook's parameters are:
|
||||
|
||||
* the configuration key of the relying party which received the grant
|
||||
* A hash of session data for the (internal) Refresh Token session
|
||||
* A hash of the user's session data
|
||||
|
||||
Sample code::
|
||||
|
||||
use constant hook => {
|
||||
oidcGotOnlineRefresh => 'logRefresh',
|
||||
};
|
||||
|
||||
sub logRefresh {
|
||||
my ( $self, $req, $rp, $refreshInfo, $sessionInfo ) = @_;
|
||||
my $uid = $sessionInfo->{uid};
|
||||
$self->userLogger->info("OIDC application $rp requested a new access token for $uid");
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
oidcGotOfflineRefresh
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
This hook is triggered when LemonLDAP::NG handles a Refresh Token grant for an
|
||||
offline session
|
||||
|
||||
The hook's parameters are:
|
||||
|
||||
* the configuration key of the relying party which received the grant
|
||||
* A hash of session data for the (internal) Refresh Token session, which also
|
||||
contains user attributes
|
||||
|
||||
Sample code::
|
||||
|
||||
use constant hook => {
|
||||
oidcGotOfflineRefresh => 'logRefreshOffline',
|
||||
};
|
||||
|
||||
sub logRefreshOffline {
|
||||
my ( $self, $req, $rp, $refreshInfo ) = @_;
|
||||
my $uid = $refreshInfo->{uid};
|
||||
$self->userLogger->info("OIDC application $rp used offline access for $uid");
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
|
||||
SAML Issuer hooks
|
||||
-----------------
|
||||
|
||||
|
|
|
@ -340,6 +340,8 @@ Options
|
|||
|
||||
- **Logout**
|
||||
|
||||
- **Bypass confirm**: Bypass logout confirmation when logout is initiated
|
||||
by relaying party
|
||||
- **Allowed redirection addresses for logout**: A space-separated list of
|
||||
URLs that this client can redirect the user to once the logout is done
|
||||
(through ``post_logout_redirect_uri``)
|
||||
|
|
|
@ -6,6 +6,7 @@ Portal configuration
|
|||
|
||||
portal
|
||||
portalcustom
|
||||
jqueryevents
|
||||
portalmenu
|
||||
portalservers
|
||||
captcha
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
Available JQuery Events
|
||||
========================
|
||||
|
||||
Some portal functions (such as 2FA registration) are performed by Javascript.
|
||||
|
||||
We offer a few custom events that let you react to certain high-level Javascript events
|
||||
|
||||
Second factor management
|
||||
------------------------
|
||||
|
||||
mfaAdded
|
||||
~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
This event is triggered when a TOTP, WebAuthn or U2F device is registered
|
||||
|
||||
Sample code:
|
||||
|
||||
.. code:: javascript
|
||||
|
||||
$(document).on( "mfaAdded", { }, function( event, info ) {
|
||||
console.log( "Added MFA of type" + info.type );
|
||||
// Your code here
|
||||
});
|
||||
|
||||
|
||||
mfaDeleted
|
||||
~~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
This event is triggered when a TOTP, WebAuthn or U2F device is removed
|
||||
|
||||
Sample code:
|
||||
|
||||
.. code:: javascript
|
||||
|
||||
$(document).on( "mfaDeleted", { }, function( event, info ) {
|
||||
console.log( "Removed MFA of type" + info.type );
|
||||
// Your code here
|
||||
});
|
|
@ -45,6 +45,9 @@ Mail second factor".
|
|||
- **Mail body**: The plain text content of the email the user will
|
||||
receive. If you leave it blank, the ``mail_2fcode`` HTML template
|
||||
will be used. The one-time code is stored in the ``$code`` variable
|
||||
- **Re-send interval**: Set this to a non-empty value to allow the user to
|
||||
re-send the code in case a transmission error occured. The value sets how
|
||||
many seconds the user has to wait before each attempt
|
||||
- **Authentication level** (Optional): if you want to overwrite the
|
||||
value sent by your authentication module, you can define here the new
|
||||
authentication level. Example: 5
|
||||
|
|
|
@ -12,13 +12,13 @@ Examples
|
|||
|
||||
**Important things**:
|
||||
|
||||
- The above examples below are written for version 0.6.0 in CommonJS
|
||||
but Node.js handler can be used in ES7 and/or Typescript code
|
||||
- Rules and headers must be written in javascript for these hosts
|
||||
(example ``$uid eq "dwho"`` becomes ``$uid === "dwho"``)
|
||||
- Multi-lines are not supported in lemonldap-ng.ini
|
||||
- Virtualhosts handled by node-lemonldap-ng-handler must be explicitly
|
||||
declared in your ``lemonldap-ng.ini`` file in ``[node-handler]``
|
||||
section (**NB**: section ``[handler]`` isn't used by node
|
||||
handler):
|
||||
section
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
|
@ -40,12 +40,14 @@ FastCGI server
|
|||
configStorage: {
|
||||
"confFile": "/path/to/lemonldap-ng.ini"
|
||||
}
|
||||
});
|
||||
}).then( () => {
|
||||
|
||||
handler.nginxServer({
|
||||
"mode": "fcgi", // or "http", default: fcgi
|
||||
"port": 9090, // default value
|
||||
"ip": 'localhost' // default value
|
||||
});
|
||||
|
||||
handler.nginxServer({
|
||||
"mode": "fcgi", // or "http", default: fcgi
|
||||
"port": 9090, // default value
|
||||
"ip": 'localhost' // default value
|
||||
});
|
||||
|
||||
Nginx configuration
|
||||
|
@ -98,16 +100,17 @@ Use it to protect an express app
|
|||
configStorage: {
|
||||
"confFile":"test/lemonldap-ng.ini"
|
||||
}
|
||||
});
|
||||
|
||||
// and load it
|
||||
app.use(handler.run);
|
||||
|
||||
// Then simply use your express app
|
||||
app.get('/', function(req, res) {
|
||||
return res.send('Hello ' + req.headers['Auth-User'] + ' !');
|
||||
});
|
||||
app.listen(3000, function() {
|
||||
return console.log('Example app listening on port 3000!');
|
||||
}).then( () => {
|
||||
|
||||
// and load it
|
||||
app.use(handler.run);
|
||||
|
||||
// Then simply use your express app
|
||||
app.get('/', function(req, res) {
|
||||
return res.send('Hello ' + req.headers['Auth-User'] + ' !');
|
||||
});
|
||||
app.listen(3000, function() {
|
||||
return console.log('Example app listening on port 3000!');
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
@ -515,3 +515,14 @@ connect with any user, the message will be prompted.
|
|||
.. |image1| image:: /documentation/portal-notification.png
|
||||
:class: align-center
|
||||
|
||||
|
||||
JSON response
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
If a notification is pending, JSON response fields are:
|
||||
|
||||
- ``result``: ``0``
|
||||
- ``error``: ``36``
|
||||
- ``ciphered_id``: a ciphered session id is returned in this field.
|
||||
This id can be used to forward and continue the notification process if you call the REST ``/notifback`` endpoint
|
||||
with a LL::NG cookie built with this id.
|
||||
|
|
|
@ -562,6 +562,7 @@ sfEngine Second factor engine
|
|||
sfExtra Extra second factors ✔
|
||||
sfManagerRule Rule to display second factor Manager link ✔
|
||||
sfOnlyUpgrade Only trigger second factor on session upgrade ✔
|
||||
sfLoginTimeout Timeout for 2F login process ✔
|
||||
sfRegisterTimeout Timeout for 2F registration process ✔
|
||||
sfRemovedMsgRule Display a message if at leat one expired SF has been removed ✔
|
||||
sfRemovedNotifMsg Notification message ✔
|
||||
|
|
|
@ -22,7 +22,7 @@ A blank value disables Main logo display.
|
|||
- Main logo is included in Portal templates AND mail body
|
||||
|
||||
Favicon
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
~~~~~~~
|
||||
|
||||
You can change the default favicon in Manager: General Parameters >
|
||||
Portal > Customization > Favicon.
|
||||
|
@ -49,6 +49,14 @@ Option enabled by default.
|
|||
your browser (EN by default).
|
||||
|
||||
|
||||
Scroll to top button
|
||||
~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
You can display a button to go to back to the top after <value> pixels scrolling.
|
||||
|
||||
.. tip::
|
||||
|
||||
A blank or null value disable this feature.
|
||||
|
||||
Custom CSS file
|
||||
~~~~~~~~~~~~~~~
|
||||
|
@ -212,6 +220,12 @@ To change CSS, two options:
|
|||
|
||||
<link href="<TMPL_VAR NAME="STATIC_PREFIX">myskin/css/myskin.css" rel="stylesheet" type="text/css" />
|
||||
|
||||
To add custom JS, create a new file in myskin/js/custom.js and load it in customhead.tpl ::
|
||||
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/js/custom.js"></script>
|
||||
|
||||
In this file, you can access JQuery functions, and hook your code to :doc:`JQuery events <jqueryevents>`
|
||||
|
||||
Put then all custom HTML code in the custom template files.
|
||||
|
||||
To configure your new skin in Manager, select the custom skin, and enter
|
||||
|
|
|
@ -45,6 +45,12 @@ and edit configuration:
|
|||
cp /usr/share/lemonldap-ng/bin/importMetadata /usr/share/lemonldap-ng/bin/importMetadataRenater
|
||||
vi /usr/share/lemonldap-ng/bin/importMetadataRenater
|
||||
|
||||
.. versionchanged:: 2.0.15
|
||||
|
||||
Since version 2.0.15 it is no longer necessary to copy the script, you can
|
||||
use the ``--configfile`` option to handle most customization use cases. See
|
||||
:ref:`importmetadataconfig` below for details.
|
||||
|
||||
Set attributes (use the SAML Name, not FriendlyName) that are provided
|
||||
by IDPs, for example:
|
||||
|
||||
|
@ -92,26 +98,27 @@ Then run the script:
|
|||
|
||||
/usr/share/lemonldap-ng/bin/importMetadataRenater -m https://metadata.federation.renater.fr/renater/main/main-idps-renater-metadata.xml -r -i "idp-renater-" -s "sp-renater-"
|
||||
|
||||
The script provide the following options
|
||||
The script provide the following options
|
||||
|
||||
* -i (--idpconfprefix): Prefix used to set IDP configuration key
|
||||
* -h (--help): print this message
|
||||
* -m (--metadata): URL of metadata document
|
||||
* -s (--spconfprefix): Prefix used to set SP configuration key
|
||||
* --ignore-sp: ignore SP matching this entityID (can be specified multiple times)
|
||||
* --ignore-idp: ignore IdP matching this entityID (can be specified multiple times)
|
||||
* -a (--nagios): output statistics in Nagios format
|
||||
* -n (--dry-run): print statistics but do not apply changes
|
||||
* -v (--verbose): increase verbosity of output
|
||||
* -r (--remove): remove provider from LemonLDAP::NG if it does not appear in metadata
|
||||
* -i (--idpconfprefix): Prefix used to set IDP configuration key
|
||||
* -h (--help): print this message
|
||||
* -m (--metadata): URL of metadata document
|
||||
* -s (--spconfprefix): Prefix used to set SP configuration key
|
||||
* --ignore-sp: ignore SP matching this entityID (can be specified multiple times)
|
||||
* --ignore-idp: ignore IdP matching this entityID (can be specified multiple times)
|
||||
* -a (--nagios): output statistics in Nagios format
|
||||
* -n (--dry-run): print statistics but do not apply changes
|
||||
* -c (--configfile): use a configuration file
|
||||
* -v (--verbose): increase verbosity of output
|
||||
* -r (--remove): remove provider from LemonLDAP::NG if it does not appear in metadata
|
||||
|
||||
|
||||
Example :
|
||||
::
|
||||
|
||||
/usr/libexec/lemonldap-ng/bin/importMetadata -m https://pub.federation.renater.fr/metadata/renater/main/main-sps-renater-metadata.xml -s "sp-fed-prd" -c https://pub.federation.renater.fr/metadata/certs/renater-metadata-signing-cert-2016.pem -bs https://test-sp.federation.renater.fr -r -v -d
|
||||
|
||||
This command will
|
||||
|
||||
This command will
|
||||
* fetch all SPs metadata from renater
|
||||
* set a prefix to entity stored inside LemonLdap::NG
|
||||
* disable local modification of SP https://test-sp.federation.renater.fr
|
||||
|
@ -135,7 +142,7 @@ The output is the following :
|
|||
|
||||
With "-n" options you could get a "nagios like" output with metrics :
|
||||
::
|
||||
|
||||
|
||||
/usr/libexec/lemonldap-ng/bin/importMetadataFedRenater -m https://pub.federation.renater.fr/metadata/renater/main/main-sps-renater-metadata.xml -s "sp-fed-prd" -c https://pub.federation.renater.fr/metadata/certs/renater-metadata-signing-cert-2016.pem -bs https://test-sp.federation.renater.fr -r -d -n
|
||||
Metadata loaded inside Conf: [DRY-RUN]|idp_found=0, idp_updated=0, idp_created=0, idp_removed=0, idp_rejected=0, idp_ignored=0, sp_found=1248, sp_updated=1240, sp_created=0, sp_removed=0, sp_rejected=7, sp_ignored=1
|
||||
|
||||
|
@ -145,6 +152,57 @@ With "-n" options you could get a "nagios like" output with metrics :
|
|||
You need to add this in cron to refresh metadata into
|
||||
LL::NG configuration.
|
||||
|
||||
|
||||
.. _importmetadataconfig:
|
||||
|
||||
Metadata import configuration file
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
.. versionadded:: 2.0.15
|
||||
|
||||
You can now use a configuration file for the script in order to handle most custom cases.
|
||||
|
||||
Here is an example of a INI-formatted configuration file::
|
||||
|
||||
# main script options, these will be overriden by the CLI options
|
||||
[main]
|
||||
dry-run=1
|
||||
verbose=1
|
||||
metadata=http://url/to/metadata.xml
|
||||
; Multi-value options
|
||||
ignore-idp=entity-id-to-ignore-1
|
||||
ignore-idp=entity-id-to-ignore-2
|
||||
|
||||
# Default exported attributes for IDPs
|
||||
[exportedAttributes]
|
||||
cn=0;cn
|
||||
eduPersonPrincipalName=0;eduPersonPrincipalName
|
||||
...
|
||||
|
||||
# options that apply to all providers
|
||||
[ALL]
|
||||
; Disable signature requirement on requests
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature=0
|
||||
samlSPMetaDataOptionsCheckSLOMessageSignature=0
|
||||
; Store SAML assertions in session
|
||||
samlIDPMetaDataOptionsStoreSAMLToken=1
|
||||
; Mark ePPN as always required
|
||||
attribute_required_eduPersonPrincipalName=1
|
||||
...
|
||||
|
||||
# Specific provider configurations
|
||||
[https://test-sp.federation.renater.fr]
|
||||
; All attributes are optional for this provider
|
||||
attribute_required=0
|
||||
; Override some options
|
||||
samlSPMetaDataOptionsNameIDFormat=persistent
|
||||
|
||||
[https://idp.renater.fr/idp/shibboleth]
|
||||
; declare an extra attribute from this provider
|
||||
exported_attribute_eduPersonAffiliation=1;uid
|
||||
|
||||
|
||||
|
||||
Add your SP into the federation
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
|
@ -12,11 +12,17 @@ All parameters are set in "General Parameters » Portal Parameters »
|
|||
Second Factors » REST 2nd Factor".
|
||||
|
||||
- **Activation**
|
||||
- **Code regex**: regular expression to create an OTP code. If this option is
|
||||
set, LemonLDAP::NG will generate the code and send it through the Init URL,
|
||||
then verify it internally.
|
||||
- **Init URL** *(optional)*: REST URL to initialize dialog *(send
|
||||
OTP)*. Leave it blank if your API doesn't need any initialization
|
||||
- **Init arguments**: list of arguments to send *(see below)*
|
||||
- **Verify URL** *(required)*: REST URL to verify code
|
||||
- **Verify arguments**: list of arguments to send *(see below)*
|
||||
- **Re-send interval**: Set this to a non-empty value to allow the user to
|
||||
re-send the code in case a transmission error occured. The value sets how
|
||||
many seconds the user has to wait before each attempt
|
||||
- **Authentication level** (Optional): if you want to overwrite the
|
||||
value sent by your authentication module, you can define here the new
|
||||
authentication level. Example: 5
|
||||
|
@ -31,20 +37,31 @@ Arguments are a list of key/value. Key is the name of JSON entry, value
|
|||
is attribute or macro name.
|
||||
|
||||
|
||||
.. attention::
|
||||
|
||||
For Verify URL, you should send ``$code`` at least
|
||||
|
||||
REST Dialog
|
||||
REST Dialog
|
||||
-----------
|
||||
|
||||
|
||||
REST web services have just to reply with a "result" key in a JSON file.
|
||||
Auth/UserDB can add an "info" array. It will be stored in session data
|
||||
(without reading "Exported variables").
|
||||
|
||||
If *Code regex* is set
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
========== ================================================ ====================================
|
||||
URL Query Response
|
||||
========== ================================================ ====================================
|
||||
Init URL JSON file: ``{"user":$user,...}`` JSON file: ``{"result":true/false}``
|
||||
Verify URL JSON file: ``{"user":$user,"code":"$code",...}`` JSON file: ``{"result":true/false}``
|
||||
Init URL JSON body: ``{"user":$user,"code":"$code",...}`` JSON body: ``{"result":true/false}``
|
||||
========== ================================================ ====================================
|
||||
|
||||
The Verify URL is not called, since the code is checked against the internally saved value
|
||||
|
||||
If *Code regex* is not set
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
========== ================================================ ====================================
|
||||
URL Query Response
|
||||
========== ================================================ ====================================
|
||||
Init URL JSON body: ``{"user":$user,...}`` JSON body: ``{"result":true/false}``
|
||||
Verify URL JSON body: ``{"user":$user,"code":"$code",...}`` JSON body: ``{"result":true/false}``
|
||||
========== ================================================ ====================================
|
||||
|
|
|
@ -49,7 +49,8 @@ The JSON response fields are:
|
|||
- ``error``: error code, the corresponding error can be found in
|
||||
:doc:`Portal error codes<error_codes>`
|
||||
- ``id``: if authentication succeed, the session id is returned in this
|
||||
field
|
||||
field. This id is not returned if you call the REST endpoint with the
|
||||
session cookie (which means you are already authenticated).
|
||||
|
||||
|
||||
.. tip::
|
||||
|
@ -62,7 +63,7 @@ The JSON response fields are:
|
|||
|
||||
Before version 2.0.4, the response to a success
|
||||
authentication had no ``id`` field, and ``error`` field was named
|
||||
``code`` (use Cookie header to get id value).
|
||||
``code``.
|
||||
|
||||
Example
|
||||
^^^^^^^
|
||||
|
|
|
@ -76,10 +76,19 @@ of doing a complete reauthentication.
|
|||
|
||||
.. |beta| image:: /documentation/beta.png
|
||||
|
||||
Login timeout
|
||||
-------------
|
||||
|
||||
Allowed time for the user to authenticate using their second factor. By default
|
||||
it is set to 2 minutes, but some complex second factor types (TOTP, email...)
|
||||
may require more time to be used.
|
||||
|
||||
Registration timeout
|
||||
--------------------
|
||||
|
||||
Allowed time to register a TOTP.
|
||||
Allowed time for the user to register their new second factor. By default it is
|
||||
set to 2 minutes, but some complex second factor types (TOTP...) may require
|
||||
more time to be registered.
|
||||
|
||||
Second factor expiration
|
||||
------------------------
|
||||
|
|
|
@ -310,7 +310,7 @@ Go in Manager, ``General parameters`` » ``Advanced parameters`` »
|
|||
authentication renewal cannot be forced, used to prevent to loose the
|
||||
current authentication during the main process. If you experience
|
||||
slow network performances, you can increase this value.
|
||||
- **Encryption key**: key used to crypt some data, should not be known
|
||||
- **Encryption key**: key used for crypting some data, should not be known
|
||||
by other applications
|
||||
- **Trusted domains**: domains on which the user can be redirected
|
||||
after login on portal.
