Upgrade from 1.9 to 2.0
2.0 is a major release, many things have been changed. You must read this document before upgrade.
Configuration
User module in authentication parameters now provides a “Same as authentication” value. You must revalidate it in the manager since all special values must be replaced by this
(Multi, Choice, Proxy, Slave, SAML, OpenID*,…)
“Multi” doesn't exist anymore: it is replaced by the more powerful
Combination
Apache-ModPerl is no longer usable since version 2.4
(many segfaults,…), especially when using mpm-worker. That's why LLNG doesn't use anymore ModPerl::Registry: all is now handle by FastCGI
(portal and manager).
For handlers, it is now recommended to migrate to Nginx, but Apache-2.X is still supported
Logs
Syslog: logs are now configured only in
lemonldap-ng.ini
file. If you use Syslog, you must reconfigure it. See
logs for more.
Apache2: Portal doesn't use anymore Apache2 logger. Logs continue to be written to Apache error.log but Apache “LogLevel” parameter has no effet on it: portal is now a FastCGI application and doesn't use anymore ModPerl. See
logs for more.
Security
LLNG portal now embeds the following features:
CSRF protection
(Cross-Site Request Forgery): a token is build for each form. To disable it, set requireToken to 0
(portal security parameters in the manager)
Content-Security-Policy header: portal build dynamically this header. You can modify default values in the manager
(Général parameters » Advanced parameters » Security » Content-Security-Policy)
Handlers
Rules and headers
Supported servers
SOAP/REST services
SOAP server activation is now split in 2 parameters (configuration/sessions). You must set them else SOAP service will be disabled
Notifications are now REST/JSON by default. You can force old format in the manager. Note that SOAP proxy has changed:
http://portal/notifications now.
If you use “adminSessions” endpoint with “singleSession*” features, you must upgrade all portals in the same time
SOAP services can be replaced by new REST services
Developer corner
APIs
Portal has now many REST features and includes a plugin API. See Portal manpages to see how to write auth modules, issuers or other feature.
Portal overview
Portal is no more a big CGI object. it is written for Plack/PSGI. Little resume
Portal object
|
+-> auth module
|
+-> userDB module
|
+-> issuer modules
|
+-> other plugins (notification,...)
The request is a separated object based on Lemonldap::NG::Portal::Main::Request which inherits from Lemonldap::NG::Common::PSGI::Request which inherits from Plack::Request. See manpages for more.
Handler
Handler libraries have been totally rewritten. If you've made custom handlers, they must be rewritten. See
customhandlers