lemonldap-ng issues
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues
2023-08-29T16:58:03Z
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2952
Unable to change password if LDAP returns PE_PP_CHANGE_AFTER_RESET and captch...
2023-08-29T16:58:03Z
Christophe Maudoux
chrmdx@gmail.com
Unable to change password if LDAP returns PE_PP_CHANGE_AFTER_RESET and captcha is enabled
### Affected version
Version: All
Platform: All
### Summary
Enable captcha and LDAP password policy with pwdReset attribute.
Reset a userPassword -> pwdReset is set to TRUE
Login -> PE_25 thrown by LDAP server
Captcha input is not...
### Affected version
Version: All
Platform: All
### Summary
Enable captcha and LDAP password policy with pwdReset attribute.
Reset a userPassword -> pwdReset is set to TRUE
Login -> PE_25 thrown by LDAP server
Captcha input is not displayed => unable to change password
![Capture_d_écran_du_2023-07-03_22-39-17](/uploads/4c84ef3dc56a7b6488db5762040a60e3/Capture_d_écran_du_2023-07-03_22-39-17.png)
Captcha is not displayed!
![Capture_d_écran_du_2023-07-03_22-40-19](/uploads/4134988b8c6788a354bc322e592ffcea/Capture_d_écran_du_2023-07-03_22-40-19.png)
![Capture_d_écran_du_2023-07-03_22-40-46](/uploads/775f7471da8f8a9a40f17ae66f8fe0a2/Capture_d_écran_du_2023-07-03_22-40-46.png)
### Logs
```
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Get configuration from cache without verification.
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:37:44 vm5704 LLNG[1252]: [info] No cookie found
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Start routing default route
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing checkUnauthLogout
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing controlUrl
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Cancel called, push authCancel calls
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Processing extractFormInfo
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Return TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca created
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Returned error: 9 (PE_FIRSTACCESS)
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Display type standardform
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Skin returned: login
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Calling sendHtml with template login
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Apply following CORS policy:
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Origin
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Credentials
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] true
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Headers
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Methods
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] POST,GET
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Expose-Headers
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Access-Control-Max-Age
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] 86400
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:37:44 vm5704 LLNG[1252]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:37:55 vm5704 LLNG[1252]: [info] No cookie found
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Start routing default route
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing checkUnauthLogout
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing restoreArgs
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing controlUrl
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Cancel called, push authCancel calls
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing extractFormInfo
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Trying to load token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Try to get TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Get session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca from Portal::Main::Run
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Return TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Good captcha response
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Captcha code verified
Jul 3 22:37:55 vm5704 LLNG[1252]: [debug] Processing getUser
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing authenticate
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Call bind for uid=173668,ou=personnes,dc=police,dc=interieur,dc=gouv,dc=fr
Jul 3 22:37:56 vm5704 LLNG[1252]: [error] Error when binding to LDAP server: Invalid credentials
Jul 3 22:37:56 vm5704 LLNG[1252]: [warn] Bad password for 173668 (10.100.160.1)
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] [warn] Bad password for 173668 (10.100.160.1)
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Return TOKEN session ef7091e69d87f73c364ea5d7e69346a73dfb0a572ef12c9f7c9c9575497caef8
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Token ef7091e69d87f73c364ea5d7e69346a73dfb0a572ef12c9f7c9c9575497caef8 created
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] -> authResult = 5
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing setSessionInfo
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing setMacros
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing setPersistentSessionInfo
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Persistent session found for 173668
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Restore persistent parameter _loginHistory
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Restore persistent parameter _updateTime
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Launching ::Plugins::BruteForceProtection::run afterSub setPersistentSessionInfo
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] -> Failed login maxAge = 2205
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Number of failed login(s) to take into account = 4
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] -> Delta = 65
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] -> Waiting time = 30
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing storeHistory
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Current login saved into failedLogin
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Current login -> 5
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Found 'whatToTrace' -> 173668
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Update 173668 persistent session
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Returned error: 5 (PE_BADCREDENTIALS)
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Returned error: 5 (PE_BADCREDENTIALS)
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Display type standardform
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Skin returned: login
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Calling sendHtml with template login
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Apply following CORS policy:
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Origin
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Credentials
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] true
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Headers
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Methods
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] POST,GET
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Expose-Headers
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] *
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Access-Control-Max-Age
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] 86400
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:37:56 vm5704 LLNG[1252]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Get configuration from cache without verification.
