lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-06-25T08:44:50Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1425CAS gateway mode2018-06-25T08:44:50ZClément OUDOTCAS gateway modeIn CAS protocol, if we use gateway=true, if the user is not authenticated, we should not stop on login form but redirect to CAS service without ticket.
This was working in 1.9 but not in 2.0.In CAS protocol, if we use gateway=true, if the user is not authenticated, we should not stop on login form but redirect to CAS service without ticket.
This was working in 1.9 but not in 2.0.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1431OIDC consents not well stored in session / displayed in portal2020-11-28T12:05:15ZClément OUDOTOIDC consents not well stored in session / displayed in portalSee ![Screenshot-2018-5-24_Authentication_portal](/uploads/119ca37100f88745d5a5e198e9c599cc/Screenshot-2018-5-24_Authentication_portal.png)See ![Screenshot-2018-5-24_Authentication_portal](/uploads/119ca37100f88745d5a5e198e9c599cc/Screenshot-2018-5-24_Authentication_portal.png)2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1449Error in SAML SOAP SLO2018-06-30T06:43:22ZClément OUDOTError in SAML SOAP SLOLogs:
```
[info] No cookie found
[debug] Build URL https://auth.openid.club/saml/singleLogoutSOAP
[debug] Redirect 81.250.130.213 to portal (url was /saml/singleLogoutSOAP)
[debug] User not authenticated, Try in use, cancel redirection
[...Logs:
```
[info] No cookie found
[debug] Build URL https://auth.openid.club/saml/singleLogoutSOAP
[debug] Redirect 81.250.130.213 to portal (url was /saml/singleLogoutSOAP)
[debug] User not authenticated, Try in use, cancel redirection
[debug] Start routing saml
[debug] URL /saml/singleLogoutSOAP detected as an SLO URL
[debug] SAML method: HTTP-SOAP
[debug] HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutRequest ID="_D8BE91A18DBF1A0E39126D5F5C9C334F" Version="2.0" IssueInstant="2018-06-12T14:09:26Z" Destination="https://auth.openid.club/saml/singleLogoutSOAP"><saml:Issuer>http://auth.example.com/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_D8BE91A18DBF1A0E39126D5F5C9C334F">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>QL0hbUrxYkjJ1nriazjbecV0/jw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>dUinvXMdWwSdncUyJnsZaaDgWIhqB8oL1LQ2nRrJhFZWYPT/+nLaxf3TR4Y3u/Op
Z17apn3ziOnVM5baCplHp6c/5tQg4cUK0ToMOi5niK9e6XgFi2lJ8K16euoykpFk
B570kxzbqq222CHc/Mblm/QjMgVQkK/VITbMVfgn8HdL+B69xLydya6gJb/pKH2f
peDmk/FDAhwJoedFHScGcksljKEQq0BqzdmIR9bUOMZx1J+mX9NyMUrNDCPHJQgv
RASg4vVXuNYLodsLjHvcfDH0pwJ5E5h6Kx4BYpY+XuB2mh22nUiSNtRnnjKtMuIu
07YDQm3ujnix7xQ8p27Xfg==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>
kkxNhKZRa3SyMsK5fuGG7Uc/wDCRomk7x46dfmtgON8I7jABnWTzs38acdMI6JNC
xTEZ9BFTgcott5rCrvXJlg9u/JJxy3alT5HqJXV+AXw/6YIDiBkWO4Ow/NAKjqFM
S7wt2iPimdB/NzCC5lD3jTVrpsAR7TcaSLpnwP25WSK0TnvMXxUjVub3kxyf4+BX
ylKC+xAcphrSrwgcpwsGDvKpl66/jAEB7IP21ijUqY35UeMaaNVpajOsgGzTmqXK
P3U6L3YcVONi4v0tSM2ne1gIlmG8fS2xye9ns8ZuTEVk3DlHO5Zs4FaEb57GV1eD
Rxko/uJF7QWmWvUPeUPEcQ==
</Modulus>
<Exponent>
AQAB
