lemonldap-ng issues
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues
2024-03-05T14:06:19Z
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2800
Session encoding corruption
2024-03-05T14:06:19Z
Benjamin Demarteau
Session encoding corruption
### Concerned version
Version: 1.9.22-1.el7 and 2.0.15.1-1.el8
Platform: httpd (Apache)
### Summary
After a while, sessions containing UTF-8 characters get double encoded.
### Logs
I can't tell exactly when the corruption happens. ...
### Concerned version
Version: 1.9.22-1.el7 and 2.0.15.1-1.el8
Platform: httpd (Apache)
### Summary
After a while, sessions containing UTF-8 characters get double encoded.
### Logs
I can't tell exactly when the corruption happens. If I delete the session from the manager, a new connection recreates the session correctly, after a while, accentuated characters become garbled again.
### Backends used
Auth mode is User/Pass, with LDAP user backend, session and appconfig are also stored in LDAP using globalStorage
```yaml
ini:
all:
globalStorage: Apache::Session::Browseable::LDAP
globalStorageOptions: |-
{ \
'type' => 'LDAP', \
'ldapServer' => 'ldap+tls://{{ ldap_host }}', \
'ldapConfBase' => 'ou=sessions,ou=lemonldap,ou=appconfig,dc=liege,dc=be', \
'ldapBindDN' => 'cn=lemonldap-{{ inventory_hostname }},ou=technical,ou=people,dc=liege,dc=be', \
'ldapBindPassword' => '{{ lemonldap_ldap_password }}', \
'ldapObjectClass' => 'applicationProcess', \
'ldapAttributeId' => 'cn', \
'ldapAttributeContent' => 'description', \
'ldapAttributeIndex' => 'ou', \
'Index' => '_whatToTrace _session_kind _assert_id' \
}
configuration:
type: LDAP
ldapServer: ldap+tls://{{ ldap_host }}
ldapConfBase: ou=config,ou=lemonldap,ou=appconfig,dc=liege,dc=be
ldapBindDN: cn=lemonldap-{{ inventory_hostname }},ou=technical,ou=people,dc=liege,dc=be
ldapBindPassword: "{{ lemonldap_ldap_password }}"
ldapObjectClass: applicationProcess
ldapAttributeId: cn
ldapAttributeContent: description
localStorageOptions: |-
{ \
'namespace' => 'lemonldap-ng-config', \
'default_expires_in' => 600, \
'directory_umask' => '007', \
'cache_root' => '/var/cache/lemonldap-ng', \
'cache_depth' => 3, \
}
```
### Possible fixes
We are writing a script that detects and removes sessions in the LDAP server. That's only a band aid though.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3002
managerPassword is incorrectly decoded when using Conf::LDAP
2023-09-08T02:07:47Z
Maxime Besson
managerPassword is incorrectly decoded when using Conf::LDAP
### Affected version
Version: 2.17.0
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure LDAP as a conf backend and an auth backend
* set managerPassword=é
Password is incorrectly encoded when sent to LDAP server
related to #2...
### Affected version
Version: 2.17.0
Platform: (Nginx/Apache/Node.js)
### Summary
* Configure LDAP as a conf backend and an auth backend
* set managerPassword=é
Password is incorrectly encoded when sent to LDAP server
related to #2748
```
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2986
Delete sessions of a user through Rest API
2023-08-18T09:01:59Z
Kanthanathan S
Delete sessions of a user through Rest API
We need to understand if there is a way to terminate all the sessions of a given user through Rest API/SOAP API.
We have an ldap at the backend and we have a self service portal that allows users to change their passwords. As part of...
We need to understand if there is a way to terminate all the sessions of a given user through Rest API/SOAP API.
We have an ldap at the backend and we have a self service portal that allows users to change their passwords. As part of our compliance, once the password is changed/reset all users sessions needs to be invalidated. WE are trying to achieve this with API integration.
Please advice.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2981
perl-lasso package
2023-08-17T00:26:27Z
Shane Treweek
perl-lasso package
just wondering I have installed lemonldap-ng on Nethserver(centos 7) running on Raspberry Pi I only need the perl-lasso package which I had access to one in the past that was compiled for arm32 but I know longer have access to the repo f...
just wondering I have installed lemonldap-ng on Nethserver(centos 7) running on Raspberry Pi I only need the perl-lasso package which I had access to one in the past that was compiled for arm32 but I know longer have access to the repo for it could you suggest anything (basically I just had to reinstall everything and my backup hdd was corrupted) if I had access to the .src.rpm I could compile it
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2930
migration u2f to webauthn => keys are no longer recognized
2023-05-19T07:42:10Z
Didier Testelin
migration u2f to webauthn => keys are no longer recognized
Version: lemonldap 2.16.2
https://hub.docker.com/r/coudot/lemonldap-ng/
I migrated u2f keys to webauthn.
The keys are no longer recognized.
Tests carried out:
1st trial
- webauthn configuration and U2F deactivation
- deletion of all se...
Version: lemonldap 2.16.2
https://hub.docker.com/r/coudot/lemonldap-ng/
I migrated u2f keys to webauthn.
The keys are no longer recognized.
Tests carried out:
1st trial
- webauthn configuration and U2F deactivation
- deletion of all sessions
- registration with username/password + double authentication Webauthn
- identification with username/password + Webauthn double authentication
=> no problem. Webauth works.
2nd test
- webauthn configuration and U2F deactivation
- restoration of old sessions under U2F
- launch of
lemonldap-ng-sessions secondfactors migrateu2f --all
- identification with username/password + Webauthn double authentication
=> error message stating that the key is not familiar. It is therefore not recognized.
Did I forget something for the migration?
THANKS.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2927
Redirection loop on portal with oidc
2023-05-17T07:04:59Z
J-B V
Redirection loop on portal with oidc
### Concerned version
Version: 2.16.2
Platform: (Nginx)
### Summary
I'm trying to upgrade from lemonldap 2.0.13-2 to lemonldap 2.16.2 with the same configuration.
Everything is working fine except one of our oidc client: after auth, ...
### Concerned version
Version: 2.16.2
Platform: (Nginx)
### Summary
I'm trying to upgrade from lemonldap 2.0.13-2 to lemonldap 2.16.2 with the same configuration.
Everything is working fine except one of our oidc client: after auth, the web browser is going into a redirect loop on the portal instead of going to the redirect uri. The web browser display the "Redirection in progress" message and keep reloading the page.
The other OIDC client or CAS client are ok.
jsRedirect is set to 0.
There is no error in the browser console and the issue is the same with firefox v102 or Chrome v113.
The OS is a debian 10.13 for lemon 2.0.13-2 and a debian 12.0 for lemon 2.16.2
The issue was the same with version 2.16.1 last week.
The log with version 2.16.2 (redirect loop) show:
```
May 12 12:23:10 lemon2 LLNG[131]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Skin returned: redirect
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling sendHtml with template redirect
```
With version 2.0.13-2 (ok, no loop) we have:
```
May 12 12:29:13 lemon LLNG[329]: [debug] Redirect user to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=0291198
May 12 12:29:13 lemon LLNG[329]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:29:13 lemon LLNG[329]: [debug] Calling autoredirect
```
Detailled log of the two version are below.
### Logs
#### Logs with version 2.16.2:
```
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter client_id: mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF in hidden key client_id
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter state: b0da98665f354e8390831b792a29a492
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store b0da98665f354e8390831b792a29a492 in hidden key state
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter redirect_uri: https://biblio.toutapprendre.com/ws/auth>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store https://biblio.toutapprendre.com/ws/authLyon.aspx in hidden key redirec>
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC request parameter response_mode: form_post
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store form_post in hidden key response_mode
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcGotRequest
May 12 12:23:10 lemon2 LLNG[131]: [debug] OIDC authorizationcode flow requested (response type: code)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Request from client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:23:10 lemon2 LLNG[131]: [debug] Client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF matches RP rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [debug] [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcResolveScope
May 12 12:23:10 lemon2 LLNG[131]: [debug] Resolved scopes: openid profile
May 12 12:23:10 lemon2 LLNG[131]: [debug] Consent is disabled for Relying Party rp-toutapprendre, user will not be prom>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling hook oidcGenerateCode
May 12 12:23:10 lemon2 LLNG[131]: [debug] Generated code: 671c71aae51ec30a5e68c444e5d9e46d
May 12 12:23:10 lemon2 LLNG[131]: [debug] Delete all hidden values
May 12 12:23:10 lemon2 LLNG[131]: [debug] Processing autoPost
May 12 12:23:10 lemon2 LLNG[131]: [debug] Delete all hidden values
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store ItjPm152IqLR7wz9/R3f9uXiFydygQZAQJKzxrPPTkw=.empOZk1lalI3Uys2eDkrbXFDK3>
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store 671c71aae51ec30a5e68c444e5d9e46d in hidden key code
May 12 12:23:10 lemon2 LLNG[131]: [debug] Store b0da98665f354e8390831b792a29a492 in hidden key state
May 12 12:23:10 lemon2 LLNG[131]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:23:10 lemon2 LLNG[131]: [debug] Skin returned: redirect
May 12 12:23:10 lemon2 LLNG[131]: [debug] Calling sendHtml with template redirect
```
#### Log with version 2.0.13-2:
```
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter client_id: mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:29:13 lemon LLNG[329]: [debug] Store mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF in hidden key client_id
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter state: dae988ae12e049c3ba7768a876b99c6c
May 12 12:29:13 lemon LLNG[329]: [debug] Store dae988ae12e049c3ba7768a876b99c6c in hidden key state
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter redirect_uri: https://biblio.toutapprendre.com/ws/authLy
May 12 12:29:13 lemon LLNG[329]: [debug] Store https://biblio.toutapprendre.com/ws/authLyon.aspx in hidden key redirect_
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC request parameter response_mode: form_post
May 12 12:29:13 lemon LLNG[329]: [debug] Store form_post in hidden key response_mode
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcGotRequest
May 12 12:29:13 lemon LLNG[329]: [debug] OIDC authorizationcode flow requested (response type: code)
May 12 12:29:13 lemon LLNG[329]: [debug] Request from client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF
May 12 12:29:13 lemon LLNG[329]: [debug] Client id mhsxpzzqkzvkCXNkvJThLgKHCMdjfRkF matches RP rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [debug] [notice] User 27001000006666 (BML) is authorized to access to rp-toutapprendre
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcResolveScope
May 12 12:29:13 lemon LLNG[329]: [debug] Consent is disabled for Relying Party rp-toutapprendre, user will not be prompt
May 12 12:29:13 lemon LLNG[329]: [debug] Calling hook oidcGenerateCode
May 12 12:29:13 lemon LLNG[329]: [debug] Generated code: 0291198f419f55353795de14235da1ee
May 12 12:29:13 lemon LLNG[329]: [debug] Delete all hidden values
May 12 12:29:13 lemon LLNG[329]: [debug] Redirect user to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=0291198
May 12 12:29:13 lemon LLNG[329]: [debug] Returned status: -2 (PE_REDIRECT)
May 12 12:29:13 lemon LLNG[329]: [debug] Calling autoredirect
May 12 12:29:13 lemon LLNG[329]: [debug] Building redirection to https://biblio.toutapprendre.com/ws/authLyon.aspx?code=
```
FAQ
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2888
SAML IdP-initiated Single Logout
2023-03-07T18:07:58Z
XIAOJUN TIAN
SAML IdP-initiated Single Logout
This is not an issue but more like a help ticket.
