lemonldap-ng issues
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues
2019-10-14T16:08:54Z
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/94
Integration with OpenPERMIS
2019-10-14T16:08:54Z
Clément OUDOT
Integration with OpenPERMIS
Romain Guignard proposed an integration with OpenPERMIS : http://openpermis.info/
This means Handler will send XACML request to PERMIS to check user's authorization rather than use the LL::NG rules.
I join an implementation he made.
Romain Guignard proposed an integration with OpenPERMIS : http://openpermis.info/
This means Handler will send XACML request to PERMIS to check user's authorization rather than use the LL::NG rules.
I join an implementation he made.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/402
SOAP method getMenuApplications does not work with Safe jail
2019-10-14T16:17:12Z
Clément OUDOT
SOAP method getMenuApplications does not work with Safe jail
SOAP method getMenuApplications does not work with Safe jail, but work great with useSafeJail = 0.
SOAP method getMenuApplications does not work with Safe jail, but work great with useSafeJail = 0.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1344
Problem with kerberos authentication and ajax
2018-03-13T14:14:53Z
Carl R.
Problem with kerberos authentication and ajax
Hello, i'm using LemonLDAP-ng 1.9.14 with nginx.
I'm trying to configure the authentication with the "multi" configured as follows : Kerberos;LDAP
I would to like to get authenticated "automatically" with kerberos and fall back to ldap (...
Hello, i'm using LemonLDAP-ng 1.9.14 with nginx.
I'm trying to configure the authentication with the "multi" configured as follows : Kerberos;LDAP
I would to like to get authenticated "automatically" with kerberos and fall back to ldap (with form, i would prefer to avoid the authentication popup) if no kerberos.
I can't get to work Kerberos authentication with ajax enabled, the server logs first show that i'm correctly authentified :
FastCGI sent in stderr: "[notice] Lemonldap::NG : toto@REALM.LOCAL authentified by Kerberos (10.x.y.z)" while reading response header from upstream, client: 10.x.y.z, server: auth.xxx.fr, request: "GET /?kerberos=1 HTTP/1.1",
Then immediately :
FastCGI sent in stderr: "[notice] Lemonldap::NG : Kerberos authentication has failed, back to portal (10.x.y.z)" while reading response header from upstream, client: 10.x.y.z, server: auth.xxx.fr, request: "POST /?url=aHR0cHM6Ly9tYWJlbGxldXJsLm1vbmJlYXVkb21haW5lLmNvbS8= HTTP/1.1"
And i'm back to the form so i have to authenticate with LDAP(which works)
What works :
LDAP with form, Kerberos with ajax disabled, but if kerberos auth cannot be performed, i get a http authentication popup (i'm not sure i can get rid of that ?)
I use the last versions of firefox and chrome with the proper configuration to enable kerberos authentication.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1361
LDAP connections are never closed with LDAP authentication backend inside Choice
2018-03-13T13:49:24Z
Clément OUDOT
LDAP connections are never closed with LDAP authentication backend inside Choice
When testing 2.0, I see that the code opens a lot of connections to LDAP server and never close them.
A simple load of the portal page (without authentication) gives these logs in OpenLDAP:
```
Jan 31 17:31:08 llng-site slapd[32489]: co...
When testing 2.0, I see that the code opens a lot of connections to LDAP server and never close them.
A simple load of the portal page (without authentication) gives these logs in OpenLDAP:
```
Jan 31 17:31:08 llng-site slapd[32489]: conn=1026 fd=36 ACCEPT from IP=127.0.0.1:34218 (IP=127.0.0.1:389)
Jan 31 17:31:08 llng-site slapd[32489]: conn=1026 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" method=128
Jan 31 17:31:08 llng-site slapd[32489]: conn=1026 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" mech=SIMPLE ssf=0
Jan 31 17:31:08 llng-site slapd[32489]: conn=1026 op=0 RESULT tag=97 err=0 text=
Jan 31 17:31:08 llng-site slapd[32489]: conn=1027 fd=37 ACCEPT from IP=127.0.0.1:34220 (IP=127.0.0.1:389)
Jan 31 17:31:08 llng-site slapd[32489]: conn=1027 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" method=128
Jan 31 17:31:08 llng-site slapd[32489]: conn=1027 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" mech=SIMPLE ssf=0
Jan 31 17:31:08 llng-site slapd[32489]: conn=1027 op=0 RESULT tag=97 err=0 text=
Jan 31 17:31:08 llng-site slapd[32489]: conn=1028 fd=38 ACCEPT from IP=127.0.0.1:34222 (IP=127.0.0.1:389)
Jan 31 17:31:08 llng-site slapd[32489]: conn=1028 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" method=128
Jan 31 17:31:08 llng-site slapd[32489]: conn=1028 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" mech=SIMPLE ssf=0
Jan 31 17:31:08 llng-site slapd[32489]: conn=1028 op=0 RESULT tag=97 err=0 text=
Jan 31 17:31:08 llng-site slapd[32489]: conn=1029 fd=39 ACCEPT from IP=127.0.0.1:34224 (IP=127.0.0.1:389)
Jan 31 17:31:08 llng-site slapd[32489]: conn=1029 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" method=128
Jan 31 17:31:08 llng-site slapd[32489]: conn=1029 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" mech=SIMPLE ssf=0
Jan 31 17:31:08 llng-site slapd[32489]: conn=1029 op=0 RESULT tag=97 err=0 text=
Jan 31 17:31:08 llng-site slapd[32489]: conn=1030 fd=40 ACCEPT from IP=127.0.0.1:34226 (IP=127.0.0.1:389)
Jan 31 17:31:08 llng-site slapd[32489]: conn=1030 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" method=128
Jan 31 17:31:08 llng-site slapd[32489]: conn=1030 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" mech=SIMPLE ssf=0
Jan 31 17:31:08 llng-site slapd[32489]: conn=1030 op=0 RESULT tag=97 err=0 text=
Jan 31 17:31:08 llng-site slapd[32489]: conn=1031 fd=41 ACCEPT from IP=127.0.0.1:34228 (IP=127.0.0.1:389)
Jan 31 17:31:08 llng-site slapd[32489]: conn=1031 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" method=128
Jan 31 17:31:08 llng-site slapd[32489]: conn=1031 op=0 BIND dn="cn=lemonldapng,ou=dsa,dc=openid,dc=club" mech=SIMPLE ssf=0
Jan 31 17:31:08 llng-site slapd[32489]: conn=1031 op=0 RESULT tag=97 err=0 text=
```
So just to display the page, there are 6 connections opened, and never closed. It seems linked to Choice as I configured 6 authentication choices.
This is a critical bug as the LDAP server is quickly saturated by opened connections.
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1365
SAML - Error when trying to reach /saml/metadata
2018-03-14T07:04:09Z
Mathieu Lecompte-melançon
SAML - Error when trying to reach /saml/metadata
Seeing in 2.0 alpha relase on Centos
```
Feb 6 20:17:36 srv-test-nginxv2 LLNG[1430]: Lemonldap::NG::Portal::Issuer::SAML load error: Bareword "Lasso::Constants::HTTP_METHOD_REDIRECT" not allowed while "strict subs" in use at /usr/share...
Seeing in 2.0 alpha relase on Centos
```
Feb 6 20:17:36 srv-test-nginxv2 LLNG[1430]: Lemonldap::NG::Portal::Issuer::SAML load error: Bareword "Lasso::Constants::HTTP_METHOD_REDIRECT" not allowed while "strict subs" in use at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Lib/SAML.pm line 412.#012Bareword "Lasso::Constants::HTTP_METHOD_ARTIFACT_GET" not allowed while "strict subs" in use at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Lib/SAML.pm line 438.#012Bareword "Lasso::Constants::HTTP_METHOD_POST" not allowed while "strict subs" in use at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Lib/SAML.pm line 458.#012Bareword "Lasso::Constants::HTTP_METHOD_ARTIFACT_POST" not allowed while "strict subs" in use at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Lib/SAML.pm line 484.#012Bareword "Lasso::Constants::HTTP_METHOD_SOAP" not allowed while "strict subs" in use at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Lib/SAML.pm line 503.#012Compilation failed in require at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Issuer/SAML.pm line 5.#012BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Issuer/SAML.pm line 5.#012Compilation failed in require at (eval 764) line 2.
```
FAQ
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1370
Cas server - Action serviceValidate not available
2018-02-09T09:43:33Z
STEPHANE PEILLON
Cas server - Action serviceValidate not available
Hello
After installing lemonldap 1.9.14, I try to activate the cas server. The handlers for the 'login' and 'logout' actions work well but the serviceValidate action doesn't work when the user is logged : the portal doesn't return an XM...
Hello
After installing lemonldap 1.9.14, I try to activate the cas server. The handlers for the 'login' and 'logout' actions work well but the serviceValidate action doesn't work when the user is logged : the portal doesn't return an XML feed but the HTML page of the portal.
Can you give me some tips to solve this problem?
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1376
U2F registration fails with recent Firefox
2018-03-14T06:05:03Z
Yadd
U2F registration fails with recent Firefox
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1378
lemonldap-ng-doc unable to install on Debian 7
2018-02-16T15:36:02Z
dcoutadeur dcoutadeur
lemonldap-ng-doc unable to install on Debian 7
### Concerned version
Debian LemonLDAP::NG documentation 1.9.15
```
apt-cache show lemonldap-ng-doc
Pre-Depends: dpkg (>= 1.17.14)
```
### Summary
Debian 7 doesn't have such a recent version of dpkg (1.17.14)
Curiously, only the debi...
### Concerned version
Debian LemonLDAP::NG documentation 1.9.15
```
apt-cache show lemonldap-ng-doc
Pre-Depends: dpkg (>= 1.17.14)
```
### Summary
Debian 7 doesn't have such a recent version of dpkg (1.17.14)
Curiously, only the debian repository has such pre-requisite:
```
# LemonLDAP::NG repository
deb https://lemonldap-ng.org/deb stable main
deb-src https://lemonldap-ng.org/deb stable main
```
My debian testing doesn't have the pre-requisite on dpkg:
```
deb http://ftp.fr.debian.org/debian/ testing main non-free contrib
deb-src http://ftp.fr.debian.org/debian/ testing main non-free contrib
```
1.9.16
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1381
Log4Perl <> LemonLDAP
2018-02-24T16:35:07Z
Dave Conroy
Log4Perl <> LemonLDAP
In the LL:NG Documentation I see various loglevels:
`error,warn,notice,info,debug`
I am trying to build a log4perl.conf file and wanting to map my `notice` logentries, however log4perl only allows `ALL|FATAL|TRACE|INFO|OFF|DEBUG|WARN|ER...
In the LL:NG Documentation I see various loglevels:
`error,warn,notice,info,debug`
I am trying to build a log4perl.conf file and wanting to map my `notice` logentries, however log4perl only allows `ALL|FATAL|TRACE|INFO|OFF|DEBUG|WARN|ERROR`. Can you explain what notice would map to?
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1402
Allow save when no change detected
2018-05-27T07:03:17Z
Mathieu Lecompte-melançon
Allow save when no change detected
### Version
%"2.0.0" and nexts
### Summary
When we click on save, without doing any change, we have a message saying no change detected, Save canceled.
Some time some node are not sync, like a restored crashed node or even node in ma...
### Version
%"2.0.0" and nexts
### Summary
When we click on save, without doing any change, we have a message saying no change detected, Save canceled.
Some time some node are not sync, like a restored crashed node or even node in maintenance state.
Currently to sync all those node i have to make a fake change, and revert the fake change.
Maybe a good idea in the windows modal that show No change detected to place another button to simply force save.
### Design proposition
Add Force Save button in the windows modal of No change detected
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1409
Keydo U2F keys not recognized on Linux
2018-06-14T18:55:45Z
Yadd
Keydo U2F keys not recognized on Linux
### Summary
Keudo U2F keys are not recognized by default with Linux desktop. To enable it, you must create a `udev` rule. Exemple: `/etc/udev/rules.d/70-u2f-keydo.rules`:
```
ACTION!="add|change", GOTO="u2f_end"
KERNEL=="hidraw*", SUBSY...
### Summary
Keudo U2F keys are not recognized by default with Linux desktop. To enable it, you must create a `udev` rule. Exemple: `/etc/udev/rules.d/70-u2f-keydo.rules`:
```
ACTION!="add|change", GOTO="u2f_end"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0",
TAG+="uaccess"
LABEL="u2f_end"
```
See [Keydo documentation](https://www.neowave.fr/FR/keydo_fido_u2f.html) for more.
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1421
Apache::Session module failed
2018-05-14T12:16:38Z
SORE Abdoulaye
Apache::Session module failed
### Concerned version
Version: 2.0
### Summary
Hello,
After a fresh installation of LemonlDAP::NG 2.0 on CentOs7, we get **Apache::Session module failed** on portal, while trying to login.
In apache2 error_log file, we have permission...
### Concerned version
Version: 2.0
### Summary
Hello,
After a fresh installation of LemonlDAP::NG 2.0 on CentOs7, we get **Apache::Session module failed** on portal, while trying to login.
In apache2 error_log file, we have permission denied error on directories that belong to apache, though, we gave the rights and these directories to the user apache.
When we connect to the system as user apache we are able to create files in these directories.
### Logs
```
(in cleanup) Could not open file (/usr/local/lemonldap-ng/data/psessions/lock/Apache-Session-5efe8af397fc3577e05b483aca964f1b.lock) for writing: Permission denied at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.
(in cleanup) Could not open file (/usr/local/lemonldap-ng/data/psessions/lock/Apache-Session-5efe8af397fc3577e05b483aca964f1b.lock) for writing: Permission denied at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.
(in cleanup) Could not open file (/usr/local/lemonldap-ng/data/sessions/lock/Apache-Session-1d34d88188bc69134ed362db7ae5f21f0d08ea1c7e2720e8ffc277c5ce643713.lock) for writing: Permission denied at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.
[error] Session cannot be tied: Could not open file (/usr/local/lemonldap-ng/data/sessions/lock/Apache-Session-1d34d88188bc69134ed362db7ae5f21f0d08ea1c7e2720e8ffc277c5ce643713.lock) for writing: Permission denied at /usr/share/perl5/vendor_perl/Apache/Session/Lock/File.pm line 75.
```
### Backends used
Let by default.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1241
Access rules logout_app
2018-05-19T19:41:48Z
Ismael Dupras
Access rules logout_app
I also try to use logout_app but this log me out of all applications do you know why ? Do I have missing configurations ? ...
I also try to use logout_app but this log me out of all applications do you know why ? Do I have missing configurations ?
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1433
Encoding problems with custom mail_password.tpl
2018-05-25T12:44:27Z
Stéphane Liabat
Encoding problems with custom mail_password.tpl
### Concerned version
Version: 1.9.14
Platform: Apache, centOS 7
### Summary
J'ai modifié un fichier template : mail_password.tpl
Avec du simple texte, et l'envoi de mail lors de l'appel de ce template, plante.
[mail_password.tpl](/u...
### Concerned version
Version: 1.9.14
Platform: Apache, centOS 7
### Summary
J'ai modifié un fichier template : mail_password.tpl
Avec du simple texte, et l'envoi de mail lors de l'appel de ce template, plante.
[mail_password.tpl](/uploads/b114720d5bb2af2b9133c20e06ca6c60/mail_password.tpl)[mail_password.tpl](/uploads/97caa72139a178fbfd6dd39bd61a41e7/mail_password.tpl)
### Logs
```
[Wed May 23 14:30:29.783171 2018] [perl:debug] [pid 42486] CGI.pm(115): Lemonldap::NG::Portal::MailReset: Update sessionInfo _password with password
[Wed May 23 14:30:29.783203 2018] [perl:debug] [pid 42486] CGI.pm(115): Lemonldap::NG::Portal::MailReset: Try to get SSO session b7d502cd321e4b786c168ed7cb2dee99
[Wed May 23 14:30:29.790458 2018] [perl:debug] [pid 42486] CGI.pm(115): Lemonldap::NG::Portal::MailReset: Return SSO session b7d502cd321e4b786c168ed7cb2dee99
[Wed May 23 14:30:29.814910 2018] [perl:debug] [pid 42486] CGI.pm(115): Lemonldap::NG::Portal::MailReset: processing to sub sendPasswordMail
[Wed May 23 14:30:29.822727 2018] [:error] [pid 42486] Cannot decode string with wide characters at /usr/lib64/perl5/vendor_perl/Encode.pm line 176.\n
```
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1454
Portal doesn't update app urls
2018-06-18T16:35:46Z
Paul Curie
Portal doesn't update app urls
### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
### Summary
Debian 9 / Apache2 mpm-prefork
login as ldap user, test app 2 is http://
go to manager, change test app 2 menu item u...
### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
### Summary
Debian 9 / Apache2 mpm-prefork
login as ldap user, test app 2 is http://
go to manager, change test app 2 menu item url to https://, save, in manager the new value is here, in diff, it only show old value, no new value shown.
![Selection_155](/uploads/801e79c8f7e9771b25e83beb18bf9a92/Selection_155.png)
F5 or Ctrl+F5 on portal doesn't show new value for test app 2 url
logout/login doesn't show new value
Refresh my rights doesn't show new value
Restart apache2 service, new url is shown on portal
I can't reproduce this bug 100% of times, more like 99%, in a few cases the diff show the new value, but portal still doesn't show new url, once it did.
I tested on 1.9 with same environment/config, no need to restart apache2 to show new urls, it works 100% of times.