</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">clement@oodo.net</saml:NameID><samlp:SessionIndex>02e3a70e5ea92083b236d97b030e2f55</samlp:SessionIndex>
</samlp:LogoutRequest></s:Body></s:Envelope>
[debug] SLO: Logout request is valid
[debug] Found entityID http://auth.example.com/saml/metadata in SAML message
[debug] http://auth.example.com/saml/metadata match ader-sfl SP in configuration
[debug] Get session id 43b011e743a811673980ca2d6c23457b (from session index 02e3a70e5ea92083b236d97b030e2f55)
[debug] Try to get SSO session 43b011e743a811673980ca2d6c23457b
[debug] Return SSO session 43b011e743a811673980ca2d6c23457b
[debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
<NidAndSessionIndex ProviderID="http://auth.example.com/saml/metadata" AssertionID="_C6F75D428CAC49D6C9004D0CA3BDBFB6" SessionIndex="02e3a70e5ea92083b236d97b030e2f55">
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">clement@oodo.net</saml:NameID>
</NidAndSessionIndex>
</Session>
[debug] Lasso Session loaded
[debug] Signature is valid
[debug] Destination https://auth.openid.club/saml/singleLogoutSOAP found in SAML message
[debug] Destination match URL https://auth.openid.club/saml/singleLogoutSOAP
[debug] Retrieve SAML session f7177e5995c85ad8b518010c5a3b8180
[debug] SAML session f7177e5995c85ad8b518010c5a3b8180 deleted
[debug] Processing code ref
[debug] Processing code ref
[debug] Processing code ref
[debug] Processing code ref
[debug] No CAS session found for session 43b011e743a811673980ca2d6c23457b
[debug] Processing code ref
[debug] Processing code ref
[debug] Processing deleteSession
[debug] Try to get SSO session 43b011e743a811673980ca2d6c23457b
[debug] Return SSO session 43b011e743a811673980ca2d6c23457b
[debug] Local handler logout
[notice] User coudot has been disconnected
[debug] Session 43b011e743a811673980ca2d6c23457b deleted from global storage
[debug] Returned error: 47
[debug] Calling autoredirect
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0"/>
[debug] SOAP response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutResponse ID="_05545D8FD79B02929AFCFC1AC73EBA0B" InResponseTo="_D8BE91A18DBF1A0E39126D5F5C9C334F" Version="2.0" IssueInstant="2018-06-12T14:09:26Z"><saml:Issuer>https://auth.openid.club/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_05545D8FD79B02929AFCFC1AC73EBA0B">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>ztM0STN4rZ07Wjoh85Ti/FWFWk8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Vwv9WLlrPPFrg6jdGQjgorfHBziq947nDvCcTlW1LUQA8wdbT8h2gmLC8h97wbFX
uNIrWBAOB9G2ryRv4f4LHhxeogl3Ljsu2V9LHadYrxbE8lVadePJMrwOrg5YtOU/
Xi8YTua3Ao3i1pVZ2TuAYGOVFvhTC0bgVqC30bevVhOAkpxVh1QIbcqu9+asXdps
IsMtkhPwPNm7fXBFd6Tqfcb+loZX2+qdyc3nyK70gEbI/M6jV+6NOxuyNHrjwFRr
K12SZBA58YUiAKzUAHXVLDe0wz1EPZS2PYrKH1PVBeTQTUDeD2ilyN3m+HN83jlk
7Odfj53BY6Nswi97W+ZW/g==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDQDCCAigCCQDPU9MLFZJbWTANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJG
UjETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UEBwwETHlvbjEUMBIGA1UECgwL
T3BlbklEIENsdWIxGTAXBgNVBAMMEGF1dGgub3BlbmlkLmNsdWIwHhcNMTYwMjAx
