lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-05-18T05:17:10Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/167Bug with trunk installed from scratch2018-05-18T05:17:10ZClément OUDOTBug with trunk installed from scratchI tried a fresh new install, and I have this error:
{panel:title=Apache error log}
Warning: key is not defined, set it in the manager !
[Thu Sep 23 11:48:38 2010] [error] Can't use an undefined value as a HASH reference at /usr/local/sh...I tried a fresh new install, and I have this error:
{panel:title=Apache error log}
Warning: key is not defined, set it in the manager !
[Thu Sep 23 11:48:38 2010] [error] Can't use an undefined value as a HASH reference at /usr/local/share/perl/5.10.1/Lemonldap/NG/Portal/SharedConf.pm line 43.\n
{panel}1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/169IssuerDB CAS : ticket is added 2 times in URL with a service URL containing p...2018-05-18T05:17:10ZClément OUDOTIssuerDB CAS : ticket is added 2 times in URL with a service URL containing parametersFor example :
[Thu Sep 23 14:56:03 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: CAS service session 622b438c43abf357d6799a99cda862de created
[Thu Sep 23 14:56:03 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedCon...For example :
[Thu Sep 23 14:56:03 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: CAS service session 622b438c43abf357d6799a99cda862de created
[Thu Sep 23 14:56:03 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Redirect user to http://auth.vm1.lemonsaml.linagora.com/?lmAuth=3CAS&ticket=ST-622b438c43abf357d6799a99cda862de?ticket=ST-622b438c43abf357d6799a99cda862de
1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/170SAML: artifact resolution URL is not in authForce method2018-05-18T05:17:10ZClément OUDOTSAML: artifact resolution URL is not in authForce methodThis does not allow an IDP to get artifact response with AuthChoice on SPThis does not allow an IDP to get artifact response with AuthChoice on SP1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/172Google Apps SSO not working with Lasso 2.3.22018-05-18T05:17:10ZClément OUDOTGoogle Apps SSO not working with Lasso 2.3.2After Lasso update (to stable version 2.3.2), I cannot log into Google Apps via SAML:
{panel:title=Apache error log}
[Mon Sep 27 09:32:26 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: URL https://auth.vm2.lemonsaml.linago...After Lasso update (to stable version 2.3.2), I cannot log into Google Apps via SAML:
{panel:title=Apache error log}
[Mon Sep 27 09:32:26 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: URL https://auth.vm2.lemonsaml.linagora.com/saml/singleSignOn detected as an SSO request URL
[Mon Sep 27 09:32:26 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SAML method: HTTP-REDIRECT
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Found entityID google.com in SAML message
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: google.com match GoogleApps SP in configuration
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Message signature will not be checked
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SSO: authentication request is valid
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Found ForceAuthn flag with value 0
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: No ForceAuthn session found for session 4f6f53749f4433443af8dae49c8909d5
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: No Destination in SAML message
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Authentication context is urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Convert timestamp 1285572739 in SAML2 date: 2010-09-27T07:32:19Z
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Convert timestamp 1285644739 in SAML2 date: 2010-09-28T03:32:19Z
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SSO: assertion is built
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Get NameID format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified from request
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: NameID Format is urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: NameID Content is lemonsaml@linid.org
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SAML2 attribute uid is not mandatory
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Set sessionIndex ugCc3UEY0612JizCi2TvUKn4jydVxivky3RGw99hfhfkGq53XsikHc2WGP2ZOikj (encrypted from 4f6f53749f4433443af8dae49c8909d5)
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Convert timestamp 1285644739 in SAML2 date: 2010-09-28T03:32:19Z
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Set sessionNotOnOrAfter 2010-09-28T03:32:19Z
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: SSO response will be signed
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-09-27 09:32:27\tcan't find assertion consumer service url (going for default)
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-09-27 09:32:27 (profile.c/:1242) Unable to find Profile URL in metadata
