Maxime Besson
daa03a9a9c
OIDC: tie client_id to authorization code ( #1881 )
2019-08-09 13:54:53 +02:00
Christophe Maudoux
499b16bd07
Merge branch 'v2.0'
2019-07-31 16:34:38 +02:00
Clément OUDOT
4ee49de4c2
Adapt grant_types_supported attribute ( #1846 )
2019-07-25 19:06:53 +02:00
Christophe Maudoux
b7c8d30b3f
Merge branch 'v2.0'
2019-07-10 12:16:43 +02:00
Clément OUDOT
c76dc52436
Adapt response_types_supported attribute in OpenID Connect metadata depending on configured flows ( #1846 )
2019-07-08 15:38:57 +02:00
Clément OUDOT
9b98893c44
Manage claims in ID token if no access token requested ( #1846 )
2019-07-08 15:15:13 +02:00
Clément OUDOT
1ebbde9a50
Tidy code and add missing check on hash_level ( #1835 )
2019-07-04 09:49:01 +02:00
Christophe Maudoux
161d6cee0f
Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t)
2019-07-03 22:17:22 +02:00
Xavier
3b7a70e0b7
Merge branch 'v2.0' (with new tidy)
2019-07-02 20:12:11 +02:00
Xavier Guimard
c1137edba8
make tidy with perltidy-20181120
2019-07-02 20:03:40 +02:00
Xavier
1718efe6d5
Merge branch 'v2.0'
2019-06-30 09:37:15 +02:00
Xavier
c921c295ed
Use user skin in loadTemplate ( Fixes : #1828 )
2019-06-28 13:40:56 +02:00
Xavier
1a1ccd7568
Merge branch 'crypto-improvements'
2019-06-27 22:03:05 +02:00
Xavier Guimard
264410409d
Move CAS service verification from main to Issuer::CAS ( #1795 )
2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195
Check service= parameter on CAS logout ( #1795 )
...
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.
In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.
If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
2019-06-27 12:40:40 +02:00
Xavier
d27e4bcc55
Merge branch 'v2.0'
2019-06-15 09:23:50 +02:00
Clément OUDOT
4e5c450b8b
Return error if no code provided on token endpoint ( #1802 )
2019-06-14 16:05:39 +02:00
Xavier
a2454ff4cc
Merge branch 'v2.0'
2019-06-12 21:44:39 +02:00
Xavier
a6aaf8a507
Add XSS test ( #1795 )
2019-06-11 21:30:15 +02:00
Xavier
1a8948894d
Check CAS "service" parameter ( Fixes : #1795 )
2019-06-11 21:02:43 +02:00
Maxime Besson
97d0bbf0aa
Fix CASv2 logout ( #1753 )
2019-06-11 16:18:15 +02:00
Xavier
f75093d433
Merge branch 'v2.0'
2019-05-28 22:12:50 +02:00
Xavier
db2ee96bc8
Update versions ( #1777 )
2019-05-28 22:04:45 +02:00
Xavier
82171e9a90
Fix missing $req in SLO responses ( #1777 )
2019-05-28 21:45:54 +02:00
Xavier
acd6ba50e8
Fix some missing $req ( #1777 )
2019-05-28 19:52:08 +02:00
Xavier
29b71569de
Merge branch 'v2.0'
2019-04-30 21:03:14 +02:00
Clément OUDOT
926262170b
Implement PKCE in OIDC provider ( #1722 )
2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7
Create a configuration option to allow a Relying Party to be a public client
...
Allow unauthenticated requests on OAuth2 token endoint
#1725
2019-04-29 10:02:16 +02:00
Maxime Besson
2f9e6aa623
Allow override of username attribute for CAS apps
...
Global CAS options allows the admistrator to set the session attribute
that gets exported to all CAS application as the main identifier
(cas:user)
This commit adds the ability to override this configuration for a
particular CAS application.
OIDC already allows this
Fixes #1713
2019-04-28 21:06:34 +02:00
Maxime Besson
62f16721ff
Send username when calling CAS1.0 validation
...