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:38:49 vm5704 LLNG[1252]: [info] No cookie found
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Start routing default route
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing checkUnauthLogout
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing restoreArgs
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing controlUrl
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Cancel called, push authCancel calls
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Processing extractFormInfo
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Trying to load token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Try to get TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:49 vm5704 LLNG[1252]: [notice] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/DBI.pm line 93.
Jul 3 22:38:49 vm5704 LLNG[1252]: [notice] Bad (or expired) token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:49 vm5704 LLNG[1252]: [warn] Captcha token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca isn't valid
Jul 3 22:38:49 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Return TOKEN session 09f322507d878a152dd54468ec3f5208d5b97b7e56441a508b682735ab49e2aa
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Token 09f322507d878a152dd54468ec3f5208d5b97b7e56441a508b682735ab49e2aa created
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:50 vm5704 LLNG[1252]: [warn] Captcha failed
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] [warn] Captcha failed
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Returned error: 76 (PE_CAPTCHAERROR)
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Display type standardform
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Skin returned: login
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Calling sendHtml with template login
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Apply following CORS policy:
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Origin
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] *
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Credentials
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] true
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Headers
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] *
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Methods
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] POST,GET
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Expose-Headers
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] *
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Access-Control-Max-Age
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] 86400
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:38:50 vm5704 LLNG[1252]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Get configuration from cache without verification.
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:38:53 vm5704 LLNG[41826]: [info] No cookie found
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Start routing default route
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing checkUnauthLogout
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing restoreArgs
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing controlUrl
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing code ref
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Cancel called, push authCancel calls
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing code ref
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Processing extractFormInfo
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Trying to load token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Try to get TOKEN session 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:53 vm5704 LLNG[41826]: [notice] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/DBI.pm line 93.
Jul 3 22:38:53 vm5704 LLNG[41826]: [notice] Bad (or expired) token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca
Jul 3 22:38:53 vm5704 LLNG[41826]: [warn] Captcha token 2d35939c38d7e39eca69bd6c8fe8e6701acee2872ff1c28d1e61ca234a1e5eca isn't valid
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Try to get a new TOKEN session
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Check session validity -> 900s
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Return TOKEN session fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Token fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596 created
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Prepare captcha
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:53 vm5704 LLNG[41826]: [warn] Captcha failed
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] [warn] Captcha failed
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Returned error: 76 (PE_CAPTCHAERROR)
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Display type standardform
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Skin returned: login
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Calling sendHtml with template login
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Apply following CORS policy:
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Origin
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] *
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Credentials
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] true
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Headers
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] *
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Methods
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] POST,GET
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Expose-Headers
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] *
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Access-Control-Max-Age
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] 86400
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:38:53 vm5704 LLNG[41826]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:39:31 vm5704 LLNG[1252]: [info] No cookie found
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Start routing default route
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing checkUnauthLogout
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing restoreArgs
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing controlUrl
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Cancel called, push authCancel calls
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing extractFormInfo
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Trying to load token fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Try to get TOKEN session fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Get session fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596 from Portal::Main::Run
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Return TOKEN session fd98d81668c40fd69ac011bdc4231e559039419ce42063b4fe0d54b3b0a78596
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Good captcha response
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Captcha code verified
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing getUser
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing authenticate
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Call bind for uid=173668,ou=personnes,dc=police,dc=interieur,dc=gouv,dc=fr
Jul 3 22:39:31 vm5704 LLNG[1252]: [error] Password policy error 2 for 173668
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] [error] Password policy error 2 for 173668
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Return TOKEN session 9c99d95aa4b3f790ba4d5526cbfec751cf4f858d83530ecf68335a0fcd2c17a0
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Token 9c99d95aa4b3f790ba4d5526cbfec751cf4f858d83530ecf68335a0fcd2c17a0 created
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Try to get a new TOKEN session
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Check session validity -> 900s
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Return TOKEN session d5acf9ad3db0e334fd4328968aad025f31052a24a280e644bee52487386ebf89
