lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-10-17T11:02:11Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1461Remember Choice and other context settings before redirecting user to an exte...2018-10-17T11:02:11ZClément OUDOTRemember Choice and other context settings before redirecting user to an external serviceThis issue is a proposal to find a better way to keep the user context before redirection on an external service.
For the moment we have a lot of code in all authentications modules to add the Choice param to the redirect URL. For examp...This issue is a proposal to find a better way to keep the user context before redirection on an external service.
For the moment we have a lot of code in all authentications modules to add the Choice param to the redirect URL. For example in LinkedIn:
```perl
# Use authChoiceParam in redirect URL
if ( $req->param( $self->conf->{authChoiceParam} ) ) {
$callback_url .= ( $callback_url =~ /\?/ ? '&' : '?' );
$callback_url .= build_urlencoded( $self->conf->{authChoiceParam} =>
$req->param( $self->conf->{authChoiceParam} ) );
}
```
We have other parameters to keep before redirecting a user:
* Origin URL (if redirection on portal was done by Handler)
* Skin
I think we should have a single step in the code that will store these values in a local session and find a common way to restore them when user is back.
This can be applied at least to these authentication backends:
* CAS
* SAML
* OpenID/OpenID Connect
* Twitter
* Facebook
* LinkedIn
Using a cookie can be a good solution.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1460Warning in Main::Process2018-06-21T15:11:00ZClément OUDOTWarning in Main::Process```
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/^Lemonldap::NG::Portal::Main=HASH(0x5611f4d93788)->conf->{ <-- HERE multiValuesSeparator}/ at /usr/share/perl5/Lemonldap/NG/Portal/Main/Pro...```
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/^Lemonldap::NG::Portal::Main=HASH(0x5611f4d93788)->conf->{ <-- HERE multiValuesSeparator}/ at /usr/share/perl5/Lemonldap/NG/Portal/Main/Process.pm line 401.
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1458Local conf backend2018-06-19T19:06:59ZYaddLocal conf backend### Summary
Some admins wants to deploy configuration using lemonldap-ng.ini only. This backend just return an empty configuration.
Advanced use only !### Summary
Some admins wants to deploy configuration using lemonldap-ng.ini only. This backend just return an empty configuration.
Advanced use only !2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1454Portal doesn't update app urls2018-06-18T16:35:46ZPaul CuriePortal doesn't update app urls### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
### Summary
Debian 9 / Apache2 mpm-prefork
login as ldap user, test app 2 is http://
go to manager, change test app 2 menu item u...### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
### Summary
Debian 9 / Apache2 mpm-prefork
login as ldap user, test app 2 is http://
go to manager, change test app 2 menu item url to https://, save, in manager the new value is here, in diff, it only show old value, no new value shown.
![Selection_155](/uploads/801e79c8f7e9771b25e83beb18bf9a92/Selection_155.png)
F5 or Ctrl+F5 on portal doesn't show new value for test app 2 url
logout/login doesn't show new value
Refresh my rights doesn't show new value
Restart apache2 service, new url is shown on portal
I can't reproduce this bug 100% of times, more like 99%, in a few cases the diff show the new value, but portal still doesn't show new url, once it did.
I tested on 1.9 with same environment/config, no need to restart apache2 to show new urls, it works 100% of times.
### Logs
llng debug log of saving the new value
```
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/?cfgNum=27
[debug] User authenticated, calling handler()
[debug] Start routing confs
[notice] User fd-admin has stored conf 28
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Configuration 28 stored.
Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Thu Jun 14 17:09:05.262461 2018] [perl:notice] [pid 17925] Request for configuration reload
[notice] Apply configuration for reload.xps.local: ok
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/latest
[debug] User authenticated, calling handler()
[debug] Start routing confs
[debug] Search for cfgNum in conf
[debug] Cfgnum set to latest
[debug] Search for cfgAuthor in conf
[debug] Cfgnum set to 28
[debug] Search for cfgDate in conf
[debug] Cfgnum set to 28
[debug] Search for cfgAuthorIP in conf
[debug] Cfgnum set to 28
[debug] Search for cfgLog in conf
[debug] Cfgnum set to 28
[debug] Search for cfgVersion in conf
[debug] Cfgnum set to 28
[info] User fd-admin ask for configuration metadatas (28)
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/28/portal
[debug] User authenticated, calling handler()
[debug] Start routing confs
[info] User fd-admin asks for key portal
[debug] Search for portal in conf
[debug] Cfgnum set to 28
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/28/domain
[debug] User authenticated, calling handler()
[debug] Start routing confs
[info] User fd-admin asks for key domain
[debug] Search for domain in conf
[debug] Cfgnum set to 28
```
### Backends used
LDAP for auth/user/password
Files for config/sessions2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1452Mouse < 2.5.1 breaks ApacheMP2 handler2019-02-06T09:10:48ZPaul CurieMouse < 2.5.1 breaks ApacheMP2 handler### Concerned version
Version: 2.0.0~alpha3+20180613130533+1994+master+stretch+olab1
Platform: Apache
### Summary
After a fresh install of the lastest llng from gitlab ppa on debian 9 with apache2, when selecting test apps as user dw...### Concerned version
Version: 2.0.0~alpha3+20180613130533+1994+master+stretch+olab1
Platform: Apache
### Summary
After a fresh install of the lastest llng from gitlab ppa on debian 9 with apache2, when selecting test apps as user dwho result in the error "Error occurs on the server" (/lmerror/500)
the same happens with an ldap user.
