lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2021-01-29T05:32:19Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2450Wrong content-type in manager2021-01-29T05:32:19ZAndreas DeschkaWrong content-type in manager### Concerned version
Version: %2.0.10
Platform: (Nginx/Apache/Node.js)
### Summary
The file `http://mymanager.test/manager.psgi//psgi.js` is delivered with Content-Type `application/json` instead of `application/javascript`. If in n...### Concerned version
Version: %2.0.10
Platform: (Nginx/Apache/Node.js)
### Summary
The file `http://mymanager.test/manager.psgi//psgi.js` is delivered with Content-Type `application/json` instead of `application/javascript`. If in nginx the header `X-Content-Type-Options: nosniff` is activated, the manager cannot be used.
It can be reproduced with docker image `coudot/lemonldap-ng:2.0.10` and with the debian package. In Version `2.0.9` the header was still correct.2.0.11https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2449SAML SLO using Redirect/POST binding does not work with multiple SP2021-12-07T17:22:45ZOlivier GouëllainSAML SLO using Redirect/POST binding does not work with multiple SPI have setup X Nextcloud (19.0.7) as SAML service provider for lemonldap-ng using coudot/lemonldap-ng:2.0.10 docker image.
SP initiated log-out work for all of them.
However SLO (IDP initiated) only disconnects user from the first in...I have setup X Nextcloud (19.0.7) as SAML service provider for lemonldap-ng using coudot/lemonldap-ng:2.0.10 docker image.
SP initiated log-out work for all of them.
However SLO (IDP initiated) only disconnects user from the first instance although lemonldap-ng thinks it is disconnected from the X instances.
I suspect that's lemonldap-ng handle badly Nextcloud session and duplicates the first session it finds.
```lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://auth.example.org;frame-ancestors 'none';child-src nextcloud1.example.org nextcloud1.example.org 'self';```
Lemonldap-ng sends X time (X=number of Nextcloud instances connected) the log-out request (each request intended for instance n, 1<n<X) to the first instance and gets a success each time believing that come from the instance n (it explain that lemonldap-ng believe that it logged out from all X instance).
Can anyone try to reproduce with other duplicated instance or analyze the source code in order to know if that's a generalize lemonldap-ng issue or just related to Nextcloud session management.
Here an example with Nextcloud1 and Nextcloud2 as usertest :
```lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Get configuration from cache without verification.
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Get session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799 from Handler::Main::Run
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Check session validity from Handler
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session timeout -> 72000
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session _utime -> 1611674976
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] now -> 1611675001
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session timeoutActivityInterval -> 60
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session TTL = 71975
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] No URL authentication level found...
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] auth.example.org: Apply default rule
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] removing cookie
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Cookies -> llnglanguage=en; lemonldap=f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] CookieName -> lemonldap
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] newCookies -> llnglanguage=en;
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] User usertest was granted to access to /?logout=1
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Start routing default route
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing importHandlerData
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing controlUrl
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing checkLogout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing code ref
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Launching ::Issuer::SAML::logout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Retrieve SAML session 67911b15e4e4b9df08c6651b0f6b9a199a245877c2456392005c2e6c6c5da54b
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SAML session 67911b15e4e4b9df08c6651b0f6b9a199a245877c2456392005c2e6c6c5da54b deleted
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Retrieve SAML session e6a8a7efd22995c1f1a13cc1a077bf373a10aa5b7442932213b28b3b557920fd
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SAML session e6a8a7efd22995c1f1a13cc1a077bf373a10aa5b7442932213b28b3b557920fd deleted
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Retrieve SAML session b486d0a72ab6b3ba9c9835d50cddd91b86fe376a2c08735d77b09569a14ae678
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SAML session b486d0a72ab6b3ba9c9835d50cddd91b86fe376a2c08735d77b09569a14ae678 deleted
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Retrieve SAML session f0fd43a8bf0e4fa7d1b7f06580594fd90ea305f53ee0e45b8c67b646ae2f2c06
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SAML session f0fd43a8bf0e4fa7d1b7f06580594fd90ea305f53ee0e45b8c67b646ae2f2c06 deleted
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap_serveur | <NidAndSessionIndex ProviderID="https://nextcloud1.example.org/apps/user_saml/saml/metadata" AssertionID="_37644F3372239D1298A2B54C76BDFDCE" SessionIndex="b486d0a72ab6b3ba9c9835d50cddd91b86fe376a2c08735d77b09569a14ae678">
