Clément Oudot
0ae2585a97
SAML: manage artifact (work in progess)
2010-04-09 16:42:50 +00:00
Clément Oudot
7fef157210
SAML: possibility to configure a different storage for SAML objects (samlStorage) than sessions storage (globalStorage)
2010-04-09 13:27:54 +00:00
Clément Oudot
46808d3f78
SAML: manage artifact (work in progess)
2010-04-08 16:28:10 +00:00
Clément Oudot
9bb7adb3c3
SAML: catch artefact resolution URL
2010-04-08 11:03:53 +00:00
Clément Oudot
e34c8409b1
SAML: escape URL strings in regexp
2010-04-08 10:16:13 +00:00
Clément Oudot
fb9f964515
SAML: move use POSIX from AuthSAML to _SAML
2010-04-08 09:43:28 +00:00
Clément Oudot
cdaea23ac5
SAML: create methods to convert timestamp and SAML2 dates, and set all dates in assertion created by IDP
2010-04-08 09:39:53 +00:00
Clément Oudot
89bf4a6630
SAML: build assertion
2010-04-07 16:37:23 +00:00
Clément Oudot
ecf5612e4f
SAML:
...
* Build artifact or complete SSO reponse message
* Send SSO response message
* Correct a bug when loading relayState in POST fields
2010-04-07 15:14:17 +00:00
Clément Oudot
f9e8ce7092
SAML: validate request message
2010-04-07 12:27:50 +00:00
Clément Oudot
7859ba292a
SAML: trust hidden fields when they are present
2010-04-07 10:11:21 +00:00
Thomas CHEMINEAU
341f9f944f
SAML: first work on issuerForAuthUser into IssuerDBSAML.pm
2010-04-02 16:19:10 +00:00
Thomas CHEMINEAU
0974c128ec
SAML: fix a little bug
2010-04-02 15:34:44 +00:00
Thomas CHEMINEAU
7202a6651f
SAML: manage hidden values for SAML authentication request
2010-04-02 15:28:29 +00:00
Clément Oudot
119386dca7
SAML: use checkMessage in AuthSAML
2010-04-02 14:47:17 +00:00
Clément Oudot
e21b4c936a
SAML: intercept artefact resolution URL in SP
2010-04-02 11:41:44 +00:00
Thomas CHEMINEAU
fa039d2114
Store hidden informations in forms
...
* SAML: store SAMLRequest in IssuerDBSAML, just before to redirect to IDP
* Simple: add functions to manage hidden values for forms
2010-04-02 09:17:02 +00:00
Clément Oudot
f87d6b9b3d
SAML: IDP requestedAuthnContext option
2010-04-01 16:32:51 +00:00
Clément Oudot
a11caf800f
SAML: IDP isPassive option
2010-04-01 14:40:29 +00:00
Clément Oudot
bb86139ce4
SAML: work on SSO/SLO signature options
2010-04-01 14:18:37 +00:00
Clément Oudot
6d505c9468
SAML: IDP option to validate SSO response signature -not working now
2010-04-01 12:51:32 +00:00
Clément Oudot
70f853e681
SAML: IDP option to sign SSO requests
2010-04-01 09:55:33 +00:00
Clément Oudot
7f91ef3c83
SAML: was set too late
2010-03-26 16:47:17 +00:00
Thomas CHEMINEAU
ba6bb76549
SAML:
...
- Move part of the code into _SAML.pm so that it could be reused;
- Create the method checkMessage that check SAML requests and responses.
