lemonldap-ng (1.0rc2) unstable; urgency=low * Debian policy 3.9.1 * [LEMONLDAP-20] - Parameter remoteCookieName is not available in Manager * [LEMONLDAP-21] - Special characters from SAML attribute statement are not well encoded * [LEMONLDAP-41] - Lasso CRITICAL error in AuthSAML logout process * [LEMONLDAP-42] - [SAML][SP] Attrubtes sent trought IDP initiated SSO are not registered into session * [LEMONLDAP-43] - [SAML][SP] IDP should not be read from IDP cookie, but from SAML request or response * [LEMONLDAP-50] - [SAML][SP] OneTimeUse flag should not reduce session duration * [LEMONLDAP-53] - [SAML][IDP] sendLogoutResponseAfterLogoutRequest method does not exists * [LEMONLDAP-54] - Handler parameters (https, port, etc.) are not taken into account if only defined in Manager, and not in ini file * [LEMONLDAP-62] - [SAML] samldate2timestamp is not returning correct timestamp * [LEMONLDAP-64] - SLO error with simpleSAMLphp * [LEMONLDAP-68] - Failed to load signing key for http://urlIDP/saml/metadata * [LEMONLDAP-69] - domain cannot contain "-" in Manager * [LEMONLDAP-71] - samlIDPSSODescriptorArtifactResolutionServiceArtifact wrong binding in Manager * [LEMONLDAP-72] - [SAML] UTF-8 encoded attributes are reencoded * [LEMONLDAP-73] - [SAML] Initial URL is not kept when IDP is choosen in AuthSAML * [LEMONLDAP-74] - [error] Unable to open relaystate session * [LEMONLDAP-75] - SSO HTTP-POST profile not declared in IDP metadata * [LEMONLDAP-76] - [SAML] SOAP SLO denied on IDP * [LEMONLDAP-77] - Error when no SessionNotOnOrAfter value in authn statement * [LEMONLDAP-78] - Request Denied on SOAP SLO request on IDP * [LEMONLDAP-79] - Mandatory attributes are not requested * [LEMONLDAP-81] - SessionNotOnOrAfter should be set explicitely * [LEMONLDAP-82] - CDA always use secured cookie even if requested site is a http one * [LEMONLDAP-100] - Secondary SAML session should be destroyed when primary session is deleted * [LEMONLDAP-105] - Error on SLO request for already closed session * [LEMONLDAP-109] - Do not send AttributeStatement when no attribute should be sent * [LEMONLDAP-112] - Handler/AuthBasic does not use local cache * [LEMONLDAP-113] - Lemonldap::NG is not compatible with the use of a LDAP server using a different encoding than UTF-8 for storing passwords * [LEMONLDAP-114] - Bad usage of Apache::Session::searchOn() on portal * [LEMONLDAP-115] - In info page, when clicking on "Continue", we are not redirected to urldc * [LEMONLDAP-119] - Special UTF-8 characters raise error in metadata * [LEMONLDAP-122] - Secondary SAML session are not deleted on local IDP logout * [LEMONLDAP-124] - Stop info/confirm timer at 0 * [LEMONLDAP-37] - [SAML] Proxy restriction should include all known IDP, and not only target IDP * [LEMONLDAP-44] - [SAML][SP] IDP list when unknown IDP in IDP cookie * [LEMONLDAP-46] - [logout] verify referer into logout process * [LEMONLDAP-47] - [SAML] RequestedAuthnContext should always be translated into authenticationLevel * [LEMONLDAP-51] - [SAML][IDP] SAML sessionIndex value should be a crypted value of LL::NG session_id * [LEMONLDAP-55] - Distribute SympaAutoLogin Handler * [LEMONLDAP-70] - Do not throw error if no SP or no IDP configured * [LEMONLDAP-80] - POST fields should be hidden * [LEMONLDAP-87] - Attribute format selection in Manager * [LEMONLDAP-89] - Security keys in service metadata * [LEMONLDAP-90] - Group IDP and SP options * [LEMONLDAP-91] - SOAP configuration parameter is not needed in SAML * [LEMONLDAP-98] - Add option to disable SAML conditions checks * [LEMONLDAP-104] - Store entities metadata in raw format * [LEMONLDAP-106] - Display OK or ERROR icons on HTTP REDIRECT and HTTP POST SLO iframes * [LEMONLDAP-107] - Manage asynchronous SLO request on closed SSO