I am writing my own SAML sp and using LLNG as IdP to test. My own sp just supports IdP-initiated logout and I am looking for something similar with [SimpleSAMLphp IdP-initiated logout](h...
This is not an issue but more like a help ticket.
I am writing my own SAML sp and using LLNG as IdP to test. My own sp just supports IdP-initiated logout and I am looking for something similar with [SimpleSAMLphp IdP-initiated logout](https://webcache.googleusercontent.com/search?q=cache:U9D_G3YnUT0J:https://simplesamlphp.org/docs/1.16/simplesamlphp-idp-more.html&cd=1&hl=en&ct=clnk&gl=ca) at the page bottom.
I can tell after reading the official documentation and issues that LLNG should support SAML IdP-initiated logout but the information is in fragments. Can anyone give ideas on how to trigger the IdP-initiated logout? Many thanks!
For now, the IdP ```<SingleLogoutService>``` metadata looks like this, and I am using HTTP-Redirect for single logout (the single login has already worked out in my local environment):
```
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://idp.example.com:8080/saml/singleLogoutSOAP" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://idp.example.com:8080/saml/singleLogout"
ResponseLocation="http://idp.example.com:8080/saml/singleLogoutReturn"
/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://idp.example.com:8080/saml/singleLogout"
ResponseLocation="http://idp.example.com:8080/saml/singleLogoutReturn"
/>
```
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2100
Migrating SOAP Proxy clients to 2.0 with a 1.9 Server gives empty @INC errors
2023-02-04T15:31:12Z
Greg B
Migrating SOAP Proxy clients to 2.0 with a 1.9 Server gives empty @INC errors
### Concerned version
Version: %"2.0.7"
Platform: Apache
### Summary
When updating lemonldap handler to 2.0 from a previous 1.9 install, I Get the following error:
```
SOAP error : Failed to access class (Lemonldap::NG::Common::PSGI...
### Concerned version
Version: %"2.0.7"
Platform: Apache
### Summary
When updating lemonldap handler to 2.0 from a previous 1.9 install, I Get the following error:
```
SOAP error : Failed to access class (Lemonldap::NG::Common::PSGI::SOAPService): Can't locate Lemonldap/NG/Common/PSGI/SOAPService.pm in @INC (you may need to install the Lemonldap::NG::Common::PSGI::SOAPService module) (@INC contains:) at (eval 12931) line 2.
```
I modified the apache vhost config has to have he following lines:
```
PerlOptions +GlobalRequest
PerlModule Lemonldap::NG::Handler::ApacheMP2
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
```
I tried to move the first two lines outside of vhost as explained in the doc but there is no difference.
I obtain the same error when running /usr/share/lemonldap-ng/bin/purgeLocalCache with the same empty @INC
Printing @INC in the _soapCall sub of SOAP.pm gives me the following content:
```
/etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base
```
configuration part of lemonldap-ng.ini contains the following:
```
type = SOAP
proxy = https://auth.evok.ch/index.pl/config
localStorage=Cache::FileCache
localStorageOptions={ \
'namespace' => 'lemonldap-ng-config',\
'default_expires_in' => 600, \
'directory_umask' => '007', \
'cache_root' => '/tmp', \
'cache_depth' => 0, \
}
```
### Logs
```
[Thu Feb 20 13:55:02.542993 2020] [perl:debug] [pid 7977:tid 140195441665792] Apache2.pm(14): Check configuration for Lemonldap::NG::Handler::ApacheMP2::Main
SOAP error : Failed to access class (Lemonldap::NG::Common::PSGI::SOAPService): Can't locate Lemonldap/NG/Common/PSGI/SOAPService.pm in @INC (you may need to install the Lemonldap::NG::Common::PSGI::SOAPService module) (@INC contains:) at (eval 22479) line 2.
[Thu Feb 20 13:55:02.696757 2020] [perl:error] [pid 7977:tid 140195441665792] Lemonldap::NG::Handler::ApacheMP2::Main: Unable to load configuration: Lemonldap::NG::Common::Conf::Backends::SOAP loaded.\nError: No configuration available in backend.\nError: No configuration found in local cache
[Thu Feb 20 13:55:02.696846 2020] [perl:error] [pid 7977:tid 140195441665792] Lemonldap::NG::Handler::ApacheMP2::Main: No configuration found
```
### Backends used
Backend is a 1.9.21 on Debian Jessie installed through lemonldap 1.9 repo
type is SOAP
Works with all 1.9 clients but none of the 2.0 clients.
As suggested in the upgrade doc, I want to upgrade the clients (I have ~20 of them) before upgrading the backend.
### Possible fixes
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2206
Can not use brute-force protection with Combination
2023-01-31T22:37:28Z
Dominique Fournier
Can not use brute-force protection with Combination
### Concerned version
Version: %2.0.8
Platform: (Nginx)
### Summary
When using Combination authentication model, the brute-force protection doesn't works
### Logs
```
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Processing getUser
...
### Concerned version
Version: %2.0.8
Platform: (Nginx)
### Summary
When using Combination authentication model, the brute-force protection doesn't works
### Logs
```
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Processing getUser
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] [notice] Combination (Lemonldap::NG::Portal::Lib::LDAP): UNKNOWNUSER was not found in LDAP directory
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Prepare token
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Token 1586872129_23810 created
Apr 15 11:46:49 meeting2 LLNG[28355]: [info] Scheme "LDAPZimbra" returned 5, trying next
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Processing extractFormInfo
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Processing getUser
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] [notice] Combination (Lemonldap::NG::Portal::Lib::LDAP): UNKNOWNUSER was not found in LDAP directory
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Prepare token
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] Token 1586872129_58009 created
Apr 15 11:46:49 meeting2 LLNG[28355]: [debug] [warn] All schemes failed for user UNKNOWNUSER
...
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Call bind for uid=dominique.fournier,ou=people,dc=grenoble,dc=cnrs,dc=fr
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] [warn] Bad password for dominique.fournier@grenoble.cnrs.fr
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Prepare token
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Token 1586872176_42383 created
Apr 15 11:47:36 meeting2 LLNG[28356]: [info] Scheme "LDAPZimbra" returned 5, trying next
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] -> authResult = 0
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Processing extractFormInfo
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Processing getUser
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] [notice] Combination (Lemonldap::NG::Portal::Lib::LDAP): dominique.fournier@grenoble.cnrs.fr was not found in LDAP directory
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Prepare token
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Token 1586872176_212 created
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] [warn] All schemes failed for user dominique.fournier@grenoble.cnrs.fr
Apr 15 11:47:36 meeting2 LLNG[28356]: [debug] Returned error: 5 (PE_BADCREDENTIALS)
```
### Backends used
The backends used are LDAP or Exchange.
### More analysis
Christophe Maudoux has analyze this problem the 15/04 on the mailling list.
It says : *With Combination, seems history plugin is called if scheme succeeds...*
But it is not
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2856
Possibility to check minimal special characters even if no special character ...
2023-01-25T18:01:19Z
Clément OUDOT
Possibility to check minimal special characters even if no special character list configured
For now, we can't allow minimal special characters if no special character list is defined.
If no special character list is configured, we should check minimal special characters with all special characters.
For now, we can't allow minimal special characters if no special character list is defined.
If no special character list is configured, we should check minimal special characters with all special characters.
FAQ
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2781
forAuthUser hook inconsistency according auth method
2023-01-12T10:10:57Z
Albert Rinceau
forAuthUser hook inconsistency according auth method
### Concerned version
Version: %2.0.14
### Summary
I have choice auth: LDAP or OIDC
I have a plugin with a function which is called at forAuthUser hook.