|
||||
|
|
|
@ -288,7 +288,7 @@ Name Description
|
|||
:doc:`Context switching<contextswitching>` [7]_\ |new| Switch context other users
|
||||
:doc:`CrowdSec<crowdsec>` [8]_\ |new| CrowdSec bouncer
|
||||
:doc:`Custom<plugincustom>` Write a custom plugin
|
||||
:doc:`Decrypt value<decryptvalue>` [9]_\ |beta| Decrypt ciphered values
|
||||
:doc:`Decrypt value<decryptvalue>` [9]_\ Decrypt ciphered values
|
||||
:doc:`Display login history<loginhistory>` Display Success/Fails logins
|
||||
:doc:`Force Authentication<forcereauthn>` Force authentication to access to Portal
|
||||
:doc:`Global Logout<globallogout>` [10]_ Suggest to close all opened sessions at logout
|
||||
|
|
|
@ -47,8 +47,26 @@ In the manager (advanced parameters), you just have to enable it:
|
|||
TOTP
|
||||
- **Issuer name** (Optional): default to portal hostname
|
||||
- **Interval**: interval for TOTP algorithm (default: 30)
|
||||
- **Range of attempts**: number of additional intervals to test (default: 1)
|
||||
|
||||
.. warning::
|
||||
|
||||
Many mobile applications only support the default value
|
||||
|
||||
- **Range of attempts**: number of additional intervals to test (default: 1).
|
||||
Use this settings if your server and phone clocks are not perfectly in sync,
|
||||
at the cost of weaker security.
|
||||
|
||||
.. note::
|
||||
|
||||
Range is tested backward and forward to prevent
|
||||
positive or negative clock drift.
|
||||
|
||||
- **Number of digits**: number of digit by codes (default: 6)
|
||||
|
||||
.. warning::
|
||||
|
||||
Many mobile applications only support the default value
|
||||
|
||||
- **Authentication level**: you can overwrite here auth level for TOTP
|
||||
registered users. Leave it blank keeps auth level provided by first
|
||||
authentication module *(default: 2 for user/password based modules)*.
|
||||
|
|
|
@ -26,6 +26,81 @@ Known regressions in the latest released version
|
|||
|
||||
None
|
||||
|
||||
2.0.15
|
||||
------
|
||||
|
||||
New Captcha API
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
It is now possible to create your own Captcha modules to replace the one provided by default.
|
||||
|
||||
In order for custom Captcha modules to work, you need to modify your custom ``standardform.tpl``, ``mail.tpl`` and ``register.tpl`` template files:
|
||||
|
||||
.. code:: diff
|
||||
|
||||
- <TMPL_IF NAME=CAPTCHA_SRC>
|
||||
- <TMPL_INCLUDE NAME="captcha.tpl">
|
||||
+ <TMPL_IF NAME=CAPTCHA_HTML>
|
||||
+ <TMPL_VAR NAME=CAPTCHA_HTML>
|
||||
</TMPL_IF>
|
||||
|
||||
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
|
||||
|
||||
Re-send 2FA code
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
The :doc:`mail <mail2f>`, :doc:`external <external2f>` and :doc:`REST <rest2f>` based 2FA types can now re-send the user code if delivery failed for some reason. If you use custom templates, you must update ``ext2fcheck.tpl``
|
||||
|
||||
.. code:: diff
|
||||
|
||||
--- a/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
|
||||
+++ b/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
|
||||
@@ -26,6 +26,12 @@
|
||||
</button>
|
||||
</div>
|
||||
<div class="buttons">
|
||||
+ <TMPL_IF "RESENDTARGET">
|
||||
+ <button type="submit" class="btn btn-primary" formaction="<TMPL_VAR "RESENDTARGET">">
|
||||
+ <span class="fa fa-repeat"></span>
|
||||
+ <span trspan="resendCode">Re-send code</span>
|
||||
+ </button>
|
||||
+ </TMPL_IF>
|
||||
<a href="<TMPL_VAR NAME="PORTAL_URL">?cancel=1&skin=<TMPL_VAR NAME="SKIN">" class="btn btn-primary" role="button">
|
||||
<span class="fa fa-home"></span>
|
||||
<span trspan="cancel">Cancel</span>
|
||||
|
||||
|
||||
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
|
||||
|
||||
Customizing the 2FA logo in the registration screen
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The 2FA registration screen now displays the custom logo and label set in configuration. If you use custom templates, you should update ``2fregisters.tpl``
|
||||
|
||||
.. code:: diff
|
||||
|
||||
@@ -77,10 +77,16 @@
|
||||
<div class="card border-secondary">
|
||||
<div class="card-body py-3">
|
||||
<a href="<TMPL_VAR NAME="URL">" class="nodecor">
|
||||
- <img src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/<TMPL_VAR NAME="LOGO">" alt="<TMPL_VAR NAME="CODE">2F" title="<TMPL_VAR NAME="CODE">2F" />
|
||||
+ <img src="<TMPL_VAR NAME="STATIC_PREFIX"><TMPL_VAR NAME="SKIN">/<TMPL_VAR NAME="LOGO">" alt="<TMPL_VAR NAME="CODE">2f" title="<TMPL_VAR NAME="LABEL">" />
|
||||
</a>
|
||||
</div>
|
||||
- <div class="card-footer text-white text-uppercase bg-secondary"><TMPL_VAR NAME="CODE">2F</div>
|
||||
+ <div class="card-footer text-white text-uppercase bg-secondary">
|
||||
+ <TMPL_IF LABEL>
|
||||
+ <p><TMPL_VAR NAME="LABEL"></p>
|
||||
+ <TMPL_ELSE>
|
||||
+ <p trspan="<TMPL_VAR NAME="CODE">2f"></p>
|
||||
+ </TMPL_IF>
|
||||
+ </div>
|
||||
</div>
|
||||
</div>
|
||||
</TMPL_LOOP>
|
||||
|
||||
If you are using the default templates from the ``bootstrap`` theme, you don't need to change anything.
|
||||
|
||||
2.0.14
|
||||
------
|
||||
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
Use an outgoing proxy
|
||||
=====================
|
||||
|
||||
For some protocols, LL::NG has to directly contact the external server.
|
||||
For some protocols, LemonLDAP::NG has to directly contact the external server.
|
||||
This is the case for example with CAS authentication (validation of
|
||||
service ticket) or OpenID Connect authentication (access to token
|
||||
endpoint and userinfo endpoint).
|
||||
|
||||
If the LL::NG server needs a proxy for outgoing connections, then you
|
||||
need to configure some environment variables.
|
||||
need to configure some environment variables. By default, only connections
|
||||
to external systems (CAS, OIDC, etc.) are done through the proxy, while HTTP
|
||||
connections in between LemonLDAP::NG components are not.
|
||||
|
||||
Apache
|
||||
------
|
||||
|
@ -21,6 +23,11 @@ In Apache configuration, set:
|
|||
# on Centos7, you need LWP::Protocol::connect
|
||||
# FcgidInitialEnv https_proxy connect://X.X.X.X:X
|
||||
|
||||
# Optional: use this to force ALL http connections to go
|
||||
# through the proxy. This is only useful in some scenarios
|
||||
# FcgidInitialEnv PERL_LWP_ENV_PROXY 1
|
||||
# FcgidInitialEnv no_proxy <urls-without-proxy>
|
||||
|
||||
Nginx/FastCGI
|
||||
-------------
|
||||
|
||||
|
@ -33,3 +40,8 @@ add in ``/etc/default/lemonldap-ng-fastcgi-server`` :
|
|||
# on Centos7, you need LWP::Protocol::connect
|
||||
# https_proxy=connect://X.X.X.X:X
|
||||
|
||||
# Optional: use this to force ALL http connections to go
|
||||
# through the proxy. This is only useful in some scenarios
|
||||
# PERL_LWP_ENV_PROXY=1
|
||||
# no_proxy=<urls-without-proxy>
|
||||
|
||||
|
|
|
@ -148,15 +148,17 @@ Key Description
|
|||
OpenID Connect
|
||||
--------------
|
||||
|
||||
============================ ===============================================
|
||||
============================ ======================================================================
|
||||
Key Description
|
||||
============================ ===============================================
|
||||
============================ ======================================================================
|
||||
\_oidc_id_token ID Token
|
||||
\_oidc_OP Configuration key of OP used for authentication
|
||||
\_oidc_access_token OAuth2 Access Token used to get UserInfo data
|
||||
\_oidc_access_token_eol Timestamp after which the Access Token should no longer be valid
|
||||
\_oidc_refresh_token OAuth2 Refresh Token. This should never be transmitted to applications
|
||||
\_oidc_consent_scope\_\ *rp* Scope for which consent was given for RP *rp*
|
||||
\_oidc_consent_time\_\ *rp* Time when consent was given for RP *rp*
|
||||
============================ ===============================================
|
||||
============================ ======================================================================
|
||||
|
||||
Other
|
||||
-----
|
||||
|
|
|
@ -1198,6 +1198,8 @@ components:
|
|||
logoutUrl:
|
||||
type: string
|
||||
format: url
|
||||
logoutBypassConfirm:
|
||||
type: boolean
|
||||
clientSecret:
|
||||
type: string
|
||||
format: password
|
||||
|
|
|
@ -40,6 +40,7 @@ viewerAllowDiff = 1
|
|||
|
||||
staticPrefix = /static
|
||||
instanceName = Demo
|
||||
;customCSS = css/custom.css
|
||||
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
|
||||
templateDir = __pwd__/lemonldap-ng-manager/site/templates
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@ viewerAllowDiff = 1
|
|||
|
||||
staticPrefix = /static
|
||||
instanceName = Demo
|
||||
;customCSS = css/custom.css
|
||||
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
|
||||
templateDir = __pwd__/lemonldap-ng-manager/site/templates
|
||||
|
||||
|
|
|
@ -48,6 +48,7 @@ viewerAllowBrowser = 1
|
|||
viewerAllowDiff = 1
|
||||
|
||||
staticPrefix = /static
|
||||
;customCSS = css/custom.css
|
||||
instanceName = Demo
|
||||
languages = fr, en, vi, ar, it, zh, tr, zh_TW, es
|
||||
templateDir = __pwd__/lemonldap-ng-manager/site/templates
|
||||
|
|
|
@ -84,6 +84,7 @@ scripts/lmMigrateConfFiles2ini
|
|||
scripts/rotateOidcKeys
|
||||
t/01-Common-Conf.t
|
||||
t/02-Common-Conf-File.t
|
||||
t/02-Common-Conf-ServerEnv.t
|
||||
t/03-Common-Conf-CDBI.t
|
||||
t/03-Common-Conf-RDBI.t
|
||||
t/05-Common-Conf-LDAP.t
|
||||
|
|
|
@ -23,8 +23,10 @@
|
|||
"build" : {
|
||||
"requires" : {
|
||||
"IO::String" : "0",
|
||||
"MIME::Entity" : "0",
|
||||
"Net::LDAP" : "0",
|
||||
"String::Random" : "0",
|
||||
"Test::Output" : "0",
|
||||
"Test::Pod" : "1"
|
||||
}
|
||||
},
|
||||
|
@ -61,7 +63,6 @@
|
|||
"JSON::XS" : "0",
|
||||
"Mouse" : "0",
|
||||
"Plack" : "0",
|
||||
"Test::Pod" : "1",
|
||||
"URI" : "0"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,8 +4,10 @@ author:
|
|||
- 'Xavier Guimard <x.guimard@free.fr>, Clement Oudot <clement@oodo.net>, Christophe Maudoux <chrmdx@gmail.com>, Maxime Besson <maxime.besson@worteks.com>'
|
||||
build_requires:
|
||||
IO::String: '0'
|
||||
MIME::Entity: '0'
|
||||
Net::LDAP: '0'
|
||||
String::Random: '0'
|
||||
Test::Output: '0'
|
||||
Test::Pod: '1'
|
||||
configure_requires:
|
||||
ExtUtils::MakeMaker: '0'
|
||||
|
@ -46,7 +48,6 @@ requires:
|
|||
JSON::XS: '0'
|
||||
Mouse: '0'
|
||||
Plack: '0'
|
||||
Test::Pod: '1'
|
||||
URI: '0'
|
||||
resources:
|
||||
MailingList: mailto:lemonldap-ng-dev@ow2.org
|
||||
|
|
|
@ -37,6 +37,7 @@ WriteMakefile(
|
|||
LICENSE => 'gpl',
|
||||
BUILD_REQUIRES => {
|
||||
'IO::String' => 0,
|
||||
'MIME::Entity' => 0,
|
||||
'Net::LDAP' => 0,
|
||||
'String::Random' => 0,
|
||||
'Test::Pod' => 1.00,
|
||||
|
|
|
@ -376,9 +376,12 @@ protection = manager
|
|||
|
||||
; staticPrefix: relative (or URL) location of static HTML components
|
||||
staticPrefix = __MANAGERSTATICDIR__
|
||||
;
|
||||
|
||||
; instanceName: Display current LLNG instance into Manager
|
||||
;instanceName = Demo
|
||||
; customCSS: CSS file to customize Manager
|
||||
;customCSS = css/custom.css
|
||||
|
||||
; location of HTML templates directory
|
||||
templateDir = __MANAGERTEMPLATESDIR__
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Common::Apache::Session::Store;
|
|||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub new {
|
||||
my $class = shift;
|
||||
|
@ -56,7 +56,7 @@ sub materialize {
|
|||
|
||||
# Get session from cache
|
||||
my $id = $session->{data}->{_session_id};
|
||||
if ( $self->cache->get($id) ) {
|
||||
if ( !$self->{args}->{noCache} and $self->cache->get($id) ) {
|
||||
$session->{serialized} = $self->cache->get($id);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -27,10 +27,12 @@ use Config::IniFiles;
|
|||
#inherits Lemonldap::NG::Common::Conf::Backends::SOAP
|
||||
#inherits Lemonldap::NG::Common::Conf::Backends::LDAP
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
our $msg = '';
|
||||
our $iniObj;
|
||||
|
||||
our $PlaceHolderRe = '%SERVERENV:(.*?)%';
|
||||
|
||||
BEGIN {
|
||||
eval {
|
||||
require threads::shared;
|
||||
|
@ -228,9 +230,10 @@ sub getConf {
|
|||
$res = $r;
|
||||
}
|
||||
|
||||
# Create cipher object
|
||||
# Create cipher object and replace variable placeholder
|
||||
unless ( $args->{raw} ) {
|
||||
|
||||
$self->replacePlaceholders($res) if $self->{useServerEnv};
|
||||
eval {
|
||||
$res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} );
|
||||
};
|
||||
|
@ -504,6 +507,46 @@ sub logError {
|
|||
return shift->_launch( 'logError', @_ );
|
||||
}
|
||||
|
||||
sub _substPlaceHolders {
|
||||
return $_[0] unless $_[0];
|
||||
$_[0] =~ s/$PlaceHolderRe/$ENV{$1}/geo;
|
||||
return $_[0];
|
||||
}
|
||||
|
||||
## @method void replacePlaceholders(res: LLNG_Conf)
|
||||
#
|
||||
# Recursively replace %SERVERENV:VariableName% by $ENV{VariableName} value
|
||||
sub replacePlaceholders {
|
||||
my ( $self, $conf ) = @_;
|
||||
if ( ref $conf eq 'HASH' ) {
|
||||
foreach my $key ( keys %$conf ) {
|
||||
if ( $key =~ /$PlaceHolderRe/o ) {
|
||||
my $val = $conf->{$key};
|
||||
delete $conf->{$key};
|
||||
my $nk = _substPlaceHolders($key);
|
||||
$conf->{$nk} = $val;
|
||||
}
|
||||
next unless ( $conf->{$key} );
|
||||
if ( ref $conf->{$key} ) {
|
||||
$self->replacePlaceholders( $conf->{$key} );
|
||||
}
|
||||
elsif ( $conf->{$key} =~ /$PlaceHolderRe/o ) {
|
||||
$conf->{$key} = _substPlaceHolders( $conf->{$key} );
|
||||
}
|
||||
}
|
||||
}
|
||||
elsif ( ref $conf eq 'ARRAY' ) {
|
||||
for ( my $i = 0 ; $i < @$conf ; $i++ ) {
|
||||
if ( ref $conf->[$i] ) {
|
||||
$self->replacePlaceholders( $conf->[$i] );
|
||||
}
|
||||
elsif ( $conf->[$i] =~ /$PlaceHolderRe/o ) {
|
||||
$conf->[$i] = _substPlaceHolders( $conf->[$i] );
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
|
|
|
@ -4,12 +4,12 @@ use strict;
|
|||
use Mouse;
|
||||
use Lemonldap::NG::Common::Conf::ReConstants;
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub compactConf {
|
||||
my ( $self, $conf ) = @_;
|
||||
|
||||
return $conf unless ( $conf->{'compactConf'} );
|
||||
return $conf unless $conf->{compactConf};
|
||||
|
||||
# Remove unused auth parameters
|
||||
my %keep;
|
||||
|
|
|
@ -5,7 +5,7 @@ use strict;
|
|||
use Exporter 'import';
|
||||
use base qw(Exporter);
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
# CONSTANTS
|
||||
|
||||
|
@ -29,9 +29,9 @@ use constant DEFAULTCONFBACKEND => "File";
|
|||
use constant DEFAULTCONFBACKENDOPTIONS => (
|
||||
dirName => '/usr/local/lemonldap-ng/data/conf',
|
||||
);
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:a(?:s(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|ptchaOptions)|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnectedBypassFG|orePassword)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|State|User|XSS)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap))|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|memberDefaultChecked|freshSessions)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|to(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|w(?:ebauthn2fUserCanRemoveKey|sdlServer)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|findUser)$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnectedBypassFG|orePassword)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Logout(?:SessionRequired|BypassConfirm)|Re(?:freshToken|quirePKCE)|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|State|User|XSS)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap))|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|memberDefaultChecked|freshSessions)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|to(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|w(?:ebauthn2fUserCanRemoveKey|sdlServer)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|findUser)$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
|
||||
package Lemonldap::NG::Common::Conf::DefaultValues;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub defaultValues {
|
||||
return {
|
||||
|
@ -327,6 +327,7 @@ sub defaultValues {
|
|||
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
|
||||
'samlSPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
|
||||
'samlSPSSODescriptorWantAssertionsSigned' => 1,
|
||||
'scrollTop' => 400,
|
||||
'securedCookie' => 0,
|
||||
'sfEngine' => '::2F::Engines::Default',
|
||||
'sfManagerRule' => 1,
|
||||
|
|
|
@ -5,7 +5,7 @@ use strict;
|
|||
use Exporter 'import';
|
||||
use base qw(Exporter);
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)] );
|
||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
|
@ -22,12 +22,12 @@ our $specialNodeHash = {
|
|||
};
|
||||
|
||||
our $doubleHashKeys = 'issuerDBGetParameters';
|
||||
our $simpleHashKeys = '(?:(?:c(?:as(?:StorageOption|Attribute)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|(?:(?:d(?:emo|bi)|webID)E|e)xportedVar|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|OPMetaDataJ(?:SON|WKS))|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))';
|
||||
our $simpleHashKeys = '(?:(?:c(?:a(?:s(?:StorageOption|Attribute)|ptchaOption)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|(?:(?:d(?:emo|bi)|webID)E|e)xportedVar|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|OPMetaDataJ(?:SON|WKS))|penIdExportedVars)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember|fExtra)|S(?:MTPTLSOpts|SLVarIf))';
|
||||
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
|
||||
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|Servic|Rul)e|AuthnLevel)|(?:ExportedVar|Macro)s)';
|
||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|UserI(?:nfoSignAlg|DAttr)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)';
|
||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:Re(?:solutionRule|new)|ProxiedServices|DisplayName|SortNumber|Gateway|Icon|Url)|ExportedVars)';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|(?:ResolutionRul|MaxAg)e|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|Logout(?:SessionRequired|BypassConfirm|Type|Url)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|P(?:ostLogoutRedirectUris|ublic)|UserI(?:nfoSignAlg|DAttr)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|AuthnLevel|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
|
||||
our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|DevOpsRulesUrl|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
|
|
@ -2,19 +2,18 @@ package Lemonldap::NG::Common::Logger::Dispatch;
|
|||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub new {
|
||||
no warnings 'redefine';
|
||||
my $self = bless {}, shift;
|
||||
my ( $conf, %args ) = @_;
|
||||
my %bck;
|
||||
my $last;
|
||||
my $show = 1;
|
||||
my ( %bck, $last );
|
||||
my $root = $args{user} ? 'userLogDispatch' : 'logDispatch';
|
||||
unless ( $conf->{ $root . 'Error' } ) {
|
||||
die "At least, ${root}Error must be defined in conf";
|
||||
}
|
||||
my $show = 1;
|
||||
die "At least, ${root}Error must be defined in conf"
|
||||
unless ( $conf->{ $root . 'Error' } );
|
||||
|
||||
foreach my $l (qw(error warn notice info debug)) {
|
||||
if ($show) {
|
||||
$last = $conf->{ $root . ucfirst($l) } || $last;
|
||||
|
@ -33,9 +32,9 @@ sub new {
|
|||
eval qq'sub $l {1}';
|
||||
}
|
||||
$show = 0 if ( $conf->{logLevel} eq $l );
|
||||
|
||||
}
|
||||
die "Unknown logLevel $conf->{logLevel}" if ($show);
|
||||
die "Unknown logLevel $conf->{logLevel}" if $show;
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
|
|
|
@ -10,13 +10,14 @@ package Lemonldap::NG::Common::Logger::Sentry;
|
|||
use strict;
|
||||
use Sentry::Raven;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub new {
|
||||
my $self = bless {}, shift;
|
||||
my ($conf) = @_;
|
||||
my $show = 1;
|
||||
$self->{raven} = Sentry::Raven->new( sentry_dsn => $conf->{sentryDsn} );
|
||||
|
||||
foreach (qw(error warn notice info debug)) {
|
||||
my $rl = $_;
|
||||
$rl = 'warning' if ( $rl = 'warn' );
|
||||
|
@ -31,7 +32,8 @@ qq'sub $_ {\$_[0]->{raven}->capture_message(\$_[1],level => "$rl")}';
|
|||
}
|
||||
$show = 0 if ( $conf->{logLevel} eq $_ );
|
||||
}
|
||||
die "Unknown logLevel $conf->{logLevel}" if ($show);
|
||||
die "Unknown logLevel $conf->{logLevel}" if $show;
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
|
|
|
@ -2,12 +2,13 @@ package Lemonldap::NG::Common::Logger::Std;
|
|||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub new {
|
||||
no warnings 'redefine';
|
||||
my $level = $_[1]->{logLevel} || 'info';
|
||||
my $show = 1;
|
||||
|
||||
foreach (qw(error warn notice info debug)) {
|
||||
if ($show) {
|
||||
eval
|
||||
|
@ -18,7 +19,8 @@ qq'sub $_ {print STDERR "[".localtime."] [LLNG:\$\$] [$_] \$_[1]\n"}';
|
|||
}
|
||||
$show = 0 if ( $level eq $_ );
|
||||
}
|
||||
die "Unknown logLevel $level" if ($show);
|
||||
die "Unknown logLevel $level" if $show;
|
||||
|
||||
return bless {}, shift;
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Common::Logger::Syslog;
|
|||
use strict;
|
||||
use Sys::Syslog qw(:standard);
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub new {
|
||||
my ( $class, $conf, %args ) = @_;
|
||||
|
@ -20,6 +20,7 @@ sub new {
|
|||
eval { openlog( 'LLNG', $self->{options}, $self->{facility} ) };
|
||||
no warnings 'redefine';
|
||||
my $show = 1;
|
||||
|
||||
foreach (qw(error warn notice info debug)) {
|
||||
if ($show) {
|
||||
my $name = $_;
|
||||
|
@ -34,7 +35,8 @@ sub new {
|
|||
}
|
||||
$show = 0 if ( $level eq $_ );
|
||||
}
|
||||
die "Unknown logLevel $level" if ($show);
|
||||
die "Unknown logLevel $level" if $show;
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ use JSON;
|
|||
use Lemonldap::NG::Common::PSGI::Constants;
|
||||
use Lemonldap::NG::Common::PSGI::Request;
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
our $_json = JSON->new->allow_nonref;
|
||||
|
||||
|
@ -18,6 +18,7 @@ has logLevel => ( is => 'rw', isa => 'Str', default => 'info' );
|
|||
has portal => ( is => 'rw', isa => 'Str' );
|
||||
has staticPrefix => ( is => 'rw', isa => 'Str' );
|
||||
has instanceName => ( is => 'rw', isa => 'Str', default => '' );
|
||||
has customCSS => ( is => 'rw', isa => 'Str', default => '' );
|
||||
has templateDir => ( is => 'rw', isa => 'Str|ArrayRef' );
|
||||
has links => ( is => 'rw', isa => 'ArrayRef' );
|
||||
has menuLinks => ( is => 'rw', isa => 'ArrayRef' );
|
||||
|
@ -308,6 +309,7 @@ sub sendHtml {
|
|||
$htpl->param(
|
||||
STATIC_PREFIX => $sp,
|
||||
INSTANCE_NAME => $self->instanceName,
|
||||
CUSTOM_CSS => $self->customCSS,
|
||||
SCRIPTNAME => $sc,
|
||||
( $self->can('tplParams') ? ( $self->tplParams($req) ) : () ),
|
||||
(
|
||||
|
|
|
@ -6,7 +6,7 @@ use JSON;
|
|||
use Plack::Request;
|
||||
use URI::Escape;
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
our @ISA = ('Plack::Request');
|
||||
|
||||
|
@ -38,9 +38,9 @@ sub new {
|
|||
return bless( $self, $_[0] );
|
||||
}
|
||||
|
||||
sub data { $_[0]->{data} }
|
||||
sub data { return $_[0]->{data} }
|
||||
|
||||
sub uri { $_[0]->{uri} }
|
||||
sub uri { return $_[0]->{uri} }
|
||||
|
||||
sub userData {
|
||||
my ( $self, $v ) = @_;
|
||||
|
|
|
@ -12,13 +12,13 @@ use Lemonldap::NG::Common::IPv6;
|
|||
use JSON::XS;
|
||||
use Date::Parse;