### Logs
```
[Wed Jun 13 19:27:30.759733 2018] [perl:error] [pid 12524:tid 139842479556352] [client 192.168.56.1:36998] Can't use an undefined value as a subroutine reference at /usr/share/perl5/Lemonldap/NG/Handler/Main/Run.pm line 376.\n
[Wed Jun 13 19:27:30.889148 2018] [perl:error] [pid 12525:tid 139842298005248] [client 192.168.56.1:37004] No package name defined for metaclass at /usr/lib/x86_64-linux-gnu/perl5/5.24/Mouse/Meta/Class.pm line 269.\n, referer: http://auth.demo.local/
```
### Backends used
Files for config/sessions
backend demo & ldap tested2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1448Full status for Nginx2018-06-13T04:16:09ZYaddFull status for Nginx### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1446No CDA redirection if already authenticated2018-06-11T12:05:13ZDejan SANADERNo CDA redirection if already authenticatedHello,
If I'm already authenticated on the main domain, I can't access a cross domain site.
If I authenticate through the cross domain site first, there is no such issue.
I've empirically pinpointed it to the following part (the CDA r...Hello,
If I'm already authenticated on the main domain, I can't access a cross domain site.
If I authenticate through the cross domain site first, there is no such issue.
I've empirically pinpointed it to the following part (the CDA redir block is not evaluated if authenticated) :
```diff
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index e32d0c027..af3f23d04 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -87,7 +87,8 @@ sub authenticatedRequest {
$req,
[
'importHandlerDatas', 'controlUrl',
- 'checkLogout', @{ $self->forAuthUser }
+ 'checkLogout', @{ $self->forAuthUser },
+ @{ $self->afterDatas },
]
);
}
```
I don't know if this change can cause some side effects, I've not witnessed any yet.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1445Let's stop french manager doc translation2018-06-25T11:45:22ZYaddLet's stop french manager doc translationHi all,
I think we should stop french doc translation:
1. it needs a lot of job and we have no time to do it *(less than 30% translated today…)*
2. this doc isn't online
3. administrators of this type of software are used to reading Engl...Hi all,
I think we should stop french doc translation:
1. it needs a lot of job and we have no time to do it *(less than 30% translated today…)*
2. this doc isn't online
3. administrators of this type of software are used to reading English documentation
4. OmegaT isn't easy to use
5. I haven't found better software to translate plain HTML
@clement\_oudot, @maudoux : Please send your advice below2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1441/saml/metadata route not working2018-06-08T12:33:31ZChristian Bayle/saml/metadata route not workingThe /saml/metadata route is not working anymore
It was few days ago. No error in the log in debug mode
I use lemonldap-ng from master with builded stretch packageThe /saml/metadata route is not working anymore
It was few days ago. No error in the log in debug mode
I use lemonldap-ng from master with builded stretch package2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1440CDA init failure2018-06-06T15:00:40ZDejan SANADERCDA init failureHello,
I've tried enabling CDA on a remote Handler following :
https://lemonldap-ng.org/documentation/2.0/soapminihowto
https://lemonldap-ng.org/documentation/2.0/cda
Access to the protected cross domain generates 500 errors :
```Can...Hello,
I've tried enabling CDA on a remote Handler following :
https://lemonldap-ng.org/documentation/2.0/soapminihowto
https://lemonldap-ng.org/documentation/2.0/cda
Access to the protected cross domain generates 500 errors :
```Can't locate object method "init" via package "Lemonldap::NG::Handler::Lib::CDA" at /usr/share/perl5/Lemonldap/NG/Handler/Lib/CDA.pm line 51```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1439Client Handler trips on empty values in SOAP config2018-06-01T15:20:42ZDejan SANADERClient Handler trips on empty values in SOAP configHello,
After enabling access to the global configuration through SOAP, the handler outputs 500 errors with the following detail :
```Can't use string ("") as a HASH ref while "strict refs" in use at /usr/share/perl5/Lemonldap/NG/Handle...Hello,
After enabling access to the global configuration through SOAP, the handler outputs 500 errors with the following detail :
```Can't use string ("") as a HASH ref while "strict refs" in use at /usr/share/perl5/Lemonldap/NG/Handler/Main/Reload.pm line 352```
The script trips on empty values (`=> ''`) in the configuration.