### Logs
llng debug log of saving the new value
```
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/?cfgNum=27
[debug] User authenticated, calling handler()
[debug] Start routing confs
[notice] User fd-admin has stored conf 28
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Configuration 28 stored.
Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Thu Jun 14 17:09:05.262461 2018] [perl:notice] [pid 17925] Request for configuration reload
[notice] Apply configuration for reload.xps.local: ok
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/latest
[debug] User authenticated, calling handler()
[debug] Start routing confs
[debug] Search for cfgNum in conf
[debug] Cfgnum set to latest
[debug] Search for cfgAuthor in conf
[debug] Cfgnum set to 28
[debug] Search for cfgDate in conf
[debug] Cfgnum set to 28
[debug] Search for cfgAuthorIP in conf
[debug] Cfgnum set to 28
[debug] Search for cfgLog in conf
[debug] Cfgnum set to 28
[debug] Search for cfgVersion in conf
[debug] Cfgnum set to 28
[info] User fd-admin ask for configuration metadatas (28)
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/28/portal
[debug] User authenticated, calling handler()
[debug] Start routing confs
[info] User fd-admin asks for key portal
[debug] Search for portal in conf
[debug] Cfgnum set to 28
[debug] Get session fd10b516ed150445a73bdcdebe4a70174c7dcc3241fa3aedc227bc513cb98d7b from Handler internal cache
[debug] manager.xps.local: Apply default rule
[debug] removing cookie
[debug] User fd-admin was granted to access to /manager.fcgi/confs/28/domain
[debug] User authenticated, calling handler()
[debug] Start routing confs
[info] User fd-admin asks for key domain
[debug] Search for domain in conf
[debug] Cfgnum set to 28
```
### Backends used
LDAP for auth/user/password
Files for config/sessions
2.0.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1472
Duo Finds SAML Vulnerabilities Affecting Multiple Implementations. LemonLDAP ...
2018-07-09T16:07:31Z
Mathieu Parent
Duo Finds SAML Vulnerabilities Affecting Multiple Implementations. LemonLDAP too ?
As I don't understand this blog post I put it here because llng may be affected:
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
As I don't understand this blog post I put it here because llng may be affected:
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1548
FastCGI sent in stderr: "Can't locate CGI/Emulate/PSGI.pm in @INC
2020-01-14T12:56:18Z
Frederic LOUI
FastCGI sent in stderr: "Can't locate CGI/Emulate/PSGI.pm in @INC
### Concerned version
Version: %X.X.X
Platform: (Nginx/Apache/Node.js)
The platform used in :[lemonldap-ng-controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller)
I also just in case opened a bug here in github:...
### Concerned version
Version: %X.X.X
Platform: (Nginx/Apache/Node.js)
The platform used in :[lemonldap-ng-controller](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller)
I also just in case opened a bug here in github: [Issue #5](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller/issues/75)
### Summary
I followed the documentation using generic install.
In order to modify the yaml file too much, I created a "ingress-nginx" namespace in my K8s cluster.
I installed an instance of ingress-nginx using helm. I change the configmap and the deployment name in the yaml file.
I kept the "example.org" domain and tried to connect to http://manager.example.org
I'm redirected to http://auth.example.org/?url=aHR0cDovL21hbmFnZXIuZXhhbXBsZS5vcmcv
With an Internal Server Error.
GOAL: "Simply" install lemonldap-ng as a side container to NGINX-INGRESS controller and use the default File type backend and default domain example.org defined [here](https://github.com/lemonldap-ng-controller/lemonldap-ng-controller/blob/master/deploy/README.md).
### Logs
Sorry for the short log, but this is only what I can get as I'm constrained in a very isolated VPN in my IaaS environment.
```
...
FastCGI sent in stderr: "Can't locate CGI/Emulate/PSGI.pm in @INC ...
...
```
### Backends used
As a first approach, I only tried to use the default backend which is the "File" backend type.
### Possible fixes
This error is characteristic from Perl not finding the right lib in the perl path. But as the script seems to be mature I was just wondering where we could find CGI/Emulate/PSGI.pm ? Adding modification is not so straightforward as we are using container so before completing the container I was justwondering is someting is missing ? In which package is included the file llng-fastcgi-server ?
In the container llng-ingress-controller, the file in path CGI/Emulate/PSGI.pm cannot be found but I don't see any explicit "perl require". (but my perl skills are limited)
Last but not least: Sorry if I opened a ticket in the wrong "forge" I opened a ticket in github first but troubleshooting steps led to llng-fastcgi-server that is in this repo;. :-) So apology.
Thanks for your potential help !
Frederic
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1563
Auto Signin Addon - Section not present in manager...
2018-12-01T14:06:44Z
Mathieu Lecompte-melançon
Auto Signin Addon - Section not present in manager...
### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
I haven't found where to configure the Auto-Signin addon in manager. Was easy to found in Beta but that not seem present in the final release.
### Logs
```
NA
```
...
### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
I haven't found where to configure the Auto-Signin addon in manager. Was easy to found in Beta but that not seem present in the final release.
### Logs
```
NA
```
### Backends used
NA
### Possible fixes
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1571
Issue with sessions in MongoDB
2019-05-16T00:20:21Z
Mathieu Lecompte-melançon
Issue with sessions in MongoDB
### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
Switching Session and persistant session from File to mongo not working
Configuration in ini
```
[portal]
globalStorage = Apache::Session::MongoDB
globalStorageOpti...
### Concerned version
Version: %2.0.0
Platform: (Nginx)
### Summary
Switching Session and persistant session from File to mongo not working
Configuration in ini
```
[portal]
globalStorage = Apache::Session::MongoDB
globalStorageOptions = { 'collection' => 'sessions', 'connect_timeout' => '10000', 'db_name' => 'llng_db', 'host' => 'mongodb://lemonldap_1.bd.interne.urgences-sante.qc.ca:27017,lemonldap_2.bd.interne.urgences-sante.qc.ca:27017,lemonldap_3.bd.interne.urgences-sante.qc.ca:27017', 'ssl' => '0', 'dbName' => 'llng_db', 'username' => 'lol', 'password' => 'tulesaurapas', 'connect_timeout_ms' => '3000', 'read_pref_mode' => 'primaryPreferred', 'replica_set_name' => 'rs0', 'w' => '1', 'wtimeout' => '3000' }
persistentStorage = Apache::Session::MongoDB
persistentStorageOptions = { 'collection' => 'sessions_persistent', 'connect_timeout' => '10000', 'db_name' => 'llng_db', 'host' => 'mongodb://lemonldap_1.bd.interne.urgences-sante.qc.ca:27017,lemonldap_2.bd.interne.urgences-sante.qc.ca:27017,lemonldap_3.bd.interne.urgences-sante.qc.ca:27017', 'ssl' => '0', 'dbName' => 'llng_db', 'username' => 'lol', 'password' => 'tulesaurapas', 'connect_timeout_ms' => '3000', 'read_pref_mode' => 'primaryPreferred', 'replica_set_name' => 'rs0', 'w' => '1', 'wtimeout' => '3000' }
```
i confirm in Mongo that the data is correctly writed...
In manager portal, the configuration was not changed and still refere to File. But the idea is to switch in the INI, make it's work and configure SOAP in manager for DMZ portal
When i try to log in, i get this message: Your connection has expired, you must authenticate once again
### Logs
```
Dec 4 11:44:48 srv-pr-nginxv2 LLNG[1515]: Session 4ec020c47dbcd647db1e5a8f13670c0e can't be retrieved
Dec 4 11:44:48 srv-pr-nginxv2 LLNG[1515]: Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/vendor_perl/Apache/Session/Store/File.pm line 98.
```
### Backends used
For any bug on configuration/sessions storage, give us details on backends
### Possible fixes
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1626
Combination Module shouldn't force "Same"
2019-02-06T21:52:57Z
Christian Bayle
Combination Module shouldn't force "Same"
When using combination module, you are obliged to use "Same" for the UserDB module
in /usr/share/perl5/Lemonldap/NG/Manager/Conf/Tests.pm
```
# Check Combination parameters
combinationParameters => sub {
retur...
When using combination module, you are obliged to use "Same" for the UserDB module
in /usr/share/perl5/Lemonldap/NG/Manager/Conf/Tests.pm
```
# Check Combination parameters
combinationParameters => sub {
return 1 unless ( $conf->{authentication} eq "Combination" );
return ( 0, "Combination rule must be defined" )
unless ( $conf->{combination} );
return ( 0, 'userDB must be set to "Same" to enable Combination' )
unless ( $conf->{userDB} eq "Same" );
# Return
return 1;
},
```
but in case of OpenIdc, Kerberos you may use LDAP, in case of REST you may use 'None' as described in
https://manager.diod.orange.com/doc/pages/documentation/current/authrest.html :
To have just one call, you can only set REST authentication, set datas in “info” key response and set Null as User Database.
When I comment
```
return ( 0, 'userDB must be set to "Same" to enable Combination' )
unless ( $conf->{userDB} eq "Same" );
```
Everythings works fine for me, I think the test should force "Same" only in proper cases:
* Should allow LDAP, for OpenIdc, Kerberos, REST authentication modules
* Should allow None, for REST authentication module
Cheers
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1751
Deal with SAML IDP without SLO endpoint
2019-09-17T18:43:41Z
Alexandre LINTE
Deal with SAML IDP without SLO endpoint
### Concerned version
Version: 2.0.2
Platform: Nginx
### Summary
Error displayed on lemonldap if an IDP doesn't have an SLO endpoint.
### Possible fixes
Same issue already fixed for SP.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-...
### Concerned version
Version: 2.0.2
Platform: Nginx
### Summary
Error displayed on lemonldap if an IDP doesn't have an SLO endpoint.
### Possible fixes
Same issue already fixed for SP.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1047
FAQ
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1804
LemonLDAP installation on CentOS7 with yum all nginx.conf files missing
2019-06-19T06:06:08Z
Michael Goldfinger
LemonLDAP installation on CentOS7 with yum all nginx.conf files missing
### Concerned version
Version: %"2.0.4"
Platform: Nginx
### Summary
nginx config files missing
After installing lemonldap with yum there are no config files for nginx in the hole file system.
Checked with: find / -name "*nginx.conf"
...
### Concerned version
Version: %"2.0.4"
Platform: Nginx
### Summary
nginx config files missing
After installing lemonldap with yum there are no config files for nginx in the hole file system.
Checked with: find / -name "*nginx.conf"
Therefore the steps in https://lemonldap-ng.org/documentation/latest/confignginx do not generate valid symlinks
The folder /etc/lemonldap-ng only holds one file -> lemonldap-ng.ini
/usr/local/lemonldap-ng/etc/ do not exists after yum installation.
### Possible fixes
Add the config files in the rpm package provided by the yum repository.
FAQ
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1871
CSRF token causes scalability issues
2020-01-14T12:53:26Z
Julien Ledoux
CSRF token causes scalability issues
### Concerned version
Version: %"2.0.5"
Platform: Docker/CentOS 7/Nginx/llng-fastcgi-server
### Summary
CSRF token causes scalability issues since its values doesn't seems to be stored in the backend cache but only in LLNG memory. W...
### Concerned version
Version: %"2.0.5"
Platform: Docker/CentOS 7/Nginx/llng-fastcgi-server
### Summary
CSRF token causes scalability issues since its values doesn't seems to be stored in the backend cache but only in LLNG memory. When trying to run multiples instances of dockerized LLNG behind a load balancer, most of the time you won't be able to log in because CSRF token value changes regarding the instance you've been routed to.
### Backends used
Redis cache
### Possible fixes
Store CSRF token values in backend cache
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1872
Error after adding handler DevOps to LemonLDAP NG 2.0.4
2020-01-14T12:53:19Z
Rida ALLA
Error after adding handler DevOps to LemonLDAP NG 2.0.4
Hello,
Currently, I try to add the handler DevOps in my apache config :
`<VirtualHost ...>
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2::FCGIClient
PerlSetVar LLNG_SERVER 127.0.0.1:9090
PerlSetVar VHOSTT...
Hello,
Currently, I try to add the handler DevOps in my apache config :
`<VirtualHost ...>
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2::FCGIClient
PerlSetVar LLNG_SERVER 127.0.0.1:9090
PerlSetVar VHOSTTYPE DevOps
PerlSetVar RULES_URL http://app.tld/rules.json
...
</VirtualHost>`
But I got this error in the logs file :
[perl:error] [pid 1611] [client 10.107.4.224:45124] connection breaked from server process? at /usr/share/perl5/vendor_perl/FCGI/Client/Connection.pm line 51.\n
Anyone could tell me some idea about this error plz?
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1950
AuthBasic handler
2019-11-14T15:31:27Z
Daniel Berteaud
AuthBasic handler
I was running LL::NG 2.0.5 on CentOS 7, using nginx. All components (handler, portal, manager) are running on the same server. One of my vhost is using AuthBasic handler (defined in the vhost options in LL::NG and with "fastcgi_param VHO...
I was running LL::NG 2.0.5 on CentOS 7, using nginx. All components (handler, portal, manager) are running on the same server. One of my vhost is using AuthBasic handler (defined in the vhost options in LL::NG and with "fastcgi_param VHOSTTYPE AuthBasic;" in nginx config
Everything was working great, but broke after upgrading to LL::NG 2.0.6
Now, when I try to login, I'm presented the basic auth prompt, but auth is rejected. In server's log, I have
```
sept. 25 12:54:02 proxyin2 llng-fastcgi-server[2078]: [Wed Sep 25 12:54:02 2019] [LLNG:2080] [info] Session b2bb2cd242b4e17f48e175910cXXXXXXXXXXXXXXX can't be retrieved
sept. 25 12:54:02 proxyin2 llng-fastcgi-server[2078]: [Wed Sep 25 12:54:02 2019] [LLNG:2080] [info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/vendor_perl/Apache/Session/Store/DBI.pm line 93.
sept. 25 12:54:02 proxyin2 llng-fastcgi-server[2078]: [Wed Sep 25 12:54:02 2019] [LLNG:2081] [info] No cookie found
sept. 25 12:54:02 proxyin2 LLNG[2081]: [error] Authentication tried without token
sept. 25 12:54:02 proxyin2 LLNG[2081]: [warn] [anonymous] Bad credentials
sept. 25 12:54:02 proxyin2 LLNG[2081]: [notice] Error 401: Bad credentials
sept. 25 12:54:02 proxyin2 llng-fastcgi-server[2078]: [Wed Sep 25 12:54:02 2019] [LLNG:2080] [warn] Authentication failed for dani: 401 Unauthorized
```
The only change I made in the config was updating the _whatToTrace macro to force lower case ID. But reverting this has no efect
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1951
Captcha not working on CentOS 7 after ImageMagick upgrade
2019-10-18T13:44:28Z
Clément OUDOT
Captcha not working on CentOS 7 after ImageMagick upgrade
We have an issue in CentOS with latest GD::Image and ImageMagick modules, the captcha size is always one character:
![image](/uploads/db4e0ff15b7be052cf4dde6e6485de42/image.png)
```
[root@kptn-centos7 ~]# rpm -qa | grep -i magic
ImageM...
We have an issue in CentOS with latest GD::Image and ImageMagick modules, the captcha size is always one character:
![image](/uploads/db4e0ff15b7be052cf4dde6e6485de42/image.png)
```
[root@kptn-centos7 ~]# rpm -qa | grep -i magic
ImageMagick-6.7.8.9-18.el7.x86_64
perl-Variable-Magic-0.54-2.el7.x86_64
ImageMagick-perl-6.7.8.9-18.el7.x86_64
```
I don't have this issue on Ubuntu, with these versions:
```
root@llng-site:~# dpkg -l | grep -i magick
ii imagemagick-6-common 8:6.9.7.4+dfsg-11+deb9u7 all image manipulation programs -- infrastructure
ii libimage-magick-perl 8:6.9.7.4+dfsg-11+deb9u7 all Perl interface to the ImageMagick graphics routines
ii libimage-magick-q16-perl 8:6.9.7.4+dfsg-11+deb9u7 amd64 Perl interface to the ImageMagick graphics routines -- Q16 version
ii libmagickcore-6.q16-3:amd64 8:6.9.7.4+dfsg-11+deb9u7 amd64 low-level image manipulation library -- quantum depth Q16
ii libmagickwand-6.q16-3:amd64 8:6.9.7.4+dfsg-11+deb9u7 amd64 image manipulation library -- quantum depth Q16
ii php-imagick
```
A workaround is to disable ImageMagick for Captcha :
```
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm
index c4ee4ee1b..5304528b8 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm
@@ -1,7 +1,7 @@
package Lemonldap::NG::Portal::Lib::Captcha;
use strict;
-use GD::SecurityImage use_magick => 1;
+use GD::SecurityImage use_magick => 0;
use Mouse;
use MIME::Base64;
```
But the result is not as good as with ImageMagick.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1970
unable to have a authentication Combination of Kerberos and AD and other Things
2019-10-08T08:15:47Z
Vincent Filali-Ansary
unable to have a authentication Combination of Kerberos and AD and other Things
### Concerned version
Version: %2.0.6
Platform: Nginx
### Summary
an error appears because it misses the module Lemonldap::NG::Portal::USERDB::Kerberos when i try to auth from kerberos
### Logs
```
Oct 4 12:31:46 citron LLNG[8809]...
