lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2019-12-20T13:48:12Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2038Missing type attribute in 2FA HTML inputs2019-12-20T13:48:12ZClément OUDOTMissing type attribute in 2FA HTML inputsIn our HTML templates, the type attribute is missing in code input. This is not a problem for most of browsers but can lead to display bugs on some of them.
```html
<input name="code" value="" class="form-control" id="extcode" trplaceho...In our HTML templates, the type attribute is missing in code input. This is not a problem for most of browsers but can lead to display bugs on some of them.
```html
<input name="code" value="" class="form-control" id="extcode" trplaceholder="code" autocomplete="off" />
```2.0.7Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2018After temporary ldap failure, ldap connections stop working forever2019-11-20T20:03:03ZMaxime BessonAfter temporary ldap failure, ldap connections stop working forever### Concerned version
Version: 2.0.6
Platform: Nginx
### Summary
* Configure LDAP auth and UserDB
* Stop LDAP server
* Try to login => Unable to connect to LDAP server
* Start LDAP server again
* Try to login => *Unable to connect to...### Concerned version
Version: 2.0.6
Platform: Nginx
### Summary
* Configure LDAP auth and UserDB
* Stop LDAP server
* Try to login => Unable to connect to LDAP server
* Start LDAP server again
* Try to login => *Unable to connect to LDAP server*
### Logs
```
LLNG[9918]: [debug] Processing getUser
LLNG[9918]: [debug] Returned error: 6 (PE_LDAPCONNECTFAILED)
```2.0.7Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2013Handler, yum install2020-04-24T16:46:57ZGrégory ROYHandler, yum installHello,
### Concerned version
Version: 2.0.6
Platform: RH7 / CentOS7
### Summary
these dependencies are missing when installing the package "lemonldap-ng-handler" via yum
- perl-LWP-Protocol-https
- perl-Cache-Cache
- perl-Apache-S...Hello,
### Concerned version
Version: 2.0.6
Platform: RH7 / CentOS7
### Summary
these dependencies are missing when installing the package "lemonldap-ng-handler" via yum
- perl-LWP-Protocol-https
- perl-Cache-Cache
- perl-Apache-Session-Browseable
Regards,
Greg2.0.7Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2012Several issues with notification system2019-12-20T20:59:29ZChristophe Maudouxchrmdx@gmail.comSeveral issues with notification system### Concerned version
Version: %2.0.X
Platform: Nginx/PG
### Summary
With REST notification server, we can create some notifications with a single request (tested with 10,000!) like this :
curl -k -X POST -H "Content-Type: applicati...### Concerned version
Version: %2.0.X
Platform: Nginx/PG
### Summary
With REST notification server, we can create some notifications with a single request (tested with 10,000!) like this :
curl -k -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d @notif.json https://auth.example.com:19876/notifications
```
vi notif.json
[{
"uid": "dwho",
"date": "2019-11-15",
"reference": "ABC1",
"title": "You have new authorizations",
"subtitle": "Application 1",
"text": "You have been granted to access to appli-1",
"check": ["I agree"]
},
{
"uid": "rtyler",
"date": "2019-11-15",
"reference": "ABC2",
"title": "You have new authorizations",
"subtitle": "Application 1",
"text": "You have been granted to access to appli-1",
"check": ["I agree"]
}]
```
![Capture_d_écran_2019-11-15_20-58-10](/uploads/198286d8dac41183ef162308ac3be404/Capture_d_écran_2019-11-15_20-58-10.png)
#
1/ Notification messages are merged. Dispatch notification body for each uid => done, tested
2/ Allow a non array ref if only one checkbox is required => done, tested
3/ Display condition is not checked with JSON format => fixed, tested
4/ Date condition is not checked (both JSON & XML format) => done, tested
5/ XML dependencies are not tested when old format is enabled => fixed
6/ Append a default condition to notifications created with server => done, tested (works only with JSON)
7/ Append an overScheme to prevent a browser crash when displaying notifications => done
8/ Append total of enabled/done notifications => done
9/ Toggle does not work => fixed
10/ Check only active notifications at log in process => done, tested
11/ Prevent to set time when notifications are inserted with server => done, tested
12/ Append API to retrieve all pending and existing notifications with a single request => done, tested, doc2.0.7Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2010Kerberos not working with session upgrade2022-06-15T08:10:03ZMaxime BessonKerberos not working with session upgrade### Concerned version
Version: 2.0.6
Platform: Nginx
### Summary
Using Combination (Kerberos+LDAP) and Kerberos with AJAX.