session (SAML IDP) * [LEMONLDAP-126] - Put SAML parameters in Manager * [LEMONLDAP-2] - [SAML] Attribute authority * [LEMONLDAP-10] - [SAML] Manage certificate in service metadata * [LEMONLDAP-31] - [SAML] Proxy IDP * [LEMONLDAP-32] - [SAML] Manage Artifact methods for SAML messages emission in SP * [LEMONLDAP-33] - [SAML] Check "Destination" attribute * [LEMONLDAP-35] - [SAML] Manage SLO trough SOAP * [LEMONLDAP-36] - [SAML] Check dates and other conditions in SLO requests * [LEMONLDAP-40] - [SAML] Dedicated portal errors code for SAML errors * [LEMONLDAP-49] - [SAML][IDP] Manage encrypted NameID * [LEMONLDAP-52] - IssuerDB activation rule * [LEMONLDAP-56] - [SAML][IDP] SLO trough HTTP-POST * [LEMONLDAP-66] - [SAMl][IDP] Options to check message signatures * [LEMONLDAP-67] - [SAML][IDP] Map NameID Format to local session keys * [LEMONLDAP-86] - Do not parse metadata on each authentication * [LEMONLDAP-88] - Better signature management * [LEMONLDAP-108] - NameID unspecified format should use the default NameID format * [LEMONLDAP-110] - Store SAML token in session * [LEMONLDAP-111] - Build SLO response request with other SLO request status * [LEMONLDAP-116] - Allow metadata edition in Manager * [LEMONLDAP-3] - [SAML] Attribute authority declaration in metadata * [LEMONLDAP-83] - Set NameID in attribute request * [LEMONLDAP-84] - Check format and friendly name of requested attribute * [LEMONLDAP-85] - Check requested attribute values * [LEMONLDAP-96] - Add encryptionkey in Attribute Authority metadata * Upgrade to JQuery-1.4.2 lemonldap-ng (1.0rc1) unstable; urgency=low * Little Debian changes (see 0.9.4.1-2 Debian changelog) * AuthCAS: URL redirection and module load test * Change multiple configuration files into lemonldap-ng.ini * New manager * New conf storage modules : CDBI and RDBI * DBI conf storage module is deprecated * convertConfig and lmMigrateConfFiles2ini tools * childInit() is called only 1 time * Update JQuery to 1.3 and JQueri-UI 1.7.2 (Closes: #314394) * New authentication and userDB modules : - DBI - Proxy - Env (UserDB only) - SAML - OpenID - Twitter * Portal index.pl use lemonldap-ng.ini to get parameters * CSS and Javascript minification capability * Apache configuration splitted into portal/manager/handler * XML Menu is deprecated * LDAP: recursive groups * unprotect target in rules * Force authentication parameter * Store in user session Auth/UserDB/PasswordDB/IssuerDB used module * Use a confirmation token and HTML templates for password reset by mail * SOAP: isAuthorizedUri Web Service * Confirm and Info stages in Portal * Possibility to define a rule to grant session * Configuration parameters for portal customization (skin, ...) * Possibility to set cookie expiration * LDAP: option to modify password as user * Correct bugs in Handler::Proxy * New portal skin: impact -- Xavier Guimard Wed, 24 Mar 2010 23:00:00 +0100 lemonldap-ng (0.9.4.1) unstable; urgency=low * Safe jail update * Many little bugs in Handler/CGI.pm * Apache::Session::LDAP was not usable with session explorer * syslog facility was not taken in account in Common/CGI.pm * require failed in _Multi.pm * doc update * russian debconf translation (Closes: #550552 / bugs.debian.org) -- Xavier Guimard Sun, 11 Oct 2009 09:36:35 +0200 lemonldap-ng (0.9.4) unstable; urgency=low * Bugs : - ldap+tls uri was not working (Closes: #312418) - Session timeout is in seconds and not in minutes in Manager/Help.pm (Closes: #312339) - Missing dependency in Debian package (Closes: #521959 / bugs.debian.org) * Logs : - CGI's log subroutine : now if a CGI runs under ModPerl::Registry, it stores it's log using Apache2::Log - handler logs written in PerlLogHandler * SOAP : - New SOAP architecture : the portal serves now all