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Token d5acf9ad3db0e334fd4328968aad025f31052a24a280e644bee52487386ebf89 created
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Prepare captcha
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] -> authResult = 25
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing setSessionInfo
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing setMacros
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing setPersistentSessionInfo
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Persistent session found for 173668
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Restore persistent parameter _updateTime
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Restore persistent parameter _loginHistory
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Launching ::Plugins::BruteForceProtection::run afterSub setPersistentSessionInfo
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] -> Failed login maxAge = 2205
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Number of failed login(s) to take into account = 5
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] -> Delta = 95
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] -> Waiting time = 60
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing storeHistory
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Current login saved into failedLogin
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Current login -> 25
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Found 'whatToTrace' -> 173668
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Update 173668 persistent session
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Processing code ref
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Returned error: 5 (PE_BADCREDENTIALS)
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Returned error: 25 (PE_PP_CHANGE_AFTER_RESET)
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin returned: login
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Calling sendHtml with template login
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Apply following CORS policy:
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Origin
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] *
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Credentials
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] true
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Headers
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] *
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Allow-Methods
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] POST,GET
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Expose-Headers
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] *
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Access-Control-Max-Age
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] 86400
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:39:31 vm5704 LLNG[1252]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
Jul 3 22:40:01 vm5704 CRON[42207]: (root) CMD (/opt/rudder/bin/rudder agent check -q >> /var/log/rudder/agent-check/check.log 2>&1)
Jul 3 22:40:01 vm5704 CRON[42215]: (root) CMD (if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi)
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Get configuration from cache without verification.
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] VH auth.pp.sso.police.interieur.gouv.fr is HTTPS
Jul 3 22:40:22 vm5704 LLNG[41826]: [info] No cookie found
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Build URL https://auth.pp.sso.police.interieur.gouv.fr:80/?cancel=1
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Redirect 10.100.160.1 to portal (url was /?cancel=1)
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] User not authenticated, Try in use, cancel redirection
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Start routing default route
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing checkUnauthLogout
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing restoreArgs
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing controlUrl
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing code ref
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Cancel called, push authCancel calls
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing code ref
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Processing extractFormInfo
Jul 3 22:40:22 vm5704 LLNG[41826]: [warn] No response provided for Captcha::SecurityImage
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Try to get a new TOKEN session
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Check session validity -> 900s
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Return TOKEN session b5322520b9b8673206f3e24ffcb942848841aed2fef400cc5d38e7b1dc4c2775
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Token b5322520b9b8673206f3e24ffcb942848841aed2fef400cc5d38e7b1dc4c2775 created
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Prepare captcha
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:40:22 vm5704 LLNG[41826]: [warn] Captcha failed
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] [warn] Captcha failed
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Returned error: 76 (PE_CAPTCHAERROR)
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Display type standardform
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Skin returned: login
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Calling sendHtml with template login
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Skin calypsso selected from GET/POST parameter
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/calypsso/login.tpl
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Apply following CORS policy:
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Origin
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] *
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Credentials
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] true
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Headers
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] *
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Allow-Methods
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] POST,GET
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Expose-Headers
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] *
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Access-Control-Max-Age
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] 86400
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Set Strict-Transport-Security with: 15768000
Jul 3 22:40:22 vm5704 LLNG[41826]: [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
```
2.17.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2948
Manager should accept mobile-style URL in OIDC callbacks
2023-06-23T07:34:14Z
Yadd
Manager should accept mobile-style URL in OIDC callbacks
### Affected version
Version: %2.16.x
### Summary
When using a custom mobile url in authorized callbacks, Manager rejects the configuration. Example: teammail.mobile://oidc/callback
### Affected version
Version: %2.16.x
### Summary
When using a custom mobile url in authorized callbacks, Manager rejects the configuration. Example: teammail.mobile://oidc/callback
2.17.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2946
userControl regexp is not applied by authSlave
2023-09-22T13:59:59Z
Christophe Maudoux
chrmdx@gmail.com
userControl regexp is not applied by authSlave
### Affected version
Version: All
Platform: All
Slave authentication module can submit an unvalid login
### Affected version
Version: All
Platform: All
Slave authentication module can submit an unvalid login
2.17.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2945
CheckUser: Do not compute setAuthSession step for unauthenticated user
2023-12-20T10:27:43Z
Christophe Maudoux
chrmdx@gmail.com
CheckUser: Do not compute setAuthSession step for unauthenticated user
### Concerned version
Version: all
Platform: all
### Summary
Enable checkUser.