|
||||
|
||||
our $VERSION = '2.0.12';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
# Set here all the names of functions that must be available in Safe objects.
|
||||
# Not that only functions, not methods, can be written here
|
||||
# Note that only functions, not methods, can be written here
|
||||
our $functions =
|
||||
[
|
||||
qw(&checkLogonHours &date &dateToTime &checkDate &basic &unicode2iso &iso2unicode &groupMatch &isInNet6 &varIsInUri &has2f_internal)
|
||||
qw(&checkLogonHours &date &dateToTime &checkDate &basic &unicode2iso &unicode2isoSafe &iso2unicode &iso2unicodeSafe &groupMatch &isInNet6 &varIsInUri &has2f_internal)
|
||||
];
|
||||
|
||||
## @function boolean checkLogonHours(string logon_hours, string syntax, string time_correction, boolean default_access)
|
||||
|
@ -202,6 +202,21 @@ sub unicode2iso {
|
|||
return encode( "iso-8859-1", decode( "utf-8", $string ) );
|
||||
}
|
||||
|
||||
## @function string unicode2isoSafe(string string)
|
||||
## This function is compliant with the Safe jail
|
||||
## but not as portable as the original one
|
||||
# Convert UTF-8 in ISO-8859-1
|
||||
# @param string UTF-8 string
|
||||
# @return ISO string
|
||||
sub unicode2isoSafe {
|
||||
my ($string) = @_;
|
||||
|
||||
my $res = $string;
|
||||
utf8::decode($res);
|
||||
utf8::downgrade($res);
|
||||
return $res;
|
||||
}
|
||||
|
||||
## @function string iso2unicode(string string)
|
||||
# Convert ISO-8859-1 in UTF-8
|
||||
# @param string ISO string
|
||||
|
@ -212,6 +227,20 @@ sub iso2unicode {
|
|||
return encode( "utf-8", decode( "iso-8859-1", $string ) );
|
||||
}
|
||||
|
||||
## @function string iso2unicodeSafe(string string)
|
||||
## This function is compliant with the Safe jail
|
||||
## but not as portable as the original one
|
||||
# Convert ISO-8859-1 in UTF-8
|
||||
# @param string ISO string
|
||||
# @return UTF-8 string
|
||||
sub iso2unicodeSafe {
|
||||
my ($string) = @_;
|
||||
|
||||
my $res = $string;
|
||||
utf8::encode($res);
|
||||
return $res;
|
||||
}
|
||||
|
||||
## @function int groupMatch(hashref groups, string attribute, string value)
|
||||
# Check in hGroups structure if a group attribute contains a value
|
||||
# @param groups The $hGroups variable
|
||||
|
|
|
@ -9,7 +9,7 @@ package Lemonldap::NG::Common::Session;
|
|||
use strict;
|
||||
use Lemonldap::NG::Common::Apache::Session;
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
# Workaround for another ModPerl/Mouse issue...
|
||||
BEGIN {
|
||||
|
@ -213,7 +213,8 @@ sub update {
|
|||
return 0;
|
||||
}
|
||||
|
||||
my $data = $self->_tie_session($tieOptions);
|
||||
my $data = $self->_tie_session(
|
||||
{ ( $tieOptions ? %$tieOptions : () ), noCache => 1 } );
|
||||
|
||||
if ($data) {
|
||||
foreach ( keys %$infos ) {
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,77 @@
|
|||
use strict;
|
||||
use Test::More tests => 14;
|
||||
use Data::Dumper;
|
||||
|
||||
BEGIN { use_ok('Lemonldap::NG::Common::Conf') }
|
||||
|
||||
my $h;
|
||||
|
||||
ok(
|
||||
$h = new Lemonldap::NG::Common::Conf( {
|
||||
type => 'File',
|
||||
dirName => "t/",
|
||||
}
|
||||
),
|
||||
'type => file',
|
||||
);
|
||||
my $conf = {
|
||||
cfgNum => 1,
|
||||
test => '%SERVERENV:A%',
|
||||
test2 => '%SERVERENV:B% %SERVERENV:C%',
|
||||
'%SERVERENV:MYKEY%' => {
|
||||
test => 'Test: %SERVERENV:A%',
|
||||
array => [ 'a', '%SERVERENV:B% %SERVERENV:C%', ],
|
||||
},
|
||||
};
|
||||
|
||||
$ENV{A} = 'Aa';
|
||||
$ENV{B} = 'Bb';
|
||||
$ENV{C} = 'Cc';
|
||||
$ENV{MYKEY} = 'MyKey';
|
||||
|
||||
ok( $h->store($conf) == 1, "Conf is stored" )
|
||||
or print STDERR "$Lemonldap::NG::Common::Conf::msg $!";
|
||||
my $cfg;
|
||||
ok( $cfg = $h->getConf( { cfgNum => 1 } ), "Conf can be read" )
|
||||
or print STDERR $Lemonldap::NG::Common::Conf::msg;
|
||||
ok( $cfg->{test} eq '%SERVERENV:A%',
|
||||
'%SERVERENV:A% is not substitued into Aa without useServerEnv' )
|
||||
or print STDERR "Expect $cfg->{test} eq %SERVERENV:A%\n";
|
||||
|
||||
unlink 't/lmConf-1.json';
|
||||
|
||||
ok(
|
||||
$h = new Lemonldap::NG::Common::Conf( {
|
||||
type => 'File',
|
||||
dirName => "t/",
|
||||
useServerEnv => 1,
|
||||
}
|
||||
),
|
||||
'type => file',
|
||||
);
|
||||
ok( $h->store($conf) == 1, "Conf is stored" )
|
||||
or print STDERR "$Lemonldap::NG::Common::Conf::msg $!";
|
||||
|
||||
ok( $cfg = $h->getConf( { cfgNum => 1 } ), "Conf can be read" )
|
||||
or print STDERR $Lemonldap::NG::Common::Conf::msg;
|
||||
ok( $cfg->{test} eq 'Aa', '%SERVERENV:A% is substitued into Aa' )
|
||||
or print STDERR "Expect $cfg->{test} eq Aa\n";
|
||||
ok( $cfg->{test2} eq 'Bb Cc',
|
||||
'%SERVERENV:B% %SERVERENV:C% is substitued into Bb Cc' )
|
||||
or print STDERR "Expect $cfg->{test} eq Aa\n";
|
||||
|
||||
ok( ( !$cfg->{'%SERVERENV:MYKEY%'} and $cfg->{MyKey} ),
|
||||
'Keyname is transformed' );
|
||||
ok( (
|
||||
$cfg->{MyKey}->{array}->[0] eq 'a'
|
||||
and $cfg->{MyKey}->{array}->[1] eq 'Bb Cc'
|
||||
),
|
||||
'Values are substitued into arrays'
|
||||
);
|
||||
|
||||
ok( $cfg = $h->getConf( { cfgNum => 1, raw => 1 } ), 'Get raw conf' );
|
||||
ok( $cfg->{test} eq '%SERVERENV:A%',
|
||||
'%SERVERENV:A% is not substitued into Aa in raw mode' )
|
||||
or print STDERR "Expect $cfg->{test} eq %SERVERENV:A%\n";
|
||||
|
||||
unlink 't/lmConf-1.json';
|
|
@ -0,0 +1,239 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
use Test::More;
|
||||
use strict;
|
||||
use warnings;
|
||||
use Storable qw/dclone/;
|
||||
require_ok('./scripts/importMetadata');
|
||||
|
||||
my $xml;
|
||||
{
|
||||
local $/ = undef; # Slurp mode
|
||||
open XML, "t/data/preview-all-test-metadata.xml" or die;
|
||||
$xml = <XML>;
|
||||
close XML;
|
||||
}
|
||||
|
||||
subtest 'Ignore SP' => sub {
|
||||
my $lmConf = {};
|
||||
my $importConf = {
|
||||
main => {
|
||||
'ignore-sp' => [
|
||||
"https://ucopia.univ-brest.fr/",
|
||||
"http://icampus-test.univ-paris3.fr"
|
||||
]
|
||||
}
|
||||
};
|
||||
|
||||
# Run import
|
||||
my ( $spCounters, $idpCounters ) =
|
||||
transform_config( $importConf, $lmConf, $xml );
|
||||
is( $spCounters->{created}, 45 );
|
||||
is( $spCounters->{ignored}, 2 );
|
||||
is( $idpCounters->{created}, 12 );
|
||||
is( $idpCounters->{ignored}, 0 );
|
||||
};
|
||||
|
||||
subtest 'Ignore IDP' => sub {
|
||||
my $lmConf = {};
|
||||
my $importConf = {
|
||||
main => {
|
||||
'ignore-idp' => [
|
||||
"https://serveur.uvs.sn/idp/shibboleth",
|
||||
"https://idp-test.insa-rennes.fr/idp/shibboleth"
|
||||
]
|
||||
}
|
||||
};
|
||||
|
||||
# Run import
|
||||
my ( $spCounters, $idpCounters ) =
|
||||
transform_config( $importConf, $lmConf, $xml );
|
||||
is( $spCounters->{created}, 47 );
|
||||
is( $spCounters->{ignored}, 0 );
|
||||
is( $idpCounters->{created}, 10 );
|
||||
is( $idpCounters->{ignored}, 2 );
|
||||
};
|
||||
|
||||
subtest 'Conf Prefix' => sub {
|
||||
my $lmConf = {};
|
||||
my $importConf = {
|
||||
main => {
|
||||
'idpconfprefix' => 'renater-idp',
|
||||
'spconfprefix' => 'renater-sp',
|
||||
}
|
||||
};
|
||||
|
||||
# Run import
|
||||
transform_config( $importConf, $lmConf, $xml );
|
||||
is( scalar grep( /^renater-sp/, keys( %{ $lmConf->{samlSPMetaDataXML} } ) ),
|
||||
47 );
|
||||
is(
|
||||
scalar
|
||||
grep( /^renater-idp/, keys( %{ $lmConf->{samlIDPMetaDataXML} } ) ),
|
||||
12
|
||||
);
|
||||
};
|
||||
|
||||
# Make sure matching providers who are not in the metadata are removed
|
||||
# but non-matching providers are left alone
|
||||
subtest 'Remove' => sub {
|
||||
my $lmConf = {
|
||||
samlSPMetaDataXML => {
|
||||
'sp-toremove' => { samlSPMetaDataXML => "removeme" },
|
||||
'tokeep' => { samlSPMetaDataXML => "keepme" },
|
||||
},
|
||||
samlSPMetaDataExportedAttributes => {
|
||||
'sp-toremove' => {},
|
||||
'tokeep' => {},
|
||||
},
|
||||
samlSPMetaDataOptions => {
|
||||
'sp-toremove' => {},
|
||||
'tokeep' => {},
|
||||
},
|
||||
samlIDPMetaDataXML => {
|
||||
'idp-toremove' => { samlSPMetaDataXML => "removeme" },
|
||||
'tokeep' => { samlSPMetaDataXML => "keepme" },
|
||||
},
|
||||
samlIDPMetaDataExportedAttributes => {
|
||||
'idp-toremove' => {},
|
||||
'tokeep' => {},
|
||||
},
|
||||
samlIDPMetaDataOptions => {
|
||||
'idp-toremove' => {},
|
||||
'tokeep' => {},
|
||||
},
|
||||
};
|
||||
my $importConf = {
|
||||
main => {
|
||||
'remove' => 1,
|
||||
}
|
||||
};
|
||||
|
||||
# Run import
|
||||
transform_config( $importConf, $lmConf, $xml );
|
||||
ok( !$lmConf->{samlSPMetaDataOptions}->{'sp-toremove'} );
|
||||
ok( $lmConf->{samlSPMetaDataOptions}->{'tokeep'} );
|
||||
ok( !$lmConf->{samlSPMetaDataExportedAttributes}->{'sp-toremove'} );
|
||||
ok( $lmConf->{samlSPMetaDataExportedAttributes}->{'tokeep'} );
|
||||
ok( !$lmConf->{samlSPMetaDataXML}->{'sp-toremove'} );
|
||||
ok( $lmConf->{samlSPMetaDataXML}->{'tokeep'} );
|
||||
ok( !$lmConf->{samlIDPMetaDataOptions}->{'idp-toremove'} );
|
||||
ok( $lmConf->{samlIDPMetaDataOptions}->{'tokeep'} );
|
||||
ok( !$lmConf->{samlIDPMetaDataExportedAttributes}->{'idp-toremove'} );
|
||||
ok( $lmConf->{samlIDPMetaDataExportedAttributes}->{'tokeep'} );
|
||||
ok( !$lmConf->{samlIDPMetaDataXML}->{'idp-toremove'} );
|
||||
ok( $lmConf->{samlIDPMetaDataXML}->{'tokeep'} );
|
||||
};
|
||||
|
||||
subtest 'IDP Exported attributes' => sub {
|
||||
my $lmConf = {};
|
||||
my $importConf = {
|
||||
exportedAttributes => {
|
||||
cn => '0;cn',
|
||||
eduPersonPrincipalName => '1;eduPersonPrincipalName',
|
||||
},
|
||||
'https://univ-machineDebian.fr/idp/shibboleth' => {
|
||||
exported_attribute_uid => '0;uid',
|
||||
}
|
||||
};
|
||||
|
||||
# Run import
|
||||
transform_config( $importConf, $lmConf, $xml );
|
||||
is_deeply(
|
||||
$lmConf->{samlIDPMetaDataExportedAttributes}
|
||||
->{'idp-idp-test-insa-rennes-fr-idp-shibboleth'},
|
||||
{
|
||||
cn => '0;cn',
|
||||
eduPersonPrincipalName => '1;eduPersonPrincipalName',
|
||||
}
|
||||
);
|
||||
is_deeply(
|
||||
$lmConf->{samlIDPMetaDataExportedAttributes}
|
||||
->{'idp-univ-machineDebian-fr-idp-shibboleth'},
|
||||
{
|
||||
cn => '0;cn',
|
||||
eduPersonPrincipalName => '1;eduPersonPrincipalName',
|
||||
uid => '0;uid',
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
subtest 'SP Exported attributes' => sub {
|
||||
my $lmConf = {};
|
||||
my $importConf = {
|
||||
ALL => {
|
||||
attribute_required => 0,
|
||||
},
|
||||
'https://ucopia.univ-brest.fr/' => {
|
||||
attribute_required => 1,
|
||||
attribute_required_uid => 0,
|
||||
}
|
||||
};
|
||||
|
||||
# Run import
|
||||
transform_config( $importConf, $lmConf, $xml );
|
||||
like(
|
||||
$lmConf->{samlSPMetaDataExportedAttributes}
|
||||
->{'sp-umr5557-kaa-univ-lyon1-fr-sp'}->{mail},
|
||||
qr/^0/,
|
||||
);
|
||||
like(
|
||||
$lmConf->{samlSPMetaDataExportedAttributes}
|
||||
->{'sp-ucopia-univ-brest-fr'}->{mail},
|
||||
qr/^1/,
|
||||
);
|
||||
like(
|
||||
$lmConf->{samlSPMetaDataExportedAttributes}
|
||||
->{'sp-ucopia-univ-brest-fr'}->{uid},
|
||||
qr/^0/
|
||||
);
|
||||
};
|
||||
|
||||
subtest 'Options' => sub {
|
||||
my $lmConf = {};
|
||||
my $importConf = {
|
||||
ALL => {
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature => 0,
|
||||
samlIDPMetaDataOptionsStoreSAMLToken => 1,
|
||||
},
|
||||
'https://ucopia.univ-brest.fr/' => {
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature => 1
|
||||
},
|
||||
'https://univ-machineDebian.fr/idp/shibboleth' => {
|
||||
samlIDPMetaDataOptionsForceAuthn => 1,
|
||||
},
|
||||
};
|
||||
|
||||
# Run import
|
||||
transform_config( $importConf, $lmConf, $xml );
|
||||
is(