MTU1NzQ4WhcNMjYwMTI5MTU1NzQ4WjBiMQswCQYDVQQGEwJGUjETMBEGA1UECAwK
U29tZS1TdGF0ZTENMAsGA1UEBwwETHlvbjEUMBIGA1UECgwLT3BlbklEIENsdWIx
GTAXBgNVBAMMEGF1dGgub3BlbmlkLmNsdWIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCocpKK4XMtIB7Wds1SPzJmEO4JnNNwoQ6cWT6TQazmOBynxNB/
rk/LjMC4TFJWHCnX/VYUahwPOnv7gmxB9mSgVspCV8AAiKeySJHqN/fRI2thA/Vv
P1cQa+mADlMVinQTHHr9hcTfjOCKwuIj8w4r52oYgTfWcgOss11IWDFbKW2kgJ2K
f8dUUy4TDblcl0hdbBw4sZdySYE8zIY1nt0KkqzNR3EFREUYcRZAsYv8weTbOCOR
bT84FWY/RosAb+Vhj11MsoTUrz8MVJ2KCTygbGYHYjcWgYDNOrqzDJjtkmB7pUE0
Jix/rHef0BkR5rJAFIizzkVMgldEnyERyfdBAgMBAAEwDQYJKoZIhvcNAQELBQAD
ggEBAHEle4w7HtVxrjiXOLkrXVGuD8INbdWoHLfVT+lE73A/uL+L+cCH1CWnB3JD
sn5W/0GD6vi85KY+ZSjQ7FaqGKeARYt+w2M5sYHysfLPztOw0IZLTYuOdDdOUTO7
U4wfidmxNnAHC30gCHH1SpfZ1/wxeW4Dn3BftFlelQRstz88o8Vf9dtv0K/LQpbe
ge4zD/HYKyu2voMCI1A1Wj+lrG0TSVIML24lrfP5DHfZeE2Scln5MdZjztKmMthb
4HEXF3zatGKaepuUZTT+3VU9NZyN/fMcRgNe65YSE9rAyA0Gu2/rGg3E9PbgxyFv
UQjBaidULEoGTRxqMIfed77zTjE=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
[info] No cookie found
[debug] Build URL https://auth.openid.club/saml/singleLogoutSOAP
[debug] Redirect 81.250.130.213 to portal (url was /saml/singleLogoutSOAP)
[debug] User not authenticated, Try in use, cancel redirection
[debug] Start routing saml
[debug] URL /saml/singleLogoutSOAP detected as an SLO URL
[debug] SAML method: HTTP-SOAP
[debug] HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutRequest ID="_A62C5FF94A7B5DE2889923685D4C50B8" Version="2.0" IssueInstant="2018-06-12T14:09:26Z" Destination="https://auth.openid.club/saml/singleLogoutSOAP"><saml:Issuer>http://auth.example.com/saml/metadata</saml:Issuer><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">clement@oodo.net</saml:NameID><samlp:SessionIndex>02e3a70e5ea92083b236d97b030e2f55</samlp:SessionIndex>
</samlp:LogoutRequest></s:Body></s:Envelope>
[debug] SLO: Logout request is valid
[debug] Found entityID http://auth.example.com/saml/metadata in SAML message
[debug] http://auth.example.com/saml/metadata match ader-sfl SP in configuration
[warn] SAML session 02e3a70e5ea92083b236d97b030e2f55 isn't yet available
[Tue Jun 12 16:09:26.711616 2018] [fcgid:warn] [pid 60891] [client 81.250.130.213:48200] mod_fcgid: stderr: Can't use string ("59") as an ARRAY ref while "strict refs" in use at /usr/share/perl5/Lemonldap/NG/Handler/PSGI/Try.pm line 74.
[info] Session 43b011e743a811673980ca2d6c23457b can't be retrieved
[info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1451CAS service ticket not validated with Choice + CAS client2018-06-13T10:25:19ZClément OUDOTCAS service ticket not validated with Choice + CAS clientLL::NG configured with Choice and CAS client
The initial service value when requesting ST is https://auth.openid.club/?lmAuth=8CAS, but the service valued when calling serviceValidate is https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CA...LL::NG configured with Choice and CAS client
The initial service value when requesting ST is https://auth.openid.club/?lmAuth=8CAS, but the service valued when calling serviceValidate is https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS.
