Upgrade from 1.9 to 2.0
2.0 is a major release, many things have been changed. You must read this document before upgrade.
Installation
Debian Wheezy
To build Debian package with Wheezy, remove debian/lemonldap-ng-doc.maintscript
file.
Configuration
Apache-ModPerl is no longer usable since version 2.4
(many segfaults,…), especially when using mpm-worker. That's why LLNG doesn't use anymore ModPerl::Registry: all is now handle by FastCGI
(portal and manager).
For handlers, it is now recommended to migrate to Nginx, but Apache-2.X is still supported
Journaux
Syslog: logs are now configured only in
lemonldap-ng.ini
file. If you use Syslog, you must reconfigure it. See
logs for more.
Apache2: Portal doesn't use anymore Apache2 logger. Logs continue to be written to Apache error.log but Apache “LogLevel” parameter has no effet on it: portal is now a FastCGI application and doesn't use anymore ModPerl. See
logs for more.
Sécurité
LLNG portal now embeds the following features:
CSRF protection
(Cross-Site Request Forgery): a token is build for each form. To disable it, set requireToken to 0
(portal security parameters in the manager)
Content-Security-Policy header: portal build dynamically this header. You can modify default values in the manager
(Général parameters » Advanced parameters » Security » Content-Security-Policy)
Handlers
Rules and headers
Supported servers
Ajax requests
Before 2.0, an Ajax query that was launched after session timeout received a 302 code. Now a response 401 is given. The WWW-Authenticate
header contains: SSO <portal-URL>
SOAP/REST services
SOAP server activation is now split in 2 parameters (configuration/sessions). You must set them else SOAP service will be disabled
Notifications are now REST/JSON by default. You can force old format in the manager. Note that SOAP proxy has changed:
http://portal/notifications now.
If you use “adminSessions” endpoint with “singleSession*” features, you must upgrade all portals in the same time
SOAP services can be replaced by new REST services
Developer corner
APIs
Portal has now many REST features and includes a plugin API. See Portal manpages to see how to write auth modules, issuers or other feature.
Portal overview
Portal is no more a big CGI object. it is written for Plack/PSGI. Little resume
Portal object
|
+-> auth module
|
+-> userDB module
|
+-> issuer modules
|
+-> other plugins (notification,...)
The request is a separated object based on Lemonldap::NG::Portal::Main::Request which inherits from Lemonldap::NG::Common::PSGI::Request which inherits from Plack::Request. See manpages for more.
Agent (Handler)
Handler libraries have been totally rewritten. If you've made custom handlers, they must be rewritten, see customhandlers.
If you had auto protected CGI, you also need to rewrite them, see documentation.