Xavier
6cdfd72197
setSecurity skeleton for Combination ( #2009 )
2019-11-20 17:47:56 +01:00
Christophe Maudoux
ef5d0cde48
Merge branch 'v2.0' into globalLogout
2019-11-18 22:15:54 +01:00
Christophe Maudoux
e20555623e
Append defaulCondition option ( #2012 )
2019-11-18 17:34:56 +01:00
Christophe Maudoux
ea3337574c
Append conf manager test ( #2012 )
2019-11-17 22:36:52 +01:00
Christophe Maudoux
d935753eaf
Append to JSON format condition check & improve unit test ( #2012 )
2019-11-17 22:25:06 +01:00
Christophe Maudoux
c548a4d03e
Typo
2019-11-17 22:23:12 +01:00
Christophe Maudoux
15711c642e
Merge branch 'v2.0' into globalLogout
2019-11-15 21:49:56 +01:00
Christophe Maudoux
7b637f5a04
Update response and unit test ( #1999 )
2019-11-15 21:49:01 +01:00
Christophe Maudoux
632f731774
Allow non array ref with single checkbox and split notification body ( #2012 )
2019-11-15 21:03:18 +01:00
Maxime Besson
04f5116c23
Fix Kerberos in session upgrade ( #2010 )
2019-11-15 16:10:37 +01:00
Maxime Besson
57b28940fa
Do not show password change prompt when AD password is incorrect ( #2007 )
2019-11-15 11:59:03 +01:00
Maxime Besson
258fba5eaa
Do not store session key if attribute was missing from UserDB ( #2004 )
2019-11-15 11:29:46 +01:00
Maxime Besson
bedcf20806
Change portal error code on 2F failure ( #2008 )
2019-11-15 11:19:08 +01:00
Christophe Maudoux
193666d963
Tidy ( #1999 )
2019-11-14 22:06:15 +01:00
Christophe Maudoux
bd3cfb0c1c
Append REST service ( #1999 )
2019-11-14 22:02:18 +01:00
Christophe Maudoux
ad1040986b
Typo
2019-11-13 21:27:48 +01:00
Christophe Maudoux
7ef9e132c9
Append GlobalLogout plugin ( #1999 )
2019-11-13 20:56:56 +01:00
Christophe Maudoux
818ebc89be
Improve code ( #1999 )
2019-11-13 16:42:32 +01:00
Christophe Maudoux
8f3c0d234e
Force globalLogout ( #1999 )
2019-11-13 16:10:20 +01:00
Christophe Maudoux
297ef8cd8c
Merge branch 'v2.0' into globalLogout
2019-11-12 22:17:09 +01:00
Christophe Maudoux
75b37eadb2
Fix CheckUser search attributes
2019-11-12 22:16:05 +01:00
Christophe Maudoux
603293411b
Use userData instead of sessionInfo to fix ContectSwitching debug log
2019-11-12 10:00:11 +01:00
Christophe Maudoux
7245e5349c
Typo
2019-11-11 22:38:51 +01:00
Christophe Maudoux
0967a82e99
Check OTT ( #1783 )
2019-11-11 22:34:16 +01:00
Christophe Maudoux
80a1e4bf57
WIP - Append GlobalLogout plugin ( #1999 )
2019-11-11 22:33:30 +01:00
Christophe Maudoux
2e0d2b7e14
Typo
2019-11-11 21:50:28 +01:00
Christophe Maudoux
e225516105
Typo
2019-11-10 21:43:21 +01:00
Maxime Besson
2639c482b1
Fix cookie removal on SAML logout ( #2001 )
...
Since the fixes for #1863 , calling p->do consumes the response headers
set by any previous code. So we must only call do() in a return statement.
