dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,506 Commits 3 Branches 0 Tags 75 MiB
50f28ca6b9
Commit Graph

458 Commits

Author SHA1 Message Date
Clément Oudot
4a1f957fdd Set trunk version to 1.9.0 2015-12-18 09:31:36 +00:00
Xavier Guimard
2df6075dfa Persistent sessions explorer in progress 2015-12-18 06:17:30 +00:00
Xavier Guimard
6daa0bc77b Strange bug 
It happends when serveur is restarted and the first call to portal uses
"?logout=1" with a valid session
 2015-12-16 20:44:27 +00:00
Xavier Guimard
3372341fec Start authChoice management 2015-12-12 13:18:48 +00:00
Xavier Guimard
5a3fc1bfed Adapt "multi" system to the new manager 
IMPORTANT: auth and userDB stacks are now in distinct keys
 2015-12-10 20:05:29 +00:00
Clément Oudot
8c109061a9 Return error if no OpenID Provider configured (#183) 2015-10-22 13:40:11 +00:00
Clément Oudot
a6821a7fca Fix trailing slash in post logout URL (#183) 2015-10-22 09:24:18 +00:00
Clément Oudot
df59540d22 make tidy 2015-10-22 08:40:12 +00:00
David COUTADEUR
7fd8390c85 correcting typo for #822 feature (checking pwdLastSet in AD is not sufficient) 2015-10-08 12:49:32 +00:00
Clément Oudot
d1540c280f Move AD specific code in AuthAD and check userAccountControl before displaying expiration warning (#822) 2015-10-06 09:39:23 +00:00
Clément Oudot
ad0c56cb84 Manage password expiration for AD authentication backend (#822) 2015-10-05 14:07:24 +00:00
Clément Oudot
b05fab6eac Dump variables stored in session in debug mode (#792) 2015-09-25 15:29:57 +00:00
Clément Oudot
b8d8b01ea4 Create hGroups to store groups as an HashRef: 
* Allows to store multivaluated attributes of groups (#792)
* Remove duplicate groups when using recursive groups (#823)
 2015-09-25 09:43:04 +00:00
Clément Oudot
f8d9274a2c Store multi full module name in another session variable (#715) 2015-09-24 06:58:21 +00:00
Clément Oudot
62a8fb17ac Fix SOAP data formatting (#850) 2015-09-23 09:02:47 +00:00
Clément Oudot
99953c14eb Add _lastSeen to default exported attributes with SOAP (#845) 2015-09-23 08:31:46 +00:00
Xavier Guimard
9298c07510 Typo 2015-09-22 05:38:23 +00:00
Clément Oudot
fa95ab2ee7 Possibility to define extra claims (#184) 2015-06-19 09:06:13 +00:00
Clément Oudot
c5a6d3f31c Force Base64 URL for JWT signature (#184) 2015-06-18 12:47:35 +00:00
Xavier Guimard
87fd52a0ab Update copyrights 2015-06-18 11:00:24 +00:00
Clément Oudot
13dc6d5755 Fix 'exp' field in ID Token (#184) 2015-06-18 10:20:15 +00:00
Clément Oudot
96207ab19d Support URL for application logo (#183) 2015-06-16 15:43:07 +00:00
Clément Oudot
15cfb0ed43 Support URL for application logo (#184) 2015-06-16 15:34:11 +00:00
Clément Oudot
ef43679ce1 Manage session not found in portal (#825) 2015-06-12 10:56:38 +00:00
Clément Oudot
12890c4512 Fix oidcStorageOptions initialization (#184) 2015-06-12 07:51:37 +00:00
Clément Oudot
e3af829e5a Remove portalAutocomplete configuration (#824) 2015-06-11 12:59:20 +00:00
Clément Oudot
b81aea14b4 Define an ID for public key (#184) 2015-06-05 12:55:06 +00:00
Clément Oudot
fe77ab4dbb CHeck session iframe with CORS for session management (#184) 2015-06-01 18:22:36 +00:00
Clément Oudot
05ecd34598 Parameter to define allowed flows (#184) 2015-05-29 16:49:32 +00:00
Clément Oudot
121e578b7e Parameter to allow dynamic client registration (#184) 2015-05-29 10:07:54 +00:00
Clément Oudot
