Clément OUDOT
f5c2b81051
Possibility to add extra claims and extra vars in OIDC register ( #2003 )
2019-12-21 12:08:48 +01:00
Maxime Besson
f7f526b825
Fix #1882 in refresh token code
2019-12-17 10:59:45 +01:00
Maxime Besson
a410793122
CAS per-service macros portal code ( #2042 )
2019-12-16 17:26:35 +01:00
Maxime Besson
2a15bb0523
SAML per-service macros portal code ( #2042 )
2019-12-16 17:26:34 +01:00
Maxime Besson
32ecf37be4
OIDC per-service macros portal code ( #2042 )
2019-12-16 17:26:34 +01:00
Maxime Besson
75559bfb15
Fix TTL of offline session ( #813 )
2019-11-27 12:12:47 +01:00
Maxime Besson
2639c482b1
Fix cookie removal on SAML logout ( #2001 )
...
Since the fixes for #1863 , calling p->do consumes the response headers
set by any previous code. So we must only call do() in a return statement.
2019-11-06 18:44:10 +01:00
Maxime Besson
713737c11f
Add an option to return claims in ID token
2019-11-04 18:27:28 +01:00
Maxime Besson
68704955d2
Apply suggestion to lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
2019-11-04 10:47:35 +01:00
Maxime Besson
a386a7502a
Allow refresh tokens to be emitted for regular sessions ( #813 )
2019-11-04 10:44:54 +01:00
Maxime Besson
ea2365cc98
Implement OIDC Offline sessions through refresh tokens ( #813 )
2019-11-04 10:44:54 +01:00
Clément OUDOT
a239091553
Load String::Random ( #1963 )
2019-10-01 14:49:41 +02:00
Xavier
461cd51e45
Try to fix #1785 without breaking pdata
2019-09-29 23:04:17 +02:00
Christophe Maudoux
5d9fc02205
Typo & logger
2019-09-20 22:47:48 +02:00
Clément OUDOT
dc0a8f7848
Add some log when user is authorized to access to service ( #1702 )
2019-09-19 16:52:08 +02:00
Clément OUDOT
dd76c4f3db
Improve log for CAS Issuer ( #1702 )
2019-09-19 16:18:51 +02:00
Clément OUDOT
e446e09a7f
Improve log ( #1702 )
2019-09-19 16:07:10 +02:00
Christophe Maudoux
92c8e6791f
Typo ( #1702 )
2019-09-18 19:49:22 +02:00
Xavier
e50e7d09d1
Update version of (really) modified files
2019-09-12 21:56:49 +02:00
Maxime Besson
00e91f374b
Add specific error code when missing a required SAML attr ( #1919 )
...
The MISSINGREQATTR message is a good default value, but a site
administrator may decide to override it with a personnalized version
that only applies to issuer errors caused by an incomplete user profile
(for example, giving a pointer to the local user profile management
application)
2019-09-06 11:04:39 +02:00
Maxime Besson
d61935ab6e
Implement introspection endpoint for access tokens ( #1843 )
2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5
Refactor endpoint auth
2019-08-29 18:57:26 +02:00
Maxime Besson
661a007b4a
Check OIDC access token expiration ( #1879 )
2019-08-21 12:18:55 +02:00
Maxime Besson
2e9f57ab6f
Better default behavior for oidcServiceMetaDataIssuer ( #1882 )
2019-08-13 18:09:59 +02:00
Maxime Besson
daa03a9a9c
OIDC: tie client_id to authorization code ( #1881 )
2019-08-09 13:54:53 +02:00
Clément OUDOT
4ee49de4c2
Adapt grant_types_supported attribute ( #1846 )
2019-07-25 19:06:53 +02:00
Clément OUDOT
c76dc52436
Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows ( #1846 )
2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44
Manage claims in ID token if no access token requested ( #1846 )
2019-07-08 15:15:13 +02:00
Clément OUDOT
1ebbde9a50
Tidy code and add missing check on hash_level ( #1835 )
2019-07-04 09:49:01 +02:00
Christophe Maudoux
161d6cee0f
Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t)
2019-07-03 22:17:22 +02:00
Xavier Guimard
c1137edba8
make tidy with perltidy-20181120
2019-07-02 20:03:40 +02:00
Xavier
c921c295ed
Use user skin in loadTemplate ( Fixes : #1828 )
2019-06-28 13:40:56 +02:00
Xavier Guimard
264410409d
Move CAS service verification from main to Issuer::CAS ( #1795 )
2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195
Check service= parameter on CAS logout ( #1795 )
...
