dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,780 Commits 3 Branches 0 Tags 75 MiB
e567eeb6db
Commit Graph

560 Commits

Author SHA1 Message Date
Maxime Besson
d31a14c303 Avoid accidentally creating an empty session (#2262) 2020-09-09 12:05:09 +02:00
Maxime Besson
683b5a7861 Resume logout when returning from Auth::SAML IDP (#2262) 2020-09-08 15:47:58 +02:00
Maxime Besson
3771ead3db Make LDAP auth/userdb/pass modules use ldapVerify (#2250) 2020-09-05 12:21:37 +02:00
Xavier Guimard
c8df084247 Update versions 2020-09-04 17:59:00 +02:00
Maxime Besson
ffb7c7430d Fix encoding workaround in recursive group search (#2306) 2020-09-03 15:59:18 +02:00
Christophe Maudoux
779fd983e5 Typo (#2302) 2020-08-28 21:56:54 +02:00
Maxime Besson
52c6edb453 Lookup oidcRPMetaDataOptionsUserIDAttr in per-RP macros (#2280) 2020-08-17 22:06:09 +02:00
Maxime Besson
b2a2575896 Fix incorrect SOAP content type in SAML issuer (#2263) 2020-08-10 15:06:00 +02:00
Maxime Besson
a96820d6f6 Set secure flag when removing cookie (#2272) 2020-08-10 12:10:33 +02:00
dcoutadeur
0045daa592 fix increase log level for mail sending and password reset (#2265) 2020-07-28 15:04:55 +02:00
Clément OUDOT
d1418952eb Convert mutli-valued attributes into arrays for OIDC UserInfo (#2256) 2020-07-16 20:19:41 +02:00
Clément OUDOT
c5db3bc8bd Add country to address claim (#2257) 2020-07-16 19:58:53 +02:00
Baptiste Pecatte
5fbf7ae533 Remove useless variable 2020-07-05 13:11:28 +02:00
Baptiste Pecatte
2816bed66e Add host to logs for use with fail2ban 2020-07-05 13:11:28 +02:00
Christophe Maudoux
bb9e03d1e5 Tidy 2020-05-24 00:04:33 +02:00
Christophe Maudoux
a7a0f25321 Update function signature and params list 2020-04-28 18:24:55 +02:00
Christophe Maudoux
591f953d5e Merge branch 'v2.0' into 2178-new 2020-04-28 18:20:49 +02:00
Clément OUDOT
9cd079e8fe Manage multi valued attributes in CAS authentication module (#2118) 2020-04-28 12:44:16 +02:00
Christophe Maudoux
a52c8f53b0 Use rule (#2178) 2020-04-27 22:12:12 +02:00
Maxime Besson
a3821fc560 Implement additional audiences in ID token (#2177) 2020-04-24 11:10:44 +02:00
Maxime Besson
a217590869 Tidy OIDC 2020-04-22 21:25:56 +02:00
Xavier Guimard
faadd4fc52 DBI: verify parameters during init (Fixes: #2161) 2020-04-21 07:55:07 +02:00
Maxime Besson
55f3ca0e77 Improve error reporting for SAML replay protection 2020-04-18 19:54:02 +02:00
Maxime Besson
e9bab71585 Make sure restCall returns a hashref (#2125) 2020-03-26 11:31:33 +01:00
Maxime Besson
168dc75f96 OIDC: return id_token in hybrid flow (#2120) 2020-03-18 21:05:39 +01:00
Clément OUDOT
4c36c77452 Set default value for encryption_mode (#2117) 2020-03-12 17:00:50 +01:00
Clément OUDOT
921cf16fcf Format parameters for trspan (#2113) 2020-03-10 11:28:04 +01:00
Clément OUDOT
7c947ab976 Use the correct message for ppolicy time before expiration (#2113) 2020-03-10 11:16:43 +01:00
Clément OUDOT
f830fc4d8a Add some debug logs for ppolicy (#2113) 2020-03-10 10:50:02 +01:00
Christophe Maudoux
824acec27f Improve log (#2071) 2020-03-03 22:25:30 +01:00
Xavier Guimard
4459a47f76 Tidy 2020-02-20 23:37:05 +01:00
Xavier Guimard
a76cba3856 Update versions 2020-02-20 23:37:01 +01:00
Xavier Guimard
22c1f7270c Add feature to override SOAP Proxy URN (#2100) 2020-02-20 21:49:55 +01:00
Christophe Maudoux
a0ef149b5f Fix userData (#2071) 2020-02-12 22:50:08 +01:00
Christophe Maudoux
99c539fe53 Use a var & Update version (#2071) 2020-02-10 22:35:37 +01:00
Christophe Maudoux
2f04ffcc4a WIP - Notifications explorer (#2071) 2020-02-09 17:47:25 +01:00
Maxime Besson
3b48746948 SAML: Hide error in storeEnv (#2084) 2020-02-03 17:08:18 +01:00
Maxime Besson
e52f6d3ba7 Increase visibility of Lasso errors (#2084) 2020-02-03 17:08:18 +01:00
Clément OUDOT
681452524d Associate SAML access rule to SP conf key and not SP entityID (#2074) 2020-01-24 09:01:56 +01:00
Christophe Maudoux
39f93b0eb0 Retrieve all notifications & Improve unit test (#2012) 2019-12-19 20:52:34 +01:00
Clément OUDOT