b66a90e197 Register dynamic client in configuration (#184) 2015-05-29 08:50:51 +00:00
Clément Oudot
ab0b6e7190 Display correct skin in register page (#818) 2015-05-11 14:06:20 +00:00
Clément Oudot
f82a7319be Display correct skin in mail reset page (#818) 2015-05-11 13:50:55 +00:00
Clément Oudot
fe2ad66a29 Add attributes in CAS serviceValidate response (#773) 2015-05-09 17:49:56 +00:00
Clément Oudot
ad2c67c2ba Support Request URI (#184) 2015-04-30 06:09:51 +00:00
Clément Oudot
159f71fd25 Verify Request JWT signature (#184) 2015-04-25 15:19:12 +00:00
Clément Oudot
94f1065e5d Accept 'request' parameter in authorization requests (#184) 2015-04-22 17:16:32 +00:00
Clément Oudot
0b3f9a78ff Parse UserInfo response as JWT (#183) 2015-04-18 08:36:42 +00:00
Clément Oudot
1c0df34268 Replace version 2.00 by 2.0.0 2015-04-15 14:18:38 +00:00
Clément Oudot
9520bef489 Manager UserInfo signature (JWT response) (#184) 2015-04-14 18:42:02 +00:00
Clément Oudot
572636ead1 Use Base64 URL to decode JWT (#184) 2015-04-11 11:15:01 +00:00
Clément Oudot
a63918d28f Return session state for session management (#184) 2015-04-07 09:04:17 +00:00
Clément Oudot
ac5f76f898 Option to deactivate nonce (#183) 2015-04-03 13:45:38 +00:00
Clément Oudot
a17159f105 Don't send max_age if value is 0 (#183) 2015-04-03 13:23:52 +00:00
Clément Oudot
3ad495f824 Call endsession point in authLogout (#183) 2015-04-03 13:00:30 +00:00
Clément Oudot
328a280601 Work on implementation of OIDC logout (#184) 2015-04-03 09:05:36 +00:00
Clément Oudot
841f057c25 Work on implementation of OIDC logout (#184) 2015-04-02 16:54:00 +00:00
Clément Oudot
85650ae3be Start implementation of OIDC logout (#184) 2015-04-02 07:02:21 +00:00
Clément Oudot
72aecd6cf1 Configuration of Authentication Class Ref (#184) 2015-04-01 15:45:08 +00:00
Clément Oudot
b9494d1b0a Check iat (#183) 2015-04-01 15:10:08 +00:00
Clément Oudot
0fa5cf2614 Use max_age, ui_locales and acr_values (#183) 2015-04-01 14:51:49 +00:00
Clément Oudot
01aec28467 Use prompt (#183) 2015-04-01 13:00:31 +00:00
Clément Oudot
865551989b Use display (#183) 2015-04-01 12:53:18 +00:00
Clément Oudot
9936ade26b Use nonce (#183) 2015-03-31 16:07:50 +00:00
Clément Oudot
2e0f1b7088 Start of registration endpoint implementation (#184) 2015-03-30 15:57:23 +00:00
Clément Oudot
b14ec43a88 Check redirect_uri (#184) 2015-03-30 12:58:56 +00:00
Clément Oudot
da31a15cb9 Add support for RS256/RS384/RS512 to sign ID Tokens (#184) 2015-03-27 15:13:00 +00:00
Clément Oudot
895d7f3ef1 Display pretty JSON (#184) 2015-03-27 14:33:13 +00:00
Clément Oudot
d22853d775 Support for JWKS URI and signing public key (#184) 2015-03-27 14:21:43 +00:00
Clément Oudot
f8e37c0c8b Use SAML message creation time to set netBefore and notOnOrAfter (#799) 2015-03-27 08:29:12 +00:00
Clément Oudot
6c5487ab0e Check prompt parameter when displaying consent (#184) 2015-03-27 08:25:36 +00:00
Clément Oudot
9f06668eef Check id_token_hint request parameter for authenticated user (#184) 2015-03-25 16:13:09 +00:00
Clément Oudot
46e3b460c1 Check max_age request parameter for authenticated user (#184) 2015-03-25 16:11:45 +00:00
Clément Oudot
e1794d1be7 Check prompt request parameter for authenticated user (#184) 2015-03-25 14:55:46 +00:00
Clément Oudot
80480e302c Prompt parameter is a space delimited value (#184) 2015-03-25 13:48:36 +00:00
Clément Oudot
1937448419 Check hidden fields in issuerForUnAuthUser (#184) 2015-03-25 11:53:03 +00:00
