Compare revisions

Maxime Besson · Maxime Besson · Maxime Besson · Maxime Besson · Maxime Besson · Maxime Besson
--- a/doc/sources/admin/upgrade_2_x.rst
+++ b/doc/sources/admin/upgrade_2_x.rst
@@ -45,6 +45,14 @@ automatically refreshed. However, to improve user experience, you may want to
 increase the *General Parameters* » *Second factors* » *Global options* »
 *Login timeout* setting to increase the timeout.

+Client secrets as GET parameters are no longer allowed
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When calling the OIDC ``/oauth2/token`` endpoint, we no longer allow the
+``client_secret`` parameter to be sent as an URL parameter. It has to be sent
+either in the body (*client_secret_post*), or as part of and ``Authentication``
+HTTP header (*client_secret_basic*).
+

 U2F is no more supported
 ~~~~~~~~~~~~~~~~~~~~~~~~

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
@@ -31,7 +31,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
 );
 our $hashParameters = qr/^(?:(?:r(?:e(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|adius(?:(?:2f)?RequestAttribute|ExportedVar))|l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|m(?:essageBrokerOption|acro))s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:a(?:s(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|ptchaOptions)|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|AuthnContextMapExtra)|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
 our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/;
-our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:daptSessionUtime|llowLoginFromIDP)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnected(?:SingleSession|BypassFG)|orePasswor(?:dEncrypte)?d)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|uth(?:nRequire(?:Nonc|Stat)|RequiredForAuthoriz)e|ccessToken(?:Claims|JWT))|Logout(?:SessionRequired|BypassConfirm)|Re(?:freshToke(?:nRotatio)?n|quirePKCE)|UserinfoRequireHeaderToken|IDTokenForceClaims|BypassConsent|NoJwtHeader|Public)|Service(?:Allow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|MetaDataDisallowNoneAlg|IgnoreScopeForClaims|HideMetadata)|OPMetaDataOptions(?:(?:(?:RequirePk|UseNon)c|CheckJWTSignatur)e|StoreIDToken|NoJwtHeader)|DropCspHeaders)|ldNotifFormat)|c(?:heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|Entropy(?:Required)?|HIBP(?:Required)?|State|User|XSS)|as(?:S(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|AppMetaDataOptionsAllowProxy|BackChannelSingleLogout)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec(?:IgnoreFailures)?|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap)|assword2fUserCanRemoveKey)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|o(?:ginHistoryEnabled|cationDetect))|r(?:e(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|member(?:AuthChoiceForgetAtLogout|DefaultChecked)|freshSessions)|adius(?:2f(?:SendInitialRequest|MsgAuth)|MsgAuth))|i(?:ssuerDB(?:OpenID(?:Connect)?|JitsiMeetTokens|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues|nitializePasswordReset)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|t(?:o(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|rustedBrowserUseTotp)|u(?:se(?:Redirect(?:On(?:Forbidden|Error)|AjaxOnUnauthorized)|SafeJail)|pgradeSession)|a(?:ppAccessHistoryEnabled|uthChoiceSelectOnly|voidAssignment|ctiveTimer)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|w(?:ebauthn(?:2fUserCanRemoveKey|AppId)|sdlServer)|h(?:ashedSessionStore|ideOldPassword|ttpOnly)|g(?:roupsBeforeMacros|lobalLogoutTimer)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|findUser)$/;
+our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:daptSessionUtime|llowLoginFromIDP)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnected(?:SingleSession|BypassFG)|orePasswor(?:dEncrypte)?d)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|uth(?:nRequire(?:Nonc|Stat)|RequiredForAuthoriz)e|ccessToken(?:Claims|JWT))|Logout(?:SessionRequired|BypassConfirm)|Re(?:freshToke(?:nRotatio)?n|quirePKCE)|UserinfoRequireHeaderToken|IDTokenForceClaims|BypassConsent|NoJwtHeader|Public)|Service(?:Allow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|MetaDataDisallowNoneAlg|IgnoreScopeForClaims|HideMetadata)|OPMetaDataOptions(?:(?:(?:RequirePk|UseNon)c|CheckJWTSignatur)e|StoreIDToken|NoJwtHeader)|DropCspHeaders)|ldNotifFormat)|c(?:heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|Entropy(?:Required)?|HIBP(?:Required)?|State|User|XSS)|as(?:S(?:rvMetaDataOptions(?:SamlValidate|Gateway|Renew)|trictMatching)|AppMetaDataOptionsAllowProxy|BackChannelSingleLogout)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec(?:IgnoreFailures)?|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap)|assword2fUserCanRemoveKey)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|o(?:ginHistoryEnabled|cationDetect))|r(?:e(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|member(?:AuthChoiceForgetAtLogout|DefaultChecked)|freshSessions)|adius(?:2f(?:SendInitialRequest|MsgAuth)|MsgAuth))|i(?:ssuerDB(?:OpenID(?:Connect)?