Thomas CHEMINEAU
4e99c602de
SAML #89 - Fix html encoding of french character, and disallow download button when empty file
2010-06-07 15:47:23 +00:00
Clément Oudot
93554bf48a
Update MANIFEST for Manager
2010-06-07 15:38:05 +00:00
Clément Oudot
7e031e199a
SAML: minor corrections for forceAuthn flag management ( #34 )
2010-06-07 15:36:45 +00:00
Thomas CHEMINEAU
a54d53f160
SAML #89 - adding codes to generate private/public keys from manager
2010-06-07 15:26:16 +00:00
Clément Oudot
783d88eabb
SAML: manage ForceAuthn flag from SP ( #34 )
2010-06-07 14:48:59 +00:00
Clément Oudot
05637bf0c4
SAML: set encryption mode on providers (none, nameid or assertion) ( #49 )
2010-06-04 15:54:52 +00:00
Thomas CHEMINEAU
ba78107135
SAML #89 - fix a little bug
2010-06-04 15:10:46 +00:00
Clément Oudot
dd615d0678
SAML:
...
* Check values of requested attributes (#85 )
* Refactor some code in _SAML (createAttribute and createAttributeValue)
2010-06-04 14:23:41 +00:00
Thomas CHEMINEAU
346d901a15
SAML #89 - adding configuration key to store priv/pub keys for signature and encryption
2010-06-04 13:39:00 +00:00
Clément Oudot
241d972b07
SAML: Attribute format select in Manager ( #87 )
2010-06-04 10:22:12 +00:00
Xavier Guimard
208a4f34d2
Closes #82 : CDA always use secured cookie even if requested site is a http one
2010-06-04 08:43:42 +00:00
Xavier Guimard
47d38c7e3f
New debconf translation ( Closes : #584453 / bugs.debian.org)
2010-06-04 08:35:53 +00:00
Thomas CHEMINEAU
160c5f670a
fix #35 - include more checks to test contents on identity dump
2010-06-03 14:02:15 +00:00
Clément Oudot
cc1eb344a7
SAML: get attributes in attribute response
2010-06-02 15:21:39 +00:00
Clément Oudot
101442179d
Check format and friendly name from attribute ( #84 )
2010-06-02 14:51:39 +00:00
Clément Oudot
e928b770f7
SAML: browse SP authorized attributes and build attribute response ( #2 )
2010-06-02 13:45:37 +00:00
Clément Oudot
5ded22db86
Do not return errors in POST or SOAP response process, just quit if something is wrong
2010-06-02 09:12:35 +00:00
Clément Oudot
82b350a397
SAML: check NameID before extracting content
2010-06-02 09:08:33 +00:00
Clément Oudot
5444a9d3b4
SAML:
...
* Grab NameID from attribute request and find corresponding session (#2 )
* create a getSamlSession subroutine
2010-06-02 09:04:07 +00:00
Clément Oudot
a27464e277
SAML: process and validate attribute request ( #2 )
2010-06-02 08:09:59 +00:00
Clément Oudot
67e3e0ee6b
was not set
2010-06-01 15:42:35 +00:00
Clément Oudot
608e5e6b0a
Little corrections for make test
2010-06-01 15:39:18 +00:00
Clément Oudot
8fe3e749a3
SAML: catch attribute service URL ( #2 )
2010-06-01 15:34:08 +00:00
Clément Oudot
e8c514f794
SAML: set NameID in attribute query ( #2 )
2010-06-01 14:43:49 +00:00
Clément Oudot
8c14ba24bf
SAML: keep NameID in a SAML session to answer later attribute queries ( #2 )
2010-06-01 13:27:02 +00:00
Clément Oudot
00a952a372
SAML: create a new Lasso::Server object to manage attribute queries ( #2 )
2010-06-01 12:23:11 +00:00
Clément Oudot
d7cee9a4f9
Use redirection message in page title ( #80 )
2010-06-01 10:11:35 +00:00
Clément Oudot
bb9c7435cc
POST fields are now hidden ( #80 )
2010-06-01 09:59:37 +00:00
Clément Oudot
6c1dc91ff0
SAML: set SessionNotOnOrAfter ( #81 )
2010-06-01 08:03:24 +00:00
Clément Oudot
ffeb9e3134
SAML: adjust HTTP-POST artifact binding ( #75 )
2010-05-31 15:46:41 +00:00
Xavier Guimard
aa06d53bcf
New dependency not inserted in control files (Crypt::OpenSSL::X509)
2010-05-31 15:44:40 +00:00
Thomas CHEMINEAU
0f10a2c8ad
SAML: fix #10 - remove certificate header and footer
2010-05-31 15:07:46 +00:00
Thomas CHEMINEAU
3cef8ecf0a
SAML: fix #10 - support certificate into metadata
2010-05-31 14:57:34 +00:00
Clément Oudot
ec8892ef7f
SAML:
...
