dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
572 Commits 3 Branches 0 Tags 75 MiB
3ad76f30b2
Commit Graph

116 Commits

Author SHA1 Message Date
Xavier Guimard
a98e3ac8bb SAML skeleton 2009-04-07 20:38:24 +00:00
Xavier Guimard
740ad09f9f Safelib + LDAPFilter parameter 2009-04-05 08:12:16 +00:00
Xavier Guimard
8bc0d20afa * Portal can now been used as 'proxy' for SOAP session storage. 
* Session explorer works now with SOAP session storage (very low performances)
 2009-04-03 16:17:57 +00:00
Xavier Guimard
b0b971b241 Double session mechanism : 2 cookies are generated, 1 secured, the other not. 
Handlers detects automatically the cookie to choose.
 2009-03-31 10:52:43 +00:00
Xavier Guimard
e5e80709e6 Use Net::LDAP high availability system 
%ENV was not shared
 2009-03-08 17:37:31 +00:00
Xavier Guimard
231f54ddf0 * New authentication and userDB module : 'Multi' to chain authentication modules. 
* Compilation for ModPerl::Registry by default
 2009-03-08 08:50:58 +00:00
Xavier Guimard
859be3923f * Doxygen doc update 
* More tests
* perltidy on tests
 2009-02-25 18:10:07 +00:00
Xavier Guimard
6307a00750 Lot of work on Portal SOAP services. Now 5 functions are exported: 
* getAttributes(cookieValue)
 * getConfig()
 * getCookies(user,password)
 * error(code,language)
 * newNotification(xml)

WSDL is up to date but getConfig is not documented since it's a Lemonldap::NG internal service.
 2009-02-24 17:53:59 +00:00
Xavier Guimard
20764ad812 New authentication and userDB backend : "Remote" can be used to check authentication from a remote Lemonldap::NG portal using CDA 2009-02-23 17:35:38 +00:00
Xavier Guimard
018bee1fc6 CDA now included in main portal 2009-02-17 15:39:14 +00:00
Xavier Guimard
553058998f Doxygen comments update 2009-02-17 15:22:42 +00:00
Xavier Guimard
ffb5ee8e33 Doxygen filter modification to show authentication process methods 2009-02-17 14:56:38 +00:00
Xavier Guimard
5803952784 * delete log() method from the portal : 
* user actions are logged by userNotice() and userError()
  * other access are logged by HTTP server
* create authenticate() method in Simple.pm used to launch userNotice() for
  all authentication method
 2009-02-15 17:58:38 +00:00
Xavier Guimard
b6cdee5d2a Now userNotice and userError are customizable like subs called by _subProcess 2009-02-15 11:30:25 +00:00
Xavier Guimard
415d23b6e4 User actions are now registered with 3 functions : 
* log        : normal access to the portal
 * userNotice : authentications, logout,...
 * userError  : bad password,...

