dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,087 Commits 3 Branches 0 Tags 75 MiB
92113fb6e3
Commit Graph

1191 Commits

Author SHA1 Message Date
Xavier Guimard
6a651b5bee Try to implement SAML reauth (#595) 2017-03-23 20:49:52 +00:00
Xavier Guimard
581f0e4c93 Portal part of reauthentication (#1204) 2017-03-23 18:22:40 +00:00
Xavier Guimard
050cf20c72 Session upgrade skeleton (#1204) 2017-03-23 12:41:53 +00:00
Xavier Guimard
7b06532ee6 Comments 2017-03-23 12:41:52 +00:00
Xavier Guimard
3cde1d0a58 Add second factor doc 2017-03-23 12:14:09 +00:00
Xavier Guimard
9c9e48512f Add second factor doc 2017-03-23 12:06:53 +00:00
Xavier Guimard
86d7a3a8c0 Add SecondFactor superclass (#1015) 2017-03-23 11:17:01 +00:00
Xavier Guimard
e33a741acf Add rules for 2f (#1015) 2017-03-23 06:20:06 +00:00
Xavier Guimard
6a76cf1e17 Use system() for security in External2F plugin (#1015) 2017-03-22 22:46:49 +00:00
Xavier Guimard
0538ad1cee Add External2F plugin (#1015) 2017-03-22 22:18:28 +00:00
Xavier Guimard
7e81e1b1e0 Add OIDC-RP rule (#1161) 2017-03-22 20:47:07 +00:00
Xavier Guimard
62528e8b6a Add SAML-SP rule (#1161) 2017-03-22 20:20:30 +00:00
Xavier Guimard
830f15f71d Bad safe usage (#595) 2017-03-22 19:03:49 +00:00
Xavier Guimard
e8c2925a3f Typo 2017-03-22 18:11:44 +00:00
Xavier Guimard
54cab03e06 Avoid warning (#1151) 2017-03-22 18:11:40 +00:00
Xavier Guimard
95d2253bdc Don't ask 2 token validations (Combination with token) 2017-03-22 18:11:36 +00:00
Xavier Guimard
077455e015 Update TODO list 2017-03-22 14:10:21 +00:00
Xavier Guimard
ca2e9be0e5 Rename _loginHistory (#1169) 2017-03-21 21:00:37 +00:00
Xavier Guimard
99ddfbfe25 Rename _startTime and _updateTime (#1169) 2017-03-21 20:52:40 +00:00
Xavier Guimard
51665b41f8 Validate OIDC-RP-to-SAML-IdP with POST (#1113) 2017-03-21 19:36:10 +00:00
Xavier Guimard
919a706efa Restore OpenID-2 (#1113) 2017-03-21 16:06:44 +00:00
Xavier Guimard
5993757427 Little things (#1113) 2017-03-21 07:59:54 +00:00
Xavier Guimard
6dba4fd1c2 Better request management in issuers (#595) 2017-03-21 06:23:58 +00:00
Xavier Guimard
7aeef26a94 Add portal in trusted domains 2017-03-20 18:14:10 +00:00
Xavier Guimard
1c6d81e86c Fix timeout 2017-03-20 18:14:08 +00:00
Xavier Guimard
d0467f0802 Restore relayState (#595) 2017-03-20 12:43:57 +00:00
Xavier Guimard
60796fa6a1 SAML in progress (#595) 2017-03-20 06:16:56 +00:00
Xavier Guimard
97fa806052 Adapt appsListOrder from 1.9 (#595) 2017-03-19 07:00:10 +00:00
Xavier Guimard
a6c2d72065 Update variable names (#LEMONDAP-1169) 2017-03-19 06:29:35 +00:00
Xavier Guimard
f1ac524c24 Use OTT for state token (#(595) 2017-03-18 19:51:00 +00:00
Xavier Guimard
1a65e9a0fe Use OTT for nonce token (#(595) 2017-03-18 19:50:56 +00:00
Xavier Guimard
6cab5c0990 Try SAML-SP to OIDC-OP (#1113) 2017-03-18 12:08:24 +00:00
Xavier Guimard
cdeec00972 Replace "?lmError=" by router path (#595) 2017-03-16 21:33:13 +00:00
Xavier Guimard
9a5ecdf1cb Repair activeTimer (#595) 2017-03-16 20:19:06 +00:00
Clément Oudot
272296841a Force AllowCreate in NameIDPolicy (#1200) 2017-03-16 18:39:00 +00:00
Xavier Guimard