Set checkuser access rule with 'skip'.
### Concerned version
Version: all
Platform: all
### Summary
Enable checkUser.
Set checkuser access rule with 'skip'.
2.18.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2943
eduPersonTargetedID missing from Plugins::SamlFederation
2023-07-07T15:09:29Z
Maxime Besson
eduPersonTargetedID missing from Plugins::SamlFederation
when converting importMetadata to SAMLFederation.pm, special processing for eduPersonTargetedID was forgotten
when converting importMetadata to SAMLFederation.pm, special processing for eduPersonTargetedID was forgotten
2.17.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2942
Logout shouldn't fail when a OIDC/SAML partner doesn't respond
2023-06-15T10:10:58Z
Yadd
Logout shouldn't fail when a OIDC/SAML partner doesn't respond
### Affected version
Version: %2.x
Platform: any
### Summary
When using a back-channel logout system (SAML/SOAP or new OIDC Back-Channel), if host is filtered, the logout is blocked and the user receives a "timeout" page and is never...
### Affected version
Version: %2.x
Platform: any
### Summary
When using a back-channel logout system (SAML/SOAP or new OIDC Back-Channel), if host is filtered, the logout is blocked and the user receives a "timeout" page and is never disconnected
### Logs
```
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] User xguimard was granted to access to /?logout=1
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Start routing default route
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing importHandlerData
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing controlUrl
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing checkLogout
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing code ref
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Launching ::Issuer::SAML::logout
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] No SAML session found for session a7734274f64ed418e24dc663a5
dfe00ec63ec2837e50c8e82e2feeb547da89a6
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] No SAML session available into this session
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing code ref
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Launching ::Issuer::OpenIDConnect::logout
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Access Token signature algorithm: RS512
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Logout token content: {"events":{"http://schemas.openid.net/
event/backchannel-logout":{}},"iss":"https://sso.linagora.com","sid":"ROW600DdvXMLirrSV4TI0laCC99teH3A+hLDYTxf2HY","sub":"xguimard","aud":["app-canary"],"iat":1686819
416,"jti":"03V99AEL"}
[1 minute to wait...]
Jun 15 08:57:56 test-lemonldap docker/sso_auth_1[162903]: 2023/06/15 08:57:56 [error] 145#145: *12 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 46.255.204.128, server: sso.test.com, request: "GET /?logout=1 HTTP/1.1", upstream: "fastcgi://unix:/run/llng-fastcgi-server/llng-fastcgi.sock", host: "sso.test.com", referrer: "https://sso.linagora.com/"
Jun 15 08:57:56 test-lemonldap docker/sso_auth_1[162903]: 46.255.204.128 - - [15/Jun/2023:08:57:56 +0000] "GET /?logout=1 HTTP/1.1" 504 167 "https://sso.test.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/114.0"
```
2.17.0
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2939
Unexpected token type: auth_token_krb when using SSL and Kerberos in a Combin...
2023-07-06T13:39:15Z
Far Fade
Unexpected token type: auth_token_krb when using SSL and Kerberos in a Combination
### Affected version
Version: 2.16.1+ds-2 (debian 12)
Platform: Apache
### Summary
lemonldap-ng is not performing anymore Kerberos auth.
This started at the upgrade from Debian 11 to 12.
### Logs
```
[Tue Jun 13 10:05:20 2023] [LLN...
### Affected version
Version: 2.16.1+ds-2 (debian 12)
Platform: Apache
### Summary
lemonldap-ng is not performing anymore Kerberos auth.
This started at the upgrade from Debian 11 to 12.
