Clément Oudot
495da0dde5
Check accepted scope in consent step ( #184 )
2015-03-11 13:53:58 +00:00
Clément Oudot
2d015ebdcd
Possibility to change backend for OIDC sessions ( #184 )
2015-03-11 11:39:20 +00:00
Clément Oudot
6f128235af
Set version 2.00 in the trunk
2015-03-11 09:05:04 +00:00
Clément Oudot
7a7bb1fbda
make tidy on all files
2015-03-10 15:07:33 +00:00
Clément Oudot
a31663cf38
Delete captcha session only when authentication process is finished ( #788 )
2015-03-09 16:44:19 +00:00
Xavier Guimard
53e41d145c
Auth modules must be set
2015-03-09 15:55:46 +00:00
Clément Oudot
ef4af6b3f2
ID Token signature configuration ( #184 )
2015-02-19 18:04:29 +00:00
Clément Oudot
d1d97d16c3
Set _utime in OIDC sessions ( #184 )
2015-02-19 15:17:49 +00:00
Clément Oudot
68607ca947
Implement UserInfo endpoint ( #184 )
2015-02-04 13:25:13 +00:00
Clément Oudot
968f0e065a
Check authentication on token endpoint ( #184 )
2015-02-02 09:44:33 +00:00
Clément Oudot
9f69f03b09
Store scope in access token session ( #184 )
2015-01-31 15:17:56 +00:00
Clément Oudot
31e0a1cfb5
Obtain user consent for OpenID Connect requested scope ( #184 )
2015-01-31 14:34:52 +00:00
Clément Oudot
3c3cc39d0c
Check sub of UserInfo JSON (references #183 )
2015-01-31 14:33:05 +00:00
Clément Oudot
e6ae3b9925
Restore hidden form values ( #184 )
2015-01-29 13:32:31 +00:00
Clément Oudot
0be124d3d7
Prevent reuse of authorization code ( #184 )
2015-01-28 16:53:06 +00:00
Clément Oudot
70281de82d
Add some debug logs ( #184 )
2015-01-28 13:41:10 +00:00
Clément Oudot
39b83ae46a
OpenIDConnect Service metadata parameters in Manager ( #184 )
2015-01-28 13:07:11 +00:00
Clément Oudot
2abb7fafde
Check that RP is registered ( #184 )
2015-01-23 13:06:54 +00:00
Clément Oudot
b82153ab17
Start implementation of OpenID Connect provider ( #184 )
2015-01-20 10:04:44 +00:00
David COUTADEUR
a82d36a794
Fix LEMONLDAP-784: https://jira.ow2.org/browse/LEMONLDAP-784
...
reset password in AD not working
2015-01-08 17:05:40 +00:00
Clément Oudot
7e74e27a3b
Autoselect OP if only one is configured ( #183 )
2014-12-15 14:58:42 +00:00
Clément Oudot
922b92bbbe
Configuration of OpenID Connect auth module and OP in Manager ( #183 )
2014-12-15 13:55:23 +00:00
Clément Oudot
18072723de
Compatibility with AuthChoice ( #183 )
2014-12-11 17:05:33 +00:00
Clément Oudot
8b7ad81ff5
Add first OpenID Connect RP parameters in Manager ( #183 )
2014-12-11 16:54:27 +00:00
Clément Oudot
0014e2cdaf
Invalidate CAS Service Ticket when it is used ( #775 )
2014-12-05 09:21:07 +00:00
Clément Oudot
8b1ea19725
Possibility to define a background image for portal skin ( #770 )
2014-12-02 14:51:23 +00:00
Clément Oudot
eea1fedd3c
Better look of OpenID Provider list ( #183 )
2014-12-01 17:07:55 +00:00
Clément Oudot
44c64ea606
Manage refresh of JWKS data ( #183 )
2014-12-01 10:27:47 +00:00
Clément Oudot
c5ad64e694
Try to fix build #491 ( #183 )
2014-11-24 08:39:16 +00:00
Clément Oudot
c09d2c4e00
Check ID Token validity ( #183 )
2014-11-22 08:53:17 +00:00
Clément Oudot
ee43c5010f
Check token response validity (references #183 )
2014-11-22 08:46:41 +00:00
Clément Oudot
c0b7af29b8
Support client_secret_basic and client_secret_post for token endpoint authentication (references #183 )
2014-11-21 17:15:47 +00:00
Clément Oudot
bc6920dd03
Check error in authn response ( #183 )
2014-11-21 10:32:35 +00:00
Clément Oudot
6ba3d9e44e
Manage exported vars per OP ( #183 )
2014-11-20 15:53:26 +00:00
Clément Oudot
687f0ed094
Change configuration format to allow to define several OP ( #183 )
2014-11-20 14:03:32 +00:00
Clément Oudot
74a7770fa4
Use extractJWT method ( #183 )
2014-11-20 09:11:55 +00:00
Clément Oudot
53aab6d3c0
Verify JWT signature for RS256/RS384/RS512 alg ( #183 )
2014-11-19 14:17:39 +00:00
Clément Oudot
ab1e318149
Add support for HS368 and HS512 JWT signature alg ( #183 )
...