When authenticating with LDAP, after authentication function is called well.
...
### Concerned version
Version: %2.0.14
### Summary
I have choice auth: LDAP or OIDC
I have a plugin with a function which is called at forAuthUser hook.
When authenticating with LDAP, after authentication function is called well.
When authenticating with OIDC, plugin is not.
Once authenticated, if I come back on portal, then plugin triggers well anyway the authentication method used.
Not sure what should be the expected behavior during authentication.
### Logs
```
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Launching ::Auth::Choice::_endAuth
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Processing code ref
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Launching ::Plugins::Notifications::checkNotifDuringAuth
Aug 4 05:32:03 ansible LLNG[8824]: [info] No notification found
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Processing code ref
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Removing _choice from pdata
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Removing keepPdata from pdata
Aug 4 05:32:03 ansible LLNG[8824]: [debug] [notice] alt.r7-etprxwl@exemple.com@superIDP connected
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Calling autoredirect
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module Appslist
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition $_auth =~ /^(LDAP|DBI|Demo)$/ for module ChangePassword
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module LoginHistory
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition $_oidcConsents && $_oidcConsents =~ /\w+/ for module OidcConsents
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Evaluate condition 1 for module Logout
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if Appslist has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if ChangePassword has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if LoginHistory has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if OidcConsents has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Check if Logout has to be displayed
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Searching for "alt.r7-etprxwl@exemple.com@superIDP" accepted notification(s)
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Skin returned: menu
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Calling sendHtml with template menu
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Use fr.json to override messages
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/mySkin/menu.tpl
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Sending /usr/share/lemonldap-ng/portal/templates/mySkin/menu.tpl
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Apply following CORS policy :
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Origin
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Credentials
Aug 4 05:32:03 ansible LLNG[8824]: [debug] true
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Headers
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Allow-Methods
Aug 4 05:32:03 ansible LLNG[8824]: [debug] POST,GET
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Expose-Headers
Aug 4 05:32:03 ansible LLNG[8824]: [debug] *
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Access-Control-Max-Age
Aug 4 05:32:03 ansible LLNG[8824]: [debug] 86400
Aug 4 05:32:03 ansible LLNG[8824]: [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline';form-action *;frame-ancestors 'none';
```
### Possible fixes
workaround is to trigger plugin for "forAuthUser" and "endAuth" hook, but "forAuthUser" behavior remains inconsistent according auth method.
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2813
libclass-xsaccessor-perl dependency is missing with fresh install
2022-10-25T19:07:42Z
Christophe Maudoux
chrmdx@gmail.com
libclass-xsaccessor-perl dependency is missing with fresh install
### Concerned version
Version: %2.0.15
Platform: All
### Summary
apt install libclass-xsaccessor-perl
### Logs
```
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route renewcaptcha added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314]...
### Concerned version
Version: %2.0.15
Platform: All
### Summary
apt install libclass-xsaccessor-perl
### Logs
```
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route renewcaptcha added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Plugin ::Captcha::SecurityImage initialized
Trace begun at (eval 13) line 1
main::__ANON__('Can\'t locate Class/XSAccessor.pm in @INC (you may need to install the Class::XSAccessor module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl) at /usr/share/perl5/Moo/_Utils.pm line 107, <DATA> line 960.^J') called at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Class/XSAccessor.pm') called at /usr/share/perl5/Moo/_Utils.pm line 151
Moo::_Utils::_maybe_load_module('Class::XSAccessor') called at /usr/share/perl5/Method/Generate/Accessor.pm line 20
Method::Generate::Accessor::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Method/Generate/Accessor.pm at /usr/share/perl5/Moo/Role.pm line 59
Moo::Role::_accessor_maker_for('Moo::Role', 'Throwable') called at /usr/share/perl5/Moo/Role.pm line 86
Moo::Role::has('previous_exception', 'is', 'ro', 'default', 'CODE(0x55c9856fee30)') called at /usr/share/perl5/Throwable.pm line 42
require Throwable.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Throwable.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Throwable') called at /usr/share/perl5/Moo/Role.pm line 303
Moo::Role::apply_roles_to_package('Moo::Role', 'Throwable::Error', 'Throwable', 'StackTrace::Auto') called at /usr/share/perl5/Moo.pm line 102
Moo::with('Throwable', 'StackTrace::Auto') called at /usr/share/perl5/Throwable/Error.pm line 5
require Throwable/Error.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Throwable/Error.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Throwable::Error') called at /usr/share/perl5/Moo.pm line 146
Moo::_set_superclasses('Moo', 'Email::Sender::Failure', 'Throwable::Error') called at /usr/share/perl5/Moo.pm line 96
Moo::extends('Throwable::Error') called at /usr/share/perl5/Email/Sender/Failure.pm line 5
require Email/Sender/Failure.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Email/Sender/Failure.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Email::Sender::Failure') called at /usr/share/perl5/Moo.pm line 146
Moo::_set_superclasses('Moo', 'Email::Sender::Failure::Temporary', 'Email::Sender::Failure') called at /usr/share/perl5/Moo.pm line 96
Moo::extends('Email::Sender::Failure') called at /usr/share/perl5/Email/Sender/Failure/Temporary.pm line 5
require Email/Sender/Failure/Temporary.pm at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 9
Email::Sender::Role::CommonSending::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Email/Sender/Role/CommonSending.pm at /usr/share/perl5/Moo/_Utils.pm line 107
eval {...} at /usr/share/perl5/Moo/_Utils.pm line 107
Moo::_Utils::_require('Email/Sender/Role/CommonSending.pm') called at /usr/share/perl5/Moo/_Utils.pm line 125
Moo::_Utils::_load_module('Email::Sender::Role::CommonSending') called at /usr/share/perl5/Moo/Role.pm line 303
Moo::Role::apply_roles_to_package('Moo::Role', 'Email::Sender::Transport', 'Email::Sender::Role::CommonSending') called at /usr/share/perl5/Moo/Role.pm line 106
Moo::Role::with('Email::Sender::Role::CommonSending') called at /usr/share/perl5/Email/Sender/Transport.pm line 30
require Email/Sender/Transport.pm at /usr/share/perl5/Email/Sender/Simple.pm line 23
Email::Sender::Simple::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Email/Sender/Simple.pm at /usr/share/perl5/Lemonldap/NG/Portal/Lib/SMTP.pm line 12
Lemonldap::NG::Portal::Lib::SMTP::BEGIN at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
require Lemonldap/NG/Portal/Lib/SMTP.pm at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 295
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 295
Mouse::Util::_try_load_one_class('Lemonldap::NG::Portal::Lib::SMTP') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Util.pm line 303
Mouse::Util::load_class('Lemonldap::NG::Portal::Lib::SMTP') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse/Meta/Class.pm line 58
Mouse::Meta::Class::superclasses('Mouse::Meta::Class=HASH(0x55c984e0bac0)', 'Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Portal::Lib::_tokenRule') called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Mouse.pm line 35
Mouse::extends('Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Main::Plugin', 'Lemonldap::NG::Portal::Lib::_tokenRule') called at /usr/share/perl5/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm line 37
require Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm at (eval 119) line 1
eval 'require Lemonldap::NG::Portal::Plugins::MailPasswordReset' at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 583
Lemonldap::NG::Portal::Main::loadModule('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', '::Plugins::MailPasswordReset') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 477
Lemonldap::NG::Portal::Main::loadPlugin('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', '::Plugins::MailPasswordReset') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 373
Lemonldap::NG::Portal::Main::reloadConf('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c9841f5a28)') called at /usr/share/perl5/Lemonldap/NG/Handler/Main/Reload.pm line 82
Lemonldap::NG::Handler::Main::checkConf('Lemonldap::NG::Handler::PSGI::Main', 'Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)') called at /usr/share/perl5/Lemonldap/NG/Handler/Lib/PSGI.pm line 23
Lemonldap::NG::Handler::Lib::PSGI::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c984271628)') called at /usr/share/perl5/Lemonldap/NG/Handler/PSGI/Router.pm line 14
Lemonldap::NG::Handler::PSGI::Router::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c984271628)') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 140
Lemonldap::NG::Portal::Main::init('Lemonldap::NG::Portal::Main=HASH(0x55c98424f8a0)', 'HASH(0x55c98309a6d8)') called at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 343
Lemonldap::NG::Common::PSGI::run('Lemonldap::NG::Portal::Main', 'HASH(0x55c98309a6d8)') called at /usr/share/lemonldap-ng/portal/htdocs/index.psgi line 3
require /usr/share/lemonldap-ng/portal/htdocs/index.psgi at /usr/share/lemonldap-ng/llng-server/llng-server.psgi line 52
Plack::Sandbox::_2fusr_2fshare_2flemonldap_2dng_2fllng_2dserver_2fllng_2dserver_2epsgi::__ANON__('HASH(0x55c982de2650)') called at /usr/share/lemonldap-ng/llng-server/llng-server.psgi line 66
Plack::Sandbox::_2fusr_2fshare_2flemonldap_2dng_2fllng_2dserver_2fllng_2dserver_2epsgi::__ANON__('HASH(0x55c982de2650)') called at /usr/share/perl5/Method/Generate/Accessor.pm line 26
eval {...} at /usr/share/perl5/Method/Generate/Accessor.pm line 26
Trace begun at (eval 13) line 1
main::__ANON__('Can\'t locate object method "tid" via package "threads" at /usr/share/perl/5.32/XSLoader.pm line 111, <DATA> line 960.^J') called at /usr/share/perl/5.32/XSLoader.pm line 111
eval {...} at /usr/share/perl/5.32/XSLoader.pm line 111
XSLoader::load('Net::SSLeay', 1.88) called at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 444
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 446
require Net/SSLeay.pm at /usr/share/perl5/IO/Socket/SSL.pm line 19
IO::Socket::SSL::BEGIN at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 0
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.32/Net/SSLeay.pm line 0
require IO/Socket/SSL.pm at /usr/share/perl/5.32/Net/SMTP.pm line 26
eval {...} at /usr/share/perl/5.3[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Module Lemonldap::NG::Portal::Plugins::MailPasswordReset loaded
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Declaring unauth route
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add POST route:
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route resetpwd added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add GET route:
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] route resetpwd added
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Plugin ::Plugins::MailPasswordReset initialized
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Module Lemonldap::NG::Portal::Plugins::Notifications loaded
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Declaring unauth route
[Fri Oct 21 17:12:56 2022] [LLNG:2723314] [debug] Add POST route:
```
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2643
U2F does not work in uwsgi due to json library conflict
2022-09-14T09:32:32Z
Maxime Besson
U2F does not work in uwsgi due to json library conflict
### Concerned version
Version: 2.0.13
Platform: Debian >= 10, possibly CentOS
### Summary
* Configure LLNG to run in Apache or Nginx
* Try to register a U2F device in the device => OK
* Configure LLNG to run in UWSGI
* Try to registe...