### Logs
```
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Start routing authkrb
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Processing code ref
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Kerberos ticket received: (REMOVED_LONG_STRING)
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Set KRB5_KTNAME env to FILE:/etc/lemonldap-ng/lemonldap.keytab
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Try to get a new TOKEN session
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Return TOKEN session 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Token 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c created
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Apply following CORS policy:
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Access-Control-Allow-Origin
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] *
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Access-Control-Allow-Credentials
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] true
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Access-Control-Allow-Headers
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] *
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Access-Control-Allow-Methods
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] POST,GET
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Access-Control-Expose-Headers
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] *
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Access-Control-Max-Age
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] 86400
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] VH auth.DOMAIN is HTTPS
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [info] No cookie found
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Build URL https://auth.DOMAIN/?url=aHR0cHM6Ly93aWtpLnd3dy5mYXJmaXhlLndpbi8%3D
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Redirect 192.168.2.11 to portal (url was /?url=aHR0cHM6Ly93aWtpLnd3dy5mYXJmaXhlLndpbi8%3D)
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] User not authenticated, Try in use, cancel redirection
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Start routing default route
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Processing checkUnauthLogout
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Processing restoreArgs
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Processing controlUrl
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Required URL (param: urldc | value: https://wiki.DOMAIN/ | alias: https://wiki.DOMAIN)
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] No URL authentication level found...
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Processing code ref
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Processing extractFormInfo
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Trying to load token 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Try to get TOKEN session 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Get session 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c from Portal::Main::Run
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Return TOKEN session 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c
**[Tue Jun 13 10:05:20 2023] [LLNG:101887] [error] Unexpected token type: auth_token_krb
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Expected id: ssl
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] User: USER@DOMAIN**
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [info] Scheme "muhSSL" returned 24, trying next
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Processing extractFormInfo
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Trying to load token 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [debug] Try to get TOKEN session 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [notice] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [notice] Bad (or expired) token 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [error] Could not fetch user token 9818b834ac4a94eca9ee5595c72676c45e0c6b5432869e3bab6ea2de4eca058c
[Tue Jun 13 10:05:20 2023] [LLNG:101887] [info] Scheme "KRB" returned 24, trying next
```
I've added in the log program two lines advised by Maxime on the mailing list :
Lemonldap/NG/Portal/Auth/_Ajax.pm l.85:
# Original line
$self->logger->error( "Unexpected token type: " . $token->{type} );
# extra information
$self->logger->debug( "Expected id: ". $self->auth_id );
$self->logger->debug( "User: " . $token->{user} );
Thank you for your attention !
2.17.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2938
POST to /oauth2/token responds error 400 "This endpoint is not supposed to be...
2023-06-23T08:35:39Z
Jérémie Lesage
POST to /oauth2/token responds error 400 "This endpoint is not supposed to be called by authenticated users"
### Affected version
Version: 2.16.2
### Summary
We are trying to connect to LLNG using oauth2 API, from a vuejs application using [a keaycloak-js library](https://www.npmjs.com/package/@dsb-norge/vue-keycloak-js).
With standard flow...
### Affected version
Version: 2.16.2
### Summary
We are trying to connect to LLNG using oauth2 API, from a vuejs application using [a keaycloak-js library](https://www.npmjs.com/package/@dsb-norge/vue-keycloak-js).
With standard flow we receive a 302 from GET /oauth2/authorize, then the library try to POST to /oauth2/token to retrieve the access_token but we receive 400 Bad Request
``` json
{"error_description":"This endpoint is not supposed to be called by authenticated users","error":"invalid_request"}
```
With hybrid flow, LLNG return the access_token in the location header (`location: https://xx/portail/#access_token=xxxxxx`) so we can authenticate the application, but the library try to POST to /oauth2/token to retrieve the refresh_token and we receive also the 400 Bad Request. So every 10 seconds the application is reloading.
```
POST /oauth2/token HTTP/2
Host: xxxxxxxxxxxx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/113.0
Accept: */*
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 304
Origin: https://xxxxxxxxxxxx
Connection: keep-alive
Referer: https://xxxxxxxxxxxx/
Cookie: lemonldap=xxxxxxxxxxxxxxxxxxx
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-GPC: 1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
code=xxxx&grant_type=authorization_code&client_id=rp-pristyfront&redirect_uri=https%3A%2F%2Fxxxxxx%2Fportail%2F&code_verifier=xxxxxx
```
### Logs
We are not seeing specific error in logs.