### Concerned version
Version: %2.0.6
Platform: Nginx
### Summary
an error appears because it misses the module Lemonldap::NG::Portal::USERDB::Kerberos when i try to auth from kerberos
### Logs
```
Oct 4 12:31:46 citron LLNG[8809]: [error] Lemonldap::NG::Portal::UserDB::Kerberos load error: Can't locate Lemonldap/NG/Portal/UserDB/Kerberos.pm in @INC (you may need to install the Lemonldap::NG::Portal::UserDB::Kerberos module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 134) line 1, <DATA> line 755.
Oct 4 12:31:46 citron LLNG[8809]: [error] Underlying object can't load conf (Lemonldap::NG::Portal::Main->reloadConf)
Oct 4 12:31:46 citron LLNG[8809]: [error] Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::RDBI loaded.
Configuration unchanged, get configuration from cache.)
Oct 4 12:31:46 citron LLNG[8809]: [error] Error 500: Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::RDBI loaded.
Configuration unchanged, get configuration from cache.)
```
### Backends used
i extract from the json configuration.
[lemonConf.json](/uploads/43291232253372d066f4484e19cd313e/lemonConf.json)
and the diff with another configuration working whit AD
```
< "authentication":"AD",
---
> "authentication":"Combination",
```
```
> "combModules":{
> "nAD":{
> "for":"0",
> "over":{},
> "type":"AD"
> },
> "nKerb":{
> "for":"0",
> "over":{},
> "type":"Kerberos"
> }
> },
> "combination":"[nKerb] or [nAD]",
```
```
> "demoExportedVars":{},
```
```
> "krbAuthnLevel":"3",
> "krbRemoveDomain":"1",
```
```
< "userDB":"AD",
---
> "userDB":"Same",
```
### Possible fixes
create the Lemonldap/NG/Portal/UserDB/Kerberos.pm ?
thanks for reading
FAQ
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1971
LDAP initialization error: Connection reset by peer
2019-10-09T16:27:36Z
Francois-Xavier MIOT
LDAP initialization error: Connection reset by peer
### Concerned version
Version: %"2.0.6"
Platform: (Apache)
### Summary
Summarize the bug encountered concisely
I'm using Lemonldap on version 1.9.18 in production and i'm installing the new version in Pre Production. I'm using the ...
### Concerned version
Version: %"2.0.6"
Platform: (Apache)
### Summary
Summarize the bug encountered concisely
I'm using Lemonldap on version 1.9.18 in production and i'm installing the new version in Pre Production. I'm using the same Active Directory for the old and the new plateform. With a fresh install with AD authentication i have an error on the portal page :
Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded. Configuration unchanged, get configuration from cache.)
in the log I can see AD authentication error and on my AD server I have this error :
> Une demande de connexion TLS 1.2 a été reçue à partir d’une application cliente distante, mais aucune des suites de chiffrement prises en charge par l’application cliente n’est prise en charge par le serveur. La demande de connexion SSL a échoué.
I can find on google information about 512 certificate :
https://blogs.technet.microsoft.com/silvana/2014/03/14/schannel-errors-on-scom-agent/
But after applying the microsoft patch I have the same error for authentication AD.
### Logs
```
==> /var/log/apache2/error.log <==
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Logger Lemonldap::NG::Common::Logger::Std loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] User logger Lemonldap::NG::Common::Logger::Std loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Get configuration 7
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [info] Loading configuration 7 for process 7287
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls defaultValuesInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls jailInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls portalInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls locationRulesInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls sessionStorageInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls headersInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls postUrlInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Process 7287 calls aliasInit
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Launching Lemonldap::NG::Portal::Main->reloadConf(conf)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Initialized CSP headers : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Initialized CORS headers : Access-Control-Allow-Origin;*;Access-Control-Allow-Credentials;true;Access-Control-Allow-Headers;*;Access-Control-Allow-Methods;POST,GET;Access-Control-Expose-Headers;*;Access-Control-Max-Age;86400;
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Main::Menu loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Main::Menu initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Auth::AD loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization error: Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization has failed, but let's continue
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] LDAP Search base: dc=domain,dc=loc
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] LDAP transformed filter: (&(sAMAccountName=".$req->{user}.")(objectClass=person))
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Auth::AD initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::UserDB::AD loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization error: Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization has failed, but let's continue
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] LDAP Search base: dc=domain,dc=loc
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] LDAP transformed filter: (&(sAMAccountName=".$req->{user}.")(objectClass=person))
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::UserDB::AD initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::2F::Engines::Default loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking utotp2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking totp2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking u2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking rest2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking mail2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking ext2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking yubikey2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking radius2fActivation
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking totp2fSelfRegistration
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking u2fSelfRegistration
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Checking yubikey2fSelfRegistration
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> not enabled
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Processing Extra 2F modules
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::2F::Engines::Default initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::Notifications loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring unauth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route notifback added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route notifback added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route notifback added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Lib::Notifications::JSON loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Found endAuth entry point:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> checkNotifDuringAuth
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::Notifications initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::History loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Found endAuth entry point:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> run
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::History initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::GrantSession loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Found afterData entry point:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> run
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::GrantSession initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::Upgrade loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route upgradesession added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route upgradesession added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::Upgrade initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::AutoSignin loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Found beforeAuth entry point:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] -> check
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::AutoSignin initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Plugins::RESTServer loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add DELETE route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route : added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add PUT route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route : added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Plugin ::Plugins::RESTServer initializated
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Module Lemonldap::NG::Portal::Password::AD loaded
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] LDAP initialization error: Connection reset by peer
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error]
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] [error]
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring unauth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add PUT route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add DELETE route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Declaring auth route
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add GET route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add POST route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add PUT route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] Add DELETE route:
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] route * added
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Underlying object can't load conf (Lemonldap::NG::Portal::Main->reloadConf)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [warn] [anonymous] Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [debug] [warn] [anonymous] Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.)
[Tue Oct 8 16:13:42 2019] [LLNG:7287] [error] Error 500: Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.)
```
I'm using this line for connexion : ldaps://xxx.xxx.xx.x
### Backends used
For any bug on configuration/sessions storage, give us details on backends
### Possible fixes
Thanks for your help and i hope it's not a misconfiguration. I repeat for information my production plateform with old stable work without problem with this Domain Controller.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1977
Infinite redirection loop for CDA
2019-10-21T14:31:24Z
Ghost User
Infinite redirection loop for CDA
### Concerned version
Version: %2.0.6
Platform: (Nginx)
### Summary
When trying to set CDA I run into an infinite redirection loop. The CDA URL parameter does not seems to be detected.
- CDA is correctly activated in lemonLDAP's jso...
### Concerned version
Version: %2.0.6
Platform: (Nginx)
### Summary
When trying to set CDA I run into an infinite redirection loop. The CDA URL parameter does not seems to be detected.
- CDA is correctly activated in lemonLDAP's json configuration.
- Aliases are setted in lemonLDAP's json configuration.
- Cookie forward directives are setted in nginx configuration.
You can try it here: https://flap-demo.duckdns.org with user `lemon` and password `lemonLDAP` by going to https://flap-demo2.duckdns.org
### Logs
Here are the log I get from nginx and lemonLDAP:
```
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [info] Session 645f67151468cebc8ef69f2434da8cf822cb367b08c7691750891c3a45c3f127 can't be retrieved
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
lemon_1 |
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [debug] Build URL https://flap-demo2.duckdns.org/
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:14] [debug] Redirect 88.181.226.50 to portal (url was /)
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET / HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] Get session bf5d1f990f576293271497f1d4caea7c1998d13fea27d729e25d7b922b4b299e from Handler internal cache
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] auth.flap-demo.duckdns.org: Apply default rule
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] removing cookie
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] Cookies -> hibext_instdsigdipv2=1; flap-logged=true; llnglanguage=en; flap-sso=bf5d1f990f576293271497f1d4caea7c1998d13fea27d729e25d7b922b4b299e
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] CookieName -> flap-sso
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] newCookies -> hibext_instdsigdipv2=1; flap-logged=true; llnglanguage=en;
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:12] [debug] User lemon was granted to access to /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw==
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - -@auth.flap-demo.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?url=aHR0cHM6Ly9mbGFwLWRlbW8yLmR1Y2tkbnMub3JnLw== HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [info] Session 645f67151468cebc8ef69f2434da8cf822cb367b08c7691750891c3a45c3f127 can't be retrieved
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
lemon_1 |
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [debug] Build URL https://flap-demo2.duckdns.org/?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a
lemon_1 | [Mon Oct 21 11:12:08 2019] [LLNG:10] [debug] Redirect 88.181.226.50 to portal (url was /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a)
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
nginx_1 | 88.181.226.50 - @flap-demo2.duckdns.org - [21/Oct/2019:11:12:08 +0000] "GET /?flap-ssocda=2535b42565ed4dbfd888ada96a4063d367f7ac56bd5812e1cc6386a2501d6b7a HTTP/2.0" 302 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" "-"
...
```
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2100
Migrating SOAP Proxy clients to 2.0 with a 1.9 Server gives empty @INC errors
2023-02-04T15:31:12Z
Greg B
Migrating SOAP Proxy clients to 2.0 with a 1.9 Server gives empty @INC errors
### Concerned version
Version: %"2.0.7"
Platform: Apache
### Summary
When updating lemonldap handler to 2.0 from a previous 1.9 install, I Get the following error:
```
SOAP error : Failed to access class (Lemonldap::NG::Common::PSGI...
### Concerned version
Version: %"2.0.7"
Platform: Apache
### Summary
When updating lemonldap handler to 2.0 from a previous 1.9 install, I Get the following error:
```
SOAP error : Failed to access class (Lemonldap::NG::Common::PSGI::SOAPService): Can't locate Lemonldap/NG/Common/PSGI/SOAPService.pm in @INC (you may need to install the Lemonldap::NG::Common::PSGI::SOAPService module) (@INC contains:) at (eval 12931) line 2.
```
I modified the apache vhost config has to have he following lines:
```
PerlOptions +GlobalRequest
PerlModule Lemonldap::NG::Handler::ApacheMP2
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
```
I tried to move the first two lines outside of vhost as explained in the doc but there is no difference.
I obtain the same error when running /usr/share/lemonldap-ng/bin/purgeLocalCache with the same empty @INC
Printing @INC in the _soapCall sub of SOAP.pm gives me the following content:
```
/etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base
```
configuration part of lemonldap-ng.ini contains the following:
```
type = SOAP
proxy = https://auth.evok.ch/index.pl/config
localStorage=Cache::FileCache
localStorageOptions={ \
'namespace' => 'lemonldap-ng-config',\
'default_expires_in' => 600, \
'directory_umask' => '007', \
'cache_root' => '/tmp', \
'cache_depth' => 0, \
}
```
### Logs
```
[Thu Feb 20 13:55:02.542993 2020] [perl:debug] [pid 7977:tid 140195441665792] Apache2.pm(14): Check configuration for Lemonldap::NG::Handler::ApacheMP2::Main
SOAP error : Failed to access class (Lemonldap::NG::Common::PSGI::SOAPService): Can't locate Lemonldap/NG/Common/PSGI/SOAPService.pm in @INC (you may need to install the Lemonldap::NG::Common::PSGI::SOAPService module) (@INC contains:) at (eval 22479) line 2.
[Thu Feb 20 13:55:02.696757 2020] [perl:error] [pid 7977:tid 140195441665792] Lemonldap::NG::Handler::ApacheMP2::Main: Unable to load configuration: Lemonldap::NG::Common::Conf::Backends::SOAP loaded.\nError: No configuration available in backend.\nError: No configuration found in local cache
[Thu Feb 20 13:55:02.696846 2020] [perl:error] [pid 7977:tid 140195441665792] Lemonldap::NG::Handler::ApacheMP2::Main: No configuration found
```
### Backends used
Backend is a 1.9.21 on Debian Jessie installed through lemonldap 1.9 repo
type is SOAP
Works with all 1.9 clients but none of the 2.0 clients.
As suggested in the upgrade doc, I want to upgrade the clients (I have ~20 of them) before upgrading the backend.
### Possible fixes
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2150
Combination does not stored failed login attempts for each scheme
2020-05-12T14:38:32Z
Christophe Maudoux
chrmdx@gmail.com
Combination does not stored failed login attempts for each scheme
### Summary
If the first scheme failed and the second one succeeds. Just the last success login is stored into history.
### Design proposition
Store failed login attempt for each schema.
### Summary
If the first scheme failed and the second one succeeds. Just the last success login is stored into history.
### Design proposition
Store failed login attempt for each schema.
In discussion
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2206
Can not use brute-force protection with Combination
2023-01-31T22:37:28Z
Dominique Fournier
Can not use brute-force protection with Combination
### Concerned version
Version: %2.0.8
Platform: (Nginx)
### Summary
When using Combination authentication model, the brute-force protection doesn't works
### Logs
```
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Processing getUser
...
### Concerned version
Version: %2.0.8
Platform: (Nginx)
### Summary
When using Combination authentication model, the brute-force protection doesn't works
### Logs
```
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Processing getUser
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] [notice] Combination (Lemonldap::NG::Portal::Lib::LDAP): UNKNOWNUSER was not found in LDAP directory
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Prepare token
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Token 1586872129_23810 created
Apr 15 11:46:49 meeting2 LLNG[28355]: [info] Scheme "LDAPZimbra" returned 5, trying next
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Processing extractFormInfo
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Processing getUser
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] [notice] Combination (Lemonldap::NG::Portal::Lib::LDAP): UNKNOWNUSER was not found in LDAP directory
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Prepare token
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Token 1586872129_58009 created
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] [warn] All schemes failed for user UNKNOWNUSER
...
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Call bind for uid=dominique.fournier,ou=people,dc=grenoble,dc=cnrs,dc=fr
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] [warn] Bad password for dominique.fournier@grenoble.cnrs.fr
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Prepare token
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Token 1586872176_42383 created
Apr 15 11:47:36 meeting2 LLNG[28356]: [info] Scheme "LDAPZimbra" returned 5, trying next
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] -> authResult = 0
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Processing extractFormInfo
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Processing getUser
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] [notice] Combination (Lemonldap::NG::Portal::Lib::LDAP): dominique.fournier@grenoble.cnrs.fr was not found in LDAP directory
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Prepare token
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Token 1586872176_212 created
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] [warn] All schemes failed for user dominique.fournier@grenoble.cnrs.fr
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Returned error: 5 (PE_BADCREDENTIALS)
```
### Backends used
The backends used are LDAP or Exchange.
### More analysis
Christophe Maudoux has analyze this problem the 15/04 on the mailling list.
It says : *With Combination, seems history plugin is called if scheme succeeds...*
But it is not
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2226
Signature validation failed. Logout Response rejected
2020-09-06T15:17:02Z
Marc Hörsken
Signature validation failed. Logout Response rejected
### Environment
LemonLDAP::NG version: 2.0.8-1
Operating system: Ubuntu Xenial
Web server: Apache + fcgi
### Summary
The Signature generated for a Logout SAMLResponse is invalid. It is not accepted by the SP and manual verification ...
### Environment
LemonLDAP::NG version: 2.0.8-1
Operating system: Ubuntu Xenial
Web server: Apache + fcgi
### Summary
The Signature generated for a Logout SAMLResponse is invalid. It is not accepted by the SP and manual verification with OpenSSL fails aswell.