### Concerned version
Version: 2.0.13
Platform: Debian >= 10, possibly CentOS
### Summary
* Configure LLNG to run in Apache or Nginx
* Try to register a U2F device in the device => OK
* Configure LLNG to run in UWSGI
* Try to register a U2F device => FAIL
### Logs
On UWSGI:
```
[debug] Prepare U2F verification
[debug] -> Send challenge:
```
(challenge is empty)
### Cause
After investigating this, I found that the challenge is correctly generated by libu2f-server, but there is an issue that prevents it from being generated as JSON correctly
output of `authenticationChallenge` function:
```
{ "keyHandle": null, "version": null, "challenge": null, "appId": null }
```
The code that serialized the challenge to JSON is here:
https://github.com/Yubico/libu2f-server/blob/master/u2f-server/core.c#L999
We see that is uses `json_object_get` to populate the JSON fields (keyHandle, challenge, etc)
But UWSGI is build again libjansson which also defines a `json_object_get` symbol that conflicts with the one used by libu2f-server!
```
37083: symbol=json_object_get; lookup in file=uwsgi [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libpthread.so.0 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libm.so.6 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libdl.so.2 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libz.so.1 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libpcre.so.3 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libcap.so.2 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libuuid.so.1 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libyaml-0.so.2 [0]
37083: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libjansson.so.4 [0]
37083: binding file /lib/x86_64-linux-gnu/libu2f-server.so.0 [0] to /lib/x86_64-linux-gnu/libjansson.so.4 [0]: normal symbol `json_object_get' [JSONC_0.14]
```
Instead of libjson-c.so.5 (when using Apache):
```
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libdl.so.2 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libm.so.6 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libpthread.so.0 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libc.so.6 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libcrypt.so.1 [0]
37091: symbol=json_object_get; lookup in file=/lib64/ld-linux-x86-64.so.2 [0]
37091: symbol=json_object_get; lookup in file=/usr/lib/x86_64-linux-gnu/perl5/5.32/auto/Crypt/U2F/Server/Server.so [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libu2f-server.so.0 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libc.so.6 [0]
37091: symbol=json_object_get; lookup in file=/lib/x86_64-linux-gnu/libjson-c.so.5 [0]
37091: binding file /lib/x86_64-linux-gnu/libu2f-server.so.0 [0] to /lib/x86_64-linux-gnu/libjson-c.so.5 [0]: normal symbol `json_object_get' [JSONC_0.14]
```
This problem does not occur in old versions of libu2f-server because they did not use json_object_get
https://github.com/Yubico/libu2f-server/commit/eea59f260ba2fe71aee911e60068743acf00dc40
### Possible fixes
A workaround I found is to force priority to json-c bindings with LD_PRELOAD. But that probably means uwsgi cannot parse JSON configs anymore
A long term fix would be for Jansson and JSON-C to use symbol versionning. JSON-C does it in Bullseye (but not in Buster, nor CentOS7)
see https://github.com/json-c/json-c/issues/621
Building uwsgi against yajl could work as well, but I have not tested it.
This issue needs to be reported in the docs
@maudoux have you already encountered this issue? Do you use U2F in production on your uwsgi servers?
FAQ
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2624
Import unicode2iso and iso2unicode into Safe jail
2022-07-01T18:07:28Z
Christophe Maudoux
chrmdx@gmail.com
Import unicode2iso and iso2unicode into Safe jail
### Summary
I planned to deploy two flavours of SSO as a service soon (full and hybrid). So, DevOps handler will be employed but Safe jail is required. We use uWSGI server and we are facing encoding issues. To by pass those I used unic...
### Summary
I planned to deploy two flavours of SSO as a service soon (full and hybrid). So, DevOps handler will be employed but Safe jail is required. We use uWSGI server and we are facing encoding issues. To by pass those I used unicode2iso and iso2unicode extended functions.
Problem is those functions are not compliant with Safe jail. I tried many solutions but without success...
Help would be appreciated 🙏
### Design proposition
Import unicode2iso and other into Safe jail.
2.0.15
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2729
Skin rule not working properly
2022-03-16T16:14:16Z
BEZY Rémy
Skin rule not working properly
### Concerned version
Version: %2.0.14
Platform: Nginx
### Summary
Issue : Wrong skin is being used with a Skin Rule
Wrong URL seems to be stored in $_url during SAML REQUEST and redirection to Login Portal.
We have an application t...
### Concerned version
Version: %2.0.14
Platform: Nginx
### Summary
Issue : Wrong skin is being used with a Skin Rule
Wrong URL seems to be stored in $_url during SAML REQUEST and redirection to Login Portal.
We have an application thas is connected to LemonLDAP-NG with SAML.
The user is automatically redirected from my application to LemonLDAP-NG Login portal
It seems that the wrong skin is used.
- Default Skin = BootStrap
- Custom Skin = MySkin
Skin Rule :
* Key = $_url =~ m#^https://myapplication.example.com/.*#
* Value = MySkin
With this configuration, it's my Bootstrap skin which is being used and not my custom Skin "MySkin" when the user comes from "https://preprod-myapplication.example.com"
However if I set the following rule :
* Key = $_url =~ m#^https://preprod-auth.example.com/.*#
* Value = MySkin
(Portal URL is https://preprod-auth.example.com)
My custom Skin is used for both Application and Auth URL
It seems that the key $_url contains https://preprod-auth.example.com/ and not https://preprod-myapplication.example.com/
### Logs
```
REMOVED
```
### Backends used
N/A
### Possible fixes
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2695
U2F does not work anymore with Brave 1.35.101 / Chromium 98.0.4758.87
2022-02-14T09:15:02Z
Benjamin MALYNOVYTCH
U2F does not work anymore with Brave 1.35.101 / Chromium 98.0.4758.87
### Concerned version
Version: 2.0.13
Platform: nginx / perl-fcgi
### Summary
Using U2F/Fido USB token doesn't work anymore (key doesn't blink while page indicates it is waiting for it, browser doesn't even ask to authorize using the...
### Concerned version
Version: 2.0.13
Platform: nginx / perl-fcgi
### Summary
Using U2F/Fido USB token doesn't work anymore (key doesn't blink while page indicates it is waiting for it, browser doesn't even ask to authorize using the key, while it used to) with latest Brave version on MacOS.
Seems to still be working with older versions of Brave (successfully tested on Brave 1.33.106 / Chromium 96.0.4664.110)
### Logs
Browser JS log:
```
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null').
(anonymous) @ u2f-api.min.js:2
load (async)
u2f.getIframePort_ @ u2f-api.min.js:2
(anonymous) @ u2f-api.min.js:2
```
Extension seems to refer to CryptoTokenExtension.
### Possible fixes
Workaround: use firefox.
### Extra information
Before this error, I was having another one related to CSP not allowing inline hash in style. I worked around it by changing the following config:
```
"cspStyle": "'self' 'unsafe-inline'"
```
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2680
Proxy vhost's log does not get username/uid?
2021-12-23T11:55:37Z
Mathieu MD
Proxy vhost's log does not get username/uid?
### Concerned version
Version: %2.0.13
Platform: Nginx
### Summary
While the Portal does get the username/uid in the log (thanks to `log_format lm_app '$remote_addr - $upstream_http_lm_remote_user ...` configured), the Proxy does not...
### Concerned version
Version: %2.0.13
Platform: Nginx
### Summary
While the Portal does get the username/uid in the log (thanks to `log_format lm_app '$remote_addr - $upstream_http_lm_remote_user ...` configured), the Proxy does not.
```nginx
log_format lm_app '$remote_addr - $upstream_http_lm_remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_http_lm_remote_custom';
# Used in the access log settings:
# - Portal:
access_log /var/log/nginx/auth-test.example.com_access.log lm_app;
# - Proxy:
access_log /var/log/nginx/glpi-test.example.com_access.log lm_app;
```
Am I missing something, or is it a bug?