[Mon Sep 27 09:32:27 2010] [debug] CGI.pm(92): Lemonldap::NG::Portal::SharedConf: Lasso error code -410: Unable to find Profile URL in metadata
[Mon Sep 27 09:32:27 2010] [error] Unable to build SSO response message
{panel}
Registered metadata:
{panel:Google Apps metadata}
<md:EntityDescriptor entityID="google.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.google.com/a/linid.org/acs" index="0" />
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
</SPSSODescriptor>
</md:EntityDescriptor>
{panel}1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/177OpenID provider cache login/password information: cannot login after bad pass...2018-05-18T05:17:11ZClément OUDOTOpenID provider cache login/password information: cannot login after bad passwordOpenID issuer module use lmHiddenFields to cache all fields on login form. But this includes login/password. Consequence: if I submit a bad password, it is always resubmitted and auth always fail.OpenID issuer module use lmHiddenFields to cache all fields on login form. But this includes login/password. Consequence: if I submit a bad password, it is always resubmitted and auth always fail.1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/178Use same Apache conf files for default and Debian install2018-05-18T05:17:11ZYaddUse same Apache conf files for default and Debian installFor now, Debian use files in "debian" dir. This has to be change to use those in "_example" dirFor now, Debian use files in "debian" dir. This has to be change to use those in "_example" dir1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/179OpenID provider does not honor SREG request if only optional attributes2018-05-18T05:17:11ZClément OUDOTOpenID provider does not honor SREG request if only optional attributesThis only works if some attributes are mandatory. Found the bug in SREG.pm, will commit patch soon.This only works if some attributes are mandatory. Found the bug in SREG.pm, will commit patch soon.1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/182Pages displayed by confirm return a 500 error under cgi-script2018-05-18T05:17:11ZYaddPages displayed by confirm return a 500 error under cgi-scriptUsing HTTPfox, I've seen that confirm pages displayed by removeOther (perhaps other confirm pages) generates the good page but with a 500 error under "SetHandler cgi-script". Nothing is displayed in error.log and all is good using "SetHa...Using HTTPfox, I've seen that confirm pages displayed by removeOther (perhaps other confirm pages) generates the good page but with a 500 error under "SetHandler cgi-script". Nothing is displayed in error.log and all is good using "SetHandler perl-script".1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/186CAS Issuer parameters in Manager2018-05-18T05:17:11ZClément OUDOTCAS Issuer parameters in Manager1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/190Display must display the menu when process() returns an eror but user is auth...2018-05-18T05:17:11ZYaddDisplay must display the menu when process() returns an eror but user is authenticatedWHen an issuerDB module (for example) returns an error, form authentication is promted. Display.pm has to change that (when $self->{id} is set)
WHen an issuerDB module (for example) returns an error, form authentication is promted. Display.pm has to change that (when $self->{id} is set)
1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/191Use persistent storage for SAML persistent NameID2018-05-18T05:17:11ZClément OUDOTUse persistent storage for SAML persistent NameIDWe now have a persistent storage (thanks to Xavier) that we can use to manage SAML persistent NameID. Sample code can be seen in OpenID Issuer module.We now have a persistent storage (thanks to Xavier) that we can use to manage SAML persistent NameID. Sample code can be seen in OpenID Issuer module.1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/194Delete AuthLA2018-05-18T05:17:11ZYaddDelete AuthLAAuthLA is no more maintained and has to be removedAuthLA is no more maintained and has to be removed1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/195Anti-frame2018-05-18T05:17:12ZYaddAnti-frameTo avoid some attacks, we have to test window.parent() and change document.location.href to avoid being a frame (portal.js)To avoid some attacks, we have to test window.parent() and change document.location.href to avoid being a frame (portal.js)1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/199Require Lasso 2.3.0 for SAML2018-05-18T05:17:12ZClément OUDOTRequire Lasso 2.3.0 for SAML1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/200Restore persistent session does not work if whatToTrace is a macro2018-05-18T05:17:12ZClément OUDOTRestore persistent session does not work if whatToTrace is a macroPersitent data are restored in setSessionInfo, which occurs before setMacro, so we cannot recover persistent data if whatToTrace is a macro.