bf3c43aecd Replace inline css (#1137) 2017-03-16 11:38:52 +00:00
Xavier Guimard
0845237efe Import CSP in manager code (#1137) 2017-03-15 22:27:58 +00:00
Xavier Guimard
9b9ecee8bb Replace inline script in history (#1137) 2017-03-15 21:20:10 +00:00
Xavier Guimard
1c76c713e7 Remove persistent cookie on lougout (#1131) 2017-03-15 10:01:36 +00:00
Xavier Guimard
126fdb091c Manage cookie expiration (#1131) 2017-03-15 10:01:29 +00:00
Xavier Guimard
15cf1991bd Reinitialize token when login fails (#1140) 2017-03-14 17:38:50 +00:00
Xavier Guimard
43437a5244 Reinitialize token when login fails (#1140) 2017-03-14 17:26:07 +00:00
Xavier Guimard
2d7902421a Reinitialize token when login fails (#1140) 2017-03-14 16:52:11 +00:00
Xavier Guimard
a07e92759c Add Auth::PAM (#closes: #1196) 2017-03-14 15:34:10 +00:00
Clément Oudot
efb776a7bf Remove unused icons (#1184) 2017-03-14 14:40:09 +00:00
Xavier Guimard
05a856ebb1 FrontChannel frame for already logged out user (#1194) 2017-03-12 07:36:07 +00:00
Xavier Guimard
73b71e5587 Set timeout in local cache (#1140) 2017-03-12 07:11:52 +00:00
Xavier Guimard
ec211da331 OIDC RP logout skeleton 2017-03-11 18:12:03 +00:00
Xavier Guimard
a8f3eee74a Use global sessions only (#595) 2017-03-11 18:12:01 +00:00
Xavier Guimard
81d3729394 Use local cache by default for tokens (#1140) 2017-03-11 18:11:57 +00:00
Clément Oudot
6b775be965 Apply patch in loadSP (#1193) 2017-03-11 10:02:50 +00:00
Xavier Guimard
f54dfe6276 More clean patch (#1193) 2017-03-11 07:27:52 +00:00
Xavier Guimard
c73dce5c3f Typo (#1194) 2017-03-11 07:16:27 +00:00
Xavier Guimard
8f4b4588c7 Fix LEMONLDAP-1193 2017-03-11 07:16:24 +00:00
Xavier Guimard
7f460429e1 OIDC OP2RP logout in progress (#1194) 2017-03-10 11:39:19 +00:00
Xavier Guimard
8a5f8d96ef Front-channel logout (#1032) 2017-03-09 21:56:51 +00:00
Xavier Guimard
2c5dddde8a Unused constant (#595) 2017-03-09 21:56:50 +00:00
Xavier Guimard
d70a5b005f Update handler internal cache on session update (#595) 2017-03-09 21:56:48 +00:00
Xavier Guimard
4d9a8da274 Register OIDC associations (#1032) 2017-03-09 21:56:47 +00:00
Xavier Guimard
179f6e0381 Follow OIDC spec: bad error codes (closes: #1191) 2017-03-09 21:56:43 +00:00
Xavier Guimard
4665c9d2ea Revert r6192 (#595) 2017-03-09 05:44:16 +00:00
Xavier Guimard
6c042c5660 Launch other logouts in OIDC (#1032) 2017-03-08 22:49:00 +00:00
Xavier Guimard
244fad96a0 no strict (#595) 2017-03-08 22:48:57 +00:00
Xavier Guimard
dec3eb4feb Error: IdP cookie was not read (#595) 2017-03-08 22:48:55 +00:00
Xavier Guimard
3926b9876a StayConnected checkbox (closes: #1131) 2017-03-08 21:09:21 +00:00
Xavier Guimard
ef444dab43 Verify fingerprint (#1131) 2017-03-08 20:56:48 +00:00
Xavier Guimard
6c0a0b6350 Keep combination state when used with StayConnected (#1131) 2017-03-08 20:56:47 +00:00
Xavier Guimard
3921f07349 Keep combination state with stay connected (#1131) 2017-03-08 20:56:45 +00:00
Xavier Guimard
9183935b26 Typo (#595) 2017-03-08 20:56:41 +00:00
Xavier Guimard
8a85dfe0c5 StayConnected plugin ready (#1131) 
TODO: stayconnected parameter in login.tpl, that's all !
