Upgrade from 1.9 to 2.0

• User module in authentication parameters now provides a “Same as authentication” value. You must revalidate it in the manager since all special values must be replaced by this (Multi, Choice, Proxy, Slave, SAML, OpenID*,…)
• “Multi” doesn't exist anymore: it is replaced by the more powerful Combination

LLNG portal now embeds the following features:

• CSRF protection (Cross-Site Request Forgery): a token is build for each form. To disable it, set requireToken to 0 (portal security parameters in the manager)
• Content-Security-Policy header: portal build dynamically this header. You can modify default values in the manager (Général parameters » Advanced parameters » Security » Content-Security-Policy)

• Apache-1.3 files are not provided now. You can build them yourself by looking at Apache-2 configuration files

• SOAP server activation is now split in 2 parameters (configuration/sessions). You must set them else SOAP service will be disabled
• If you use “adminSessions” endpoint with “singleSession*” features, you must upgrade all portals in the same time
• SOAP services can be replaced by new REST services

Portal has now many REST features and includes a plugin API. See Portal manpages to see how to write auth modules, issuers or other feature.

Portal is no more a big CGI object. it is written for Plack/PSGI. Little resume

Portal object
  |
  +-> auth module
  |
  +-> userDB module
  |
  +-> issuer modules
  |
  +-> other plugins (notification,...)

The request is a separated object based on Lemonldap::NG::Portal::Main::Request which inherits from Lemonldap::NG::Common::PSGI::Request which inherits from Plack::Request. See manpages for more.