lemonldap_serveur | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">usertest@example.org</saml:NameID>
lemonldap_serveur | </NidAndSessionIndex>
lemonldap_serveur | <NidAndSessionIndex ProviderID="https://nextcloud2.example.org/apps/user_saml/saml/metadata" AssertionID="_F4AFFB7E8B103C89FBEF91325B20696C" SessionIndex="e6a8a7efd22995c1f1a13cc1a077bf373a10aa5b7442932213b28b3b557920fd">
lemonldap_serveur | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">usertest@example.org</saml:NameID>
lemonldap_serveur | </NidAndSessionIndex>
lemonldap_serveur | </Session>
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Lasso Session loaded
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SLO request signature according to metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] No logout request found, build it
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Request built for https://nextcloud1.example.org/apps/user_saml/saml/metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Keep request ID _E5F88878CF20D2228D7BC34E90D5061C in assertion session a0172579b33e67f23d608496cb6ff4121e19abc0a81ab3b082ddd9b1b73fc744
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Send HTTP-REDIRECT logout request to https://nextcloud1.example.org/apps/user_saml/saml/metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SLO request signature according to metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Keep request ID _E5F88878CF20D2228D7BC34E90D5061C in assertion session f6ad093e45418fc4d1818bcfb303877695b83896d40a9d2372f3cd42c3d21b67
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Send HTTP-REDIRECT logout request to https://nextcloud2.example.org/apps/user_saml/saml/metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing authLogout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Cleaning pdata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing deleteSession
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Try to get SSO session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Get session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799 from Portal::Main::Run
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Return SSO session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Local handler logout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [notice] User usertest has been disconnected from LDAP (192.168.xxx.xxx)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] [notice] User usertest has been disconnected from LDAP (192.168.xxx.xxx)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799 deleted from global storage
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Returned error: 47 (PE_LOGOUT_OK)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Display: info detected
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Hidden values :
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Skin returned: info
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Calling sendHtml with template info
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Apply following CORS policy :
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Allow-Origin
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] *
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Allow-Credentials
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] true
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Allow-Headers
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] *
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Allow-Methods
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] POST,GET
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Expose-Headers
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] *
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Max-Age
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] 86400
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Required Params URL : https://auth.example.org/
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Set CSP form-action with Params URL : https://auth.example.org
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://auth.example.org;frame-ancestors 'none';child-src nextcloud1.example.org nextcloud1.example.org 'self';
lemonldap_serveur | 192.168.xxx.xxx - - [26/Jan/2021:15:30:01 +0000] "GET /?logout=1 HTTP/1.0" 200 6993 "https://auth.example.org/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
lemonldap_serveur | 192.168.xxx.xxx - - [26/Jan/2021:15:30:01 +0000] "GET /saml/singleLogout?SAMLResponse=fZLfa8IwEIDf91eUvmt%2B1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9%2Ftcw5WTEPgVwu33e5ZAKyLCqxsJ%2FW4buGyhrQ3rksDIh2K%2FZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x%2F4wZ5zJAAusaTNV2QeRb7q%2BV0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j%2FYDFR6oytle6Sbn0AXa6hoaR%2Bw3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63%2FVx%2FkUsHSKfSXBu%2BsbG%2Fm4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL%2BUG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33%2FI5Bs%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm%2BTO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry%2FRAjGjRUtRfnoXCN%2F3EagZ3R3rt%2BMwP1As7ktvyv0hlHiR%2FH08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc%2FLo%2FTxxo7K%2B9J%2BmfT4yTRJvKNQ4Z80%2BCZJYBPe7S6GkSU3pMKoIUQOirDGk%2FmQeohQBbDx3z2PNu6gUxvHJuGr%2BBIVGyNt30WJWUSEJ5OvI3bSWbyUpr26%2BoA%3D%3D HTTP/1.0" 302 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Get configuration from cache without verification.