2019-11-06 18:44:10 +01:00
Maxime Besson
7bdd33eb46
Fix token ID format ( #1998 )
2019-11-06 11:45:47 +01:00
Christophe Maudoux
32126c4aca
Set ENV ( #1996 )
2019-11-05 11:03:10 +01:00
Maxime Besson
713737c11f
Add an option to return claims in ID token
2019-11-04 18:27:28 +01:00
Maxime Besson
b34a229eda
Add doc for buildUserInfoResponseFromId
2019-11-04 10:47:35 +01:00
Maxime Besson
68704955d2
Apply suggestion to lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
2019-11-04 10:47:35 +01:00
Maxime Besson
a386a7502a
Allow refresh tokens to be emitted for regular sessions ( #813 )
2019-11-04 10:44:54 +01:00
Maxime Besson
ea2365cc98
Implement OIDC Offline sessions through refresh tokens ( #813 )
2019-11-04 10:44:54 +01:00
Christophe Maudoux
c01c26af6a
Append option to override Issuer OTT storage ( #1993 )
2019-10-31 11:40:33 +01:00
Maxime Besson
7d3b2a95a5
Avoid setting req->user to emtpy value in Demo module
...
This can cause issues when using Combination and password reset in
testing environments
2019-10-30 20:22:37 +01:00
Maxime Besson
5b2f3ca576
Merge branch 'remove-saml-idp-cookie-1941' into 'v2.0'
...
Remove SAML IDP cookie (#1941 )
See merge request lemonldap-ng/lemonldap-ng!99
2019-10-30 16:01:11 +01:00
Clément OUDOT
fb74d03a89
Use whatToTrace for logging messages ( #1991 )
2019-10-29 17:28:55 +01:00
Christophe Maudoux
9892173cc3
Tidy & update version ( #1989 )
2019-10-27 21:15:48 +01:00
Christophe Maudoux
73d83dd7f0
Append missing parameters & improve unit test ( #1989 )
2019-10-27 21:13:25 +01:00
Maxime Besson
ed3e274ab1
Fix force password reset in Combination ( #1984 )
2019-10-24 08:58:04 +02:00
Maxime Besson
4afecb4620
Remove IDP cookie ( #1941 )
2019-10-17 23:09:03 +02:00
Christophe Maudoux
3c2ecfd04a
Tidy ( #1956 )
2019-10-13 22:47:57 +02:00
Christophe Maudoux
f188426f8b
Fix custom function parameter ( #1956 )
2019-10-13 22:29:12 +02:00
Christophe Maudoux
0ca649f106
Use custom decrypt functions ( #1956 )
2019-10-13 15:08:32 +02:00
Maxime Besson
2b4defb2a9
Prevent portal from crashing when keepPdata=1 ( #1893 )
...
Since the changes introduced to fix #1893 , keepPdata is expected to
contain an array of values.
When migrating from previous LLNG versions, cookies may contain
keepPdata=1, which crashes the server because 1 isn't an arrayref
This change makes LLNG consider that keepPdata=1 is not a valid value,
and replaces it with an empty arrayref when starting the login or logout
flow.
2019-10-09 17:35:48 +02:00
Maxime Besson
ff9bb46301
Make notification system take pdata url into account ( #1893 )
2019-10-08 22:40:10 +02:00
Maxime Besson
2bce713f65
Set issuer urldc in pdata ( #1893 )
2019-10-08 22:40:10 +02:00
Maxime Besson
3ee708d8ff
Delay cookie restore after hooks ( #1965 )
2019-10-07 17:26:40 +02:00
Maxime Besson
474bb48aa1
Make Password::LDAP/AD check connection before use ( #1909 )
...
Also remove a mostly redundant wrapper method in Auth::LDAP
2019-10-01 19:17:31 +02:00
Maxime Besson
fa49e77495
Better logs in case of a LDAP error
2019-10-01 15:14:51 +02:00
Clément OUDOT
a239091553
Load String::Random ( #1963 )
2019-10-01 14:49:41 +02:00
Christophe Maudoux
138cfe6edb
Append DecryptValue plugin ( #1956 )
2019-09-30 22:29:49 +02:00
Christophe Maudoux
a219a51e1c
Revert "Make manifest"
...
This reverts commit c00110ed01
.
