dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,562 Commits 3 Branches 0 Tags 75 MiB
2f19ccb169
Commit Graph

488 Commits

Author SHA1 Message Date
Clément Oudot
13dc6d5755 Fix 'exp' field in ID Token (#184) 2015-06-18 10:20:15 +00:00
Clément Oudot
96207ab19d Support URL for application logo (#183) 2015-06-16 15:43:07 +00:00
Clément Oudot
15cfb0ed43 Support URL for application logo (#184) 2015-06-16 15:34:11 +00:00
Clément Oudot
ef43679ce1 Manage session not found in portal (#825) 2015-06-12 10:56:38 +00:00
Clément Oudot
12890c4512 Fix oidcStorageOptions initialization (#184) 2015-06-12 07:51:37 +00:00
Clément Oudot
e3af829e5a Remove portalAutocomplete configuration (#824) 2015-06-11 12:59:20 +00:00
Clément Oudot
b81aea14b4 Define an ID for public key (#184) 2015-06-05 12:55:06 +00:00
Clément Oudot
fe77ab4dbb CHeck session iframe with CORS for session management (#184) 2015-06-01 18:22:36 +00:00
Clément Oudot
05ecd34598 Parameter to define allowed flows (#184) 2015-05-29 16:49:32 +00:00
Clément Oudot
121e578b7e Parameter to allow dynamic client registration (#184) 2015-05-29 10:07:54 +00:00
Clément Oudot
b66a90e197 Register dynamic client in configuration (#184) 2015-05-29 08:50:51 +00:00
Clément Oudot
ab0b6e7190 Display correct skin in register page (#818) 2015-05-11 14:06:20 +00:00
Clément Oudot
f82a7319be Display correct skin in mail reset page (#818) 2015-05-11 13:50:55 +00:00
Clément Oudot
fe2ad66a29 Add attributes in CAS serviceValidate response (#773) 2015-05-09 17:49:56 +00:00
Clément Oudot
ad2c67c2ba Support Request URI (#184) 2015-04-30 06:09:51 +00:00
Clément Oudot
159f71fd25 Verify Request JWT signature (#184) 2015-04-25 15:19:12 +00:00
Clément Oudot
94f1065e5d Accept 'request' parameter in authorization requests (#184) 2015-04-22 17:16:32 +00:00
Clément Oudot
0b3f9a78ff Parse UserInfo response as JWT (#183) 2015-04-18 08:36:42 +00:00
Clément Oudot
1c0df34268 Replace version 2.00 by 2.0.0 2015-04-15 14:18:38 +00:00
Clément Oudot
9520bef489 Manager UserInfo signature (JWT response) (#184) 2015-04-14 18:42:02 +00:00
Clément Oudot
572636ead1 Use Base64 URL to decode JWT (#184) 2015-04-11 11:15:01 +00:00
Clément Oudot
a63918d28f Return session state for session management (#184) 2015-04-07 09:04:17 +00:00
Clément Oudot
ac5f76f898 Option to deactivate nonce (#183) 2015-04-03 13:45:38 +00:00
Clément Oudot
a17159f105 Don't send max_age if value is 0 (#183) 2015-04-03 13:23:52 +00:00
Clément Oudot
3ad495f824 Call endsession point in authLogout (#183) 2015-04-03 13:00:30 +00:00
Clément Oudot
328a280601 Work on implementation of OIDC logout (#184) 2015-04-03 09:05:36 +00:00
Clément Oudot
841f057c25 Work on implementation of OIDC logout (#184) 2015-04-02 16:54:00 +00:00
Clément Oudot
85650ae3be Start implementation of OIDC logout (#184) 2015-04-02 07:02:21 +00:00
Clément Oudot
72aecd6cf1 Configuration of Authentication Class Ref (#184) 2015-04-01 15:45:08 +00:00
Clément Oudot
b9494d1b0a Check iat (#183) 2015-04-01 15:10:08 +00:00
Clément Oudot
