dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,374 Commits 3 Branches 0 Tags 75 MiB
b25470f818
Commit Graph

250 Commits

Author SHA1 Message Date
Clément OUDOT
a239091553 Load String::Random (#1963) 2019-10-01 14:49:41 +02:00
Xavier
461cd51e45 Try to fix #1785 without breaking pdata 2019-09-29 23:04:17 +02:00
Christophe Maudoux
5d9fc02205 Typo & logger 2019-09-20 22:47:48 +02:00
Clément OUDOT
dc0a8f7848 Add some log when user is authorized to access to service (#1702) 2019-09-19 16:52:08 +02:00
Clément OUDOT
dd76c4f3db Improve log for CAS Issuer (#1702) 2019-09-19 16:18:51 +02:00
Clément OUDOT
e446e09a7f Improve log (#1702) 2019-09-19 16:07:10 +02:00
Christophe Maudoux
92c8e6791f Typo (#1702) 2019-09-18 19:49:22 +02:00
Xavier
e50e7d09d1 Update version of (really) modified files 2019-09-12 21:56:49 +02:00
Maxime Besson
00e91f374b Add specific error code when missing a required SAML attr (#1919) 
The MISSINGREQATTR message is a good default value, but a site
administrator may decide to override it with a personnalized version
that only applies to issuer errors caused by an incomplete user profile
(for example, giving a pointer to the local user profile management
application)
 2019-09-06 11:04:39 +02:00
Maxime Besson
d61935ab6e Implement introspection endpoint for access tokens (#1843) 2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5 Refactor endpoint auth 2019-08-29 18:57:26 +02:00
Maxime Besson
661a007b4a Check OIDC access token expiration (#1879) 2019-08-21 12:18:55 +02:00
Maxime Besson
2e9f57ab6f Better default behavior for oidcServiceMetaDataIssuer (#1882) 2019-08-13 18:09:59 +02:00
Maxime Besson
daa03a9a9c OIDC: tie client_id to authorization code (#1881) 2019-08-09 13:54:53 +02:00
Clément OUDOT
4ee49de4c2 Adapt grant_types_supported attribute (#1846) 2019-07-25 19:06:53 +02:00
Clément OUDOT
c76dc52436 Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows (#1846) 2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44 Manage claims in ID token if no access token requested (#1846) 2019-07-08 15:15:13 +02:00
Clément OUDOT
1ebbde9a50 Tidy code and add missing check on hash_level (#1835) 2019-07-04 09:49:01 +02:00
Christophe Maudoux
161d6cee0f Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t) 2019-07-03 22:17:22 +02:00
Xavier Guimard
c1137edba8 make tidy with perltidy-20181120 2019-07-02 20:03:40 +02:00
Xavier
c921c295ed Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00
Xavier Guimard
264410409d Move CAS service verification from main to Issuer::CAS (#1795) 2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195 Check service= parameter on CAS logout (#1795) 
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.

In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.

If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
 2019-06-27 12:40:40 +02:00
Clément OUDOT
4e5c450b8b Return error if no code provided on token endpoint (#1802) 2019-06-14 16:05:39 +02:00
Xavier
a6aaf8a507 Add XSS test (#1795) 2019-06-11 21:30:15 +02:00
Xavier
1a8948894d Check CAS "service" parameter (Fixes: #1795) 2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa Fix CASv2 logout (#1753) 2019-06-11 16:18:15 +02:00
Xavier
db2ee96bc8 Update versions (#1777) 2019-05-28 22:04:45 +02:00
Xavier
82171e9a90 Fix missing $req in SLO responses (#1777) 2019-05-28 21:45:54 +02:00
Xavier
acd6ba50e8 Fix some missing $req (#1777) 2019-05-28 19:52:08 +02:00
Clément OUDOT
926262170b Implement PKCE in OIDC provider (#1722) 2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7 Create a configuration option to allow a Relying Party to be a public client 
Allow unauthenticated requests on OAuth2 token endoint

#1725
 2019-04-29 10:02:16 +02:00
Maxime Besson
2f9e6aa623 Allow override of username attribute for CAS apps 
Global CAS options allows the admistrator to set the session attribute
that gets exported to all CAS application as the main identifier
(cas:user)

This commit adds the ability to override this configuration for a
particular CAS application.

OIDC already allows this

Fixes #1713
 2019-04-28 21:06:34 +02:00
Maxime Besson
62f16721ff Send username when calling CAS1.0 validation 
Fixes #1724
 2019-04-28 19:29:54 +02:00
Clément OUDOT
8859fe342b Fix setHiddenFormValue (#1692) 2019-04-03 17:54:58 +02:00
Clément OUDOT
8be0817363 Send optional SAML attributes if they have a value (#1681) 2019-04-03 16:40:41 +02:00
Clément OUDOT
9a454fbb7a Manage SLO termination if there is no RelayState (#1671) 2019-04-03 12:26:01 +02:00
Clément OUDOT
a805a5a00b Manage SLO responses (#1671) 2019-04-02 17:27:47 +02:00
Clément OUDOT
4e76ee9582 Avoid warning during SAML SLO (#1671) 2019-04-02 16:13:45 +02:00
Clément OUDOT
5a30a82fa6 Add SLO Termination endpoint (#1671) 2019-04-01 18:02:38 +02:00
Clément OUDOT
39020e003e Fix server error on SAML SLO (#1671) 2019-03-26 17:15:01 +01:00
Clément OUDOT
d620ae2e8b Merge branch 'maxbes/lemonldap-ng-saml-issuer-entityid-override' into v2.0 2019-03-13 10:30:16 +01:00
Clément OUDOT
f6a3b527c8 Process SAML request to get current SP in env (#1672) 2019-03-12 16:52:01 +01:00
Maxime Besson
257d329151 Fix display of ok/nok image during multi-sp saml logout 2019-03-11 18:13:06 +01:00
Xavier Guimard
bc2bef4ff4 Please use our .perltidyrc 2019-03-07 18:22:58 +01:00
Maxime Besson
25d1c45fd4 Add new option to override EntityID when acting as IDP 2019-03-04 09:33:10 +01:00
Christophe Maudoux
0690a0c7ab Improve code (#1625) 2019-02-14 22:12:40 +01:00
Christophe Maudoux
29c4a44975 Update version (#1625) 2019-02-07 17:22:14 +01:00
Christophe Maudoux
8b995f55bf Restore OpenID activation global rule & Improve unit test (#1625) 2019-02-07 17:21:14 +01:00
Christophe Maudoux
b1048043e9 Restore GET activation global rule & Improve unit test (#1625) 2019-02-07 17:16:29 +01:00