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [info] No cookie found
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Build URL http://auth.example.org/saml/singleLogout?SAMLResponse=fZLfa8IwEIDf91eUvmt%2B1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9%2Ftcw5WTEPgVwu33e5ZAKyLCqxsJ%2FW4buGyhrQ3rksDIh2K%2FZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x%2F4wZ5zJAAusaTNV2QeRb7q%2BV0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j%2FYDFR6oytle6Sbn0AXa6hoaR%2Bw3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63%2FVx%2FkUsHSKfSXBu%2BsbG%2Fm4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL%2BUG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33%2FI5Bs%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm%2BTO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry%2FRAjGjRUtRfnoXCN%2F3EagZ3R3rt%2BMwP1As7ktvyv0hlHiR%2FH08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc%2FLo%2FTxxo7K%2B9J%2BmfT4yTRJvKNQ4Z80%2BCZJYBPe7S6GkSU3pMKoIUQOirDGk%2FmQeohQBbDx3z2PNu6gUxvHJuGr%2BBIVGyNt30WJWUSEJ5OvI3bSWbyUpr26%2BoA%3D%3D
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Redirect 192.168.xxx.xxx to portal (url was /saml/singleLogout?SAMLResponse=fZLfa8IwEIDf91eUvmt%2B1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9%2Ftcw5WTEPgVwu33e5ZAKyLCqxsJ%2FW4buGyhrQ3rksDIh2K%2FZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x%2F4wZ5zJAAusaTNV2QeRb7q%2BV0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j%2FYDFR6oytle6Sbn0AXa6hoaR%2Bw3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63%2FVx%2FkUsHSKfSXBu%2BsbG%2Fm4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL%2BUG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33%2FI5Bs%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm%2BTO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry%2FRAjGjRUtRfnoXCN%2F3EagZ3R3rt%2BMwP1As7ktvyv0hlHiR%2FH08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc%2FLo%2FTxxo7K%2B9J%2BmfT4yTRJvKNQ4Z80%2BCZJYBPe7S6GkSU3pMKoIUQOirDGk%2FmQeohQBbDx3z2PNu6gUxvHJuGr%2BBIVGyNt30WJWUSEJ5OvI3bSWbyUpr26%2BoA%3D%3D)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Start routing saml
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] URL /saml/singleLogout?SAMLResponse=fZLfa8IwEIDf91eUvmt+1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9/tcw5WTEPgVwu33e5ZAKyLCqxsJ/W4buGyhrQ3rksDIh2K/ZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x/4wZ5zJAAusaTNV2QeRb7q+V0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j/YDFR6oytle6Sbn0AXa6hoaR+w3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63/Vx/kUsHSKfSXBu+sbG/m4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL+UG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33/I5Bs=&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm+TO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry/RAjGjRUtRfnoXCN/3EagZ3R3rt+MwP1As7ktvyv0hlHiR/H08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc/Lo/Txxo7K+9J+mfT4yTRJvKNQ4Z80+CZJYBPe7S6GkSU3pMKoIUQOirDGk/mQeohQBbDx3z2PNu6gUxvHJuGr+BIVGyNt30WJWUSEJ5OvI3bSWbyUpr26+oA== detected as an SLO URL
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] SAML method: HTTP-REDIRECT
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] HTTP-REDIRECT: SAML Response SAMLResponse=fZLfa8IwEIDf91eUvmt%2B1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9%2Ftcw5WTEPgVwu33e5ZAKyLCqxsJ%2FW4buGyhrQ3rksDIh2K%2FZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x%2F4wZ5zJAAusaTNV2QeRb7q%2BV0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j%2FYDFR6oytle6Sbn0AXa6hoaR%2Bw3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63%2FVx%2FkUsHSKfSXBu%2BsbG%2Fm4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL%2BUG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33%2FI5Bs%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm%2BTO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry%2FRAjGjRUtRfnoXCN%2F3EagZ3R3rt%2BMwP1As7ktvyv0hlHiR%2FH08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc%2FLo%2FTxxo7K%2B9J%2BmfT4yTRJvKNQ4Z80%2BCZJYBPe7S6GkSU3pMKoIUQOirDGk%2FmQeohQBbDx3z2PNu6gUxvHJuGr%2BBIVGyNt30WJWUSEJ5OvI3bSWbyUpr26%2BoA%3D%3D
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Logout response is valid
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Destination https://auth.example.org/saml/ found in SAML message
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [error] Destination does not match URL https://auth.example.org/saml/singleLogout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Found entityID https://nextcloud1.example.org/apps/user_saml/saml/metadata in SAML message
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] https://nextcloud1.example.org/apps/user_saml/saml/metadata match Nextcloud1 SP in configuration
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Signature is valid
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [warn] Unable to store SLO status for Nextcloud1 because there is no RelayState
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Display OK status for SLO on Nextcloud1
lemonldap_serveur | 192.168.xxx.xxx - - [26/Jan/2021:15:30:01 +0000] "GET /static/bwr/bootstrap/dist/css/bootstrap.min.css.map HTTP/1.0" 304 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Get configuration from cache without verification.