ae0d455e7f Use base64 URL to decode JWT (#2045) 2019-12-19 17:31:02 +01:00
Maxime Besson
a410793122 CAS per-service macros portal code (#2042) 2019-12-16 17:26:35 +01:00
Maxime Besson
2a15bb0523 SAML per-service macros portal code (#2042) 2019-12-16 17:26:34 +01:00
Maxime Besson
32ecf37be4 OIDC per-service macros portal code (#2042) 2019-12-16 17:26:34 +01:00
Christophe Maudoux
6f2e5c1811 Typo 2019-11-25 22:48:12 +01:00
Christophe Maudoux
a54a8228b4 Check only active notifications & Improve unit test - XML format (#2012) 2019-11-25 11:55:19 +01:00
Christophe Maudoux
80f19e4e71 Check only active notifications & Improve unit test - JSON format (#2012) 2019-11-25 11:51:08 +01:00
Christophe Maudoux
60ef07bcd6 Check notifications date (#2012) 2019-11-22 21:08:28 +01:00
Maxime Besson
e130c6160b Validate LDAP connections in getUser (#2018) 2019-11-20 20:57:33 +01:00
Christophe Maudoux
e20555623e Append defaulCondition option (#2012) 2019-11-18 17:34:56 +01:00
Christophe Maudoux
ea3337574c Append conf manager test (#2012) 2019-11-17 22:36:52 +01:00
Christophe Maudoux
d935753eaf Append to JSON format condition check & improve unit test (#2012) 2019-11-17 22:25:06 +01:00
Christophe Maudoux
c548a4d03e Typo 2019-11-17 22:23:12 +01:00
Christophe Maudoux
632f731774 Allow non array ref with single checkbox and split notification body (#2012) 2019-11-15 21:03:18 +01:00
Maxime Besson
57b28940fa Do not show password change prompt when AD password is incorrect (#2007) 2019-11-15 11:59:03 +01:00
Maxime Besson
2639c482b1 Fix cookie removal on SAML logout (#2001) 
Since the fixes for #1863, calling p->do consumes the response headers
set by any previous code. So we must only call do() in a return statement.
 2019-11-06 18:44:10 +01:00
Maxime Besson
7bdd33eb46 Fix token ID format (#1998) 2019-11-06 11:45:47 +01:00
Maxime Besson
713737c11f Add an option to return claims in ID token 2019-11-04 18:27:28 +01:00
Maxime Besson
b34a229eda Add doc for buildUserInfoResponseFromId 2019-11-04 10:47:35 +01:00
Maxime Besson
a386a7502a Allow refresh tokens to be emitted for regular sessions (#813) 2019-11-04 10:44:54 +01:00
Maxime Besson
ea2365cc98 Implement OIDC Offline sessions through refresh tokens (#813) 2019-11-04 10:44:54 +01:00
Maxime Besson
474bb48aa1 Make Password::LDAP/AD check connection before use (#1909) 
Also remove a mostly redundant wrapper method in Auth::LDAP
 2019-10-01 19:17:31 +02:00
Maxime Besson
fa49e77495 Better logs in case of a LDAP error 2019-10-01 15:14:51 +02:00
Maxime Besson
5d5ac66a6e Add Date: field to emails (#1953) 
This adds a dependancy to Email::Date::Format, but it's already a
dependancy of Email::Sender::Simple (and probably more), so in practice
no new packages are going to be installed
 2019-09-26 12:32:58 +02:00
Christophe Maudoux
146aca7c82 Remove trailing whitespaces 2019-09-16 20:30:35 +02:00
Christophe Maudoux
fcf05c5602 Avoid warning 2019-09-16 17:22:35 +02:00
Christophe Maudoux
9784e75ead Check Slave credential headers (#1935) 2019-09-13 22:21:09 +02:00
Xavier
e50e7d09d1 Update version of (really) modified files 2019-09-12 21:56:49 +02:00
Clément OUDOT
e54355ff9f Use conf as HASH key (#1619) 2019-09-05 17:16:55 +02:00
Clément OUDOT
5b7bb4b9cd Check error message from ITDS (#1619) 2019-09-05 17:14:44 +02:00
Maxime Besson
ff3d4e218c doc: suggest a better fix for #1864 
We can't do it yet because the issue isn't fixed in versions of Lasso
found in the wild. But someday it will be.
 2019-09-03 18:13:13 +02:00
Maxime Besson
d61935ab6e Implement introspection endpoint for access tokens (#1843) 2019-08-29 19:10:51 +02:00
Maxime Besson
fd7453b7a5 Refactor endpoint auth 2019-08-29 18:57:26 +02:00
Xavier Guimard
1660109e2f Security: use 3-form for open 2019-08-28 11:32:54 +02:00
Maxime Besson
810d2c7f94 Disable template cache to avoid translation issues in mail (#1897) 2019-08-27 23:13:36 +02:00
Maxime Besson
a04a376777 Make regular template variables available in mails 
SKIN, PORTAL_URL, env_*, session_* are now available in email templates