### Logs
```
Include the logs using logLevel = debug if possible. Attach it as file if it's too big
```
Please tell me which logs are required. Here are the generated responses and relevant certificates:
SAML Logout Request:
`fZJPj5swEMXv+ykQ94CJIYCVoK6UtkJKs2q220Mv1WAPfxqwqW2q7LevYRspW3V7nfH7vZk33hoY+pEdVKMme8KfExp753mXoZeGLb2dP2nJFJjOMAkDGmY5e7z/dGDrgLBRK6u46v1Xov9rwBjUtlNyFpX7nf9wfH94+Fgev2PFeYwJEAo1JSnlaULjvAYqKgFIaETyhCBNZuFX1MYxdr5DLiBjJiylsSCtK5I1WZHNitAvUcSimEXZt/nV3u3XSbCLsrV2NCwMewHjyhgVcDdXYM/QdDbgagjnXULTyabHa0LWbeYXjuR527nNFl9dXFm/Bg3Po+IrkgQaDYLm7b+5A1oQYCH8fGp/6KdDVV6a5tSE2/CWe+N0dEmWe++D0gPYtyOOgmipdGJVL08ZDtD190K4eYxfDG6koFUuvjPKd7Z9dueQZz2N4zzbH/cXrxv3kT06tYutlAIvBU2jvF4DjSDfzHeJ0iwmWSxIllOKCU/jCnMqNrjOoa7qnAteJZhmlNcASU5ebP6C3l2rr75j8Rs=`
Entity ID of the source:
`https://ldap-sso.cert.tkagit.com/saml/metadata`
Target URL, Destination of the Logout Response:
`https://vmraypoc-05.research.cert.tkagit.com/saml/slo/QRhjrULbIxggRg/`
X.509 cert of the source (to check Signature):
```
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUUYN3XC7m4dXar/brk8ISh2e2qEYwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA2MDMwOTM3NThaFw0zMDA2
MDEwOTM3NThaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC8M/WmX68ejelVqlAH50Gy5RCWeKsL6Haa3WYyluZ+
oLAafD9ku3Mz1I35jpp8dpNwGfsADi9HfURcodWEqEPUFmGafJFjREL+eMrCrDky
1nmwrkaVBI61x4TyyoNPp2sUZLWnf0VVVt6jBq6/qXKjq2Ad9842RWaSmGztmvSl
oKd9p13vK8dla4q0S4jw97Bo63pvvemumtiDXWXBWf8LofUsCsZgCp8ARQg1SFIC
cEldmXA8SS8A3haAswkbl6T5SfQDTACNmpypx4LhK4ZGZ8uf/vXz6ASo6M9GmYXB
WNEYsM2LNZRX3Ym8gyNwA8HgesSkuIItgBpuPZSLzCHbAgMBAAGjUzBRMB0GA1Ud
DgQWBBT8pOguhoD1W8Eu/ApHJv7lszkqRzAfBgNVHSMEGDAWgBT8pOguhoD1W8Eu
/ApHJv7lszkqRzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCW
izPVhEQQDv1dyLAsRpSrRteL7QE1kGbXwJxWIfRERH6vAaI8B7vVU5qTeVD8G1gu
quKWPP6mFD0b9r8YGGFeX2xBCEJ5BUtWcrPBohztUmDpDUzOE3GVg3gJ8WAlinLt
AVSDV7YgiZLTdFy4rXEZCpZdQEafn9Mgz56xMtrPNvamcytLPXod4mty+Ss93qMw
sm6A8Dq2yxZ8gD5BQSuVNymdVk2ujXK7jCCFoXoi+E3r5Xtu4we7U5VZgDn8k/tt
I+v/VAO9pdcY1eW6NZ3jJYPKzIfH6g90G3NhhYoqdDkFQX1b8DRa77UVMeEYgmPp
eeEpCCpcsk7WCbMsMdYu
-----END CERTIFICATE-----
```
RelayState:
`https://vmraypoc-05.research.cert.tkagit.com/login`
Signature of the SAML Logout Response:
`T0pCoEkZgAPkrOQM8t5rM2ipImbw3EQqXlt1hn+ZbUgo17+v6YpC6DPRT/IRa5deZmFfUn6m4Y2d8/ZIdQC+afRyApr6le0KvdVqjO9E93U8EklwEm93kwmpDlMcB8JPdQrCDE5JfwKw43BiijLWcnw9tkJIGTKpjtqOVVJ4Cbgyx6QgPf+QKsZLk2GgEaIzkccUdTzaKwOrvXb/dxCzkgl3s72a2jlm7/1+0/giiF9Gt/2JfelHI1AoKOqIS0PqjOAqX31aqZ/nwHreUqP3IElsAUk8NMD+/hEwSNAgh0wdDoL19M8Gq/0t7GNP9hehLBpu4D01MgVNd8PBzhZVjg==`
SigAlg:
`http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
Tested via: https://www.samltool.com/validate_logout_res.php
### Backends used
Backend: LDAP only (Authentication, User and Password)
Use Case: only used for SAML 2 authentication on SP
### Possible fixes
Unknown. SAML Auth is not used, only SAML Issuer.
FAQ
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2268
Issue with Force Reset Password Change on next Login
2020-10-10T16:01:09Z
Mathieu Peyrazeix
Issue with Force Reset Password Change on next Login
### Environment
LemonLDAP::NG version: ( 2.0.8 )
Operating system: (Debian Buster and version)
Web server: (Apache 2)
LDAP: (OpenLDAP + FusionDirectory)
### Summary
I enabled ppolicy and want to force users to change their password...
### Environment
LemonLDAP::NG version: ( 2.0.8 )
Operating system: (Debian Buster and version)
Web server: (Apache 2)
LDAP: (OpenLDAP + FusionDirectory)
### Summary
I enabled ppolicy and want to force users to change their password if an admin modified it (pwdReset = TRUE)
When user login, he is redirected to change password form. After writting newpassword and confirmnewpassowrd he validates the form, a message is shown : "Password not filled in" (We use French).
If he fill up again the form and validates it, he is redirected to the login page.
### Logs
Logs in : [error.txt](/uploads/944862b7cdcd107d70b9d6b2fc09ca3a/error.txt)
### Backends used
ppolicy is enabled and configured.
LemonLdap password's configuration is : ![Capture](/uploads/1638a30f09426799492744156db01753/Capture.PNG)
### Possible fixes
I saw there was a fix added 10 month ago but still this error ( https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1910)
EDIT : Solution proposed by Bastien JEAN works. But I don't know if unit tests will still be break ..
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2269
Issue saml connexion and no redirection to the AssertionConsumerService
2020-08-19T10:38:34Z
Ghost User
Issue saml connexion and no redirection to the AssertionConsumerService
Hello we are facing an issue with the implementation of SAML Service Providers.
After sending a samlRequest and authentificated well we are not redirect to the AssertionConsumerService but we are redirected to http://auth.example.com/.
...
Hello we are facing an issue with the implementation of SAML Service Providers.
After sending a samlRequest and authentificated well we are not redirect to the AssertionConsumerService but we are redirected to http://auth.example.com/.
Here is the metadata for the service provider:
```
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
validUntil="2020-08-15T08:32:05Z"
cacheDuration="PT604800S"
entityID="JAGUARDS">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:4200/api/saml/callback"
index="1" />
</md:SPSSODescriptor>
</md:EntityDescriptor>
```
Here is the log:
```
[Thu Aug 6 11:25:20 2020] [LLNG:41] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Get configuration 3.
Get configuration 3.
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Get session 01d1c4264403afd179c1768b4c68c5c2dcd25032e9e5a280175ad5fb24ad0e68 from Handler::Main::Run
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Check session validity from Handler
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Session timeout -> 72000
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Session _utime -> 1596707537
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] now -> 1596713121
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Session timeoutActivityInterval -> 60
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Session TTL = 66416
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] No URL authentication level found...
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] auth.example.com: Apply default rule
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] removing cookie
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Cookies -> llnglanguage=fr; lemonldap=01d1c4264403afd179c1768b4c68c5c2dcd25032e9e5a280175ad5fb24ad0e68
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] CookieName -> lemonldap
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] newCookies -> llnglanguage=fr;
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] User dwho was granted to access to /saml/singleSignOn?SAMLRequest=lZJBT8IwGIbv%2Foql922lwMCGjSwQDQYTMsCDF9N1H7K4tbPtkJ9vN0cyEyV6atL2e%2Fo%2Bbzqbn8vC%0AOYHSuRQhGngYOSC4zHLxGqL97s6dImce3cw0K4uKxrU5igTea9DGibUGZezcQgpdl6C2oE45h32y%0ADtHRmIr6PrMDHpxZWRXgcVnSEcHYZ1XuN0Cfs6JIGX9DzmoZoof4fh8ny%2B0LZzwlOAhcDsOJOyKH%0AwL1NCXdZNgQ8HWckBWZHtK5hJbRhwoSIYIJdPHVxsBsMKBlTgj0yGT0j5%2BliRxo76ys0bXVCVCtB%0AJdO5poKVoKnhdBs%2Frqm9SSsljeSyQFErT2j7nuoByHUAu%2FSDoovZzO%2BjOnBFu0Yha%2Fu1dRo4G2ch%0Ay4qpXDfRbYXc9MOT%2F6WnffKisNESOPRwfza5eo1T3qDt9sYuH1JlGxsDuDXbKSZ0JZX5quDHPFFX%0Azy%2BFdMfff2H0CQ%3D%3D&RelayState=%257B%2522choosenLang%2522%253Anull%252C%2522browserLang%2522%253A%2522fr%2522%252C%2522returnUrl%2522%253A%2522%2522%257D
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Start routing saml
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Processing _forAuthUser
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Cleaning pdata
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Processing importHandlerData
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Processing controlUrl
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Processing code ref
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Launching ::Password::Demo::_modifyPassword
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Processing code ref
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Not an issuer request /saml/singleSignOn?SAMLRequest=lZJBT8IwGIbv/oql922lwMCGjSwQDQYTMsCDF9N1H7K4tbPtkJ9vN0cyEyV6atL2e/o+bzqbn8vC
OYHSuRQhGngYOSC4zHLxGqL97s6dImce3cw0K4uKxrU5igTea9DGibUGZezcQgpdl6C2oE45h32y
DtHRmIr6PrMDHpxZWRXgcVnSEcHYZ1XuN0Cfs6JIGX9DzmoZoof4fh8ny+0LZzwlOAhcDsOJOyKH
wL1NCXdZNgQ8HWckBWZHtK5hJbRhwoSIYIJdPHVxsBsMKBlTgj0yGT0j5+liRxo76ys0bXVCVCtB
JdO5poKVoKnhdBs/rqm9SSsljeSyQFErT2j7nuoByHUAu/SDoovZzO+jOnBFu0Yha/u1dRo4G2ch
y4qpXDfRbYXc9MOT/6WnffKisNESOPRwfza5eo1T3qDt9sYuH1JlGxsDuDXbKSZ0JZX5quDHPFFX
zy+FdMfff2H0CQ==&RelayState=%7B%22choosenLang%22%3Anull%2C%22browserLang%22%3A%22fr%22%2C%22returnUrl%22%3A%22%22%7D
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Calling autoredirect
[Thu Aug 6 11:25:21 2020] [LLNG:41] [debug] Building redirection to http://auth.example.com/
172.17.0.1 - - [06/Aug/2020:11:25:21 +0000] "POST /saml/singleSignOn?SAMLRequest=lZJBT8IwGIbv%2Foql922lwMCGjSwQDQYTMsCDF9N1H7K4tbPtkJ9vN0cyEyV6atL2e%2Fo%2Bbzqbn8vC%0AOYHSuRQhGngYOSC4zHLxGqL97s6dImce3cw0K4uKxrU5igTea9DGibUGZezcQgpdl6C2oE45h32y%0ADtHRmIr6PrMDHpxZWRXgcVnSEcHYZ1XuN0Cfs6JIGX9DzmoZoof4fh8ny%2B0LZzwlOAhcDsOJOyKH%0AwL1NCXdZNgQ8HWckBWZHtK5hJbRhwoSIYIJdPHVxsBsMKBlTgj0yGT0j5%2BliRxo76ys0bXVCVCtB%0AJdO5poKVoKnhdBs%2Frqm9SSsljeSyQFErT2j7nuoByHUAu%2FSDoovZzO%2BjOnBFu0Yha%2Fu1dRo4G2ch%0Ay4qpXDfRbYXc9MOT%2F6WnffKisNESOPRwfza5eo1T3qDt9sYuH1JlGxsDuDXbKSZ0JZX5quDHPFFX%0Azy%2BFdMfff2H0CQ%3D%3D&RelayState=%257B%2522choosenLang%2522%253Anull%252C%2522browserLang%2522%253A%2522fr%2522%252C%2522returnUrl%2522%253A%2522%2522%257D HTTP/1.1" 302 5 "http://auth.example.com:4200/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15"
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Get configuration 3.
Get configuration from cache without verification.
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Get session 01d1c4264403afd179c1768b4c68c5c2dcd25032e9e5a280175ad5fb24ad0e68 from Handler::Main::Run
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Check session validity from Handler
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Session timeout -> 72000
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Session _utime -> 1596707537
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] now -> 1596713121
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Session timeoutActivityInterval -> 60
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Session TTL = 66416
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] No URL authentication level found...
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] auth.example.com: Apply default rule
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] removing cookie
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Cookies -> llnglanguage=fr; lemonldap=01d1c4264403afd179c1768b4c68c5c2dcd25032e9e5a280175ad5fb24ad0e68
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] CookieName -> lemonldap
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] newCookies -> llnglanguage=fr;
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] User dwho was granted to access to /
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Start routing default route
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Processing importHandlerData
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Processing controlUrl
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Processing checkLogout
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Processing code ref
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Launching ::Password::Demo::_modifyPassword
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Calling autoredirect
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Evaluate condition 1 for module Appslist
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Evaluate condition $_auth =~ /^(LDAP|DBI|Demo)$/ for module ChangePassword
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Evaluate condition 1 for module LoginHistory
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Evaluate condition $_oidcConnectedRP for module OidcConsents
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Evaluate condition 1 for module Logout
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Check if Appslist has to be displayed
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] No URL authentication level found...
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Regexp "Sessions" match
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] No URL authentication level found...
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] Regexp "Configuration" match
[Thu Aug 6 11:25:21 2020] [LLNG:46] [debug] No URL authentication level found...
```
Did we do something wrong?
thanks, Chris
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2328
SAML: propagating SOAP single logout to relying party of relying party does n...
2021-07-09T09:44:09Z
Andreas Deschka
SAML: propagating SOAP single logout to relying party of relying party does not work
For testing I have setup 3 Lemonldaps (2.0.9) with docker-compose. The logout binding is SOAP.
```
lemonldap_1 --> lemonldap2_1 --> lemonldap4_1
```
The Urls are:
```
lemonldap_1: https://myportal.testsphbs-main.km20201-02.keymachine.de...
For testing I have setup 3 Lemonldaps (2.0.9) with docker-compose. The logout binding is SOAP.
```
lemonldap_1 --> lemonldap2_1 --> lemonldap4_1
```
The Urls are:
```
lemonldap_1: https://myportal.testsphbs-main.km20201-02.keymachine.de
lemonldap2_1: https://myportal.testsphbs-extension.km20201-02.keymachine.de
lemonldap4_1: https://myportal.testsphbs-extension-app.km20201-02.keymachine.de
```
Here are the configuration files:
[lmConf-main.json](/uploads/e45b44f760919a97facf9f0a21a74b63/lmConf-main.json),
[lmConf-extension.json](/uploads/6de560fd24584a3ca07ec1813a3f3c65/lmConf-extension.json),
[lmConf-extension-app.json](/uploads/f2b5b904c5041be7c828207288984b04/lmConf-extension-app.json)
When I start the logout in lemonldap_1 it gets propagated to lemonldap2_1. It is not propagated to lemonldap4_1. The
Maybe I did an error in the configuration. Or is there another way of how to achieve this? Should I use OIDC instead as the connection between lemonldap_1 and lemonldap2_1?
```
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Get session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8 from Handler::Main::Run
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Check session validity from Handler
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session timeout -> 72000
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session _utime -> 1601138177
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] now -> 1601138207
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session timeoutActivityInterval -> 60
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session TTL = 71970
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] No URL authentication level found...