2010-03-26 16:02:27 +00:00
Thomas CHEMINEAU
e7103c56c5
SAML: implementing issuerForUnAuthUser
2010-03-26 13:56:37 +00:00
Clément Oudot
07c528d6fd
SAML: update POD
2010-03-26 09:35:31 +00:00
Clément Oudot
53d5212068
SAML: remove HTTP-GET binding since it is not supported by SAML2 (replaced by HTTP-REDIRECT)
2010-03-25 16:43:34 +00:00
Thomas CHEMINEAU
b67654d42d
SAML: code to load SP metadata
2010-03-25 14:44:38 +00:00
Thomas CHEMINEAU
dec9d562d8
SAML: work in progress in IssuerDBSAML
2010-03-25 11:24:52 +00:00
Thomas CHEMINEAU
a3a80947bc
SAML: move code that load SAML services and IDPs into _SAML
2010-03-25 11:01:32 +00:00
Clément Oudot
409ceb953c
SAML: option to adapt session _utime with SessionNotOnOrAfter
2010-03-25 10:02:53 +00:00
Clément Oudot
bc7df7b3bc
SAML: correct NAME POD section to prevent lintian warning
2010-03-25 08:55:42 +00:00
Clément Oudot
bd9c9d13dc
LDAP: change test for Net::LDAP minimal version for ppolicy feature
2010-03-24 15:53:55 +00:00
Clément Oudot
953806ed93
SAML: manage SessionNotOnOrAfter but do not adapt session _utime yet
2010-03-24 13:44:24 +00:00
Clément Oudot
aa5831493a
SAML: add AllowLoginFromIDP option
2010-03-24 13:01:14 +00:00
Clément Oudot
5c26f07d27
SAML: proxy restriction was not working, now it is set in authn request conditions
2010-03-24 12:33:45 +00:00
Clément Oudot
bac76b680d
LDAP: option to change the password as user (and not as managerDn)
2010-03-24 10:00:52 +00:00
Clément Oudot
fa05c16e02
OpenID: warning message for IssuerDBOpenID use
2010-03-15 10:57:17 +00:00
Clément Oudot
7692cefd95
Portal: all is ready for AuthOpenID
2010-03-15 09:53:56 +00:00
Clément Oudot
099c846d42
perltidy + manager bug with node created from special parent nodes
2010-03-13 17:39:50 +00:00
Clément Oudot
5a61c04a2d
SAML: use correct IDP name in confirmation message
2010-03-13 16:49:33 +00:00
Clément Oudot
f80620fae4
SAML: No need to force default nameIDFormat value
2010-03-12 16:19:41 +00:00
Clément Oudot
44aeddbc5c
Bug with samlIDPMetaDataOptions upload and use make tidy
2010-03-11 15:00:59 +00:00
Clément Oudot
ce8d8ee84e
SAML: correct a bug if no NameIDFormat were given
2010-03-11 12:00:25 +00:00
Xavier Guimard
d439cab42e
* Little CSS for abort()
...
* Comments for lemonldap-ng.ini
* lemonldap-ng.ini was not well read in Manager
* New target 'unprotect' in rules
* Status update
2010-03-09 21:42:31 +00:00
Clément Oudot
058ab93a15
SAML: manage HTTP method choice for SLO
2010-03-05 17:11:40 +00:00
Clément Oudot
ae4ff763df
SAML: manage HTTP method choice for SSO
2010-03-05 16:57:11 +00:00
Clément Oudot
8564389fa7
SAML: manage IDP resolution rules
2010-03-05 15:37:16 +00:00
Clément Oudot
8d1793b7bc
SAML: check OneTimeUse and Issuer (for proxy test)
2010-03-05 15:23:49 +00:00
Clément Oudot
c2b7c07dc1
SAML: use NameIDFormat option
2010-03-05 09:28:28 +00:00
Clément Oudot
0979ba0f28
SAML: use ForceAuthn option
2010-03-05 08:54:01 +00:00
Clément Oudot
71283e3596
SAML: attribute request in UserDBSAML
2010-03-03 16:54:23 +00:00
Xavier Guimard
40d2c70604
New target 'tidy' in Makefile
2010-03-01 20:32:28 +00:00
Clément Oudot
b5e2407728
SAML: get mandatory attributes - work in progress
2010-03-01 17:16:42 +00:00
Clément Oudot
13769b69f2
SAML: stop timer when choosing an IDP
2010-03-01 16:14:13 +00:00
Xavier Guimard
a746a440e6
perltidy
2010-03-01 10:45:04 +00:00
Clément Oudot
923e509226
SAML: split conditions validation between time and auience
2010-03-01 09:42:25 +00:00
Clément Oudot
1cecbe512d
SAML: Manage logout redirection URL trough RelayState in SLO
2010-03-01 09:19:28 +00:00
Clément Oudot
2c584cf7f7
SAML:
...
* Use authForce method to know if authentication should be forced
* Use a common method to store replay protection data
* Use _utime in relaystate state
* Let Lasso choose the defaut transport and binding for requests
2010-02-28 19:07:02 +00:00
Xavier Guimard
4634d58f36
AuthTwitter works now
2010-02-27 22:37:59 +00:00
Xavier Guimard
ec35e6c397
Skeleton for AuthTwitter
2010-02-27 16:20:11 +00:00
Xavier Guimard
226a40d5f6
AuthOpenID is ready !