2019-09-30 22:28:55 +02:00
Christophe Maudoux
35de9fd3e8
Re-order
2019-09-30 22:27:03 +02:00
Christophe Maudoux
c00110ed01
Make manifest
2019-09-30 22:26:55 +02:00
Christophe Maudoux
b3791cc65b
Typo
2019-09-30 19:10:05 +02:00
Christophe Maudoux
b505d3a475
Typo
2019-09-30 19:10:05 +02:00
Maxime Besson
e9153957da
IDP selection phrasing
2019-09-30 18:55:09 +02:00
Maxime Besson
e693e5e649
Fix IDP selection rules ( #1961 )
2019-09-30 18:54:02 +02:00
Xavier
461cd51e45
Try to fix #1785 without breaking pdata
2019-09-29 23:04:17 +02:00
Christophe Maudoux
6df7412bcf
Fix log with Impersonation plugin ( #1664 )
2019-09-26 20:24:12 +02:00
Maxime Besson
5d5ac66a6e
Add Date: field to emails ( #1953 )
...
This adds a dependancy to Email::Date::Format, but it's already a
dependancy of Email::Sender::Simple (and probably more), so in practice
no new packages are going to be installed
2019-09-26 12:32:58 +02:00
Christophe Maudoux
5d9fc02205
Typo & logger
2019-09-20 22:47:48 +02:00
Christophe Maudoux
c34c6e646e
Append search parameters & improve unit test ( #1938 )
2019-09-19 22:51:10 +02:00
Clément OUDOT
dc0a8f7848
Add some log when user is authorized to access to service ( #1702 )
2019-09-19 16:52:08 +02:00
Clément OUDOT
dd76c4f3db
Improve log for CAS Issuer ( #1702 )
2019-09-19 16:18:51 +02:00
Clément OUDOT
e446e09a7f
Improve log ( #1702 )
2019-09-19 16:07:10 +02:00
Christophe Maudoux
84778604fd
Typo
2019-09-18 21:01:24 +02:00
Christophe Maudoux
2095fdf316
Improve log ( #1702 )
2019-09-18 19:59:35 +02:00
Christophe Maudoux
92c8e6791f
Typo ( #1702 )
2019-09-18 19:49:22 +02:00
Clément OUDOT
5512d38f81
Improve log on 2F unregistration ( #1702 )
2019-09-18 18:09:18 +02:00
Clément OUDOT
ce6f6c3977
Get login to use it in password force change form ( #1910 )
2019-09-18 15:55:13 +02:00
Maxime Besson
98f55fd384
Translate the error code displayed in debug logs
2019-09-17 20:17:57 +02:00
Christophe Maudoux
146aca7c82
Remove trailing whitespaces
2019-09-16 20:30:35 +02:00
Christophe Maudoux
fcf05c5602
Avoid warning
2019-09-16 17:22:35 +02:00
Maxime Besson
c94e2534a9
Send CORS headers when doing JSON responses too ( #1765 )
2019-09-16 16:55:15 +02:00
Maxime Besson
e281ad7cc3
Add support for CORS preflight ( #1765 )
2019-09-16 16:55:15 +02:00
Christophe Maudoux
9c01c46fea
Typo ( #1932 )
2019-09-14 23:37:50 +02:00
Christophe Maudoux
dd66f37739
Return httpSession id if exists ( #1932 )
2019-09-14 22:47:11 +02:00
Christophe Maudoux
5615d5b2a3
Append display Slave logo option ( #1936 )
2019-09-14 22:07:44 +02:00
Christophe Maudoux
ce4cdcee85
Don t display Slave module
2019-09-13 22:37:35 +02:00
Christophe Maudoux
9784e75ead
Check Slave credential headers ( #1935 )
2019-09-13 22:21:09 +02:00
Clément OUDOT
5c7905e342
Improve regexp ( #1891 )
2019-09-13 15:35:05 +02:00
Clément OUDOT
36a1f07786
Remove cancel parameter in CAS service value ( #1891 )
2019-09-13 15:17:51 +02:00
Xavier
e50e7d09d1
Update version of (really) modified files
2019-09-12 21:56:49 +02:00
Clément OUDOT
70d2856d71
Option to display password generation box ( #1928 )
2019-09-12 18:26:56 +02:00
Clément OUDOT
c75a74da5a
Display password form if password is refused ( #1930 )
2019-09-12 17:54:43 +02:00
Christophe Maudoux
4287c39f5b
typo
2019-09-11 16:20:28 +02:00
Christophe Maudoux
bb0b5814f7
Fix empty groups ( #1791 )
2019-09-11 16:18:35 +02:00
Christophe Maudoux
c1af9e49f7
WIP - Append extractFormInfo step & AuthChoiceParam for AuthChoice ( #1925 )
2019-09-09 23:23:52 +02:00
Christophe Maudoux
132f42d44c
Forbid browsers to store users password & Improve unit tests ( #1913 )
2019-09-08 19:28:28 +02:00
Maxime Besson
94877793d4
increase clock tolerance during rest secret check ( #1923 )
2019-09-06 17:45:51 +02:00
Maxime Besson
00e91f374b
Add specific error code when missing a required SAML attr ( #1919 )
...