|
||||
$lmConf->{samlSPMetaDataOptions}->{'sp-ucopia-univ-brest-fr'}
|
||||
->{samlSPMetaDataOptionsCheckSSOMessageSignature},
|
||||
1
|
||||
);
|
||||
is(
|
||||
$lmConf->{samlSPMetaDataOptions}->{'sp-wiki-uness-fr'}
|
||||
->{samlSPMetaDataOptionsCheckSSOMessageSignature},
|
||||
0
|
||||
);
|
||||
is(
|
||||
$lmConf->{samlIDPMetaDataOptions}
|
||||
->{'idp-shibboleth-2022-grenoble-archi-fr-idp'}
|
||||
->{samlIDPMetaDataOptionsStoreSAMLToken},
|
||||
1
|
||||
);
|
||||
is(
|
||||
$lmConf->{samlIDPMetaDataOptions}
|
||||
->{'idp-shibboleth-2022-grenoble-archi-fr-idp'}
|
||||
->{samlIDPMetaDataOptionsForceAuthn},
|
||||
0
|
||||
);
|
||||
is(
|
||||
$lmConf->{samlIDPMetaDataOptions}
|
||||
->{'idp-univ-machineDebian-fr-idp-shibboleth'}
|
||||
->{samlIDPMetaDataOptionsForceAuthn},
|
||||
1
|
||||
);
|
||||
};
|
||||
|
||||
done_testing();
|
|
@ -0,0 +1,163 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
use Test::More;
|
||||
use strict;
|
||||
use warnings;
|
||||
use Storable qw/dclone/;
|
||||
require_ok('./scripts/importMetadata');
|
||||
|
||||
my $xml;
|
||||
{
|
||||
local $/ = undef; # Slurp mode
|
||||
open XML, "t/data/preview-all-test-metadata.xml" or die;
|
||||
$xml = <XML>;
|
||||
close XML;
|
||||
}
|
||||
|
||||
my $lmConf = {};
|
||||
my $importConf = {};
|
||||
|
||||
# Run import
|
||||
my ( $spCounters, $idpCounters ) =
|
||||
transform_config( $importConf, $lmConf, $xml );
|
||||
|
||||
# Check statistics
|
||||
is_deeply(
|
||||
$spCounters,
|
||||
{
|
||||
'created' => 47,
|
||||
'found' => 48,
|
||||
'ignored' => 0,
|
||||
'rejected' => 1,
|
||||
'removed' => 0,
|
||||
'updated' => 0
|
||||
},
|
||||
"SP counters are expected"
|
||||
);
|
||||
is_deeply(
|
||||
$idpCounters,
|
||||
{
|
||||
'created' => 12,
|
||||
'found' => 13,
|
||||
'ignored' => 0,
|
||||
'rejected' => 1,
|
||||
'removed' => 0,
|
||||
'updated' => 0
|
||||
},
|
||||
"IDP counters are expected"
|
||||
);
|
||||
|
||||
is( keys %{ $lmConf->{samlIDPMetaDataXML} }, 12,
|
||||
"Correct amount of providers" );
|
||||
is( keys %{ $lmConf->{samlIDPMetaDataExportedAttributes} },
|
||||
12, "Correct amount of providers" );
|
||||
is( keys %{ $lmConf->{samlIDPMetaDataOptions} },
|
||||
12, "Correct amount of providers" );
|
||||
is( keys %{ $lmConf->{samlSPMetaDataXML} }, 47, "Correct amount of providers" );
|
||||
is( keys %{ $lmConf->{samlSPMetaDataExportedAttributes} },
|
||||
47, "Correct amount of providers" );
|
||||
is( keys %{ $lmConf->{samlSPMetaDataOptions} },
|
||||
47, "Correct amount of providers" );
|
||||
|
||||
my $idp = "idp-idp-test-insa-rennes-fr-idp-shibboleth";
|
||||
my $sp = "sp-ucopia-univ-brest-fr";
|
||||
|
||||
is(
|
||||
$lmConf->{samlIDPMetaDataExportedAttributes}->{$idp}
|
||||
->{eduPersonPrincipalName},
|
||||
'0;eduPersonPrincipalName', "Found exported attribute"
|
||||
);
|
||||
|
||||
is(
|
||||
$lmConf->{samlSPMetaDataExportedAttributes}->{$sp}->{supannEtablissement},
|
||||
join( ';',
|
||||
0,
|
||||
'urn:oid:1.3.6.1.4.1.7135.1.2.1.14',
|
||||
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
||||
'supannEtablissement' ),
|
||||
"Found optional attribute"
|
||||
);
|
||||
|
||||
is(
|
||||
$lmConf->{samlSPMetaDataExportedAttributes}->{$sp}->{uid},
|
||||
join( ';',
|
||||
1,
|
||||
'urn:oid:0.9.2342.19200300.100.1.1',
|
||||
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'uid' ),
|
||||
"Found required attribute"
|
||||
);
|
||||
|
||||
# Check update
|
||||
$lmConf->{samlSPMetaDataOptions}->{$sp}
|
||||
->{samlSPMetaDataOptionsCheckSSOMessageSignature} = 0;
|
||||
$lmConf->{samlIDPMetaDataOptions}->{$idp}
|
||||
->{samlIDPMetaDataOptionsAllowProxiedAuthn} = 1;
|
||||
( $spCounters, $idpCounters ) = transform_config( $importConf, $lmConf, $xml );
|
||||
|
||||
# Check statistics
|
||||
is_deeply(
|
||||
$spCounters,
|
||||
{
|
||||
'created' => 0,
|
||||
'found' => 48,
|
||||
'ignored' => 0,
|
||||
'rejected' => 1,
|
||||
'removed' => 0,
|
||||
'updated' => 1
|
||||
},
|
||||
"SP counters are expected"
|
||||
);
|
||||
is_deeply(
|
||||
$idpCounters,
|
||||
{
|
||||
'created' => 0,
|
||||
'found' => 13,
|
||||
'ignored' => 0,
|
||||
'rejected' => 1,
|
||||
'removed' => 0,
|
||||
'updated' => 1
|
||||
},
|
||||
"IDP counters are expected"
|
||||
);
|
||||
is(
|
||||
$lmConf->{samlSPMetaDataOptions}->{$sp}
|
||||
->{samlSPMetaDataOptionsCheckSSOMessageSignature},
|
||||
1, "Configuration was updated"
|
||||
);
|
||||
is(
|
||||
$lmConf->{samlIDPMetaDataOptions}->{$idp}
|
||||
->{samlIDPMetaDataOptionsAllowProxiedAuthn},
|
||||
0, "Configuration was updated"
|
||||
);
|
||||
|
||||
# Check idempotence
|
||||
my $oldLmConf = dclone $lmConf;
|
||||
( $spCounters, $idpCounters ) = transform_config( $importConf, $lmConf, $xml );
|
||||
|
||||
is_deeply(
|
||||
$spCounters,
|
||||
{
|
||||
'created' => 0,
|
||||
'found' => 48,
|
||||
'ignored' => 0,
|
||||
'rejected' => 1,
|
||||
'removed' => 0,
|
||||
'updated' => 0
|
||||
},
|
||||
"SP counters are expected"
|
||||
);
|
||||
is_deeply(
|
||||
$idpCounters,
|
||||
{
|
||||
'created' => 0,
|
||||
'found' => 13,
|
||||
'ignored' => 0,
|
||||
'rejected' => 1,
|
||||
'removed' => 0,
|
||||
'updated' => 0
|
||||
},
|
||||
"IDP counters are expected"
|
||||
);
|
||||
|
||||
is_deeply( $lmConf, $oldLmConf );
|
||||
done_testing();
|
File diff suppressed because it is too large
Load Diff
|
@ -56,6 +56,7 @@ lib/Lemonldap/NG/Handler/Server/OAuth2.pm
|
|||
lib/Lemonldap/NG/Handler/Server/SecureToken.pm
|
||||
lib/Lemonldap/NG/Handler/Server/ServiceToken.pm
|
||||
lib/Lemonldap/NG/Handler/Server/ZimbraPreAuth.pm
|
||||
lib/Lemonldap/NG/SSOaaS/Apache/Client.pm
|
||||
lib/Plack/Middleware/Auth/LemonldapNG.pm
|
||||
Makefile.PL
|
||||
MANIFEST This list of files
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
"Env" : "0",
|
||||
"IO::Pipe" : "0",
|
||||
"Test::MockObject" : "0",
|
||||
"Test::Pod" : "0",
|
||||
"Test::Pod" : "1",
|
||||
"Time::Fake" : "0"
|
||||
}
|
||||
},
|
||||
|
|
|
@ -8,7 +8,7 @@ build_requires:
|
|||
Env: '0'
|
||||
IO::Pipe: '0'
|
||||
Test::MockObject: '0'
|
||||
Test::Pod: '0'
|
||||
Test::Pod: '1'
|
||||
Time::Fake: '0'
|
||||
configure_requires:
|
||||
ExtUtils::MakeMaker: '0'
|
||||
|
|
|
@ -1,184 +1,7 @@
|
|||
# Apache2 FastCGI client to query remote LL::NG FastCGI server
|
||||
#
|
||||
package Lemonldap::NG::Handler::ApacheMP2::FCGIClient;
|
||||
|
||||
use strict;
|
||||
use Apache2::Connection;
|
||||
use Apache2::RequestUtil;
|
||||
use Apache2::RequestRec;
|
||||
use Apache2::Const -compile =>
|
||||
qw(FORBIDDEN HTTP_UNAUTHORIZED REDIRECT OK DECLINED DONE SERVER_ERROR AUTH_REQUIRED HTTP_SERVICE_UNAVAILABLE);
|
||||
use Apache2::Log;
|
||||
use APR::Table;
|
||||
use IO::Socket::INET;
|
||||
use FCGI::Client;
|
||||
use URI;
|
||||
use URI::Escape qw(uri_unescape);
|
||||
use Lemonldap::NG::SSOaaS::Apache::Client;
|
||||
|
||||
use constant FORBIDDEN => Apache2::Const::FORBIDDEN;
|
||||
use constant HTTP_UNAUTHORIZED => Apache2::Const::HTTP_UNAUTHORIZED;
|
||||
use constant REDIRECT => Apache2::Const::REDIRECT;
|
||||
use constant DECLINED => Apache2::Const::DECLINED;
|
||||
use constant SERVER_ERROR => Apache2::Const::SERVER_ERROR;
|
||||
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub handler {
|
||||
my ( $class, $r ) = @_;
|
||||
$r ||= $class;
|
||||
my ( $uri, $args ) = ( $r->uri, $r->args );
|
||||
my $uri_full = $uri . ( $args ? "?$args" : '' );
|
||||
my $env = {
|
||||
|
||||
#%ENV,
|
||||
HTTP_HOST => $r->hostname,
|
||||
REMOTE_ADDR => (
|
||||
$r->connection->can('remote_ip')
|
||||
? $r->connection->remote_ip
|
||||
: $r->connection->client_ip
|
||||
),
|
||||
QUERY_STRING => $args,
|
||||
REQUEST_URI => $uri_full,
|
||||
PATH_INFO => '',
|
||||
SERVER_PORT => $r->get_server_port,
|
||||
REQUEST_METHOD => $r->method,
|
||||
};
|
||||
|
||||
foreach (qw(VHOSTTYPE RULES_URL HTTPS_REDIRECT PORT_REDIRECT)) {
|
||||
if ( my $t = $r->dir_config($_) ) {
|
||||
$env->{$_} = $t;
|
||||
}
|
||||
}
|
||||
|
||||
$r->headers_in->do(
|
||||
sub {
|
||||
my $h = shift;
|
||||
my $k = uc($h);
|
||||
if ( $k ne 'HOST' ) {
|
||||
$k =~ s/-/_/g;
|
||||
$env->{"HTTP_$k"} = $r->headers_in->{$h};
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
);
|
||||
$uri = URI->new( "http://" . $r->hostname . $r->unparsed_uri );
|
||||
$env->{PATH_INFO} = uri_unescape( $uri->path );
|
||||
my ( $host, $port ) = ( $r->dir_config('LLNG_SERVER') =~ /^(.*):(\d+)$/ );
|
||||
unless ( $host and $port ) {
|
||||
print STDERR 'Missing or bad LLNG_SERVER';
|
||||
return SERVER_ERROR;
|
||||
}
|
||||
my $sock = IO::Socket::INET->new(
|
||||
PeerAddr => $host,
|
||||
PeerPort => $port,
|
||||
) or die $!;
|
||||
foreach ( keys %$env ) {
|
||||
delete $env->{$_} unless ( length $env->{$_} );
|
||||
}
|
||||
my ( $stdout, $stderr, $status ) =
|
||||
FCGI::Client::Connection->new( sock => $sock )->request($env);
|
||||
my %hdrs =
|
||||
map { s/\r//g; m/(.*?):\s*(.*)/; $_ ? ( $1, $2 ) : () } split /\n+/,
|
||||
$stdout;
|
||||
unless ( $hdrs{Status} =~ /^(\d+)\s+(.*?)$/ ) {
|
||||
print STDERR "Bad status line $hdrs{Status}\n";
|
||||
return SERVER_ERROR;
|
||||
}
|
||||
$status = $1;
|
||||
|
||||
if ( ( $status == 302 or $status == 401 ) and $hdrs{Location} ) {
|
||||
$r->err_headers_out->set( Location => $hdrs{Location} );
|
||||
return REDIRECT;
|
||||
}
|
||||
|
||||
$r->user( $hdrs{'Lm-Remote-User'} ) if $hdrs{'Lm-Remote-User'};
|
||||
$r->subprocess_env( REMOTE_CUSTOM => $hdrs{'Lm-Remote-Custom'} )
|
||||
if $hdrs{'Lm-Remote-Custom'};
|
||||
|
||||
my $i = 1;
|
||||
while ( $hdrs{"Headername$i"} ) {
|
||||
$r->headers_in->set( $hdrs{"Headername$i"} => $hdrs{"Headervalue$i"} )
|
||||
if $hdrs{"Headervalue$i"};
|
||||
$i++;
|
||||
}
|
||||
$status = DECLINED if ( $status < 300 );
|
||||
|
||||
return $status;
|
||||
}
|
||||
our @ISA = ('Lemonldap::NG::SSOaaS::Apache::Client');
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
=pod
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Lemonldap::NG::Handler::ApacheMP2::FCGIClient - Apache client for Lemonldap::NG
|
||||
FastCGI server.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
In apache2.conf:
|
||||
|
||||
<VirtualHost ...>
|
||||
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2::FCGIClient
|
||||
PerlSetVar LLNG_SERVER 127.0.0.1:9090
|
||||
PerlSetVar VHOSTTYPE DevOps
|
||||
# or PerlSetVar VHOSTTYPE DevOpsST
|
||||
PerlSetVar RULES_URL http://app.tld/rules.json
|
||||
PerlSetVar HOST HTTP_HOST
|
||||
PerlSetVar PORT_REDIRECT SERVER_PORT
|
||||
PerlSetVar HTTPS_REDIRECT HTTPS
|
||||
...
|
||||
</VirtualHost>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
Lemonldap::NG::Handler::ApacheMP2::FCGIClient is an alternative to
|
||||
L<Lemonldap::NG::Handler::ApacheMP2> that replace inside handler. It calls a
|
||||
remote Lemonldap::NG FastCGI server to get authentication, authorization and
|
||||
headers.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Handler::ApacheMP2>,
|
||||
L<https://lemonldap-ng.org/documentation/latest/ssoaas>
|
||||
|
||||
=head1 AUTHORS
|
||||
|
||||
=over
|
||||
|
||||
=item LemonLDAP::NG team L<https://lemonldap-ng.org/team.html>
|
||||
|
||||
=back
|
||||
|
||||
=head1 BUG REPORT
|
||||
|
||||
Use OW2 system to report bug or ask for features:
|
||||
L<https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
|
||||
|
||||
=head1 DOWNLOAD
|
||||
|
||||
Lemonldap::NG is available at
|
||||
L<https://lemonldap-ng.org/download.html>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
See COPYING file for details.