When using session upgrade (in the context of a SAML request with ForceAuthn=TRUE), Kerberos authentication i...### Concerned version
Version: 2.0.6
Platform: Nginx
### Summary
Using Combination (Kerberos+LDAP) and Kerberos with AJAX.
When using session upgrade (in the context of a SAML request with ForceAuthn=TRUE), Kerberos authentication is not automatically reused to refresh the session.
### Logs
The Kerberos AJAX request hits / , but since a session already exists, nothing happens
### Possible fixes
My current solution is slightly change the behavior in kerberos.js so that
* It sends the ajax request to /upgradesession instead of /
* The user gets redirected to / instead of POSTing the upgradesession form, which in turn triggers autoredirect and allows to complete the SAML flow2.0.7Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2009Display authentication error on login form with Combination Kerberos + LDAP2019-12-13T10:20:57ZClément OUDOTDisplay authentication error on login form with Combination Kerberos + LDAPI have an issue similar to #1984 caused by the fix of #1867
I use a configuration with Combination with Kerberos + LDAP as authentication stack. The user does not have Kerberos ticket so he uses only the login form. If authentication fa...I have an issue similar to #1984 caused by the fix of #1867
I use a configuration with Combination with Kerberos + LDAP as authentication stack. The user does not have Kerberos ticket so he uses only the login form. If authentication fails, the error message is displayed on error page, not login page.
I tried this patch:
```
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index a058e3ef3..44dbb6649 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -264,6 +264,7 @@ sub display {
or ( $self->conf->{authentication} eq 'Combination'
and $req->{error} > PE_OK
and $req->{error} != PE_FIRSTACCESS
+ and $req->{error} != PE_BADCREDENTIALS
and $req->{error} != PE_PP_PASSWORD_EXPIRED )
# and ( $req->{error} == PE_TOKENEXPIRED or $req->{error} == PE_NOTOKEN )
```
It works well if the user login is correct and the password is incorrect, because the error is called in LDAP authentication backend and the call to setSecurity succeed. When the user login is incorrect, the error occurs in UserDB LDAP module, where we call this to load security token:
```
unless ( $req->data->{ldapentry} = $mesg->entry(0) ) {
$self->userLogger->warn("$req->{user} was not found in LDAP directory");
eval { $self->p->_authentication->setSecurity($req) };
return PE_BADCREDENTIALS;
}
```
Problem, I don't see where `$self->p->_authentication` is set in our code. It seems we have some loop:
* In Lemonldap/NG/Portal/Main/Process.pm, in sub setSessionInfo, $req->{sessionInfo}->{_auth} is filled by calling getModule
* In Lemonldap/NG/Portal/Main/Run.pm, in sub getModule, we call the sub name of the authentication module, which is Combination at this step
* In Lemonldap/NG/Portal/Auth/Combination.pm, in sub name, we read the value of $req->{sessionInfo}->{_auth}
Any idea is welcomed.2.0.7Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2005Error in portal "refresh my rights" feature when whatToTrace value is not equ...2019-12-19T17:11:42ZClément OUDOTError in portal "refresh my rights" feature when whatToTrace value is not equal to login### Concerned version
Version: %2.0.6
### Summary
I use a setup where `whatToTrace` is set to "entryUUID", and "login" to the mail.
When I am connected on the portal and I click on "refresh my rights", it displays "you must reconnect...### Concerned version
Version: %2.0.6
### Summary
I use a setup where `whatToTrace` is set to "entryUUID", and "login" to the mail.
When I am connected on the portal and I click on "refresh my rights", it displays "you must reconnect".
### Logs
```
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Get configuration from cache without verification.
