dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,354 Commits 3 Branches 0 Tags 75 MiB
174193e74c
Commit Graph

261 Commits

Author SHA1 Message Date
Christophe Maudoux
174193e74c Merge branch 'v2.0' 2019-09-01 22:11:33 +02:00
Maxime Besson
d61935ab6e Implement introspection endpoint for access tokens (#1843) 2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5 Refactor endpoint auth 2019-08-29 18:57:26 +02:00
Christophe Maudoux
1212cd9ba2 Merge branch 'v2.0' 2019-08-25 18:47:43 +02:00
Maxime Besson
661a007b4a Check OIDC access token expiration (#1879) 2019-08-21 12:18:55 +02:00
Christophe Maudoux
28732d614b Merge branch 'v2.0' 2019-08-15 22:43:20 +02:00
Maxime Besson
2e9f57ab6f Better default behavior for oidcServiceMetaDataIssuer (#1882) 2019-08-13 18:09:59 +02:00
Christophe Maudoux
866d5457f3 Merge branch 'v2.0' 2019-08-09 23:33:59 +02:00
Maxime Besson
daa03a9a9c OIDC: tie client_id to authorization code (#1881) 2019-08-09 13:54:53 +02:00
Christophe Maudoux
499b16bd07 Merge branch 'v2.0' 2019-07-31 16:34:38 +02:00
Clément OUDOT
4ee49de4c2 Adapt grant_types_supported attribute (#1846) 2019-07-25 19:06:53 +02:00
Christophe Maudoux
b7c8d30b3f Merge branch 'v2.0' 2019-07-10 12:16:43 +02:00
Clément OUDOT
c76dc52436 Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows (#1846) 2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44 Manage claims in ID token if no access token requested (#1846) 2019-07-08 15:15:13 +02:00
Clément OUDOT
1ebbde9a50 Tidy code and add missing check on hash_level (#1835) 2019-07-04 09:49:01 +02:00
Christophe Maudoux
161d6cee0f Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t) 2019-07-03 22:17:22 +02:00
Xavier
3b7a70e0b7 Merge branch 'v2.0' (with new tidy) 2019-07-02 20:12:11 +02:00
Xavier Guimard
c1137edba8 make tidy with perltidy-20181120 2019-07-02 20:03:40 +02:00
Xavier
1718efe6d5 Merge branch 'v2.0' 2019-06-30 09:37:15 +02:00
Xavier
c921c295ed Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00
Xavier
1a1ccd7568 Merge branch 'crypto-improvements' 2019-06-27 22:03:05 +02:00
Xavier Guimard
264410409d Move CAS service verification from main to Issuer::CAS (#1795) 2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195 Check service= parameter on CAS logout (#1795) 
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.

In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.

If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
 2019-06-27 12:40:40 +02:00
Xavier
d27e4bcc55 Merge branch 'v2.0' 2019-06-15 09:23:50 +02:00
Clément OUDOT
4e5c450b8b Return error if no code provided on token endpoint (#1802) 2019-06-14 16:05:39 +02:00
Xavier
a2454ff4cc Merge branch 'v2.0' 2019-06-12 21:44:39 +02:00
Xavier
a6aaf8a507 Add XSS test (#1795) 2019-06-11 21:30:15 +02:00
Xavier
1a8948894d Check CAS "service" parameter (Fixes: #1795) 2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa Fix CASv2 logout (#1753) 2019-06-11 16:18:15 +02:00
Xavier
f75093d433 Merge branch 'v2.0' 2019-05-28 22:12:50 +02:00
Xavier
db2ee96bc8 Update versions (#1777) 2019-05-28 22:04:45 +02:00
Xavier
82171e9a90 Fix missing $req in SLO responses (#1777) 2019-05-28 21:45:54 +02:00
Xavier
acd6ba50e8 Fix some missing $req (#1777) 2019-05-28 19:52:08 +02:00
Xavier
29b71569de Merge branch 'v2.0' 2019-04-30 21:03:14 +02:00
Clément OUDOT
926262170b Implement PKCE in OIDC provider (#1722) 2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7 Create a configuration option to allow a Relying Party to be a public client 
Allow unauthenticated requests on OAuth2 token endoint

#1725
 2019-04-29 10:02:16 +02:00
Maxime Besson
2f9e6aa623 Allow override of username attribute for CAS apps 
Global CAS options allows the admistrator to set the session attribute
that gets exported to all CAS application as the main identifier
(cas:user)

This commit adds the ability to override this configuration for a
particular CAS application.

OIDC already allows this

Fixes #1713
 2019-04-28 21:06:34 +02:00
Maxime Besson
62f16721ff Send username when calling CAS1.0 validation 
Fixes #1724
 2019-04-28 19:29:54 +02:00
Xavier Guimard
01b5951b73 Merge branch 'v2.0' 2019-04-05 10:10:40 +02:00
Clément OUDOT
8859fe342b Fix setHiddenFormValue (#1692) 2019-04-03 17:54:58 +02:00
Clément OUDOT
8be0817363 Send optional SAML attributes if they have a value (#1681) 2019-04-03 16:40:41 +02:00
Clément OUDOT
9a454fbb7a Manage SLO termination if there is no RelayState (#1671) 2019-04-03 12:26:01 +02:00
Clément OUDOT
a805a5a00b Manage SLO responses (#1671) 2019-04-02 17:27:47 +02:00
Clément OUDOT
4e76ee9582 Avoid warning during SAML SLO (#1671) 2019-04-02 16:13:45 +02:00
Xavier
4798683129 Merge branch 'v2.0' 2019-04-02 06:56:45 +02:00
Clément OUDOT
5a30a82fa6 Add SLO Termination endpoint (#1671) 2019-04-01 18:02:38 +02:00
Xavier Guimard
b40f292d8a Merge branch 'v2.0' 2019-03-27 10:31:30 +01:00
Clément OUDOT
39020e003e Fix server error on SAML SLO (#1671) 2019-03-26 17:15:01 +01:00
Xavier Guimard
8941ee4dd5 Merge branch 'v2.0' 2019-03-14 14:57:39 +01:00
Clément OUDOT
d620ae2e8b Merge branch 'maxbes/lemonldap-ng-saml-issuer-entityid-override' into v2.0 2019-03-13 10:30:16 +01:00