Commenting `use strict;` helped circumventing the error.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1429Use cached configuration when configuration database isn't available2018-05-25T12:47:22ZYaddUse cached configuration when configuration database isn't available### Summary
LLNG caches configuration. If configuration backend isn't available, all LLNG services fails. The goal of this feature is to start LLNG with cached configuration. Of course an error has to be displayed.### Summary
LLNG caches configuration. If configuration backend isn't available, all LLNG services fails. The goal of this feature is to start LLNG with cached configuration. Of course an error has to be displayed.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1428Provide better logs with Nginx2018-05-22T16:41:12ZYaddProvide better logs with Nginx### Summary
In 1.9.*, Nginx doesn't log user id in access.log for LLNG applications (portal and manager). This is fixed in %"2.0.0" (commit 5493626)### Summary
In 1.9.*, Nginx doesn't log user id in access.log for LLNG applications (portal and manager). This is fixed in %"2.0.0" (commit 5493626)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1427Alternative FastCGI-Client handler for Apache22018-05-22T16:44:40ZYaddAlternative FastCGI-Client handler for Apache2### Summary
Propose an alternative handler to be used to query a LLNG FastCGI server. It will permit to insert an Apache in a [LLNG SSOaaS infrastructure](https://lemonldap-ng.org/documentation/2.0/ssoaas)### Summary
Propose an alternative handler to be used to query a LLNG FastCGI server. It will permit to insert an Apache in a [LLNG SSOaaS infrastructure](https://lemonldap-ng.org/documentation/2.0/ssoaas)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1422CAS renew + Auth Choice leads to empty page2018-05-20T07:17:14ZClément OUDOTCAS renew + Auth Choice leads to empty pageWhen testing CAS renew parameter and Auth Choice, we end up on an empty page:
![Screenshot-2018-5-14_Authentication_portal](/uploads/ba05ec271386be58e6fa0e1f2efd1aac/Screenshot-2018-5-14_Authentication_portal.png)
We should instead be ...When testing CAS renew parameter and Auth Choice, we end up on an empty page:
![Screenshot-2018-5-14_Authentication_portal](/uploads/ba05ec271386be58e6fa0e1f2efd1aac/Screenshot-2018-5-14_Authentication_portal.png)
We should instead be able to reauthenticate2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1419Dispatch logger2018-05-11T15:25:15ZYaddDispatch logger### Summary
Logger to dispatch logs in different loggers depending on log level### Summary
Logger to dispatch logs in different loggers depending on log level2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1418Sentry Logger (experimental)2018-05-26T01:36:41ZDave ConroySentry Logger (experimental)### Summary
Add Sentry Logging Capability to the core of LLNG
### Design proposition
Sentry is an open source exception tracker located at https://sentry.io that is useful for trapping errors or exceptions for a team as opposed to sif...### Summary
Add Sentry Logging Capability to the core of LLNG
### Design proposition
Sentry is an open source exception tracker located at https://sentry.io that is useful for trapping errors or exceptions for a team as opposed to sifting through logs. We've found it to be very useful on some production sites, and I was wondering the possibility of integrating the Perl Module into LLNG.
https://docs.sentry.io/clients/perl/2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1417Better 2FA screen for end users2018-05-08T12:45:57ZClément OUDOTBetter 2FA screen for end usersTrying to use 2FA management skins, when key display is diabled we have a page with big blank zone:
![Screenshot-2018-5-6_Authentication_portal](/uploads/50ca56be14b75a4a64694e758887ee02/Screenshot-2018-5-6_Authentication_portal.png)
O...Trying to use 2FA management skins, when key display is diabled we have a page with big blank zone:
![Screenshot-2018-5-6_Authentication_portal](/uploads/50ca56be14b75a4a64694e758887ee02/Screenshot-2018-5-6_Authentication_portal.png)
Other issue, I don't see where we can remove the key (the option is enabled in Manager, but no button is shown).2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1414JS error in sessions explorer2018-05-08T21:17:13ZClément OUDOTJS error in sessions explorer### Concerned version
Version: 2.0
### Summary
When trying to display a session in sessions explorer I go a JS error. This is working for persistent sessions.
### Logs
```
Error: t[J].match is not a function
q@https://manager.openid...### Concerned version
Version: 2.0
### Summary
When trying to display a session in sessions explorer I go a JS error. This is working for persistent sessions.
### Logs
```
Error: t[J].match is not a function
q@https://manager.openid.club/static/js/sessions.min.js:1:4190
p.displaySession/<@https://manager.openid.club/static/js/sessions.min.js:1:5529
e/<@https://manager.openid.club/static/bwr/angular/angular.min.js:132:434
$eval@https://manager.openid.club/static/bwr/angular/angular.min.js:147:65
$digest@https://manager.openid.club/static/bwr/angular/angular.min.js:144:123
$apply@https://manager.openid.club/static/bwr/angular/angular.min.js:147:361
l@https://manager.openid.club/static/bwr/angular/angular.min.js:99:192
K@https://manager.openid.club/static/bwr/angular/angular.min.js:103:376
tg/</N.onload@https://manager.openid.club/static/bwr/angular/angular.min.js:104:338
```
### Backends used
* Web Server: Apache
* Sessions: Apache::Session::File2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1401History not well managed by 2F engine2018-03-21T19:48:37ZYaddHistory not well managed by 2F engineVersion: 2.0Version: 2.02.0.0YaddYadd