|JitsiMeetTokens|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues|nitializePasswordReset)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|t(?:o(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|rustedBrowserUseTotp)|u(?:se(?:Redirect(?:On(?:Forbidden|Error)|AjaxOnUnauthorized)|SafeJail)|pgradeSession)|a(?:ppAccessHistoryEnabled|uthChoiceSelectOnly|voidAssignment|ctiveTimer)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|w(?:ebauthn(?:2fUserCanRemoveKey|AppId)|sdlServer)|h(?:ashedSessionStore|ideOldPassword|ttpOnly)|g(?:roupsBeforeMacros|lobalLogoutTimer)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|findUser)$/;

 our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );


--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
@@ -24,7 +24,7 @@ our $specialNodeHash = {
 our $doubleHashKeys = 'issuerDBGetParameters';
 our $simpleHashKeys = '(?:(?:r(?:e(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|adius(?:(?:2f)?RequestAttribute|ExportedVar))|c(?:a(?:s(?:StorageOption|Attribute)|ptchaOption)|ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)|l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|(?:(?:d(?:emo|bi)|webID)E|e)xportedVar|m(?:essageBrokerOption|acro))s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|OPMetaDataJ(?:SON|WKS))|penIdExportedVars)|s(?:aml(?:AuthnContextMapExtra|StorageOptions)|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
 our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
-our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|DisplayNam|Servic|Rul)e|A(?:llowProxy|uthnLevel)|(?:Commen|Logou)t)|(?:ExportedVar|Macro)s)';
+our $casAppMetaDataNodeKeys = 'cas(?:AppMetaData(?:Options(?:(?:UserAttribut|DisplayNam|Servic|Rul)e|A(?:llowProxy|uthnLevel)|(?:Commen|Logou)t)|(?:ExportedVar|Macro)s)|SrvMetaDataOptionsSamlValidate)';
 our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:Re(?:solutionRule|new)|ProxiedServices|DisplayName|SortNumber|Comment|Gateway|Tooltip|Icon|Url)|ExportedVars)';
 our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:o(?:nfigurationURI|mment)|lient(?:Secret|ID)|heckJWTSignature)|U(?:se(?:r(?:infoSourc|Attribut)|Nonc)e|iLocales)|A(?:uthnEndpointAuth(?:Method|SigAlg)|crValues)|(?:Re(?:solutionRul|quirePkc)|MaxAg)e|To(?:kenEndpointAuthMethod|oltip)|S(?:toreIDToken|ortNumber|cope)|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|Display(?:Name)?|NoJwtHeader)|ExportedVars|J(?:SON|WKS))';
 our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:uth(?:n(?:Require(?:Nonc|Stat)e|Level)|orizationCodeExpiration|RequiredForAuthorize|Method)|ccessToken(?:E(?:nc(?:ContentEnc|KeyMgt)Alg|xpiration)|SignAlg|Claims|JWT)|llow(?:(?:ClientCredentials|Password)Grant|Offline)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|dTokenEnc(?:ContentEnc|KeyMgt)Alg|con)|User(?:I(?:nfo(?:Enc(?:ContentEnc|KeyMgt)|Sign)Alg|DAttr)|infoRequireHeaderToken)|Logout(?:Enc(?:ContentEnc|KeyMgt)Alg|SessionRequired|BypassConfirm|Type|Url)|R(?:e(?:freshToke(?:nRotatio)?n|qu(?:estUris|irePKCE)|directUris)|ule)|P(?:ostLogoutRedirectUris|ublic)|C(?:lient(?:Secret|ID)|omment)|OfflineSessionExpiration|TokenXAuthorizedRP|BypassConsent|Jwks(?:Uri)?|DisplayName|ExtraClaims|NoJwtHeader)|(?:ExportedVar|ScopeRule|Macro)s)';

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
@@ -58,7 +58,8 @@ sub delSession {
    );
    $session->remove;

-    Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
+    Lemonldap::NG::Handler::Main->publishEvent( $req,
+        { action => 'unlog', id => $id } );
    return $session->error
      ? $self->sendError( $req, $session->error, 200 )
      : $self->sendJSONresponse( $req, { result => 1 } );

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@@ -872,6 +872,9 @@ sub attributes {
            'default' => '',
            'type'    => 'longtext'
        },
+        'casSrvMetaDataOptionsSamlValidate' => {
+            'type' => 'bool'
+        },
        'casSrvMetaDataOptionsSortNumber' => {
            'type' => 'intOrNull'
        },

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -3059,6 +3059,10 @@ sub attributes {
            type          => 'text',
            documentation => 'CAS application service',
        },
+        casSrvMetaDataOptionsSamlValidate => {
+            type          => 'bool',
+            documentation => 'use SAML validateion',
+        },
        casAppMetaDataOptionsUserAttribute => {
            type          => 'text',
            documentation => 'CAS User attribute',

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
@@ -370,6 +370,7 @@ sub cTrees {
                    'casAppMetaDataOptionsService',
                    'casAppMetaDataOptionsUserAttribute',