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.
In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.
If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
2019-06-27 12:40:40 +02:00
Clément OUDOT
4e5c450b8b
Return error if no code provided on token endpoint ( #1802 )
2019-06-14 16:05:39 +02:00
Xavier
a6aaf8a507
Add XSS test ( #1795 )
2019-06-11 21:30:15 +02:00
Xavier
1a8948894d
Check CAS "service" parameter ( Fixes : #1795 )
2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa
Fix CASv2 logout ( #1753 )
2019-06-11 16:18:15 +02:00
Xavier
db2ee96bc8
Update versions ( #1777 )
2019-05-28 22:04:45 +02:00
Xavier
82171e9a90
Fix missing $req in SLO responses ( #1777 )
2019-05-28 21:45:54 +02:00
Xavier
acd6ba50e8
Fix some missing $req ( #1777 )
2019-05-28 19:52:08 +02:00
Clément OUDOT
926262170b
Implement PKCE in OIDC provider ( #1722 )
2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7
Create a configuration option to allow a Relying Party to be a public client
...
Allow unauthenticated requests on OAuth2 token endoint
#1725
2019-04-29 10:02:16 +02:00
Maxime Besson
2f9e6aa623
Allow override of username attribute for CAS apps
...
Global CAS options allows the admistrator to set the session attribute
that gets exported to all CAS application as the main identifier
(cas:user)
This commit adds the ability to override this configuration for a
particular CAS application.
OIDC already allows this
Fixes #1713
2019-04-28 21:06:34 +02:00
Maxime Besson
62f16721ff
Send username when calling CAS1.0 validation
...
Fixes #1724
2019-04-28 19:29:54 +02:00
Clément OUDOT
8859fe342b
Fix setHiddenFormValue ( #1692 )
2019-04-03 17:54:58 +02:00
Clément OUDOT
8be0817363
Send optional SAML attributes if they have a value ( #1681 )
2019-04-03 16:40:41 +02:00
Clément OUDOT
9a454fbb7a
Manage SLO termination if there is no RelayState ( #1671 )
2019-04-03 12:26:01 +02:00
Clément OUDOT
a805a5a00b
Manage SLO responses ( #1671 )
2019-04-02 17:27:47 +02:00
Clément OUDOT
4e76ee9582
Avoid warning during SAML SLO ( #1671 )
2019-04-02 16:13:45 +02:00
Clément OUDOT
5a30a82fa6
Add SLO Termination endpoint ( #1671 )
2019-04-01 18:02:38 +02:00
Clément OUDOT
39020e003e
Fix server error on SAML SLO ( #1671 )
2019-03-26 17:15:01 +01:00
Clément OUDOT
d620ae2e8b
Merge branch 'maxbes/lemonldap-ng-saml-issuer-entityid-override' into v2.0
2019-03-13 10:30:16 +01:00
Clément OUDOT
f6a3b527c8
Process SAML request to get current SP in env ( #1672 )
2019-03-12 16:52:01 +01:00
Maxime Besson
257d329151
Fix display of ok/nok image during multi-sp saml logout
2019-03-11 18:13:06 +01:00
Xavier Guimard
bc2bef4ff4
Please use our .perltidyrc
2019-03-07 18:22:58 +01:00
Maxime Besson
25d1c45fd4
Add new option to override EntityID when acting as IDP
2019-03-04 09:33:10 +01:00
Christophe Maudoux
0690a0c7ab
Improve code ( #1625 )
2019-02-14 22:12:40 +01:00
Christophe Maudoux
29c4a44975
Update version ( #1625 )
2019-02-07 17:22:14 +01:00
Christophe Maudoux
8b995f55bf
Restore OpenID activation global rule & Improve unit test ( #1625 )
2019-02-07 17:21:14 +01:00
Christophe Maudoux
b1048043e9
Restore GET activation global rule & Improve unit test ( #1625 )
2019-02-07 17:16:29 +01:00
Xavier Guimard