### Logs
```
# On the Portal
::ffff:10.1.2.3 - mathieu [22/Dec/2021:10:49:16 +0100] "GET /portal.css HTTP/2.0" 200 ...
^^^^^^^ Correct.
# On the Proxy (in the log of a vhosted app)
::ffff:10.1.2.3 - - [22/Dec/2021:10:50:15 +0100] "GET /front/central.php HTTP/2.0" 200 ...
^ Nothing here.
```
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2574
User not authentified after SAML redirect from SSO (azure entreprise applicat...
2021-08-03T08:25:32Z
Benjamin Demarteau
User not authentified after SAML redirect from SSO (azure entreprise application) to lemon
### Concerned version
Version: lemonldap-ng-1.9.22-1.el7.noarch
Platform: Apache
### Summary
We configured lemonldap to use an azure entreprise application as SAML identity provider. The user gets redirected there for authentication,...
### Concerned version
Version: lemonldap-ng-1.9.22-1.el7.noarch
Platform: Apache
### Summary
We configured lemonldap to use an azure entreprise application as SAML identity provider. The user gets redirected there for authentication, all is fine on the IdP side.
When they are redirected back to the portal though, they are not identified and thus, the portal redirects the user back to the IdP, looping until you stop it manually.
### Logs
```
[Fri Jul 30 12:09:35.599452 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Now using configuration: 224
[Fri Jul 30 12:09:35.606548 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Menu loaded
[Fri Jul 30 12:09:35.609161 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Display loaded
[Fri Jul 30 12:09:35.702006 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::AuthSAML loaded
[Fri Jul 30 12:09:35.704107 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::UserDBNull loaded
[Fri Jul 30 12:09:35.705649 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::PasswordDBNull loaded
[Fri Jul 30 12:09:35.707311 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::RegisterDBDemo loaded
[Fri Jul 30 12:09:35.707806 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module SAML
[Fri Jul 30 12:09:35.707840 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Found path ^/saml/
[Fri Jul 30 12:09:35.710409 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Path of current request is /saml/singleSignOn
[Fri Jul 30 12:09:35.722999 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::IssuerDBSAML loaded
[Fri Jul 30 12:09:35.723043 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] IssuerDB module SAML loaded
[Fri Jul 30 12:09:35.764447 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub controlUrlOrigin
[Fri Jul 30 12:09:35.764832 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Confirm parameter accepted -1
[Fri Jul 30 12:09:35.764881 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub checkNotifBack
[Fri Jul 30 12:09:35.764920 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub controlExistingSession
[Fri Jul 30 12:09:35.765055 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub issuerDBInit
[Fri Jul 30 12:09:35.765131 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Reset SAML configuration cache
[Fri Jul 30 12:09:35.765154 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML cache configuration: 224
[Fri Jul 30 12:09:35.765355 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Lasso thin-sessions flag set
[Fri Jul 30 12:09:35.765387 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML private encryption key not found in configuration, use private signature key
[Fri Jul 30 12:09:35.765422 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Certificate will be used in SAML responses
[Fri Jul 30 12:09:35.765437 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for this service
[Fri Jul 30 12:09:35.827575 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Service created
[Fri Jul 30 12:09:35.828156 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for SP GeoWoc
[Fri Jul 30 12:09:35.828823 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Set encryption mode none on SP GeoWoc
[Fri Jul 30 12:09:35.828861 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SP GeoWoc added
[Fri Jul 30 12:09:35.828879 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for SP OpenData
[Fri Jul 30 12:09:35.884478 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Set encryption mode none on SP OpenData
[Fri Jul 30 12:09:35.884544 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SP OpenData added
[Fri Jul 30 12:09:35.884564 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for SP PortailFute
[Fri Jul 30 12:09:35.899221 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Set encryption mode none on SP PortailFute
[Fri Jul 30 12:09:35.899264 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SP PortailFute added
[Fri Jul 30 12:09:35.899637 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Get Metadata for IDP azure-ad
[Fri Jul 30 12:09:35.952157 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Set encryption mode none on IDP azure-ad
[Fri Jul 30 12:09:35.952201 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: IDP azure-ad added
[Fri Jul 30 12:09:35.952897 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub authInit
[Fri Jul 30 12:09:35.952964 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML cache configuration: 224
[Fri Jul 30 12:09:35.952991 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Load IDPs from cache
[Fri Jul 30 12:09:35.953012 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub issuerForUnAuthUser
[Fri Jul 30 12:09:35.963976 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: URL /saml/singleSignOn detected as an SSO request URL
[Fri Jul 30 12:09:35.964143 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Hidden value xxxxxxxxx found for key lmhidden_SAMLResponse
[Fri Jul 30 12:09:35.964230 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Hidden value 3 found for key lmhidden_Method
[Fri Jul 30 12:09:35.964260 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Keep values from hidden fields
[Fri Jul 30 12:09:35.964357 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Store xxxxxxxxxxxxxxx
[Fri Jul 30 12:09:35.964443 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Store Mw== in hidden key lmhidden_Method
[Fri Jul 30 12:09:35.964666 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Authentication responses are not managed by this module
[Fri Jul 30 12:09:35.964795 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub extractFormInfo
[Fri Jul 30 12:09:35.966093 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub getIDP
[Fri Jul 30 12:09:35.966226 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Redirecting user to IDP list
[Fri Jul 30 12:09:36.662916 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Now using configuration: 224
[Fri Jul 30 12:09:36.663139 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Menu loaded
[Fri Jul 30 12:09:36.663240 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Display loaded
[Fri Jul 30 12:09:36.663378 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::AuthSAML loaded
[Fri Jul 30 12:09:36.663942 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::UserDBNull loaded
[Fri Jul 30 12:09:36.664466 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::PasswordDBNull loaded
[Fri Jul 30 12:09:36.665044 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::RegisterDBDemo loaded
[Fri Jul 30 12:09:36.665442 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module SAML
[Fri Jul 30 12:09:36.665468 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Found path ^/saml/
[Fri Jul 30 12:09:36.666181 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Path of current request is /saml/singleSignOn
[Fri Jul 30 12:09:36.666358 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::IssuerDBSAML loaded
[Fri Jul 30 12:09:36.666384 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] IssuerDB module SAML loaded
[Fri Jul 30 12:09:36.666775 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub controlUrlOrigin
[Fri Jul 30 12:09:36.666867 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Confirm parameter accepted 1
[Fri Jul 30 12:09:36.666899 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub checkNotifBack
[Fri Jul 30 12:09:36.666929 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub controlExistingSession
[Fri Jul 30 12:09:36.667011 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub issuerDBInit
[Fri Jul 30 12:09:36.667082 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML cache configuration: 224
[Fri Jul 30 12:09:36.667105 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Restore server from cache
[Fri Jul 30 12:09:36.897849 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Load SPs from cache
[Fri Jul 30 12:09:36.897930 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Load IDPs from cache
[Fri Jul 30 12:09:36.897962 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub authInit
[Fri Jul 30 12:09:36.897999 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SAML cache configuration: 224
[Fri Jul 30 12:09:36.898038 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Load IDPs from cache
[Fri Jul 30 12:09:36.898058 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub issuerForUnAuthUser
[Fri Jul 30 12:09:36.900302 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: URL /saml/singleSignOn detected as an SSO request URL
[Fri Jul 30 12:09:36.900447 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Hidden value xxxxxxxx found for key lmhidden_SAMLResponse
[Fri Jul 30 12:09:36.900522 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Hidden value 3 found for key lmhidden_Method
[Fri Jul 30 12:09:36.900549 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Keep values from hidden fields
[Fri Jul 30 12:09:36.900615 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Store xxxxxxxx
[Fri Jul 30 12:09:36.900723 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Store Mw== in hidden key lmhidden_Method
[Fri Jul 30 12:09:36.900820 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Authentication responses are not managed by this module
[Fri Jul 30 12:09:36.900862 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub extractFormInfo
[Fri Jul 30 12:09:36.902027 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub getIDP
[Fri Jul 30 12:09:36.902169 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Build cookie to remember https://sts.windows.net/xxxxxxxxxx/ as IDP choice
[Fri Jul 30 12:09:36.902498 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: https://sts.windows.net/xxxxxxxxxx/ match azure-ad IDP in configuration
[Fri Jul 30 12:09:36.902725 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Use method REDIRECT with IDP azure-ad for SSO profile
[Fri Jul 30 12:09:36.903603 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Use NameIDFormat urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
[Fri Jul 30 12:09:36.903800 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: SSO request signature according to metadata
[Fri Jul 30 12:09:36.907755 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Authentication request created
[Fri Jul 30 12:09:36.927299 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Keep request ID _4468037697CE9EC787888AE55F9ECC55 in assertion session 6f10ca9a419d23d69324bbed7101ac31eea1fd537695d802e2ff701d68a400d2
[Fri Jul 30 12:09:36.927405 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Redirect user to https://login.microsoftonline.com/xxxxxxxxxx/saml2?SAMLRequest=xxxxxxxxx
[Fri Jul 30 12:09:36.927449 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: processing to sub autoRedirect
[Fri Jul 30 12:09:36.927492 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Delete all hidden values
[Fri Jul 30 12:09:36.928232 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Creating a real Safe jail
[Fri Jul 30 12:09:36.928586 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Evaluate expression: 0
[Fri Jul 30 12:09:36.929094 2021] [perl:debug] [pid 39058] Lemonldap::NG::Portal::SharedConf: Evaluation result: 0
```
### Backends used
```
localStorage=Cache::FileCache
localSessionStorage=Cache::FileCache
```
### Possible fixes
I wish I knew
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2551
Bad encoding in session with LDAP backend and special characters
2021-07-18T17:49:47Z
Albert Rinceau
Bad encoding in session with LDAP backend and special characters
### Concerned version
Version: %2.0.11
Platform: Nginx
### Summary
Accents or special characters in attributes of LDAP userDB are not well displayed when saved into backend session.