* Identity is no more required in attribute query
* Mandatory attributes are requested if not defined in SSO assertion (#79 )
2010-05-31 14:54:24 +00:00
Clément Oudot
b678ab454f
SAML: test SessionNotOnOrAfter before converting it ( #77 )
2010-05-31 13:50:26 +00:00
Clément Oudot
9d3fd0ebd0
SAML:
...
* Add Attribute Authority metadata (#3 )
* Clean existing metadata (remove NameID management, and set NameIDFormat directly in XML)
2010-05-31 10:37:43 +00:00
Clément Oudot
c0edd943db
SAML: add an IDP option to force attribute value in UTF-8 ( #72 )
2010-05-28 15:31:20 +00:00
Clément Oudot
6964b09eb2
SAML: use HTTP method string in debug messages
2010-05-28 12:17:05 +00:00
Clément Oudot
b91cba9f32
SAML: adapt metadata to new Post bindings ( #75 )
2010-05-28 11:51:53 +00:00
Clément Oudot
82ff667d57
SAML: add POST binding to SAML services ( #75 )
2010-05-28 10:35:24 +00:00
Clément Oudot
b8c3f5e6ff
SAML: transport url parameter in IDP choice screens ( closes #73 )
2010-05-28 08:03:13 +00:00
Clément Oudot
62d9cccaa0
SAML: #68 is not a Lasso bug
2010-05-27 15:53:32 +00:00
Clément Oudot
d6d50cca62
SAML: add SOAP binding in samlAssertion bindings list ( #71 )
2010-05-27 15:48:57 +00:00
Clément Oudot
cfec37d111
SAML:
...
* Error message when no artifact resolution URL in profile
* Manage XML boolean values in metadata
2010-05-27 12:39:32 +00:00
Clément Oudot
8d76924fbf
SAML: little workaround for Exponent/Modulus order in metadata, will not be kept if this is later corrected in Lasso ( #68 )
2010-05-27 09:17:55 +00:00
Clément Oudot
8789b5d131
SAML: do not throw error if no SP or no IDP configured ( closes #70 )
2010-05-26 15:32:09 +00:00
Clément Oudot
a2cd83aea9
* - in domain ( closes #69 )
...
* securedCookie select box
* bad abort arguments number
* manager/index.pl comments
2010-05-26 15:17:51 +00:00
Clément Oudot
b1c87f1e49
Sympa Handler:
...
* Read sympa secret from configuration
* Add mail session key parameter
* Install Sympa Handler
* Closes #55
2010-05-21 15:53:54 +00:00
Clément Oudot
d1b4541a4d
SAML: check Destination attribute ( closes #33 )
2010-05-21 13:44:16 +00:00
Clément Oudot
58bec95435
SAML: map NameID formats to local session keys ( closes #67 )
2010-05-21 09:03:29 +00:00
Clément Oudot
0817e9918f
SAML: Option to configure default NameID format for a SP ( #67 )
2010-05-20 15:57:51 +00:00
Clément Oudot
f187851ba6
SAML: signatures on SSO/SLO messages issued from IDP ( #66 )
2010-05-20 13:08:07 +00:00
Clément Oudot
bc618ce075
SAML: check SSO/SLO messages signature in IDP ( #66 )
2010-05-20 10:25:00 +00:00
Clément Oudot
fdc84aac52
SAML: get SessionIndex before validating SLO request ( closes #64 )
2010-05-20 08:59:59 +00:00
Clément Oudot
ef3faf7d3e
SAML: eval SessionIndex call to prevent server error ( #64 )
2010-05-19 15:54:20 +00:00
Clément Oudot
4d0a5a651d
SAML: IssuerDB Activation Rule ( #52 )
2010-05-19 14:59:43 +00:00
Clément Oudot
df4198399f
* Add a new process step (authFinish) run after session store
...
* Create SAML session linked to real session to store NameID and SessionIndex, in order to use searchOn on them (will not force globalStorage to be compatible with searchOn)
* Control SessionIndex sent by IDP on a SLO request is now managed in SP to get the correct local session
* This solves issue #51
2010-05-17 16:02:21 +00:00
Clément Oudot
18bda4be2e
SAML: SLO request without SessionIndex are rejected ( #51 )
2010-05-17 12:44:26 +00:00
Clément Oudot
6f0dde1bac
SAML: correct unit test if no Lasso available
2010-05-17 09:36:03 +00:00
Clément Oudot
a3cc63ac90
SAML: skip all tests if Lasso no available
2010-05-17 07:43:37 +00:00
Clément Oudot
be742cfac6
SAML: use encrypt/decrypt to match session_index and session_id ( #51 )
2010-05-12 15:56:27 +00:00
Clément Oudot
c6dd158903
SAML: map SAML authentication context and authentication level ( #47 )
2010-05-12 15:14:07 +00:00
Clément Oudot
7f427610fe
SAML: typo in #53 correction
2010-05-12 12:56:16 +00:00
Clément Oudot
01f928504d
SAML: correct date to timestamp conversion ( #62 ) and add unit test
2010-05-12 12:46:47 +00:00
Thomas CHEMINEAU
14c23cea6d
fix #53 - use sendLogoutResponseToServiceProvider in IssuerDBSAML
2010-05-12 09:41:54 +00:00
Xavier Guimard
3844ba4192
"make tidy"
2010-05-12 04:04:10 +00:00
Xavier Guimard
c7c093b46d
Closes : #20
2010-05-11 11:05:24 +00:00
Xavier Guimard
67e480217c
Timeout for thread cache
2010-05-11 10:16:05 +00:00
Xavier Guimard
2a8db1c3d6
Closes : #54
2010-05-11 07:47:51 +00:00
Xavier Guimard
034e5a0142
Some little things
2010-05-11 07:09:10 +00:00
Clément Oudot
798498befc
Zimbra: timestamp was missing in preauth URL
2010-05-10 16:05:30 +00:00
Clément Oudot
0ae986296a
Clean all UserDBEnv related files
2010-05-08 15:55:27 +00:00
Clément Oudot
2d88be8222
Portal: catch ENV exportedVars for all UserDB modules ( #58 )
2010-05-07 21:33:57 +00:00
Clément Oudot
f7fc51100c
Zimbra Handler:
...