c7b4eb5051
tidy with new conf
2019-02-07 09:27:56 +01:00
Christophe Maudoux
5055b18087
Restore OIDC activation global rule ( #1625 ) & Improve unit test
2019-02-06 23:10:10 +01:00
Christophe Maudoux
b36db9706e
Restore SAML activation global rule ( #1625 )
2019-02-06 22:55:23 +01:00
Christophe Maudoux
f8144bc108
Typo ( #1625 )
2019-02-06 22:54:15 +01:00
Christophe Maudoux
007a5432f9
Restore CAS activation global rule ( #1625 )
2019-02-06 22:16:34 +01:00
Clément OUDOT
1a2de167d1
Reject invalid OIDC scopes ( #1599 )
2018-12-21 14:32:01 +01:00
Xavier Guimard
11857d9f8a
make tidy
2018-11-26 14:40:21 +01:00
Christophe Maudoux
304216bd52
Improve code ( #1533 )
2018-10-30 19:42:54 +01:00
Christophe Maudoux
93d16407e6
Fix debug messages ( #1533 )
2018-10-29 23:25:19 +01:00
Christophe Maudoux
78423bf151
Update persistent session only if oidcConsents are converted ( #1533 )
2018-10-29 23:10:34 +01:00
Clément OUDOT
4038bbb798
Fix call to returnCasServiceValidateError
2018-10-29 08:10:01 +01:00
Clément OUDOT
0839c9e3fd
Clear pdata when redirecting in CAS gateway mode ( #1528 )
2018-10-29 07:45:57 +01:00
Clément OUDOT
7690a56843
Put simple values in buil_urlencoded args ( #1527 )
2018-10-19 11:29:11 +02:00
Clément OUDOT
5d0e0d9b60
Fix call to updatePersistentSession ( #1498 )
2018-09-04 17:58:32 +02:00
Xavier Guimard
62d5c7836c
make tidy
2018-09-02 17:31:58 +02:00
Christophe Maudoux
6799ca9281
WIP - Fix debug message ( #1480 )
2018-08-08 23:46:15 +02:00
Christophe Maudoux
45216d2ed8
WIP - Test ( #480 )
2018-08-08 23:20:52 +02:00
Christophe Maudoux
942499cd66
Fix comments typo
2018-07-26 20:54:19 +02:00
Christophe Maudoux
9464c47a13
Cleaning code + perltidy ( #1464 )
2018-07-20 20:19:27 +02:00
Christophe Maudoux
bcd876924c
Fix mistake ( #1464 )
2018-07-20 19:41:26 +02:00
Christophe Maudoux
9efe2f3161
Add debug info ( #1464 )
2018-07-20 19:33:23 +02:00
Christophe Maudoux
8ee066b706
Delete old consent ( #1464 )
2018-07-20 00:02:35 +02:00
Christophe Maudoux
9403990a8c
perltidy ( #1464 )
2018-07-19 23:38:44 +02:00
Christophe Maudoux
8eb1b8674c
Add OIDC Consents convert function ( #1464 )
2018-07-19 23:02:06 +02:00
Xavier Guimard
a5efca5388
Remove trailing whitespaces ( #1464 )
2018-07-19 07:55:55 +02:00
Christophe Maudoux
d269db6346
WIP - Delete revoked consents ( #1464 )
2018-07-17 21:36:51 +02:00
Christophe Maudoux
344c7a644f
WIP - Delete revoked consents ( #1464 )
2018-07-17 19:12:35 +02:00
Christophe Maudoux
da44a7c83e
perltidy ( #1464 )
2018-07-17 18:18:50 +02:00
Christophe Maudoux
e1917a59de
Delete revoked consents ( #1464 )
2018-07-17 18:15:17 +02:00
Christophe Maudoux
72920d1ede
Modify oidcConsents key structure ( #1464 ) - perltidy
2018-07-16 23:00:44 +02:00
Christophe Maudoux
eff2b66cf2
WIP - Modify oidcConsents key structure
2018-07-15 19:17:48 +02:00
Christophe Maudoux
8d5693dc1d
WIP - Modify oidcConsents key structure
2018-07-15 17:53:06 +02:00
Christophe Maudoux
814b571fa9
WIP - Modify oidcConsents key structure
2018-07-15 17:31:58 +02:00
Christophe Maudoux
d9607ae32c
WIP - Modify oidcConsents key structure
2018-07-15 16:10:27 +02:00
Xavier Guimard
0f7b3ca71d
make tidy
2018-07-05 23:00:40 +02:00
Xavier Guimard
b2620c2679
s/datas/data
...