The MISSINGREQATTR message is a good default value, but a site
administrator may decide to override it with a personnalized version
that only applies to issuer errors caused by an incomplete user profile
(for example, giving a pointer to the local user profile management
application)
2019-09-06 11:04:39 +02:00
Clément OUDOT
e54355ff9f
Use conf as HASH key ( #1619 )
2019-09-05 17:16:55 +02:00
Clément OUDOT
5b7bb4b9cd
Check error message from ITDS ( #1619 )
2019-09-05 17:14:44 +02:00
Clément OUDOT
17123d6196
Avoid plugin conflicts ( #993 )
2019-09-05 13:30:49 +02:00
Clément OUDOT
068ffbe604
Define portalDisplayPasswordPolicy parameter in Manager ( #993 )
2019-09-05 13:02:51 +02:00
Clément OUDOT
b44c13ba2f
Display password policy in password change form ( #993 )
2019-09-05 12:46:32 +02:00
Clément OUDOT
2f2f62ae1c
Check password quality in mail reset plugin ( #993 )
2019-09-05 12:02:51 +02:00
Clément OUDOT
3700a1b54c
Fix logger in Kerberos Auth init
2019-09-04 15:42:33 +02:00
Christophe Maudoux
3e9a424090
Update version ( #1916 )
2019-09-03 22:57:51 +02:00
Christophe Maudoux
56ed8a5724
Append issuersTimeout option ( #1916 )
2019-09-03 22:52:07 +02:00
Clément OUDOT
a2d3ae1d03
Local password policy: minimal digits ( #993 )
2019-09-03 19:08:19 +02:00
Clément OUDOT
28309dca9b
Merge branch 'v2.0' of gitlab.ow2.org:lemonldap-ng/lemonldap-ng into v2.0
2019-09-03 19:07:22 +02:00
Clément OUDOT
b52bbdb838
Local password policy: minimal upper characters ( #993 )
2019-09-03 18:45:35 +02:00
Maxime Besson
ff3d4e218c
doc: suggest a better fix for #1864
...
We can't do it yet because the issue isn't fixed in versions of Lasso
found in the wild. But someday it will be.
2019-09-03 18:13:13 +02:00
Clément OUDOT
ef3d6a26c4
Local password policy: minimal lower characters ( #993 )
2019-09-03 16:10:04 +02:00
Clément OUDOT
8998eb183e
Local password policy: minimal size ( #993 )
2019-09-03 14:30:22 +02:00
Clément OUDOT
82a06fce91
Pass skin parameter in 2F flows ( #1915 )
2019-09-03 11:56:48 +02:00
Clément OUDOT
fca831411b
Fix call to logger in REST authentication backend
2019-08-30 09:46:25 +02:00
Clément OUDOT
177f446f25
Display main logo in redirect page ( #1906 )
2019-08-29 19:29:27 +02:00
Maxime Besson
d61935ab6e
Implement introspection endpoint for access tokens ( #1843 )
2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5
Refactor endpoint auth
2019-08-29 18:57:26 +02:00
Xavier Guimard
ae6e69667a
Fix warning
2019-08-29 10:49:01 +02:00
Xavier Guimard
9379188000
Fix ^ ( #1903 )
2019-08-28 19:28:20 +02:00
Xavier Guimard
df4e7e7522
Generic fix for issues like #1903
2019-08-28 19:12:29 +02:00
Clément OUDOT
2145483be7
Pass extra args in Combination module ( #1903 )
2019-08-28 18:22:19 +02:00
Xavier Guimard
1660109e2f
Security: use 3-form for open
2019-08-28 11:32:54 +02:00
Xavier
1f2f0240f0
Love Perl ( #1863 )
...