We should maybe add a process step 'setPersistentSessionInfo', juste before the step 'store'.
Persitent data are restored in setSessionInfo, which occurs before setMacro, so we cannot recover persistent data if whatToTrace is a macro.
We should maybe add a process step 'setPersistentSessionInfo', juste before the step 'store'.
1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/201OpenID tests are not correctly skipped if no OpenID module2018-05-18T05:17:12ZClément OUDOTOpenID tests are not correctly skipped if no OpenID moduleSome OpenID tests fail with no OpenID module
{panel:title=Console output}
t/27-Lemonldap-NG-Portal-AuthOpenID........ok
1/1 skipped: various reasons
t/27-Lemonldap-NG-Portal-IssuerDBOpenID....# Looks like you planned 14 tests bu...Some OpenID tests fail with no OpenID module
{panel:title=Console output}
t/27-Lemonldap-NG-Portal-AuthOpenID........ok
1/1 skipped: various reasons
t/27-Lemonldap-NG-Portal-IssuerDBOpenID....# Looks like you planned 14 tests but
only ran 2.
dubious
Test returned status 255 (wstat 65280, 0xff00)
DIED. FAILED tests 3-14
Failed 12/14 tests, 14.29% okay (less 2 skipped tests: 0 okay, 0.00%)
t/27-Lemonldap-NG-Portal-UserDBOpenID......ok
2/2 skipped: various reasons
{panel}1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/202searchOn no working with SAML and Apache::Session::File2018-05-18T05:17:12ZClément OUDOTsearchOn no working with SAML and Apache::Session::FileI have this in error.log:
{panel}
[Mon Oct 18 17:09:27 2010] [error] Can't locate object method "searchOn" via package "Apache::Session::File" at /usr/local/share/perl/5.10.0/Lemonldap/NG/Portal/IssuerDBSAML.pm line 1240.\n
{panel}
I have this in error.log:
{panel}
[Mon Oct 18 17:09:27 2010] [error] Can't locate object method "searchOn" via package "Apache::Session::File" at /usr/local/share/perl/5.10.0/Lemonldap/NG/Portal/IssuerDBSAML.pm line 1240.\n
{panel}
1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/206Upgrade spec file to build RPMs for 1.002018-05-18T05:17:12ZClément OUDOTUpgrade spec file to build RPMs for 1.001.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/207Confirm stamp is not used everywhere in SAML IDP selection2018-05-18T05:17:12ZClément OUDOTConfirm stamp is not used everywhere in SAML IDP selection{panel}
Argument "" isn't numeric in subtraction (-) at /usr/local/share/perl/5.10.1/Lemonldap/NG/Portal/Simple.pm line 1297.
[Thu Oct 21 15:20:15 2010] [debug] CGI.pm(98): /usr/local/share/perl/5.10.1/Lemonldap/NG/Portal/Simple.pm 1303:...{panel}
Argument "" isn't numeric in subtraction (-) at /usr/local/share/perl/5.10.1/Lemonldap/NG/Portal/Simple.pm line 1297.
[Thu Oct 21 15:20:15 2010] [debug] CGI.pm(98): /usr/local/share/perl/5.10.1/Lemonldap/NG/Portal/Simple.pm 1303:
[Thu Oct 21 15:20:15 2010] [notice] Confirmation to old, refused
{panel}1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/210Ajax request in menu to check if session is always available2018-05-18T05:17:12ZYaddAjax request in menu to check if session is always availableThe idea is to make Ajax request each minute in the menu to check if session is always available. If not, refresh pageThe idea is to make Ajax request each minute in the menu to check if session is always available. If not, refresh page1.0