dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,436 Commits 3 Branches 0 Tags 75 MiB
60296f0143
Commit Graph

1261 Commits

Author SHA1 Message Date
Xavier Guimard
920e0630a1 Closes #112 : Handler/AuthBasic does not use local cache 2010-06-21 13:35:36 +00:00
Clément Oudot
3b6e0567ee SAML: store SAML Token in session (#110) 2010-06-18 13:07:20 +00:00
Clément Oudot
11761807f4 SAML: do not send empty Attribute Statement (#109) 2010-06-18 07:50:37 +00:00
Clément Oudot
af0f4ef88e SAML: force NameID format if requested format is unspecified (#108) 2010-06-17 13:29:53 +00:00
Clément Oudot
e33f7c2efc SAML: 
* Use table instead of list for SP SLO status
* Catch SLO response and display status logo (#106)
 2010-06-16 16:17:05 +00:00
Clément Oudot
885966f04b SAML: error in SAML POST field name (#56) 2010-06-16 13:08:18 +00:00
Clément Oudot
1aec1902f5 SAML: create POST relay mechanism to send POST SLO requests (#56) 2010-06-16 10:32:43 +00:00
Clément Oudot
8ffd3e6244 Display status of SLO request in debug level (#78) 2010-06-14 15:42:32 +00:00
Clément Oudot
d1d0accae6 Rebuild logout object before sending SLO response (#78) 2010-06-14 15:29:37 +00:00
Clément Oudot
ebc421d335 Return directly if no local session (#105) 2010-06-14 14:52:52 +00:00
Thomas CHEMINEAU
47f5d94097 SAML #97 - group some security parameters 2010-06-14 14:45:06 +00:00
Thomas CHEMINEAU
c0c246516e SAML #97 - Allow generating a private key with password 2010-06-14 14:33:38 +00:00
Clément Oudot
021f89d918 Check session before closing it (#105) 2010-06-14 14:18:27 +00:00
Thomas CHEMINEAU
16435b7444 SAML #97 - Add config parameter into the manager for private key password 2010-06-14 12:51:17 +00:00
Xavier Guimard
22387615fb Permit direct OpenID server side direct authentication 2010-06-14 06:19:34 +00:00
Clément Oudot
6bc5246690 Send SOAP SLO request to other entities when receiving a SOAP SLO request on IDP (#78) 2010-06-11 14:50:28 +00:00
Clément Oudot
98a9b6ef40 SAML: delete secondary SAML sessions (#100) 2010-06-11 14:13:26 +00:00
Clément Oudot
a570447179 SAML: use another method to set NameID in Attribute request (#83) 2010-06-11 13:49:33 +00:00
Clément Oudot
62befdfe19 Add utility function for HTTP-BASIC and string encoding (#99) 2010-06-11 13:00:05 +00:00
Clément Oudot
a62484dc91 SAML: manage SOAP SLO request - work in progress (#78) 2010-06-11 10:17:43 +00:00
Clément Oudot
c6ff319439 SAML: add unit test for SAML date with milliseconds 2010-06-11 08:48:00 +00:00
Clément Oudot
2b7cbd4d83 SAML: 
* IDP Option to check conditions (#98)
* Extend SAML date format (add milliseconds)
 2010-06-10 15:01:05 +00:00
Clément Oudot
a2921f9d10 SAML: add encryption key in attribute authority metadata (#96) 2010-06-10 10:06:42 +00:00
Thomas CHEMINEAU
4b8100fca4 SAML #89 - remove samlServicePrivateKey 2010-06-09 08:54:48 +00:00
Thomas CHEMINEAU
3fb6a0ccd1 SAML #89 - Now use a different private key for encryption when creation Lasso::Server object 2010-06-09 08:42:30 +00:00
Thomas CHEMINEAU
da5e716bef SAML #89 - remove unused samlIDPSSODescriptorKeyDescriptorSigning and samlSPSSODescriptorKeyDescriptorSigning parameters 2010-06-08 16:27:54 +00:00
Thomas CHEMINEAU
a410b90dc4 SAML #89 - metadata file of the service now use newly defined public keys parameter 2010-06-08 16:20:17 +00:00
Clément Oudot
2ab40fea15 Soap is not required for SAML (#91) 2010-06-08 13:19:00 +00:00
Xavier Guimard
11dd597a41 Some Lintian tips 2010-06-08 10:39:34 +00:00
Thomas CHEMINEAU