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
||||
|
||||
=cut
|
||||
|
|
|
@ -104,7 +104,7 @@ q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know,
|
|||
|
||||
$class->logger->debug("DevOps handler called by $vhost");
|
||||
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
|
||||
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
||||
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
||||
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
|
||||
$class->tsv->{https}->{$vhost} = uc $req->env->{HTTPS_REDIRECT} eq 'ON'
|
||||
if exists $req->env->{HTTPS_REDIRECT};
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
package Lemonldap::NG::Handler::Main::Init;
|
||||
|
||||
our $VERSION = '2.0.6';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
package Lemonldap::NG::Handler::Main;
|
||||
|
||||
|
@ -50,7 +50,8 @@ sub init($$) {
|
|||
# Set log level for Lemonldap::NG logs
|
||||
sub logLevelInit {
|
||||
my ($class) = @_;
|
||||
my $logger = $class->localConfig->{logger} ||= $class->defaultLogger;
|
||||
my $logger = $class->localConfig->{logger} ||=
|
||||
$ENV{LLNG_DEFAULTLOGGER} || $class->defaultLogger;
|
||||
eval "require $logger";
|
||||
die $@ if ($@);
|
||||
my $err;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
package Lemonldap::NG::Handler::Main::Reload;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
package Lemonldap::NG::Handler::Main;
|
||||
|
||||
|
@ -205,7 +205,8 @@ sub jailInit {
|
|||
sub defaultValuesInit {
|
||||
my ( $class, $conf ) = @_;
|
||||
|
||||
$class->tsv->{$_} = $conf->{$_} foreach ( qw(
|
||||
$class->tsv->{$_} = $conf->{$_}
|
||||
foreach ( qw(
|
||||
cookieExpiration cookieName customFunctions httpOnly
|
||||
securedCookie timeout timeoutActivity
|
||||
timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
|
||||
|
@ -214,7 +215,7 @@ sub defaultValuesInit {
|
|||
authChoiceAuthBasic authChoiceParam hiddenAttributes
|
||||
upgradeSession
|
||||
)
|
||||
);
|
||||
);
|
||||
|
||||
$class->tsv->{cipher} = Lemonldap::NG::Common::Crypto->new( $conf->{key} );
|
||||
|
||||
|
@ -550,6 +551,7 @@ sub conditionSub {
|
|||
# logout_app
|
||||
if ( $cond =~ /^logout_app(?:\s+(.*))?$/i ) {
|
||||
my $u = $1 || $class->tsv->{portal}->();
|
||||
$class->logger->debug("logout_app redirect to $u");
|
||||
eval 'use Apache2::Filter' unless ( $INC{"Apache2/Filter.pm"} );
|
||||
return (
|
||||
sub {
|
||||
|
@ -565,6 +567,7 @@ sub conditionSub {
|
|||
}
|
||||
elsif ( $cond =~ /^logout_app_sso(?:\s+(.*))?$/i ) {
|
||||
my $u = $1 || $class->tsv->{portal}->();
|
||||
$class->logger->debug("logout_app_sso redirect to $u");
|
||||
eval 'use Apache2::Filter' unless ( $INC{"Apache2/Filter.pm"} );
|
||||
return (
|
||||
sub {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Main running methods file
|
||||
package Lemonldap::NG::Handler::Main::Run;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
package Lemonldap::NG::Handler::Main;
|
||||
|
||||
|
@ -227,6 +227,7 @@ sub run {
|
|||
$class->cleanHeaders($req);
|
||||
return $class->OK;
|
||||
}
|
||||
|
||||
elsif ( $protection == $class->MAYSKIP
|
||||
and $class->grant( $req, $session, $uri, $cond ) eq '999_SKIP' )
|
||||
{
|
||||
|
@ -327,8 +328,7 @@ sub getLevel {
|
|||
}
|
||||
}
|
||||
if ($level) {
|
||||
$class->logger->debug(
|
||||
'Found AuthnLevel=' . $level . ' for "' . "$vhost$uri" . '"' );
|
||||
$class->logger->debug("Found AuthnLevel=$level for \"$vhost$uri\"");
|
||||
return $level;
|
||||
}
|
||||
else {
|
||||
|
@ -345,7 +345,7 @@ sub getLevel {
|
|||
sub grant {
|
||||
my ( $class, $req, $session, $uri, $cond, $vhost ) = @_;
|
||||
|
||||
return $cond->( $req, $session ) if ($cond);
|
||||
return $cond->( $req, $session ) if $cond;
|
||||
|
||||
$vhost ||= $class->resolveAlias($req);
|
||||
my $level = $class->getLevel( $req, $uri );
|
||||
|
@ -646,14 +646,10 @@ sub _getPort {
|
|||
return $class->tsv->{port}->{$vhost};
|
||||
}
|
||||
else {
|
||||
if ( defined $class->tsv->{port}->{_}
|
||||
and ( $class->tsv->{port}->{_} > 0 ) )
|
||||
{
|
||||
return $class->tsv->{port}->{_};
|
||||
}
|
||||
else {
|
||||
return $req->port;
|
||||
}
|
||||
return ( defined $class->tsv->{port}->{_}
|
||||
and ( $class->tsv->{port}->{_} > 0 ) )
|
||||
? $class->tsv->{port}->{_}
|
||||
: $req->port;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -670,14 +666,10 @@ sub _isHttps {
|
|||
return $class->tsv->{https}->{$vhost};
|
||||
}
|
||||
else {
|
||||
if ( defined $class->tsv->{https}->{_}
|
||||
and ( $class->tsv->{https}->{_} > -1 ) )
|
||||
{
|
||||
return $class->tsv->{https}->{_};
|
||||
}
|
||||
else {
|
||||
return $req->secure;
|
||||
}
|
||||
return ( defined $class->tsv->{https}->{_}
|
||||
and ( $class->tsv->{https}->{_} > -1 ) )
|
||||
? $class->tsv->{https}->{_}
|
||||
: $req->secure;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -715,9 +707,8 @@ sub isUnprotected {
|
|||
$i++
|
||||
)
|
||||
{
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||
return $class->tsv->{locationProtection}->{$vhost}->[$i];
|
||||
}
|
||||
return $class->tsv->{locationProtection}->{$vhost}->[$i]
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] );
|
||||
}
|
||||
return $class->tsv->{defaultProtection}->{$vhost};
|
||||
}
|
||||
|
@ -785,8 +776,8 @@ sub resolveAlias {
|
|||
|
||||
$vhost =~ s/:\d+//;
|
||||
return $class->tsv->{vhostAlias}->{$vhost}
|
||||
if ( $class->tsv->{vhostAlias}->{$vhost} );
|
||||
return $vhost if ( $class->tsv->{defaultCondition}->{$vhost} );
|
||||
if $class->tsv->{vhostAlias}->{$vhost};
|
||||
return $vhost if $class->tsv->{defaultCondition}->{$vhost};
|
||||
foreach ( @{ $class->tsv->{vhostReg} } ) {
|
||||
return $_->[1] if $vhost =~ $_->[0];
|
||||
}
|
||||
|
|
|
@ -5,12 +5,14 @@ package Lemonldap::NG::Handler::Server::Main;
|
|||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
use base 'Lemonldap::NG::Handler::PSGI::Main';
|
||||
|
||||
use constant defaultLogger => 'Lemonldap::NG::Common::Logger::Syslog';
|
||||
|
||||
$ENV{LLNG_DEFAULTLOGGER} ||= defaultLogger;
|
||||
|
||||
# In server mode, headers are not passed to a PSGI application but returned
|
||||
# to the server
|
||||
|
||||
|
|
|
@ -0,0 +1,184 @@
|
|||
# Apache2 FastCGI client to query remote LL::NG FastCGI server
|
||||
#
|
||||
package Lemonldap::NG::SSOaaS::Apache::Client;
|
||||
|
||||
use strict;
|
||||
use Apache2::Connection;
|
||||
use Apache2::RequestUtil;
|
||||
use Apache2::RequestRec;
|
||||
use Apache2::Const -compile =>
|
||||
qw(FORBIDDEN HTTP_UNAUTHORIZED REDIRECT OK DECLINED DONE SERVER_ERROR AUTH_REQUIRED HTTP_SERVICE_UNAVAILABLE);
|
||||
use Apache2::Log;
|
||||
use APR::Table;
|
||||
use IO::Socket::INET;
|
||||
use FCGI::Client;
|
||||
use URI;
|
||||
use URI::Escape qw(uri_unescape);
|
||||
|
||||
use constant FORBIDDEN => Apache2::Const::FORBIDDEN;
|
||||
use constant HTTP_UNAUTHORIZED => Apache2::Const::HTTP_UNAUTHORIZED;
|
||||
use constant REDIRECT => Apache2::Const::REDIRECT;
|
||||
use constant DECLINED => Apache2::Const::DECLINED;
|
||||
use constant SERVER_ERROR => Apache2::Const::SERVER_ERROR;
|
||||
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub handler {
|
||||
my ( $class, $r ) = @_;
|
||||
$r ||= $class;
|
||||
my ( $uri, $args ) = ( $r->uri, $r->args );
|
||||
my $uri_full = $uri . ( $args ? "?$args" : '' );
|
||||
my $env = {
|
||||
|
||||
#%ENV,
|
||||
HTTP_HOST => $r->hostname,
|
||||
REMOTE_ADDR => (
|
||||
$r->connection->can('remote_ip')
|
||||
? $r->connection->remote_ip
|
||||
: $r->connection->client_ip
|
||||
),
|
||||
QUERY_STRING => $args,
|
||||
REQUEST_URI => $uri_full,
|
||||
PATH_INFO => '',
|
||||
SERVER_PORT => $r->get_server_port,
|
||||
REQUEST_METHOD => $r->method,
|
||||
};
|
||||
|
||||
foreach (qw(VHOSTTYPE RULES_URL HTTPS_REDIRECT PORT_REDIRECT)) {
|
||||
if ( my $t = $r->dir_config($_) ) {
|
||||
$env->{$_} = $t;
|
||||
}
|
||||
}
|
||||
|
||||
$r->headers_in->do(
|
||||
sub {
|
||||
my $h = shift;
|
||||
my $k = uc($h);
|
||||
if ( $k ne 'HOST' ) {
|
||||
$k =~ s/-/_/g;
|
||||
$env->{"HTTP_$k"} = $r->headers_in->{$h};
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
);
|
||||
$uri = URI->new( "http://" . $r->hostname . $r->unparsed_uri );
|
||||
$env->{PATH_INFO} = uri_unescape( $uri->path );
|
||||
my ( $host, $port ) = ( $r->dir_config('LLNG_SERVER') =~ /^(.*):(\d+)$/ );
|
||||
unless ( $host and $port ) {
|
||||
print STDERR 'Missing or bad LLNG_SERVER';
|
||||
return SERVER_ERROR;
|
||||
}
|
||||
my $sock = IO::Socket::INET->new(
|
||||
PeerAddr => $host,
|
||||
PeerPort => $port,
|
||||
) or die $!;
|
||||
foreach ( keys %$env ) {
|
||||
delete $env->{$_} unless ( length $env->{$_} );
|
||||
}
|
||||
my ( $stdout, $stderr, $status ) =
|
||||
FCGI::Client::Connection->new( sock => $sock )->request($env);
|
||||
my %hdrs =
|
||||
map { s/\r//g; m/(.*?):\s*(.*)/; $_ ? ( $1, $2 ) : () } split /\n+/,
|
||||
$stdout;
|
||||
unless ( $hdrs{Status} =~ /^(\d+)\s+(.*?)$/ ) {
|
||||
print STDERR "Bad status line $hdrs{Status}\n";
|
||||
return SERVER_ERROR;
|
||||
}
|
||||
$status = $1;
|
||||
|
||||
if ( ( $status == 302 or $status == 401 ) and $hdrs{Location} ) {
|
||||
$r->err_headers_out->set( Location => $hdrs{Location} );
|
||||
return REDIRECT;
|
||||
}
|
||||
|
||||
$r->user( $hdrs{'Lm-Remote-User'} ) if $hdrs{'Lm-Remote-User'};
|
||||
$r->subprocess_env( REMOTE_CUSTOM => $hdrs{'Lm-Remote-Custom'} )
|
||||
if $hdrs{'Lm-Remote-Custom'};
|
||||
|
||||
my $i = 1;
|
||||
while ( $hdrs{"Headername$i"} ) {
|
||||
$r->headers_in->set( $hdrs{"Headername$i"} => $hdrs{"Headervalue$i"} )
|
||||
if $hdrs{"Headervalue$i"};
|
||||
$i++;
|
||||
}
|
||||
$status = DECLINED if ( $status < 300 );
|
||||
|
||||
return $status;
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
=pod
|
||||
|
||||
=encoding utf8
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Lemonldap::NG::SSOaaS::Apache::Client - Apache client for Lemonldap::NG
|
||||
FastCGI server.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
In apache2.conf:
|
||||
|
||||
<VirtualHost ...>
|
||||
PerlHeaderParserHandler Lemonldap::NG::SSOaaS::Apache::Client
|
||||
PerlSetVar LLNG_SERVER 127.0.0.1:9090
|
||||
PerlSetVar VHOSTTYPE DevOps
|
||||
# or PerlSetVar VHOSTTYPE DevOpsST
|
||||
PerlSetVar RULES_URL http://app.tld/rules.json
|
||||
PerlSetVar HOST HTTP_HOST
|
||||
PerlSetVar PORT_REDIRECT SERVER_PORT
|
||||
PerlSetVar HTTPS_REDIRECT HTTPS
|
||||
...
|
||||
</VirtualHost>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
Lemonldap::NG::SSOaaS::Apache::Client is an alternative to
|
||||
L<Lemonldap::NG::Handler::ApacheMP2> that replace inside handler. It calls a
|
||||
remote Lemonldap::NG FastCGI server to get authentication, authorization and
|
||||
headers.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Handler::ApacheMP2>,
|
||||
L<https://lemonldap-ng.org/documentation/latest/ssoaas>
|
||||
|
||||
=head1 AUTHORS
|
||||
|
||||
=over
|
||||
|
||||
=item LemonLDAP::NG team L<https://lemonldap-ng.org/team.html>
|
||||
|
||||
=back
|
||||
|
||||
=head1 BUG REPORT
|
||||
|
||||
Use OW2 system to report bug or ask for features:
|
||||
L<https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
|
||||
|
||||
=head1 DOWNLOAD
|
||||
|
||||
Lemonldap::NG is available at
|
||||
L<https://lemonldap-ng.org/download.html>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
See COPYING file for details.
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
||||
|
||||
=cut
|
|
@ -93,6 +93,8 @@ site/htdocs/static/bwr/es5-shim/es5-shim.min.js
|
|||
site/htdocs/static/bwr/file-saver.js/FileSaver.js
|
||||
site/htdocs/static/bwr/file-saver.js/FileSaver.min.js
|
||||
site/htdocs/static/bwr/file-saver.js/FileSaver.min.js.map
|
||||
site/htdocs/static/css/custom.css
|
||||
site/htdocs/static/css/custom.min.css
|
||||
site/htdocs/static/css/manager.css
|
||||
site/htdocs/static/css/manager.min.css
|
||||
site/htdocs/static/forms/authChoice.html
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
"Email::Sender" : "0",
|
||||
"IO::String" : "0",
|
||||
"Regexp::Common" : "0",
|
||||
"Test::Output" : "0",
|
||||
"Test::Pod" : "1"
|
||||
}
|
||||
},
|
||||
|
@ -58,6 +59,6 @@
|
|||
],
|
||||
"x_MailingList" : "mailto:lemonldap-ng-dev@ow2.org"
|
||||
},
|
||||
"version" : "v2.0.14",
|
||||
"version" : "v2.0.15",
|
||||
"x_serialization_backend" : "JSON::PP version 4.04"
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ build_requires:
|
|||
Email::Sender: '0'
|
||||
IO::String: '0'
|
||||
Regexp::Common: '0'
|
||||
Test::Output: '0'
|
||||
Test::Pod: '1'
|
||||
configure_requires:
|
||||
ExtUtils::MakeMaker: '0'
|
||||
|
@ -34,5 +35,5 @@ resources:
|
|||
bugtracker: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues
|
||||
homepage: https://lemonldap-ng.org/
|
||||
license: http://opensource.org/licenses/GPL-2.0
|
||||
version: v2.0.14
|
||||
version: v2.0.15
|
||||
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
|
||||
|
|
|
@ -17,7 +17,7 @@ use JSON;
|
|||
use Lemonldap::NG::Common::Conf::Constants;
|
||||
use Lemonldap::NG::Common::PSGI::Constants;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
extends qw(
|
||||
Lemonldap::NG::Handler::PSGI::Router
|
||||
|
@ -66,7 +66,7 @@ sub init {
|
|||
my @res = ( "Lemonldap::NG::Manager::" . ucfirst($_) );
|
||||
if ( my $tmp = $self->loadPlugin( @res, $conf ) ) {
|
||||
$self->logger->debug("Plugin $_ loaded");
|
||||
push @links, $_;
|
||||
push @links, $_;
|
||||
push @{ $self->loadedPlugins }, $tmp;
|
||||
$self->hLoadedPlugins->{$_} = $tmp;
|
||||
}
|
||||
|
@ -183,10 +183,9 @@ sub javascript {
|
|||
|
||||
return
|
||||
'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";var viewPrefix=scriptname+"view/";'
|
||||
. 'var allowDiff=' . "$res;"
|
||||
. 'var impPrefix=' . "'"
|
||||
. $impPrefix . "'" . ';'
|
||||
. 'var sessionTTL=' . "$ttl;"
|
||||
. "var allowDiff=$res;"
|
||||
. "var sessionTTL=$ttl;"
|
||||
. "var impPrefix='$impPrefix';"
|
||||
. ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
|
||||
. (
|
||||
$self->menuLinks
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
|
||||
package Lemonldap::NG::Manager::Attributes;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub perlExpr {
|
||||
my($val, $conf) = @_;
|
||||
|
@ -659,6 +659,9 @@ sub attributes {
|
|||
'default' => 30,
|
||||
'type' => 'int'
|
||||
},
|
||||
'captcha' => {
|
||||
'type' => 'PerlModule'
|
||||
},
|
||||
'captcha_login_enabled' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
|
@ -675,6 +678,9 @@ sub attributes {
|
|||
'default' => 6,
|
||||
'type' => 'int'
|
||||
},
|
||||
'captchaOptions' => {
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
'casAccessControlPolicy' => {
|
||||
'default' => 'none',
|
||||
'select' => [
|
||||
|
@ -776,6 +782,10 @@ sub attributes {
|
|||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'casSrvMetaDataOptionsResolutionRule' => {
|
||||
'default' => '',
|
||||
'type' => 'longtext'
|
||||
},
|
||||
'casSrvMetaDataOptionsSortNumber' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
|
@ -1367,6 +1377,9 @@ sub attributes {
|
|||
'ext2fLogo' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'ext2fResendInterval' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'ext2FSendCommand' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -1974,6 +1987,9 @@ sub attributes {
|
|||
'mail2fLogo' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'mail2fResendInterval' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'mail2fSessionKey' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
@ -2255,6 +2271,10 @@ sub attributes {
|
|||
'oidcOPMetaDataOptionsPrompt' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'oidcOPMetaDataOptionsResolutionRule' => {
|
||||
'default' => '',
|
||||
'type' => 'longtext'
|
||||
},
|
||||
'oidcOPMetaDataOptionsScope' => {
|
||||
'default' => 'openid profile',
|
||||
'type' => 'text'
|
||||
|
@ -2430,6 +2450,10 @@ sub attributes {
|
|||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'oidcRPMetaDataOptionsLogoutBypassConfirm' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'oidcRPMetaDataOptionsLogoutSessionRequired' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
|
@ -3178,6 +3202,9 @@ sub attributes {
|
|||
'rest2fAuthnLevel' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
'rest2fCodeActivation' => {
|
||||
'type' => 'pcre'
|
||||
},
|
||||
'rest2fInitArgs' => {
|
||||
'keyMsgFail' => '__badKeyName__',
|
||||
'keyTest' => qr/^\w+$/,
|
||||
|
@ -3194,6 +3221,9 @@ sub attributes {
|
|||
'rest2fLogo' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'rest2fResendInterval' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'rest2fVerifyArgs' => {
|
||||
'type' => 'keyTextContainer'
|
||||
},
|
||||
|
@ -3932,6 +3962,10 @@ sub attributes {
|
|||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'scrollTop' => {
|
||||
'default' => 400,
|
||||
'type' => 'int'
|
||||
},
|
||||
'securedCookie' => {
|
||||
'default' => 0,
|
||||
'select' => [
|
||||
|
@ -4009,6 +4043,9 @@ sub attributes {
|
|||
},
|
||||
'type' => 'sfExtraContainer'
|
||||
},
|
||||
'sfLoginTimeout' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
'sfManagerRule' => {
|
||||
'default' => 1,
|
||||
'type' => 'boolOrExpr'
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
package Lemonldap::NG::Manager::Build::Attributes;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
use strict;
|
||||
use Regexp::Common qw/URI/;
|
||||
|
||||
|
@ -425,6 +425,11 @@ sub attributes {
|
|||
default => 1,
|
||||
documentation => 'Display langs icons',
|
||||
},
|
||||
scrollTop => {
|
||||
type => 'int',
|
||||
default => 400,
|
||||
documentation => 'Display back to top button',
|
||||
},
|
||||
staticPrefix => {
|
||||
type => 'text',
|
||||
documentation => 'Prefix of static files for HTML templates',
|
||||
|
@ -1504,6 +1509,16 @@ sub attributes {
|
|||
default => 6,
|
||||
documentation => 'Captcha size',
|
||||
},
|
||||
captcha => {
|
||||
type => 'PerlModule',
|
||||
documentation => 'Captcha backend module',
|
||||
flags => 'hp',
|
||||
},
|
||||
captchaOptions => {
|
||||
type => 'keyTextContainer',
|
||||
documentation => 'Captcha module options',
|
||||
flags => 'hp',
|
||||
},
|
||||
|
||||
# Variables
|
||||
exportedVars => {
|
||||
|
@ -2040,6 +2055,10 @@ sub attributes {
|
|||
type => 'int',
|
||||
documentation => 'Second factor code timeout',
|
||||
},
|
||||
mail2fResendInterval => {