TIMTOWTDI
2019-08-28 00:36:18 +02:00
Maxime Besson
810d2c7f94
Disable template cache to avoid translation issues in mail ( #1897 )
2019-08-27 23:13:36 +02:00
Maxime Besson
a04a376777
Make regular template variables available in mails
...
SKIN, PORTAL_URL, env_*, session_* are now available in email templates
Preliminary work for #1861
2019-08-27 23:13:36 +02:00
Xavier Guimard
48883dbe4e
More tests
2019-08-27 10:32:26 +02:00
Xavier Guimard
323d92fa1b
Don't load Data::Dumper unless debug
2019-08-27 10:10:11 +02:00
Clément OUDOT
796d1b12e6
Add _session_kind to default exported attributes ( #1896 )
2019-08-26 17:38:08 +02:00
Christophe Maudoux
ec59cc164c
Catch error earlier in process ( #1867 )
2019-08-24 23:26:42 +02:00
Xavier Guimard
0415370f2c
More REST debug
2019-08-22 15:17:51 +02:00
Clément OUDOT
e42e71b5e3
Use LinkedIn v2 API ( #1890 )
2019-08-22 14:51:24 +02:00
Christophe Maudoux
894b8be541
By pass first access ( #1867 )
2019-08-21 23:40:23 +02:00
Maxime Besson
661a007b4a
Check OIDC access token expiration ( #1879 )
2019-08-21 12:18:55 +02:00
Christophe Maudoux
b694b16a19
Avoid warning with Choice
2019-08-20 17:08:37 +02:00
Christophe Maudoux
8e9f4e513e
Improve combination with FaceBook & LinkedIn
2019-08-17 17:27:14 +02:00
Christophe Maudoux
5985e6d258
Fix REST service ( #1870 )
2019-08-17 17:11:28 +02:00
Xavier
097183f2b3
Fix warning
2019-08-16 09:10:10 +02:00
Christophe Maudoux
78a82dbee9
Override OTT conf. for Upgrade tokens ( #1884 )
2019-08-15 22:01:44 +02:00
Maxime Besson
2e9f57ab6f
Better default behavior for oidcServiceMetaDataIssuer ( #1882 )
2019-08-13 18:09:59 +02:00
Christophe Maudoux
7502e424e3
Revert "Concatenate pdata and lemon cookies in the same set-cookie header ( #1863 )"
...
This reverts commit c3a01c042c
2019-08-13 10:16:31 +02:00
Christophe Maudoux
c3a01c042c
Concatenate pdata and lemon cookies in the same set-cookie header ( #1863 )
2019-08-12 23:52:33 +02:00
Christophe Maudoux
3891c9caec
Fix log level & improve e2e ini file ( #1878 )
2019-08-12 22:20:22 +02:00
Christophe Maudoux
f8ef2797a8
Update manifest
2019-08-12 21:36:55 +02:00
Christophe Maudoux
d7cb8bf4b8
Force remove pdata cookie to avoid loop ( #1878 )
2019-08-12 21:29:08 +02:00
Christophe Maudoux
09158f0084
Return whatToTrace instead of uid & Fix + Append unit test ( #1664 )
2019-08-10 12:38:25 +02:00
Christophe Maudoux
52fa94bd55
Sort functions & append comments
2019-08-10 11:13:56 +02:00
Christophe Maudoux
bee0e675f3
Revert "Fix langs directory ( #1870 )"
...
This reverts commit b453647b26
.
2019-08-09 22:46:43 +02:00
Christophe Maudoux
b453647b26
Fix langs directory ( #1870 )
2019-08-09 22:11:05 +02:00
Maxime Besson
daa03a9a9c
OIDC: tie client_id to authorization code ( #1881 )
2019-08-09 13:54:53 +02:00
Christophe Maudoux
9dac92064c
Better fix & update unit tests ( #1861 )
2019-08-07 22:29:12 +02:00
Maxime Besson
9b24fd02e5
Log more detailed information about Kerberos failures
2019-08-07 19:35:35 +02:00
Christophe Maudoux
ce05b44172
Remove useless constants ( #1867 )
2019-08-06 22:42:17 +02:00