d222dfb9c1 SAML #89 - adding an image to indicate that the process of generate keys is in progress 2010-06-07 16:00:18 +00:00
Thomas CHEMINEAU
4e99c602de SAML #89 - Fix html encoding of french character, and disallow download button when empty file 2010-06-07 15:47:23 +00:00
Clément Oudot
93554bf48a Update MANIFEST for Manager 2010-06-07 15:38:05 +00:00
Clément Oudot
7e031e199a SAML: minor corrections for forceAuthn flag management (#34) 2010-06-07 15:36:45 +00:00
Thomas CHEMINEAU
a54d53f160 SAML #89 - adding codes to generate private/public keys from manager 2010-06-07 15:26:16 +00:00
Clément Oudot
783d88eabb SAML: manage ForceAuthn flag from SP (#34) 2010-06-07 14:48:59 +00:00
Clément Oudot
05637bf0c4 SAML: set encryption mode on providers (none, nameid or assertion) (#49) 2010-06-04 15:54:52 +00:00
Thomas CHEMINEAU
ba78107135 SAML #89 - fix a little bug 2010-06-04 15:10:46 +00:00
Clément Oudot
dd615d0678 SAML: 
* Check values of requested attributes (#85)
* Refactor some code in _SAML (createAttribute and createAttributeValue)
 2010-06-04 14:23:41 +00:00
Thomas CHEMINEAU
346d901a15 SAML #89 - adding configuration key to store priv/pub keys for signature and encryption 2010-06-04 13:39:00 +00:00
Clément Oudot
241d972b07 SAML: Attribute format select in Manager (#87) 2010-06-04 10:22:12 +00:00
Xavier Guimard
208a4f34d2 Closes #82 : CDA always use secured cookie even if requested site is a http one 2010-06-04 08:43:42 +00:00
Xavier Guimard
47d38c7e3f New debconf translation (Closes: #584453 / bugs.debian.org) 2010-06-04 08:35:53 +00:00
Thomas CHEMINEAU
160c5f670a fix #35 - include more checks to test contents on identity dump 2010-06-03 14:02:15 +00:00
Clément Oudot
cc1eb344a7 SAML: get attributes in attribute response 2010-06-02 15:21:39 +00:00
Clément Oudot
101442179d Check format and friendly name from attribute (#84) 2010-06-02 14:51:39 +00:00
Clément Oudot
e928b770f7 SAML: browse SP authorized attributes and build attribute response (#2) 2010-06-02 13:45:37 +00:00
Clément Oudot
5ded22db86 Do not return errors in POST or SOAP response process, just quit if something is wrong 2010-06-02 09:12:35 +00:00
Clément Oudot
82b350a397 SAML: check NameID before extracting content 2010-06-02 09:08:33 +00:00
Clément Oudot
5444a9d3b4 SAML: 
* Grab NameID from attribute request and find corresponding session (#2)
* create a getSamlSession subroutine
 2010-06-02 09:04:07 +00:00
Clément Oudot
a27464e277 SAML: process and validate attribute request (#2) 2010-06-02 08:09:59 +00:00
Clément Oudot
67e3e0ee6b was not set 2010-06-01 15:42:35 +00:00
Clément Oudot
608e5e6b0a Little corrections for make test 2010-06-01 15:39:18 +00:00
Clément Oudot
8fe3e749a3 SAML: catch attribute service URL (#2) 2010-06-01 15:34:08 +00:00
Clément Oudot
e8c514f794 SAML: set NameID in attribute query (#2) 2010-06-01 14:43:49 +00:00
Clément Oudot
8c14ba24bf SAML: keep NameID in a SAML session to answer later attribute queries (#2) 2010-06-01 13:27:02 +00:00
Clément Oudot
00a952a372 SAML: create a new Lasso::Server object to manage attribute queries (#2) 2010-06-01 12:23:11 +00:00
Clément Oudot
d7cee9a4f9 Use redirection message in page title (#80) 2010-06-01 10:11:35 +00:00
Clément Oudot
bb9c7435cc POST fields are now hidden (#80) 2010-06-01 09:59:37 +00:00
Clément Oudot
6c1dc91ff0 SAML: set SessionNotOnOrAfter (#81) 2010-06-01 08:03:24 +00:00
Clément Oudot
ffeb9e3134 SAML: adjust HTTP-POST artifact binding (#75) 2010-05-31 15:46:41 +00:00
Xavier Guimard
aa06d53bcf New dependency not inserted in control files (Crypt::OpenSSL::X509) 2010-05-31 15:44:40 +00:00