 2017-03-08 19:37:31 +00:00
Xavier Guimard
57189c1fb6 StayConnected plugin (#1131) 
TODO: - check fingerprint back
      - insert "stayconnected" param in login.tpl
 2017-03-07 22:20:51 +00:00
Xavier Guimard
f63e5eaca1 Add version in conf (to be used later with #797) 2017-03-07 17:49:46 +00:00
Xavier Guimard
2fb085b2a6 New "Custom" modules family (closes: #1188) 2017-03-07 17:28:09 +00:00
Xavier Guimard
6344051c75 Update some versions 2017-03-07 06:05:08 +00:00
Xavier Guimard
a9c36da63d Check if vhostOptions is defined (#1185) 2017-03-06 20:26:22 +00:00
Xavier Guimard
82d39edc42 Verify "mysession" (#970) 2017-03-06 16:43:06 +00:00
Xavier Guimard
906f081b31 Verify REST backend config (#970) 2017-03-06 15:06:49 +00:00
Xavier Guimard
64e5b3c53c Import local configuration for conf access (#595) 2017-03-06 12:18:06 +00:00
Xavier Guimard
d5484c28a7 Add u2fAuthnLevel (#1148) 2017-03-06 12:18:04 +00:00
Xavier Guimard
a065f941ed Security: verify that method is POST for main forms (#595) 2017-03-04 08:36:26 +00:00
Xavier Guimard
96263e0e65 Clean repo 2017-03-03 17:25:03 +00:00
Xavier Guimard
5d0a4bd96b UTF-8 for Artifacts (#1118) 2017-03-03 16:57:02 +00:00
Xavier Guimard
d83cd6d584 Remove portal part of #971 2017-03-03 12:29:47 +00:00
Xavier Guimard
59970dd3d6 Typo (#595) 2017-03-03 12:17:15 +00:00
Xavier Guimard
8c4367fd3f Service token in progress (#971) 2017-03-03 06:29:50 +00:00
Xavier Guimard
0b25e306d6 Update LDAP tests (see r6129) + fix bad log (#595) 2017-03-02 21:25:03 +00:00
Xavier Guimard
b31afabc5d Fix UTF for OIDC (#1118) 2017-03-02 20:52:12 +00:00
Clément Oudot
fcd76f42a1 Fix LDAP password change code 2017-03-02 17:21:15 +00:00
Xavier Guimard
cd3ce4c55c LDAP tests in progress (#1118) 2017-03-02 06:35:15 +00:00
Xavier Guimard
587277e621 Change password test (#595) 2017-03-02 06:13:52 +00:00
Xavier Guimard
d29fef91f6 UTF8 tests for DBI backend (#1118) 2017-03-01 17:35:15 +00:00
Xavier Guimard
cc18d7f050 First UTF-8 tests (#1118) 2017-03-01 17:35:12 +00:00
Xavier Guimard
64756142e1 Service token server (#971) 2017-03-01 06:41:42 +00:00
Xavier Guimard
e2f4de3f9d Missing versions (#595) 2017-02-28 20:53:19 +00:00
Clément Oudot
ffa83eb6b0 Use getSkin to choose portal skin in Register and MailReset (#1177) 2017-02-28 18:43:27 +00:00
Clément Oudot
c18533d447 Use getSkin to choose portal skin (#1177) 2017-02-28 18:39:56 +00:00
Xavier Guimard
b0f0e1004b Replace SOAP by REST for AuthBasic (#970) 2017-02-28 09:49:37 +00:00
Xavier Guimard
4102180eff Typo 2017-02-28 06:34:52 +00:00
Xavier Guimard
7da90a8850 Add ~getCookie (#970) 2017-02-28 06:34:51 +00:00
Xavier Guimard
c773150d86 Security error 2017-02-28 06:34:49 +00:00
Xavier Guimard
b132e83530 Better token for REST session creation (#970) 2017-02-28 05:30:47 +00:00
Xavier Guimard