datas => des données
data => les données
2018-07-05 22:56:16 +02:00
Xavier Guimard
b790270794
Fix issuers use of pdata ( #1461 )
2018-07-05 18:45:29 +02:00
Xavier Guimard
7ce1bd2d08
Trying to use pdata for issuers ( #1461 )
2018-07-04 22:54:09 +02:00
Xavier Guimard
b6154f1ba4
Add ssoMatch sub for OIDC ( #1468 )
2018-06-30 08:21:48 +02:00
Xavier Guimard
1cd5a706c9
Avoid session conflict between Issuer and Auth OIDC ( #1468 )
2018-06-30 07:51:22 +02:00
Xavier Guimard
a5cc73a54c
Avoid session conflict between Issuer and Auth CAS ( #1468 )
2018-06-30 07:44:05 +02:00
Xavier Guimard
33712dcf13
Set ignore system for issuers ( #1468 )
2018-06-29 14:31:43 +02:00
Xavier Guimard
e6ad687618
Change session key names between Auth and Issuer (SAML #1468 )
2018-06-29 06:50:31 +02:00
Xavier Guimard
8596b339e8
Use build_urlencoded everywhere ( #1461 )
2018-06-26 19:13:06 +02:00
Clément OUDOT
3ba56c41b5
Manage CAS gateway mode ( #1425 )
2018-06-25 10:10:22 +02:00
Clément OUDOT
808922a388
Store CAS app in ENV ( #1161 )
2018-06-23 10:18:55 +02:00
Xavier Guimard
5129647d04
Don't add RP if already connected ( #1431 )
2018-06-21 17:43:36 +02:00
Clément OUDOT
0c8ab9a5f6
Apply patch to other location ( #1449 )
2018-06-13 10:50:57 +02:00
Clément OUDOT
dc978f5cc2
Remove bak file ( #1449 )
2018-06-13 10:37:01 +02:00
Clément OUDOT
ee7cf94a95
Fix debug message for artifact endpoint ( #1449 )
2018-06-13 10:34:23 +02:00
Xavier Guimard
2f008fc490
Fix bad usage of constants ( #1449 )
2018-06-13 06:34:08 +02:00
Xavier Guimard
772a69d90e
Missing error catch ( #595 )
2018-06-06 21:05:43 +02:00
Xavier Guimard
86283952b0
Fix partially #1422
2018-05-15 19:46:02 +02:00
Xavier Guimard
b0d16d653d
Fix renew problem with CAS ( fixes : #1422 )
2018-05-14 21:33:21 +02:00
Clément OUDOT
bd33897a52
Fix multi values separator ( #1420 )
2018-05-14 12:21:17 +02:00
Clément OUDOT
a27ef657b7
Rewrite code for CAS proxy ( #1420 )
2018-05-14 12:15:26 +02:00
Xavier Guimard
e0d83f5268
Fix some errors ( #1395 )
2018-03-12 06:43:47 +01:00
Clément OUDOT
a129f1e296
Allow CAS p3 URLs ( #1362 )
2018-02-08 22:40:06 +01:00
Xavier Guimard
0d491e96f4
Use same name for SP rules ( #1330 )
2017-11-11 13:51:48 +01:00
Clément Oudot
c6137d12d8
Possibility to override SAML Issuer value with domain ( #1324 )
2017-11-06 16:36:45 +00:00
Clément Oudot
251e78d5ab
Allow SLO without SessionIndex ( #1326 )
2017-11-03 08:23:29 +00:00
Xavier Guimard
a09af34412
Missing $req in updatePersistentSession calls ( fixes : #1319 )