0fa5cf2614 Use max_age, ui_locales and acr_values (#183) 2015-04-01 14:51:49 +00:00
Clément Oudot
01aec28467 Use prompt (#183) 2015-04-01 13:00:31 +00:00
Clément Oudot
865551989b Use display (#183) 2015-04-01 12:53:18 +00:00
Clément Oudot
9936ade26b Use nonce (#183) 2015-03-31 16:07:50 +00:00
Clément Oudot
2e0f1b7088 Start of registration endpoint implementation (#184) 2015-03-30 15:57:23 +00:00
Clément Oudot
b14ec43a88 Check redirect_uri (#184) 2015-03-30 12:58:56 +00:00
Clément Oudot
da31a15cb9 Add support for RS256/RS384/RS512 to sign ID Tokens (#184) 2015-03-27 15:13:00 +00:00
Clément Oudot
895d7f3ef1 Display pretty JSON (#184) 2015-03-27 14:33:13 +00:00
Clément Oudot
d22853d775 Support for JWKS URI and signing public key (#184) 2015-03-27 14:21:43 +00:00
Clément Oudot
f8e37c0c8b Use SAML message creation time to set netBefore and notOnOrAfter (#799) 2015-03-27 08:29:12 +00:00
Clément Oudot
6c5487ab0e Check prompt parameter when displaying consent (#184) 2015-03-27 08:25:36 +00:00
Clément Oudot
9f06668eef Check id_token_hint request parameter for authenticated user (#184) 2015-03-25 16:13:09 +00:00
Clément Oudot
46e3b460c1 Check max_age request parameter for authenticated user (#184) 2015-03-25 16:11:45 +00:00
Clément Oudot
e1794d1be7 Check prompt request parameter for authenticated user (#184) 2015-03-25 14:55:46 +00:00
Clément Oudot
80480e302c Prompt parameter is a space delimited value (#184) 2015-03-25 13:48:36 +00:00
Clément Oudot
1937448419 Check hidden fields in issuerForUnAuthUser (#184) 2015-03-25 11:53:03 +00:00
Clément Oudot
158c097e66 Manage login_hint request parameter (#184) 2015-03-25 11:40:58 +00:00
Clément Oudot
70bcd003f6 Manage ui_locales request parameter (#184) 2015-03-25 11:15:31 +00:00
Clément Oudot
c6589a7f7b Check display and prompt request parameters for unauthenticated user (#184) 2015-03-25 10:54:00 +00:00
Clément Oudot
c07f698bdb Manage consent refuse and server_error errors (#184) 2015-03-25 09:11:46 +00:00
Clément Oudot
8e06ec1bd1 Get all OIDC parameters on authorization endpoint and check required ones (#184) 2015-03-24 17:01:15 +00:00
Clément Oudot
699303cf47 Use redirection for errors on authorization endpoint (#184) 2015-03-24 16:40:00 +00:00
Clément Oudot
45ed174666 Generate at_hash at token endpoint (#184) 2015-03-23 17:04:00 +00:00
Clément Oudot
2ff0b7277a Add hybrid flow support (#184) 2015-03-23 11:54:22 +00:00
Clément Oudot
539f241725 Generate at_hash in ID Token for implicit flow (#184) 2015-03-19 17:04:13 +00:00
Clément Oudot
c3cb985323 Manage access token hash in RP (#183) 2015-03-19 15:28:58 +00:00
Clément Oudot
4e7f4eb85e Use nonce in Authentication Code Flow (#184) 2015-03-17 12:56:11 +00:00
Clément Oudot
89e3678bdf Manage OIDC Implicit Flow (#184) 2015-03-17 11:01:11 +00:00
Clément Oudot
33bc52b619 Skeleton to manage different OIDC response types (#184) 2015-03-16 17:00:56 +00:00
Clément Oudot
71bc645d51 Authentication Context in ID Token (#184) 2015-03-13 12:54:04 +00:00
Clément Oudot
23b2c6f996 Configure Access Token expiration (#184) 2015-03-13 11:09:39 +00:00