Clément Oudot
158c097e66 Manage login_hint request parameter (#184) 2015-03-25 11:40:58 +00:00
Clément Oudot
70bcd003f6 Manage ui_locales request parameter (#184) 2015-03-25 11:15:31 +00:00
Clément Oudot
c6589a7f7b Check display and prompt request parameters for unauthenticated user (#184) 2015-03-25 10:54:00 +00:00
Clément Oudot
c07f698bdb Manage consent refuse and server_error errors (#184) 2015-03-25 09:11:46 +00:00
Clément Oudot
8e06ec1bd1 Get all OIDC parameters on authorization endpoint and check required ones (#184) 2015-03-24 17:01:15 +00:00
Clément Oudot
699303cf47 Use redirection for errors on authorization endpoint (#184) 2015-03-24 16:40:00 +00:00
Clément Oudot
45ed174666 Generate at_hash at token endpoint (#184) 2015-03-23 17:04:00 +00:00
Clément Oudot
2ff0b7277a Add hybrid flow support (#184) 2015-03-23 11:54:22 +00:00
Clément Oudot
539f241725 Generate at_hash in ID Token for implicit flow (#184) 2015-03-19 17:04:13 +00:00
Clément Oudot
c3cb985323 Manage access token hash in RP (#183) 2015-03-19 15:28:58 +00:00
Clément Oudot
4e7f4eb85e Use nonce in Authentication Code Flow (#184) 2015-03-17 12:56:11 +00:00
Clément Oudot
89e3678bdf Manage OIDC Implicit Flow (#184) 2015-03-17 11:01:11 +00:00
Clément Oudot
33bc52b619 Skeleton to manage different OIDC response types (#184) 2015-03-16 17:00:56 +00:00
Clément Oudot
71bc645d51 Authentication Context in ID Token (#184) 2015-03-13 12:54:04 +00:00
Clément Oudot
23b2c6f996 Configure Access Token expiration (#184) 2015-03-13 11:09:39 +00:00
Clément Oudot
74958870bb Auth time and expiration in ID Token (#184) 2015-03-13 10:54:36 +00:00
Clément Oudot
6d6d7e6424 Fix typo on Relying Party (#184) 2015-03-11 16:24:10 +00:00
Clément Oudot
167fdb66c4 Possibility to configure attribute used to fill OIDC User ID (#184) 2015-03-11 16:16:37 +00:00
Clément Oudot
55fe1a5ec8 Refactor code that build authz response (#184) 2015-03-11 15:47:24 +00:00
Clément Oudot
ca146c7525 Remove unused imports (#184) 2015-03-11 15:07:00 +00:00
Clément Oudot
f3dcec7ad7 Display user friendly messages for scope consent (#184) 2015-03-11 14:34:31 +00:00
Clément Oudot
495da0dde5 Check accepted scope in consent step (#184) 2015-03-11 13:53:58 +00:00
Clément Oudot
2d015ebdcd Possibility to change backend for OIDC sessions (#184) 2015-03-11 11:39:20 +00:00
Clément Oudot
6f128235af Set version 2.00 in the trunk 2015-03-11 09:05:04 +00:00
Clément Oudot
7a7bb1fbda make tidy on all files 2015-03-10 15:07:33 +00:00
Clément Oudot
a31663cf38 Delete captcha session only when authentication process is finished (#788) 2015-03-09 16:44:19 +00:00
Xavier Guimard
53e41d145c Auth modules must be set 2015-03-09 15:55:46 +00:00
Clément Oudot
ef4af6b3f2 ID Token signature configuration (#184) 2015-02-19 18:04:29 +00:00
Clément Oudot
d1d97d16c3 Set _utime in OIDC sessions (#184) 2015-02-19 15:17:49 +00:00
Clément Oudot
68607ca947 Implement UserInfo endpoint (#184) 2015-02-04 13:25:13 +00:00
Clément Oudot
968f0e065a Check authentication on token endpoint (#184) 2015-02-02 09:44:33 +00:00
Clément Oudot
9f69f03b09 Store scope in access token session (#184) 2015-01-31 15:17:56 +00:00
Clément Oudot
31e0a1cfb5 Obtain user consent for OpenID Connect requested scope (#184) 2015-01-31 14:34:52 +00:00
Clément Oudot
3c3cc39d0c Check sub of UserInfo JSON (references #183) 2015-01-31 14:33:05 +00:00