2010-02-27 14:10:23 +00:00
Xavier Guimard
58c28c5732
* Inheritance instead of @EXPORT
...
* Purge CGI::Session dependency (LA)
2010-02-26 10:53:43 +00:00
Clément Oudot
7eefc6af1f
SAML: manage SOAP
2010-02-26 09:12:18 +00:00
Clément Oudot
9c228f7022
SAML: Manage relayState trough session backend
2010-02-25 11:39:55 +00:00
Clément Oudot
cc79d3cfe9
SAML: use the last configuration format for IDP metadata
2010-02-24 17:48:20 +00:00
Clément Oudot
9937568f97
SAML: manage SSO response trough Artifact
2010-02-24 15:24:54 +00:00
Clément Oudot
f0c29c779a
SAML:
...
* Manage SSO message like SLO message
* Send SLO request trough REDIRECT and POST
* Reponse to SSO request trough REDIRECT, POST and SOAP
* Reponse to SLO request trough REDIRECT, POST and SOAP
2010-02-24 10:11:01 +00:00
Clément Oudot
38060929fb
SAML:
...
* Use new configuration keys
* sum up replay protection code
2010-02-22 17:12:16 +00:00
Clément Oudot
fc542fa6b1
Portal: method to auto submit data through POST
2010-02-22 11:07:48 +00:00
Clément Oudot
7444d9802c
Portal: set content-type to application/xml for SOAP response
2010-02-22 10:08:14 +00:00
Xavier Guimard
d0cd16172c
IssuerOpenID skeleton
2010-02-21 20:17:13 +00:00
Xavier Guimard
fd40d830c8
AuthOpenID in progress
2010-02-21 14:47:16 +00:00
Xavier Guimard
6a2270b73d
OpenID authentication skeleton
2010-02-21 14:00:53 +00:00
Clément Oudot
3eac5ce288
Portal: display logout status to user
2010-02-20 11:44:05 +00:00
Clément Oudot
9766b8457a
SAML: SP SLO response trough HTTP-REDIRECT and SOAP
2010-02-19 11:33:34 +00:00
Clément Oudot
2238075912
SAML: SP SLO validate request
2010-02-18 17:42:31 +00:00
Clément Oudot
bd2c92f207
SAML: SP SLO in progress
2010-02-18 17:22:04 +00:00
Clément Oudot
a6d7f7a3a3
SAML:
...
* Send correct logout request
* Use getMetaDataURL to get URL from metadata configuration keys
2010-02-18 09:58:59 +00:00
Clément Oudot
46764465b2
SAML: SP SLO in progress
2010-02-17 17:37:38 +00:00
Clément Oudot
4c5d286196
SAML: rename keys of samlIDMetaData hash
2010-02-17 15:34:19 +00:00
Clément Oudot
5b34644e10
SAML: SLO initiated by SP (not achieved)
2010-02-17 15:13:00 +00:00
Clément Oudot
b9a6eb6743
SAML: replay protection was buggy
2010-02-17 12:02:11 +00:00
Clément Oudot
3da1b1ed19
SAML: conditions validations corrected in Lasso
2010-02-17 11:51:01 +00:00
Clément Oudot
d5d56f7649
SAML: conditions validation
2010-02-15 17:03:07 +00:00
Clément Oudot
88b81bf2aa
SAML: assertion replay protection
2010-02-15 13:44:06 +00:00
Clément Oudot
12668e7cc2
SAML: register attributes from SAML authn statement in session
2010-02-12 14:26:45 +00:00
Clément Oudot
71f142316f
SAML:
...
* IDP metadata are in metadata key
* Use IDP internal ID instead of entityID to keep choosen IDP information
* Use base64 encoding for RelayState value
2010-02-12 10:53:43 +00:00
Clément Oudot
cb7f7f8bd1
SAML: first complete SP cinematic implementation
2010-02-11 12:39:42 +00:00
Xavier Guimard
27769948f3
* abort instead of log when apps.list is deprecated
...
* lmMigrateConfFiles2ini does not quit if storage.conf is missing so it can be launched more than one time
2010-02-11 08:44:57 +00:00
Clément Oudot
e323fe1cf5
SAML: customize authentication request
2010-02-10 17:18:46 +00:00
Clément Oudot
be4198a31e
SAML: Lasso can now use ; in query string
2010-02-10 10:59:20 +00:00
Clément Oudot
f265cbce57
SAML: NameID management
2010-02-09 20:49:23 +00:00
Clément Oudot
e891c13ad3
SAML: use query_string and get name identifier
2010-02-09 09:02:39 +00:00
Clément Oudot
040aea4dfb
SAML:
...