                    'casAppMetaDataOptionsAllowProxy',
+                    'casSrvMetaDataOptionsSamlValidate',
                    'casAppMetaDataOptionsLogout',
                    'casAppMetaDataOptionsAuthnLevel',
                    'casAppMetaDataOptionsRule',

--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js
@@ -55,6 +55,12 @@ function templates(tpl,key) {
            "title" : "casAppMetaDataOptionsAllowProxy",
            "type" : "bool"
         },
+         {
+            "get" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSamlValidate",
+            "id" : tpl+"s/"+key+"/"+"casSrvMetaDataOptionsSamlValidate",
+            "title" : "casSrvMetaDataOptionsSamlValidate",
+            "type" : "bool"
+         },
         {
            "default" : -1,
            "get" : tpl+"s/"+key+"/"+"casAppMetaDataOptionsLogout",

--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js
--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"خدمات البروكسي",
 "casSrvMetaDataOptionsRenew":"تجديد إثبات الهوية",
 "casSrvMetaDataOptionsResolutionRule":"حل القاعدة",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"Order",
 "casSrvMetaDataOptionsTooltip":"Tooltip",
 "casSrvMetaDataOptionsUrl":" يو أر ل الخادم",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"Proxied services",
 "casSrvMetaDataOptionsRenew":"Renew authentication",
 "casSrvMetaDataOptionsResolutionRule":"Resolution rule",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"Order",
 "casSrvMetaDataOptionsTooltip":"Tooltip",
 "casSrvMetaDataOptionsUrl":"Server URL",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"Servicios proxificados",
 "casSrvMetaDataOptionsRenew":"Renovar autentificación",
 "casSrvMetaDataOptionsResolutionRule":"Resolution rule",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"Orden",
 "casSrvMetaDataOptionsTooltip":"Tooltip",
 "casSrvMetaDataOptionsUrl":"URL de servicio",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"Services mandatés",
 "casSrvMetaDataOptionsRenew":"Renouveler l'authentification",
 "casSrvMetaDataOptionsResolutionRule":"Règle de résolution",
+"casSrvMetaDataOptionsSamlValidate":"Utiliser la validation SAML 1.1",
 "casSrvMetaDataOptionsSortNumber":"Ordre",
 "casSrvMetaDataOptionsTooltip":"Info-bulle",
 "casSrvMetaDataOptionsUrl":"URL du serveur",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/he.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/he.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"שירותים מתווכים",
 "casSrvMetaDataOptionsRenew":"חידוש אימות",
 "casSrvMetaDataOptionsResolutionRule":"Resolution rule",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"סדר",
 "casSrvMetaDataOptionsTooltip":"חלונית עצה",
 "casSrvMetaDataOptionsUrl":"כתובת שרת",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"Servizi Proxied",
 "casSrvMetaDataOptionsRenew":"Rinnova l'autenticazione",
 "casSrvMetaDataOptionsResolutionRule":"Regola di risoluzione",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"Ordine",
 "casSrvMetaDataOptionsTooltip":"Tooltip",
 "casSrvMetaDataOptionsUrl":"URL del server",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"Usługi proxy",
 "casSrvMetaDataOptionsRenew":"Odnów uwierzytelnianie",
 "casSrvMetaDataOptionsResolutionRule":"Reguła rozstrzygania",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"Kolejność",
 "casSrvMetaDataOptionsTooltip":"Etykietka",
 "casSrvMetaDataOptionsUrl":"URL serwera",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/pt.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pt.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"Serviços via proxy",
 "casSrvMetaDataOptionsRenew":"Renovar autenticação",
 "casSrvMetaDataOptionsResolutionRule":"Regra de resolução",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"Ordem",
 "casSrvMetaDataOptionsTooltip":"Dica da ferramenta",
 "casSrvMetaDataOptionsUrl":"URL do servidor",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/pt_BR.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pt_BR.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"Serviços via proxy",
 "casSrvMetaDataOptionsRenew":"Renovar autenticação",
 "casSrvMetaDataOptionsResolutionRule":"Regra de resolução",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"Ordem",
 "casSrvMetaDataOptionsTooltip":"Dica da ferramenta",
 "casSrvMetaDataOptionsUrl":"URL do servidor",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/ru.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ru.json
@@ -179,6 +179,7 @@
 "casSrvMetaDataOptionsProxiedServices":"Прокси-сервисы",
 "casSrvMetaDataOptionsRenew":"Продлить аутентификацию",
 "casSrvMetaDataOptionsResolutionRule":"Правило разрешения",
+"casSrvMetaDataOptionsSamlValidate":"Use SAML 1.1 validation",
 "casSrvMetaDataOptionsSortNumber":"Порядок",
 "casSrvMetaDataOptionsTooltip":"Подсказка",
 "casSrvMetaDataOptionsUrl":"URL-адрес сервера",
No results found