Clément Oudot
74958870bb Auth time and expiration in ID Token (#184) 2015-03-13 10:54:36 +00:00
Clément Oudot
6d6d7e6424 Fix typo on Relying Party (#184) 2015-03-11 16:24:10 +00:00
Clément Oudot
167fdb66c4 Possibility to configure attribute used to fill OIDC User ID (#184) 2015-03-11 16:16:37 +00:00
Clément Oudot
55fe1a5ec8 Refactor code that build authz response (#184) 2015-03-11 15:47:24 +00:00
Clément Oudot
ca146c7525 Remove unused imports (#184) 2015-03-11 15:07:00 +00:00
Clément Oudot
f3dcec7ad7 Display user friendly messages for scope consent (#184) 2015-03-11 14:34:31 +00:00
Clément Oudot
495da0dde5 Check accepted scope in consent step (#184) 2015-03-11 13:53:58 +00:00
Clément Oudot
2d015ebdcd Possibility to change backend for OIDC sessions (#184) 2015-03-11 11:39:20 +00:00
Clément Oudot
6f128235af Set version 2.00 in the trunk 2015-03-11 09:05:04 +00:00
Clément Oudot
7a7bb1fbda make tidy on all files 2015-03-10 15:07:33 +00:00
Clément Oudot
a31663cf38 Delete captcha session only when authentication process is finished (#788) 2015-03-09 16:44:19 +00:00
Xavier Guimard
53e41d145c Auth modules must be set 2015-03-09 15:55:46 +00:00
Clément Oudot
ef4af6b3f2 ID Token signature configuration (#184) 2015-02-19 18:04:29 +00:00
Clément Oudot
d1d97d16c3 Set _utime in OIDC sessions (#184) 2015-02-19 15:17:49 +00:00
Clément Oudot
68607ca947 Implement UserInfo endpoint (#184) 2015-02-04 13:25:13 +00:00
Clément Oudot
968f0e065a Check authentication on token endpoint (#184) 2015-02-02 09:44:33 +00:00
Clément Oudot
9f69f03b09 Store scope in access token session (#184) 2015-01-31 15:17:56 +00:00
Clément Oudot
31e0a1cfb5 Obtain user consent for OpenID Connect requested scope (#184) 2015-01-31 14:34:52 +00:00
Clément Oudot
3c3cc39d0c Check sub of UserInfo JSON (references #183) 2015-01-31 14:33:05 +00:00
Clément Oudot
e6ae3b9925 Restore hidden form values (#184) 2015-01-29 13:32:31 +00:00
Clément Oudot
0be124d3d7 Prevent reuse of authorization code (#184) 2015-01-28 16:53:06 +00:00
Clément Oudot
70281de82d Add some debug logs (#184) 2015-01-28 13:41:10 +00:00
Clément Oudot
39b83ae46a OpenIDConnect Service metadata parameters in Manager (#184) 2015-01-28 13:07:11 +00:00
Clément Oudot
2abb7fafde Check that RP is registered (#184) 2015-01-23 13:06:54 +00:00
Clément Oudot
b82153ab17 Start implementation of OpenID Connect provider (#184) 2015-01-20 10:04:44 +00:00
David COUTADEUR
a82d36a794 Fix LEMONLDAP-784: https://jira.ow2.org/browse/LEMONLDAP-784 
reset password in AD not working
 2015-01-08 17:05:40 +00:00
Clément Oudot
7e74e27a3b Autoselect OP if only one is configured (#183) 2014-12-15 14:58:42 +00:00
Clément Oudot
922b92bbbe Configuration of OpenID Connect auth module and OP in Manager (#183) 2014-12-15 13:55:23 +00:00
Clément Oudot
18072723de Compatibility with AuthChoice (#183) 2014-12-11 17:05:33 +00:00
Clément Oudot
8b7ad81ff5 Add first OpenID Connect RP parameters in Manager (#183) 2014-12-11 16:54:27 +00:00
Clément Oudot
0014e2cdaf Invalidate CAS Service Ticket when it is used (#775) 2014-12-05 09:21:07 +00:00