* Redirect user to IDP SSO URL
* Catch IDP response for HTTP-REDIRECT binding
2010-02-08 17:24:45 +00:00
Xavier Guimard
788f688d78
little thing
2010-02-08 10:21:34 +00:00
Xavier Guimard
be93f8dc47
Somes fixes
2010-02-08 10:16:28 +00:00
Xavier Guimard
fad774f41b
Fix some little bugs
2010-02-08 10:06:21 +00:00
Clément Oudot
434f8ea286
SAML: better organization name management
2010-02-05 17:18:09 +00:00
Clément Oudot
9b0c8ef9c1
SAML: use serviceToXML
2010-02-05 16:14:05 +00:00
Clément Oudot
3606362946
LDAP:
...
* Add ldapGroupRecursive to enable recursive group search
* Create searchGroup method in _LDAP
* Create getLdapValue method in _LDAP to manage DN and multi-valued attributes
2010-02-05 14:17:55 +00:00
Clément Oudot
dae6b880be
Portal: force authentication is now working
2010-02-05 10:21:48 +00:00
Clément Oudot
a1976436b6
SAML: build authentication request
2010-02-04 16:02:02 +00:00
Clément Oudot
3a3ec647e9
SAML: IDP choice
2010-02-04 12:30:18 +00:00
Clément Oudot
a15fdcaaae
SAML:
...
* Lasso error can be a string or a Lasso::Error object
* Use private key to create Lasso::Server
* Perl binding bug resolution waiting: some method arguments should accept NULL values
2010-02-03 10:59:53 +00:00
Clément Oudot
79075b8e5c
SAML: do not force optional parameters in add_provider_from_buffer
2010-02-02 22:16:29 +00:00
Clément Oudot
8b883bc147
SAML: typo in Lasso method
2010-02-02 21:55:25 +00:00
Clément Oudot
718e4fa136
SAML: add IDP in Lasso::Server
2010-02-01 17:07:40 +00:00
Clément Oudot
bcfdac9dd1
SAML: catch Glib messages
2010-02-01 15:24:56 +00:00
Clément Oudot
8abef3a99b
SAML:
...
* perltidy
* use XML::Simple instead of XML::LibXML to parse XML
* Add initializeFromConfHash method to use directly configuration hash object
* Create Lasso server with metadata in buffers rather than XML files
2010-02-01 14:01:28 +00:00
Xavier Guimard
01785de792
* "SKIP" in SAML tests
...
* "= splice @_" instead of "= @_" avoid memory duplication
2010-01-31 08:25:05 +00:00
Clément Oudot
ccbb52c13c
SAML: create Lasso Server
2010-01-29 17:33:35 +00:00
Clément Oudot
5dd981fa85
SAML: load Lasso method
2010-01-29 10:44:56 +00:00
Clément Oudot
90a08dbbde
Portal/Multi:
...
* Get the correct _auth and _userDB value when using Multi
* Resolve a bug: functions of modules loaded in _Multi were not available for _subProcess
* Use a common loadModule method between Simple.pm and _Multi.pm
* Do not consider PE_FORMEMPTY and PE_FIRSTACCESS as errors in Multi process
2010-01-28 14:47:51 +00:00
Clément Oudot
760f62e534
Portal: set _auth, _userDN, _passwordDB and _issuerDB in session, to know which module was used to open the session of the user
2010-01-27 16:30:19 +00:00
Clément Oudot
b904587edd
Portal: portalForceAuthn option was unusable with Menu password change
2010-01-27 14:04:41 +00:00
Clément Oudot
1f243e0a20
Portal: possibility to force reauthentication (set portalForceAuthn = 1)
2010-01-25 17:40:46 +00:00
Clément Oudot
5aa74c08d6
Portal: allow passwordDBNull in Menu.pm
2010-01-25 14:32:22 +00:00
Clément Oudot
86b18ea609
Portal: Null modules for authentication and passwordDB
2010-01-25 14:20:51 +00:00
Clément Oudot
95e29fd733
Portal: change _password value in session when user changes its password
2010-01-22 21:54:58 +00:00
Clément Oudot
3222021897
Portal:
...
* Use HTML templates to send fancy reset password mail, with translations
* Send the new password by mail instead of diplaying it n the web page
* Remove the need to configure : the value is now set with help of {DOCUMENT_ROOT}
2010-01-22 11:25:37 +00:00
Clément Oudot
f6c250207c
Portal - new feature: token to reset password by mail:
...