A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog
 2009-02-15 08:53:44 +00:00
Xavier Guimard
0c18700f65 * cleaning code : 
* session have not to be recover in Menu since it's done before bu the portal
* accounting in CGIs (ModPerl::Registry context only) :
  * used by portal to inform Apache
 2009-02-14 08:55:19 +00:00
Xavier Guimard
19e59af4cd log & debug method lmLog() for CGIs 2009-02-12 19:48:53 +00:00
Clément Oudot
ed55803c04 LEMONLDAP::NG : Abort redirection if ppolicy warnings are present 2009-02-12 17:09:33 +00:00
Xavier Guimard
f8169c1909 Notification system in progress : 
* File storage is running
 * DBI storage has not yet been tested
Documentation update
 2009-02-11 16:18:38 +00:00
Xavier Guimard
7c1ff1d938 Versions update 2009-02-10 17:28:27 +00:00
Xavier Guimard
c5a5ba909f Typo in pod 2009-02-08 19:12:08 +00:00
Xavier Guimard
fbdb9ccb22 LEMONLDAP::NG : * Version is missing in SOAPServer.pm 
* perltidy on Portal/Simple.pm
 2009-02-08 07:59:46 +00:00
Xavier Guimard
1800497815 LEMONLDAP::NG : propagation of 0.9.3.4 changes 2009-02-05 17:05:18 +00:00
Xavier Guimard
a25e10b040 LEMONLDAP::NG : * documentation modification 
* SOAP service to update notification database
 2009-02-03 09:36:13 +00:00
Xavier Guimard
1b6f56699a LEMONLDAP::NG : Missing file Portal/Notification.pm 2009-02-02 08:53:51 +00:00
Xavier Guimard
85d765a002 LEMONLDAP::NG : WSDL for portal + dependency of Crypt::Rijndael in Debian 2009-02-01 15:38:06 +00:00
Xavier Guimard
21f5808cdf LEMONLDAP::NG : Notification system is running now (for file storage only). TODO: Soapservice to accept notifications 2009-01-30 15:26:34 +00:00
Xavier Guimard
2540bb36f0 LEMONLDAP::NG : * new feature in devel : notification system 
* now, there is a shared key that can be use to crypt datas
                  (used in notification to hide cookie value)
 2009-01-28 17:37:10 +00:00
Xavier Guimard
bfab1a6e3b LEMONLDAP::NG Doxygen in progress 2008-12-31 15:10:02 +00:00
Xavier Guimard
41fe04e8b8 LEMONLDAP::NG : Doxygen documentation in progress... 2008-12-29 10:28:31 +00:00
Xavier Guimard
2e5911ac4e LEMONLDAP::NG : Doxygen in progress. 2008-12-28 08:36:52 +00:00
Clément Oudot
985bdc2509 LEMONLDAP::NG : don't test url if direct access to portal 2008-12-27 11:00:45 +00:00
Xavier Guimard
13a5a1daab LEMONLDAP::NG : Doxygen documentation in progress 2008-12-26 17:58:48 +00:00
Xavier Guimard
78852ac337 LEMONLDAP::NG perltidy 2008-12-24 14:57:23 +00:00
Xavier Guimard
13cdc9b8ec LEMONLDAP::NG : XSS patch not compatible with logout system 2008-12-24 14:55:44 +00:00
Xavier Guimard
2449e92c2d LEMONLDAP::NG : A site in the protected domain is accepted in $portal->{urldc} even if the site is not declared in the manager 2008-12-24 09:12:53 +00:00
Xavier Guimard
cc07eae107 LEMONLDAP::NG : customFunctions are now shared in macros, groups, headers and rules 2008-12-11 17:02:02 +00:00
Xavier Guimard
a77e385730 LEMONLDAP::NG : little bug in SOAP error() 2008-12-08 10:56:19 +00:00
Xavier Guimard
16a29be9fa LEMONLDAP::NG : error display in SOAP 2008-12-07 20:07:52 +00:00
Xavier Guimard
b9ba2337e4 LEMONLDAP::NG : now the portal can be called by browser or by SOAP 2008-12-07 14:12:36 +00:00
Xavier Guimard
68d447b422 LEMONLDAP::NG : typo 2008-12-07 12:15:40 +00:00
Xavier Guimard
53dc4bbbf4 LEMONLDAP::NG : * To avoid XSS, 3 controls : 
1) url must be base64 encoded
                  2) urldc is serialized on 1 line ("s/[\r\n]//sg")
                  3) urldc must not contains '"`\0<
                * Common/CGI can now intercept SOAP requests
 2008-12-07 09:02:44 +00:00
Xavier Guimard
8b4f38e58c LEMONLDAP::NG : XSS prevention 2008-12-06 10:26:24 +00:00
Xavier Guimard
66c60cc416 LEMONLDAP::NG : * branche 0.9.2 is missing 
* ' and " are now filtered in url in Portal.pm
 2008-12-06 07:27:35 +00:00
Xavier Guimard
5f552f4085 LEMONLDAP::NG : minnor things 2008-12-03 18:30:57 +00:00
Clément Oudot
35df5dddb8 LEMONLDAP::NG : Enforce XSS protection by deleting bad urls 2008-12-03 16:41:30 +00:00
Xavier Guimard
24a14caeda LEMONLDAP::NG : * Security fix : redirections in portal must be in protected sites 
* perltidy in Manager/Sessions.pm
                * Doxygen in progress...
 2008-12-03 16:05:27 +00:00
Xavier Guimard
fbc8b7bfd2 LEMONLDAP::NG : * security fix => XSS 
* Begin Doxygen documentation
 2008-12-03 13:27:30 +00:00
Xavier Guimard
de7edc7387 LEMONLDAP::NG : better manner to delete cookie 2008-12-01 13:39:52 +00:00
Xavier Guimard
d7bbb44924 LEMONLDAP::NG : * change default value for existing sessions : now, it's PE_DONE 
* after POST and logout, Portal generates a redirection to itself unless an url is given. This help MSIE to relog after logout
 2008-12-01 09:36:02 +00:00