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [info] No cookie found
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Build URL http://auth.example.org/saml/singleLogout?SAMLResponse=fZJda8IwFEDf9ytK3zVp2vQj2MLW6hCcwhQf9iJpE6fQJqU3Gf78aZlzsmIeArm5OefmJhPgTd2yhf7U1rxLaLUC6ZyaWgHrt1LXdoppDkdgijcSmKnY%2BvltwcgYs7bTRle6dp%2Bcf%2BMGeczgALIzR62GIPMidVfL6WL1Ol%2FuSBJQ6tN96ftin4h9RCn3fMKjUFRBVIaJKElVUjIE2soOzo7UPSsHRQBWzhUYrsw5CRNvhL0RCTceZT5m2PsYOlVIMEfFTU8%2BGNMCQ4hbcyBjXQo9FvILXTqABpXq2vCNTt3dlM7iOI7ifEZwQQiJi%2Bgl94NpgguKQy8fQmR9bHJRsP4GXXatQsmTqWptRXArhbctIHtu964vqp8aabjghk%2FQX8qN27K14cZC9qu%2FC%2BdaSGfLaysfvzL02Wxtq0oCuA76UaB7x3V9%2FyGzbw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=uQUqy6T%2FVl2iszPgz1PIzNWAxKtlF86Kf%2FNS%2BkqIZejxWKJSJDLBfR7v0AXWj35BVdiNFcQhgAixHfaG0giWQPhJ1CRsNznDGonVPWRGEQ%2Bh96AlyByhVZgqDnWZOl%2BelWRJNgw5%2FeetZIO%2FrZIeG7HbECDDuJhKlsCR3iMwxNJj9Du3%2BNe09txDO9GqIddMyLGjFOJHY68VdvUeeVkhgRJnPT4Gc5TSmBk2QvBF%2FZi2mxNyYAD6I4sw93lIjBESYzupjjcBcQVoY9dvnO0wWASOdjwPsab5w5J5%2B5S9DIVUqJmku1p490rCDBvrt6CJb5N5nBe5uuGp%2Bcgi7hG9Iw%3D%3D
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Redirect 192.168.xxx.xxx to portal (url was /saml/singleLogout?SAMLResponse=fZJda8IwFEDf9ytK3zVp2vQj2MLW6hCcwhQf9iJpE6fQJqU3Gf78aZlzsmIeArm5OefmJhPgTd2yhf7U1rxLaLUC6ZyaWgHrt1LXdoppDkdgijcSmKnY%2BvltwcgYs7bTRle6dp%2Bcf%2BMGeczgALIzR62GIPMidVfL6WL1Ol%2FuSBJQ6tN96ftin4h9RCn3fMKjUFRBVIaJKElVUjIE2soOzo7UPSsHRQBWzhUYrsw5CRNvhL0RCTceZT5m2PsYOlVIMEfFTU8%2BGNMCQ4hbcyBjXQo9FvILXTqABpXq2vCNTt3dlM7iOI7ifEZwQQiJi%2Bgl94NpgguKQy8fQmR9bHJRsP4GXXatQsmTqWptRXArhbctIHtu964vqp8aabjghk%2FQX8qN27K14cZC9qu%2FC%2BdaSGfLaysfvzL02Wxtq0oCuA76UaB7x3V9%2FyGzbw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=uQUqy6T%2FVl2iszPgz1PIzNWAxKtlF86Kf%2FNS%2BkqIZejxWKJSJDLBfR7v0AXWj35BVdiNFcQhgAixHfaG0giWQPhJ1CRsNznDGonVPWRGEQ%2Bh96AlyByhVZgqDnWZOl%2BelWRJNgw5%2FeetZIO%2FrZIeG7HbECDDuJhKlsCR3iMwxNJj9Du3%2BNe09txDO9GqIddMyLGjFOJHY68VdvUeeVkhgRJnPT4Gc5TSmBk2QvBF%2FZi2mxNyYAD6I4sw93lIjBESYzupjjcBcQVoY9dvnO0wWASOdjwPsab5w5J5%2B5S9DIVUqJmku1p490rCDBvrt6CJb5N5nBe5uuGp%2Bcgi7hG9Iw%3D%3D)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Start routing saml
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] URL /saml/singleLogout?SAMLResponse=fZJda8IwFEDf9ytK3zVp2vQj2MLW6hCcwhQf9iJpE6fQJqU3Gf78aZlzsmIeArm5OefmJhPgTd2yhf7U1rxLaLUC6ZyaWgHrt1LXdoppDkdgijcSmKnY+vltwcgYs7bTRle6dp+cf+MGeczgALIzR62GIPMidVfL6WL1Ol/uSBJQ6tN96ftin4h9RCn3fMKjUFRBVIaJKElVUjIE2soOzo7UPSsHRQBWzhUYrsw5CRNvhL0RCTceZT5m2PsYOlVIMEfFTU8+GNMCQ4hbcyBjXQo9FvILXTqABpXq2vCNTt3dlM7iOI7ifEZwQQiJi+gl94NpgguKQy8fQmR9bHJRsP4GXXatQsmTqWptRXArhbctIHtu964vqp8aabjghk/QX8qN27K14cZC9qu/C+daSGfLaysfvzL02Wxtq0oCuA76UaB7x3V9/yGzbw==&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=uQUqy6T/Vl2iszPgz1PIzNWAxKtlF86Kf/NS+kqIZejxWKJSJDLBfR7v0AXWj35BVdiNFcQhgAixHfaG0giWQPhJ1CRsNznDGonVPWRGEQ+h96AlyByhVZgqDnWZOl+elWRJNgw5/eetZIO/rZIeG7HbECDDuJhKlsCR3iMwxNJj9Du3+Ne09txDO9GqIddMyLGjFOJHY68VdvUeeVkhgRJnPT4Gc5TSmBk2QvBF/Zi2mxNyYAD6I4sw93lIjBESYzupjjcBcQVoY9dvnO0wWASOdjwPsab5w5J5+5S9DIVUqJmku1p490rCDBvrt6CJb5N5nBe5uuGp+cgi7hG9Iw== detected as an SLO URL