Get OpenID configuration data from configuration URI (#183 )
2014-11-19 11:09:37 +00:00
Clément Oudot
5a09c04445
Add some log to JWT signature verification ( #183 )
2014-11-18 14:32:15 +00:00
Clément Oudot
27225cfe86
Option to check JWT Signature ( #183 )
2014-11-18 14:24:03 +00:00
Clément Oudot
2a33f67155
Verify JWT signature for HS256 alg ( #183 )
2014-11-17 18:09:55 +00:00
Clément Oudot
3cde211810
Save/restore state in OpenID Connect RP ( #183 )
2014-11-17 13:55:26 +00:00
Clément Oudot
c64f69a852
Use eval to decode JSON content ( #183 )
2014-11-14 16:53:56 +00:00
Clément Oudot
914fe20eb5
Create OpenIDConnect library ( #183 )
2014-11-14 16:18:50 +00:00
Clément Oudot
2ff2d0e01a
First version of OpenIDConnect RP module ( #183 )
2014-11-14 14:29:55 +00:00
Clément Oudot
5bb0f01de4
Manage vhost aliases in portal menu ( #755 )
2014-11-03 17:07:47 +00:00
Clément Oudot
2af54acd97
Do not call data on undefined session object ( #762 )
2014-10-27 11:19:25 +00:00
Clément Oudot
2a343dff84
Fix TODO by using autoRedirect ( #753 )
2014-08-21 12:22:10 +00:00
Clément Oudot
7e517cbdd0
Do not hardcode OpenID server path ( #753 )
2014-08-21 12:19:12 +00:00
Clément Oudot
df926b3429
Fix OpenID Issuer with new Net::OpenID::Server version ( #753 )
2014-08-21 11:49:56 +00:00
Clément Oudot
3b947a0bb3
Add portal in trusted hosts ( #752 )
2014-08-19 10:05:15 +00:00
Clément Oudot
f97f5c72e0
make tidy
2014-07-24 15:48:32 +00:00
Clément Oudot
e011600113
Show error from Common::Session module in logs ( #741 )
2014-07-24 15:37:12 +00:00
Clément Oudot
ee1918fe21
Keep default value in condition if no notOnOrAfter timeout configured ( #737 )
2014-07-21 10:48:36 +00:00
Clément Oudot
15835e1e02
Possibility to configure conditions notOnOrAfter ( #737 )
2014-07-21 10:46:01 +00:00
Clément Oudot
b4bda626de
Possibility to configure subjectConfirmation notOnOrAfter ( #737 )
2014-07-21 10:42:16 +00:00
Clément Oudot
757ac6f15d
Possibility to configure sessionNotOnOrAfter ( #737 )
2014-07-21 09:44:28 +00:00
Clément Oudot
9bc097dd21
Compatibility of SSL modules with SOAP getCookies ( #719 )
2014-07-15 13:41:27 +00:00
Clément Oudot
93cc4a9f70
Rebind as manager after password change in order to read groups ( #725 )
2014-07-09 13:56:58 +00:00
Clément Oudot
f21184a59c
Call authInit in MailReset to get the authentication choice ( #664 )
2014-06-25 12:58:15 +00:00
Clément Oudot
b72d79a30b
Better connection management ( #663 , #LEMONLDAP-664):
...
