Christophe Maudoux
9ec3ef8cfe
Merge branch 'v2.0'
2019-09-22 15:54:58 +02:00
Christophe Maudoux
5d9fc02205
Typo & logger
2019-09-20 22:47:48 +02:00
Clément OUDOT
dc0a8f7848
Add some log when user is authorized to access to service ( #1702 )
2019-09-19 16:52:08 +02:00
Clément OUDOT
dd76c4f3db
Improve log for CAS Issuer ( #1702 )
2019-09-19 16:18:51 +02:00
Clément OUDOT
e446e09a7f
Improve log ( #1702 )
2019-09-19 16:07:10 +02:00
Clément OUDOT
0466a2c8cc
Merge remote-tracking branch 'origin/master' into maxbes/lemonldap-ng-fix-1882-remove-oidcServiceMetaDataIssuer
2019-09-19 15:31:25 +02:00
Christophe Maudoux
52be87b012
Merge branch 'v2.0'
2019-09-18 21:14:24 +02:00
Christophe Maudoux
92c8e6791f
Typo ( #1702 )
2019-09-18 19:49:22 +02:00
Maxime Besson
a8cab64c5b
Remove oidcServiceMetaDataIssuer ( #1882 )
2019-09-17 21:34:25 +02:00
Xavier
e50e7d09d1
Update version of (really) modified files
2019-09-12 21:56:49 +02:00
Xavier
d881605fed
Merge branch 'v2.0'
2019-09-11 21:22:50 +02:00
Maxime Besson
00e91f374b
Add specific error code when missing a required SAML attr ( #1919 )
...
The MISSINGREQATTR message is a good default value, but a site
administrator may decide to override it with a personnalized version
that only applies to issuer errors caused by an incomplete user profile
(for example, giving a pointer to the local user profile management
application)
2019-09-06 11:04:39 +02:00
Christophe Maudoux
174193e74c
Merge branch 'v2.0'
2019-09-01 22:11:33 +02:00
Maxime Besson
d61935ab6e
Implement introspection endpoint for access tokens ( #1843 )
2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5
Refactor endpoint auth
2019-08-29 18:57:26 +02:00
Christophe Maudoux
1212cd9ba2
Merge branch 'v2.0'
2019-08-25 18:47:43 +02:00
Maxime Besson
661a007b4a
Check OIDC access token expiration ( #1879 )
2019-08-21 12:18:55 +02:00
Christophe Maudoux
28732d614b
Merge branch 'v2.0'
2019-08-15 22:43:20 +02:00
Maxime Besson
2e9f57ab6f
Better default behavior for oidcServiceMetaDataIssuer ( #1882 )
2019-08-13 18:09:59 +02:00
Christophe Maudoux
866d5457f3
Merge branch 'v2.0'
2019-08-09 23:33:59 +02:00
Maxime Besson
daa03a9a9c
OIDC: tie client_id to authorization code ( #1881 )
2019-08-09 13:54:53 +02:00
Christophe Maudoux
499b16bd07
Merge branch 'v2.0'
2019-07-31 16:34:38 +02:00
Clément OUDOT
4ee49de4c2
Adapt grant_types_supported attribute ( #1846 )
2019-07-25 19:06:53 +02:00
Christophe Maudoux
b7c8d30b3f
Merge branch 'v2.0'
2019-07-10 12:16:43 +02:00
Clément OUDOT
c76dc52436
Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows ( #1846 )
2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44
Manage claims in ID token if no access token requested ( #1846 )
2019-07-08 15:15:13 +02:00
Clément OUDOT
1ebbde9a50
Tidy code and add missing check on hash_level ( #1835 )
2019-07-04 09:49:01 +02:00
Christophe Maudoux
161d6cee0f
Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t)
2019-07-03 22:17:22 +02:00
Xavier
3b7a70e0b7
Merge branch 'v2.0' (with new tidy)
2019-07-02 20:12:11 +02:00
Xavier Guimard
c1137edba8
make tidy with perltidy-20181120
2019-07-02 20:03:40 +02:00
Xavier
1718efe6d5
Merge branch 'v2.0'
2019-06-30 09:37:15 +02:00
Xavier
c921c295ed
Use user skin in loadTemplate ( Fixes : #1828 )
2019-06-28 13:40:56 +02:00
Xavier
1a1ccd7568
Merge branch 'crypto-improvements'
2019-06-27 22:03:05 +02:00
Xavier Guimard
264410409d
Move CAS service verification from main to Issuer::CAS ( #1795 )
2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195
Check service= parameter on CAS logout ( #1795 )
...
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.
In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.
If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
2019-06-27 12:40:40 +02:00
Xavier
d27e4bcc55
Merge branch 'v2.0'
2019-06-15 09:23:50 +02:00
Clément OUDOT
4e5c450b8b
Return error if no code provided on token endpoint ( #1802 )
2019-06-14 16:05:39 +02:00
Xavier
a2454ff4cc
Merge branch 'v2.0'
2019-06-12 21:44:39 +02:00
Xavier
a6aaf8a507
Add XSS test ( #1795 )
2019-06-11 21:30:15 +02:00
Xavier
1a8948894d
Check CAS "service" parameter ( Fixes : #1795 )
2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa
Fix CASv2 logout ( #1753 )
2019-06-11 16:18:15 +02:00
Xavier
f75093d433
Merge branch 'v2.0'
2019-05-28 22:12:50 +02:00
Xavier
db2ee96bc8
Update versions ( #1777 )
2019-05-28 22:04:45 +02:00
Xavier
82171e9a90
Fix missing $req in SLO responses ( #1777 )
2019-05-28 21:45:54 +02:00
Xavier
acd6ba50e8
Fix some missing $req ( #1777 )
2019-05-28 19:52:08 +02:00
Xavier
29b71569de
Merge branch 'v2.0'
2019-04-30 21:03:14 +02:00
Clément OUDOT
926262170b
Implement PKCE in OIDC provider ( #1722 )
2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7
Create a configuration option to allow a Relying Party to be a public client
...
Allow unauthenticated requests on OAuth2 token endoint
#1725
2019-04-29 10:02:16 +02:00
Maxime Besson
2f9e6aa623
Allow override of username attribute for CAS apps
...
Global CAS options allows the admistrator to set the session attribute
that gets exported to all CAS application as the main identifier
(cas:user)
This commit adds the ability to override this configuration for a
particular CAS application.
OIDC already allows this
Fixes #1713
2019-04-28 21:06:34 +02:00
Maxime Besson
62f16721ff
Send username when calling CAS1.0 validation
...
Fixes #1724
2019-04-28 19:29:54 +02:00