* Parameters are now read from main configuration
* Zimbra parameters in Manager
* Add zimbraSsoUrl to catch the local SSO URL (Apache configuration is now very easy)
2010-05-07 10:42:38 +00:00
Thomas CHEMINEAU
d262a95744
fix little bug in Manager::Help.pm
2010-05-07 10:13:13 +00:00
Thomas CHEMINEAU
adf7e8158a
Add activity timeout on SSO sessions
2010-05-07 10:00:55 +00:00
Thomas CHEMINEAU
f60e65166d
adding Lemonldap::NG::Handler::UpdateCookie.pm and associated files
2010-05-05 16:49:26 +00:00
Xavier Guimard
810505b1cb
( Closes : #46 )
2010-05-05 16:42:22 +00:00
Xavier Guimard
1b1cb88f14
Local macros ( Closes : #57 )
2010-05-05 16:40:23 +00:00
Clément Oudot
2007ac3814
Typo in Zimbra doc
2010-05-05 13:11:26 +00:00
Clément Oudot
bec0831f2d
Zimbra preAuth is now an independent Handler ( #12 )
2010-05-05 08:13:44 +00:00
Xavier Guimard
cdad662b0e
Warning for classes properties
2010-05-05 07:33:20 +00:00
Clément Oudot
a04ff6e964
SAML:
...
* OneTimeUse is no more used in SP (#50 )
* Compile regexp for SAML URLs
* Move sendLogoutRequestToServiceProviders in _SAML
* In AuthSAML, do not predefined variables outside loops
2010-05-05 07:10:13 +00:00
Thomas CHEMINEAU
c935584300
informations is correctly stored into session but not well displayed by manager (add _utime, remove useless code)
2010-05-04 15:55:48 +00:00
Clément Oudot
5eb7895dac
SAML: manage SP conf key
2010-05-04 10:10:34 +00:00
Clément Oudot
1b81ccd96f
SAML: use get_signature_status from Lasso::Profile
2010-05-03 21:12:14 +00:00
Thomas CHEMINEAU
c4ea39fae4
UserDB* modules should store user in sessionInfo
2010-05-03 17:42:42 +00:00
Thomas CHEMINEAU
a963e83dc2
add optional session identifier to update existing session with a valid user via SOAP
2010-05-03 16:49:57 +00:00
Thomas CHEMINEAU
1ba9f9ecf1
cleaning wsdl file, fix little bug in a wrong function name
2010-05-03 15:45:59 +00:00
Clément Oudot
cbf1401f1e
Declare Zimbra preauth in other grant subroutines
2010-05-03 14:18:40 +00:00
Clément Oudot
4bd444d427
Handler: first implementation of Zimbra preauth
2010-05-03 12:48:39 +00:00
Clément Oudot
9a5512bdf2
Bad test rule for logout_app_sso, correct #45
2010-05-03 08:59:22 +00:00
Clément Oudot
9832b9fdab
Sessions explorer: active sessions button in interface
2010-05-03 07:54:49 +00:00
Xavier Guimard
408365bc5f
strftime is defined in POSIX
2010-05-02 17:40:21 +00:00
Xavier Guimard
5ceb94e612
Correct errors
2010-05-02 13:41:12 +00:00
Xavier Guimard
c53bdf0edc
Little error
2010-05-02 13:30:04 +00:00
Xavier Guimard
cf0ece9aa2
Reformating
2010-05-02 11:37:25 +00:00
Xavier Guimard
5d2b50e905
Modif for XSS: for logout URL, we test now Referer field
2010-05-01 13:12:28 +00:00
Clément Oudot
2523fc5cf5
SAML: check IDP value from IDP cookie (LEMONLDAP-44)
2010-04-30 15:21:10 +00:00
Clément Oudot
a9c5d000fd
SAML:
...
* IDP list key is now entityID
* Do not trust IDP cookie to find current IDP (use SAML message remote provider ID)
* Ignore signature before processing SAML message, and check it after (work in progress)
2010-04-30 14:55:40 +00:00