Preliminary work for #1861
 2019-08-27 23:13:36 +02:00
Xavier Guimard
323d92fa1b Don't load Data::Dumper unless debug 2019-08-27 10:10:11 +02:00
Xavier Guimard
0415370f2c More REST debug 2019-08-22 15:17:51 +02:00
Maxime Besson
661a007b4a Check OIDC access token expiration (#1879) 2019-08-21 12:18:55 +02:00
Christophe Maudoux
78a82dbee9 Override OTT conf. for Upgrade tokens (#1884) 2019-08-15 22:01:44 +02:00
Christophe Maudoux
9dac92064c Better fix & update unit tests (#1861) 2019-08-07 22:29:12 +02:00
Christophe Maudoux
7aad470586 Delete pdata cookie after XML notif validation & Improve unit test (#1861) 2019-08-06 22:29:48 +02:00
Christophe Maudoux
c630a90064 Delete pdata cookie after notif validation & Improve unit test (#1861) 2019-08-06 22:25:09 +02:00
Xavier
ea713a3169 Avoid conflict in $req->data between DBI and LDAP 
Closes: #1875
 2019-08-06 21:54:41 +02:00
Maxime Besson
68c8be333a Fix translation override in mails 2019-08-02 17:45:03 +02:00
Maxime Besson
c9dba5212e HTML-decode entityID from metadata (#1864) 2019-07-25 18:29:46 +02:00
Christophe Maudoux
3d6a7bd843 Sort notifications: JSON format (#1862) 2019-07-25 12:42:58 +02:00
Christophe Maudoux
bf5fe2246d Send specified parameters (#1851) 2019-07-25 12:00:37 +02:00
Christophe Maudoux
11f2d0f34a Improve notifications REST API & unit test (#1851) 2019-07-23 15:54:53 +02:00
Christophe Maudoux
fb7a222c9d Append notifications REST API (#1851) 2019-07-22 15:39:59 +02:00
Christophe Maudoux
81aa2fb37b Improve test-lib & unit test (#1851) 2019-07-21 23:23:20 +02:00
Christophe Maudoux
3972861ba4 WIP - Improve unit test & need to fix list notifications feature!!! (#1851) 2019-07-21 22:47:48 +02:00
Clément OUDOT
f15e8bd108 Possibility to list notifications (#1851) 2019-07-21 20:47:16 +02:00
Christophe Maudoux
ca7ebe09f7 WIP - REST service to remove notification (#1851) 2019-07-20 22:25:03 +02:00
Christophe Maudoux
21c1d83df3 Typo 2019-07-20 13:28:48 +02:00
Christophe Maudoux
4eecd90230 Typo (#1857) 2019-07-17 12:20:30 +02:00
Christophe Maudoux
b99b76e2d6 Improve code (#1857) 2019-07-17 12:18:15 +02:00
Christophe Maudoux
d8b3eb2a34 Remove cipher cookie if notification refused (#1857) 2019-07-16 13:51:01 +02:00
Clément OUDOT
e12cb3a905 Fix loop on notifications (#1856) 2019-07-15 10:55:33 +02:00
Xavier
64c587417b Improvement 2019-07-12 19:09:55 +02:00
Clément OUDOT
c024ed0fe6 Improve logging when a notification is added by REST (#1853) 2019-07-12 18:34:55 +02:00
Xavier
a104db2f2d Clean logs 2019-07-04 07:24:50 +02:00