|
||||
type => 'text',
|
||||
documentation => 'Delay before user is allowed to resend code',
|
||||
},
|
||||
mail2fAuthnLevel => {
|
||||
type => 'int',
|
||||
documentation =>
|
||||
|
@ -2077,6 +2096,10 @@ sub attributes {
|
|||
type => 'text',
|
||||
documentation => 'Validation command of External second factor',
|
||||
},
|
||||
ext2fResendInterval => {
|
||||
type => 'text',
|
||||
documentation => 'Delay before user is allowed to resend code',
|
||||
},
|
||||
ext2fAuthnLevel => {
|
||||
type => 'int',
|
||||
documentation =>
|
||||
|
@ -2128,6 +2151,10 @@ sub attributes {
|
|||
default => 0,
|
||||
documentation => 'REST second factor activation',
|
||||
},
|
||||
rest2fCodeActivation => {
|
||||
type => 'pcre',
|
||||
documentation => 'OTP generated by Portal',
|
||||
},
|
||||
rest2fInitUrl => {
|
||||
type => 'url',
|
||||
documentation => 'REST 2F init URL',
|
||||
|
@ -2152,6 +2179,10 @@ sub attributes {
|
|||
type => 'keyTextContainer',
|
||||
documentation => 'Args for REST 2F init',
|
||||
},
|
||||
rest2fResendInterval => {
|
||||
type => 'text',
|
||||
documentation => 'Delay before user is allowed to resend code',
|
||||
},
|
||||
rest2fAuthnLevel => {
|
||||
type => 'int',
|
||||
documentation =>
|
||||
|
@ -3399,6 +3430,10 @@ sub attributes {
|
|||
help => 'secondfactor.html',
|
||||
documentation => 'Notification message',
|
||||
},
|
||||
sfLoginTimeout => {
|
||||
type => 'int',
|
||||
documentation => 'Timeout for 2F login process',
|
||||
},
|
||||
sfRegisterTimeout => {
|
||||
type => 'int',
|
||||
documentation => 'Timeout for 2F registration process',
|
||||
|
@ -3703,6 +3738,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
type => 'int',
|
||||
documentation => 'Number to sort buttons',
|
||||
},
|
||||
casSrvMetaDataOptionsResolutionRule => {
|
||||
type => 'longtext',
|
||||
default => '',
|
||||
},
|
||||
|
||||
# Fake attribute: used by manager REST API to agglomerate all nodes
|
||||
# related to a CAS IDP partner
|
||||
|
@ -4402,6 +4441,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
oidcOPMetaDataOptionsIcon => { type => 'text', },
|
||||
oidcOPMetaDataOptionsStoreIDToken => { type => 'bool', default => 0 },
|
||||
oidcOPMetaDataOptionsSortNumber => { type => 'int', },
|
||||
oidcOPMetaDataOptionsResolutionRule => {
|
||||
type => 'longtext',
|
||||
default => '',
|
||||
},
|
||||
|
||||
# OpenID Connect relying parties
|
||||
oidcRPMetaDataExportedVars => {
|
||||
|
@ -4479,7 +4522,12 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
default => 0
|
||||
},
|
||||
oidcRPMetaDataOptionsPostLogoutRedirectUris => { type => 'text', },
|
||||
oidcRPMetaDataOptionsLogoutUrl => {
|
||||
oidcRPMetaDataOptionsLogoutBypassConfirm => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
documentation => 'Bypass logout confirmation'
|
||||
},
|
||||
oidcRPMetaDataOptionsLogoutUrl => {
|
||||
type => 'url',
|
||||
documentation => 'Logout URL',
|
||||
},
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
package Lemonldap::NG::Manager::Build::CTrees;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
sub cTrees {
|
||||
return {
|
||||
|
@ -82,7 +82,6 @@ sub cTrees {
|
|||
help => 'authsaml.html#options',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'samlIDPMetaDataOptionsResolutionRule',
|
||||
'samlIDPMetaDataOptionsNameIDFormat',
|
||||
'samlIDPMetaDataOptionsForceAuthn',
|
||||
'samlIDPMetaDataOptionsIsPassive',
|
||||
|
@ -98,6 +97,7 @@ sub cTrees {
|
|||
nodes => [
|
||||
"samlIDPMetaDataOptionsDisplayName",
|
||||
"samlIDPMetaDataOptionsIcon",
|
||||
'samlIDPMetaDataOptionsResolutionRule',
|
||||
"samlIDPMetaDataOptionsSortNumber"
|
||||
]
|
||||
}
|
||||
|
@ -186,6 +186,7 @@ sub cTrees {
|
|||
nodes => [
|
||||
'oidcOPMetaDataOptionsDisplayName',
|
||||
'oidcOPMetaDataOptionsIcon',
|
||||
'oidcOPMetaDataOptionsResolutionRule',
|
||||
'oidcOPMetaDataOptionsSortNumber'
|
||||
]
|
||||
},
|
||||
|
@ -249,6 +250,7 @@ sub cTrees {
|
|||
title => 'logout',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcRPMetaDataOptionsLogoutBypassConfirm',
|
||||
'oidcRPMetaDataOptionsPostLogoutRedirectUris',
|
||||
'oidcRPMetaDataOptionsLogoutUrl',
|
||||
'oidcRPMetaDataOptionsLogoutType',
|
||||
|
@ -285,6 +287,7 @@ sub cTrees {
|
|||
nodes => [
|
||||
'casSrvMetaDataOptionsDisplayName',
|
||||
'casSrvMetaDataOptionsIcon',
|
||||
'casSrvMetaDataOptionsResolutionRule',
|
||||
'casSrvMetaDataOptionsSortNumber',
|
||||
]
|
||||
},
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
package Lemonldap::NG::Manager::Build::Tree;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
# TODO: Missing:
|
||||
# * activeTimer
|
||||
|
@ -55,6 +55,7 @@ sub tree {
|
|||
'portalMainLogo',
|
||||
'portalFavicon',
|
||||
'showLanguages',
|
||||
'scrollTop',
|
||||
'portalCustomCss',
|
||||
'portalSkin',
|
||||
'portalSkinBackground',
|
||||
|
@ -73,7 +74,7 @@ sub tree {
|
|||
},
|
||||
{
|
||||
title => 'passwordManagement',
|
||||
help =>
|
||||
help =>
|
||||
'portalcustom.html#password-management',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
|
@ -100,7 +101,7 @@ sub tree {
|
|||
},
|
||||
{
|
||||
title => 'portalOther',
|
||||
help =>
|
||||
help =>
|
||||
'portalcustom.html#other-parameters',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
|
@ -117,20 +118,24 @@ sub tree {
|
|||
},
|
||||
{
|
||||
title => 'portalCaptcha',
|
||||
help => 'captcha.html',
|
||||
form => 'simpleInputContainer',
|
||||
help => 'captcha.html#configuration',
|
||||
nodes => [
|
||||
'captcha_login_enabled',
|
||||
'captcha_mail_enabled',
|
||||
'captcha_register_enabled',
|
||||
'captcha_size',
|
||||
{
|
||||
title => 'captchaCustom',
|
||||
help => 'captcha.html#configuration',
|
||||
nodes => [ 'captcha', 'captchaOptions', ]
|
||||
},
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
title => 'authParams',
|
||||
help =>
|
||||
help =>
|
||||
'start.html#authentication-users-and-password-databases',
|
||||
form => 'authParams',
|
||||
nodes => [
|
||||
|
@ -651,7 +656,7 @@ sub tree {
|
|||
},
|
||||
{
|
||||
title => 'soapServices',
|
||||
help =>
|
||||
help =>
|
||||
'portalservers.html#SOAP_(deprecated)',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
|
@ -685,7 +690,7 @@ sub tree {
|
|||
'notificationStorageOptions',
|
||||
{
|
||||
title => 'serverNotification',
|
||||
help =>
|
||||
help =>
|
||||
'notifications.html#notification-server',
|
||||
nodes => [
|
||||
'notificationServer',
|
||||
|
@ -897,6 +902,7 @@ sub tree {
|
|||
'sfManagerRule',
|
||||
'sfRequired',
|
||||
'sfOnlyUpgrade',
|
||||
'sfLoginTimeout',
|
||||
'sfRegisterTimeout',
|
||||
{
|
||||
title => 'utotp2f',
|
||||
|
@ -965,8 +971,8 @@ sub tree {
|
|||
'mail2fActivation', 'mail2fCodeRegex',
|
||||
'mail2fTimeout', 'mail2fSubject',
|
||||
'mail2fBody', 'mail2fSessionKey',
|
||||
'mail2fAuthnLevel', 'mail2fLabel',
|
||||
'mail2fLogo'
|
||||
'mail2fResendInterval', 'mail2fAuthnLevel',
|
||||
'mail2fLabel', 'mail2fLogo'
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -974,10 +980,10 @@ sub tree {
|
|||
help => 'external2f.html',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'ext2fActivation', 'ext2fCodeActivation',
|
||||
'ext2fActivation', 'ext2fCodeActivation',
|
||||
'ext2FSendCommand', 'ext2FValidateCommand',
|
||||
'ext2fAuthnLevel', 'ext2fLabel',
|
||||
'ext2fLogo'
|
||||
'ext2fResendInterval', 'ext2fAuthnLevel',
|
||||
'ext2fLabel', 'ext2fLogo',
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -1000,10 +1006,11 @@ sub tree {
|
|||
help => 'rest2f.html',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'rest2fActivation', 'rest2fInitUrl',
|
||||
'rest2fInitArgs', 'rest2fVerifyUrl',
|
||||
'rest2fVerifyArgs', 'rest2fAuthnLevel',
|
||||
'rest2fLabel', 'rest2fLogo'
|
||||
'rest2fActivation', 'rest2fCodeActivation',
|
||||
'rest2fInitUrl', 'rest2fInitArgs',
|
||||
'rest2fVerifyUrl', 'rest2fVerifyArgs',
|
||||
'rest2fResendInterval', 'rest2fAuthnLevel',
|
||||
'rest2fLabel', 'rest2fLogo'
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
|
@ -8,7 +8,7 @@ use Lemonldap::NG::Handler::Main;
|
|||
use Lemonldap::NG::Common::Util qw(getSameSite);
|
||||
use URI;
|
||||
|
||||
our $VERSION = '2.0.14';
|
||||
our $VERSION = '2.0.15';
|
||||
|
||||
## @method hashref tests(hashref conf)
|
||||
# Return a hash ref where keys are the names of the tests and values
|
||||
|
@ -552,22 +552,18 @@ sub tests {
|
|||
}
|
||||
|
||||
# Use WebAuthn
|
||||
if ( $conf->{webauthn2fActivation} )
|
||||
{
|
||||
if ( $conf->{webauthn2fActivation} ) {
|
||||
eval "use Authen::WebAuthn";
|
||||
return ( 1,
|
||||
"Authen::WebAuthn module is required to enable WebAuthn"
|
||||
) if ($@);
|
||||
"Authen::WebAuthn module is required to enable WebAuthn" )
|
||||
if ($@);
|
||||
}
|
||||
|
||||
# WebAuthn requires https://
|
||||
if ( $conf->{webauthn2fActivation} )
|
||||
{
|
||||
my $portal_uri = URI->new($conf->{portal});
|
||||
unless ($portal_uri->scheme eq "https") {
|
||||
return ( 1,
|
||||
"WebAuthn requires HTTPS"
|
||||
);
|
||||
if ( $conf->{webauthn2fActivation} ) {
|
||||
my $portal_uri = URI->new( $conf->{portal} );
|
||||
unless ( $portal_uri->scheme eq "https" ) {
|
||||
return ( 1, "WebAuthn requires HTTPS" );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -114,7 +114,7 @@ categories =
|
|||
saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump']
|
||||
groups: ['groups', 'hGroups']
|
||||
ldap: ['dn']
|
||||
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token']
|
||||
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token', '_oidc_refresh_token', '_oidc_access_token_eol']
|
||||
sfaTitle: ['_2fDevices']
|
||||
oidcConsents: ['_oidcConsents']
|
||||
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
#navbar {
|
||||
background-color: #ffb84d;
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
#navbar{background-color:#ffb84d}
|
|
@ -146,6 +146,13 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsIcon",
|
||||
"title" : "casSrvMetaDataOptionsIcon"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsResolutionRule",
|
||||
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsResolutionRule",
|
||||
"title" : "casSrvMetaDataOptionsResolutionRule",
|
||||
"type" : "longtext"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
|
||||
"id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSortNumber",
|
||||
|
@ -362,6 +369,13 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsIcon",
|
||||
"title" : "oidcOPMetaDataOptionsIcon"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsResolutionRule",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsResolutionRule",
|
||||
"title" : "oidcOPMetaDataOptionsResolutionRule",
|
||||
"type" : "longtext"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcOPMetaDataOptionsSortNumber",
|
||||
|
@ -695,6 +709,13 @@ function templates(tpl,key) {
|
|||
},
|
||||
{
|
||||
"_nodes" : [
|
||||
{
|
||||
"default" : 0,
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutBypassConfirm",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsLogoutBypassConfirm",
|
||||
"title" : "oidcRPMetaDataOptionsLogoutBypassConfirm",
|
||||
"type" : "bool"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsPostLogoutRedirectUris",
|
||||
|
@ -976,13 +997,6 @@ function templates(tpl,key) {
|
|||
},
|
||||
{
|
||||
"_nodes" : [
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
|
||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
|
||||
"title" : "samlIDPMetaDataOptionsResolutionRule",
|
||||
"type" : "longtext"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsNameIDFormat",
|
||||
|
@ -1114,6 +1128,13 @@ function templates(tpl,key) {
|
|||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsIcon",
|
||||
"title" : "samlIDPMetaDataOptionsIcon"
|
||||
},
|
||||
{
|
||||
"default" : "",
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
|
||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsResolutionRule",
|
||||
"title" : "samlIDPMetaDataOptionsResolutionRule",
|
||||
"type" : "longtext"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
|
||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataOptionsSortNumber",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -126,7 +126,7 @@
|
|||
saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump'],
|
||||
groups: ['groups', 'hGroups'],
|
||||
ldap: ['dn'],
|
||||
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token'],
|
||||
OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token', '_oidc_refresh_token', '_oidc_access_token_eol'],
|
||||
sfaTitle: ['_2fDevices'],
|
||||
oidcConsents: ['_oidcConsents']
|
||||
};
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"إلغاء",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"التفعيل في استمارة تسجيل الدخول",
|
||||
"captcha_mail_enabled":"التفعيل في إعادة تعيين كلمة المرور بواسطة استمارة البريد",
|
||||
"captcha_register_enabled":"التفعيل في استمارة التسجيل",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"مسارالأيقونة",
|
||||
"casSrvMetaDataOptionsProxiedServices":"خدمات البروكسي",
|
||||
"casSrvMetaDataOptionsRenew":"تجديد إثبات الهوية",
|
||||
"casSrvMetaDataOptionsResolutionRule":"حل القاعدة",
|
||||
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||
"casSrvMetaDataOptionsUrl":" يو أر ل الخادم",
|
||||
"casSrvName":"اسم خادم كاس",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Code regex",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"شعار",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"هوية تطبيق فاسيبوك",
|
||||
"facebookAppSecret":"كلمة السرلتطبيق فاسيبوك",
|
||||
"facebookAuthnLevel":"مستوى إثبات الهوية",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Code regex",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"شعار",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"مفتاح الجلسة الذي يحتوي على عنوان البريد الإلكتروني",
|
||||
"mail2fSubject":"نجاح عنوان البريد",
|
||||
"mail2fTimeout":"Code timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"الحد الأقصى للعمر",
|
||||
"oidcOPMetaDataOptionsPrompt":"عاجل",
|
||||
"oidcOPMetaDataOptionsProtocol":"بروتوكول",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"حل القاعدة",
|
||||
"oidcOPMetaDataOptionsScope":"نطاق",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"مخزن تعريف التوكن",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"خوارزمية توقيع آي دي التوكن",
|
||||
"oidcRPMetaDataOptionsIcon":"شعار",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"جلسة مطلوب",
|
||||
"oidcRPMetaDataOptionsLogoutType":"نوع",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"يو آر إل",
|
||||
|
@ -889,11 +897,13 @@
|
|||
"requireToken":"يتطلب توكن للإستمارة",
|
||||
"rest2f":"REST second factor",
|
||||
"rest2fActivation":"تفعيل",
|
||||
"rest2fCodeActivation":"Code regex",
|
||||
"rest2fAuthnLevel":"مستوى إثبات الهوية",
|
||||
"rest2fInitArgs":"Init arguments",
|
||||
"rest2fInitUrl":"Init URL",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"شعار",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verify arguments",
|
||||
"rest2fVerifyUrl":"Verify URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1060,6 +1070,7 @@
|
|||
"saveReport":"احفظ التقرير",
|
||||
"savingConfirmation":"حفظ التأكيد",
|
||||
"scope":"نطاق",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Search...",
|
||||
"secondFactors":"Second factors",
|
||||
"securedCookie":"ملفات تعريف الارتباط المضمونة (سسل)",
|
||||
|
@ -1079,6 +1090,7 @@
|
|||
"session_s":"جلسة( أو جلسات )",
|
||||
"sessions":"الجلسات",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"Cancel",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Activation in login form",
|
||||
"captcha_mail_enabled":"Activation in password reset by mail form",
|
||||
"captcha_register_enabled":"Activation in register form",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Icon path",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Proxied services",
|
||||
"casSrvMetaDataOptionsRenew":"Renew authentication",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"casSrvMetaDataOptionsSortNumber":"Order",
|
||||
"casSrvMetaDataOptionsUrl":"Server URL",
|
||||
"casSrvName":"CAS Server Name",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Code regex",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"Facebook application ID",
|
||||
"facebookAppSecret":"Facebook application secret",
|
||||
"facebookAuthnLevel":"Authentication level",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Code regex",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Session key containing mail address",
|
||||
"mail2fSubject":"Mail subject",
|
||||
"mail2fTimeout":"Code timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Max age",
|
||||
"oidcOPMetaDataOptionsPrompt":"Prompt",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocol",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"oidcOPMetaDataOptionsScope":"Scope",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Order",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"ID Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session required",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -889,11 +897,13 @@
|
|||
"requireToken":"Require token for forms",
|
||||
"rest2f":"REST second factor",
|
||||
"rest2fActivation":"Activation",
|
||||
"rest2fCodeActivation":"Code regex",
|
||||
"rest2fAuthnLevel":"Authentication level",
|
||||
"rest2fInitArgs":"Init arguments",
|
||||
"rest2fInitUrl":"Init URL",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verify arguments",
|
||||
"rest2fVerifyUrl":"Verify URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1060,6 +1070,7 @@
|
|||
"saveReport":"Save report",
|
||||
"savingConfirmation":"Saving confirmation",
|
||||
"scope":"Scope",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Search...",
|
||||
"secondFactors":"Second factors",
|
||||
"securedCookie":"Secured Cookie (SSL)",
|
||||
|
@ -1079,6 +1090,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"Sessions",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"Cancelar",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Activación en formulario de acceso",
|
||||
"captcha_mail_enabled":"Activación en formulario de restauración por correo",
|
||||
"captcha_register_enabled":"Activación en formulario de registro",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Icon path",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Servicios proxificados",