Logs on CAS server (LL::NG 1.9):
```
[Wed Jun 13 11:29:03.436694 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Get service validate request with ticket ST-a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b for service https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS
[Wed Jun 13 11:29:03.439241 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: SERVICE ticket session a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b found
[Wed Jun 13 11:29:03.444351 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(114): /usr/share/perl5/Lemonldap/NG/Portal/IssuerDBCAS.pm 317:
[Wed Jun 13 11:29:03.444472 2018] [perl:error] [pid 2083:tid 140310743086848] Submitted service https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS does not match initial service https://auth.openid.club/?lmAuth=8CAS
[Wed Jun 13 11:29:03.465267 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: CAS session a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b deleted
[Wed Jun 13 11:29:03.465508 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Return CAS service validate error INVALID_SERVICE (Submitted service does not match initial service)
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1453Error when displaying CAS servers list2018-06-14T09:53:20ZClément OUDOTError when displaying CAS servers listLogs:
```
[debug] Processing extractFormInfo
[debug] Redirecting user to CAS server list
[debug] Returned error: 42
[debug] Display: confirm detected
[debug] Skin returned: confirm
[debug] Calling sendHtml with template confirm
[debug] S...Logs:
```
[debug] Processing extractFormInfo
[debug] Redirecting user to CAS server list
[debug] Returned error: 42
[debug] Display: confirm detected
[debug] Skin returned: confirm
[debug] Calling sendHtml with template confirm
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[warn] [anonymous] Unable to load template: HTML::Template::param() : attempt to set parameter 'list' with a scalar - parameter is not a TMPL_VAR! at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 268.
[error] Error 500: Unable to load template: HTML::Template::param() : attempt to set parameter 'list' with a scalar - parameter is not a TMPL_VAR! at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 268.
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1462RPM packages for 2.02018-11-29T14:42:48ZClément OUDOTRPM packages for 2.0RPM packages needed for 2.0RPM packages needed for 2.02.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1465Enhance IDP selection2018-11-19T22:09:59ZClément OUDOTEnhance IDP selectionWe need a dedicated template for IDP selection, to keep confirm template for confirmation steps.
We should also have the same features for all protocols (CAS/SAML/OIDC):
* Automatic redirection when only one IDP available
* No timer whe...We need a dedicated template for IDP selection, to keep confirm template for confirmation steps.
We should also have the same features for all protocols (CAS/SAML/OIDC):
* Automatic redirection when only one IDP available
* No timer when redirecting to IDP (or make it configurable)
* IDP preslection rule
* Icon configuration2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1478SAML Discovery Protocol (WAYF)2018-11-20T21:50:57ZClément OUDOTSAML Discovery Protocol (WAYF)There is a discovery protocol in SAML different from the Common Domain Cookie specification: https://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf
This protocol is used for example by Renater WAYF: h...There is a discovery protocol in SAML different from the Common Domain Cookie specification: https://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf
This protocol is used for example by Renater WAYF: https://discovery.renater.fr/renater/WAYF
We need to support it in LemonLDAP::NG.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1480Choice URL and CSP on form-action2018-08-29T05:54:37ZClément OUDOTChoice URL and CSP on form-actionWhen we define an URL in a choice module, the CSP on form-action prevent to post on this URL.
It seems we don't have any parameter to manage CSP on form-action.When we define an URL in a choice module, the CSP on form-action prevent to post on this URL.
It seems we don't have any parameter to manage CSP on form-action.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1502Server error when SAML metadata parsing not possible2018-09-11T09:07:46ZClément OUDOTServer error when SAML metadata parsing not possibleIf we have some metadata that are not compliant to Lasso parser, we return a server error (Error 500).
As SAML metadata parsing occurs at init, we can't display the portal anymore. I suggest we just set a warn log message and let the po...If we have some metadata that are not compliant to Lasso parser, we return a server error (Error 500).