c0c67fd0bd Minimize persistentSession tie/untie (#713, #LEMONLDAP-1173) 2017-02-27 20:48:00 +00:00
Xavier Guimard
046554d41b Clean old files (#1151) 2017-02-24 11:33:58 +00:00
Xavier Guimard
d65e8e5bd4 Clean old files (#1151) 2017-02-24 11:32:53 +00:00
Xavier Guimard
7be468841b Add conditional SSLVar (closes: #803) 2017-02-24 06:29:50 +00:00
Xavier Guimard
9f731e3fd7 Little things (closes: #1174) 2017-02-24 05:37:32 +00:00
Xavier Guimard
d7025a2251 Add REST Auth/UserDB/Password backend (closes: #1174) 2017-02-23 21:46:00 +00:00
Xavier Guimard
e315a447d7 Change JS access (#1137) 2017-02-21 05:38:59 +00:00
Xavier Guimard
7a71c9db37 Revert r6047 (#1148) 2017-02-20 21:59:31 +00:00
Xavier Guimard
8c3ff5fb0b Minimize Apache::Session tie/untie (closes: #1173) 2017-02-20 21:00:05 +00:00
Xavier Guimard
ffd769e780 U2F update (#1148) 
Broken for now (pb with session->update)
 2017-02-20 17:30:58 +00:00
Xavier Guimard
4b5e081e18 U2F modified (#1148) 2017-02-20 06:21:28 +00:00
Xavier Guimard
09f13b1b00 Notification server SOAP/REST (#595) 2017-02-19 17:04:49 +00:00
Xavier Guimard
761cf58e0a Little error (#595) 2017-02-19 12:02:19 +00:00
Xavier Guimard
e71d96a2e8 Clean checkLogin usage (#595) 2017-02-19 11:56:20 +00:00
Xavier Guimard
ede8f56ef3 Tidy 2017-02-19 11:51:58 +00:00
Xavier Guimard
697ebfdf8e Move default mail subjects in JSON (may close #1033) 2017-02-19 08:07:21 +00:00
Xavier Guimard
2e680c2ff1 Enable history (#595) 2017-02-19 07:17:48 +00:00
Xavier Guimard
22c22af3c0 Don't create session before U2F check (#1148) 2017-02-19 07:17:45 +00:00
Xavier Guimard
2735520c16 Don't use "login" to display errors for connected users (#595) 2017-02-19 07:17:42 +00:00
Xavier Guimard
11e6cd2134 Don't display menu when reject (#595) 2017-02-19 07:17:39 +00:00
Xavier Guimard
fa0fe980a2 Don't display login form on error if user authenticated (#595) 2017-02-19 07:17:37 +00:00
Xavier Guimard
a70842603a Update portal status (#595) 2017-02-18 14:25:51 +00:00
Xavier Guimard
3e4554ee45 Move some errors from tech logs to user logs (#595) 2017-02-18 14:25:48 +00:00
Xavier Guimard
ca2c453e71 Add "public pages" concept to 2.0 (#1120) 2017-02-18 06:49:06 +00:00
Xavier Guimard
3dd8684829 Translation for mails (#595) 2017-02-17 20:47:01 +00:00
Xavier Guimard
87bb55cb00 Other session plugins (#595) 2017-02-17 07:40:18 +00:00
Xavier Guimard
97b8b40cc5 Add grantSession test (#595) 2017-02-17 07:40:15 +00:00
Xavier Guimard
53402413f0 GrantSession plugin (#595) 2017-02-16 18:14:42 +00:00
Xavier Guimard
1642a20d56 Display multiple forms (#830) 2017-02-16 17:22:08 +00:00
Xavier Guimard
b6e4d862e3 Add authLogout sub (#1151) 2017-02-16 17:22:03 +00:00
Xavier Guimard
99aa48105a Add refresh session utility (#852) 
TODO: link in menu
 2017-02-16 16:11:12 +00:00
Xavier Guimard
271a30ec28 Import SAML SP parameters in $req->env (closes: #1157) 2017-02-16 08:24:02 +00:00