2.17.0
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2936
this version of MariaDB doesn't yet support 'GET_LOCK in cluster (WSREP_ON=ON)
2023-11-21T08:40:16Z
Antoine Gallavardin
this version of MariaDB doesn't yet support 'GET_LOCK in cluster (WSREP_ON=ON)
### Affected version
Version: %2.16.2 ( maybe previous)
Platform: Apache and galera cluster
### Summary
After uprade our SSO stack with the following upgrade
MariaDB-server.x86_64 0:10.5.18-1.el7.centos => MariaDB-server.x86_64 0...
### Affected version
Version: %2.16.2 ( maybe previous)
Platform: Apache and galera cluster
### Summary
After uprade our SSO stack with the following upgrade
MariaDB-server.x86_64 0:10.5.18-1.el7.centos => MariaDB-server.x86_64 0:10.5.20-1.el7.centos (Galera cluster)
LL::NG 2.0.15 to LL:NG 2.16.2
We always connect on our SSO but writing configuration isn't possible anymore
### Logs
On the manager interface we get an error message :
```
Get remote configuration (localStorage unavailable). Get configuration 494. DBD::mysql::db selectrow_array failed: This version of MariaDB doesn't yet support 'GET_LOCK in cluster (WSREP_ON=ON)'
```
### Backends used
- Our storage backend is a Galera cluster 10.5.20 on centos with 5 nodes
- A limitation appears in mariadb 10.5.20 : GET_LOCK() / RELEASE_LOCK() are dropped in galera cluster mode since 10.5.20
### Possible fixes
It could be possible to insert an exception in code see :
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.0/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/_DBI.pm#L82
In order to test if MariadB is in cluster mode or not
It could be a request like "show status like 'wsrep_cluster_conf_id"' which implies the use of a cluster.
### Addition ressources
- https://mariadb.com/kb/en/mariadb-galera-cluster-known-limitations/
- https://github.com/matomo-org/matomo/issues/20752#issuecomment-1573401141
- https://mariadb.com/kb/en/mariadb-10-5-20-changelog/
2.18.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2935
importMetadata causes encoding issues when saving conf
2023-06-08T19:21:36Z
Maxime Besson
importMetadata causes encoding issues when saving conf
### Affected version
Version: 2.16.2
### Summary
* Have an accent in config (such as a comment) in File storage
* import Edugain Metadata (https://metadata.federation.renater.fr/edugain/main/main-sps-edugain-metadata.xml)
* config get...
### Affected version
Version: 2.16.2
### Summary
* Have an accent in config (such as a comment) in File storage
* import Edugain Metadata (https://metadata.federation.renater.fr/edugain/main/main-sps-edugain-metadata.xml)
* config gets double-encoded each time importMetadata is run, and ends up with a huge size
* "Wide character in print" message in stderr
#2748
2.17.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2932
unreachable LDAP server blocks initialization for too long
2023-07-19T19:18:55Z
Maxime Besson
unreachable LDAP server blocks initialization for too long
### Affected version
Version: 2.16.2
### Summary
* Configure a combination with [GoodLDAP] or [BadLDAP]
* point BadLDAP to a ldapServer that times out (ldap://1.2.3.4/)
* Try to display the portal
* There is a timeout as Auth::LDAP an...
### Affected version
Version: 2.16.2
### Summary
* Configure a combination with [GoodLDAP] or [BadLDAP]
* point BadLDAP to a ldapServer that times out (ldap://1.2.3.4/)
* Try to display the portal
* There is a timeout as Auth::LDAP and UserDB::LDAP preemptively try to connect to BadLDAP
### Possible fixes
All Auth::LDAP and UserDB::LDAP methods validate the LDAP server before doing any work. So there is no need to try to connect in the init() method.
2.17.0
dcoutadeur dcoutadeur
dcoutadeur dcoutadeur
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2931
[Security:medium] open redirection due to incorrect escape handling in URI us...
2023-09-22T14:13:30Z
Maxime Besson
[Security:medium] open redirection due to incorrect escape handling in URI userinfo
### Concerned version
Version: 2.16.2
### Summary
* Browse to http://auth.example.com/?url=aHR0cHM6Ly9oYWNrZXIuY29tXEBAdGVzdDEuZXhhbXBsZS5jb20v (https://hacker.com\@@test1.example.com/)
* LLNG detects it as test1.example.com, which is...
### Concerned version
Version: 2.16.2
### Summary
* Browse to http://auth.example.com/?url=aHR0cHM6Ly9oYWNrZXIuY29tXEBAdGVzdDEuZXhhbXBsZS5jb20v (https://hacker.com\@@test1.example.com/)
* LLNG detects it as test1.example.com, which is allowed, and sends redirect
* For some reason, browsers "correct" it to https://hacker.com/@@test1.example.com/
### Possible fixes
We should normalize the received URL before using it in redirects:
```perl
my $u = URI->new('https://hacker.com\@@test1.example.com/');
print $u; # https://hacker.com%5C@@test1.example.com
```
2.17.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2926
"Federation not found on login" SAML error when NameID not specified in request
2023-05-09T08:49:08Z
Maxime Besson
"Federation not found on login" SAML error when NameID not specified in request
### Concerned version
Version: 2.16.1
### Summary
* Configure a SAML provider with samlSPMetaDataOptionsNameIDFormat=persistent
* In metadata, "persistent" must be the first available NameID format:
``` <md:NameIDFormat>urn:oasis:na...
### Concerned version
Version: 2.16.1
### Summary
* Configure a SAML provider with samlSPMetaDataOptionsNameIDFormat=persistent
* In metadata, "persistent" must be the first available NameID format:
``` <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
```
* The SAMLRequest must not contain a NameIDFormat:
```
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_FDF33840F31FD21FE2C411BE524B3E94" Version="2.0" IssueInstant="2023-05-03T14:20:25Z" Destination="http://auth.idp.com/saml/singleSignOn" ForceAuthn="false" IsPassive="false">
<saml:Issuer>XXX</saml:Issuer>
</samlp:AuthnRequest>
```
### Logs
```
[Wed May 3 16:21:03 2023] [LLNG:699228] [warn] Lasso error code 601: Federation not found on login
[Wed May 3 16:21:03 2023] [LLNG:699228] [warn] Unable to validate SSO request message
```
### Possible fixes
When users set samlSPMetaDataOptionsNameIDFormat=persistent, we must assume that they also want AllowCreate=1. If the the NameIDFormat is not present in AuthnRequest, we must create it, and set its AllowCreate to 1 to avoid a failure when Lasso checks if federation is allowed
2.16.2
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2922
Remove | as separator for Choice configuration values
2023-08-18T16:23:59Z
Clément OUDOT
Remove | as separator for Choice configuration values
For now we accept both `;` and `|` as separator for choices configuration values, but this leads to a bug when using `|` in a value, for example when overriding an LDAP fitler.
We need to check that `|` separator is not needed anymore, ...
For now we accept both `;` and `|` as separator for choices configuration values, but this leads to a bug when using `|` in a value, for example when overriding an LDAP fitler.
We need to check that `|` separator is not needed anymore, and remove it from the code that splits the choice value.
2.17.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2920
invalid entry in SAML IDP list after logout error
2023-07-10T13:12:14Z
Maxime Besson
invalid entry in SAML IDP list after logout error
### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure Auth::SAML with a single IDP
* Some code paths in Auth/SAML.pm may lead to the following situation
![image](/uploads/935beb5d515cabd222ec...
### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure Auth::SAML with a single IDP
* Some code paths in Auth/SAML.pm may lead to the following situation
![image](/uploads/935beb5d515cabd222ec48e7e23da52a/image.png)
### Possible fixes
I was able to reproduce this issue by sending an invalid logout request:
```
# Process logout request
unless ( $self->processLogoutRequestMsg( $logout, $request ) ) {
$self->userLogger->error("Fail to process logout request");
$logout_error = 1;
}
[...]
my $idp = $logout->remote_providerID();
# IDP conf key
my $idpConfKey = $self->idpList->{$idp}->{confKey};
```
after this code, idpConfKey is not found but `$self->idpList->{$idp}` becomes defined.
That's because in Perl, reading a hash can modify it, yay!