- Create userDBFinish, passwordDBFinish and registerDBFinish methods
- Call finish methods for each backend in process
- Call LDAP unbind only when necessary
- Unbind if error in RegisterDBLDAP
2014-06-25 11:53:09 +00:00
François-Xavier Deltombe
70ec1d03cb
Refactor LL::NG::Handler::Specific::AuthBasic ( #630 )
2014-06-25 10:01:17 +00:00
Clément Oudot
941c27631c
Disconnect from LDAP when error occurs, and enable cache management even with Multi backend ( #664 )
2014-06-23 12:45:27 +00:00
Clément Oudot
1b6655a431
Delete captcha session when check is done, and add captcha backend in purgeCentralCache script ( #703 )
2014-06-11 10:22:34 +00:00
Clément Oudot
473cd6c9dc
Use a session backend to manage captcha ( #703 )
2014-06-10 16:21:33 +00:00
Clément Oudot
dbfbde2e9f
make tidy
2014-06-08 10:04:50 +00:00
Clément Oudot
50b80020da
Port memory leak fix to 1.4 branch ( #708 )
2014-06-06 10:04:14 +00:00
Clément Oudot
d61cd6a6de
Make Register work with AuthChoice ( #26 )
2014-06-06 09:54:48 +00:00
Xavier Guimard
c96e281fee
Avoid potential circular references
2014-06-05 18:05:55 +00:00
Clément Oudot
f6cad5438c
Test if password was auto generated before displaying it in the mail ( #675 )
2014-06-03 08:13:24 +00:00
Clément Oudot
066f52caba
Fix use of ipAddr in Register ( #26 )
2014-06-02 13:56:20 +00:00
Clément Oudot
ba9fa72c1e
AD register module ( #26 )
2014-06-02 10:24:05 +00:00
Clément Oudot
9629d3a500
Fix login generation ( #26 )
2014-06-02 10:12:05 +00:00
Clément Oudot
a5b7cd030c
Register mail in LDAP ( #26 )
2014-06-02 10:08:32 +00:00
Clément Oudot
2e9033d28b
Add a button on login page to register page ( #26 )
2014-05-30 12:21:53 +00:00
Clément Oudot
524fab0b3a
RegisterDB LDAP is complete ( #26 )
2014-05-29 08:12:33 +00:00
Clément Oudot
9b10d96341
Fix unit tests after introducing RegisterDB ( #26 )
2014-05-29 07:38:50 +00:00
Clément Oudot
81dbe943c3
Introduce RegisterDB modules ( #26 )
2014-05-28 16:23:23 +00:00
Clément Oudot
2fe20b1248
Isolate register info in ->{registerInfo} ( #26 )
2014-05-28 15:41:32 +00:00
Clément Oudot
be04271809
Work on Register feature ( #26 )
2014-05-27 16:31:43 +00:00
Clément Oudot
66c93ec387
Manage already existing accounts in Register ( #26 )
2014-05-27 13:42:00 +00:00
Clément Oudot
57182767f4
Some error codes for Register ( #26 )
2014-05-26 16:25:33 +00:00
Clément Oudot
5ce762e9e3
Work on Register page ( #26 )
2014-05-23 18:47:36 +00:00
Clément Oudot
0f963e0b2a
Remove default value from MailReset (LEMONLDAP-686)
2014-05-23 18:44:20 +00:00
Clément Oudot
233026eb6f
Fix password change as user for AD ( #704 )
2014-05-21 12:43:04 +00:00
Clément Oudot
9d6a947499
Specific behaviour for AD password change if it's done as user ( #407 )
2014-05-14 09:43:10 +00:00
Clément Oudot
d28a7bb217
Update versions to 1.4.0
2014-04-17 15:20:28 +00:00
Clément Oudot
1cfdd9fb6e
Use new Session module in SAML authentication ( #671 , #LEMONLDAP-700)
2014-04-17 10:24:31 +00:00
Clément Oudot
e056a0427a
Use new Session module in SAML Issuer ( #671 , #LEMONLDAP-700)
2014-04-17 10:16:33 +00:00
Clément Oudot
929c704343
Use new Session module in CAS Issuer ( #671 )
2014-04-16 15:19:59 +00:00
Clément Oudot
76c1ba75b9
Use new Session module in Remote ( #671 )