Xavier Guimard
ddc7e01a08 Try to implement re-auth (#595) 
@coudot: must be tested ;-)
 2017-02-15 19:03:59 +00:00
Xavier Guimard
8758f074c7 Add log (#595) 2017-02-15 19:03:55 +00:00
Xavier Guimard
1e7b2c4a39 Add LWP options (closes: #1065) 2017-02-15 15:08:23 +00:00
Clément Oudot
c702ba763b Export CAS request parameters in %ENV (#1158) 2017-02-15 14:59:56 +00:00
Xavier Guimard
5a701ff366 Better userLogger (fix: #857) 2017-02-15 14:17:02 +00:00
Xavier Guimard
b829b6c19b Replace userNotice/Error... by userLogger (#857) 2017-02-15 14:16:59 +00:00
Xavier Guimard
d446e15488 Replace userLogger object in Combination 2017-02-15 14:16:53 +00:00
Clément Oudot
80a03c6290 Add more OIDC request parameters in %ENV (#1156) 2017-02-15 10:45:57 +00:00
Clément Oudot
1948637f2d Do not search SAML proxy sessions for IDP SSO initiated (#1147) 2017-02-15 08:36:24 +00:00
Xavier Guimard
deb28bc9cb Replace lmLog by logger-> (#857) 2017-02-15 06:41:50 +00:00
Clément Oudot
21f59356e5 Return invalid_grant when provided code is invalid (#1142) 2017-02-14 14:28:53 +00:00
Clément Oudot
a213ff0ba0 Do not decode session values when replacing HTML templates var (#1141) 2017-02-13 10:43:26 +00:00
Clément Oudot
00b18caf6c Populate user variable for logging purpose (#1145) 2017-02-13 10:36:03 +00:00
Xavier Guimard
c5626c77b5 Create logger files (#1162) 2017-02-12 20:09:46 +00:00
Xavier Guimard
d1091a2c99 Little updates 2017-02-11 20:07:12 +00:00
Xavier Guimard
40b7535ff3 Reorganize handler (closes: #1160) 2017-02-11 07:47:22 +00:00
Xavier Guimard
18a51d858a Replace %ENV by $req->env (#1156) 2017-02-09 08:05:55 +00:00
Xavier Guimard
820691df33 Start handler reorganization (#1160) 2017-02-08 22:18:52 +00:00
Xavier Guimard
8768b563fa Full ajax registration (#1148) 2017-02-08 18:10:06 +00:00
Clément Oudot
c54ac7f96b Decode body and subject to avoid double encoding (#1141) 2017-02-08 16:53:13 +00:00
Clément Oudot
b938f523e4 Put OIDC request parameters in %ENV (#1156) 2017-02-08 13:51:46 +00:00
Xavier Guimard
35f506bd60 Start rewrite Register::U2F using Ajax (#1148) 
NB: broken for now
 2017-02-08 13:01:02 +00:00
Clément Oudot
6009adc71b Fix typo on acr_values (#1155) 2017-02-08 10:10:16 +00:00
Xavier Guimard
a04f5acd1d U2F is ready for skin bootstrap (#1148) 2017-02-07 22:04:49 +00:00
Xavier Guimard
8936677deb Avoid info() wrapper (#595) 2017-02-07 17:57:19 +00:00
Xavier Guimard
5c421f8b61 Spelling parser 2017-02-07 14:46:28 +00:00
Xavier Guimard
d74550384b U2F in progress (#1148) 2017-02-07 12:52:56 +00:00
Xavier Guimard
cd894cbc2c Add test for combination (#1151) 2017-02-07 06:21:23 +00:00
Xavier Guimard
a8cb294037 Update combModules key (#1151) 2017-02-06 12:36:27 +00:00
Xavier Guimard
8a3bb7b0f9 Combination override conf (#1151) 
TODO: lot of job in the manager...
