dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,999 Commits 3 Branches 0 Tags 75 MiB
6b1dd48896
Commit Graph

304 Commits

Author SHA1 Message Date
Clément Oudot
4d0a5a651d SAML: IssuerDB Activation Rule (#52) 2010-05-19 14:59:43 +00:00
Clément Oudot
df4198399f * Add a new process step (authFinish) run after session store 
* Create SAML session linked to real session to store NameID and SessionIndex, in order to use searchOn on them (will not force globalStorage to be compatible with searchOn)
* Control SessionIndex sent by IDP on a SLO request is now managed in SP to get the correct local session
* This solves issue #51
 2010-05-17 16:02:21 +00:00
Clément Oudot
2d88be8222 Portal: catch ENV exportedVars for all UserDB modules (#58) 2010-05-07 21:33:57 +00:00
Thomas CHEMINEAU
f60e65166d adding Lemonldap::NG::Handler::UpdateCookie.pm and associated files 2010-05-05 16:49:26 +00:00
Xavier Guimard
810505b1cb (Closes: #46) 2010-05-05 16:42:22 +00:00
Thomas CHEMINEAU
c935584300 informations is correctly stored into session but not well displayed by manager (add _utime, remove useless code) 2010-05-04 15:55:48 +00:00
Xavier Guimard
5d2b50e905 Modif for XSS: for logout URL, we test now Referer field 2010-05-01 13:12:28 +00:00
Xavier Guimard
c37033b81a $self->{id} was not well managed in portal 2010-04-30 05:27:06 +00:00
Thomas CHEMINEAU
4f979bfe22 SAML: change error name to PE_IMG_OK and PE_IMG_NOK 2010-04-29 13:47:57 +00:00
Thomas CHEMINEAU
423541455b SAML: 
- Manage SOAP relay logout request;
- Fix a bug into info.tpl.
 2010-04-29 13:39:26 +00:00
Xavier Guimard
1380d89865 New session explorer (not finished but useable) + some little tips 2010-04-28 19:57:16 +00:00
Thomas CHEMINEAU
54afc28e75 SAML: manage logout initiate by IDP 2010-04-27 15:11:53 +00:00
Thomas CHEMINEAU
6ef67cc5ea SAML: manage internationalization 2010-04-26 15:39:38 +00:00
Thomas CHEMINEAU
aac04dabdc SAML: print information to user if many SP to logout throught HTTP-Redirect or HTTP-Post 2010-04-23 16:26:23 +00:00
Clément Oudot
fbe50de653 * Better log of what is registered in session 
* Control whatToTrace parameter before logging into Apache
 2010-04-15 13:46:45 +00:00
Clément Oudot
d9c4b44c4b Add multiValuesSeparator configuration parameter 2010-04-15 11:15:36 +00:00
Xavier Guimard
799b643949 $ENV not taken in acount in macros 2010-04-14 16:13:24 +00:00
Clément Oudot
c4e1379452 * make tidy 
* Manage authenticationLevel in all authentication backends
 2010-04-14 15:37:57 +00:00
Clément Oudot
ea24dc314e Portal: updateSession can now take session id as parameter 2010-04-12 13:50:42 +00:00
Clément Oudot
7fef157210 SAML: possibility to configure a different storage for SAML objects (samlStorage) than sessions storage (globalStorage) 2010-04-09 13:27:54 +00:00
Thomas CHEMINEAU
7202a6651f SAML: manage hidden values for SAML authentication request 2010-04-02 15:28:29 +00:00
Thomas CHEMINEAU
fa039d2114 Store hidden informations in forms 
* SAML: store SAMLRequest in IssuerDBSAML, just before to redirect to IDP
  * Simple: add functions to manage hidden values for forms
 2010-04-02 09:17:02 +00:00
Clément Oudot
953806ed93 SAML: manage SessionNotOnOrAfter but do not adapt session _utime yet 2010-03-24 13:44:24 +00:00
Clément Oudot
7692cefd95 Portal: all is ready for AuthOpenID 2010-03-15 09:53:56 +00:00
Xavier Guimard
40d2c70604 New target 'tidy' in Makefile 2010-03-01 20:32:28 +00:00
Clément Oudot
2c584cf7f7 SAML: 
* Use authForce method to know if authentication should be forced
* Use a common method to store replay protection data
* Use _utime in relaystate state
* Let Lasso choose the defaut transport and binding for requests
 2010-02-28 19:07:02 +00:00
Xavier Guimard
58c28c5732 * Inheritance instead of @EXPORT 
* Purge CGI::Session dependency (LA)
 2010-02-26 10:53:43 +00:00
Clément Oudot
7eefc6af1f SAML: manage SOAP 2010-02-26 09:12:18 +00:00
Clément Oudot
f0c29c779a SAML: 
* Manage SSO message like SLO message
* Send SLO request trough REDIRECT and POST
* Reponse to SSO request trough REDIRECT, POST and SOAP
* Reponse to SLO request trough REDIRECT, POST and SOAP
 2010-02-24 10:11:01 +00:00
Clément Oudot
fc542fa6b1 Portal: method to auto submit data through POST 2010-02-22 11:07:48 +00:00
Clément Oudot
7444d9802c Portal: set content-type to application/xml for SOAP response 2010-02-22 10:08:14 +00:00
Clément Oudot
3eac5ce288 Portal: display logout status to user 2010-02-20 11:44:05 +00:00
Clément Oudot
9766b8457a SAML: SP SLO response trough HTTP-REDIRECT and SOAP 2010-02-19 11:33:34 +00:00
Clément Oudot
bd2c92f207 SAML: SP SLO in progress 2010-02-18 17:22:04 +00:00
Clément Oudot
46764465b2 SAML: SP SLO in progress 2010-02-17 17:37:38 +00:00
Clément Oudot
3606362946 LDAP: 
* Add ldapGroupRecursive to enable recursive group search
* Create searchGroup method in _LDAP
* Create getLdapValue method in _LDAP to manage DN and multi-valued attributes
 2010-02-05 14:17:55 +00:00
Clément Oudot
dae6b880be Portal: force authentication is now working 2010-02-05 10:21:48 +00:00
Clément Oudot
3a3ec647e9 SAML: IDP choice 2010-02-04 12:30:18 +00:00
Clément Oudot
90a08dbbde Portal/Multi: 
* Get the correct _auth and _userDB value when using Multi
* Resolve a bug: functions of modules loaded in _Multi were not available for _subProcess
* Use a common loadModule method between Simple.pm and _Multi.pm
* Do not consider PE_FORMEMPTY and PE_FIRSTACCESS as errors in Multi process
 2010-01-28 14:47:51 +00:00
Clément Oudot
760f62e534 Portal: set _auth, _userDN, _passwordDB and _issuerDB in session, to know which module was used to open the session of the user 2010-01-27 16:30:19 +00:00
Clément Oudot
b904587edd Portal: portalForceAuthn option was unusable with Menu password change 2010-01-27 14:04:41 +00:00
Clément Oudot
1f243e0a20 Portal: possibility to force reauthentication (set portalForceAuthn = 1) 2010-01-25 17:40:46 +00:00
Clément Oudot
3222021897 Portal: 
* Use HTML templates to send fancy reset password mail, with translations
* Send the new password by mail instead of diplaying it n the web page
* Remove the need to configure : the value is now set with help of {DOCUMENT_ROOT}
 2010-01-22 11:25:37 +00:00
Clément Oudot
f6c250207c Portal - new feature: token to reset password by mail: 
* A token is sent when user ask for password reset
* The token is linked to an apache session
* The password is reset if the token is valid
 2010-01-21 17:38:55 +00:00
Clément Oudot
5af1db1c3e Portal: move ppolicy warnings from menu to information page 2010-01-15 22:01:04 +00:00
Clément Oudot
9477aa69af Portal: confirm template amelioration 2010-01-12 11:19:13 +00:00
Clément Oudot
bea600dff4 Portal: info template amelioration 2010-01-12 11:07:31 +00:00
Xavier Guimard
7d98447f5e PE_CONFIRM target 2010-01-12 11:05:01 +00:00
Xavier Guimard
271c4767a8 Link to delete other sessions 2010-01-12 10:36:04 +00:00
Xavier Guimard
effa0b9fa6 Notify existing sessions and deleted sessions if wanted 2010-01-12 09:53:49 +00:00
Clément Oudot
dc2556386d Portal: little corrections 2010-01-11 16:58:57 +00:00
Xavier Guimard
d181da867b * perltidy 
* new feature : info can be displayed by portal => used to notify deleted sessions
 * notifyDeleted in the manager
 2010-01-11 16:04:36 +00:00
Clément Oudot
dc3d9558fe Portal: create a grantSession stage in process() 2010-01-11 14:02:43 +00:00
Xavier Guimard
8102f72d50 POD updates : 
* spelling errors found by Lintian
 * encoding utf8
 2010-01-03 08:09:59 +00:00
Xavier Guimard
4d47d92749 * Debian upgrade for jquery management 
* SQL injection protection for DBI
 * Regexp to control user field
 * Missing parameters in _Struct.pm
 * Bad errors management in Uploader
 2009-12-19 08:57:59 +00:00
Clément Oudot
a8601a0e5f portalOpenLinkInNewWindow parameter 2009-12-17 14:10:39 +00:00
Clément Oudot
5b82343808 Reorganize issuer methods in process() 2009-12-16 15:53:49 +00:00
Xavier Guimard
dcd4905342 * Update Perl and Debian dependencies, and debian/rules for the new manager 
* Add pod skeleton for Manager.pm
 * correct pod for IssuerDB*
 2009-12-13 15:40:33 +00:00
Xavier Guimard
5b2363b959 perltidy 2009-12-11 21:17:06 +00:00
Xavier Guimard
b301a5b5c8 New manager 2009-12-11 18:17:00 +00:00
Clément Oudot
5499a042ab Replace SAML* methods by IssuerDB* methods, allowing use of other IssuerDB modules 2009-12-10 17:03:57 +00:00
Clément Oudot
1f0b9ed10c First implementation of Auth/UserDB/PasswordDB DBI 2009-12-10 11:30:43 +00:00
Clément Oudot
9d7e1a85c1 Move default values in setDefaultValues 2009-12-03 13:51:55 +00:00
Clément Oudot
36e8868e31 Add parameter cookieExpiration (close feature request #314368) 2009-12-03 11:47:50 +00:00
Xavier Guimard
7d4a491af3 * Remove class variable in handler (to do later) 
* little bug in _LDAP
* new parameter singleUserByIp + removeOther() try to purge local cache
 2009-11-25 12:38:22 +00:00
Clément Oudot
b972c10a20 Use configuration parameters for portal customization 2009-11-25 08:44:12 +00:00
Xavier Guimard
5f73c30706 Bug if trustedDomains contains more than 1 domain 2009-11-09 15:32:27 +00:00
Xavier Guimard
7a04829a08 New portal parameters : singleIP and singleSession 2009-10-21 12:43:13 +00:00
Xavier Guimard
655fd9e526 * perltidy 
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()
 2009-10-12 16:55:35 +00:00
Xavier Guimard
bf6230c5ac VERSION 0.9.4.1 2009-10-11 08:13:50 +00:00
Xavier Guimard
49cc593005 '*' for trustedDomains 2009-10-02 16:10:23 +00:00
Xavier Guimard
947ee7f7c6 Relay in progress... 2009-09-23 13:35:19 +00:00
Xavier Guimard
444e093004 Bugs : 
* Crypto was usable only with 16xn characters
 * Menu was not able to filter embedded <application>
Google page speed :
 * optimize images
 * set size
 2009-08-20 14:19:40 +00:00
Xavier Guimard
771bf46a5f HTTP code 302 has to be replaced by 303 2009-08-18 13:33:36 +00:00
Xavier Guimard
6c7558cffd * Better performances for Menu : XML was parsed 2 times 
* Doc for SympaAutoLogin
* Version update
 2009-07-05 11:11:33 +00:00
Xavier Guimard
36c9aa2409 Change CDA parameter to cda. 2009-06-15 14:13:09 +00:00
Xavier Guimard
0ac63904e7 * New parameter for XSS protection : trustedDomains 
* parameters test to avoid warnings
* debian/control : missing dependencies
* perltidy
* tests update
 2009-06-14 16:43:02 +00:00
Clément Oudot
f52b609d0e Correct errors seen in make test 2009-06-04 14:27:36 +00:00
Clément Oudot
8f423fd276 Move setGroups in UserDB 2009-06-04 09:13:03 +00:00
Clément Oudot
84c02a1c17 Mail customization (plain text only) with parameter mailBody 2009-06-03 16:40:41 +00:00
Clément Oudot
50e88a68a7 Manage X-FORWARDED-FOR with multiple IP 2009-06-03 14:52:22 +00:00
Clément Oudot
75c1f0feae LEMONLDAP::NG : Reset password by mail (new functionnality) 2009-05-28 16:31:39 +00:00
Clément Oudot
43988469c7 LEMONLDAP::NG : Manage X-FORWARDED-FOR header for IP (close bug #312340) 2009-05-20 09:29:52 +00:00
Clément Oudot
0d9eaed6fc LEMONLDAP::NG : 
* Correct XSS on user field
* Add "XSS attack detected" log messages
 2009-05-19 08:52:27 +00:00
Clément Oudot
565ba83c05 LEMONLDAP::NG : 
* Verify old password before modify
* Add the "PE_BADOLDPASSWORD" error
* Minor changes in pastel skin
* Erase old default skins
* Move icons to skins/common
 2009-05-18 13:53:51 +00:00
Clément Oudot
cae5e6ed98 LemonLDAP::NG : 
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates
 2009-05-14 16:19:49 +00:00
Xavier Guimard
051f61b288 Since CGI stores now parameters at the root of the object, param is now redefined in Common/CGI.pm to secure those parameters 2009-04-11 11:16:44 +00:00
Xavier Guimard
c40c13734e SAML skeleton in progress... 2009-04-08 16:31:13 +00:00
Xavier Guimard
a98e3ac8bb SAML skeleton 2009-04-07 20:38:24 +00:00
Xavier Guimard
740ad09f9f Safelib + LDAPFilter parameter 2009-04-05 08:12:16 +00:00
Xavier Guimard
8bc0d20afa * Portal can now been used as 'proxy' for SOAP session storage. 
* Session explorer works now with SOAP session storage (very low performances)
 2009-04-03 16:17:57 +00:00
Xavier Guimard
b0b971b241 Double session mechanism : 2 cookies are generated, 1 secured, the other not. 
Handlers detects automatically the cookie to choose.
 2009-03-31 10:52:43 +00:00
Xavier Guimard
e5e80709e6 Use Net::LDAP high availability system 
%ENV was not shared
 2009-03-08 17:37:31 +00:00
Xavier Guimard
231f54ddf0 * New authentication and userDB module : 'Multi' to chain authentication modules. 
* Compilation for ModPerl::Registry by default
 2009-03-08 08:50:58 +00:00
Xavier Guimard
859be3923f * Doxygen doc update 
* More tests
* perltidy on tests
 2009-02-25 18:10:07 +00:00
Xavier Guimard
6307a00750 Lot of work on Portal SOAP services. Now 5 functions are exported: 
* getAttributes(cookieValue)
 * getConfig()
 * getCookies(user,password)
 * error(code,language)
 * newNotification(xml)

WSDL is up to date but getConfig is not documented since it's a Lemonldap::NG internal service.
 2009-02-24 17:53:59 +00:00
Xavier Guimard
20764ad812 New authentication and userDB backend : "Remote" can be used to check authentication from a remote Lemonldap::NG portal using CDA 2009-02-23 17:35:38 +00:00
Xavier Guimard
018bee1fc6 CDA now included in main portal 2009-02-17 15:39:14 +00:00
Xavier Guimard
553058998f Doxygen comments update 2009-02-17 15:22:42 +00:00
Xavier Guimard
ffb5ee8e33 Doxygen filter modification to show authentication process methods 2009-02-17 14:56:38 +00:00
Xavier Guimard
5803952784 * delete log() method from the portal : 
* user actions are logged by userNotice() and userError()
  * other access are logged by HTTP server
* create authenticate() method in Simple.pm used to launch userNotice() for
  all authentication method
 2009-02-15 17:58:38 +00:00
Xavier Guimard
b6cdee5d2a Now userNotice and userError are customizable like subs called by _subProcess 2009-02-15 11:30:25 +00:00
Xavier Guimard
415d23b6e4 User actions are now registered with 3 functions : 
* log        : normal access to the portal
 * userNotice : authentications, logout,...
 * userError  : bad password,...

A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog
 2009-02-15 08:53:44 +00:00
Xavier Guimard
0c18700f65 * cleaning code : 
* session have not to be recover in Menu since it's done before bu the portal
* accounting in CGIs (ModPerl::Registry context only) :
  * used by portal to inform Apache
 2009-02-14 08:55:19 +00:00
Xavier Guimard
19e59af4cd log & debug method lmLog() for CGIs 2009-02-12 19:48:53 +00:00
Clément Oudot
ed55803c04 LEMONLDAP::NG : Abort redirection if ppolicy warnings are present 2009-02-12 17:09:33 +00:00
Xavier Guimard
f8169c1909 Notification system in progress : 
* File storage is running
 * DBI storage has not yet been tested
Documentation update
 2009-02-11 16:18:38 +00:00
Xavier Guimard
7c1ff1d938 Versions update 2009-02-10 17:28:27 +00:00
Xavier Guimard
c5a5ba909f Typo in pod 2009-02-08 19:12:08 +00:00
Xavier Guimard
fbdb9ccb22 LEMONLDAP::NG : * Version is missing in SOAPServer.pm 
* perltidy on Portal/Simple.pm
 2009-02-08 07:59:46 +00:00
Xavier Guimard
1800497815 LEMONLDAP::NG : propagation of 0.9.3.4 changes 2009-02-05 17:05:18 +00:00
Xavier Guimard
a25e10b040 LEMONLDAP::NG : * documentation modification 
* SOAP service to update notification database
 2009-02-03 09:36:13 +00:00
Xavier Guimard
1b6f56699a LEMONLDAP::NG : Missing file Portal/Notification.pm 2009-02-02 08:53:51 +00:00
Xavier Guimard
85d765a002 LEMONLDAP::NG : WSDL for portal + dependency of Crypt::Rijndael in Debian 2009-02-01 15:38:06 +00:00
Xavier Guimard
21f5808cdf LEMONLDAP::NG : Notification system is running now (for file storage only). TODO: Soapservice to accept notifications 2009-01-30 15:26:34 +00:00
Xavier Guimard
2540bb36f0 LEMONLDAP::NG : * new feature in devel : notification system 
* now, there is a shared key that can be use to crypt datas
                  (used in notification to hide cookie value)
 2009-01-28 17:37:10 +00:00
Xavier Guimard
bfab1a6e3b LEMONLDAP::NG Doxygen in progress 2008-12-31 15:10:02 +00:00
Xavier Guimard
41fe04e8b8 LEMONLDAP::NG : Doxygen documentation in progress... 2008-12-29 10:28:31 +00:00
Xavier Guimard
2e5911ac4e LEMONLDAP::NG : Doxygen in progress. 2008-12-28 08:36:52 +00:00
Clément Oudot
985bdc2509 LEMONLDAP::NG : don't test url if direct access to portal 2008-12-27 11:00:45 +00:00
Xavier Guimard
13a5a1daab LEMONLDAP::NG : Doxygen documentation in progress 2008-12-26 17:58:48 +00:00
Xavier Guimard
78852ac337 LEMONLDAP::NG perltidy 2008-12-24 14:57:23 +00:00
Xavier Guimard
13cdc9b8ec LEMONLDAP::NG : XSS patch not compatible with logout system 2008-12-24 14:55:44 +00:00
Xavier Guimard
2449e92c2d LEMONLDAP::NG : A site in the protected domain is accepted in $portal->{urldc} even if the site is not declared in the manager 2008-12-24 09:12:53 +00:00
Xavier Guimard
cc07eae107 LEMONLDAP::NG : customFunctions are now shared in macros, groups, headers and rules 2008-12-11 17:02:02 +00:00
Xavier Guimard
a77e385730 LEMONLDAP::NG : little bug in SOAP error() 2008-12-08 10:56:19 +00:00
Xavier Guimard
16a29be9fa LEMONLDAP::NG : error display in SOAP 2008-12-07 20:07:52 +00:00
Xavier Guimard
b9ba2337e4 LEMONLDAP::NG : now the portal can be called by browser or by SOAP 2008-12-07 14:12:36 +00:00
Xavier Guimard
68d447b422 LEMONLDAP::NG : typo 2008-12-07 12:15:40 +00:00
Xavier Guimard
53dc4bbbf4 LEMONLDAP::NG : * To avoid XSS, 3 controls : 
1) url must be base64 encoded
                  2) urldc is serialized on 1 line ("s/[\r\n]//sg")
                  3) urldc must not contains '"`\0<
                * Common/CGI can now intercept SOAP requests
 2008-12-07 09:02:44 +00:00
Xavier Guimard
8b4f38e58c LEMONLDAP::NG : XSS prevention 2008-12-06 10:26:24 +00:00
Xavier Guimard
66c60cc416 LEMONLDAP::NG : * branche 0.9.2 is missing 
* ' and " are now filtered in url in Portal.pm
 2008-12-06 07:27:35 +00:00
Xavier Guimard
5f552f4085 LEMONLDAP::NG : minnor things 2008-12-03 18:30:57 +00:00
Clément Oudot
35df5dddb8 LEMONLDAP::NG : Enforce XSS protection by deleting bad urls 2008-12-03 16:41:30 +00:00
Xavier Guimard
24a14caeda LEMONLDAP::NG : * Security fix : redirections in portal must be in protected sites 
* perltidy in Manager/Sessions.pm
                * Doxygen in progress...
 2008-12-03 16:05:27 +00:00
Xavier Guimard
fbc8b7bfd2 LEMONLDAP::NG : * security fix => XSS 
* Begin Doxygen documentation
 2008-12-03 13:27:30 +00:00
Xavier Guimard
de7edc7387 LEMONLDAP::NG : better manner to delete cookie 2008-12-01 13:39:52 +00:00
Xavier Guimard
d7bbb44924 LEMONLDAP::NG : * change default value for existing sessions : now, it's PE_DONE 
* after POST and logout, Portal generates a redirection to itself unless an url is given. This help MSIE to relog after logout
 2008-12-01 09:36:02 +00:00
Xavier Guimard
96e625a29d LEMONLDAP::NG : binmod(STDOUT,'utf8') has to be called at each request 2008-11-26 11:20:36 +00:00
Xavier Guimard
ccbb0a12e0 LEMONLDAP::NG : * eval+abort in XML parsing (to avoid die include in XML::LibXML) 
* Correct use of UTF8 : a apps-list.xml UTF8 encoded was not displayed correctly
 2008-11-26 11:11:03 +00:00
Xavier Guimard
a72eebdd81 LEMONLDAP::NG : Notification system skeleton 2008-11-24 06:57:18 +00:00
Xavier Guimard
2725f06fd3 LEMONLDAP::NG : * Handler/SharedConf.pm is more simple now since it use the new Conf.pm capabilities 
* CGIs now use abort() instead of die
                * debug system in COnf.pm (set "LogLevel debug" in Apache)
 2008-11-21 17:51:52 +00:00
Xavier Guimard
63f196078b LEMONLDAP::NG : die replaced by $self->abort in CGIs 2008-11-21 07:27:08 +00:00
Xavier Guimard
ac87a4b49e LEMONLDAP::NG : removing old feature : LDAP filter in groups 2008-11-20 18:13:27 +00:00
Xavier Guimard
a75e882741 LEMONLDAP::NG : New module Sessions.pm to manage sessions 2008-11-04 16:35:16 +00:00
Clément Oudot
9e2a494da5 LEMONLDAP::NG : password can now be stored in session 2008-10-16 07:35:42 +00:00
Xavier Guimard
26c944caa7 LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 20:15:48 +00:00
Xavier Guimard
80f199fbc7 LEMONLDAP::NG : LDAP User database module 2008-10-05 18:42:50 +00:00
Clément Oudot
6623c149f6 LEMONLDAP::NG : corrections on enhanced menu 2008-09-26 07:36:30 +00:00
Clément Oudot
b14983208c LemonLDAP::NG : W3C standards compliance and password modification module 2008-09-19 15:28:00 +00:00