2014-04-15 16:09:56 +00:00
Clément Oudot
00bf404a0a
Use new Session module in AuthGoogle ( #671 )
2014-04-15 15:34:21 +00:00
Clément Oudot
a232f149fa
Optimize session update in sub store ( #671 , #LEMONLDAP-673)
2014-02-26 17:10:39 +00:00
Clément Oudot
900008c942
Use the new Common::Session module in portal for SSO sessions ( #671 , #LEMONLDAP-673)
2014-02-26 10:57:49 +00:00
Clément Oudot
c1cb7316d1
Create a Store object for Common::Apache::Session in order to manage cache directly ( #671 )
2014-02-21 16:38:57 +00:00
Clément Oudot
ab4dfe1100
Manage exported variables for OpenID ( #636 )
2014-02-19 15:10:21 +00:00
Clément Oudot
68dda1b256
Manage exported variables for Facebook ( #636 )
2014-02-19 14:57:47 +00:00
Clément Oudot
9f170b9767
Manage exportedVars the same way in all modules ( #636 )
2014-02-19 14:35:59 +00:00
Clément Oudot
580d88cbc7
Manage exported variables for Google ( #636 )
2014-02-19 13:56:35 +00:00
Clément Oudot
49bae05c40
Manage exported variables for Slave ( #636 )
2014-02-18 16:52:31 +00:00
Clément Oudot
c4f277c8c8
Manage exported variables for WebID ( #636 )
2014-02-18 16:34:08 +00:00
Clément Oudot
7b9a5b1887
Use ldapExportedVars in AuthAD ( #636 )
2014-02-18 16:05:39 +00:00
Clément Oudot
cb67ac1e61
Manage exported variables for DBI ( #636 )
2014-02-18 15:17:09 +00:00
Clément Oudot
cb6df779be
Manage exported variables for LDAP ( #636 )
2014-02-18 14:53:07 +00:00
Clément Oudot
18b337723d
Default values for Portal all managed in Common ( #686 )
2014-02-14 09:00:12 +00:00
Clément Oudot
2630d09d72
Work on default values for Portal ( #686 )
2014-02-14 08:26:25 +00:00
Clément Oudot
f7bcf5b711
Manage exported variables for Demo backend ( #636 )
2014-02-11 17:15:05 +00:00
Clément Oudot
2ee3f6d5a6
Possibility to force session key use to fill NameID ( #657 )
2014-02-10 09:14:06 +00:00
Clément Oudot
40513f75d9
Add an option to enable IDP initiated SSO for a SP ( #208 )
2014-02-09 21:32:11 +00:00
Clément Oudot
3f7bb4b9d2
IDP Initiated ( #208 ):
...
* Fix IDP initiated workflow when the user is not connected
* Possibility to use spConfKey in URL
2014-02-07 22:28:45 +00:00
Clément Oudot
c4b207b73a
Possibility to set ping interval in portal ( #658 )
2014-02-07 10:17:45 +00:00
Clément Oudot
41b327e78a
Bootstrap is now the default theme ( #670 )
2014-02-05 16:39:40 +00:00
François-Xavier Deltombe
45ef54dccc
Get CDA working in http with "double cookie for single session" (Lemonldap-680)
2014-01-31 14:11:39 +00:00
Clément Oudot
23627081c8
Specific query string method to be compatible with buggy ADFS URL encoding ( #677 )
2014-01-29 15:48:44 +00:00
Clément Oudot
c9c483b04b
make tidy
2014-01-17 22:42:21 +00:00
Clément Oudot
71d9ad4f59
Use userControl and not XSS check to validate username ( #666 )
2014-01-17 22:32:18 +00:00
Clément Oudot
fc61240345
Display ppolicy info messsages only if authentication is valid ( #669 )
2014-01-17 22:24:11 +00:00
Clément Oudot
6fd8f5cb49
Manage encrypt scheme in DBI password backend ( #654 )
2013-12-20 16:46:09 +00:00
Clément Oudot
8ed6bdfdeb
Fix use of check_password in DBI backend ( #655 )
2013-12-09 17:03:50 +00:00
Clément Oudot
122836e820
remote provider ID is available only after request parsing ( #208 )
2013-11-26 14:35:58 +00:00