Thomas CHEMINEAU
0f10a2c8ad SAML: fix #10 - remove certificate header and footer 2010-05-31 15:07:46 +00:00
Thomas CHEMINEAU
3cef8ecf0a SAML: fix #10 - support certificate into metadata 2010-05-31 14:57:34 +00:00
Clément Oudot
ec8892ef7f SAML: 
* Identity is no more required in attribute query
* Mandatory attributes are requested if not defined in SSO assertion (#79)
 2010-05-31 14:54:24 +00:00
Clément Oudot
b678ab454f SAML: test SessionNotOnOrAfter before converting it (#77) 2010-05-31 13:50:26 +00:00
Clément Oudot
9d3fd0ebd0 SAML: 
* Add Attribute Authority metadata (#3)
* Clean existing metadata (remove NameID management, and set NameIDFormat directly in XML)
 2010-05-31 10:37:43 +00:00
Clément Oudot
c0edd943db SAML: add an IDP option to force attribute value in UTF-8 (#72) 2010-05-28 15:31:20 +00:00
Clément Oudot
6964b09eb2 SAML: use HTTP method string in debug messages 2010-05-28 12:17:05 +00:00
Clément Oudot
b91cba9f32 SAML: adapt metadata to new Post bindings (#75) 2010-05-28 11:51:53 +00:00
Clément Oudot
82ff667d57 SAML: add POST binding to SAML services (#75) 2010-05-28 10:35:24 +00:00
Clément Oudot
b8c3f5e6ff SAML: transport url parameter in IDP choice screens (closes #73) 2010-05-28 08:03:13 +00:00
Clément Oudot
62d9cccaa0 SAML: #68 is not a Lasso bug 2010-05-27 15:53:32 +00:00
Clément Oudot
d6d50cca62 SAML: add SOAP binding in samlAssertion bindings list (#71) 2010-05-27 15:48:57 +00:00
Clément Oudot
cfec37d111 SAML: 
* Error message when no artifact resolution URL in profile
* Manage XML boolean values in metadata
 2010-05-27 12:39:32 +00:00
Clément Oudot
8d76924fbf SAML: little workaround for Exponent/Modulus order in metadata, will not be kept if this is later corrected in Lasso (#68) 2010-05-27 09:17:55 +00:00
Clément Oudot
8789b5d131 SAML: do not throw error if no SP or no IDP configured (closes #70) 2010-05-26 15:32:09 +00:00
Clément Oudot
a2cd83aea9 * - in domain (closes #69) 
* securedCookie select box
* bad abort arguments number
* manager/index.pl comments
 2010-05-26 15:17:51 +00:00
Clément Oudot
b1c87f1e49 Sympa Handler: 
* Read sympa secret from configuration
* Add mail session key parameter
* Install Sympa Handler
* Closes #55
 2010-05-21 15:53:54 +00:00
Clément Oudot
d1b4541a4d SAML: check Destination attribute (closes #33) 2010-05-21 13:44:16 +00:00
Clément Oudot
58bec95435 SAML: map NameID formats to local session keys (closes #67) 2010-05-21 09:03:29 +00:00
Clément Oudot
0817e9918f SAML: Option to configure default NameID format for a SP (#67) 2010-05-20 15:57:51 +00:00
Clément Oudot
f187851ba6 SAML: signatures on SSO/SLO messages issued from IDP (#66) 2010-05-20 13:08:07 +00:00
Clément Oudot
bc618ce075 SAML: check SSO/SLO messages signature in IDP (#66) 2010-05-20 10:25:00 +00:00
Clément Oudot
fdc84aac52 SAML: get SessionIndex before validating SLO request (closes #64) 2010-05-20 08:59:59 +00:00
Clément Oudot
ef3faf7d3e SAML: eval SessionIndex call to prevent server error (#64) 2010-05-19 15:54:20 +00:00
Clément Oudot
4d0a5a651d SAML: IssuerDB Activation Rule (#52) 2010-05-19 14:59:43 +00:00
Clément Oudot
df4198399f * Add a new process step (authFinish) run after session store 
* Create SAML session linked to real session to store NameID and SessionIndex, in order to use searchOn on them (will not force globalStorage to be compatible with searchOn)
* Control SessionIndex sent by IDP on a SLO request is now managed in SP to get the correct local session
* This solves issue #51
 2010-05-17 16:02:21 +00:00
Clément Oudot