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] SAML method: HTTP-REDIRECT
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] HTTP-REDIRECT: SAML Response SAMLResponse=fZJda8IwFEDf9ytK3zVp2vQj2MLW6hCcwhQf9iJpE6fQJqU3Gf78aZlzsmIeArm5OefmJhPgTd2yhf7U1rxLaLUC6ZyaWgHrt1LXdoppDkdgijcSmKnY%2BvltwcgYs7bTRle6dp%2Bcf%2BMGeczgALIzR62GIPMidVfL6WL1Ol%2FuSBJQ6tN96ftin4h9RCn3fMKjUFRBVIaJKElVUjIE2soOzo7UPSsHRQBWzhUYrsw5CRNvhL0RCTceZT5m2PsYOlVIMEfFTU8%2BGNMCQ4hbcyBjXQo9FvILXTqABpXq2vCNTt3dlM7iOI7ifEZwQQiJi%2Bgl94NpgguKQy8fQmR9bHJRsP4GXXatQsmTqWptRXArhbctIHtu964vqp8aabjghk%2FQX8qN27K14cZC9qu%2FC%2BdaSGfLaysfvzL02Wxtq0oCuA76UaB7x3V9%2FyGzbw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=uQUqy6T%2FVl2iszPgz1PIzNWAxKtlF86Kf%2FNS%2BkqIZejxWKJSJDLBfR7v0AXWj35BVdiNFcQhgAixHfaG0giWQPhJ1CRsNznDGonVPWRGEQ%2Bh96AlyByhVZgqDnWZOl%2BelWRJNgw5%2FeetZIO%2FrZIeG7HbECDDuJhKlsCR3iMwxNJj9Du3%2BNe09txDO9GqIddMyLGjFOJHY68VdvUeeVkhgRJnPT4Gc5TSmBk2QvBF%2FZi2mxNyYAD6I4sw93lIjBESYzupjjcBcQVoY9dvnO0wWASOdjwPsab5w5J5%2B5S9DIVUqJmku1p490rCDBvrt6CJb5N5nBe5uuGp%2Bcgi7hG9Iw%3D%3D
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Logout response is valid
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Destination https://auth.example.org/saml/ found in SAML message
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [error] Destination does not match URL https://auth.example.org/saml/singleLogout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Found entityID https://nextcloud1.example.org/apps/user_saml/saml/metadata in SAML message
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] https://nextcloud1.example.org/apps/user_saml/saml/metadata match Nextcloud1 SP in configuration
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Signature is valid
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [warn] Unable to store SLO status for Nextcloud1 because there is no RelayState
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Display OK status for SLO on Nextcloud1
```2.0.11Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2448Adaptative Authentication rule triggered several times2021-02-15T14:13:47ZJean-Noel FohrAdaptative Authentication rule triggered several times### Concerned version
Version: %2.0.10
Platform: Nginx
### Summary
We have a single rule checking env address, and if the rule is matched it is triggered several times, resulting in very high auth level.