As SAML metadata parsing occurs at init, we can't display the portal anymore. I suggest we just set a warn log message and let the portal end its process.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1503RENATER metadata download script2018-11-08T14:48:33ZClément OUDOTRENATER metadata download scriptWhen using SAML with RENATER (or eduGAIN), we need to download metadata of all registered partners and configure them inside LL:NG. Unless this, the WAYF (see #1478) is not working, as the selected partner is not registered.
Technical d...When using SAML with RENATER (or eduGAIN), we need to download metadata of all registered partners and configure them inside LL:NG. Unless this, the WAYF (see #1478) is not working, as the selected partner is not registered.
Technical details for script implementation: https://services.renater.fr/federation/technique/metadata2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1512Option to choose which SAML attribute will be used as "user" key2018-10-02T15:21:03ZClément OUDOTOption to choose which SAML attribute will be used as "user" keyFor the moment, we use the NameID value as "user" key, which can be a problem to use it as pivot on another userDB.
We need an option to choose which SAML attribute will be used as "user" key.For the moment, we use the NameID value as "user" key, which can be a problem to use it as pivot on another userDB.
We need an option to choose which SAML attribute will be used as "user" key.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1524The choice is not saved in $req-data2018-10-16T15:26:00ZClément OUDOTThe choice is not saved in $req-dataWe have some code to read $req->data->{_authChoice} but this data is never set.We have some code to read $req->data->{_authChoice} but this data is never set.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1528Issuer CAS redirect on bad service URL2018-11-15T09:38:22ZClément OUDOTIssuer CAS redirect on bad service URLWhen service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).When service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1530AD Password module is missing2018-10-29T17:35:44ZClément OUDOTAD Password module is missingThe Portal/Password/AD.pm module is missingThe Portal/Password/AD.pm module is missing2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1531LDAP parameters are dropped if authentication backend is AD2018-10-29T16:04:52ZClément OUDOTLDAP parameters are dropped if authentication backend is ADIf we choose AD as authentication backend, all LDAP parameters are dropped.If we choose AD as authentication backend, all LDAP parameters are dropped.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1534Provide ipAddr in $req->env for rules2018-11-09T11:05:49ZClément OUDOTProvide ipAddr in $req->env for rulesWe had in 1.9 the $ipAddr that could be used in rules, we need the same in 2.0.We had in 1.9 the $ipAddr that could be used in rules, we need the same in 2.0.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1542Provide sessions attributes in template2018-11-15T10:54:39ZClément OUDOTProvide sessions attributes in templateFor customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can ca...For customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can call this in template:
```html
<TMPL_VAR NAME="session_cn">
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1544Issue with CDA2018-11-15T14:17:27ZClément OUDOTIssue with CDAThe CDA does not seem to work:
```
[debug] CDA request
[debug] Try to get a new CDA session
[debug] Check session validity -> 700s
[debug] Return CDA session 9ebd303f7932ba327369cc887d02c33e
[debug] Update sessionInfo _utime with 154228...The CDA does not seem to work:
```
[debug] CDA request
[debug] Try to get a new CDA session
[debug] Check session validity -> 700s
[debug] Return CDA session 9ebd303f7932ba327369cc887d02c33e
[debug] Update sessionInfo _utime with 1542288651
[debug] Update sessionInfo cookie_value with 2b36c148951a7ab6673a5deb044c7b35
[debug] Update sessionInfo cookie_name with lemonldap
[debug] Try to get SSO session 9ebd303f7932ba327369cc887d02c33e
[debug] Get session 9ebd303f7932ba327369cc887d02c33e from Portal::Main::Run
[debug] Check session validity -> 700s
[debug] Return SSO session 9ebd303f7932ba327369cc887d02c33e
[debug] CDA redirection to https://test1.openid.cda/?lemonldapcda=9ebd303f7932ba327369cc887d02c33e
[debug] Processing code ref
[debug] Launching ::Plugins::Notifications::checkNotifDuringAuth
[debug] Processing code ref
[debug] Launching ::Plugins::History::run
[debug] Processing code ref
[debug] Launching ::Password::Choice::_endAuth
[debug] Unable to find enabledMods2 in this context: endAuth
[debug] Processing code ref
[debug] Cleaning pdata
[debug] Calling autoredirect
[debug] Building redirection to https://test1.openid.cda/?lemonldapcda=9ebd303f7932ba327369cc887d02c33e
[Thu Nov 15 14:30:51.295452 2018] [perl:debug] [pid 102179] Check configuration for Lemonldap::NG::Handler::ApacheMP2::Main
[Thu Nov 15 14:30:51.296960 2018] [perl:debug] [pid 102179] Lemonldap::NG::Common::Conf::Backends::File loaded.\nGet configuration from cache without verification.