We should probably return immediately if processLogoutRequestMsg fails
2.17.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2918
CAS issuer can't handle urn: URIs
2023-05-09T09:26:37Z
Maxime Besson
CAS issuer can't handle urn: URIs
### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
Some CAS apps (jnlp) use urn:my:app URLs, which currently don't work (PE_ERROR)
### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
Some CAS apps (jnlp) use urn:my:app URLs, which currently don't work (PE_ERROR)
In discussion
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2915
jsRedirect does not preserve GET parameter order
2023-04-17T16:21:17Z
Maxime Besson
jsRedirect does not preserve GET parameter order
### Concerned version
Version: 2.16.1
### Summary
Using the CAS issuer when jsRedirect=1 leads to random failures because redirection to the CAS application tends to swap parameter order
### Concerned version
Version: 2.16.1
### Summary
Using the CAS issuer when jsRedirect=1 leads to random failures because redirection to the CAS application tends to swap parameter order
2.16.2
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2912
Non reproducible error when redirect to another url (SAML,..)
2023-08-30T15:10:53Z
Walter Bender
Non reproducible error when redirect to another url (SAML,..)
### Concerned version
Version: %2.16.1-1 (Ubuntu)
Platform: Various
### Summary
We updated from 2.0.13 to 2.16.1 and got an non-reproducible-error when redirecting to another url (as used for SAML authentification). Some perl process...
### Concerned version
Version: %2.16.1-1 (Ubuntu)
Platform: Various
### Summary
We updated from 2.0.13 to 2.16.1 and got an non-reproducible-error when redirecting to another url (as used for SAML authentification). Some perl processes worked without problems. With higher load, we get more and more processes with "Bad URL" errors. After a restart of the service the error vanished first, but than grows up to about 50% redirection with an error message. We are not sure, what caused the error and if it's a security issue. Downgrading back to 2.0.13 solved the issue.
Hint: The same problem happenend in version 2.0.16
### Logs
```
Apr 6 18:34:05 XHOSTX LLNG[44612]: [debug] Required Params URL: URI::https=SCALAR(0x563e0fd10f40)
Apr 6 18:34:05 XHOSTX LLNG[44612]: [debug] Set CSP form-action with Params URL: URI::https=SCALAR(0x563e0fd10f40)
Apr 6 18:34:14 XHOSTX LLNG[44591]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fdd1838)
Apr 6 18:34:26 XHOSTX LLNG[44593]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fdedbb8)
Apr 6 18:36:22 XHOSTX LLNG[44589]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0e9a2e38)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Required urldc: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Set CSP form-action with urldc: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Required Params URL: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:37:59 XHOSTX LLNG[44589]: [debug] Set CSP form-action with Params URL: URI::https=SCALAR(0x563e0de5de78)
Apr 6 18:38:26 XHOSTX LLNG[44603]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fd74fd0)
Apr 6 18:39:47 XHOSTX LLNG[44589]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0e8df388)
Apr 6 18:41:17 XHOSTX LLNG[44596]: [debug] [error] Bad URL URI::https=SCALAR(0x563e0fd9eb08)
Apr 6 18:44:16 XHOSTX LLNG[44611]: [debug] [error] Bad URL URI::https=SCALAR(0x55c915768d50)
```
### Backends used
We use redis as backend
### Possible fixes
Downgrade to former version
2.17.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2909
Manager viewer uses the wrong endpoints to read conf
2023-05-09T08:55:38Z
Maxime Besson
Manager viewer uses the wrong endpoints to read conf
### Concerned version
Version: 2.16.1
### Summary
Configuring this:
```
[manager]
enabledModules = viewer, sessions, 2ndFA
defaultModule = viewer
```
does not work: the manager viewer uses GET /confs/xxx to read config values instea...
### Concerned version
Version: 2.16.1
### Summary
Configuring this:
```
[manager]
enabledModules = viewer, sessions, 2ndFA
defaultModule = viewer
```
does not work: the manager viewer uses GET /confs/xxx to read config values instead of GET /view/xxx
This is a regression in c330347f3c20dcfa7fb26ddf0bc701283c62478f
replacing confPrefix by viewPrefix in viewer.coffee seems to fix the issue
TODO:
* [x] Fix issue
* [x] Update viewer.rst doc to give a working example of vhost rules
2.16.2
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2907
Manager customCSS not available with minified files
2023-04-02T10:25:47Z
Christophe Maudoux
chrmdx@gmail.com
Manager customCSS not available with minified files
### Concerned version
Version: %2.X
Platform: All
### Summary
customCSS file is not included in manager/header.tlp
### Concerned version
Version: %2.X
Platform: All
### Summary
customCSS file is not included in manager/header.tlp
2.16.2
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com