lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2017-11-08T16:01:45Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2[SAML] Attribute authority2017-11-08T16:01:45ZClément OUDOT[SAML] Attribute authorityLemonLDAP::NG IDP will also be an SAML2 attribute authority.LemonLDAP::NG IDP will also be an SAML2 attribute authority.1.0-rc2https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3[SAML] Attribute authority declaration in metadata2017-11-08T16:01:43ZClément OUDOT[SAML] Attribute authority declaration in metadata1.0-rc2https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/8Publish WSDL for SOAP services2018-09-27T04:09:56ZClément OUDOTPublish WSDL for SOAP servicesWSDL should be published trough HTTP, like http://auth.example.com/index.pl?wsdlWSDL should be published trough HTTP, like http://auth.example.com/index.pl?wsdl2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/13Check that authLogout is well managed in AuthMulti2017-11-08T11:36:24ZClément OUDOTCheck that authLogout is well managed in AuthMultiThe logout process call authLogout method from the authentication module. We should test how this works with AuthMulti.The logout process call authLogout method from the authentication module. We should test how this works with AuthMulti.1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/14Use CSS framework for templates2017-11-08T11:36:24ZClément OUDOTUse CSS framework for templatesFor example YAML : http://www.yaml.de/en/home.htmlFor example YAML : http://www.yaml.de/en/home.html1.4.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/16Use parameterized statements in DBI to prevent SQL injection2017-11-08T16:02:10ZClément OUDOTUse parameterized statements in DBI to prevent SQL injectionMore info here:
http://en.wikipedia.org/wiki/SQL_injection#Parameterized_statementsMore info here:
http://en.wikipedia.org/wiki/SQL_injection#Parameterized_statements1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/18[SAML] Common domain cookie support2017-11-08T16:02:05ZClément OUDOT[SAML] Common domain cookie supportThis should be implemented for 1.0 because it is required for IDP Lite SAML2 conformanceThis should be implemented for 1.0 because it is required for IDP Lite SAML2 conformance1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/19Select authentication module on authentication portal2017-11-08T16:02:00ZClément OUDOTSelect authentication module on authentication portalWe should be able to propose multiple authentication scheme so the user can choose how to log.
For example, we should let the user choose to use OpenID, SAML or a local authentication.
We can try to map each authentication shema to a U...We should be able to propose multiple authentication scheme so the user can choose how to log.
For example, we should let the user choose to use OpenID, SAML or a local authentication.
We can try to map each authentication shema to a URI :
* http://auth.example.com/openid
* http://auth.example.com/saml
* http://auth.example.com/ldap
Depending on the URI, portal will choose its auth module. If no auth module in uri, it will propose known authentication methods
1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/21Special characters from SAML attribute statement are not well encoded2017-11-08T16:01:40ZClément OUDOTSpecial characters from SAML attribute statement are not well encodedSAML attributes are not automatically encoded in UTF-8. We should maybe check this before register them into session.
This can be tested by using AuthSAML with an IDP sending attributes values containing accentsSAML attributes are not automatically encoded in UTF-8. We should maybe check this before register them into session.
This can be tested by using AuthSAML with an IDP sending attributes values containing accents1.0-rc2https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/25Provide authorized application trough SOAP2017-11-08T16:02:05ZClément OUDOTProvide authorized application trough SOAPI want to be able to request by SOAP the portal, in order to get all authorized applications. This SOAP call can then be run from a portlet, to be included in Liferay for example.I want to be able to request by SOAP the portal, in order to get all authorized applications. This SOAP call can then be run from a portlet, to be included in Liferay for example.1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/26Auto-register page2017-11-08T16:03:52ZClément OUDOTAuto-register pageWe can provide a page to allow a new user to register and then get access to the portal.
* Create a register form
* Store the user infos in a temporary session
* Send a confirmation link to the user
* Create user in userDB after confirm...We can provide a page to allow a new user to register and then get access to the portal.
* Create a register form
* Store the user infos in a temporary session
* Send a confirmation link to the user
* Create user in userDB after confirmation1.4.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/27OpenID provider2017-11-08T11:36:31ZClément OUDOTOpenID providerModule IssuerDBOpenID.pmModule IssuerDBOpenID.pm1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/28Read user information from OpenID provider2017-11-08T16:02:00ZClément OUDOTRead user information from OpenID providerThis should be implemented in UserDBOpenID.pmThis should be implemented in UserDBOpenID.pm1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/29Improve application menu configuration2017-11-08T16:02:02ZClément OUDOTImprove application menu configurationApplication list in menu is not very easy to configure (it's a big hash in lemonldap-ng.ini).
We have to discuss on how manage application list in our next stable version. It seems it's maybe not a good practice to pass HTML code to tem...Application list in menu is not very easy to configure (it's a big hash in lemonldap-ng.ini).
We have to discuss on how manage application list in our next stable version. It seems it's maybe not a good practice to pass HTML code to templates. We should rather have methods that will return all authorized applications for a category.
We have maybe to simplify how application list can be build. For example, Myabe we should only accept 1 or 2 levels of category. Same idea, is this mandatory to have applications under applications? If we restrict this, it could be then easier to configure from a graphical point of view.1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/30[SAML] Unit tests2017-11-08T11:36:31ZClément OUDOT[SAML] Unit testsWe should provide unit tests (*.t) for SAML modulesWe should provide unit tests (*.t) for SAML modules1.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/31[SAML] Proxy IDP2017-11-08T16:01:52ZClément OUDOT[SAML] Proxy IDPWe can configure LemonLDAP::NG as SP and IdP. We have to work on some functionnalities to be full proxy IDP compliany :
* Reuse authnStatement from SP in IDP
* Check proxyCount and other proxy conditionsWe can configure LemonLDAP::NG as SP and IdP. We have to work on some functionnalities to be full proxy IDP compliany :
* Reuse authnStatement from SP in IDP
* Check proxyCount and other proxy conditions1.0-rc2https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/32[SAML] Manage Artifact methods for SAML messages emission in SP2017-11-08T16:01:51ZClément OUDOT[SAML] Manage Artifact methods for SAML messages emission in SPSP know how to handle an artifact in a received SAML message, but do not know how to send its messages trought artifact methodsSP know how to handle an artifact in a received SAML message, but do not know how to send its messages trought artifact methods1.0-rc2https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/33[SAML] Check "Destination" attribute2017-11-08T11:36:31ZClément OUDOT[SAML] Check "Destination" attributeSAML messages can carry a "Destination" attribute. We should check that its value is the authentication portal URL.SAML messages can carry a "Destination" attribute. We should check that its value is the authentication portal URL.1.0-rc2https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/34[SAML] Check authn request conditions in IDP2019-11-21T16:45:08ZClément OUDOT[SAML] Check authn request conditions in IDPClément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/35[SAML] Manage SLO trough SOAP2017-11-08T15:56:41ZClément OUDOT[SAML] Manage SLO trough SOAPThe idea is to use images that will call a script on the portal. This script will manage SLO SOAP request and catch the response.
We should use a special SLO cookie, so that script is aware of which user is asking SLO. This can't be the...The idea is to use images that will call a script on the portal. This script will manage SLO SOAP request and catch the response.
We should use a special SLO cookie, so that script is aware of which user is asking SLO. This can't be the main WebSSO cookie because it is already destroyed at this stage (local logout already occured).1.0-rc2