[Thu Nov 15 14:30:51.297064 2018] [perl:debug] [pid 102179] Get configuration 285
[Thu Nov 15 14:30:51.297186 2018] [perl:info] [pid 102179] Loading configuration 285 for process 102179
[Thu Nov 15 14:30:51.297271 2018] [perl:debug] [pid 102179] Process 102179 calls defaultValuesInit
[Thu Nov 15 14:30:51.297430 2018] [perl:debug] [pid 102179] Options maintenance for vhost test1.openid.cda: 0
[Thu Nov 15 14:30:51.297538 2018] [perl:debug] [pid 102179] Process 102179 calls jailInit
[Thu Nov 15 14:30:51.299478 2018] [perl:debug] [pid 102179] Process 102179 calls portalInit
[Thu Nov 15 14:30:51.299620 2018] [perl:debug] [pid 102179] Process 102179 calls locationRulesInit
[Thu Nov 15 14:30:51.300857 2018] [perl:debug] [pid 102179] Process 102179 calls sessionStorageInit
[Thu Nov 15 14:30:51.304438 2018] [perl:debug] [pid 102179] Process 102179 calls headersInit
[Thu Nov 15 14:30:51.305920 2018] [perl:debug] [pid 102179] Process 102179 calls postUrlInit
[Thu Nov 15 14:30:51.306030 2018] [perl:debug] [pid 102179] Process 102179 calls aliasInit
[Thu Nov 15 14:30:51.306153 2018] [perl:debug] [pid 102179] Lemonldap::NG::Handler::ApacheMP2::Main: configuration is up to date
[Thu Nov 15 14:30:51.307165 2018] [perl:debug] [pid 102179] CDA request with id 9ebd303f7932ba327369cc887d02c33e
[Thu Nov 15 14:30:51.308751 2018] [perl:debug] [pid 102179] Get CDA session 9ebd303f7932ba327369cc887d02c33e
[Thu Nov 15 14:30:51.309846 2018] [perl:debug] [pid 102179] Build URL https://test1.openid.cda/
[Thu Nov 15 14:30:51.310001 2018] [perl:error] [pid 102179] [client 92.184.112.17:43320] Undefined subroutine &Lemonldap::NG::Handler::Lib::CDA::expires called at /usr/share/perl5/Lemonldap/NG/Handler/Lib/CDA.pm line 44.\n, referer: https://auth.openid.club/
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1553Read timeout when configuration reload is too long2018-11-26T13:18:26ZClément OUDOTRead timeout when configuration reload is too longWhen we have a big configuration (for example after loading all IDPs of Renater), the reload is a little longer.
In this case after saving a configuration, we have :
```
[notice] Apply configuration for 134.158.39.71: ok
[error] Apply c...When we have a big configuration (for example after loading all IDPs of Renater), the reload is a little longer.
In this case after saving a configuration, we have :
```
[notice] Apply configuration for 134.158.39.71: ok
[error] Apply configuration for 134.158.39.70: error 500 (read timeout)
Status : [
{
'134.158.39.70' => 'Error 500 (read timeout)',
'134.158.39.71' => 'OK'
}
];
```
We should be able to adjust timeout value for reload.2.0.0Clément OUDOTClément OUDOT