I also looked into session DB directly, and charact...
### Concerned version
Version: %2.0.11
Platform: Nginx
### Summary
Accents or special characters in attributes of LDAP userDB are not well displayed when saved into backend session.
I also looked into session DB directly, and characters are not well encoded here too, then it's not a browser display problem I suppose.
### Logs
In session explorer but also in CAS tickets
```
for example "é" gives "é"
```
### Backends used
LDAP for Auth, UserDB and Session
### Possible fixes
Into /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm::setSessionInfo()
replacing
```
51: $req->sessionInfo->{$k} = $value;
```
by
```
51: $req->sessionInfo->{$k} = encode($value);
```
looks fixing the problem but cannot test with other session backends
I included the standard Encode library. Don't know if it was really necessary though
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2328
SAML: propagating SOAP single logout to relying party of relying party does n...
2021-07-09T09:44:09Z
Andreas Deschka
SAML: propagating SOAP single logout to relying party of relying party does not work
For testing I have setup 3 Lemonldaps (2.0.9) with docker-compose. The logout binding is SOAP.
```
lemonldap_1 --> lemonldap2_1 --> lemonldap4_1
```
The Urls are:
```
lemonldap_1: https://myportal.testsphbs-main.km20201-02.keymachine.de...
For testing I have setup 3 Lemonldaps (2.0.9) with docker-compose. The logout binding is SOAP.
```
lemonldap_1 --> lemonldap2_1 --> lemonldap4_1
```
The Urls are:
```
lemonldap_1: https://myportal.testsphbs-main.km20201-02.keymachine.de
lemonldap2_1: https://myportal.testsphbs-extension.km20201-02.keymachine.de
lemonldap4_1: https://myportal.testsphbs-extension-app.km20201-02.keymachine.de
```
Here are the configuration files:
[lmConf-main.json](/uploads/e45b44f760919a97facf9f0a21a74b63/lmConf-main.json),
[lmConf-extension.json](/uploads/6de560fd24584a3ca07ec1813a3f3c65/lmConf-extension.json),
[lmConf-extension-app.json](/uploads/f2b5b904c5041be7c828207288984b04/lmConf-extension-app.json)
When I start the logout in lemonldap_1 it gets propagated to lemonldap2_1. It is not propagated to lemonldap4_1. The
Maybe I did an error in the configuration. Or is there another way of how to achieve this? Should I use OIDC instead as the connection between lemonldap_1 and lemonldap2_1?
```
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Get session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8 from Handler::Main::Run
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Check session validity from Handler
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session timeout -> 72000
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session _utime -> 1601138177
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] now -> 1601138207
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session timeoutActivityInterval -> 60
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session TTL = 71970
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] No URL authentication level found...
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] myportal.testsphbs-main.km20201-02.keymachine.de: Apply default rule
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] removing cookie
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Cookies -> llnglanguage=de; lemonldap=afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] CookieName -> lemonldap
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] newCookies -> llnglanguage=de;
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] User dwho was granted to access to /?logout=1
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Start routing default route
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing importHandlerData
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing controlUrl
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing checkLogout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Launching ::Issuer::SAML::logout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Retrieve SAML session 2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] SAML session 2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8 deleted
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Retrieve SAML session 7082731f1d1d6902147f28969dcba040752a8e6102859a146b5904cce5dfc3dc
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] SAML session 7082731f1d1d6902147f28969dcba040752a8e6102859a146b5904cce5dfc3dc deleted
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap_1 | <NidAndSessionIndex ProviderID="https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata" AssertionID="_B56EC1EE38113E186B4BFC68FA10F1AB" SessionIndex="2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8">
lemonldap_1 | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID>
lemonldap_1 | </NidAndSessionIndex>
lemonldap_1 | </Session>
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Lasso Session loaded
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] SLO request signature according to metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] No logout request found, build it
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Request built for https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Keep request ID _C1F8376A7F764D275D70C9D3A4D8784B in assertion session 08354df8de62d51918c8a4419a5727f9a5fda66a3b9221a88d638d82f8a6430f
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Build SOAP relay logout request for https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Launching ::Issuer::CAS::logout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] No CAS session found for session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Launching ::Issuer::OpenIDConnect::logout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing authLogout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Cleaning pdata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Processing deleteSession
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Try to get SSO session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Get session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8 from Portal::Main::Run
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Return SSO session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Local handler logout
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [notice] User dwho has been disconnected from Demo (172.20.0.2)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] [notice] User dwho has been disconnected from Demo (172.20.0.2)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Session afc483772ab111708e242df37718182eaa13fd1234bdda7b4eec1bccb9d1e3f8 deleted from global storage
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Returned error: 47 (PE_LOGOUT_OK)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Display: info detected
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Hidden values :
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Skin returned: info
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Calling sendHtml with template info
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Required Params URL : https://myportal.testsphbs-main.km20201-02.keymachine.de/
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Set CSP form-action with Params URL : https://myportal.testsphbs-main.km20201-02.keymachine.de
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:46] [debug] Apply following CSP : default-src 'self' https:;img-src 'self' data: https: 'unsafe-inline';style-src 'self' https: 'unsafe-inline';font-src 'self' https:;connect-src 'self';script-src 'self';form-action 'self' https: https://myportal.testsphbs-main.km20201-02.keymachine.de;frame-ancestors 'self';
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /?logout=1 HTTP/1.1" 200 1965 "https://myportal.testsphbs-main.km20201-02.keymachine.de/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bootstrap/css/styles.min.css HTTP/1.1" 200 1785 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/bootstrap/dist/css/bootstrap.min.css HTTP/1.1" 200 159515 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 31000 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/jquery/dist/jquery.min.js HTTP/1.1" 200 89627 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/jquery-ui/jquery-ui.min.js HTTP/1.1" 200 256242 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/portal.css
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Redirect 172.20.0.2 to portal (url was /portal.css)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Start routing portal.css
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /portal.css HTTP/1.1" 200 23 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/jquery.cookie/jquery.cookie.min.js HTTP/1.1" 200 1379 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bootstrap/js/skin.min.js HTTP/1.1" 200 499 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/js/portal.min.js HTTP/1.1" 200 10326 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/bootstrap/dist/js/bootstrap.min.js HTTP/1.1" 200 59763 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/js/info.min.js HTTP/1.1" 200 447 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/index.psgi/psgi.js
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Redirect 172.20.0.2 to portal (url was /index.psgi/psgi.js)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:47] [debug] Start routing psgi.js
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /index.psgi/psgi.js HTTP/1.1" 200 205 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/logos/logo_llng_400px.png HTTP/1.1" 200 10704 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Redirect 172.20.0.2 to portal (url was /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Start routing saml
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] URL /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 detected as a SOAP relay service URL
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Found relay session 3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap_1 | <NidAndSessionIndex ProviderID="https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata" AssertionID="_B56EC1EE38113E186B4BFC68FA10F1AB" SessionIndex="2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8">
lemonldap_1 | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID>
lemonldap_1 | </NidAndSessionIndex>
lemonldap_1 | </Session>
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Lasso Session loaded
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] SLO request signature according to metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] No logout request found, build it
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Request built for https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Keep request ID _2B984823AE6188DDB73EBC444E2B87B8 in assertion session aa20c19b452188d84a763dfcf2a56001151a10623f532fd1a708f70ad84362a9
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Send SOAP logout request to https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Send SOAP message <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutRequest ID="_2B984823AE6188DDB73EBC444E2B87B8" Version="2.0" IssueInstant="2020-09-26T16:36:47Z" Destination="https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP"><saml:Issuer>https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
lemonldap_1 | <SignedInfo>
lemonldap_1 | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap_1 | <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
lemonldap_1 | <Reference URI="#_2B984823AE6188DDB73EBC444E2B87B8">
lemonldap_1 | <Transforms>
lemonldap_1 | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
lemonldap_1 | <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap_1 | </Transforms>
lemonldap_1 | <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
lemonldap_1 | <DigestValue>htGIBONqZloiigXc53BOyI1aE2s=</DigestValue>
lemonldap_1 | </Reference>
lemonldap_1 | </SignedInfo>
lemonldap_1 | <SignatureValue>GWrZ+K1177nOu/emTIPjpxvf3GS2ExpzoxwInL8DtTyKNWrXuOJX6pwdn47iepL4
lemonldap_1 | YkKL3k9IDH7LoK56BYS2whJUbci56Hd8Iylwrv4MBTh2VJNNcLstAmE4u8+FDPAZ
lemonldap_1 | 0G8G+qSelMMEFE6yW65mq6xAu6+ofY/nJ5gduEovNdUyOD8anG42tcEyutT7jT7J
lemonldap_1 | t4b9XiP/hsUiEvl1LAnYsNFAPW1ogQ4E8hrOC1TMNmEnzaoXu4M0wktlSv5xvX/9
lemonldap_1 | ++/DqfmD2lrhXQUm8YZ7xUTH9pUeOiBPvLkgDEJ7KH4CTCxdHpFUsaNBd2RJ50zM
lemonldap_1 | IY5oQc7fGVAw7C82hrkyew==</SignatureValue>
lemonldap_1 | <KeyInfo>
lemonldap_1 | <KeyValue>
lemonldap_1 | <RSAKeyValue>
lemonldap_1 | <Modulus>
lemonldap_1 | tJVrXzDTdvB5a1jPF+ielplr3ECP5AqxYO0iwy+wIYZQ47Y4zw1YDAtNk5IaQX0d
lemonldap_1 | 6T87HDZu5WtCEKz8BIsM5s2fpq55DhRZ8wE0kVARE5OuqpwcokE6ivTG/xCY0w9A
lemonldap_1 | qG+bWRcsvieaTmMYLIT/wRJvRozYGKBngAcnPElcbM+N+9u0qajjZ6+l4/dDDsYl
lemonldap_1 | xbKHvFn1+DrqeXROdiEy2Eu0ChyvgMzbX3brGaFE2VjqfjYw3QIdq+Iwcg/hxb8/
lemonldap_1 | aFCo64ewbDzR3PKq+iYpriEnrHIsdGfW21A0Sd7EGrx9bxttJ1YnOvoUEaK5EQ/F
lemonldap_1 | aDjME/naIZ0M0sdSqJBIOw==
lemonldap_1 | </Modulus>
lemonldap_1 | <Exponent>
lemonldap_1 | AQAB
lemonldap_1 | </Exponent>
lemonldap_1 | </RSAKeyValue>
lemonldap_1 | </KeyValue>
lemonldap_1 | </KeyInfo>
lemonldap_1 | </Signature><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID><samlp:SessionIndex>2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8</samlp:SessionIndex>
lemonldap_1 | </samlp:LogoutRequest></s:Body></s:Envelope> to https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1" 200 77160 "https://myportal.testsphbs-main.km20201-02.keymachine.de/static/bwr/font-awesome/css/font-awesome.min.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/bwr/bootstrap/dist/css/bootstrap.min.css.map HTTP/1.1" 200 641867 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get configuration from cache without verification.