2017-10-31 12:04:05 +00:00
Clément Oudot
80db34a4f2
Remove unused 'no strict subs' ( #595 )
2017-10-30 13:47:39 +00:00
Xavier Guimard
38df1cff91
Better Lasso import ( #595 )
2017-10-26 09:16:44 +00:00
Xavier Guimard
2dbdf55404
Typo ( #1302 )
2017-10-26 08:14:58 +00:00
Xavier Guimard
6072a31152
Move OIDC HTML fragments to tpl ( #1302 )
2017-10-11 11:51:50 +00:00
Xavier Guimard
46364da414
Move some HTML fragments to templates ( #1302 )
2017-10-10 11:04:40 +00:00
Xavier Guimard
fc582377ff
Clean SAML storage code ( #1305 )
2017-09-27 05:00:00 +00:00
Xavier Guimard
10177b4bfd
Default storage values (may fix #1305 )
2017-09-26 20:15:50 +00:00
Xavier Guimard
2787c33c01
Revert r6726 ( #1305 )
2017-09-26 19:54:45 +00:00
Xavier Guimard
69ece7740d
Update debian/control
2017-09-26 19:11:04 +00:00
Xavier Guimard
89f5783d16
More tests ( #1305 )
2017-09-26 17:50:38 +00:00
Xavier Guimard
306af4fa36
Normalize URL to be tolerant to SAML Path (references #1304 )
2017-09-22 14:20:55 +00:00
Clément Oudot
c5368caac2
Manage CAS logout service ( #1298 )
2017-09-11 15:26:44 +00:00
Clément Oudot
aecc815e4e
Do not use encrypt/decrypt for SAML session index ( #1261 )
2017-07-12 16:11:42 +00:00
Xavier Guimard
fefd723226
Avoid some warnings
2017-07-11 11:50:21 +00:00
Clément Oudot
ab3661fbf9
Fix translation of OIDC items in confirm.tpl ( #1250 )
2017-06-28 15:41:31 +00:00
Xavier Guimard
012cb3c23e
May fix #1236
2017-06-12 19:10:37 +00:00
Clément Oudot
318d43e07f
Check logout redirect URI ( #1233 )
2017-05-18 14:52:38 +00:00
Clément Oudot
851311ffe0
Prevent redirect before verifying authorized URI ( #1233 )
2017-05-16 15:26:28 +00:00
Xavier Guimard
74f780733d
Use App ExportedVars if defined ( #1183 )
2017-04-14 07:40:01 +00:00
Xavier Guimard
b83374b274
New Issuer::CAS ( #1183 )
2017-04-13 19:17:29 +00:00
Xavier Guimard
8e4dc89918
Some errors ( #595 )
2017-04-07 04:39:55 +00:00
Xavier Guimard
e7c3561451
Some errors ( #595 )
2017-04-07 04:39:53 +00:00
Xavier Guimard
2e59ea441a
Replace request management in handler ( #1044 )
...
Note: this is a big change, more tests needed
2017-03-28 21:07:49 +00:00
Xavier Guimard
775f1da607
Reauth for OIDC ( #1204 )
2017-03-28 17:09:46 +00:00
Xavier Guimard
c761cc5781
Mark some properties "lazy" to be sure conf is intialized ( #595 )
2017-03-27 16:51:18 +00:00
Xavier Guimard
20717fcce0
Verify SAML reauth ( #595 )
2017-03-26 05:26:25 +00:00
Xavier Guimard
d93130d168
Adapt SAML forceAuth to new portal ( #595 )
2017-03-24 18:04:46 +00:00