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Get session 2aff5db7e83db4130fc5c9fea90fd8b202c68931c5c6c085f6f7c6447fc4b956 from Handler::Main::Run
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Check session validity from Handler
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Session timeout -> 72000
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Session _utime -> 1573205784
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] now -> 1573205841
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Session timeoutActivityInterval -> 60
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Session TTL = 71943
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] connect.pfptnbdev.io: Apply default rule
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] removing cookie
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Cookies -> llnglanguage=fr; lemonldap=2aff5db7e83db4130fc5c9fea90fd8b202c68931c5c6c085f6f7c6447fc4b956
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] CookieName -> lemonldap
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] newCookies -> llnglanguage=fr;
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] User e3f05ab0-0cf3-1039-862f-598f9923b4d4 was granted to access to /refresh
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Start routing refresh
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [notice] Refresh request for e3f05ab0-0cf3-1039-862f-598f9923b4d4
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] [notice] Refresh request for e3f05ab0-0cf3-1039-862f-598f9923b4d4
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Set session 2aff5db7e83db4130fc5c9fea90fd8b202c68931c5c6c085f6f7c6447fc4b956 _updateTime with 20191108093721
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Processing getUser
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [warn] e3f05ab0-0cf3-1039-862f-598f9923b4d4 was not found in LDAP directory
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] [warn] e3f05ab0-0cf3-1039-862f-598f9923b4d4 was not found in LDAP directory
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Prepare token
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Token 1573133961_14089 created
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Returned error: 5 (PE_BADCREDENTIALS)
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Processing code ref
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Returned error: -3 (PE_INFO)
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Display: info detected
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Hidden values :
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Skin returned: info
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Calling sendHtml with template info
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Apply following CORS policy :
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Access-Control-Allow-Origin
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] *
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Access-Control-Allow-Credentials
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] true
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Access-Control-Allow-Headers
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] *
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Access-Control-Allow-Methods
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] POST,GET
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Access-Control-Expose-Headers
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] *
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Access-Control-Max-Age
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] 86400
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Required urldc : https://connect.pfptnbdev.io/
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Set CSP form-action with urldc : https://connect.pfptnbdev.io
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Required Params URL : https://connect.pfptnbdev.io/
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Set CSP form-action with Params URL : https://connect.pfptnbdev.io
[Fri Nov 8 09:37:21 2019] [LLNG:19672] [debug] Apply following CSP : default-src 'self';img-src 'self' https://cdn.kroqi.fr data:;style-src https://cdn.kroqi.fr https://fonts.googleapis.com 'self' 'unsafe-inline';font-src *;connect-src 'self';script-src 'self' https://cdn.kroqi.fr;form-action * https://connect.pfptnbdev.io https://connect.pfptnbdev.io;frame-ancestors 'none';
```
This was not the case when whatToTrace was the same as the login.
2.0.7Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1984Reset expired password doesn't trigger when using Combination2020-09-04T14:11:00ZMaxime BessonReset expired password doesn't trigger when using Combination### Concerned version
Version: 2.0.6
Platform: Nginx / LDAP backend
### Summary
Configure a LDAP with an expire account policy
Configure Password settings in LLNG like so:
![image](/uploads/778807959165a04c880ce0579ab17caf/image.png...### Concerned version
Version: 2.0.6
Platform: Nginx / LDAP backend
### Summary
Configure a LDAP with an expire account policy
Configure Password settings in LLNG like so:
![image](/uploads/778807959165a04c880ce0579ab17caf/image.png)
Using LDAP as an auth+userDB source, if you login with an expired account, you are prompted to change the password
![image](/uploads/a119cc92878c60784f8ff3c9c27c8838/image.png)
Using Combination (with a single LDAP backend and `[myLDAP]` as a rule), you are not prompted, and all you get is a "Password expired" error message
![image](/uploads/c012da82bf8c619be653d405aea581d0/image.png)
This could be useful in cases such as `[Kerberos,LDAP] or [LDAP]`2.0.7https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1974ServiceToken handler TTL value always set to default2019-10-11T20:14:34ZChristophe Maudouxchrmdx@gmail.comServiceToken handler TTL value always set to default### Concerned version
Version: %2.0.6
Platform: (Nginx/Apache/Node.js)
### Summary
ServiceToken handler just uses localConfig (lemon.ini file)
###
Import vhostsOptions into tsv### Concerned version
Version: %2.0.6
Platform: (Nginx/Apache/Node.js)
### Summary
ServiceToken handler just uses localConfig (lemon.ini file)
###
Import vhostsOptions into tsv2.0.7Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1969Force password reset with LDAP password policy does not work if macro _whatTo...2020-10-10T16:01:10ZClément OUDOTForce password reset with LDAP password policy does not work if macro _whatToTrace is not definedI faced the bug #1910 in %2.0.6 on an installation the was configured without the macro `_whatToTrace`. The `whatToTrace` parameter is directly set to `uid`. In this case the `$self->userId($req)` is returning `anonymous` instead of user...I faced the bug #1910 in %2.0.6 on an installation the was configured without the macro `_whatToTrace`. The `whatToTrace` parameter is directly set to `uid`. In this case the `$self->userId($req)` is returning `anonymous` instead of user identity.
So I think there is an issue in Handler about the usage of _whatToTrace macro, as this macro may not be present.
The workaround for current version is to define the `_whatToTrace` macro in configuration.2.0.7YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1968skippedUnitTests/skippedGlobalTests have no effect2020-08-25T15:17:48ZMaxime BessonskippedUnitTests/skippedGlobalTests have no effect### Concerned version
Version: %2.0
Platform: Nginx / FastCGI and lemonldap-ng-cli
### Summary
* Put in an invalid value for "managerDn" in the configuration
* Configuration save fails as expected
* modify lemonldap-ng.ini to skip t...### Concerned version
Version: %2.0
Platform: Nginx / FastCGI and lemonldap-ng-cli
### Summary
* Put in an invalid value for "managerDn" in the configuration
* Configuration save fails as expected
* modify lemonldap-ng.ini to skip the value test on managerDn as indicated here https://lemonldap-ng.org/documentation/2.0/managertests
(`skippedUnitTests = managerDn`)
* Configuration save still fails
### Logs
::Manager::Conf::Parser uses `$self->{skippedUnitTests}` and `$self->{skippedGlobalTests}` but these are never given a value in the code. Dumping them shows an `undef` value despite llng.ini giving them one.2.0.7Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1966Configuration reload does not apply changes to location rules2019-11-20T14:41:43ZMaxime BessonConfiguration reload does not apply changes to location rules### Concerned version
Version: %2.0
Platform: Nginx / FastCGI on 2.0.x, did not happen in 1.9
### Summary
* Change the default rule for any handler VHost, including he manager
* After the configuration reload (and $checkTime), the ...### Concerned version
Version: %2.0
Platform: Nginx / FastCGI on 2.0.x, did not happen in 1.9
### Summary
* Change the default rule for any handler VHost, including he manager
* After the configuration reload (and $checkTime), the modification is taken into account both in the portal app list and in actual requests
* Change a location rule that is not the default one (it can be a simple rule on `^/`)
* after the configuration reload, the modification is NOT taken into account. The portal will not show the configuration change in the app menu, and the handler will not apply the change.
I have tried:
* Reloading with http://reload.example.com/reload
* Logging off and logging the affected user back on
* "Refresh my rights"
* clearing my cookies
* rm -fr /tmp/lemonldap-ng-sessions
* Sacrificing a goat born under the last full moon to the Great Tsathoggua
But only a process restart was enough to actually apply a configuration change to non-default location rules.
### Logs
I noticed that during a configuration reload, new rules keep being added to
`$tsv->locationCondition`
Here it is after a restart:
```
'manager.example.com' => [
sub { "DUMMY" }
],
```
Containing the lone sub compiled from my test rule (^/ => accept)
But after a few reloads, here is what it looks like:
```
'manager.example.com' => [
sub { "DUMMY" },
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0],
$VAR1->{'manager.example.com'}[0]
],
```
The code in `locationRulesInit` does not seem to ever delete anything from this array. From a casual glance it seems to me like the configuration reload just piles the new rules on top of the old ones, which might explain why the old rules are still being applied. Furthermore this looks like a potential memory leak too.2.0.7Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1964Diff.html does not work with minified JS2019-10-01T20:08:12ZChristophe Maudouxchrmdx@gmail.comDiff.html does not work with minified JS### Concerned version
Version: %2.0.6
Platform: All
### Summary
It works well with diff.js### Concerned version
Version: %2.0.6
Platform: All
### Summary
It works well with diff.js2.0.7Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1963Server Error with OpenID Connect register endpoint2019-10-01T12:54:25ZClément OUDOTServer Error with OpenID Connect register endpointWhen trying to register an OIDC RP with the register endpoint, we have:
```
[Tue Oct 01 12:26:44.380051 2019] [fcgid:warn] [pid 27403] [client 83.118.197.36:10400] mod_fcgid: stderr: Undefined subroutine &Lemonldap::NG::Portal::Issuer::O...When trying to register an OIDC RP with the register endpoint, we have:
```
[Tue Oct 01 12:26:44.380051 2019] [fcgid:warn] [pid 27403] [client 83.118.197.36:10400] mod_fcgid: stderr: Undefined subroutine &Lemonldap::NG::Portal::Issuer::OpenIDConnect::random_string called at /usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm line 1340.
```2.0.7Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1961IDP selection rule regression in 2.0.02019-09-30T19:47:57ZMaxime BessonIDP selection rule regression in 2.0.0### Concerned version
Version: %2.0
### Summary
IDP selection rules no longer match since 2.0.0 :
```
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
1503: my $cond = $self->idpRules->{$idpConfKey} or next;
l...### Concerned version
Version: %2.0
### Summary
IDP selection rules no longer match since 2.0.0 :
```
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
1503: my $cond = $self->idpRules->{$idpConfKey} or next;
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
30:has idpRules => ( is => 'rw', default => sub { {} } );
298: $self->idpRules->{$entityID} = $cond;
```
There was a little mixup between using entity IDs of config keys as keys for the idpRules array.2.0.7Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1960REST config service not working2019-09-30T15:59:36ZClément OUDOTREST config service not workingWhen testing REST service, I am able to get metadata, but not a single value:
```
==> /var/log/apache2/error.log <==
[Mon Sep 30 15:21:08 2019] [LLNG:15167] [info] No cookie found
[Mon Sep 30 15:21:08 2019] [LLNG:15167] [debug] Build URL...When testing REST service, I am able to get metadata, but not a single value:
```
==> /var/log/apache2/error.log <==
[Mon Sep 30 15:21:08 2019] [LLNG:15167] [info] No cookie found
[Mon Sep 30 15:21:08 2019] [LLNG:15167] [debug] Build URL https://xxx/config/latest/portal
[Mon Sep 30 15:21:08 2019] [LLNG:15167] [debug] Redirect 109.190.253.14 to portal (url was /config/latest/portal)
[Mon Sep 30 15:21:08 2019] [LLNG:15167] [debug] User not authenticated, Try in use, cancel redirection
[Mon Sep 30 15:21:08 2019] [LLNG:15167] [debug] Start routing config
[Mon Sep 30 15:21:08.161358 2019] [fcgid:warn] [pid 15170] [client 109.190.253.14:60500] mod_fcgid: stderr: Can't locate object method "userId" via package "Lemonldap::NG::Portal::Plugins::RESTServer" at /usr/share/perl5/Lemonldap/NG/Common/Conf/RESTServer.pm line 804, <FILE> line 2.
```
The `?full` parameter is not working either.2.0.7Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1955Redirection lost after notification validation2019-12-20T13:59:28ZClément OUDOTRedirection lost after notification validationThis should have been fixed in %2.0.6 (#1861) but the bug is still here.
How to reproduce:
* Connect to OIDC RP
* Redirection on LL::NG portal (which is OIDC Provider)
* Accept notifications
-> Portal menu is displayed instead of been r...This should have been fixed in %2.0.6 (#1861) but the bug is still here.