|
||||
"casSrvMetaDataOptionsRenew":"Renovar autentificación",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"casSrvMetaDataOptionsSortNumber":"Orden",
|
||||
"casSrvMetaDataOptionsUrl":"URL de servicio",
|
||||
"casSrvName":"Nombre de servidor CAS",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Expresión regular",
|
||||
"ext2fLabel":"Etiqueta",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"Facebook application ID",
|
||||
"facebookAppSecret":"Facebook application secret",
|
||||
"facebookAuthnLevel":"Nivel de autentificación",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Regex",
|
||||
"mail2fLabel":"Etiqueta",
|
||||
"mail2fLogo":"Logotipo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Clave de sesión que contiene dirección de correo",
|
||||
"mail2fSubject":"Subject del correo",
|
||||
"mail2fTimeout":"Caducidad de código",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Max age",
|
||||
"oidcOPMetaDataOptionsPrompt":"Prompt",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocolo",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"oidcOPMetaDataOptionsScope":"Ámbito",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Orden",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Guardar token ID",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algoritmo de firma del token ID",
|
||||
"oidcRPMetaDataOptionsIcon":"Logotipo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Se requiere sesión",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Tipo",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -889,11 +897,13 @@
|
|||
"requireToken":"Require token for forms",
|
||||
"rest2f":"Previo",
|
||||
"rest2fActivation":"Activación",
|
||||
"rest2fCodeActivation":"Regex",
|
||||
"rest2fAuthnLevel":"Nivel de autentificación",
|
||||
"rest2fInitArgs":"Argumentos de inicio",
|
||||
"rest2fInitUrl":"URL de inicio",
|
||||
"rest2fLabel":"Etiqueta",
|
||||
"rest2fLogo":"Logotipo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verificar argumentos",
|
||||
"rest2fVerifyUrl":"Verificar URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1060,6 +1070,7 @@
|
|||
"saveReport":"Salvar informe",
|
||||
"savingConfirmation":"Salvando confirmación",
|
||||
"scope":"Ámbito",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Buscar...",
|
||||
"secondFactors":"Segundos factores",
|
||||
"securedCookie":"Cookie segura (SSL)",
|
||||
|
@ -1079,6 +1090,7 @@
|
|||
"session_s":"sesión(es)",
|
||||
"sessions":"Sesiones",
|
||||
"sfExtra":"Segundos factores adicionales",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Temps maximum de verrouillage",
|
||||
"bruteForceProtectionTempo":"Temps de verrouillage",
|
||||
"cancel":"Annuler",
|
||||
"captcha":"Module Captcha",
|
||||
"captchaCustom":"Module Captcha personnalisé",
|
||||
"captchaOptions":"Options du module Captcha",
|
||||
"captcha_login_enabled":"Activation dans le formulaire d'authentification",
|
||||
"captcha_mail_enabled":"Activation dans le formulaire de réinitialisation par mail",
|
||||
"captcha_register_enabled":"Activation dans le formulaire de création de compte",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Chemin de l'icône",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Services mandatés",
|
||||
"casSrvMetaDataOptionsRenew":"Renouveler l'authentification",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Règle de résolution",
|
||||
"casSrvMetaDataOptionsSortNumber":"Ordre",
|
||||
"casSrvMetaDataOptionsUrl":"URL du serveur",
|
||||
"casSrvName":"Nom du serveur CAS",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Expression régulière pour la génération du code",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Intervalle de retransmission",
|
||||
"facebookAppId":"ID de l'application Facebook",
|
||||
"facebookAppSecret":"Secret de l'application Facebook",
|
||||
"facebookAuthnLevel":"Niveau d'authentification",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Expression régulière pour la génération du code",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Intervalle de retransmission",
|
||||
"mail2fSessionKey":"Clef de session contenant l'adresse email",
|
||||
"mail2fSubject":"Sujet du message d'envoi du code",
|
||||
"mail2fTimeout":"Délai d'expiration du code",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Age maximum",
|
||||
"oidcOPMetaDataOptionsPrompt":"Interaction",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocole",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Règle de résolution",
|
||||
"oidcOPMetaDataOptionsScope":"Scope",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Ordre",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Conserver le jeton d'identité",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Forcer la publication des attributs dans le jeton d'identité",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algorithme de signature des jetons d'identité",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Contourner la confirmation",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Session requise",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Type",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -889,11 +897,13 @@
|
|||
"requireToken":"Exiger un jeton pour les formulaires",
|
||||
"rest2f":"Second facteur REST",
|
||||
"rest2fActivation":"Activation",
|
||||
"rest2fCodeActivation":"Expression régulière pour la génération du code",
|
||||
"rest2fAuthnLevel":"Niveau d'authentification",
|
||||
"rest2fInitArgs":"Arguments d'initialisation",
|
||||
"rest2fInitUrl":"URL d'initialisation",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Intervalle de retransmission",
|
||||
"rest2fVerifyArgs":"Arguments de vérification",
|
||||
"rest2fVerifyUrl":"URL de vérification",
|
||||
"restAuthServer":"Serveur d'authentification",
|
||||
|
@ -1060,7 +1070,8 @@
|
|||
"saveReport":"Rapport de sauvegarde",
|
||||
"savingConfirmation":"Confirmation de sauvegarde",
|
||||
"scope":"Scope",
|
||||
"search":"Rechercher ...",
|
||||
"scrollTop":"Retour en haut de page",
|
||||
"search":"Rechercher...",
|
||||
"secondFactors":"Seconds facteurs",
|
||||
"securedCookie":"Cookie sécurisé (HTTPS)",
|
||||
"security":"Sécurité",
|
||||
|
@ -1079,6 +1090,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"Sessions",
|
||||
"sfExtra":"Seconds facteurs additionnels",
|
||||
"sfLoginTimeout":"Délai maximum d'authentification",
|
||||
"sfManagerRule":"Afficher le lien du Gestionnaire",
|
||||
"sfOnlyUpgrade":"Utiliser le SF pour augmenter le niveau d'authentification",
|
||||
"sfRegisterTimeout":"Délai d'expiration de l'enregistrement",
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"זמן הנעילה המרבי",
|
||||
"bruteForceProtectionTempo":"זמן נעילה",
|
||||
"cancel":"ביטול",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"הפעלה בטופס הכניסה",
|
||||
"captcha_mail_enabled":"הפעלה באיפוס סיסמה בטופס בדוא״ל",
|
||||
"captcha_register_enabled":"הפעלה בטופס הרשמה",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"נתיב לסמל",
|
||||
"casSrvMetaDataOptionsProxiedServices":"שירותים מתווכים",
|
||||
"casSrvMetaDataOptionsRenew":"חידוש אימות",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"casSrvMetaDataOptionsSortNumber":"סדר",
|
||||
"casSrvMetaDataOptionsUrl":"כתובת שרת",
|
||||
"casSrvName":"CAS Server Name",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Code regex",
|
||||
"ext2fLabel":"תווית",
|
||||
"ext2fLogo":"לוגו",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"מזהה יישום פייסבוק",
|
||||
"facebookAppSecret":"סוג יישום פייסבוק",
|
||||
"facebookAuthnLevel":"דרגת אימות",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Code regex",
|
||||
"mail2fLabel":"תווית",
|
||||
"mail2fLogo":"לוגו",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"מפתח הפעלה שמכיל כתובת דוא״ל",
|
||||
"mail2fSubject":"נושא הדוא״ל",
|
||||
"mail2fTimeout":"Code timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"גיל מרבי",
|
||||
"oidcOPMetaDataOptionsPrompt":"Prompt",
|
||||
"oidcOPMetaDataOptionsProtocol":"פרוטוקול",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Resolution rule",
|
||||
"oidcOPMetaDataOptionsScope":"היקף",
|
||||
"oidcOPMetaDataOptionsSortNumber":"סדר",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Store ID Token",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"אלגוריתם חתימת אסימון זיהוי",
|
||||
"oidcRPMetaDataOptionsIcon":"לוגו",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"נדרשת הפעלה",
|
||||
"oidcRPMetaDataOptionsLogoutType":"סוג",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"כתובת",
|
||||
|
@ -889,11 +897,13 @@
|
|||
"requireToken":"דרישת אסימון לטפסים",
|
||||
"rest2f":"אימות דו־שלבי ב־REST",
|
||||
"rest2fActivation":"הפעלה",
|
||||
"rest2fCodeActivation":"Code regex",
|
||||
"rest2fAuthnLevel":"דרגת אימות",
|
||||
"rest2fInitArgs":"Init arguments",
|
||||
"rest2fInitUrl":"כתובת אתחול",
|
||||
"rest2fLabel":"תווית",
|
||||
"rest2fLogo":"לוגו",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verify arguments",
|
||||
"rest2fVerifyUrl":"כתובת וידוא",
|
||||
"restAuthServer":"שרת אימות",
|
||||
|
@ -1060,6 +1070,7 @@
|
|||
"saveReport":"שמירת דוח",
|
||||
"savingConfirmation":"Saving confirmation",
|
||||
"scope":"היקף",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"חיפוש…",
|
||||
"secondFactors":"Second factors",
|
||||
"securedCookie":"Secured Cookie (SSL)",
|
||||
|
@ -1079,6 +1090,7 @@
|
|||
"session_s":"session(s)",
|
||||
"sessions":"הפעלות",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionTempo":"Lock time",
|
||||
"cancel":"Cancella",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Attivazione nel modulo di login",
|
||||
"captcha_mail_enabled":"Attivazione della reimpostazione della password tramite modulo di posta",
|
||||
"captcha_register_enabled":"Attivazione nel formulario di registro",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"Path icona",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Servizi Proxied",
|
||||
"casSrvMetaDataOptionsRenew":"Rinnova l'autenticazione",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Regola di risoluzione",
|
||||
"casSrvMetaDataOptionsSortNumber":"Ordine",
|
||||
"casSrvMetaDataOptionsUrl":"URL del server",
|
||||
"casSrvName":"NOme del Server CAS",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Codice regex",
|
||||
"ext2fLabel":"Label",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"ID dell'applicazione Facebook",
|
||||
"facebookAppSecret":"Segreto dell'applicazione Facebook",
|
||||
"facebookAuthnLevel":"Livello di autenticazione",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Codice regex",
|
||||
"mail2fLabel":"Label",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Chiave di sessione contenente l'indirizzo di posta",
|
||||
"mail2fSubject":"Oggetto della mail",
|
||||
"mail2fTimeout":"Codice timeout",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Età massima",
|
||||
"oidcOPMetaDataOptionsPrompt":"Richiesta",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protocollo",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Regola di risoluzione",
|
||||
"oidcOPMetaDataOptionsScope":"Scopo",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Ordine",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Immagazzina ID Token",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Force claims to be returned in ID Token",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algoritmo di firma di identificazione di Token",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Sessione necessaria",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Tipo",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -889,11 +897,13 @@
|
|||
"requireToken":"Richiede il token per i moduli",
|
||||
"rest2f":"REST secondo fattore",
|
||||
"rest2fActivation":"Attivazione",
|
||||
"rest2fCodeActivation":"Codice regex",
|
||||
"rest2fAuthnLevel":"Livello di autenticazione",
|
||||
"rest2fInitArgs":"Argomenti di init",
|
||||
"rest2fInitUrl":"URL iniziale",
|
||||
"rest2fLabel":"Label",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Verifica argomenti",
|
||||
"rest2fVerifyUrl":"Verifica UR",
|
||||
"restAuthServer":"Authentication server",
|
||||
|
@ -1060,6 +1070,7 @@
|
|||
"saveReport":"Salva report",
|
||||
"savingConfirmation":"Salvataggio della conferma",
|
||||
"scope":"Ambito",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Cerca...",
|
||||
"secondFactors":"Secondi fattori",
|
||||
"securedCookie":"Cookie protetti (SSL)",
|
||||
|
@ -1079,6 +1090,7 @@
|
|||
"session_s":"sessione(i)",
|
||||
"sessions":"Sessioni",
|
||||
"sfExtra":"Additional second factors",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Display Manager link",
|
||||
"sfOnlyUpgrade":"Use 2FA for session upgrade",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
|
|
|
@ -76,8 +76,8 @@
|
|||
"authAndUserdb":"Authz i baza danych użytkownika",
|
||||
"authChain":"Łańcuch uwierzytelnienia",
|
||||
"authChoice":"Wybór uwierzytelnienia",
|
||||
"authChoiceAuthBasic":"Choice used for password authentication",
|
||||
"authChoiceFindUser":"Choice used for searching user account",
|
||||
"authChoiceAuthBasic":"Wybór używany do uwierzytelniania hasłem",
|
||||
"authChoiceFindUser":"Wybór używany do wyszukiwania konta użytkownika",
|
||||
"authChoiceModules":"Dozwolone moduły",
|
||||
"authChoiceParam":"Parametr adresu URL",
|
||||
"authOnly":"Tylko uwierzytelnianie",
|
||||
|
@ -128,9 +128,12 @@
|
|||
"bruteForceProtectionLockTimes":"Przyrostowe czasy blokady",
|
||||
"bruteForceProtectionMaxAge":"Maksymalny czas ważności",
|
||||
"bruteForceProtectionMaxFailed":"Dozwolone nieudane logowania",
|
||||
"bruteForceProtectionMaxLockTime":"Maximum lock time",
|
||||
"bruteForceProtectionMaxLockTime":"Maksymalny czas blokady",
|
||||
"bruteForceProtectionTempo":"Czas blokady",
|
||||
"cancel":"Anuluj",
|
||||
"captcha":"Captcha module",
|
||||
"captchaCustom":"Custom Captcha module",
|
||||
"captchaOptions":"Captcha module options",
|
||||
"captcha_login_enabled":"Aktywacja w formularzu logowania",
|
||||
"captcha_mail_enabled":"Aktywacja przy resetowaniu hasła za pomocą formularza pocztowego",
|
||||
"captcha_register_enabled":"Aktywacja w formularzu rejestracji",
|
||||
|
@ -161,13 +164,14 @@
|
|||
"casSrvMetaDataOptionsIcon":"Ścieżka ikony",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Usługi proxy",
|
||||
"casSrvMetaDataOptionsRenew":"Odnów uwierzytelnianie",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Reguła rozstrzygania",
|
||||
"casSrvMetaDataOptionsSortNumber":"Kolejność",
|
||||
"casSrvMetaDataOptionsUrl":"URL serwera",
|
||||
"casSrvName":"Nazwa serwera CAS",
|
||||
"casStorage":"Nazwa modułu sesji CAS",
|
||||
"casStorageOptions":"Opcje modułu sesji CAS",
|
||||
"casStrictMatching":"Use strict URL matching",
|
||||
"casTicketExpiration":"Temporary ticket lifetime",
|
||||
"casStrictMatching":"Użyj ścisłego dopasowania adresów URL",
|
||||
"casTicketExpiration":"Czas życia biletu tymczasowego",
|
||||
"categoryName":"Nazwa Kategorii",
|
||||
"cda":"Wiele domen",
|
||||
"certificateMailContent":"Treść wiadomości",
|
||||
|
@ -183,9 +187,9 @@
|
|||
"cfgLog":"Podsumowanie",
|
||||
"cfgVersion":"Wersja konfiguracji",
|
||||
"checkDevOps":"Aktywacja",
|
||||
"checkDevOpsCheckSessionAttributes":"Check session attributes",
|
||||
"checkDevOpsDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkDevOpsDownload":"Download file",
|
||||
"checkDevOpsCheckSessionAttributes":"Sprawdź atrybuty sesji",
|
||||
"checkDevOpsDisplayNormalizedHeaders":"Wyświetl znormalizowane nagłówki",
|
||||
"checkDevOpsDownload":"Pobieranie pliku",
|
||||
"checkState":"Aktywacja",
|
||||
"checkStateSecret":"Współdzielony sekret",
|
||||
"checkUser":"Aktywacja",
|
||||
|
@ -194,7 +198,7 @@
|
|||
"checkUserDisplayEmptyHeaders":"Puste nagłówki",
|
||||
"checkUserDisplayEmptyValues":"Puste wartości",
|
||||
"checkUserDisplayHiddenAttributes":"Ukryte atrybuty",
|
||||
"checkUserDisplayHistory":"History",
|
||||
"checkUserDisplayHistory":"Historia",
|
||||
"checkUserDisplayNormalizedHeaders":"Znormalizowane nagłówki",
|
||||
"checkUserDisplayPersistentInfo":"Trwałe dane sesji",
|
||||
"checkUserHiddenAttributes":"Ukryte atrybuty",
|
||||
|
@ -249,7 +253,7 @@
|
|||
"crowdsec":"Aktywacja",
|
||||
"crowdsecAction":"Akcja",
|
||||
"crowdsecKey":"Klucz API",
|
||||
"crowdsecUrl":"Base URL of local API",
|
||||
"crowdsecUrl":"Podstawowy adres URL lokalnego API",
|
||||
"cspConnect":"Miejsca docelowe Ajax",
|
||||
"cspDefault":"Domyślna wartość",
|
||||
"cspFont":"Źródło czcionek",
|
||||
|
@ -285,8 +289,8 @@
|
|||
"dbiAuthUser":"Użytkownik",
|
||||
"dbiAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"dbiConnection":"Połączenie",
|
||||
"dbiConnectionAuth":"Authentication process",
|
||||
"dbiConnectionUser":"User process",
|
||||
"dbiConnectionAuth":"Proces uwierzytelniania",
|
||||
"dbiConnectionUser":"Proces użytkownika",
|
||||
"dbiDynamicHash":"dynamiczne haszowanie",
|
||||
"dbiDynamicHashEnabled":"aktywacja dynamicznego haszowania",
|
||||
"dbiDynamicHashNewPasswordScheme":"Dynamiczny schemat haszowania dla nowych haseł",
|
||||
|
@ -315,7 +319,7 @@
|
|||
"demoParams":"Parametry demonstracyjne",
|
||||
"description":"Opis",
|
||||
"dest":"Odbiorca",
|
||||
"devOpsCheck":"Check DevOps handler file",
|
||||
"devOpsCheck":"Sprawdź plik obsługi DevOps",
|
||||
"diffViewer":"Przeglądarka różnic",
|
||||
"diffWithPrevious":"różnica w stosunku do poprzednich",
|
||||
"disablePersistentStorage":"Wyłącz przechowywanie",
|
||||
|
@ -350,13 +354,14 @@
|
|||
"ext2fCodeActivation":"Wyrażenie regularne kodu",
|
||||
"ext2fLabel":"Etykieta",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Re-send interval",
|
||||
"facebookAppId":"Identyfikator aplikacji na Facebooku",
|
||||
"facebookAppSecret":"Sekret aplikacji na Facebooku",
|
||||
"facebookAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"facebookExportedVars":"Wyeksportowane zmienne",
|
||||
"facebookParams":"Parametry Facebooka",
|
||||
"facebookUserField":"Pole zawierające identyfikator użytkownika",
|
||||
"failedLoginNumber":"Max failed logins count",
|
||||
"failedLoginNumber":"Maksymalna liczba nieudanych logowań",
|
||||
"fileToUpload":"Plik do przesłania",
|
||||
"findUser":"Aktywacja",
|
||||
"findUserControl":"Kontrola parametrów",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Wyrażenie regularne kodu",