webservices and the security is based on Apache system (different locations) - WSDL generation * New features : - LDAP backend for configuration and sessions storage - portal can be a Perl expression in handlers - POST requests generation in handler (used to post login/password in non compatible applications) - Sympa auto login handler - New auth and userDB modules for the portal : Multi, Remote, Null (for UserDB only) - New module system for passwords - Notification system - Double session mechanism (1 secured and the other not) - New fonctions for rules (stored in lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm) : * checkLogonHours * checkDate * Other : - Pre-compilation in Apache's configuration files - Cross-domain now included in core - handler AuthBasic now uses SOAP -- Xavier Guimard Mon, 29 Jun 2009 10:28:09 +0200 lemonldap-ng (0.9.3.4) unstable; urgency=low * Security bug fix (macros and groups can be evaluated for an other user in multi-thread environment). Closes: #312627 * XSS filter can now accept URL with a port. Closes: #312625 -- Xavier Guimard Thu, 05 Feb 2009 16:12:55 +0100 lemonldap-ng (0.9.3.3) unstable; urgency=low * ldap+tls uri was not working (Closes: #312418) * Session timeout is in seconds and not in minutes in Manager/Help.pm (Closes: #312339) -- Xavier Guimard Thu, 22 Jan 2009 11:00:10 +0100 lemonldap-ng (0.9.3.2) unstable; urgency=low * Debian install failed (Closes: #510562, Closes: #510563 / bugs.debian.org) -- Xavier Guimard Sat, 03 Jan 2009 09:47:21 +0100 lemonldap-ng (0.9.3.1) unstable; urgency=low * Bug in Debian build -- Xavier Guimard Wed, 31 Dec 2008 14:16:06 +0100 lemonldap-ng (0.9.3) unstable; urgency=low [ Security ] * XSS protection [ Clement Oudot ] * New menu and skin (pastel). Menu calculates rights before displaying URL [ Xavier Guimard ] * Authentication and UserDB separation * New session explorer system * Backport of debian storage.conf file to normal installation * Errors are now displayed in the browser for portal and manager * Custom functions for rules, macros, headers and groups * Manager protection * New configuration access with local cache system * AuthBasic handler * MRTG scripts to read LmNG status * UserDB mechanism : LDAP is not required now * Portal SOAP functions -- Xavier Guimard Wed, 31 Dec 2008 11:55:57 +0100 lemonldap-ng (0.9.2.2) unstable; urgency=low * Bug in default rule (Closes: #310938) -- Xavier Guimard Mon, 25 Aug 2008 22:08:58 +0200 lemonldap-ng (0.9.2.1) unstable; urgency=low * New documentation page on advanced access rules -- Xavier Guimard Fri, 04 Jul 2008 11:54:57 +0200 lemonldap-ng (0.9.2) unstable; urgency=low * New css in manager * cleaning Handler code * Status system for Lemonldap::NG::Handler and for the portal * Debian Czech translation for debconf (Closes: #483301 / bugs.debian.org) * Debian Swedish translation for debconf (Closes: #487713 / bugs.debian.org) * Romanian translation for portal * Distinct Liberty-Alliance SP installation * Password policy included now * Bugs in redirections * Perl 5.10 check-in * More tests in "test" target * Bug in purgeCentralCache (DBI only): datas where never purged -- Xavier Guimard Tue, 24 Jun 2008 15:07:04 +0200 lemonldap-ng (0.9.1) unstable; urgency=low * logout bug : logout_sso target was not running (Closes: #308856) * javascript update : the manager was not running with MSIE7 (Closes: #308775) * Debian corrections issued from lintian (full) * 2 Net::LDAP password policy controls in the portal: - account locked - password expired -- Xavier Guimard Mon, 07 Apr 2008 11:13:06 +0200 lemonldap-ng (0.9) unstable; urgency=low * Liberty Alliance module issued of the FederID project is now included. -- Xavier Guimard Mon, 25 Feb 2008 15:05:08 +0100 lemonldap-ng (0.8.3.2) unstable; urgency=low * purgeCentralCache was not correctly installed in Debian (Closes: #461572 / bugs.debian.org) * debconf translation for german and portuguese (Closes: #451820 and #462807 bugs.debian.org) * HTML documentation update * Option +ExecCGI was missing in lemonldap-ng-handler/example/lmH-apache2.conf (Closes: #307891) * Local overload was not taken in account in handlers * Sessions could not be stored in SOAPServer (Closes: #308181) * Attributes could not be deleted in SOAP session client (Closes: #308214) * Sessions timeout can now be managed by the Manager * AuthSSL doesn't work without SSLvar parameter -- Xavier Guimard Fri, 08 Feb 2008 17:27:15 +0100 lemonldap-ng (0.8.3.1) unstable; urgency=low * New feature: LDAP groups are now available in $groups -- Xavier Guimard Wed, 07 Nov 2007 16:41:07 +0100 lemonldap-ng (0.8.3) unstable; urgency=high * Syntax errors in configuration are now displayed * Security fix: authentication could be replayed with another uid * Debian package uses po-debconf * TLS is now supported in LDAP connections (thanks to Baptiste Grenier) * New logout system: logout urls can be now intercepted in Manager * Documentation -- Xavier Guimard Fri, 07 Sep 2007 07:14:35 +0200 lemonldap-ng (0.8.2.4) unstable; urgency=low * Bug in manager javascript. -- Xavier Guimard Tue, 19 Jun 2007 22:25:10 +0200 lemonldap-ng (0.8.2.3) unstable; urgency=low * Change configuration storage format (Storable bug). Closes: #307173/objectweb.org * CDA little bug correction * Documentation update -- Xavier Guimard Wed, 13 Jun 2007 15:33:56 +0200 lemonldap-ng (0.8.2.2) unstable; urgency=low * Debian packages modifications due to Lintian control. * New Debian package: lemonldap-ng-doc * Little bug correction in Portal/CDA.pm * Bug between Handler dependencies and Debian organization: Lemonldap::NG::Handler::SharedConf must not depend from Lemonldap::NG::Manager but Lemonldap::NG::Manager::Conf -- Xavier Guimard Tue, 01 June 2007 07:18:43 +0200 lemonldap-ng (0.8.2.1) unstable; urgency=low * More documentation * Virtual host names control * Portal can now use more than one LDAP server -- Xavier Guimard Mon, 14 May 2007 07:14:10 +0200 lemonldap-ng (0.8.2) unstable; urgency=low * Little bug fix if whatToTrace parameter is not defined and display it in Manager interface * New: port is now checked in portal redirection * Different configurations can now be used on the same server at the same time * Help in english * New debian structure: lemonldap-ng is splitted in 5 packages, default configuration file has moved to /var/lib/lemonldap-ng/conf/ and first configuration file is managed by debconf * Buttons to manage configurations in manager (next, previous, last, delete). Closes: #306566 / forge.lemonldap.org. * SOAP: HTTP basic authentication and little bug correction in 'sessions' mode -- Xavier Guimard Mon, 07 May 2007 19:06:52 +0200 lemonldap-ng (0.8.1.1) unstable; urgency=low * Little bug fix in test -- Xavier Guimard Fri, 20 Apr 2007 08:57:40 +0200 lemonldap-ng (0.8.1) unstable; urgency=low * New features : - Logout system - Configuration check before saving in Manager -- Xavier Guimard Sun, 15 Apr 2007 19:18:29 +0200 lemonldap-ng (0.8.0.7) unstable; urgency=low * Bug fix in manager javascript (Closes: #306776 ?) * Display bug fix in manager -- Xavier Guimard Sun, 15 Apr 2007 13:21:43 +0200 lemonldap-ng (0.8.0.6) unstable; urgency=low * Little bug fix in unprotect function * Bug fix in authentication scheme different than default -- Xavier Guimard Thu, 12 Apr 2007 07:03:51 +0200 lemonldap-ng (0.8.0.5) unstable; urgency=low * i18n bug: Lemonldap::NG works does not fall in english but creates a bug -- Xavier Guimard Wed, 28 Mar 2007 21:26:16 +0200 lemonldap-ng (0.8.0.4) unstable; urgency=low * Multi-valued attributes in HTTP headers (Closes: #306792 / forge.objectweb.org) * Warning in Manager/Conf.pm: the same type of storage has to be used for all Lemonldap::NG parts in a same server. * Apache-1.3 configuration reload (Closes: #306761 / forge.objectweb.org) -- Xavier Guimard Thu, 22 Mar 2007 22:42:23 +0100 lemonldap-ng (0.8.0.3) unstable; urgency=low * New feature in Manager : "Delete VHost" button (Closes: #306761) * Typo correction in Makefile : (Closes: #306775) * Correction of build-depends : (Closes: #306773) * Bug correction : existingSessions was not called in Portal.pm -- Xavier Guimard Tue, 13 Mar 2007 07:55:42 +0100 lemonldap-ng (0.8.0.2) unstable; urgency=low * Bug correction: lock doesn't work with File.pm (Closes: #306760 / forge.objectweb.org) -- Xavier Guimard Sun, 11 Mar 2007 21:08:38 +0100 lemonldap-ng (0.8.0.1) unstable; urgency=medium * Closes: #306756 / forge.objectweb.org -- Xavier Guimard Fri, 10 Mar 2007 08:49:01 +0100 lemonldap-ng (0.8) unstable; urgency=low * Release 0.8: - corrects differents little bugs issued from test in real life. - on line documentation in english -- Xavier Guimard Fri, 9 Mar 2007 20:29:01 +0100 lemonldap-ng (0.7b12) unstable; urgency=low * New features: - session access via SOAP - authentication via CAS - 'apply changes' button in Manager used to reload configuration in handlers (by calling reload sub via HTTP) (Closes: #306565 / forge.objectweb.org) - i18n module in portal (for displaying errors) - lock in DBI configuration system (NOT YET TESTED) -- Xavier Guimard Sun, 4 Mar 2007 15:50:38 +0100 lemonldap-ng (0.7b11) unstable; urgency=low * New features: - Cross Domain Authentication - SOAP configuration access - READMEs and documentation update -- Xavier Guimard Tue, 27 Feb 2007 15:01:09 +0100 lemonldap-ng (0.7b10) unstable; urgency=low * Corrections in Manager issued from the first test in real life: - Close #306573 / forge.objectweb.org - Close #306574 / forge.objectweb.org -- Xavier Guimard Wed, 17 Jan 2007 20:57:33 +0100 lemonldap-ng (0.7b9) unstable; urgency=low * Internationalization of javascripts (close #306564 / forge.objectweb.org) * Help in "General Parameters" -- Xavier Guimard Sun, 14 Jan 2007 21:50:39 +0100 lemonldap-ng (0.7b8) unstable; urgency=low * Correction of the use of Safe in portal: &share doesn't work with a variable declared with my. * New system in the configuration: 'macro' section can be used to add custom exported variables. So configuration is more simple in heavy case. -- Xavier Guimard Sat, 13 Jan 2007 20:19:19 +0100 lemonldap-ng (0.7b7) unstable; urgency=low * Correction of a bug in internal redirections: now internal redirections are not examined: for example,http://test.example.com/ is internaly redirected to /index.pl, but only the first request (/) is tested. * Help in french -- Xavier Guimard Fri, 5 Jan 2007 18:22:32 +0100 lemonldap-ng (0.7b6) unstable; urgency=low * Help system skeleton -- Xavier Guimard Thu, 4 Jan 2007 09:04:05 +0100 lemonldap-ng (0.7b5) unstable; urgency=low * Localization in Manager interface (only fr and en) -- Xavier Guimard Sun, 31 Dec 2006 16:39:06 +0100 lemonldap-ng (0.7b4) unstable; urgency=low * Safe jail runs now * example runs now -- Xavier Guimard Sun, 31 Dec 2006 14:00:08 +0100 lemonldap-ng (0.7b3) unstable; urgency=low * Replacement of eval by Safe for external expressions -- Xavier Guimard Sat, 30 Dec 2006 22:23:22 +0100 lemonldap-ng (0.7b) unstable; urgency=low * Corrections in example * Example installation in debian * Revision in documentation -- Xavier Guimard Sun, 17 Dec 2006 18:37:39 +0100 lemonldap-ng (0.6) unstable; urgency=low * Initial release built starting from the three modules of the CPAN. -- Xavier Guimard Sun, 17 Dec 2006 17:46:47 +0100