Christophe Maudoux
ea8b0bb024
Highlight error message ( #2126 & #1625 )
2020-03-28 18:12:34 +01:00
Christophe Maudoux
68e2e81898
Fix warning if error is undefined ( #2126 & #1625 )
2020-03-28 17:59:37 +01:00
Xavier Montagutelli
9c0e09f89d
Update OpenIDConnect.pm - Correct typo staticPrefi*x*
2020-03-26 16:48:31 +01:00
Maxime Besson
34928123f3
OIDC refactoring
...
split token method by response type
factor ID token generation between implicit and hybrid flows
still a lot to do!
2020-03-18 21:14:54 +01:00
Maxime Besson
4ae628bfcd
Avoid generatin a bogus ID token when generation fails ( #2105 )
2020-02-24 16:28:41 +01:00
Xavier Guimard
a76cba3856
Update versions
2020-02-20 23:37:01 +01:00
Maxime Besson
5758e371bf
Improve introspection endpoint ( #2096 )
2020-02-19 21:49:51 +01:00
Maxime Besson
68be974e51
Add option to compute userdb groups before macros ( #1877 )
2020-02-05 15:39:45 +01:00
Maxime Besson
3b48746948
SAML: Hide error in storeEnv ( #2084 )
2020-02-03 17:08:18 +01:00
Clément OUDOT
681452524d
Associate SAML access rule to SP conf key and not SP entityID ( #2074 )
2020-01-24 09:01:56 +01:00
Christophe Maudoux
1988983c90
Typo
2019-12-31 17:14:44 +01:00
Clément OUDOT
f5c2b81051
Possibility to add extra claims and extra vars in OIDC register ( #2003 )
2019-12-21 12:08:48 +01:00
Maxime Besson
f7f526b825
Fix #1882 in refresh token code
2019-12-17 10:59:45 +01:00
Maxime Besson
a410793122
CAS per-service macros portal code ( #2042 )
2019-12-16 17:26:35 +01:00
Maxime Besson
2a15bb0523
SAML per-service macros portal code ( #2042 )
2019-12-16 17:26:34 +01:00
Maxime Besson
32ecf37be4
OIDC per-service macros portal code ( #2042 )
2019-12-16 17:26:34 +01:00
Maxime Besson
75559bfb15
Fix TTL of offline session ( #813 )
2019-11-27 12:12:47 +01:00
Maxime Besson
2639c482b1
Fix cookie removal on SAML logout ( #2001 )
...
Since the fixes for #1863 , calling p->do consumes the response headers
set by any previous code. So we must only call do() in a return statement.
2019-11-06 18:44:10 +01:00
Maxime Besson
713737c11f
Add an option to return claims in ID token
2019-11-04 18:27:28 +01:00
Maxime Besson
68704955d2
Apply suggestion to lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
2019-11-04 10:47:35 +01:00
Maxime Besson
a386a7502a
Allow refresh tokens to be emitted for regular sessions ( #813 )
2019-11-04 10:44:54 +01:00
Maxime Besson
ea2365cc98
Implement OIDC Offline sessions through refresh tokens ( #813 )
2019-11-04 10:44:54 +01:00
Clément OUDOT
a239091553
Load String::Random ( #1963 )
2019-10-01 14:49:41 +02:00
Xavier
461cd51e45
Try to fix #1785 without breaking pdata
2019-09-29 23:04:17 +02:00
Christophe Maudoux
5d9fc02205
Typo & logger
2019-09-20 22:47:48 +02:00
Clément OUDOT
dc0a8f7848
Add some log when user is authorized to access to service ( #1702 )
2019-09-19 16:52:08 +02:00
Clément OUDOT
dd76c4f3db
Improve log for CAS Issuer ( #1702 )
2019-09-19 16:18:51 +02:00
Clément OUDOT
e446e09a7f
Improve log ( #1702 )
2019-09-19 16:07:10 +02:00
Christophe Maudoux
92c8e6791f
Typo ( #1702 )
2019-09-18 19:49:22 +02:00
Xavier
e50e7d09d1
Update version of (really) modified files
2019-09-12 21:56:49 +02:00
Maxime Besson
00e91f374b
Add specific error code when missing a required SAML attr ( #1919 )
...
The MISSINGREQATTR message is a good default value, but a site
administrator may decide to override it with a personnalized version
that only applies to issuer errors caused by an incomplete user profile
(for example, giving a pointer to the local user profile management
application)
2019-09-06 11:04:39 +02:00
Maxime Besson
d61935ab6e
Implement introspection endpoint for access tokens ( #1843 )
2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5
Refactor endpoint auth
2019-08-29 18:57:26 +02:00
Maxime Besson
661a007b4a
Check OIDC access token expiration ( #1879 )
2019-08-21 12:18:55 +02:00
Maxime Besson
2e9f57ab6f
Better default behavior for oidcServiceMetaDataIssuer ( #1882 )
2019-08-13 18:09:59 +02:00
Maxime Besson
daa03a9a9c
OIDC: tie client_id to authorization code ( #1881 )
2019-08-09 13:54:53 +02:00
Clément OUDOT
4ee49de4c2
Adapt grant_types_supported attribute ( #1846 )
2019-07-25 19:06:53 +02:00
Clément OUDOT
c76dc52436
Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows ( #1846 )
2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44
Manage claims in ID token if no access token requested ( #1846 )
2019-07-08 15:15:13 +02:00
Clément OUDOT
1ebbde9a50
Tidy code and add missing check on hash_level ( #1835 )
2019-07-04 09:49:01 +02:00
Christophe Maudoux
161d6cee0f
Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t)
2019-07-03 22:17:22 +02:00
Xavier Guimard
c1137edba8
make tidy with perltidy-20181120
2019-07-02 20:03:40 +02:00
Xavier
c921c295ed
Use user skin in loadTemplate ( Fixes : #1828 )
2019-06-28 13:40:56 +02:00
Xavier Guimard
264410409d
Move CAS service verification from main to Issuer::CAS ( #1795 )
2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195
Check service= parameter on CAS logout ( #1795 )
...
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.
In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.
If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
2019-06-27 12:40:40 +02:00
Clément OUDOT
4e5c450b8b
Return error if no code provided on token endpoint ( #1802 )
2019-06-14 16:05:39 +02:00
Xavier
a6aaf8a507
Add XSS test ( #1795 )
2019-06-11 21:30:15 +02:00
Xavier
1a8948894d
Check CAS "service" parameter ( Fixes : #1795 )
2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa
Fix CASv2 logout ( #1753 )
2019-06-11 16:18:15 +02:00
Xavier
db2ee96bc8
Update versions ( #1777 )
2019-05-28 22:04:45 +02:00