Clément Oudot
db5b4e8a95
Possibility to use IDP initiated mode in SAML IDP module ( #208 )
2013-11-25 17:04:39 +00:00
Clément Oudot
7087b63614
Do not check captcha if mail session already exist ( #644 )
2013-11-07 14:02:06 +00:00
Clément Oudot
bf3cf444fb
Special workaround in AuthChoice for captcha ( #645 )
2013-11-06 16:33:26 +00:00
Clément Oudot
fb82ce9522
Call initCaptcha at the right time ( #643 )
2013-11-06 15:56:52 +00:00
Clément Oudot
f38607a763
Allow to use idpName parameter to select IDP ( #641 )
2013-11-05 11:12:36 +00:00
Clément Oudot
9732aa4c24
Fix module version (failure in PAUSE indexer after 1.3.0 publication in CPAN) - origin commit: r2593
2013-11-02 18:12:02 +00:00
Clément Oudot
6649edf9a9
Fix some portal items after jQuery migration ( #604 )
2013-10-28 17:32:41 +00:00
Xavier Guimard
d45d26abad
Very strange utf8 bug using FCGI solved by this hook
2013-10-24 19:06:47 +00:00
Clément Oudot
ce581e75e9
Add a specific timeout parameter for SAML RelayState sessions ( #524 )
2013-10-24 12:35:58 +00:00
Xavier Guimard
2e7fe44098
Some cosmetics changes
2013-10-22 16:48:02 +00:00
Clément Oudot
3106100c5d
Possibility to autoconfigure LDAP notification backend from LDAP configuration backend ( #457 )
2013-10-22 16:26:20 +00:00
Xavier Guimard
fdb545ca69
Add "useLocalConf" parameter for the portal to increase performances
...
Closes : #628
2013-10-22 12:02:44 +00:00
Xavier Guimard
e174ff4732
FastCGI portal
2013-10-21 21:24:03 +00:00
Xavier Guimard
1fc09658d8
Missing constants in @EXPORT
2013-10-21 18:55:48 +00:00
Xavier Guimard
0829a57f2e
Use UTF-8 encoding in all Perl files
2013-10-19 16:34:20 +00:00
Xavier Guimard
a9c201476f
Correct bug introduced by r2981, authenticate() must not call AuthSSL::authenticate()
2013-10-18 04:44:11 +00:00
Xavier Guimard
2b5de50614
Modify r2981 changes: now authenticate() launch extractFormInfo() if auth isn't done
2013-10-18 04:42:56 +00:00
Xavier Guimard
f29d3b563e
s/utf8/utf-8/ in HTTP headers
...
Closes : #626
2013-10-17 19:21:45 +00:00
Clément Oudot
b8d4429843
Sub getDisplayType must be in the module to work with AuthChoice ( #623 )
2013-10-14 13:10:22 +00:00
Xavier Guimard
954a9fe5d5
Modify authenticate() to be sure that SSL authentication has been done
...
See: http://mail.ow2.org/wws/arc/lemonldap-ng-dev/2013-10/msg00018.html
2013-10-14 09:46:07 +00:00
Xavier Guimard
316589f044
Remove "experimental module" comment
2013-10-13 13:48:44 +00:00
Xavier Guimard
61e68ae5d8
UserDBWebID seems to be finished
2013-10-13 12:33:24 +00:00
Xavier Guimard
d7b33f9e8f
AuthWebID seems to be ready...
2013-10-13 12:15:54 +00:00
Xavier Guimard
ffda037c52
Use user* methods instead of lmLog for user actions (can be put in syslog)
2013-10-13 12:15:01 +00:00
Xavier Guimard
01ae2b697d
Split tests: certificate can exist without having wanted attribute
2013-10-13 12:13:48 +00:00
Xavier Guimard
f349e998a0
Add POD
2013-10-13 06:44:56 +00:00
Xavier Guimard
8873d7ee23
WebID in progress (host white list, more checks,...)
2013-10-13 06:42:28 +00:00
Xavier Guimard
68ee3ec21a
UserDBWebID skeleton
2013-10-13 06:40:45 +00:00
Xavier Guimard
5c1973d225
AuthWebID skeleton
2013-10-12 11:45:55 +00:00
Xavier Guimard
da41295b76
More comments
2013-10-11 18:59:18 +00:00