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [info] No cookie found
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Build URL http://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Redirect 172.20.0.2 to portal (url was /saml/proxySingleLogoutSOAP)
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] User not authenticated, Try in use, cancel redirection
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Start routing saml
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Not seen as Issuer request, skipping
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing controlUrl
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::SAML::storeEnv
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::CAS::storeEnvAndCheckGateway
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Plugins::AutoSignin::check
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing extractFormInfo
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Choice 2_saml selected from /saml/proxySingleLogoutSOAP
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] URL /saml/proxySingleLogoutSOAP detected as an SLO URL
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SAML method: HTTP-SOAP
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutRequest ID="_2B984823AE6188DDB73EBC444E2B87B8" Version="2.0" IssueInstant="2020-09-26T16:36:47Z" Destination="https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP"><saml:Issuer>https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
lemonldap2_1 | <SignedInfo>
lemonldap2_1 | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap2_1 | <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
lemonldap2_1 | <Reference URI="#_2B984823AE6188DDB73EBC444E2B87B8">
lemonldap2_1 | <Transforms>
lemonldap2_1 | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
lemonldap2_1 | <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap2_1 | </Transforms>
lemonldap2_1 | <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
lemonldap2_1 | <DigestValue>htGIBONqZloiigXc53BOyI1aE2s=</DigestValue>
lemonldap2_1 | </Reference>
lemonldap2_1 | </SignedInfo>
lemonldap2_1 | <SignatureValue>GWrZ+K1177nOu/emTIPjpxvf3GS2ExpzoxwInL8DtTyKNWrXuOJX6pwdn47iepL4
lemonldap2_1 | YkKL3k9IDH7LoK56BYS2whJUbci56Hd8Iylwrv4MBTh2VJNNcLstAmE4u8+FDPAZ
lemonldap2_1 | 0G8G+qSelMMEFE6yW65mq6xAu6+ofY/nJ5gduEovNdUyOD8anG42tcEyutT7jT7J
lemonldap2_1 | t4b9XiP/hsUiEvl1LAnYsNFAPW1ogQ4E8hrOC1TMNmEnzaoXu4M0wktlSv5xvX/9
lemonldap2_1 | ++/DqfmD2lrhXQUm8YZ7xUTH9pUeOiBPvLkgDEJ7KH4CTCxdHpFUsaNBd2RJ50zM
lemonldap2_1 | IY5oQc7fGVAw7C82hrkyew==</SignatureValue>
lemonldap2_1 | <KeyInfo>
lemonldap2_1 | <KeyValue>
lemonldap2_1 | <RSAKeyValue>
lemonldap2_1 | <Modulus>
lemonldap2_1 | tJVrXzDTdvB5a1jPF+ielplr3ECP5AqxYO0iwy+wIYZQ47Y4zw1YDAtNk5IaQX0d
lemonldap2_1 | 6T87HDZu5WtCEKz8BIsM5s2fpq55DhRZ8wE0kVARE5OuqpwcokE6ivTG/xCY0w9A
lemonldap2_1 | qG+bWRcsvieaTmMYLIT/wRJvRozYGKBngAcnPElcbM+N+9u0qajjZ6+l4/dDDsYl
lemonldap2_1 | xbKHvFn1+DrqeXROdiEy2Eu0ChyvgMzbX3brGaFE2VjqfjYw3QIdq+Iwcg/hxb8/
lemonldap2_1 | aFCo64ewbDzR3PKq+iYpriEnrHIsdGfW21A0Sd7EGrx9bxttJ1YnOvoUEaK5EQ/F
lemonldap2_1 | aDjME/naIZ0M0sdSqJBIOw==
lemonldap2_1 | </Modulus>
lemonldap2_1 | <Exponent>
lemonldap2_1 | AQAB
lemonldap2_1 | </Exponent>
lemonldap2_1 | </RSAKeyValue>
lemonldap2_1 | </KeyValue>
lemonldap2_1 | </KeyInfo>
lemonldap2_1 | </Signature><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID><samlp:SessionIndex>2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8</samlp:SessionIndex>
lemonldap2_1 | </samlp:LogoutRequest></s:Body></s:Envelope>
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Logout request is valid
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Destination https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP found in SAML message
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Destination match URL https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/proxySingleLogoutSOAP
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Found entityID https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata in SAML message
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata match testsphbs-main IDP in configuration
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Signature is valid
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Logout request NameID content: dwho@badwolf.org
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Retrieve SAML session 6735226b8175457289d57e8a310da5edb5f1ad19f05e9d88adb8d33d50785dd1 for user dwho@badwolf.org
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Try to get SSO session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310 from Portal::Main::Run
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Return SSO session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get Lasso::Session dump from session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Delete SAML session 6735226b8175457289d57e8a310da5edb5f1ad19f05e9d88adb8d33d50785dd1 result: 1
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap2_1 | <NidAndSessionIndex ProviderID="https://myportal.testsphbs-main.km20201-02.keymachine.de/saml/metadata" AssertionID="_B56EC1EE38113E186B4BFC68FA10F1AB" SessionIndex="2ae170cc6195c11600759e054274bfff948dcad0ddc4b028b4c704d342035ad8">
lemonldap2_1 | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID>
lemonldap2_1 | </NidAndSessionIndex>
lemonldap2_1 | </Session>
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SLO message to IDP testsphbs-main signature according to metadata
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SOAP response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutResponse ID="_921B512282D8FB8D3DF8952C35AC7B03" InResponseTo="_2B984823AE6188DDB73EBC444E2B87B8" Version="2.0" IssueInstant="2020-09-26T16:36:47Z"><saml:Issuer>https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
lemonldap2_1 | <SignedInfo>
lemonldap2_1 | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap2_1 | <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
lemonldap2_1 | <Reference URI="#_921B512282D8FB8D3DF8952C35AC7B03">
lemonldap2_1 | <Transforms>
lemonldap2_1 | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
lemonldap2_1 | <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap2_1 | </Transforms>
lemonldap2_1 | <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
lemonldap2_1 | <DigestValue>GHFw84NAptHWztr4OrG5maoKJAc=</DigestValue>
lemonldap2_1 | </Reference>
lemonldap2_1 | </SignedInfo>
lemonldap2_1 | <SignatureValue>XS0NRJ9vH+VinDccCoiwGcCJhjabRecNmsv5FwpS7mgbEhuuu6BnC1vfvHSTRiWl
lemonldap2_1 | W3O6E6DVkqoMHWCo7JHCSK3oHOz6CnvPH12HPzCvFAfjyd5J+ZV4jh7rh5K2uLRc
lemonldap2_1 | xFLz6taH3eIZDDiUSce7+krLTK2Pa3YSp6oR+zmUTTq11Vx5Bdo8zHXVMSPO6rLQ
lemonldap2_1 | JF8767aZP2JrKXuV2DSHskz+FMjwrPFFVClbGld7/T0gBVI2Nq0ymF3LHubgcndj
lemonldap2_1 | eUjEBheyVpOKJ3OyX/sJYEizOxhSgw/i6TfX3CCrDY70x3Nk/b+fQFRf9l4rO8g7
lemonldap2_1 | cyFxUYzPpbDxDY5rZx87Dw==</SignatureValue>
lemonldap2_1 | <KeyInfo>
lemonldap2_1 | <KeyValue>
lemonldap2_1 | <RSAKeyValue>
lemonldap2_1 | <Modulus>
lemonldap2_1 | tJVrXzDTdvB5a1jPF+ielplr3ECP5AqxYO0iwy+wIYZQ47Y4zw1YDAtNk5IaQX0d
lemonldap2_1 | 6T87HDZu5WtCEKz8BIsM5s2fpq55DhRZ8wE0kVARE5OuqpwcokE6ivTG/xCY0w9A
lemonldap2_1 | qG+bWRcsvieaTmMYLIT/wRJvRozYGKBngAcnPElcbM+N+9u0qajjZ6+l4/dDDsYl
lemonldap2_1 | xbKHvFn1+DrqeXROdiEy2Eu0ChyvgMzbX3brGaFE2VjqfjYw3QIdq+Iwcg/hxb8/
lemonldap2_1 | aFCo64ewbDzR3PKq+iYpriEnrHIsdGfW21A0Sd7EGrx9bxttJ1YnOvoUEaK5EQ/F
lemonldap2_1 | aDjME/naIZ0M0sdSqJBIOw==
lemonldap2_1 | </Modulus>
lemonldap2_1 | <Exponent>
lemonldap2_1 | AQAB
lemonldap2_1 | </Exponent>
lemonldap2_1 | </RSAKeyValue>
lemonldap2_1 | </KeyValue>
lemonldap2_1 | </KeyInfo>
lemonldap2_1 | </Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Auth::Choice::_beforeLogout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [warn] Missing _choice key in session
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] [warn] Missing _choice key in session
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::UserDB::Choice::_beforeLogout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [warn] Missing _choice key in session
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] [warn] Missing _choice key in session
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::SAML::logout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Retrieve SAML session 3a029b739894528b8f777f24562a8e87a8a4fc338c0ffb3850741f2a579f0034
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SAML session 3a029b739894528b8f777f24562a8e87a8a4fc338c0ffb3850741f2a579f0034 deleted
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Retrieve SAML session 05097a89d04d4148c706e9b71ea825f3539efd090aeb9967796dc47751f37d38