Maxime Besson
6f058fb2fa Add manager manpages to deb 2019-07-03 15:17:16 +02:00
Xavier Guimard
c1137edba8 make tidy with perltidy-20181120 2019-07-02 20:03:40 +02:00
Clément OUDOT
e04a6f1983 Reject none algorithm when checking JWT signature (#1835) 2019-07-02 16:36:43 +02:00
Clément OUDOT
60c03010ce Use Base64URL for JWT generation (#1834) 2019-07-01 17:29:35 +02:00
Xavier
c921c295ed Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00
Xavier Guimard
44a6e25851 Improve cryptographic functions (#1823) 2019-06-28 10:30:37 +02:00
Xavier Guimard
e15a41bc66 Fix typo: s/templatesDir/templateDir/g (#1819) 2019-06-26 11:59:13 +02:00
Xavier Guimard
45a0b68c3b Disable external entities in XML parsers (Fixes: #1818) 2019-06-26 11:32:10 +02:00
Xavier
8b488e4d51 Move LDAP::getUser() to Lib::LDAP (Fixes: #1805) 2019-06-17 21:15:38 +02:00
Xavier Guimard
5fbff01b27 Update versions 2019-06-14 17:27:54 +02:00
Xavier Guimard
2a021e37ea Don't require getDisplayType in Choice (#1800) 2019-06-13 17:51:36 +02:00
Xavier Guimard
946384272e Partial revert "Typo" 
This reverts commit f63a63eedb.
 2019-06-06 16:00:49 +02:00
Christophe Maudoux
f63a63eedb Typo 2019-06-05 11:25:50 +02:00
Christophe Maudoux
3dd4c52c65 Update version (#1766) 2019-05-26 10:33:39 +02:00
Christophe Maudoux
0e47cb4f5b Fix warning message 2019-05-23 15:52:11 +02:00
Clément OUDOT
c024952b8f Do not fail if no RP or no OP configured (#1759) 2019-05-17 16:00:33 +02:00
Xavier
b91d1d4b87 Tidy 2019-05-16 20:45:14 +02:00
Xavier
a2e78c88c3 Set versions 2019-05-16 20:42:31 +02:00
Christophe Maudoux
e46fac82b2 CheckUser with tokenGlobalStorage & Warn if SSO groups are merged 2019-05-15 23:45:06 +02:00
Clément OUDOT
05cd4d4a58 Fix update token with global storage (#1742) 2019-05-12 20:39:25 +02:00
Clément OUDOT
07de622e83 Fix getRegisterSession and getMailSession (#1743) 2019-05-12 17:36:14 +02:00
Xavier
f3c4ea0afb Tydy 2019-05-11 20:18:43 +02:00
Xavier Guimard
1cd50bb353 Fix Auth::Remote session kind (#1742) 2019-05-10 18:02:56 +02:00
Xavier Guimard
638a0de81a Don't use SSO session type for tokens (Fixes security part of #1742) 2019-05-10 17:35:10 +02:00
Christophe Maudoux
c8dd4554aa Test if required secret elements are set to sign JWT 2019-05-02 14:33:56 +02:00
Clément OUDOT
926262170b Implement PKCE in OIDC provider (#1722) 2019-04-29 17:18:16 +02:00
Clément OUDOT
8e6f678be7 Create a configuration option to allow a Relying Party to be a public client 
Allow unauthenticated requests on OAuth2 token endoint