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] myportal.testsphbs-main.km20201-02.keymachine.de: Apply default rule
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] removing cookie
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Cookies -> llnglanguage=de; lemonldap=afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] CookieName -> lemonldap
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] newCookies -> llnglanguage=de;
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] User dwho was granted to access to /?logout=1
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Start routing default route
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing importHandlerData
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing controlUrl
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing checkLogout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Launching ::Issuer::SAML::logout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Retrieve SAML session 2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] SAML session 2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8 deleted
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Retrieve SAML session 7082731f1d1d6902147f28969dcba040752a8e6102859a146b5904cce5dfc3dc
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] SAML session 7082731f1d1d6902147f28969dcba040752a8e6102859a146b5904cce5dfc3dc deleted
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap_1 | <NidAndSessionIndex ProviderID="https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata" AssertionID="_B56EC1EE38113E186B4BFC68FA10F1AB" SessionIndex="2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8">
lemonldap_1 | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID>
lemonldap_1 | </NidAndSessionIndex>
lemonldap_1 | </Session>
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Lasso Session loaded
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] SLO request signature according to metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] No logout request found, build it
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Request built for https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Keep request ID _C1F8376A7F764D275D70C9D3A4D8784B in assertion session 08354df8de62d51918c8a4419a5727f9a5fda66a3b9221a88d638d82f8a6430f
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Build SOAP relay logout request for https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Launching ::Issuer::CAS::logout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] No CAS session found for session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Launching ::Issuer::OpenIDConnect::logout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing authLogout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Cleaning pdata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing deleteSession
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Try to get SSO session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Get session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8 from Portal::Main::Run
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Return SSO session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Local handler logout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [notice] User dwho has been disconnected from Demo (172.20.0.2)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] [notice] User dwho has been disconnected from Demo (172.20.0.2)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8 deleted from global storage
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Returned error: 47 (PE_LOGOUT_OK)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Display: info detected
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Hidden values :
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Skin returned: info
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Calling sendHtml with template info
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Required Params URL : https://myportal.testsphbs-main.km20201-02.keymachine.de/
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Set CSP form-action with Params URL : https://myportal.testsphbs-main.km20201-02.keymachine.de
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Apply following CSP : default-src 'self' https:;img-src 'self' data: https: 'unsafe-inline';style-src 'self' https: 'unsafe-inline';font-src 'self' https:;connect-src 'self';script-src 'self';form-action 'self' https: https://myportal.testsphbs-main.km20201-02.keymachine.de;frame-ancestors 'self';
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /?logout=1 HTTP/1.1" 200 1965 "https://myportal.testsphbs-main.km20201-02.keymachine.de/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bootstrap/css/styles.min.css HTTP/1.1" 200 1785 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/bootstrap/dist/css/bootstrap.min.css HTTP/1.1" 200 159515 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 31000 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/jquery/dist/jquery.min.js HTTP/1.1" 200 89627 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/jquery-ui/jquery-ui.min.js HTTP/1.1" 200 256242 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/portal.css
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Redirect 172.20.0.2 to portal (url was /portal.css)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Start routing portal.css
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /portal.css HTTP/1.1" 200 23 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/jquery.cookie/jquery.cookie.min.js HTTP/1.1" 200 1379 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bootstrap/js/skin.min.js HTTP/1.1" 200 499 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/js/portal.min.js HTTP/1.1" 200 10326 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/bootstrap/dist/js/bootstrap.min.js HTTP/1.1" 200 59763 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/js/info.min.js HTTP/1.1" 200 447 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/index.psgi/psgi.js
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Redirect 172.20.0.2 to portal (url was /index.psgi/psgi.js)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Start routing psgi.js
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /index.psgi/psgi.js HTTP/1.1" 200 205 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/logos/logo_llng_400px.png HTTP/1.1" 200 10704 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Redirect 172.20.0.2 to portal (url was /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Start routing saml
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] URL /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 detected as a SOAP relay service URL
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Found relay session 3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap_1 | <NidAndSessionIndex ProviderID="https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata" AssertionID="_B56EC1EE38113E186B4BFC68FA10F1AB" SessionIndex="2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8">
lemonldap_1 | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID>
lemonldap_1 | </NidAndSessionIndex>
lemonldap_1 | </Session>
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Lasso Session loaded
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] SLO request signature according to metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] No logout request found, build it
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Request built for https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Keep request ID _2B984823AE6188DDB73EBC444E2B87B8 in assertion session aa20c19b452188d84a763dfcf2a56001151a10623f532fd1a708f70ad84362a9
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Send SOAP logout request to https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Send SOAP message <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutRequest ID="_2B984823AE6188DDB73EBC444E2B87B8" Version="2.0" IssueInstant="2020-09-26T16:36:47Z" Destination="https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP"><saml:Issuer>https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
lemonldap_1 | <SignedInfo>
lemonldap_1 | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap_1 | <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
lemonldap_1 | <Reference URI="#_2B984823AE6188DDB73EBC444E2B87B8">
lemonldap_1 | <Transforms>
lemonldap_1 | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
lemonldap_1 | <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap_1 | </Transforms>
lemonldap_1 | <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
lemonldap_1 | <DigestValue>htGIBONqZloiigXc53BOyI1aE2s=</DigestValue>
lemonldap_1 | </Reference>
lemonldap_1 | </SignedInfo>
lemonldap_1 | <SignatureValue>GWrZ+K1177nOu/emTIPjpxvf3GS2ExpzoxwInL8DtTyKNWrXuOJX6pwdn47iepL4
lemonldap_1 | YkKL3k9IDH7LoK56BYS2whJUbci56Hd8Iylwrv4MBTh2VJNNcLstAmE4u8+FDPAZ
lemonldap_1 | 0G8G+qSelMMEFE6yW65mq6xAu6+ofY/nJ5gduEovNdUyOD8anG42tcEyutT7jT7J
lemonldap_1 | t4b9XiP/hsUiEvl1LAnYsNFAPW1ogQ4E8hrOC1TMNmEnzaoXu4M0wktlSv5xvX/9
lemonldap_1 | ++/DqfmD2lrhXQUm8YZ7xUTH9pUeOiBPvLkgDEJ7KH4CTCxdHpFUsaNBd2RJ50zM
lemonldap_1 | IY5oQc7fGVAw7C82hrkyew==</SignatureValue>
lemonldap_1 | <KeyInfo>
lemonldap_1 | <KeyValue>
lemonldap_1 | <RSAKeyValue>
lemonldap_1 | <Modulus>
lemonldap_1 | tJVrXzDTdvB5a1jPF+ielplr3ECP5AqxYO0iwy+wIYZQ47Y4zw1YDAtNk5IaQX0d
lemonldap_1 | 6T87HDZu5WtCEKz8BIsM5s2fpq55DhRZ8wE0kVARE5OuqpwcokE6ivTG/xCY0w9A
lemonldap_1 | qG+bWRcsvieaTmMYLIT/wRJvRozYGKBngAcnPElcbM+N+9u0qajjZ6+l4/dDDsYl
lemonldap_1 | xbKHvFn1+DrqeXROdiEy2Eu0ChyvgMzbX3brGaFE2VjqfjYw3QIdq+Iwcg/hxb8/
lemonldap_1 | aFCo64ewbDzR3PKq+iYpriEnrHIsdGfW21A0Sd7EGrx9bxttJ1YnOvoUEaK5EQ/F
lemonldap_1 | aDjME/naIZ0M0sdSqJBIOw==
lemonldap_1 | </Modulus>
lemonldap_1 | <Exponent>
lemonldap_1 | AQAB
lemonldap_1 | </Exponent>
lemonldap_1 | </RSAKeyValue>
lemonldap_1 | </KeyValue>
lemonldap_1 | </KeyInfo>
lemonldap_1 | </Signature><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID><samlp:SessionIndex>2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8</samlp:SessionIndex>
lemonldap_1 | </samlp:LogoutRequest></s:Body></s:Envelope> to https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1" 200 77160 "https://myportal.testsphbs-main.km20201-02.keymachine.de/static/bwr/font-awesome/css/font-awesome.min.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/bootstrap/dist/css/bootstrap.min.css.map HTTP/1.1" 200 641867 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get configuration from cache without verification.
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [info] No cookie found
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Build URL http://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Redirect 172.20.0.2 to portal (url was /saml/proxySingleLogoutSOAP)
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] User not authenticated, Try in use, cancel redirection
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Start routing saml
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Not seen as Issuer request, skipping
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing controlUrl
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::SAML::storeEnv
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::CAS::storeEnvAndCheckGateway
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Plugins::AutoSignin::check
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing extractFormInfo
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Choice 2_saml selected from /saml/proxySingleLogoutSOAP
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] URL /saml/proxySingleLogoutSOAP detected as an SLO URL
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SAML method: HTTP-SOAP
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutRequest ID="_2B984823AE6188DDB73EBC444E2B87B8" Version="2.0" IssueInstant="2020-09-26T16:36:47Z" Destination="https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP"><saml:Issuer>https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
lemonldap2_1 | <SignedInfo>
lemonldap2_1 | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap2_1 | <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
lemonldap2_1 | <Reference URI="#_2B984823AE6188DDB73EBC444E2B87B8">
lemonldap2_1 | <Transforms>
lemonldap2_1 | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
lemonldap2_1 | <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap2_1 | </Transforms>
lemonldap2_1 | <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
lemonldap2_1 | <DigestValue>htGIBONqZloiigXc53BOyI1aE2s=</DigestValue>
lemonldap2_1 | </Reference>
lemonldap2_1 | </SignedInfo>
lemonldap2_1 | <SignatureValue>GWrZ+K1177nOu/emTIPjpxvf3GS2ExpzoxwInL8DtTyKNWrXuOJX6pwdn47iepL4
lemonldap2_1 | YkKL3k9IDH7LoK56BYS2whJUbci56Hd8Iylwrv4MBTh2VJNNcLstAmE4u8+FDPAZ
lemonldap2_1 | 0G8G+qSelMMEFE6yW65mq6xAu6+ofY/nJ5gduEovNdUyOD8anG42tcEyutT7jT7J
lemonldap2_1 | t4b9XiP/hsUiEvl1LAnYsNFAPW1ogQ4E8hrOC1TMNmEnzaoXu4M0wktlSv5xvX/9
lemonldap2_1 | ++/DqfmD2lrhXQUm8YZ7xUTH9pUeOiBPvLkgDEJ7KH4CTCxdHpFUsaNBd2RJ50zM
lemonldap2_1 | IY5oQc7fGVAw7C82hrkyew==</SignatureValue>
lemonldap2_1 | <KeyInfo>
lemonldap2_1 | <KeyValue>
lemonldap2_1 | <RSAKeyValue>
lemonldap2_1 | <Modulus>
lemonldap2_1 | tJVrXzDTdvB5a1jPF+ielplr3ECP5AqxYO0iwy+wIYZQ47Y4zw1YDAtNk5IaQX0d
lemonldap2_1 | 6T87HDZu5WtCEKz8BIsM5s2fpq55DhRZ8wE0kVARE5OuqpwcokE6ivTG/xCY0w9A
lemonldap2_1 | qG+bWRcsvieaTmMYLIT/wRJvRozYGKBngAcnPElcbM+N+9u0qajjZ6+l4/dDDsYl
lemonldap2_1 | xbKHvFn1+DrqeXROdiEy2Eu0ChyvgMzbX3brGaFE2VjqfjYw3QIdq+Iwcg/hxb8/
lemonldap2_1 | aFCo64ewbDzR3PKq+iYpriEnrHIsdGfW21A0Sd7EGrx9bxttJ1YnOvoUEaK5EQ/F
lemonldap2_1 | aDjME/naIZ0M0sdSqJBIOw==
lemonldap2_1 | </Modulus>
lemonldap2_1 | <Exponent>
lemonldap2_1 | AQAB
lemonldap2_1 | </Exponent>
lemonldap2_1 | </RSAKeyValue>
lemonldap2_1 | </KeyValue>
lemonldap2_1 | </KeyInfo>
lemonldap2_1 | </Signature><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID><samlp:SessionIndex>2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8</samlp:SessionIndex>
lemonldap2_1 | </samlp:LogoutRequest></s:Body></s:Envelope>
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Logout request is valid
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Destination https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP found in SAML message
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Destination match URL https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Found entityID https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata in SAML message
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata match testsphbs-main IDP in configuration
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Signature is valid
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Logout request NameID content: dwho@badwolf.org
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Retrieve SAML session 6735226b8175457289d57e8a310da5edb5f1ad19f05e9d88adb8d33d50785dd1 for user dwho@badwolf.org
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Try to get SSO session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310 from Portal::Main::Run
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Return SSO session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get Lasso::Session dump from session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Delete SAML session 6735226b8175457289d57e8a310da5edb5f1ad19f05e9d88adb8d33d50785dd1 result: 1
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap2_1 | <NidAndSessionIndex ProviderID="https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata" AssertionID="_B56EC1EE38113E186B4BFC68FA10F1AB" SessionIndex="2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8">
lemonldap2_1 | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID>
lemonldap2_1 | </NidAndSessionIndex>
lemonldap2_1 | </Session>
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SLO message to IDP testsphbs-main signature according to metadata
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SOAP response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutResponse ID="_921B512282D8FB8D3DF8952C35AC7B03" InResponseTo="_2B984823AE6188DDB73EBC444E2B87B8" Version="2.0" IssueInstant="2020-09-26T16:36:47Z"><saml:Issuer>https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
lemonldap2_1 | <SignedInfo>
lemonldap2_1 | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap2_1 | <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
lemonldap2_1 | <Reference URI="#_921B512282D8FB8D3DF8952C35AC7B03">
lemonldap2_1 | <Transforms>
lemonldap2_1 | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
lemonldap2_1 | <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap2_1 | </Transforms>
lemonldap2_1 | <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
lemonldap2_1 | <DigestValue>GHFw84NAptHWztr4OrG5maoKJAc=</DigestValue>
lemonldap2_1 | </Reference>
lemonldap2_1 | </SignedInfo>
lemonldap2_1 | <SignatureValue>XS0NRJ9vH+VinDccCoiwGcCJhjabRecNmsv5FwpS7mgbEhuuu6BnC1vfvHSTRiWl
lemonldap2_1 | W3O6E6DVkqoMHWCo7JHCSK3oHOz6CnvPH12HPzCvFAfjyd5J+ZV4jh7rh5K2uLRc
lemonldap2_1 | xFLz6taH3eIZDDiUSce7+krLTK2Pa3YSp6oR+zmUTTq11Vx5Bdo8zHXVMSPO6rLQ
lemonldap2_1 | JF8767aZP2JrKXuV2DSHskz+FMjwrPFFVClbGld7/T0gBVI2Nq0ymF3LHubgcndj
lemonldap2_1 | eUjEBheyVpOKJ3OyX/sJYEizOxhSgw/i6TfX3CCrDY70x3Nk/b+fQFRf9l4rO8g7
lemonldap2_1 | cyFxUYzPpbDxDY5rZx87Dw==</SignatureValue>
lemonldap2_1 | <KeyInfo>
lemonldap2_1 | <KeyValue>
lemonldap2_1 | <RSAKeyValue>
lemonldap2_1 | <Modulus>
lemonldap2_1 | tJVrXzDTdvB5a1jPF+ielplr3ECP5AqxYO0iwy+wIYZQ47Y4zw1YDAtNk5IaQX0d
lemonldap2_1 | 6T87HDZu5WtCEKz8BIsM5s2fpq55DhRZ8wE0kVARE5OuqpwcokE6ivTG/xCY0w9A
lemonldap2_1 | qG+bWRcsvieaTmMYLIT/wRJvRozYGKBngAcnPElcbM+N+9u0qajjZ6+l4/dDDsYl
lemonldap2_1 | xbKHvFn1+DrqeXROdiEy2Eu0ChyvgMzbX3brGaFE2VjqfjYw3QIdq+Iwcg/hxb8/
lemonldap2_1 | aFCo64ewbDzR3PKq+iYpriEnrHIsdGfW21A0Sd7EGrx9bxttJ1YnOvoUEaK5EQ/F
lemonldap2_1 | aDjME/naIZ0M0sdSqJBIOw==
lemonldap2_1 | </Modulus>
lemonldap2_1 | <Exponent>
lemonldap2_1 | AQAB
lemonldap2_1 | </Exponent>
lemonldap2_1 | </RSAKeyValue>
lemonldap2_1 | </KeyValue>
lemonldap2_1 | </KeyInfo>
lemonldap2_1 | </Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Auth::Choice::_beforeLogout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [warn] Missing _choice key in session
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] [warn] Missing _choice key in session
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::UserDB::Choice::_beforeLogout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [warn] Missing _choice key in session
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] [warn] Missing _choice key in session
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::SAML::logout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Retrieve SAML session 3a029b739894528b8f777f24562a8e87a8a4fc338c0ffb3850741f2a579f0034
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SAML session 3a029b739894528b8f777f24562a8e87a8a4fc338c0ffb3850741f2a579f0034 deleted
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Retrieve SAML session 05097a89d04d4148c706e9b71ea825f3539efd090aeb9967796dc47751f37d38
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SAML session 05097a89d04d4148c706e9b71ea825f3539efd090aeb9967796dc47751f37d38 deleted
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap2_1 | <NidAndSessionIndex ProviderID="https://myportal.testsphbs-extension-app.km20201-02.keymachine.de/saml/metadata" AssertionID="_8AEE804C05B048113522EED9183CCE3E" SessionIndex="05097a89d04d4148c706e9b71ea825f3539efd090aeb9967796dc47751f37d38">
lemonldap2_1 | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID>
lemonldap2_1 | </NidAndSessionIndex>
lemonldap2_1 | </Session>
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Lasso Session loaded
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SLO request signature according to metadata
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] No logout request found, build it
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Request built for https://myportal.testsphbs-extension-app.km20201-02.keymachine.de/saml/metadata
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Keep request ID _D69F8ED59176CA4F3AA00D3EFDAE2764 in assertion session cb8fe326fcacae59dc74c97d3e3f0140b6b24654646bc82c0941d6ab6dc553f3
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Build SOAP relay logout request for https://myportal.testsphbs-extension-app.km20201-02.keymachine.de/saml/metadata
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::CAS::logout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] No CAS session found for session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::OpenIDConnect::logout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Try to get SSO session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310 from Portal::Main::Run
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Return SSO session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Local handler logout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [notice] User dwho@testsphbs-main has been disconnected from SAML (172.20.0.2)
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] [notice] User dwho@testsphbs-main has been disconnected from SAML (172.20.0.2)
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310 deleted from global storage
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Returned status: -4 (PE_SENDRESPONSE)
lemonldap2_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "POST /saml/proxySingleLogoutSOAP HTTP/1.1" 200 2041 "-" "libwww-perl/6.15"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Get response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutResponse ID="_921B512282D8FB8D3DF8952C35AC7B03" InResponseTo="_2B984823AE6188DDB73EBC444E2B87B8" Version="2.0" IssueInstant="2020-09-26T16:36:47Z"><saml:Issuer>https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
lemonldap_1 | <SignedInfo>
lemonldap_1 | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap_1 | <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
lemonldap_1 | <Reference URI="#_921B512282D8FB8D3DF8952C35AC7B03">
lemonldap_1 | <Transforms>
lemonldap_1 | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
lemonldap_1 | <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap_1 | </Transforms>
lemonldap_1 | <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
lemonldap_1 | <DigestValue>GHFw84NAptHWztr4OrG5maoKJAc=</DigestValue>
lemonldap_1 | </Reference>
lemonldap_1 | </SignedInfo>
lemonldap_1 | <SignatureValue>XS0NRJ9vH+VinDccCoiwGcCJhjabRecNmsv5FwpS7mgbEhuuu6BnC1vfvHSTRiWl
lemonldap_1 | W3O6E6DVkqoMHWCo7JHCSK3oHOz6CnvPH12HPzCvFAfjyd5J+ZV4jh7rh5K2uLRc
lemonldap_1 | xFLz6taH3eIZDDiUSce7+krLTK2Pa3YSp6oR+zmUTTq11Vx5Bdo8zHXVMSPO6rLQ
lemonldap_1 | JF8767aZP2JrKXuV2DSHskz+FMjwrPFFVClbGld7/T0gBVI2Nq0ymF3LHubgcndj
lemonldap_1 | eUjEBheyVpOKJ3OyX/sJYEizOxhSgw/i6TfX3CCrDY70x3Nk/b+fQFRf9l4rO8g7
lemonldap_1 | cyFxUYzPpbDxDY5rZx87Dw==</SignatureValue>
lemonldap_1 | <KeyInfo>
lemonldap_1 | <KeyValue>
lemonldap_1 | <RSAKeyValue>
lemonldap_1 | <Modulus>
lemonldap_1 | tJVrXzDTdvB5a1jPF+ielplr3ECP5AqxYO0iwy+wIYZQ47Y4zw1YDAtNk5IaQX0d
lemonldap_1 | 6T87HDZu5WtCEKz8BIsM5s2fpq55DhRZ8wE0kVARE5OuqpwcokE6ivTG/xCY0w9A
lemonldap_1 | qG+bWRcsvieaTmMYLIT/wRJvRozYGKBngAcnPElcbM+N+9u0qajjZ6+l4/dDDsYl
lemonldap_1 | xbKHvFn1+DrqeXROdiEy2Eu0ChyvgMzbX3brGaFE2VjqfjYw3QIdq+Iwcg/hxb8/
lemonldap_1 | aFCo64ewbDzR3PKq+iYpriEnrHIsdGfW21A0Sd7EGrx9bxttJ1YnOvoUEaK5EQ/F
lemonldap_1 | aDjME/naIZ0M0sdSqJBIOw==
lemonldap_1 | </Modulus>
lemonldap_1 | <Exponent>
lemonldap_1 | AQAB
lemonldap_1 | </Exponent>
lemonldap_1 | </RSAKeyValue>
lemonldap_1 | </KeyValue>
lemonldap_1 | </KeyInfo>
lemonldap_1 | </Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Store SLO status for testsphbs-extension in session
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Logout response is valid
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Store SLO status for testsphbs-extension in session
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Display OK status for SLO on testsphbs-extension
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 HTTP/1.1" 302 5 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET //static/common/icons/ok.png HTTP/1.1" 200 1164 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Redirect 172.20.0.2 to portal (url was /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Start routing saml
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] URL /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 detected as a SOAP relay service URL
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [warn] SAML session 3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 isn't yet available
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] [warn] SAML session 3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 isn't yet available
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [error] Could not get relay session 3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/languages/de.json HTTP/1.1" 200 15665 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/fr.png HTTP/1.1" 200 148 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/en.png HTTP/1.1" 200 336 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/it.png HTTP/1.1" 200 158 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/vi.png HTTP/1.1" 200 272 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/ar.png HTTP/1.1" 200 847 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/tr.png HTTP/1.1" 200 8617 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/fi.png HTTP/1.1" 200 321 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/de.png HTTP/1.1" 200 264 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/pl.png HTTP/1.1" 200 1622 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/?skin=bootstrap
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Redirect 172.20.0.2 to portal (url was /?skin=bootstrap)
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Start routing default route
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing controlUrl
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Launching ::Issuer::SAML::storeEnv
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Launching ::Issuer::CAS::storeEnvAndCheckGateway
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Launching ::Plugins::AutoSignin::check
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing extractFormInfo
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Returned error: 9 (PE_FIRSTACCESS)
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Display type standardform
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Skin returned: login]
```
FAQ
dcoutadeur dcoutadeur
dcoutadeur dcoutadeur
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2382
CDA: failure when accessing CDA if already logged in, and using double cookies
2020-11-16T17:41:42Z
Maxime Besson
CDA: failure when accessing CDA if already logged in, and using double cookies
### Concerned version
Version: 2.0.9
### Summary
* Configure a http:// CDA vhost
* set double cookies (http + https)
* Login to portal
* Try to access http:// CDA vhost
* Access fails with 403 error
### Logs
```
CDA request with id...