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SAML session 05097a89d04d4148c706e9b71ea825f3539efd090aeb9967796dc47751f37d38 deleted
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap2_1 | <NidAndSessionIndex ProviderID="https://myportal.testsphbs-extension-app.km20201-02.keymachine.de/saml/metadata" AssertionID="_8AEE804C05B048113522EED9183CCE3E" SessionIndex="05097a89d04d4148c706e9b71ea825f3539efd090aeb9967796dc47751f37d38">
lemonldap2_1 | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dwho@badwolf.org</saml:NameID>
lemonldap2_1 | </NidAndSessionIndex>
lemonldap2_1 | </Session>
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Lasso Session loaded
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] SLO request signature according to metadata
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] No logout request found, build it
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Request built for https://myportal.testsphbs-extension-app.km20201-02.keymachine.de/saml/metadata
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Keep request ID _D69F8ED59176CA4F3AA00D3EFDAE2764 in assertion session cb8fe326fcacae59dc74c97d3e3f0140b6b24654646bc82c0941d6ab6dc553f3
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Build SOAP relay logout request for https://myportal.testsphbs-extension-app.km20201-02.keymachine.de/saml/metadata
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::CAS::logout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] No CAS session found for session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Launching ::Issuer::OpenIDConnect::logout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Processing code ref
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Try to get SSO session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Get session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310 from Portal::Main::Run
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Return SSO session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Local handler logout
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [notice] User dwho@testsphbs-main has been disconnected from SAML (172.20.0.2)
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] [notice] User dwho@testsphbs-main has been disconnected from SAML (172.20.0.2)
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Session 71d61d55ee490967dcab65c4043dd4b5a21f03a792fd714b0ea6760727ba9310 deleted from global storage
lemonldap2_1 | [Sat Sep 26 16:36:47 2020] [LLNG:49] [debug] Returned status: -4 (PE_SENDRESPONSE)
lemonldap2_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "POST /saml/proxySingleLogoutSOAP HTTP/1.1" 200 2041 "-" "libwww-perl/6.15"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Get response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutResponse ID="_921B512282D8FB8D3DF8952C35AC7B03" InResponseTo="_2B984823AE6188DDB73EBC444E2B87B8" Version="2.0" IssueInstant="2020-09-26T16:36:47Z"><saml:Issuer>https://myportal.testsphbs-extension.km20201-02.keymachine.de/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
lemonldap_1 | <SignedInfo>
lemonldap_1 | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap_1 | <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
lemonldap_1 | <Reference URI="#_921B512282D8FB8D3DF8952C35AC7B03">
lemonldap_1 | <Transforms>
lemonldap_1 | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
lemonldap_1 | <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
lemonldap_1 | </Transforms>
lemonldap_1 | <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
lemonldap_1 | <DigestValue>GHFw84NAptHWztr4OrG5maoKJAc=</DigestValue>
lemonldap_1 | </Reference>
lemonldap_1 | </SignedInfo>
lemonldap_1 | <SignatureValue>XS0NRJ9vH+VinDccCoiwGcCJhjabRecNmsv5FwpS7mgbEhuuu6BnC1vfvHSTRiWl
lemonldap_1 | W3O6E6DVkqoMHWCo7JHCSK3oHOz6CnvPH12HPzCvFAfjyd5J+ZV4jh7rh5K2uLRc
lemonldap_1 | xFLz6taH3eIZDDiUSce7+krLTK2Pa3YSp6oR+zmUTTq11Vx5Bdo8zHXVMSPO6rLQ
lemonldap_1 | JF8767aZP2JrKXuV2DSHskz+FMjwrPFFVClbGld7/T0gBVI2Nq0ymF3LHubgcndj
lemonldap_1 | eUjEBheyVpOKJ3OyX/sJYEizOxhSgw/i6TfX3CCrDY70x3Nk/b+fQFRf9l4rO8g7
lemonldap_1 | cyFxUYzPpbDxDY5rZx87Dw==</SignatureValue>
lemonldap_1 | <KeyInfo>
lemonldap_1 | <KeyValue>
lemonldap_1 | <RSAKeyValue>
lemonldap_1 | <Modulus>
lemonldap_1 | tJVrXzDTdvB5a1jPF+ielplr3ECP5AqxYO0iwy+wIYZQ47Y4zw1YDAtNk5IaQX0d
lemonldap_1 | 6T87HDZu5WtCEKz8BIsM5s2fpq55DhRZ8wE0kVARE5OuqpwcokE6ivTG/xCY0w9A
lemonldap_1 | qG+bWRcsvieaTmMYLIT/wRJvRozYGKBngAcnPElcbM+N+9u0qajjZ6+l4/dDDsYl
lemonldap_1 | xbKHvFn1+DrqeXROdiEy2Eu0ChyvgMzbX3brGaFE2VjqfjYw3QIdq+Iwcg/hxb8/
lemonldap_1 | aFCo64ewbDzR3PKq+iYpriEnrHIsdGfW21A0Sd7EGrx9bxttJ1YnOvoUEaK5EQ/F
lemonldap_1 | aDjME/naIZ0M0sdSqJBIOw==
lemonldap_1 | </Modulus>
lemonldap_1 | <Exponent>
lemonldap_1 | AQAB
lemonldap_1 | </Exponent>
lemonldap_1 | </RSAKeyValue>
lemonldap_1 | </KeyValue>
lemonldap_1 | </KeyInfo>
lemonldap_1 | </Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Store SLO status for testsphbs-extension in session
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Logout response is valid
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Store SLO status for testsphbs-extension in session
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:45] [debug] Display OK status for SLO on testsphbs-extension
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 HTTP/1.1" 302 5 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET //static/common/icons/ok.png HTTP/1.1" 200 1164 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Redirect 172.20.0.2 to portal (url was /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800)
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] Start routing saml
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] URL /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 detected as a SOAP relay service URL
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [warn] SAML session 3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 isn't yet available
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [debug] [warn] SAML session 3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 isn't yet available
lemonldap_1 | [Sat Sep 26 16:36:47 2020] [LLNG:50] [error] Could not get relay session 3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /saml/relaySingleLogoutSOAP?relay=3d4be839797a196f1ea4e370131ad18ef59ce971f5a5dcd8773b1df92b6ab800 HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/languages/de.json HTTP/1.1" 200 15665 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/fr.png HTTP/1.1" 200 148 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/en.png HTTP/1.1" 200 336 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/it.png HTTP/1.1" 200 158 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/vi.png HTTP/1.1" 200 272 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/ar.png HTTP/1.1" 200 847 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/tr.png HTTP/1.1" 200 8617 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/fi.png HTTP/1.1" 200 321 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/de.png HTTP/1.1" 200 264 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | 172.20.0.2 - - [26/Sep/2020:16:36:47 +0000] "GET /static/common/pl.png HTTP/1.1" 200 1622 "https://myportal.testsphbs-main.km20201-02.keymachine.de/?logout=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Get configuration from cache without verification.
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [info] No cookie found
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Build URL http://myportal.testsphbs-main.km20201-02.keymachine.de/?skin=bootstrap
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Redirect 172.20.0.2 to portal (url was /?skin=bootstrap)
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Start routing default route
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing controlUrl
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Launching ::Issuer::SAML::storeEnv
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Launching ::Issuer::CAS::storeEnvAndCheckGateway
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing code ref
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Launching ::Plugins::AutoSignin::check
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Processing extractFormInfo
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Returned error: 9 (PE_FIRSTACCESS)
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Display type standardform
lemonldap_1 | [Sat Sep 26 16:37:17 2020] [LLNG:44] [debug] Skin returned: login]
```
FAQ
dcoutadeur dcoutadeur
dcoutadeur dcoutadeur