#1725
 2019-04-29 10:02:16 +02:00
Antoine ROSIER
8875a4e985 perltidy 2019-04-10 17:21:33 +02:00
Antoine ROSIER
8636da45be Sorting SAML idp (#1704) 2019-04-10 17:06:41 +02:00
Clément OUDOT
ae3a728378 Manage template inclusion when file is not in configured portal theme (#1653) 2019-04-10 15:42:58 +02:00
maudoux
1bc519d11d Fix warning (#1694) 2019-04-06 14:09:58 +02:00
Christophe Maudoux
cf36b44162 Cleaning code (#1664) 2019-04-05 20:04:17 +02:00
Christophe Maudoux
2b818a9c02 Append specific ottRule dependency (#1694) 2019-04-05 17:23:09 +02:00
Xavier Guimard
2159957c34 Update versions 2019-04-05 09:54:43 +02:00
Xavier Guimard
ece9b21219 Remove trailing whitespaces 2019-04-03 14:15:16 +02:00
Maxime Besson
d44a042fd5 Revert 8f5fbb077e and change the way logout errors are handled 
Relating to issue #1668, the proposed fix works when there is only one
service provider to logout of.

Now that multiple service provider logout is starting to work again on
2.0, we cannot read the remote_ProviderID from the logout object because
it is only filled by lasso when actually building the response.

Instead, we ignore any error that could occur when building the
response, log a warning and show the portal instead. Still better than
an internal server error.
 2019-04-03 11:20:24 +02:00
Clément OUDOT
502a32e257 Add unit test and fix code for ppolicy grace (#1691) 2019-04-01 09:58:56 +02:00
Xavier
01ab88ba57 Fix for #1691 2019-04-01 06:52:21 +02:00
Clément OUDOT
d620ae2e8b Merge branch 'maxbes/lemonldap-ng-saml-issuer-entityid-override' into v2.0 2019-03-13 10:30:16 +01:00
Maxime Besson
8f5fbb077e When logout-initiating SP has no known SLO endpoint, fallback to portal 
In some federations, SLO endpoints are not published, yet SP are still
able to initiate logouts.

This used to cause an error on the portal, this commit changes the error
into a warning in logs. The user remains on the portal and sees a normal
logout message.
 2019-03-12 17:58:41 +01:00
Xavier Guimard
bc2bef4ff4 Please use our .perltidyrc 2019-03-07 18:22:58 +01:00
Maxime Besson
e290cd59d6 Fix undef warnings in metadata generation 
Fix some undef warnings introduced in
12d2db35a9
 2019-03-04 09:33:12 +01:00
dcoutadeur
3af15b139e fix id_token validity not correctly evaluated #1662 2019-02-28 09:56:21 +01:00
Maxime Besson
12d2db35a9 Add new URLs for SP-only or IDP-only SAML metadata 
This commit adds two new URLs:

/saml/metadata/idp : IDP-only metadata
/saml/metadata/sp : SP-only metadata

/saml/metadata keeps providing metadata for all SAML services
 2019-02-27 18:14:30 +01:00
Xavier Guimard
c7b4eb5051 tidy with new conf 2019-02-07 09:27:56 +01:00
Xavier Guimard
58fc9c2fad Update versions 2019-02-06 19:30:57 +01:00
Clément OUDOT
8b76218025 Fix error message for ppolicy (#1639) 2019-02-06 11:39:37 +01:00
Xavier Guimard
5886cbe2a0 Tidy 2019-02-05 23:12:17 +01:00