### Concerned version
Version: 2.0.9
### Summary
* Configure a http:// CDA vhost
* set double cookies (http + https)
* Login to portal
* Try to access http:// CDA vhost
* Access fails with 403 error
### Logs
```
CDA request with id XXX
Get CDA session XXX
CDA request for id XXX is not valid
```
Tracked down to :
```perl
$cdaInfos->{cookie_value} =
$req->{sessionInfo}->{_httpSession};
$cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
```
Unfortunately, when the user is already logger on the portal, `_httpSession` is not defined.
### Possible fixes
We should store `_httpSession` in the database instead of only setting it during the connection
2.0.10
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2384
Auth Choice Demo/OpenIDConnect: lmAuth not present in redirect_uri URL
2020-11-16T11:00:24Z
Mame Dieynaba SENE
Auth Choice Demo/OpenIDConnect: lmAuth not present in redirect_uri URL
### Concerned version
Version: %2.0.9
Platform: (Apache)
Authentication choice ( DEMO/ OpenIDConnect )
LLNG is a RP.
### Summary
Here is the process to reproduce the bug
-The user displays the OpenID Connect form and clicks “connect”...
### Concerned version
Version: %2.0.9
Platform: (Apache)
Authentication choice ( DEMO/ OpenIDConnect )
LLNG is a RP.
### Summary
Here is the process to reproduce the bug
-The user displays the OpenID Connect form and clicks “connect”.
-It is redirected to the OP where it authenticates.
-The user is then redirected to the portal which always displays the login page and not the menu page.
It seems that the choice of authentication method is lost during the authentication process. I see in the documentation that lmAuth param must be set but it's not mentionned where. The redirect_uri (url callback) generate by LLNG is http://auth.dgfip.gouv.fr/?openidconnectcallback=1 so no lmAuth param.
### Logs
Here is the LLNG logs
```
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Get configuration from cache without verification.
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [info] No cookie found
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Build URL http://auth.dgfip.gouv.fr/
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Redirect 192.168.56.1 to portal (url was /)
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] User not authenticated, Try in use, cancel redirection
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Start routing default route
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing restoreArgs
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing controlUrl
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Launching ::Plugins::AutoSignin::check
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Launching ::Plugins::EnsapLogin::formatParam
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Processing extractFormInfo
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Choice FC selected
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Redirecting user to OP list
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Selecting the only defined OP: op-france-connect
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] OpenID Provider op-france-connect choosen
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Build OpenIDConnect AuthN Request
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Token 1605242916_43914 created
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] OpenIDConnect Callback URI: http://auth.dgfip.gouv.fr/?openidconnectcallback=1
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Token 1605242916_9861 created
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] OpenIDConnect Authorization Code Flow Authn Request: https://auth.monalizeitg.alize/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fauth.dgfip.gouv.fr%2F%3Fopenidconnectcallback%3D1&nonce=1605242916_9861&client_id=ensapLogin&display=&state=1605242916_43914&scope=openid%20profile
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Redirect user to https://auth.monalizeitg.alize/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fauth.dgfip.gouv.fr%2F%3Fopenidconnectcallback%3D1&nonce=1605242916_9861&client_id=ensapLogin&display=&state=1605242916_43914&scope=openid%20profile
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Calling autoredirect
[Fri Nov 13 05:48:36 2020] [LLNG:5094] [debug] Building redirection to https://auth.monalizeitg.alize/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fauth.dgfip.gouv.fr%2F%3Fopenidconnectcallback%3D1&nonce=1605242916_9861&client_id=ensapLogin&display=&state=1605242916_43914&scope=openid%20profile
[Fri Nov 13 05:48:38.311878 2020] [authz_core:debug] [pid 5095] mod_authz_core.c(809): [client 192.168.56.1:39018] AH01626: authorization result of Require all granted: granted
[Fri Nov 13 05:48:38.311883 2020] [authz_core:debug] [pid 5095] mod_authz_core.c(809): [client 192.168.56.1:39018] AH01626: authorization result of <RequireAny>: granted
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Get configuration from cache without verification.
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [info] No cookie found
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Build URL http://auth.dgfip.gouv.fr/?openidconnectcallback=1&session_state=xGiLwdqfurHNna5FNP3TSQNAwFN6pw2tzIICzadrv04%3D.TzNtdkVYbDVma1F0S3ZocHRKLzV2S1JLYXdkQzN4Nk9mYzVYWk9QQnVKRjRObTlCZDJTOElaUE1IbUhBMEFXeTViZk5PeTIzK3BUYml1azQrcllpaUE9PQ&state=1605242916_43914&code=445c8313c8531033b60ce98382bce6374d50629ead00d7c0823fee0f44865525
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Redirect 192.168.56.1 to portal (url was /?openidconnectcallback=1&session_state=xGiLwdqfurHNna5FNP3TSQNAwFN6pw2tzIICzadrv04%3D.TzNtdkVYbDVma1F0S3ZocHRKLzV2S1JLYXdkQzN4Nk9mYzVYWk9QQnVKRjRObTlCZDJTOElaUE1IbUhBMEFXeTViZk5PeTIzK3BUYml1azQrcllpaUE9PQ&state=1605242916_43914&code=445c8313c8531033b60ce98382bce6374d50629ead00d7c0823fee0f44865525)
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] User not authenticated, Try in use, cancel redirection
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Start routing default route
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing controlUrl
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Launching ::Plugins::AutoSignin::check
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing code ref
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Launching ::Plugins::EnsapLogin::formatParam
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Processing extractFormInfo
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Initializing Auth modules...
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Prepare token
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Token 1605171038_61458 created
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Returned error: 9 (PE_FIRSTACCESS)
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Displaying authentication choice DEMO
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Use URL #
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Display type standardform for module Demo
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Authentication choice DEMO will be displayed
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Displaying authentication choice FC
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Use URL #
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Display type logo for module OpenIDConnect
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Authentication choice FC will be displayed
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Skin returned: login
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Calling sendHtml with template login
[Fri Nov 13 05:48:38 2020] [LLNG:5094] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
```
Mame Dieynaba SENE
Mame Dieynaba SENE
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2405
Access rules problem for manager vhosts
2020-12-09T19:45:46Z
Maxime Lombard
Access rules problem for manager vhosts
Hello,
I have some troubles trying to restrict access to LL:NG manager using access rules ("protection = manager"). I have tested different rules like :
```
$_user eq "[username]"
$uid eq "[username]"
$mail eq "[usermail]"
inGroup("[gr...
Hello,
I have some troubles trying to restrict access to LL:NG manager using access rules ("protection = manager"). I have tested different rules like :
```
$_user eq "[username]"
$uid eq "[username]"
$mail eq "[usermail]"
inGroup("[groupname]")
```
But nothing seems to work, I get the errors "forbidden" then "networkProblem" when accessing the manager interface. The datas I am testing are visible in the session browser.
The only way I can actually access to manager is using the parameter "protection = authenticate" or "none".
I am using LL:NG 2.9, with Kerberos Authentication module and LDAP based user/password module. The authentication module is working perfectly well.
Do you have any ideas on that problem
Thank you in advance
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2530
CORS WebService from Portal
2021-05-25T21:09:14Z
Cyril GALLAY
CORS WebService from Portal
Hi,
I'm trying to call a webservice using Ajax from the LemonLdap portal. The idea is to call the webservice when the portal is loading in order to allow the user to updates its personal data (only when certain conditions are filled).
...
Hi,
I'm trying to call a webservice using Ajax from the LemonLdap portal. The idea is to call the webservice when the portal is loading in order to allow the user to updates its personal data (only when certain conditions are filled).
I'm currently stuck with the following CORS errors poping in my JS console :
- Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://test-api.dev/api/users/users.php. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
- Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://test-api.dev/api/users/users.php. (Reason: CORS request did not succeed).
The virtual host test-api.dev is behind the same apache server than the portal and has the following header set :
`Header set Access-Control-Allow-Origin "auth-portal.dev"`
I also updated LemonLdap xml configuration to allow Ajax request to be sent to the webservice URL :
`"cspConnect":"'self' http://test-api.dev"`
And added a specific JS to the portal so that when the portal loads, the Ajax request is sent :
```
$(document).ready(
function() {
$.ajax({
type: "POST",
url: "http://test-api.dev/api/users/users.php",
success: function(result, textStatus, xhr) {
console.log(result);
}
});
}
);
```
With this configuration :
- When loading the portal, I get a CORS error during the Ajax call (and there is no `Access-Control-Allow-Origin` header visible in the request response)
- When opening a new tab and loading manually the same URL, I can see the exported `Access-Control-Allow-Origin` header
Is there any way to call a webservice from the portal page ? Why is the `Access-Control-Allow-Origin` header not showing when using Ajax ?
Thanks for your support
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2551
Bad encoding in session with LDAP backend and special characters
2021-07-18T17:49:47Z
Albert Rinceau
Bad encoding in session with LDAP backend and special characters
### Concerned version
Version: %2.0.11
Platform: Nginx
### Summary
Accents or special characters in attributes of LDAP userDB are not well displayed when saved into backend session.
I also looked into session DB directly, and charact...
### Concerned version
Version: %2.0.11
Platform: Nginx
### Summary
Accents or special characters in attributes of LDAP userDB are not well displayed when saved into backend session.
I also looked into session DB directly, and characters are not well encoded here too, then it's not a browser display problem I suppose.
### Logs
In session explorer but also in CAS tickets
```
for example "é" gives "é"
```
### Backends used
LDAP for Auth, UserDB and Session
### Possible fixes
Into /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm::setSessionInfo()
replacing
```
51: $req->sessionInfo->{$k} = $value;
```
by
```
51: $req->sessionInfo->{$k} = encode($value);
```
looks fixing the problem but cannot test with other session backends
I included the standard Encode library. Don't know if it was really necessary though
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2574
User not authentified after SAML redirect from SSO (azure entreprise applicat...
2021-08-03T08:25:32Z
Benjamin Demarteau
User not authentified after SAML redirect from SSO (azure entreprise application) to lemon
### Concerned version
Version: lemonldap-ng-1.9.22-1.el7.noarch
Platform: Apache
### Summary
We configured lemonldap to use an azure entreprise application as SAML identity provider. The user gets redirected there for authentication,...
### Concerned version
Version: lemonldap-ng-1.9.22-1.el7.noarch
Platform: Apache
### Summary
We configured lemonldap to use an azure entreprise application as SAML identity provider. The user gets redirected there for authentication, all is fine on the IdP side.
When they are redirected back to the portal though, they are not identified and thus, the portal redirects the user back to the IdP, looping until you stop it manually.