Clément Oudot
8b1ea19725 Possibility to define a background image for portal skin (#770) 2014-12-02 14:51:23 +00:00
Clément Oudot
eea1fedd3c Better look of OpenID Provider list (#183) 2014-12-01 17:07:55 +00:00
Clément Oudot
44c64ea606 Manage refresh of JWKS data (#183) 2014-12-01 10:27:47 +00:00
Clément Oudot
c5ad64e694 Try to fix build #491 (#183) 2014-11-24 08:39:16 +00:00
Clément Oudot
c09d2c4e00 Check ID Token validity (#183) 2014-11-22 08:53:17 +00:00
Clément Oudot
ee43c5010f Check token response validity (references #183) 2014-11-22 08:46:41 +00:00
Clément Oudot
c0b7af29b8 Support client_secret_basic and client_secret_post for token endpoint authentication (references #183) 2014-11-21 17:15:47 +00:00
Clément Oudot
bc6920dd03 Check error in authn response (#183) 2014-11-21 10:32:35 +00:00
Clément Oudot
6ba3d9e44e Manage exported vars per OP (#183) 2014-11-20 15:53:26 +00:00
Clément Oudot
687f0ed094 Change configuration format to allow to define several OP (#183) 2014-11-20 14:03:32 +00:00
Clément Oudot
74a7770fa4 Use extractJWT method (#183) 2014-11-20 09:11:55 +00:00
Clément Oudot
53aab6d3c0 Verify JWT signature for RS256/RS384/RS512 alg (#183) 2014-11-19 14:17:39 +00:00
Clément Oudot
ab1e318149 Add support for HS368 and HS512 JWT signature alg (#183) 
Get OpenID configuration data from configuration URI (#183)
 2014-11-19 11:09:37 +00:00
Clément Oudot
5a09c04445 Add some log to JWT signature verification (#183) 2014-11-18 14:32:15 +00:00
Clément Oudot
27225cfe86 Option to check JWT Signature (#183) 2014-11-18 14:24:03 +00:00
Clément Oudot
2a33f67155 Verify JWT signature for HS256 alg (#183) 2014-11-17 18:09:55 +00:00
Clément Oudot
3cde211810 Save/restore state in OpenID Connect RP (#183) 2014-11-17 13:55:26 +00:00
Clément Oudot
c64f69a852 Use eval to decode JSON content (#183) 2014-11-14 16:53:56 +00:00
Clément Oudot
914fe20eb5 Create OpenIDConnect library (#183) 2014-11-14 16:18:50 +00:00
Clément Oudot
2ff2d0e01a First version of OpenIDConnect RP module (#183) 2014-11-14 14:29:55 +00:00
Clément Oudot
5bb0f01de4 Manage vhost aliases in portal menu (#755) 2014-11-03 17:07:47 +00:00
Clément Oudot
2af54acd97 Do not call data on undefined session object (#762) 2014-10-27 11:19:25 +00:00
Clément Oudot
2a343dff84 Fix TODO by using autoRedirect (#753) 2014-08-21 12:22:10 +00:00
Clément Oudot
7e517cbdd0 Do not hardcode OpenID server path (#753) 2014-08-21 12:19:12 +00:00
Clément Oudot
df926b3429 Fix OpenID Issuer with new Net::OpenID::Server version (#753) 2014-08-21 11:49:56 +00:00
Clément Oudot
3b947a0bb3 Add portal in trusted hosts (#752) 2014-08-19 10:05:15 +00:00
Clément Oudot
f97f5c72e0 make tidy 2014-07-24 15:48:32 +00:00
Clément Oudot
e011600113 Show error from Common::Session module in logs (#741) 2014-07-24 15:37:12 +00:00
Clément Oudot
ee1918fe21 Keep default value in condition if no notOnOrAfter timeout configured (#737) 2014-07-21 10:48:36 +00:00
Clément Oudot
15835e1e02 Possibility to configure conditions notOnOrAfter (#737) 2014-07-21 10:46:01 +00:00