How to reproduce:
* Connect to OIDC RP
* Redirection on LL::NG portal (which is OIDC Provider)
* Accept notifications
-> Portal menu is displayed instead of been redirected to OIDC RP.
Some logs:
```
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [info] Session zGWUoIPMx20EFX3vr2pCI9W9e4IcHzWjlmGs21kyL/OxWteRnLcnNHCrmN/BLTfx/SM1b834iHs1NQsHg6V082w/Pg0HoHSmzm6r4gqqBwfEvWJPXj87gIHJ3ty1GbC+irQ9cSnRoKCy6U8G7PoyfA== can't be retrieved
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [info] Session cannot be tied: Invalid session ID: zGWUoIPMx20EFX3vr2pCI9W9e4IcHzWjlmGs21kyL/OxWteRnLcnNHCrmN/BLTfx/SM1b834iHs1NQsHg6V082w/Pg0HoHSmzm6r4gqqBwfEvWJPXj87gIHJ3ty1GbC+irQ9cSnRoKCy6U8G7PoyfA== at /usr/share/perl5/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm line 49.
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Build URL https://connect.pfptnbdev.io/notifback
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Redirect 81.250.130.213 to portal (url was /notifback)
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] User not authenticated, Try in use, cancel redirection
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Start routing notifback
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6 from Handler::Main::Run
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Check session validity from Handler
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Session timeout -> 72000
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Session _utime -> 1569599433
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] now -> 1569599448
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Session timeoutActivityInterval -> 60
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Session TTL = 71985
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-7
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-7
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Found 'whatToTrace' -> cleoud@worteks.com
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update cleoud@worteks.com persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update sessionInfo notification_cgu-kroqi-batest-7
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Dump: $VAR1 = '1569599448';
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Try to get SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6 from Portal::Main::Run
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Return SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-7 registered in persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-1
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-1
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Found 'whatToTrace' -> cleoud@worteks.com
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update cleoud@worteks.com persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update sessionInfo notification_cgu-kroqi-batest-1
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Dump: $VAR1 = '1569599448';
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Try to get SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6 from Portal::Main::Run
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Return SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-1 registered in persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Found 'whatToTrace' -> cleoud@worteks.com
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update cleoud@worteks.com persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update sessionInfo notification_cgu-kroqi-batest-6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Dump: $VAR1 = '1569599448';
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Try to get SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6 from Portal::Main::Run
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Return SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-6 registered in persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-2
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-2
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Found 'whatToTrace' -> cleoud@worteks.com
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update cleoud@worteks.com persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update sessionInfo notification_cgu-kroqi-batest-2
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Dump: $VAR1 = '1569599448';
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Try to get SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6 from Portal::Main::Run
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Return SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-2 registered in persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-4
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-4
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Found 'whatToTrace' -> cleoud@worteks.com
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update cleoud@worteks.com persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update sessionInfo notification_cgu-kroqi-batest-4
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Dump: $VAR1 = '1569599448';
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Try to get SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6 from Portal::Main::Run
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Return SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-4 registered in persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-3
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-3
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Found 'whatToTrace' -> cleoud@worteks.com
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update cleoud@worteks.com persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update sessionInfo notification_cgu-kroqi-batest-3
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Dump: $VAR1 = '1569599448';
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Try to get SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6 from Portal::Main::Run
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Return SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-3 registered in persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Current pending notification has not been found
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-5
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] [notice] cleoud@worteks.com has accepted notification cgu-kroqi-batest-5
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Found 'whatToTrace' -> cleoud@worteks.com
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update cleoud@worteks.com persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Update sessionInfo notification_cgu-kroqi-batest-5
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Dump: $VAR1 = '1569599448';
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Try to get SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6 from Portal::Main::Run
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Return SSO session cf619bcabf922cd9a8e9681388620bcc2d5711f65e2a3b4a9cd5ab4c97c84ec6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-5 registered in persistent session
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Pending notification has been found and not accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Processing code ref
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Launching ::Plugins::Notifications::checkNotifDuringAuth
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v13
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v13 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v10
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v10 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v12
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v12 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-batest-7
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-7 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-batest-4
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-4 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-batest-5
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-5 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v14-bis
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v14-bis was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v14
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v14 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-batest-3
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-3 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v15
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v15 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-batest-1
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-1 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v15-bis
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v15-bis was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-batest-6
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-6 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v11
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v11 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-batest-2
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-batest-2 was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Get reference cgu-kroqi-v12-bis
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Notification cgu-kroqi-v12-bis was already accepted
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Processing code ref
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Calling autoredirect
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Check if Appslist has to be displayed
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Check if ChangePassword has to be displayed
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Check if LoginHistory has to be displayed
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Check if OidcConsents has to be displayed
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Check if Logout has to be displayed
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Skin returned: menu
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Calling sendHtml with template menu
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/menu.tpl
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/menu.tpl
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Apply following CORS policy :
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Access-Control-Allow-Origin
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] *
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Access-Control-Allow-Credentials
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] true
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Access-Control-Allow-Headers
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] *
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Access-Control-Allow-Methods
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] POST,GET
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Access-Control-Expose-Headers
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] *
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Access-Control-Max-Age
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] 86400
[Fri Sep 27 15:50:48 2019] [LLNG:10996] [debug] Apply following CSP : default-src 'self';img-src 'self' https://cdn.kroqi.fr data:;style-src https://cdn.kroqi.fr https://fonts.googleapis.com 'self' 'unsafe-inline';font-src *;connect-src 'self';script-src 'self' https://cdn.kroqi.fr;form-action *;frame-ancestors 'none';2.0.7Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1954zimbra preauth not working2020-04-16T19:49:33Zdcoutadeur dcoutadeurzimbra preauth not working### Concerned version
Version: 2.0.6
Platform: Apache 2.4
### Summary
- Zimbra PreAuth is not working
- the zimbra unit test are "light"
### Description
The first obvious problem is a configuration parameter.
When setting "ZimbraPr...### Concerned version
Version: 2.0.6
Platform: Apache 2.4
### Summary
- Zimbra PreAuth is not working
- the zimbra unit test are "light"
### Description
The first obvious problem is a configuration parameter.
When setting "ZimbraPreAuth" in corresponding vhost in the Manager web interface, the vhost parameter stored is "Zimbra". So the SSO complains it can't load `Lemonldap::NG::Handler::ApacheMP2::Zimbra`
If I modify the parameter manually into the configuration (ZimbraPreAuth), I can go on.
But the kinematic still does not work. I get a new apache error:
```
Invalid response status 1780437520
```
I can investigate further on monday and give more details if necessary2.0.7Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1953Outgoing emails are missing a Date: field2019-12-21T15:58:57ZMaxime BessonOutgoing emails are missing a Date: field### Concerned version
Version: %2.0
### Summary
RFC 2822 mandates that all email messages contain a "Date:" header:
```
The only required header fields are the origination date field and
the originator address field(s). All other...### Concerned version
Version: %2.0
### Summary
RFC 2822 mandates that all email messages contain a "Date:" header:
```
The only required header fields are the origination date field and
the originator address field(s). All other header fields are
syntactically optional. More information is contained in the table
following this definition.
```
LemonLDAP emails do not contain this field, which is causing some picky providers to drop our messages.2.0.7Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1952"Attributes and macros" session keys should not be translated2020-04-12T13:03:29ZMaxime Besson"Attributes and macros" session keys should not be translated### Concerned version
Version: %2.0
### Summary
In the session browser
![image](/uploads/387f71d23743add6e6c3b99fb2dae489/image.png)
Session keys that have no special meaning should not be translated.
In this example, the very comm...### Concerned version
Version: %2.0
### Summary
In the session browser
![image](/uploads/387f71d23743add6e6c3b99fb2dae489/image.png)
Session keys that have no special meaning should not be translated.
In this example, the very common `uid` gets translated to `Identifier`, which is a bit of a head-scratcher when you're trying to figure out what attributes you can use to build your rules. Especially since `uid` has no special meaning whatsoever, compared to `_whatToTrace` or `_user`2.0.7Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.com