### Logs
```
[Fri Jul 30 12:09:35.599452 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Now using configuration: 224
[Fri Jul 30 12:09:35.606548 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Menu loaded
[Fri Jul 30 12:09:35.609161 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Display loaded
[Fri Jul 30 12:09:35.702006 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::AuthSAML loaded
[Fri Jul 30 12:09:35.704107 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::UserDBNull loaded
[Fri Jul 30 12:09:35.705649 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::PasswordDBNull loaded
[Fri Jul 30 12:09:35.707311 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::RegisterDBDemo loaded
[Fri Jul 30 12:09:35.707806 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module SAML
[Fri Jul 30 12:09:35.707840 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Found path ^/saml/
[Fri Jul 30 12:09:35.710409 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Path of current request is /saml/singleSignOn
[Fri Jul 30 12:09:35.722999 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::IssuerDBSAML loaded
[Fri Jul 30 12:09:35.723043 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] IssuerDB module SAML loaded
[Fri Jul 30 12:09:35.764447 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub controlUrlOrigin
[Fri Jul 30 12:09:35.764832 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Confirm parameter accepted -1
[Fri Jul 30 12:09:35.764881 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub checkNotifBack
[Fri Jul 30 12:09:35.764920 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub controlExistingSession
[Fri Jul 30 12:09:35.765055 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub issuerDBInit
[Fri Jul 30 12:09:35.765131 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Reset SAML configuration cache
[Fri Jul 30 12:09:35.765154 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML cache configuration: 224
[Fri Jul 30 12:09:35.765355 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Lasso thin-sessions flag set
[Fri Jul 30 12:09:35.765387 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML private encryption key not found in configuration, use private signature key
[Fri Jul 30 12:09:35.765422 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Certificate will be used in SAML responses
[Fri Jul 30 12:09:35.765437 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for this service
[Fri Jul 30 12:09:35.827575 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Service created
[Fri Jul 30 12:09:35.828156 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for SP GeoWoc
[Fri Jul 30 12:09:35.828823 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Set encryption mode none on SP GeoWoc
[Fri Jul 30 12:09:35.828861 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SP GeoWoc added
[Fri Jul 30 12:09:35.828879 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for SP OpenData
[Fri Jul 30 12:09:35.884478 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Set encryption mode none on SP OpenData
[Fri Jul 30 12:09:35.884544 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SP OpenData added
[Fri Jul 30 12:09:35.884564 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for SP PortailFute
[Fri Jul 30 12:09:35.899221 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Set encryption mode none on SP PortailFute
[Fri Jul 30 12:09:35.899264 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SP PortailFute added
[Fri Jul 30 12:09:35.899637 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for IDP azure-ad
[Fri Jul 30 12:09:35.952157 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Set encryption mode none on IDP azure-ad
[Fri Jul 30 12:09:35.952201 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: IDP azure-ad added
[Fri Jul 30 12:09:35.952897 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub authInit
[Fri Jul 30 12:09:35.952964 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML cache configuration: 224
[Fri Jul 30 12:09:35.952991 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Load IDPs from cache
[Fri Jul 30 12:09:35.953012 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub issuerForUnAuthUser
[Fri Jul 30 12:09:35.963976 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: URL /saml/singleSignOn detected as an SSO request URL
[Fri Jul 30 12:09:35.964143 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Hidden value xxxxxxxxx found for key lmhidden_SAMLResponse
[Fri Jul 30 12:09:35.964230 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Hidden value 3 found for key lmhidden_Method
[Fri Jul 30 12:09:35.964260 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Keep values from hidden fields
[Fri Jul 30 12:09:35.964357 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Store xxxxxxxxxxxxxxx
[Fri Jul 30 12:09:35.964443 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Store Mw== in hidden key lmhidden_Method
[Fri Jul 30 12:09:35.964666 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Authentication responses are not managed by this module
[Fri Jul 30 12:09:35.964795 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub extractFormInfo
[Fri Jul 30 12:09:35.966093 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub getIDP
[Fri Jul 30 12:09:35.966226 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Redirecting user to IDP list
[Fri Jul 30 12:09:36.662916 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Now using configuration: 224
[Fri Jul 30 12:09:36.663139 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Menu loaded
[Fri Jul 30 12:09:36.663240 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Display loaded
[Fri Jul 30 12:09:36.663378 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::AuthSAML loaded
[Fri Jul 30 12:09:36.663942 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::UserDBNull loaded
[Fri Jul 30 12:09:36.664466 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::PasswordDBNull loaded
[Fri Jul 30 12:09:36.665044 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::RegisterDBDemo loaded
[Fri Jul 30 12:09:36.665442 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module SAML
[Fri Jul 30 12:09:36.665468 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Found path ^/saml/
[Fri Jul 30 12:09:36.666181 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Path of current request is /saml/singleSignOn
[Fri Jul 30 12:09:36.666358 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::IssuerDBSAML loaded
[Fri Jul 30 12:09:36.666384 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] IssuerDB module SAML loaded
[Fri Jul 30 12:09:36.666775 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub controlUrlOrigin
[Fri Jul 30 12:09:36.666867 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Confirm parameter accepted 1
[Fri Jul 30 12:09:36.666899 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub checkNotifBack
[Fri Jul 30 12:09:36.666929 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub controlExistingSession
[Fri Jul 30 12:09:36.667011 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub issuerDBInit
[Fri Jul 30 12:09:36.667082 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML cache configuration: 224
[Fri Jul 30 12:09:36.667105 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Restore server from cache
[Fri Jul 30 12:09:36.897849 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Load SPs from cache
[Fri Jul 30 12:09:36.897930 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Load IDPs from cache
[Fri Jul 30 12:09:36.897962 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub authInit
[Fri Jul 30 12:09:36.897999 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML cache configuration: 224
[Fri Jul 30 12:09:36.898038 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Load IDPs from cache
[Fri Jul 30 12:09:36.898058 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub issuerForUnAuthUser
[Fri Jul 30 12:09:36.900302 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: URL /saml/singleSignOn detected as an SSO request URL
[Fri Jul 30 12:09:36.900447 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Hidden value xxxxxxxx found for key lmhidden_SAMLResponse
[Fri Jul 30 12:09:36.900522 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Hidden value 3 found for key lmhidden_Method
[Fri Jul 30 12:09:36.900549 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Keep values from hidden fields
[Fri Jul 30 12:09:36.900615 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Store xxxxxxxx
[Fri Jul 30 12:09:36.900723 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Store Mw== in hidden key lmhidden_Method
[Fri Jul 30 12:09:36.900820 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Authentication responses are not managed by this module
[Fri Jul 30 12:09:36.900862 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub extractFormInfo
[Fri Jul 30 12:09:36.902027 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub getIDP
[Fri Jul 30 12:09:36.902169 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Build cookie to remember https://sts.windows.net/xxxxxxxxxx/ as IDP choice
[Fri Jul 30 12:09:36.902498 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: https://sts.windows.net/xxxxxxxxxx/ match azure-ad IDP in configuration
[Fri Jul 30 12:09:36.902725 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Use method REDIRECT with IDP azure-ad for SSO profile
[Fri Jul 30 12:09:36.903603 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Use NameIDFormat urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
[Fri Jul 30 12:09:36.903800 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SSO request signature according to metadata
[Fri Jul 30 12:09:36.907755 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Authentication request created
[Fri Jul 30 12:09:36.927299 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Keep request ID _4468037697CE9EC787888AE55F9ECC55 in assertion session 6f10ca9a419d23d69324bbed7101ac31eea1fd537695d802e2ff701d68a400d2
[Fri Jul 30 12:09:36.927405 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Redirect user to https://login.microsoftonline.com/xxxxxxxxxx/saml2?SAMLRequest=xxxxxxxxx
[Fri Jul 30 12:09:36.927449 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub autoRedirect
[Fri Jul 30 12:09:36.927492 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Delete all hidden values
[Fri Jul 30 12:09:36.928232 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Creating a real Safe jail
[Fri Jul 30 12:09:36.928586 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Evaluate expression: 0
[Fri Jul 30 12:09:36.929094 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Evaluation result: 0
```
### Backends used
```
localStorage=Cache::FileCache
localSessionStorage=Cache::FileCache
```
### Possible fixes
I wish I knew
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2624
Import unicode2iso and iso2unicode into Safe jail
2022-07-01T18:07:28Z
Christophe Maudoux
chrmdx@gmail.com
Import unicode2iso and iso2unicode into Safe jail
### Summary
I planned to deploy two flavours of SSO as a service soon (full and hybrid). So, DevOps handler will be employed but Safe jail is required. We use uWSGI server and we are facing encoding issues. To by pass those I used unic...
### Summary
I planned to deploy two flavours of SSO as a service soon (full and hybrid). So, DevOps handler will be employed but Safe jail is required. We use uWSGI server and we are facing encoding issues. To by pass those I used unicode2iso and iso2unicode extended functions.
Problem is those functions are not compliant with Safe jail. I tried many solutions but without success...
Help would be appreciated 🙏
### Design proposition
Import unicode2iso and other into Safe jail.
2.0.15
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2643
U2F does not work in uwsgi due to json library conflict
2022-09-14T09:32:32Z
Maxime Besson
U2F does not work in uwsgi due to json library conflict
### Concerned version
Version: 2.0.13
Platform: Debian >= 10, possibly CentOS
### Summary
* Configure LLNG to run in Apache or Nginx
* Try to register a U2F device in the device => OK
* Configure LLNG to run in UWSGI
* Try to registe...
### Concerned version
Version: 2.0.13
Platform: Debian >= 10, possibly CentOS
### Summary
* Configure LLNG to run in Apache or Nginx
* Try to register a U2F device in the device => OK
* Configure LLNG to run in UWSGI
* Try to register a U2F device => FAIL
### Logs
On UWSGI:
```
[debug] Prepare U2F verification
[debug] -> Send challenge:
```
(challenge is empty)
### Cause
After investigating this, I found that the challenge is correctly generated by libu2f-server, but there is an issue that prevents it from being generated as JSON correctly
output of `authenticationChallenge` function:
```
{ "keyHandle": null, "version": null, "challenge": null, "appId": null }
```
The code that serialized the challenge to JSON is here:
https://github.com/Yubico/libu2f-server/blob/master/u2f-server/core.c#L999
We see that is uses `json_object_get` to populate the JSON fields (keyHandle, challenge, etc)
But UWSGI is build again libjansson which also defines a `json_object_get` symbol that conflicts with the one used by libu2f-server!
```
37083: symbol=json_object_get; lookup in file=uwsgi [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libpthread.so.0 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libm.so.6 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libdl.so.2 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libz.so.1 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libpcre.so.3 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libcap.so.2 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libuuid.so.1 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libyaml-0.so.2 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libjansson.so.4 [0]
37083: binding file /lib/x86_64-linux-gnu/libu2f-server.so.0 [0] to /lib/x86_64-linux-gnu/libjansson.so.4 [0]: normal symbol `json_object_get' [JSONC_0.14]
```
Instead of libjson-c.so.5 (when using Apache):
```
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libdl.so.2 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libm.so.6 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libpthread.so.0 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libc.so.6 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libcrypt.so.1 [0]
37091: symbol=json_object_get; lookup in file=/lib64/ld-linux-x86-64.so.2 [0]
37091: symbol=json_object_get; lookup in file=/usr/lib/x86_64-linux-gnu/perl5/5.32/auto/Crypt/U2F/Server/Server.so [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libu2f-server.so.0 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libc.so.6 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libjson-c.so.5 [0]
37091: binding file /lib/x86_64-linux-gnu/libu2f-server.so.0 [0] to /lib/x86_64-linux-gnu/libjson-c.so.5 [0]: normal symbol `json_object_get' [JSONC_0.14]
```
This problem does not occur in old versions of libu2f-server because they did not use json_object_get
https://github.com/Yubico/libu2f-server/commit/eea59f260ba2fe71aee911e60068743acf00dc40
### Possible fixes
A workaround I found is to force priority to json-c bindings with LD_PRELOAD. But that probably means uwsgi cannot parse JSON configs anymore
A long term fix would be for Jansson and JSON-C to use symbol versionning. JSON-C does it in Bullseye (but not in Buster, nor CentOS7)
see https://github.com/json-c/json-c/issues/621
Building uwsgi against yajl could work as well, but I have not tested it.
This issue needs to be reported in the docs
@maudoux have you already encountered this issue? Do you use U2F in production on your uwsgi servers?
FAQ
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2680
Proxy vhost's log does not get username/uid?
2021-12-23T11:55:37Z
Mathieu MD
Proxy vhost's log does not get username/uid?
### Concerned version
Version: %2.0.13
Platform: Nginx
### Summary
While the Portal does get the username/uid in the log (thanks to `log_format lm_app '$remote_addr - $upstream_http_lm_remote_user ...` configured), the Proxy does not...
### Concerned version
Version: %2.0.13
Platform: Nginx
### Summary
While the Portal does get the username/uid in the log (thanks to `log_format lm_app '$remote_addr - $upstream_http_lm_remote_user ...` configured), the Proxy does not.
```nginx
log_format lm_app '$remote_addr - $upstream_http_lm_remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_http_lm_remote_custom';
# Used in the access log settings:
# - Portal:
access_log /var/log/nginx/auth-test.example.com_access.log lm_app;
# - Proxy:
access_log /var/log/nginx/glpi-test.example.com_access.log lm_app;
```
Am I missing something, or is it a bug?
### Logs
```
# On the Portal
::ffff:10.1.2.3 - mathieu [22/Dec/2021:10:49:16 +0100] "GET /portal.css HTTP/2.0" 200 ...
^^^^^^^ Correct.
# On the Proxy (in the log of a vhosted app)
::ffff:10.1.2.3 - - [22/Dec/2021:10:50:15 +0100] "GET /front/central.php HTTP/2.0" 200 ...
^ Nothing here.
```
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2695
U2F does not work anymore with Brave 1.35.101 / Chromium 98.0.4758.87
2022-02-14T09:15:02Z
Benjamin MALYNOVYTCH
U2F does not work anymore with Brave 1.35.101 / Chromium 98.0.4758.87
### Concerned version
Version: 2.0.13
Platform: nginx / perl-fcgi
### Summary
Using U2F/Fido USB token doesn't work anymore (key doesn't blink while page indicates it is waiting for it, browser doesn't even ask to authorize using the...
### Concerned version
Version: 2.0.13
Platform: nginx / perl-fcgi
### Summary
Using U2F/Fido USB token doesn't work anymore (key doesn't blink while page indicates it is waiting for it, browser doesn't even ask to authorize using the key, while it used to) with latest Brave version on MacOS.
Seems to still be working with older versions of Brave (successfully tested on Brave 1.33.106 / Chromium 96.0.4664.110)
### Logs
Browser JS log:
```
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null').
(anonymous) @ u2f-api.min.js:2
load (async)
u2f.getIframePort_ @ u2f-api.min.js:2
(anonymous) @ u2f-api.min.js:2
```
Extension seems to refer to CryptoTokenExtension.
### Possible fixes
Workaround: use firefox.
### Extra information
Before this error, I was having another one related to CSP not allowing inline hash in style. I worked around it by changing the following config:
```
"cspStyle": "'self' 'unsafe-inline'"
```
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2729
Skin rule not working properly
2022-03-16T16:14:16Z
BEZY Rémy
Skin rule not working properly
### Concerned version
Version: %2.0.14
Platform: Nginx
### Summary
Issue : Wrong skin is being used with a Skin Rule
Wrong URL seems to be stored in $_url during SAML REQUEST and redirection to Login Portal.
We have an application t...
### Concerned version
Version: %2.0.14
Platform: Nginx
### Summary
Issue : Wrong skin is being used with a Skin Rule
Wrong URL seems to be stored in $_url during SAML REQUEST and redirection to Login Portal.
We have an application thas is connected to LemonLDAP-NG with SAML.
The user is automatically redirected from my application to LemonLDAP-NG Login portal
It seems that the wrong skin is used.
- Default Skin = BootStrap
- Custom Skin = MySkin
Skin Rule :
* Key = $_url =~ m#^https://myapplication.example.com/.*#
* Value = MySkin
With this configuration, it's my Bootstrap skin which is being used and not my custom Skin "MySkin" when the user comes from "https://preprod-myapplication.example.com"
However if I set the following rule :
* Key = $_url =~ m#^https://preprod-auth.example.com/.*#
* Value = MySkin
(Portal URL is https://preprod-auth.example.com)
My custom Skin is used for both Application and Auth URL
It seems that the key $_url contains https://preprod-auth.example.com/ and not https://preprod-myapplication.example.com/
### Logs
```
REMOVED
```
### Backends used
N/A
### Possible fixes
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2781
forAuthUser hook inconsistency according auth method
2023-01-12T10:10:57Z
Albert Rinceau
forAuthUser hook inconsistency according auth method
### Concerned version
Version: %2.0.14
### Summary
I have choice auth: LDAP or OIDC
I have a plugin with a function which is called at forAuthUser hook.
When authenticating with LDAP, after authentication function is called well.
...
### Concerned version
Version: %2.0.14
### Summary
I have choice auth: LDAP or OIDC
I have a plugin with a function which is called at forAuthUser hook.
When authenticating with LDAP, after authentication function is called well.
When authenticating with OIDC, plugin is not.
Once authenticated, if I come back on portal, then plugin triggers well anyway the authentication method used.
Not sure what should be the expected behavior during authentication.
### Logs
```
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Launching ::Auth::Choice::_endAuth
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Processing code ref
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Launching ::Plugins::Notifications::checkNotifDuringAuth
Aug 4 05:32:03 ansible LLNG[8824]: [info] No notification found
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Processing code ref
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Removing _choice from pdata
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Removing keepPdata from pdata
Aug 4 05:32:03 ansible LLNG[8824]: [debug] [notice] alt.r7-etprxwl@exemple.com@superIDP connected
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Calling autoredirect
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module Appslist
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition $_auth =~ /^(LDAP|DBI|Demo)$/ for module ChangePassword
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module LoginHistory
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition $_oidcConsents && $_oidcConsents =~ /\w+/ for module OidcConsents
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module Logout
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if Appslist has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if ChangePassword has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if LoginHistory has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if OidcConsents has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if Logout has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Searching for "alt.r7-etprxwl@exemple.com@superIDP" accepted notification(s)
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Skin returned: menu
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Calling sendHtml with template menu
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Use fr.json to override messages
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/mySkin/menu.tpl
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/mySkin/menu.tpl
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Apply following CORS policy :
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Origin
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Credentials
Aug 4 05:32:03 ansible LLNG[8824]: [debug] true
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Headers
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Methods
Aug 4 05:32:03 ansible LLNG[8824]: [debug] POST,GET
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Expose-Headers
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Max-Age
Aug 4 05:32:03 ansible LLNG[8824]: [debug] 86400
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline';form-action *;frame-ancestors 'none';
```
### Possible fixes
workaround is to trigger plugin for "forAuthUser" and "endAuth" hook, but "forAuthUser" behavior remains inconsistent according auth method.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2800
Session encoding corruption
2024-03-05T14:06:19Z
Benjamin Demarteau
Session encoding corruption
### Concerned version
Version: 1.9.22-1.el7 and 2.0.15.1-1.el8
Platform: httpd (Apache)
### Summary
After a while, sessions containing UTF-8 characters get double encoded.
### Logs
I can't tell exactly when the corruption happens. ...
### Concerned version
Version: 1.9.22-1.el7 and 2.0.15.1-1.el8
Platform: httpd (Apache)
### Summary
After a while, sessions containing UTF-8 characters get double encoded.
### Logs
I can't tell exactly when the corruption happens. If I delete the session from the manager, a new connection recreates the session correctly, after a while, accentuated characters become garbled again.
### Backends used
Auth mode is User/Pass, with LDAP user backend, session and appconfig are also stored in LDAP using globalStorage
```yaml
ini:
all:
globalStorage: Apache::Session::Browseable::LDAP
globalStorageOptions: |-
{ \
'type' => 'LDAP', \
'ldapServer' => 'ldap+tls://{{ ldap_host }}', \
'ldapConfBase' => 'ou=sessions,ou=lemonldap,ou=appconfig,dc=liege,dc=be', \
'ldapBindDN' => 'cn=lemonldap-{{ inventory_hostname }},ou=technical,ou=people,dc=liege,dc=be', \
'ldapBindPassword' => '{{ lemonldap_ldap_password }}', \
'ldapObjectClass' => 'applicationProcess', \
'ldapAttributeId' => 'cn', \
'ldapAttributeContent' => 'description', \
'ldapAttributeIndex' => 'ou', \
'Index' => '_whatToTrace _session_kind _assert_id' \
}
configuration:
type: LDAP
ldapServer: ldap+tls://{{ ldap_host }}
ldapConfBase: ou=config,ou=lemonldap,ou=appconfig,dc=liege,dc=be
ldapBindDN: cn=lemonldap-{{ inventory_hostname }},ou=technical,ou=people,dc=liege,dc=be
ldapBindPassword: "{{ lemonldap_ldap_password }}"
ldapObjectClass: applicationProcess
ldapAttributeId: cn
ldapAttributeContent: description
localStorageOptions: |-
{ \
'namespace' => 'lemonldap-ng-config', \
'default_expires_in' => 600, \
'directory_umask' => '007', \
'cache_root' => '/var/cache/lemonldap-ng', \
'cache_depth' => 3, \
}
```
### Possible fixes
We are writing a script that detects and removes sessions in the LDAP server. That's only a band aid though.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2813
libclass-xsaccessor-perl dependency is missing with fresh install
2022-10-25T19:07:42Z
Christophe Maudoux
chrmdx@gmail.com
libclass-xsaccessor-perl dependency is missing with fresh install
### Concerned version
Version: %2.0.15
Platform: All
### Summary
apt install libclass-xsaccessor-perl
### Logs
```
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route renewcaptcha added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314]...