18bda4be2e SAML: SLO request without SessionIndex are rejected (#51) 2010-05-17 12:44:26 +00:00
Clément Oudot
6f0dde1bac SAML: correct unit test if no Lasso available 2010-05-17 09:36:03 +00:00
Clément Oudot
a3cc63ac90 SAML: skip all tests if Lasso no available 2010-05-17 07:43:37 +00:00
Clément Oudot
be742cfac6 SAML: use encrypt/decrypt to match session_index and session_id (#51) 2010-05-12 15:56:27 +00:00
Clément Oudot
c6dd158903 SAML: map SAML authentication context and authentication level (#47) 2010-05-12 15:14:07 +00:00
Clément Oudot
7f427610fe SAML: typo in #53 correction 2010-05-12 12:56:16 +00:00
Clément Oudot
01f928504d SAML: correct date to timestamp conversion (#62) and add unit test 2010-05-12 12:46:47 +00:00
Thomas CHEMINEAU
14c23cea6d fix #53 - use sendLogoutResponseToServiceProvider in IssuerDBSAML 2010-05-12 09:41:54 +00:00
Xavier Guimard
3844ba4192 "make tidy" 2010-05-12 04:04:10 +00:00
Xavier Guimard
c7c093b46d Closes: #20 2010-05-11 11:05:24 +00:00
Xavier Guimard
67e480217c Timeout for thread cache 2010-05-11 10:16:05 +00:00
Xavier Guimard
2a8db1c3d6 Closes: #54 2010-05-11 07:47:51 +00:00
Xavier Guimard
034e5a0142 Some little things 2010-05-11 07:09:10 +00:00
Clément Oudot
798498befc Zimbra: timestamp was missing in preauth URL 2010-05-10 16:05:30 +00:00
Clément Oudot
0ae986296a Clean all UserDBEnv related files 2010-05-08 15:55:27 +00:00
Clément Oudot
2d88be8222 Portal: catch ENV exportedVars for all UserDB modules (#58) 2010-05-07 21:33:57 +00:00
Clément Oudot
f7fc51100c Zimbra Handler: 
* Parameters are now read from main configuration
* Zimbra parameters in Manager
* Add zimbraSsoUrl to catch the local SSO URL (Apache configuration is now very easy)
 2010-05-07 10:42:38 +00:00
Thomas CHEMINEAU
d262a95744 fix little bug in Manager::Help.pm 2010-05-07 10:13:13 +00:00
Thomas CHEMINEAU
adf7e8158a Add activity timeout on SSO sessions 2010-05-07 10:00:55 +00:00
Thomas CHEMINEAU
f60e65166d adding Lemonldap::NG::Handler::UpdateCookie.pm and associated files 2010-05-05 16:49:26 +00:00
Xavier Guimard
810505b1cb (Closes: #46) 2010-05-05 16:42:22 +00:00
Xavier Guimard
1b1cb88f14 Local macros (Closes: #57) 2010-05-05 16:40:23 +00:00
Clément Oudot
2007ac3814 Typo in Zimbra doc 2010-05-05 13:11:26 +00:00
Clément Oudot
bec0831f2d Zimbra preAuth is now an independent Handler (#12) 2010-05-05 08:13:44 +00:00
Xavier Guimard
cdad662b0e Warning for classes properties 2010-05-05 07:33:20 +00:00
Clément Oudot
a04ff6e964 SAML: 
* OneTimeUse is no more used in SP (#50)
* Compile regexp for SAML URLs
* Move sendLogoutRequestToServiceProviders in _SAML
* In AuthSAML, do not predefined variables outside loops
 2010-05-05 07:10:13 +00:00
Thomas CHEMINEAU
c935584300 informations is correctly stored into session but not well displayed by manager (add _utime, remove useless code) 2010-05-04 15:55:48 +00:00
Clément Oudot
5eb7895dac SAML: manage SP conf key 2010-05-04 10:10:34 +00:00
Clément Oudot
1b81ccd96f SAML: use get_signature_status from Lasso::Profile 2010-05-03 21:12:14 +00:00
Thomas CHEMINEAU
c4ea39fae4 UserDB* modules should store user in sessionInfo 2010-05-03 17:42:42 +00:00
Thomas CHEMINEAU
a963e83dc2 add optional session identifier to update existing session with a valid user via SOAP 2010-05-03 16:49:57 +00:00
Thomas CHEMINEAU
1ba9f9ecf1 cleaning wsdl file, fix little bug in a wrong function name 2010-05-03 15:45:59 +00:00
Clément Oudot
cbf1401f1e Declare Zimbra preauth in other grant subroutines 2010-05-03 14:18:40 +00:00
Clément Oudot