 2017-02-05 23:04:28 +00:00
Xavier Guimard
b78022558d More combination tests (#1151) 2017-02-05 21:12:06 +00:00
Xavier Guimard
afcb39a355 Combination in progress (#1151) 2017-02-05 17:05:33 +00:00
Xavier Guimard
193ac7c260 Combination in progress (#1151) 2017-02-05 13:11:14 +00:00
Xavier Guimard
6cccc434e1 Combination skeleton (#1151) 2017-02-05 12:24:26 +00:00
Xavier Guimard
7d27259e64 Create a "Same" value for userDB and remove some other 2017-02-05 09:13:20 +00:00
Xavier Guimard
ebf077f7f5 U2F in progress (#1148) 2017-02-04 07:55:47 +00:00
Xavier Guimard
8ef4391303 Rearrange plugins loading 2017-02-04 07:55:44 +00:00
Xavier Guimard
41da50b8ca U2F registration works (#1148) 2017-02-03 17:14:13 +00:00
Xavier Guimard
c9a3aea761 U2F in progress (#1148) 2017-02-03 06:23:39 +00:00
Xavier Guimard
a14d718351 U2F skeleton (#1148) 2017-02-02 21:48:32 +00:00
Xavier Guimard
71b9b98cbb Notif/JSON tested (closes: #868) 2017-02-02 12:29:59 +00:00
Xavier Guimard
5b96200ed6 Rearrange JSON file (#868) 2017-02-02 06:33:34 +00:00
Xavier Guimard
4178455d95 Notif in progress (#868) 2017-02-02 06:08:40 +00:00
Xavier Guimard
88366c0381 Type (#868) 2017-02-02 05:37:58 +00:00
Xavier Guimard
b78c094518 Remove Auth/BrowserID (see #602) 2017-02-01 10:31:59 +00:00
Xavier Guimard
dc2080716d Notification JSON/File (#868) 2017-02-01 05:30:44 +00:00
Xavier Guimard
be55c43316 First JSON notif test (#868) 2017-01-31 22:31:25 +00:00
Xavier Guimard
03f2df36d3 Prepare JSON notifications (#868) 2017-01-31 22:10:26 +00:00
Xavier Guimard
61fd463f45 Split notifications (XML vs JSON) [#868] 2017-01-31 19:11:59 +00:00
Xavier Guimard
f6665c2d41 Bad usage of getModule (#595) 2017-01-30 21:35:37 +00:00
Xavier Guimard
3db4967853 Radius (#595) 2017-01-30 21:24:44 +00:00
Xavier Guimard
1b806590a5 WebID (#595) 2017-01-30 21:00:54 +00:00
Xavier Guimard
5dc2df2a5e More doc (#595) 2017-01-30 20:21:58 +00:00
Xavier Guimard
5e2e7a62ee Remove old file (#595) 2017-01-30 08:57:18 +00:00
Xavier Guimard
bf4773a033 More pwd-reset tests (#595) 2017-01-30 05:54:30 +00:00
Xavier Guimard
7db2fbfe07 Pwd reset by mail in progress (#595) 2017-01-29 18:08:33 +00:00
Xavier Guimard
de67ee9230 Pwd reset in progress (#595) 2017-01-29 13:06:28 +00:00
Xavier Guimard
7a3725db9d Pwd reset in progress (#595) 2017-01-29 09:11:27 +00:00
Xavier Guimard
2582fc21f1 Issue #595 in progress 2017-01-29 09:11:20 +00:00
Xavier Guimard
831a85228f Mail reset skeleton (#595) 2017-01-28 12:58:22 +00:00
Xavier Guimard
2bc7a6575a Avoid little warning (#595) 2017-01-27 22:40:17 +00:00
Xavier Guimard
abb49f7b39 Translate auth Yubikey (#595) 
NB: not verified. @clement, can you test it ?
 2017-01-27 06:08:54 +00:00
Xavier Guimard
c718eceb53 Captcha for registration (#595) 2017-01-27 05:51:19 +00:00
Xavier Guimard
0c80f00603 Token in register form (#1140) 2017-01-26 21:42:42 +00:00
Xavier Guimard
12ad708c4a Captcha in progress (#595) 2017-01-26 21:42:40 +00:00
Xavier Guimard
086a1ddbd8 Add captcha size in display (#595) 2017-01-26 17:53:14 +00:00
Xavier Guimard
469e6feadd Verify captcha login (#595) 2017-01-25 22:08:15 +00:00