### Concerned version
Version: %2.0.15
Platform: All
### Summary
apt install libclass-xsaccessor-perl
### Logs
```
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route renewcaptcha added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Plugin ::Captcha::SecurityImage initialized
Trace begun at (eval 13) line 1
main::__ANON__('Can\'t locate Class/XSAccessor.pm in @INC (you may need to install the Class::XSAccessor module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl) at /usr/share/perl5/Moo/_Utils.pm line 107, <DATA> line 960.^J') called at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Class/XSAccessor.pm') called at /usr/share/perl5/Moo/_Utils.pm line 151
Moo::_Utils::_maybe_load_module('Class::XSAccessor') called at /usr/share/perl5/Method/Generate/Accessor.pm line 20
Method::Generate::Accessor::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Method/Generate/Accessor.pm at /usr/share/perl5/Moo/Role.pm line 59
Moo::Role::_accessor_maker_for('Moo::Role', 'Throwable') called at /usr/share/perl5/Moo/Role.pm line 86
Moo::Role::has('previous_exception', 'is', 'ro', 'default', 'CODE(0x55c9856fee30)') called at /usr/share/perl5/Throwable.pm line 42
require Throwable.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Throwable.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Throwable') called at /usr/share/perl5/Moo/Role.pm line 303
Moo::Role::apply_roles_to_package('Moo::Role', 'Throwable::Error', 'Throwable', 'StackTrace::Auto') called at /usr/share/perl5/Moo.pm line 102
Moo::with('Throwable', 'StackTrace::Auto') called at /usr/share/perl5/Throwable/Error.pm line 5
require Throwable/Error.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Throwable/Error.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Throwable::Error') called at /usr/share/perl5/Moo.pm line 146
Moo::_set_superclasses('Moo', 'Email::Sender::Failure', 'Throwable::Error') called at /usr/share/perl5/Moo.pm line 96
Moo::extends('Throwable::Error') called at /usr/share/perl5/Email/Sender/Failure.pm line 5
require Email/Sender/Failure.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Email/Sender/Failure.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Email::Sender::Failure') called at /usr/share/perl5/Moo.pm line 146
Moo::_set_superclasses('Moo', 'Email::Sender::Failure::Temporary', 'Email::Sender::Failure') called at /usr/share/perl5/Moo.pm line 96
Moo::extends('Email::Sender::Failure') called at /usr/share/perl5/Email/Sender/Failure/Temporary.pm line 5
require Email/Sender/Failure/Temporary.pm at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 9
Email::Sender::Role::CommonSending::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Email/Sender/Role/CommonSending.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Email/Sender/Role/CommonSending.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Email::Sender::Role::CommonSending') called at /usr/share/perl5/Moo/Role.pm line 303
Moo::Role::apply_roles_to_package('Moo::Role', 'Email::Sender::Transport', 'Email::Sender::Role::CommonSending') called at /usr/share/perl5/Moo/Role.pm line 106
Moo::Role::with('Email::Sender::Role::CommonSending') called at /usr/share/perl5/Email/Sender/Transport.pm line 30
require Email/Sender/Transport.pm at /usr/share/perl5/Email/Sender/Simple.pm line 23
Email::Sender::Simple::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Email/Sender/Simple.pm at /usr/share/perl5/Lemonldap/NG/Portal/Lib/SMTP.pm line 12
Lemonldap::NG::Portal::Lib::SMTP::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Lemonldap/NG/Portal/Lib/SMTP.pm at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 295
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 295
Mouse::Util::_try_load_one_class('Lemonldap::NG::Portal::Lib::SMTP') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 303
Mouse::Util::load_class('Lemonldap::NG::Portal::Lib::SMTP') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Meta/Class.pm line 58
Mouse::Meta::Class::superclasses('Mouse::Meta::Class=HASH(0x55c984e0bac0)', 'Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Portal::Lib::_tokenRule') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse.pm line 35
Mouse::extends('Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Portal::Lib::_tokenRule') called at /usr/share/perl5/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm line 37
require Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm at (eval 119) line 1
eval 'require Lemonldap::NG::Portal::Plugins::MailPasswordReset' at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 583
Lemonldap::NG::Portal::Main::loadModule('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', '::Plugins::MailPasswordReset') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 477
Lemonldap::NG::Portal::Main::loadPlugin('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', '::Plugins::MailPasswordReset') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 373
Lemonldap::NG::Portal::Main::reloadConf('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c9841f5a28)') called at /usr/share/perl5/Lemonldap/NG/Handler/Main/Reload.pm line 82
Lemonldap::NG::Handler::Main::checkConf('Lemonldap::NG::Handler::PSGI::Main', 'Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)') called at /usr/share/perl5/Lemonldap/NG/Handler/Lib/PSGI.pm line 23
Lemonldap::NG::Handler::Lib::PSGI::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c984271628)') called at /usr/share/perl5/Lemonldap/NG/Handler/PSGI/Router.pm line 14
Lemonldap::NG::Handler::PSGI::Router::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c984271628)') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 140
Lemonldap::NG::Portal::Main::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c98309a6d8)') called at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 343
Lemonldap::NG::Common::PSGI::run('Lemonldap::NG::Portal::Main', 'HASH(0x55c98309a6d8)') called at /usr/share/lemonldap-ng/portal/htdocs/index.psgi line 3
require /usr/share/lemonldap-ng/portal/htdocs/index.psgi at /usr/share/lemonldap-ng/llng-server/llng-server.psgi line 52
Plack::Sandbox::_2fusr_2fshare_2flemonldap_2dng_2fllng_2dserver_2fllng_2dserver_2epsgi::__ANON__('HASH(0x55c982de2650)') called at /usr/share/lemonldap-ng/llng-server/llng-server.psgi line 66
Plack::Sandbox::_2fusr_2fshare_2flemonldap_2dng_2fllng_2dserver_2fllng_2dserver_2epsgi::__ANON__('HASH(0x55c982de2650)') called at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
Trace begun at (eval 13) line 1
main::__ANON__('Can\'t locate object method "tid" via package "threads" at /usr/share/perl/5.32/XSLoader.pm line 111, <DATA> line 960.^J') called at /usr/share/perl/5.32/XSLoader.pm line 111
eval {...} at /usr/share/perl/5.32/XSLoader.pm line 111
XSLoader::load('Net::SSLeay', 1.88) called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 444
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 446
require Net/SSLeay.pm at /usr/share/perl5/IO/Socket/SSL.pm line 19
IO::Socket::SSL::BEGIN at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 0
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 0
require IO/Socket/SSL.pm at /usr/share/perl/5.32/Net/SMTP.pm line 26
eval {...} at /usr/share/perl/5.3[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Module Lemonldap::NG::Portal::Plugins::MailPasswordReset loaded
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Declaring unauth route
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add POST route:
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route resetpwd added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add GET route:
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route resetpwd added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Plugin ::Plugins::MailPasswordReset initialized
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Module Lemonldap::NG::Portal::Plugins::Notifications loaded
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Declaring unauth route
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add POST route:
```
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2856
Possibility to check minimal special characters even if no special character ...
2023-01-25T18:01:19Z
Clément OUDOT
Possibility to check minimal special characters even if no special character list configured
For now, we can't allow minimal special characters if no special character list is defined.
If no special character list is configured, we should check minimal special characters with all special characters.
For now, we can't allow minimal special characters if no special character list is defined.
If no special character list is configured, we should check minimal special characters with all special characters.
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2888
SAML IdP-initiated Single Logout
2023-03-07T18:07:58Z
XIAOJUN TIAN
SAML IdP-initiated Single Logout
This is not an issue but more like a help ticket.
I am writing my own SAML sp and using LLNG as IdP to test. My own sp just supports IdP-initiated logout and I am looking for something similar with [SimpleSAMLphp IdP-initiated logout](h...
This is not an issue but more like a help ticket.
I am writing my own SAML sp and using LLNG as IdP to test. My own sp just supports IdP-initiated logout and I am looking for something similar with [SimpleSAMLphp IdP-initiated logout](https://webcache.googleusercontent.com/search?q=cache:U9D_G3YnUT0J:https://simplesamlphp.org/docs/1.16/simplesamlphp-idp-more.html&cd=1&hl=en&ct=clnk&gl=ca) at the page bottom.
I can tell after reading the official documentation and issues that LLNG should support SAML IdP-initiated logout but the information is in fragments. Can anyone give ideas on how to trigger the IdP-initiated logout? Many thanks!
For now, the IdP ```<SingleLogoutService>``` metadata looks like this, and I am using HTTP-Redirect for single logout (the single login has already worked out in my local environment):
```
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://idp.example.com:8080/saml/singleLogoutSOAP" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://idp.example.com:8080/saml/singleLogout"
ResponseLocation="http://idp.example.com:8080/saml/singleLogoutReturn"
/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://idp.example.com:8080/saml/singleLogout"
ResponseLocation="http://idp.example.com:8080/saml/singleLogoutReturn"
/>
```
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2927
Redirection loop on portal with oidc
2023-05-17T07:04:59Z
J-B V
Redirection loop on portal with oidc
### Concerned version
Version: 2.16.2
Platform: (Nginx)
### Summary
I'm trying to upgrade from lemonldap 2.0.13-2 to lemonldap 2.16.2 with the same configuration.
Everything is working fine except one of our oidc client: after auth, ...
### Concerned version
Version: 2.16.2
Platform: (Nginx)
### Summary
I'm trying to upgrade from lemonldap 2.0.13-2 to lemonldap 2.16.2 with the same configuration.
Everything is working fine except one of our oidc client: after auth, the web browser is going into a redirect loop on the portal instead of going to the redirect uri. The web browser display the "Redirection in progress" message and keep reloading the page.
The other OIDC client or CAS client are ok.
jsRedirect is set to 0.
There is no error in the browser console and the issue is the same with firefox v102 or Chrome v113.
The OS is a debian 10.13 for lemon 2.0.13-2 and a debian 12.0 for lemon 2.16.2
The issue was the same with version 2.16.1 last week.
The log with version 2.16.2 (redirect loop) show:
```
May 12 12:23:10 lemon2 LLNG[131]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Skin returned: redirect
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling sendHtml with template redirect
```
With version 2.0.13-2 (ok, no loop) we have:
```
May 12 12:29:13 lemon LLNG[329]: [debug] Redirect user to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=0291198
May 12 12:29:13 lemon LLNG[329]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:29:13 lemon LLNG[329]: [debug] Calling autoredirect
```
Detailled log of the two version are below.
### Logs
#### Logs with version 2.16.2:
```
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter client_id: mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF in hidden key client_id
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter state: b0da98665f354e8390831b792a29a492
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store b0da98665f354e8390831b792a29a492 in hidden key state
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter redirect_uri: https://biblio.toutapprendre.com/ws/auth>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store https://biblio.toutapprendre.com/ws/authLyon.aspx in hidden key redirec>
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter response_mode: form_post
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store form_post in hidden key response_mode
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcGotRequest
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC authorizationcode flow requested (response type: code)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Request from client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:23:10 lemon2 LLNG[131]: [debug] Client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF matches RP rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [debug] [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcResolveScope
May 12 12:23:10 lemon2 LLNG[131]: [debug] Resolved scopes: openid profile
May 12 12:23:10 lemon2 LLNG[131]: [debug] Consent is disabled for Relying Party rp-toutapprendre, user will not be prom>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcGenerateCode
May 12 12:23:10 lemon2 LLNG[131]: [debug] Generated code: 671c71aae51ec30a5e68c444e5d9e46d
May 12 12:23:10 lemon2 LLNG[131]: [debug] Delete all hidden values
May 12 12:23:10 lemon2 LLNG[131]: [debug] Processing autoPost
May 12 12:23:10 lemon2 LLNG[131]: [debug] Delete all hidden values
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store ItjPm152IqLR7wz9/R3f9uXiFydygQZAQJKzxrPPTkw=.empOZk1lalI3Uys2eDkrbXFDK3>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store 671c71aae51ec30a5e68c444e5d9e46d in hidden key code
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store b0da98665f354e8390831b792a29a492 in hidden key state
May 12 12:23:10 lemon2 LLNG[131]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Skin returned: redirect
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling sendHtml with template redirect
```
#### Log with version 2.0.13-2:
```
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter client_id: mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:29:13 lemon LLNG[329]: [debug] Store mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF in hidden key client_id
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter state: dae988ae12e049c3ba7768a876b99c6c
May 12 12:29:13 lemon LLNG[329]: [debug] Store dae988ae12e049c3ba7768a876b99c6c in hidden key state
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter redirect_uri: https://biblio.toutapprendre.com/ws/authLy
May 12 12:29:13 lemon LLNG[329]: [debug] Store https://biblio.toutapprendre.com/ws/authLyon.aspx in hidden key redirect_
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter response_mode: form_post
May 12 12:29:13 lemon LLNG[329]: [debug] Store form_post in hidden key response_mode
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcGotRequest
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC authorizationcode flow requested (response type: code)
May 12 12:29:13 lemon LLNG[329]: [debug] Request from client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:29:13 lemon LLNG[329]: [debug] Client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF matches RP rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [debug] [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcResolveScope
May 12 12:29:13 lemon LLNG[329]: [debug] Consent is disabled for Relying Party rp-toutapprendre, user will not be prompt
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcGenerateCode
May 12 12:29:13 lemon LLNG[329]: [debug] Generated code: 0291198f419f55353795de14235da1ee
May 12 12:29:13 lemon LLNG[329]: [debug] Delete all hidden values
May 12 12:29:13 lemon LLNG[329]: [debug] Redirect user to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=0291198
May 12 12:29:13 lemon LLNG[329]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:29:13 lemon LLNG[329]: [debug] Calling autoredirect
May 12 12:29:13 lemon LLNG[329]: [debug] Building redirection to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=
```
FAQ
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2930
migration u2f to webauthn => keys are no longer recognized
2023-05-19T07:42:10Z
Didier Testelin
migration u2f to webauthn => keys are no longer recognized
Version: lemonldap 2.16.2
https://hub.docker.com/r/coudot/lemonldap-ng/
I migrated u2f keys to webauthn.
The keys are no longer recognized.
Tests carried out:
1st trial
- webauthn configuration and U2F deactivation
- deletion of all se...
Version: lemonldap 2.16.2
https://hub.docker.com/r/coudot/lemonldap-ng/
I migrated u2f keys to webauthn.
The keys are no longer recognized.
Tests carried out:
1st trial
- webauthn configuration and U2F deactivation
- deletion of all sessions
- registration with username/password + double authentication Webauthn
- identification with username/password + Webauthn double authentication
=> no problem. Webauth works.
2nd test
- webauthn configuration and U2F deactivation
- restoration of old sessions under U2F
- launch of
lemonldap-ng-sessions secondfactors migrateu2f --all
- identification with username/password + Webauthn double authentication
=> error message stating that the key is not familiar. It is therefore not recognized.
Did I forget something for the migration?
THANKS.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2981
perl-lasso package
2023-08-17T00:26:27Z
Shane Treweek
perl-lasso package
just wondering I have installed lemonldap-ng on Nethserver(centos 7) running on Raspberry Pi I only need the perl-lasso package which I had access to one in the past that was compiled for arm32 but I know longer have access to the repo f...
just wondering I have installed lemonldap-ng on Nethserver(centos 7) running on Raspberry Pi I only need the perl-lasso package which I had access to one in the past that was compiled for arm32 but I know longer have access to the repo for it could you suggest anything (basically I just had to reinstall everything and my backup hdd was corrupted) if I had access to the .src.rpm I could compile it
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2986
Delete sessions of a user through Rest API
2023-08-18T09:01:59Z
Kanthanathan S
Delete sessions of a user through Rest API
We need to understand if there is a way to terminate all the sessions of a given user through Rest API/SOAP API.
We have an ldap at the backend and we have a self service portal that allows users to change their passwords. As part of...
We need to understand if there is a way to terminate all the sessions of a given user through Rest API/SOAP API.
We have an ldap at the backend and we have a self service portal that allows users to change their passwords. As part of our compliance, once the password is changed/reset all users sessions needs to be invalidated. WE are trying to achieve this with API integration.
Please advice.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3002
managerPassword is incorrectly decoded when using Conf::LDAP
2023-09-08T02:07:47Z
Maxime Besson
managerPassword is incorrectly decoded when using Conf::LDAP
### Affected version
Version: 2.17.0
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure LDAP as a conf backend and an auth backend
* set managerPassword=é
Password is incorrectly encoded when sent to LDAP server
related to #2...
### Affected version
Version: 2.17.0
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure LDAP as a conf backend and an auth backend
* set managerPassword=é
Password is incorrectly encoded when sent to LDAP server
related to #2748
```
Maxime Besson
Maxime Besson