4bd444d427 Handler: first implementation of Zimbra preauth 2010-05-03 12:48:39 +00:00
Clément Oudot
9a5512bdf2 Bad test rule for logout_app_sso, correct #45 2010-05-03 08:59:22 +00:00
Clément Oudot
9832b9fdab Sessions explorer: active sessions button in interface 2010-05-03 07:54:49 +00:00
Xavier Guimard
408365bc5f strftime is defined in POSIX 2010-05-02 17:40:21 +00:00
Xavier Guimard
5ceb94e612 Correct errors 2010-05-02 13:41:12 +00:00
Xavier Guimard
c53bdf0edc Little error 2010-05-02 13:30:04 +00:00
Xavier Guimard
cf0ece9aa2 Reformating 2010-05-02 11:37:25 +00:00
Xavier Guimard
5d2b50e905 Modif for XSS: for logout URL, we test now Referer field 2010-05-01 13:12:28 +00:00
Clément Oudot
2523fc5cf5 SAML: check IDP value from IDP cookie (LEMONLDAP-44) 2010-04-30 15:21:10 +00:00
Clément Oudot
a9c5d000fd SAML: 
* IDP list key is now entityID
* Do not trust IDP cookie to find current IDP (use SAML message remote provider ID)
* Ignore signature before processing SAML message, and check it after (work in progress)
 2010-04-30 14:55:40 +00:00
Clément Oudot
b182e74247 Sessions explorer: set default skin, and do not converted already converted & 2010-04-30 08:02:27 +00:00
Xavier Guimard
c37033b81a $self->{id} was not well managed in portal 2010-04-30 05:27:06 +00:00
Thomas CHEMINEAU
4f979bfe22 SAML: change error name to PE_IMG_OK and PE_IMG_NOK 2010-04-29 13:47:57 +00:00
Thomas CHEMINEAU
423541455b SAML: 
- Manage SOAP relay logout request;
- Fix a bug into info.tpl.
 2010-04-29 13:39:26 +00:00
Xavier Guimard
1380d89865 New session explorer (not finished but useable) + some little tips 2010-04-28 19:57:16 +00:00
Thomas CHEMINEAU
f351ab97f6 SAML: work in progress to manage asynchronous SOAP logout requests 2010-04-28 17:16:38 +00:00
Clément Oudot
a1d41fbdda SAML: 
* authLogout should return an error code (as it is catched in Simple.pm)
* For SLO final redirection, match the trailing / of portal URL
 2010-04-28 16:29:27 +00:00
Clément Oudot
37afeeaeb5 SAML: force attribute values in UTF-8 (JIRA #21) 2010-04-28 14:56:36 +00:00
Thomas CHEMINEAU
c236505f45 SAML: manage SOAP logout request send by IDP to SP 2010-04-28 14:29:52 +00:00
Clément Oudot
6aac834de7 Sessions explorer: & was remplaced too much times in htmlquote() 2010-04-28 13:56:45 +00:00
Thomas CHEMINEAU
d9db773996 SAML: now use get_first_http_method when sending logout request on SP 2010-04-28 10:28:21 +00:00
Thomas CHEMINEAU
54afc28e75 SAML: manage logout initiate by IDP 2010-04-27 15:11:53 +00:00
Thomas CHEMINEAU
873aa0c32e SAML: generalizing and moving some functions to _SAML.pm 2010-04-26 17:06:49 +00:00
Clément Oudot
844a8807b0 SAML: set sessionIndex in assertion, to be compliant with simpleSAMLphp logout 2010-04-26 15:47:09 +00:00
Thomas CHEMINEAU
6ef67cc5ea SAML: manage internationalization 2010-04-26 15:39:38 +00:00
Clément Oudot
975a585a51 SAML: create NameIdentifier only if it does not already exists 2010-04-26 14:30:54 +00:00
Thomas CHEMINEAU
a0378cd572 SAML: hide submit button when SLO info page is displayed 2010-04-26 13:10:04 +00:00
Clément Oudot
3441a05d2b perltidy + better nameIdentifier construction in SSO phase (bug with latest Lasso verion and simpleSAMLphp) 2010-04-26 10:02:26 +00:00
Thomas CHEMINEAU
9c99b920f0 SAML: perform HTTP redirection in SAML context, when information is displayed to the user, to fix some problem during SAML logout response 2010-04-23 16:57:25 +00:00
Thomas CHEMINEAU
aac04dabdc SAML: print information to user if many SP to logout throught HTTP-Redirect or HTTP-Post 2010-04-23 16:26:23 +00:00