* A token is sent when user ask for password reset
* The token is linked to an apache session
* The password is reset if the token is valid
2010-01-21 17:38:55 +00:00
Clément Oudot
81f510a6e5
Menu:
...
* XML conf is now deprecated, applicationList configuration parameter is used
* Remove all XML related code
* filter applications under applications
* Hide empty categories
2010-01-20 17:17:21 +00:00
Clément Oudot
15e77c7d88
Portal SOAP:
...
* perltidy
* Add process stages in getCookies
* Move _buildSoapHash in private methods parts
* Create getXmlMenu method in /config
* Update buildPortalWSDL script
2010-01-19 16:50:38 +00:00
Thomas CHEMINEAU
bb7881bcec
add a WSDL tag to isAuthorizedURI SOAP method
2010-01-18 15:39:01 +00:00
Clément Oudot
5af1db1c3e
Portal: move ppolicy warnings from menu to information page
2010-01-15 22:01:04 +00:00
Clément Oudot
9477aa69af
Portal: confirm template amelioration
2010-01-12 11:19:13 +00:00
Xavier Guimard
e642a1d270
PE_CONFIRM stop _Multi::try()
2010-01-12 11:19:12 +00:00
Xavier Guimard
bdbeda9494
i18n update
2010-01-12 11:12:46 +00:00
Clément Oudot
bea600dff4
Portal: info template amelioration
2010-01-12 11:07:31 +00:00
Xavier Guimard
7d98447f5e
PE_CONFIRM target
2010-01-12 11:05:01 +00:00
Xavier Guimard
271c4767a8
Link to delete other sessions
2010-01-12 10:36:04 +00:00
Xavier Guimard
effa0b9fa6
Notify existing sessions and deleted sessions if wanted
2010-01-12 09:53:49 +00:00
Clément Oudot
dc2556386d
Portal: little corrections
2010-01-11 16:58:57 +00:00
Xavier Guimard
d181da867b
* perltidy
...
* new feature : info can be displayed by portal => used to notify deleted sessions
* notifyDeleted in the manager
2010-01-11 16:04:36 +00:00
Clément Oudot
dc3d9558fe
Portal: create a grantSession stage in process()
2010-01-11 14:02:43 +00:00
Clément Oudot
cad747f629
Menu: use configuration instead of XML file - work in progress
2010-01-08 11:51:04 +00:00
Thomas CHEMINEAU
72e0247f03
fixes #314372 - introduce isAuthorizedURI SOAP function
2010-01-07 11:07:48 +00:00
Xavier Guimard
8102f72d50
POD updates :
...
* spelling errors found by Lintian
* encoding utf8
2010-01-03 08:09:59 +00:00
Clément Oudot
ee62c967b9
Reset password by mail for DBI backend
2009-12-30 19:42:17 +00:00
Xavier Guimard
23ee91c414
Modify _DBI::checkPassword to make it reuseable by another module than AuthDBI
2009-12-22 08:46:54 +00:00
Clément Oudot
0a618cda34
Refactor DBI code in _DBI.pm and SMTP code in _SMTP.pm
2009-12-21 22:28:38 +00:00
Xavier Guimard
4d47d92749
* Debian upgrade for jquery management
...
* SQL injection protection for DBI
* Regexp to control user field
* Missing parameters in _Struct.pm
* Bad errors management in Uploader
2009-12-19 08:57:59 +00:00
Clément Oudot
a8601a0e5f
portalOpenLinkInNewWindow parameter
2009-12-17 14:10:39 +00:00
Clément Oudot
5b82343808
Reorganize issuer methods in process()
2009-12-16 15:53:49 +00:00
Clément Oudot
578d0a0d59
Add in li classes to enable CSS icon customization in IE 6
2009-12-15 17:21:37 +00:00
Xavier Guimard
dcd4905342
* Update Perl and Debian dependencies, and debian/rules for the new manager
...
* Add pod skeleton for Manager.pm
* correct pod for IssuerDB*
2009-12-13 15:40:33 +00:00
Xavier Guimard
5b2363b959
perltidy
2009-12-11 21:17:06 +00:00
Xavier Guimard
b301a5b5c8
New manager
2009-12-11 18:17:00 +00:00
Xavier Guimard
04ed7be634
exported vars are now asked to the LDAP server (instead of *)
2009-12-10 21:48:43 +00:00