|
||||
"mail2fLabel":"Etykieta",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Re-send interval",
|
||||
"mail2fSessionKey":"Klucz sesji zawierający adres e-mail",
|
||||
"mail2fSubject":"Temat wiadomości",
|
||||
"mail2fTimeout":"Limit czasu kodu",
|
||||
|
@ -575,13 +581,13 @@
|
|||
"newGrantRule":"Nowa reguła przyznawania",
|
||||
"newHost":"Nowy host",
|
||||
"newLocationWarning":"Aktywacja",
|
||||
"newLocationWarningLocationAttribute":"Session attribute containing location",
|
||||
"newLocationWarningLocationDisplayAttribute":"Session attribute to display",
|
||||
"newLocationWarningMailAttribute":"Session mail attribute",
|
||||
"newLocationWarningMailBody":"Warning mail content",
|
||||
"newLocationWarningMailSubject":"Warning mail subject",
|
||||
"newLocationWarningMaxValues":"Maximum number of locations to consider",
|
||||
"newLocationWarnings":"New location warning",
|
||||
"newLocationWarningLocationAttribute":"Atrybut sesji zawierający lokalizację",
|
||||
"newLocationWarningLocationDisplayAttribute":"Atrybut sesji do wyświetlenia",
|
||||
"newLocationWarningMailAttribute":"Atrybut poczty sesji",
|
||||
"newLocationWarningMailBody":"Treść wiadomości z ostrzeżeniem",
|
||||
"newLocationWarningMailSubject":"Temat wiadomości z ostrzeżeniem",
|
||||
"newLocationWarningMaxValues":"Maksymalna liczba lokalizacji do rozważenia",
|
||||
"newLocationWarnings":"Ostrzeżenie o nowej lokalizacji",
|
||||
"newPost":"Nowy formularz powtórzenia",
|
||||
"newPostVar":"Nowa zmienna",
|
||||
"newRSAKey":"Nowe klucze",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Maksymalny czas ważności",
|
||||
"oidcOPMetaDataOptionsPrompt":"Prompt",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protokół",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Reguła rozstrzygania",
|
||||
"oidcOPMetaDataOptionsScope":"Zakres",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Kolejność",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"Przechowuj token identyfikacyjny",
|
||||
|
@ -662,13 +669,13 @@
|
|||
"oidcParams":"Parametry OpenID Connect",
|
||||
"oidcRP":"Strona zależna od OpenID Connect",
|
||||
"oidcRPCallbackGetParam":"Parametr GET wywołania zwrotnego",
|
||||
"oidcRPMetaDataExportedVars":"Exported attributes (claims)",
|
||||
"oidcRPMetaDataExportedVars":"Wyeksportowane atrybuty (claims)",
|
||||
"oidcRPMetaDataMacros":"Makra",
|
||||
"oidcRPMetaDataNode":"Strony zależne od OpenID Connect",
|
||||
"oidcRPMetaDataNodes":"Strony zależne od OpenID Connect",
|
||||
"oidcRPMetaDataOptions":"Opcje",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Zwolnij oświadczenia w tokenie dostępu",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Access Tokens",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Tokeny dostępowy",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Użyj formatu JWT dla tokenu dostępu",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Algorytm podpisu tokena dostępu",
|
||||
"oidcRPMetaDataOptionsAdditionalAudiences":"Dodatkowi odbiorcy",
|
||||
|
@ -677,18 +684,19 @@
|
|||
"oidcRPMetaDataOptionsAllowOffline":"Zezwalaj na dostęp offline",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Zezwól na przyznanie hasła OAuth2.0",
|
||||
"oidcRPMetaDataOptionsAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Codes",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Kody autoryzacyjne",
|
||||
"oidcRPMetaDataOptionsBasic":"Podstawowy",
|
||||
"oidcRPMetaDataOptionsBypassConsent":"Obejdź zgodę",
|
||||
"oidcRPMetaDataOptionsClientID":"Identyfikator klienta",
|
||||
"oidcRPMetaDataOptionsClientSecret":"Sekret klienta",
|
||||
"oidcRPMetaDataOptionsDisplay":"Wyświetlanie",
|
||||
"oidcRPMetaDataOptionsDisplayName":"Wyświetlana nazwa",
|
||||
"oidcRPMetaDataOptionsExtraClaims":"Scope values content",
|
||||
"oidcRPMetaDataOptionsIDTokenExpiration":"ID Tokens",
|
||||
"oidcRPMetaDataOptionsExtraClaims":"Treść wartości zakresu",
|
||||
"oidcRPMetaDataOptionsIDTokenExpiration":"Tokeny identyfikacyjne",
|
||||
"oidcRPMetaDataOptionsIDTokenForceClaims":"Wymuś zwrot roszczeń w tokenie identyfikacyjnym",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"Algorytm podpisu tokena identyfikacyjnego",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Bypass confirm",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Wymagana sesja",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Rodzaj",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -701,7 +709,7 @@
|
|||
"oidcRPMetaDataOptionsRule":"Reguła dostępu",
|
||||
"oidcRPMetaDataOptionsTimeouts":"Limit czasu",
|
||||
"oidcRPMetaDataOptionsUserIDAttr":"Atrybut użytkownika",
|
||||
"oidcRPMetaDataOptionsUserInfoSignAlg":"UserInfo response format",
|
||||
"oidcRPMetaDataOptionsUserInfoSignAlg":"Format odpowiedzi UserInfo",
|
||||
"oidcRPMetaDataScopeRules":"Zasady dotyczące zakresu",
|
||||
"oidcRPName":"Nazwa RP OpenID Connect",
|
||||
"oidcRPStateTimeout":"Limit czasu sesji stanowej",
|
||||
|
@ -711,10 +719,10 @@
|
|||
"oidcServiceAllowHybridFlow":"Przepływ hybrydowy",
|
||||
"oidcServiceAllowImplicitFlow":"Implikowany przepływ",
|
||||
"oidcServiceAllowOffline":"Zezwalaj na dostęp offline",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Authorization Code",
|
||||
"oidcServiceDynamicRegistration":"Dynamic registration",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
|
||||
"oidcServiceAllowOnlyDeclaredScopes":"Zezwalaj tylko na zadeklarowane zakresy",
|
||||
"oidcServiceAuthorizationCodeExpiration":"Kod autoryzacji",
|
||||
"oidcServiceDynamicRegistration":"Rejestracja dynamiczna",
|
||||
"oidcServiceDynamicRegistrationExportedVars":"Wyeksportowane zmienne",
|
||||
"oidcServiceDynamicRegistrationExtraClaims":"Dodatkowe roszczenia",
|
||||
"oidcServiceIDTokenExpiration":"Token identyfikacyjny",
|
||||
"oidcServiceKeyIdSig":"Identyfikator klucza podpisu",
|
||||
|
@ -723,7 +731,7 @@
|
|||
"oidcServiceMetaDataAuthorizeURI":"Autoryzacja",
|
||||
"oidcServiceMetaDataBackChannelURI":"Identyfikator URI kanału zwrotnego",
|
||||
"oidcServiceMetaDataCheckSessionURI":"Sprawdź sesję",
|
||||
"oidcServiceMetaDataEndPoints":"Endpoints",
|
||||
"oidcServiceMetaDataEndPoints":"Punkty końcowe",
|
||||
"oidcServiceMetaDataEndSessionURI":"Koniec sesji",
|
||||
"oidcServiceMetaDataFrontChannelURI":"Identyfikator URI kanału przedniego",
|
||||
"oidcServiceMetaDataIntrospectionURI":"Introspekcja",
|
||||
|
@ -734,9 +742,9 @@
|
|||
"oidcServiceMetaDataSecurity":"Bezpieczeństwo",
|
||||
"oidcServiceMetaDataSessions":"Sesje",
|
||||
"oidcServiceMetaDataTimeouts":"Limit czasu",
|
||||
"oidcServiceMetaDataTokenURI":"Tokens",
|
||||
"oidcServiceMetaDataTokenURI":"Tokeny",
|
||||
"oidcServiceMetaDataUserInfoURI":"Informacja o użytkowniku",
|
||||
"oidcServiceOfflineSessionExpiration":"Offline session",
|
||||
"oidcServiceOfflineSessionExpiration":"Sesja offline",
|
||||
"oidcServicePrivateKeySig":"Klucz prywatny podpisu",
|
||||
"oidcServicePublicKeySig":"Klucz publiczny podpisu",
|
||||
"oidcStorage":"Nazwa modułu sesji",
|
||||
|
@ -803,7 +811,7 @@
|
|||
"portalDisplayRefreshMyRights":"Wyświetl link do odświeżania praw",
|
||||
"portalDisplayRegister":"Zarejestruj Nowe Konto",
|
||||
"portalDisplayResetPassword":"Zresetuj hasło",
|
||||
"portalEnablePasswordDisplay":"Allow to display password",
|
||||
"portalEnablePasswordDisplay":"Zezwól na wyświetlenie hasła",
|
||||
"portalErrorOnExpiredSession":"Pokaż błąd w wygasłej sesji",
|
||||
"portalErrorOnMailNotFound":"Pokaż błąd w poczcie nie znaleziono",
|
||||
"portalFavicon":"Favicon",
|
||||
|
@ -831,12 +839,12 @@
|
|||
"previous":"Poprzedni",
|
||||
"privateKey":"Prywatny klucz",
|
||||
"proxyAuthService":"URL",
|
||||
"proxyAuthServiceChoiceParam":"Choice parameter",
|
||||
"proxyAuthServiceChoiceValue":"Choice value",
|
||||
"proxyAuthServiceChoiceParam":"Parametr wyboru",
|
||||
"proxyAuthServiceChoiceValue":"Wybór wartości",
|
||||
"proxyAuthServiceImpersonation":"Personifikacja",
|
||||
"proxyAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"proxyCookieName":"Nazwa ciasteczka",
|
||||
"proxyInternalPortal":"Internal Portal",
|
||||
"proxyInternalPortal":"Portal wewnętrzny",
|
||||
"proxyParams":"Parametry proxy",
|
||||
"proxySessionService":"Adres URL usługi sesji",
|
||||
"proxyUseSoap":"Użyj SOAP zamiast REST",
|
||||
|
@ -864,11 +872,11 @@
|
|||
"regexp":"Wyrażenie regularne",
|
||||
"regexps":"Wyrażenia regularne",
|
||||
"register":"Zarejestruj nowe konto",
|
||||
"registerConfirmBody":"Body for verification mail",
|
||||
"registerConfirmSubject":"Subject for verification mail",
|
||||
"registerConfirmBody":"Treść poczty weryfikacyjnej",
|
||||
"registerConfirmSubject":"Temat wiadomości weryfikacyjnej",
|
||||
"registerDB":"Moduł rejestracji",
|
||||
"registerDoneBody":"Body for credentials mail",
|
||||
"registerDoneSubject":"Subject for credentials mail",
|
||||
"registerDoneBody":"Treść poczty uwierzytelniającej",
|
||||
"registerDoneSubject":"Temat wiadomości z danymi uwierzytelniającymi",
|
||||
"registerTimeout":"Termin ważności wniosku o rejestrację",
|
||||
"registerUrl":"Zarejestruj adres URL strony",
|
||||
"reloadParams":"Załaduj ponownie konfigurację",
|
||||
|
@ -889,26 +897,28 @@
|
|||
"requireToken":"Wymagaj tokena do formularzy",
|
||||
"rest2f":"Drugi czynnik REST",
|
||||
"rest2fActivation":"Aktywacja",
|
||||
"rest2fCodeActivation":"Wyrażenie regularne kodu",
|
||||
"rest2fAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"rest2fInitArgs":"Początkowe argumenty",
|
||||
"rest2fInitUrl":"Początkowy adres URL",
|
||||
"rest2fLabel":"Etykieta",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Re-send interval",
|
||||
"rest2fVerifyArgs":"Zweryfikuj argumenty",
|
||||
"rest2fVerifyUrl":"Zweryfikuj adres URL",
|
||||
"restAuthServer":"Authentication server",
|
||||
"restAuthServer":"Serwer uwierzytelniania",
|
||||
"restAuthUrl":"Adres URL uwierzytelnienia",
|
||||
"restAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"restClockTolerance":"Server clock tolerance",
|
||||
"restConfigServer":"Configuration server",
|
||||
"restExportSecretKeys":"Export secret attributes",
|
||||
"restClockTolerance":"Tolerancja zegara serwera",
|
||||
"restConfigServer":"Serwer konfiguracji",
|
||||
"restExportSecretKeys":"Eksportuj tajne atrybuty",
|
||||
"restFindUserDBUrl":"Adres URL kont użytkowników",
|
||||
"restParams":"Parametry REST",
|
||||
"restPasswordServer":"Password reset server",
|
||||
"restPasswordServer":"Serwer resetowania hasła",
|
||||
"restPwdConfirmUrl":"Adres URL potwierdzenia hasła",
|
||||
"restPwdModifyUrl":"URL zmiany hasła",
|
||||
"restServices":"Usługa REST",
|
||||
"restSessionServer":"Session server",
|
||||
"restSessionServer":"Serwer sesji",
|
||||
"restUserDBUrl":"Adres URL danych użytkownika",
|
||||
"restore":"Przywróć",
|
||||
"restoreConf":"Przywróć konfigurację",
|
||||
|
@ -1060,6 +1070,7 @@
|
|||
"saveReport":"Zapisz raport",
|
||||
"savingConfirmation":"Zapisuję potwierdzenie",
|
||||
"scope":"Zakres",
|
||||
"scrollTop":"Scroll to top button",
|
||||
"search":"Szukaj...",
|
||||
"secondFactors":"Drugi czynnik",
|
||||
"securedCookie":"Bezpieczne pliki cookie (SSL)",
|
||||
|
@ -1079,9 +1090,10 @@
|
|||
"session_s":"sesja/e",
|
||||
"sessions":"Sesje",
|
||||
"sfExtra":"Dodatkowe drugie czynniki",
|
||||
"sfLoginTimeout":"Login timeout",
|
||||
"sfManagerRule":"Link do Menedżera wyświetlania",
|
||||
"sfOnlyUpgrade":"Użyj 2FA do aktualizacji sesji",
|
||||
"sfRegisterTimeout":"Registration timeout",
|
||||
"sfRegisterTimeout":"Limit czasu rejestracji",
|
||||
"sfRemovedMsg":"Wyświetl komunikat, gdy przeterminowany 2FA został usunięty",
|
||||
"sfRemovedMsgRule":"Aktywacja",
|
||||
"sfRemovedNotifMsg":"Powiadomienie",
|
||||
|
@ -1107,9 +1119,9 @@
|
|||
"slaveMasterIP":"Adres IP mastera",
|
||||
"slaveParams":"Parametry slave",
|
||||
"slaveUserHeader":"Nagłówek logowania użytkownika",
|
||||
"soapConfigServer":"Configuration server",
|
||||
"soapConfigServer":"Serwer konfiguracji",
|
||||
"soapServices":"Usługa SOAP",
|
||||
"soapSessionServer":"Session server",
|
||||
"soapSessionServer":"Serwer sesji",
|
||||
"specialRule":"Reguła specjalna",
|
||||
"sslByAjax":"Użyj żądania Ajax",
|
||||
"sslHost":"Ajax SSL URL",
|
||||
|
@ -1118,13 +1130,13 @@
|
|||
"stateCheck":"Kontrola stanu",
|
||||
"stayConnect":"Trwałe połączenia",
|
||||
"stayConnected":"Aktywacja",
|
||||
"stayConnectedBypassFG":"Do not check fingerprint",
|
||||
"stayConnectedBypassFG":"Nie sprawdzaj odcisku palca",
|
||||
"stayConnectedCookieName":"Nazwa ciasteczka",
|
||||
"stayConnectedTimeout":"Data ważności",
|
||||
"storePassword":"Przechowuj hasło użytkownika w sesji",
|
||||
"string":"Łańcuch znaków",
|
||||
"subtitle":"Podtytuł",
|
||||
"successLoginNumber":"Max successful logins count",
|
||||
"successLoginNumber":"Maksymalna liczba udanych logowań",
|
||||
"successfullySaved":"Pomyślnie zapisano",
|
||||
"sympaHandler":"Sympa",
|
||||
"sympaMailKey":"Klucz sesji e-mail",
|
||||
|
@ -1142,9 +1154,9 @@
|
|||
"totp2fActivation":"Aktywacja",
|
||||
"totp2fAuthnLevel":"Poziom uwierzytelnienia",
|
||||
"totp2fDigits":"Ilość cyfr",
|
||||
"totp2fEncryptSecret":"Encrypt TOTP secrets",
|
||||
"totp2fEncryptSecret":"Szyfruj sekrety TOTP",
|
||||
"totp2fInterval":"Interwał",
|
||||
"totp2fIssuer":"Issuer name",
|
||||
"totp2fIssuer":"Nazwa wystawcy",
|
||||
"totp2fLabel":"Etykieta",
|
||||
"totp2fLogo":"Logo",
|
||||
"totp2fRange":"Zakres prób",
|
||||
|
@ -1203,7 +1215,7 @@
|
|||
"vhostAccessToTrace":"Dostęp do śledzenia",
|
||||
"vhostAliases":"Aliasy",
|
||||
"vhostAuthnLevel":"Wymagany poziom uwierzytelnienia",
|
||||
"vhostDevOpsRulesUrl":"DevOps rules file URL",
|
||||
"vhostDevOpsRulesUrl":"Adres URL pliku reguł DevOps",
|
||||
"vhostHttps":"HTTPS",
|
||||
"vhostMaintenance":"Tryb konserwacji",
|
||||
"vhostOptions":"Opcje",
|
||||
|
@ -1229,9 +1241,9 @@
|
|||
"webauthn2fLogo":"Logo",
|
||||
"webauthn2fSelfRegistration":"Samodzielna rejestracja",
|
||||
"webauthn2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć WebAuthn",
|
||||
"webauthn2fUserVerification":"User verification",
|
||||
"webauthnDisplayNameAttr":"User Display Name attribute",
|
||||
"webauthnRpName":"Relying Party display name",
|
||||
"webauthn2fUserVerification":"Weryfikacja użytkownika",
|
||||
"webauthnDisplayNameAttr":"Atrybut nazwy wyświetlanej użytkownika",
|
||||
"webauthnRpName":"Wyświetlana nazwa strony uzależnionej",
|
||||
"webidParams":"Parametry WebID",
|
||||
"whatToTrace":"REMOTE_USER",
|
||||
"whiteList":"Biała lista",
|
||||
|
|
|
@ -131,6 +131,9 @@
|
|||
"bruteForceProtectionMaxLockTime":"Maksimum kilit süresi",
|
||||
"bruteForceProtectionTempo":"Kilit süresi",
|
||||
"cancel":"İptal Et",
|
||||
"captcha":"Captcha modülü",
|
||||
"captchaCustom":"Captcha modülünü özelleştir",
|
||||
"captchaOptions":"Captcha modülü seçenekleri",
|
||||
"captcha_login_enabled":"Giriş formunda aktivasyon",
|
||||
"captcha_mail_enabled":"E-posta formu tarafından parola sıfırlamada aktivasyon",
|
||||
"captcha_register_enabled":"Kayıt formunda aktivasyon",
|
||||
|
@ -161,6 +164,7 @@
|
|||
"casSrvMetaDataOptionsIcon":"İkon yolu",
|
||||
"casSrvMetaDataOptionsProxiedServices":"Vekil sunucu servisleri",
|
||||
"casSrvMetaDataOptionsRenew":"Kimlik doğrulamayı yenile",
|
||||
"casSrvMetaDataOptionsResolutionRule":"Çözünürlük kuralı",
|
||||
"casSrvMetaDataOptionsSortNumber":"Sıra",
|
||||
"casSrvMetaDataOptionsUrl":"Sunucu URL'si",
|
||||
"casSrvName":"CAS Sunucu Adı",
|
||||
|
@ -350,6 +354,7 @@
|
|||
"ext2fCodeActivation":"Düzenli ifade kodla",
|
||||
"ext2fLabel":"Etiket",
|
||||
"ext2fLogo":"Logo",
|
||||
"ext2fResendInterval":"Yeniden gönderme aralığı",
|
||||
"facebookAppId":"Facebook uygulama ID",
|
||||
"facebookAppSecret":"Facebook uygulama gizli anahtar",
|
||||
"facebookAuthnLevel":"Doğrulama seviyesi",
|
||||
|
@ -527,6 +532,7 @@
|
|||
"mail2fCodeRegex":"Düzenli ifade kodla",
|
||||
"mail2fLabel":"Etiket",
|
||||
"mail2fLogo":"Logo",
|
||||
"mail2fResendInterval":"Yeniden gönderme aralığı",
|
||||
"mail2fSessionKey":"Oturum anahtarı e-posta adresini içeriyor",
|
||||
"mail2fSubject":"E-posta konusu",
|
||||
"mail2fTimeout":"Kod zaman aşımı",
|
||||
|
@ -652,6 +658,7 @@
|
|||
"oidcOPMetaDataOptionsMaxAge":"Maksimum ömür",
|
||||
"oidcOPMetaDataOptionsPrompt":"İstem",
|
||||
"oidcOPMetaDataOptionsProtocol":"Protokol",
|
||||
"oidcOPMetaDataOptionsResolutionRule":"Çözünürlük kuralı",
|
||||
"oidcOPMetaDataOptionsScope":"Kapsam",
|
||||
"oidcOPMetaDataOptionsSortNumber":"Sıra",
|
||||
"oidcOPMetaDataOptionsStoreIDToken":"ID Jetonu Sakla",
|
||||
|
@ -689,6 +696,7 @@
|
|||
"oidcRPMetaDataOptionsIDTokenForceClaims":"ID Jetonunda özelliklerin yayınlanmasını zorla",
|
||||
"oidcRPMetaDataOptionsIDTokenSignAlg":"ID Token imzalama algoritması",
|
||||
"oidcRPMetaDataOptionsIcon":"Logo",
|
||||
"oidcRPMetaDataOptionsLogoutBypassConfirm":"Doğrulamayı geç",
|
||||
"oidcRPMetaDataOptionsLogoutSessionRequired":"Oturum gerekli",
|
||||
"oidcRPMetaDataOptionsLogoutType":"Tür",
|
||||
"oidcRPMetaDataOptionsLogoutUrl":"URL",
|
||||
|
@ -889,11 +897,13 @@
|
|||
"requireToken":"Formlar için jeton gerekir",
|
||||
"rest2f":"REST ile ikinci faktör",
|
||||
"rest2fActivation":"Aktivasyon",
|
||||
"rest2fCodeActivation":"Düzenli ifade kodla",
|
||||
"rest2fAuthnLevel":"Doğrulama seviyesi",
|
||||
"rest2fInitArgs":"Başlangıç argümanları",
|
||||
"rest2fInitUrl":"Başlangıç URL",
|
||||
"rest2fLabel":"Etiket",
|
||||
"rest2fLogo":"Logo",
|
||||
"rest2fResendInterval":"Yeniden gönderme aralığı",
|
||||
"rest2fVerifyArgs":"Argümanları Doğrula",
|
||||
"rest2fVerifyUrl":"URL'yi Doğrula",
|
||||
"restAuthServer":"Doğrulama sunucusu",
|
||||
|
@ -1060,6 +1070,7 @@
|
|||
"saveReport":"Raporu kaydet",
|
||||
"savingConfirmation":"Doğrulama kaydediliyor",
|
||||
"scope":"Kapsam",
|
||||
"scrollTop":"Üst butonu kaydır",
|
||||
"search":"Ara...",
|
||||
"secondFactors":"İki faktörlü kimlik doğrulama",
|
||||
"securedCookie":"Güvenli Çerez (SSL)",
|
||||
|
@ -1079,6 +1090,7 @@
|
|||
"session_s":"oturum(lar)",
|
||||
"sessions":"Oturumlar",
|
||||
"sfExtra":"Ek ikinci faktörler",
|
||||
"sfLoginTimeout":"Oturum zaman aşımı",
|
||||
"sfManagerRule":"Yönetici bağlantısını görüntüle",
|
||||
"sfOnlyUpgrade":"Oturum yükseltme için 2FA kullan",
|
||||
"sfRegisterTimeout":"Kayıtlanma zaman aşımı",
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue