dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,065 Commits 3 Branches 0 Tags 75 MiB
78bd430057
Commit Graph

361 Commits

Author SHA1 Message Date
Clément OUDOT
f5c2b81051 Possibility to add extra claims and extra vars in OIDC register (#2003) 2019-12-21 12:08:48 +01:00
Maxime Besson
f7f526b825 Fix #1882 in refresh token code 2019-12-17 10:59:45 +01:00
Maxime Besson
a410793122 CAS per-service macros portal code (#2042) 2019-12-16 17:26:35 +01:00
Maxime Besson
2a15bb0523 SAML per-service macros portal code (#2042) 2019-12-16 17:26:34 +01:00
Maxime Besson
32ecf37be4 OIDC per-service macros portal code (#2042) 2019-12-16 17:26:34 +01:00
Maxime Besson
75559bfb15 Fix TTL of offline session (#813) 2019-11-27 12:12:47 +01:00
Maxime Besson
2639c482b1 Fix cookie removal on SAML logout (#2001) 
Since the fixes for #1863, calling p->do consumes the response headers
set by any previous code. So we must only call do() in a return statement.
 2019-11-06 18:44:10 +01:00
Maxime Besson
713737c11f Add an option to return claims in ID token 2019-11-04 18:27:28 +01:00
Maxime Besson
68704955d2 Apply suggestion to lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm 2019-11-04 10:47:35 +01:00
Maxime Besson
a386a7502a Allow refresh tokens to be emitted for regular sessions (#813) 2019-11-04 10:44:54 +01:00
Maxime Besson
ea2365cc98 Implement OIDC Offline sessions through refresh tokens (#813) 2019-11-04 10:44:54 +01:00
Clément OUDOT
a239091553 Load String::Random (#1963) 2019-10-01 14:49:41 +02:00
Xavier
461cd51e45 Try to fix #1785 without breaking pdata 2019-09-29 23:04:17 +02:00
Christophe Maudoux
5d9fc02205 Typo & logger 2019-09-20 22:47:48 +02:00
Clément OUDOT
dc0a8f7848 Add some log when user is authorized to access to service (#1702) 2019-09-19 16:52:08 +02:00
Clément OUDOT
dd76c4f3db Improve log for CAS Issuer (#1702) 2019-09-19 16:18:51 +02:00
Clément OUDOT
e446e09a7f Improve log (#1702) 2019-09-19 16:07:10 +02:00
Christophe Maudoux
92c8e6791f Typo (#1702) 2019-09-18 19:49:22 +02:00
Xavier
e50e7d09d1 Update version of (really) modified files 2019-09-12 21:56:49 +02:00
Maxime Besson
00e91f374b Add specific error code when missing a required SAML attr (#1919) 
The MISSINGREQATTR message is a good default value, but a site
administrator may decide to override it with a personnalized version
that only applies to issuer errors caused by an incomplete user profile
(for example, giving a pointer to the local user profile management
application)
 2019-09-06 11:04:39 +02:00
Maxime Besson
d61935ab6e Implement introspection endpoint for access tokens (#1843) 2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5 Refactor endpoint auth 2019-08-29 18:57:26 +02:00
Maxime Besson
661a007b4a Check OIDC access token expiration (#1879) 2019-08-21 12:18:55 +02:00
Maxime Besson
2e9f57ab6f Better default behavior for oidcServiceMetaDataIssuer (#1882) 2019-08-13 18:09:59 +02:00
Maxime Besson
daa03a9a9c OIDC: tie client_id to authorization code (#1881) 2019-08-09 13:54:53 +02:00
Clément OUDOT
4ee49de4c2 Adapt grant_types_supported attribute (#1846) 2019-07-25 19:06:53 +02:00
Clément OUDOT
c76dc52436 Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows (#1846) 2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44 Manage claims in ID token if no access token requested (#1846) 2019-07-08 15:15:13 +02:00
Clément OUDOT
1ebbde9a50 Tidy code and add missing check on hash_level (#1835) 2019-07-04 09:49:01 +02:00
Christophe Maudoux
161d6cee0f Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t) 2019-07-03 22:17:22 +02:00
Xavier Guimard
c1137edba8 make tidy with perltidy-20181120 2019-07-02 20:03:40 +02:00
Xavier
c921c295ed Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00
Xavier Guimard
264410409d Move CAS service verification from main to Issuer::CAS (#1795) 2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195 Check service= parameter on CAS logout (#1795) 
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.

In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.

If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
 2019-06-27 12:40:40 +02:00
Clément OUDOT
4e5c450b8b Return error if no code provided on token endpoint (#1802) 2019-06-14 16:05:39 +02:00
Xavier
a6aaf8a507 Add XSS test (#1795) 2019-06-11 21:30:15 +02:00
Xavier
1a8948894d Check CAS "service" parameter (Fixes: #1795) 2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa Fix CASv2 logout (#1753) 2019-06-11 16:18:15 +02:00
Xavier
db2ee96bc8 Update versions (#1777) 2019-05-28 22:04:45 +02:00
Xavier
82171e9a90 Fix missing $req in SLO responses (#1777) 2019-05-28 21:45:54 +02:00
Xavier
acd6ba50e8 Fix some missing $req (#1777) 2019-05-28 19:52:08 +02:00
Clément OUDOT
926262170b Implement PKCE in OIDC provider (#1722) 2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7 Create a configuration option to allow a Relying Party to be a public client 
Allow unauthenticated requests on OAuth2 token endoint

#1725
 2019-04-29 10:02:16 +02:00
Maxime Besson
2f9e6aa623 Allow override of username attribute for CAS apps 
Global CAS options allows the admistrator to set the session attribute
that gets exported to all CAS application as the main identifier
(cas:user)

This commit adds the ability to override this configuration for a
particular CAS application.

OIDC already allows this

Fixes #1713
 2019-04-28 21:06:34 +02:00
Maxime Besson
62f16721ff Send username when calling CAS1.0 validation 
Fixes #1724
 2019-04-28 19:29:54 +02:00
Clément OUDOT
8859fe342b Fix setHiddenFormValue (#1692) 2019-04-03 17:54:58 +02:00
Clément OUDOT
8be0817363 Send optional SAML attributes if they have a value (#1681) 2019-04-03 16:40:41 +02:00
Clément OUDOT
9a454fbb7a Manage SLO termination if there is no RelayState (#1671) 2019-04-03 12:26:01 +02:00
Clément OUDOT
a805a5a00b Manage SLO responses (#1671) 2019-04-02 17:27:47 +02:00
Clément OUDOT
4e76ee9582 Avoid warning during SAML SLO (#1671) 2019-04-02 16:13:45 +02:00
Clément OUDOT
5a30a82fa6 Add SLO Termination endpoint (#1671) 2019-04-01 18:02:38 +02:00
Clément OUDOT
39020e003e Fix server error on SAML SLO (#1671) 2019-03-26 17:15:01 +01:00
Clément OUDOT
d620ae2e8b Merge branch 'maxbes/lemonldap-ng-saml-issuer-entityid-override' into v2.0 2019-03-13 10:30:16 +01:00
Clément OUDOT
f6a3b527c8 Process SAML request to get current SP in env (#1672) 2019-03-12 16:52:01 +01:00
Maxime Besson
257d329151 Fix display of ok/nok image during multi-sp saml logout 2019-03-11 18:13:06 +01:00
Xavier Guimard
bc2bef4ff4 Please use our .perltidyrc 2019-03-07 18:22:58 +01:00
Maxime Besson
25d1c45fd4 Add new option to override EntityID when acting as IDP 2019-03-04 09:33:10 +01:00
Christophe Maudoux
0690a0c7ab Improve code (#1625) 2019-02-14 22:12:40 +01:00
Christophe Maudoux
29c4a44975 Update version (#1625) 2019-02-07 17:22:14 +01:00
Christophe Maudoux
8b995f55bf Restore OpenID activation global rule & Improve unit test (#1625) 2019-02-07 17:21:14 +01:00
Christophe Maudoux
b1048043e9 Restore GET activation global rule & Improve unit test (#1625) 2019-02-07 17:16:29 +01:00
Xavier Guimard
c7b4eb5051 tidy with new conf 2019-02-07 09:27:56 +01:00
Christophe Maudoux
5055b18087 Restore OIDC activation global rule (#1625) & Improve unit test 2019-02-06 23:10:10 +01:00
Christophe Maudoux
b36db9706e Restore SAML activation global rule (#1625) 2019-02-06 22:55:23 +01:00
Christophe Maudoux
f8144bc108 Typo (#1625) 2019-02-06 22:54:15 +01:00
Christophe Maudoux
007a5432f9 Restore CAS activation global rule (#1625) 2019-02-06 22:16:34 +01:00
Clément OUDOT
1a2de167d1 Reject invalid OIDC scopes (#1599) 2018-12-21 14:32:01 +01:00
Xavier Guimard
11857d9f8a make tidy 2018-11-26 14:40:21 +01:00
Christophe Maudoux
304216bd52 Improve code (#1533) 2018-10-30 19:42:54 +01:00
Christophe Maudoux
93d16407e6 Fix debug messages (#1533) 2018-10-29 23:25:19 +01:00
Christophe Maudoux
78423bf151 Update persistent session only if oidcConsents are converted (#1533) 2018-10-29 23:10:34 +01:00
Clément OUDOT
4038bbb798 Fix call to returnCasServiceValidateError 2018-10-29 08:10:01 +01:00
Clément OUDOT
0839c9e3fd Clear pdata when redirecting in CAS gateway mode (#1528) 2018-10-29 07:45:57 +01:00
Clément OUDOT
7690a56843 Put simple values in buil_urlencoded args (#1527) 2018-10-19 11:29:11 +02:00
Clément OUDOT
5d0e0d9b60 Fix call to updatePersistentSession (#1498) 2018-09-04 17:58:32 +02:00
Xavier Guimard
62d5c7836c make tidy 2018-09-02 17:31:58 +02:00
Christophe Maudoux
6799ca9281 WIP - Fix debug message (#1480) 2018-08-08 23:46:15 +02:00
Christophe Maudoux
45216d2ed8 WIP - Test (#480) 2018-08-08 23:20:52 +02:00
Christophe Maudoux
942499cd66 Fix comments typo 2018-07-26 20:54:19 +02:00
Christophe Maudoux
9464c47a13 Cleaning code + perltidy (#1464) 2018-07-20 20:19:27 +02:00
Christophe Maudoux
bcd876924c Fix mistake (#1464) 2018-07-20 19:41:26 +02:00
Christophe Maudoux
9efe2f3161 Add debug info (#1464) 2018-07-20 19:33:23 +02:00
Christophe Maudoux
8ee066b706 Delete old consent (#1464) 2018-07-20 00:02:35 +02:00
Christophe Maudoux
9403990a8c perltidy (#1464) 2018-07-19 23:38:44 +02:00
Christophe Maudoux
8eb1b8674c Add OIDC Consents convert function (#1464) 2018-07-19 23:02:06 +02:00
Xavier Guimard
a5efca5388 Remove trailing whitespaces (#1464) 2018-07-19 07:55:55 +02:00
Christophe Maudoux
d269db6346 WIP - Delete revoked consents (#1464) 2018-07-17 21:36:51 +02:00
Christophe Maudoux
344c7a644f WIP - Delete revoked consents (#1464) 2018-07-17 19:12:35 +02:00
Christophe Maudoux
da44a7c83e perltidy (#1464) 2018-07-17 18:18:50 +02:00
Christophe Maudoux
e1917a59de Delete revoked consents (#1464) 2018-07-17 18:15:17 +02:00
Christophe Maudoux
72920d1ede Modify oidcConsents key structure (#1464) - perltidy 2018-07-16 23:00:44 +02:00
Christophe Maudoux
eff2b66cf2 WIP - Modify oidcConsents key structure 2018-07-15 19:17:48 +02:00
Christophe Maudoux
8d5693dc1d WIP - Modify oidcConsents key structure 2018-07-15 17:53:06 +02:00
Christophe Maudoux
814b571fa9 WIP - Modify oidcConsents key structure 2018-07-15 17:31:58 +02:00
Christophe Maudoux
d9607ae32c WIP - Modify oidcConsents key structure 2018-07-15 16:10:27 +02:00
Xavier Guimard
0f7b3ca71d make tidy 2018-07-05 23:00:40 +02:00
Xavier Guimard
b2620c2679 s/datas/data 
datas => des données
data => les données
 2018-07-05 22:56:16 +02:00
Xavier Guimard
b790270794 Fix issuers use of pdata (#1461) 2018-07-05 18:45:29 +02:00
Xavier Guimard
7ce1bd2d08 Trying to use pdata for issuers (#1461) 2018-07-04 22:54:09 +02:00
Xavier Guimard
b6154f1ba4 Add ssoMatch sub for OIDC (#1468) 2018-06-30 08:21:48 +02:00
Xavier Guimard
1cd5a706c9 Avoid session conflict between Issuer and Auth OIDC (#1468) 2018-06-30 07:51:22 +02:00
Xavier Guimard
a5cc73a54c Avoid session conflict between Issuer and Auth CAS (#1468) 2018-06-30 07:44:05 +02:00
Xavier Guimard
33712dcf13 Set ignore system for issuers (#1468) 2018-06-29 14:31:43 +02:00
Xavier Guimard
e6ad687618 Change session key names between Auth and Issuer (SAML #1468) 2018-06-29 06:50:31 +02:00
Xavier Guimard
8596b339e8 Use build_urlencoded everywhere (#1461) 2018-06-26 19:13:06 +02:00
Clément OUDOT
3ba56c41b5 Manage CAS gateway mode (#1425) 2018-06-25 10:10:22 +02:00
Clément OUDOT
808922a388 Store CAS app in ENV (#1161) 2018-06-23 10:18:55 +02:00
Xavier Guimard
5129647d04 Don't add RP if already connected (#1431) 2018-06-21 17:43:36 +02:00
Clément OUDOT
0c8ab9a5f6 Apply patch to other location (#1449) 2018-06-13 10:50:57 +02:00
Clément OUDOT
dc978f5cc2 Remove bak file (#1449) 2018-06-13 10:37:01 +02:00
Clément OUDOT
ee7cf94a95 Fix debug message for artifact endpoint (#1449) 2018-06-13 10:34:23 +02:00
Xavier Guimard
2f008fc490 Fix bad usage of constants (#1449) 2018-06-13 06:34:08 +02:00
Xavier Guimard
772a69d90e Missing error catch (#595) 2018-06-06 21:05:43 +02:00
Xavier Guimard
86283952b0 Fix partially #1422 2018-05-15 19:46:02 +02:00
Xavier Guimard
b0d16d653d Fix renew problem with CAS (fixes: #1422) 2018-05-14 21:33:21 +02:00
Clément OUDOT
bd33897a52 Fix multi values separator (#1420) 2018-05-14 12:21:17 +02:00
Clément OUDOT
a27ef657b7 Rewrite code for CAS proxy (#1420) 2018-05-14 12:15:26 +02:00
Xavier Guimard
e0d83f5268 Fix some errors (#1395) 2018-03-12 06:43:47 +01:00
Clément OUDOT
a129f1e296 Allow CAS p3 URLs (#1362) 2018-02-08 22:40:06 +01:00
Xavier Guimard
0d491e96f4 Use same name for SP rules (#1330) 2017-11-11 13:51:48 +01:00
Clément Oudot
c6137d12d8 Possibility to override SAML Issuer value with domain (#1324) 2017-11-06 16:36:45 +00:00
Clément Oudot
251e78d5ab Allow SLO without SessionIndex (#1326) 2017-11-03 08:23:29 +00:00
Xavier Guimard
a09af34412 Missing $req in updatePersistentSession calls (fixes: #1319) 2017-10-31 12:04:05 +00:00
Clément Oudot
80db34a4f2 Remove unused 'no strict subs' (#595) 2017-10-30 13:47:39 +00:00
Xavier Guimard
38df1cff91 Better Lasso import (#595) 2017-10-26 09:16:44 +00:00
Xavier Guimard
2dbdf55404 Typo (#1302) 2017-10-26 08:14:58 +00:00
Xavier Guimard
6072a31152 Move OIDC HTML fragments to tpl (#1302) 2017-10-11 11:51:50 +00:00
Xavier Guimard
46364da414 Move some HTML fragments to templates (#1302) 2017-10-10 11:04:40 +00:00
Xavier Guimard
fc582377ff Clean SAML storage code (#1305) 2017-09-27 05:00:00 +00:00
Xavier Guimard
10177b4bfd Default storage values (may fix #1305) 2017-09-26 20:15:50 +00:00
Xavier Guimard
2787c33c01 Revert r6726 (#1305) 2017-09-26 19:54:45 +00:00
Xavier Guimard
69ece7740d Update debian/control 2017-09-26 19:11:04 +00:00
Xavier Guimard
89f5783d16 More tests (#1305) 2017-09-26 17:50:38 +00:00
Xavier Guimard
306af4fa36 Normalize URL to be tolerant to SAML Path (references #1304) 2017-09-22 14:20:55 +00:00
Clément Oudot
c5368caac2 Manage CAS logout service (#1298) 2017-09-11 15:26:44 +00:00
Clément Oudot
aecc815e4e Do not use encrypt/decrypt for SAML session index (#1261) 2017-07-12 16:11:42 +00:00
Xavier Guimard
fefd723226 Avoid some warnings 2017-07-11 11:50:21 +00:00
Clément Oudot
ab3661fbf9 Fix translation of OIDC items in confirm.tpl (#1250) 2017-06-28 15:41:31 +00:00
Xavier Guimard
012cb3c23e May fix #1236 2017-06-12 19:10:37 +00:00
Clément Oudot
318d43e07f Check logout redirect URI (#1233) 2017-05-18 14:52:38 +00:00
Clément Oudot
851311ffe0 Prevent redirect before verifying authorized URI (#1233) 2017-05-16 15:26:28 +00:00
Xavier Guimard
74f780733d Use App ExportedVars if defined (#1183) 2017-04-14 07:40:01 +00:00
Xavier Guimard
b83374b274 New Issuer::CAS (#1183) 2017-04-13 19:17:29 +00:00
Xavier Guimard
8e4dc89918 Some errors (#595) 2017-04-07 04:39:55 +00:00
Xavier Guimard
e7c3561451 Some errors (#595) 2017-04-07 04:39:53 +00:00
Xavier Guimard
2e59ea441a Replace request management in handler (#1044) 
Note: this is a big change, more tests needed
 2017-03-28 21:07:49 +00:00
Xavier Guimard
775f1da607 Reauth for OIDC (#1204) 2017-03-28 17:09:46 +00:00
Xavier Guimard
c761cc5781 Mark some properties "lazy" to be sure conf is intialized (#595) 2017-03-27 16:51:18 +00:00
Xavier Guimard
20717fcce0 Verify SAML reauth (#595) 2017-03-26 05:26:25 +00:00
Xavier Guimard
d93130d168 Adapt SAML forceAuth to new portal (#595) 2017-03-24 18:04:46 +00:00