Fixes #1724
2019-04-28 19:29:54 +02:00
Xavier Guimard
01b5951b73
Merge branch 'v2.0'
2019-04-05 10:10:40 +02:00
Clément OUDOT
8859fe342b
Fix setHiddenFormValue ( #1692 )
2019-04-03 17:54:58 +02:00
Clément OUDOT
8be0817363
Send optional SAML attributes if they have a value ( #1681 )
2019-04-03 16:40:41 +02:00
Clément OUDOT
9a454fbb7a
Manage SLO termination if there is no RelayState ( #1671 )
2019-04-03 12:26:01 +02:00
Clément OUDOT
a805a5a00b
Manage SLO responses ( #1671 )
2019-04-02 17:27:47 +02:00
Clément OUDOT
4e76ee9582
Avoid warning during SAML SLO ( #1671 )
2019-04-02 16:13:45 +02:00
Xavier
4798683129
Merge branch 'v2.0'
2019-04-02 06:56:45 +02:00
Clément OUDOT
5a30a82fa6
Add SLO Termination endpoint ( #1671 )
2019-04-01 18:02:38 +02:00
Xavier Guimard
b40f292d8a
Merge branch 'v2.0'
2019-03-27 10:31:30 +01:00
Clément OUDOT
39020e003e
Fix server error on SAML SLO ( #1671 )
2019-03-26 17:15:01 +01:00
Xavier Guimard
8941ee4dd5
Merge branch 'v2.0'
2019-03-14 14:57:39 +01:00
Clément OUDOT
d620ae2e8b
Merge branch 'maxbes/lemonldap-ng-saml-issuer-entityid-override' into v2.0
2019-03-13 10:30:16 +01:00
Clément OUDOT
f6a3b527c8
Process SAML request to get current SP in env ( #1672 )
2019-03-12 16:52:01 +01:00
Maxime Besson
257d329151
Fix display of ok/nok image during multi-sp saml logout
2019-03-11 18:13:06 +01:00
Xavier Guimard
77301e70ca
Merge branch 'v2.0'
2019-03-07 22:29:34 +01:00
Xavier Guimard
bc2bef4ff4
Please use our .perltidyrc
2019-03-07 18:22:58 +01:00
Maxime Besson
25d1c45fd4
Add new option to override EntityID when acting as IDP
2019-03-04 09:33:10 +01:00
Clément OUDOT
59d163c663
Merge branch 'v2.0'
2019-02-28 08:52:48 +01:00
Christophe Maudoux
0690a0c7ab
Improve code ( #1625 )
2019-02-14 22:12:40 +01:00
Xavier Guimard
5862481956
Set master version to 2.1.0
2019-02-12 18:21:38 +01:00
Christophe Maudoux
29c4a44975
Update version ( #1625 )
2019-02-07 17:22:14 +01:00
Christophe Maudoux
8b995f55bf
Restore OpenID activation global rule & Improve unit test ( #1625 )
2019-02-07 17:21:14 +01:00
Christophe Maudoux
b1048043e9
Restore GET activation global rule & Improve unit test ( #1625 )
2019-02-07 17:16:29 +01:00
Xavier Guimard
c7b4eb5051
tidy with new conf
2019-02-07 09:27:56 +01:00
Christophe Maudoux
5055b18087
Restore OIDC activation global rule ( #1625 ) & Improve unit test
2019-02-06 23:10:10 +01:00
Christophe Maudoux
b36db9706e
Restore SAML activation global rule ( #1625 )
2019-02-06 22:55:23 +01:00
Christophe Maudoux
f8144bc108
Typo ( #1625 )
2019-02-06 22:54:15 +01:00
Christophe Maudoux
007a5432f9
Restore CAS activation global rule ( #1625 )
2019-02-06 22:16:34 +01:00
Clément OUDOT
1a2de167d1
Reject invalid OIDC scopes ( #1599 )
2018-12-21 14:32:01 +01:00
Xavier Guimard
11857d9f8a
make tidy
2018-11-26 14:40:21 +01:00
Christophe Maudoux
304216bd52
Improve code ( #1533 )
2018-10-30 19:42:54 +01:00
Christophe Maudoux
93d16407e6
Fix debug messages ( #1533 )
2018-10-29 23:25:19 +01:00
Christophe Maudoux
78423bf151
Update persistent session only if oidcConsents are converted ( #1533 )
2018-10-29 23:10:34 +01:00
Clément OUDOT
4038bbb798
Fix call to returnCasServiceValidateError
2018-10-29 08:10:01 +01:00
Clément OUDOT
0839c9e3fd
Clear pdata when redirecting in CAS gateway mode ( #1528 )
2018-10-29 07:45:57 +01:00
Clément OUDOT
7690a56843
Put simple values in buil_urlencoded args ( #1527 )
2018-10-19 11:29:11 +02:00
Clément OUDOT
5d0e0d9b60
Fix call to updatePersistentSession ( #1498 )
2018-09-04 17:58:32 +02:00
Xavier Guimard
62d5c7836c
make tidy
2018-09-02 17:31:58 +02:00
Christophe Maudoux
6799ca9281
WIP - Fix debug message ( #1480 )
2018-08-08 23:46:15 +02:00
Christophe Maudoux
45216d2ed8
WIP - Test ( #480 )
2018-08-08 23:20:52 +02:00
Christophe Maudoux
942499cd66
Fix comments typo
2018-07-26 20:54:19 +02:00
Christophe Maudoux
9464c47a13
Cleaning code + perltidy ( #1464 )
2018-07-20 20:19:27 +02:00
Christophe Maudoux
bcd876924c
Fix mistake ( #1464 )
2018-07-20 19:41:26 +02:00
Christophe Maudoux
9efe2f3161
Add debug info ( #1464 )
2018-07-20 19:33:23 +02:00
Christophe Maudoux
8ee066b706
Delete old consent ( #1464 )
2018-07-20 00:02:35 +02:00
Christophe Maudoux
9403990a8c
perltidy ( #1464 )
2018-07-19 23:38:44 +02:00
Christophe Maudoux
8eb1b8674c
Add OIDC Consents convert function ( #1464 )
2018-07-19 23:02:06 +02:00
Xavier Guimard
a5efca5388
Remove trailing whitespaces ( #1464 )
2018-07-19 07:55:55 +02:00
Christophe Maudoux
d269db6346
WIP - Delete revoked consents ( #1464 )
2018-07-17 21:36:51 +02:00
Christophe Maudoux
344c7a644f
WIP - Delete revoked consents ( #1464 )
2018-07-17 19:12:35 +02:00
Christophe Maudoux
da44a7c83e
perltidy ( #1464 )
2018-07-17 18:18:50 +02:00
Christophe Maudoux
e1917a59de
Delete revoked consents ( #1464 )
2018-07-17 18:15:17 +02:00
Christophe Maudoux
72920d1ede
Modify oidcConsents key structure ( #1464 ) - perltidy
2018-07-16 23:00:44 +02:00
Christophe Maudoux
eff2b66cf2
WIP - Modify oidcConsents key structure
2018-07-15 19:17:48 +02:00
Christophe Maudoux
8d5693dc1d
WIP - Modify oidcConsents key structure
2018-07-15 17:53:06 +02:00
Christophe Maudoux
814b571fa9
WIP - Modify oidcConsents key structure
2018-07-15 17:31:58 +02:00
Christophe Maudoux
d9607ae32c
WIP - Modify oidcConsents key structure
2018-07-15 16:10:27 +02:00
Xavier Guimard
0f7b3ca71d
make tidy
2018-07-05 23:00:40 +02:00
Xavier Guimard
b2620c2679
s/datas/data
...
datas => des données
data => les données
2018-07-05 22:56:16 +02:00
Xavier Guimard
b790270794
Fix issuers use of pdata ( #1461 )
2018-07-05 18:45:29 +02:00
Xavier Guimard
7ce1bd2d08
Trying to use pdata for issuers ( #1461 )
2018-07-04 22:54:09 +02:00
Xavier Guimard
b6154f1ba4
Add ssoMatch sub for OIDC ( #1468 )
2018-06-30 08:21:48 +02:00
Xavier Guimard
1cd5a706c9
Avoid session conflict between Issuer and Auth OIDC ( #1468 )
2018-06-30 07:51:22 +02:00
Xavier Guimard
a5cc73a54c
Avoid session conflict between Issuer and Auth CAS ( #1468 )
2018-06-30 07:44:05 +02:00
Xavier Guimard
33712dcf13
Set ignore system for issuers ( #1468 )
2018-06-29 14:31:43 +02:00
Xavier Guimard
e6ad687618
Change session key names between Auth and Issuer (SAML #1468 )
2018-06-29 06:50:31 +02:00
Xavier Guimard
8596b339e8
Use build_urlencoded everywhere ( #1461 )
2018-06-26 19:13:06 +02:00
Clément OUDOT
3ba56c41b5
Manage CAS gateway mode ( #1425 )
2018-06-25 10:10:22 +02:00
Clément OUDOT
808922a388
Store CAS app in ENV ( #1161 )
2018-06-23 10:18:55 +02:00
Xavier Guimard
5129647d04
Don't add RP if already connected ( #1431 )
2018-06-21 17:43:36 +02:00