Clément Oudot
b4bda626de Possibility to configure subjectConfirmation notOnOrAfter (#737) 2014-07-21 10:42:16 +00:00
Clément Oudot
757ac6f15d Possibility to configure sessionNotOnOrAfter (#737) 2014-07-21 09:44:28 +00:00
Clément Oudot
9bc097dd21 Compatibility of SSL modules with SOAP getCookies (#719) 2014-07-15 13:41:27 +00:00
Clément Oudot
93cc4a9f70 Rebind as manager after password change in order to read groups (#725) 2014-07-09 13:56:58 +00:00
Clément Oudot
f21184a59c Call authInit in MailReset to get the authentication choice (#664) 2014-06-25 12:58:15 +00:00
Clément Oudot
b72d79a30b Better connection management (#663, #LEMONLDAP-664): 
- Create userDBFinish, passwordDBFinish and registerDBFinish methods
- Call finish methods for each backend in process
- Call LDAP unbind only when necessary
- Unbind if error in RegisterDBLDAP
 2014-06-25 11:53:09 +00:00
François-Xavier Deltombe
70ec1d03cb Refactor LL::NG::Handler::Specific::AuthBasic (#630) 2014-06-25 10:01:17 +00:00
Clément Oudot
941c27631c Disconnect from LDAP when error occurs, and enable cache management even with Multi backend (#664) 2014-06-23 12:45:27 +00:00
Clément Oudot
1b6655a431 Delete captcha session when check is done, and add captcha backend in purgeCentralCache script (#703) 2014-06-11 10:22:34 +00:00
Clément Oudot
473cd6c9dc Use a session backend to manage captcha (#703) 2014-06-10 16:21:33 +00:00
Clément Oudot
dbfbde2e9f make tidy 2014-06-08 10:04:50 +00:00
Clément Oudot
50b80020da Port memory leak fix to 1.4 branch (#708) 2014-06-06 10:04:14 +00:00
Clément Oudot
d61cd6a6de Make Register work with AuthChoice (#26) 2014-06-06 09:54:48 +00:00
Xavier Guimard
c96e281fee Avoid potential circular references 2014-06-05 18:05:55 +00:00
Clément Oudot
f6cad5438c Test if password was auto generated before displaying it in the mail (#675) 2014-06-03 08:13:24 +00:00
Clément Oudot
066f52caba Fix use of ipAddr in Register (#26) 2014-06-02 13:56:20 +00:00
Clément Oudot
ba9fa72c1e AD register module (#26) 2014-06-02 10:24:05 +00:00
Clément Oudot
9629d3a500 Fix login generation (#26) 2014-06-02 10:12:05 +00:00
Clément Oudot
a5b7cd030c Register mail in LDAP (#26) 2014-06-02 10:08:32 +00:00
Clément Oudot
2e9033d28b Add a button on login page to register page (#26) 2014-05-30 12:21:53 +00:00
Clément Oudot
524fab0b3a RegisterDB LDAP is complete (#26) 2014-05-29 08:12:33 +00:00
Clément Oudot
9b10d96341 Fix unit tests after introducing RegisterDB (#26) 2014-05-29 07:38:50 +00:00
Clément Oudot
81dbe943c3 Introduce RegisterDB modules (#26) 2014-05-28 16:23:23 +00:00
Clément Oudot
2fe20b1248 Isolate register info in ->{registerInfo} (#26) 2014-05-28 15:41:32 +00:00
Clément Oudot
be04271809 Work on Register feature (#26) 2014-05-27 16:31:43 +00:00
Clément Oudot
66c93ec387 Manage already existing accounts in Register (#26) 2014-05-27 13:42:00 +00:00
Clément Oudot
57182767f4 Some error codes for Register (#26) 2014-05-26 16:25:33 +00:00
Clément Oudot
5ce762e9e3 Work on Register page (#26) 2014-05-23 18:47:36 +00:00