The number of times the rule ...### Concerned version
Version: %2.0.10
Platform: Nginx
### Summary
We have a single rule checking env address, and if the rule is matched it is triggered several times, resulting in very high auth level.
The number of times the rule is triggered changes each time.
### Logs
Example:
```
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Processing setPersistentSessionInfo
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Persistent session found for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Restore persistent parameter _loginHistory
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Restore persistent parameter _updateTime
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Processing setLocalGroups
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Processing store
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Launching ::Plugins::AdaptativeAuthenticationLevel::adaptAuthenticationLevel instead of store
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptative authentication rules for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Current authentication level for jnfohr is 2
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptativeAuthenticationLevelRules -> ($env->{REMOTE_ADDR} =~ /^10\./ or $env->{REMOTE_ADDR} =~ /^192\.168\.19\./)
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] User jnfohr match rule, apply +2 on authentication level
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level for jnfohr is now 4
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level has changed for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Launching ::Plugins::AdaptativeAuthenticationLevel::adaptAuthenticationLevel instead of store
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptative authentication rules for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Current authentication level for jnfohr is 4
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptativeAuthenticationLevelRules -> ($env->{REMOTE_ADDR} =~ /^10\./ or $env->{REMOTE_ADDR} =~ /^192\.168\.19\./)
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] User jnfohr match rule, apply +2 on authentication level
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level for jnfohr is now 6
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level has changed for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Launching ::Plugins::AdaptativeAuthenticationLevel::adaptAuthenticationLevel instead of store
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptative authentication rules for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Current authentication level for jnfohr is 6
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Check adaptativeAuthenticationLevelRules -> ($env->{REMOTE_ADDR} =~ /^10\./ or $env->{REMOTE_ADDR} =~ /^192\.168\.19\./)
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] User jnfohr match rule, apply +2 on authentication level
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level for jnfohr is now 8
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Authentication level has changed for jnfohr
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] store launched inside ::Plugins::AdaptativeAuthenticationLevel::adaptAuthenticationLevel
Jan 26 16:32:03 serv-auth1 LLNG[1044626]: [debug] Store **** in session key _password
```
### Backends used
AD authentication
Redis sessions
### Possible fixes
None found yet2.0.11YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2446Incorrect MIME type on /psgi.js2021-01-29T14:12:43ZJean-Noel FohrIncorrect MIME type on /psgi.js### Concerned version
Version: %2.0.10
Platform: Nginx
### Summary
Console message in chromium:
> Refused to execute script from 'https://auth.domain/index.psgi/psgi.js' because its MIME type ('application/json') is not executable, a...### Concerned version
Version: %2.0.10
Platform: Nginx
### Summary
Console message in chromium:
> Refused to execute script from 'https://auth.domain/index.psgi/psgi.js' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.
This issue results in missing messages on all portal pages certainly due to unability to pick the right language (I suppose...)
This issue appeared after upgrading from 2.0.9 to 2.0.10 and only in conjunction with the following nginx headers set:
add_header X-Content-Type-Options "nosniff" always;
### Possible fixes
Removing this header from nginx server resolves the issue:
add_header X-Content-Type-Options "nosniff" always;2.0.11Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2445lmAuth param sent to protected application2021-02-01T14:37:46ZMaxime BessonlmAuth param sent to protected application### Concerned version
Version: 2.0.10
### Summary
* Configure Choice Demo1=>Demo
* Set notifyOther=1
* Browse to http://test1.example.com
* Login, close browser, login again
* Info on your previous session is display, continue
* You ...### Concerned version
Version: 2.0.10
### Summary
* Configure Choice Demo1=>Demo
* Set notifyOther=1
* Browse to http://test1.example.com
* Login, close browser, login again
* Info on your previous session is display, continue
* You end up on http://test1.example.com/?lmAuth=Demo1
### Possible fixes
Fix forms so that the lmAuth hidden field is only included when SENDPARAMS=12.0.11Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2444set oidcServiceKeyIdSig by default2021-01-20T08:53:16ZMaxime Bessonset oidcServiceKeyIdSig by default### Summary
Some client applications expect the kid to be set in JWKS document.
We should enable it by default on new installs, but not change its value on existing installs
### Design proposition
Add oidcServiceKeyIdSig => "key0" to...### Summary
Some client applications expect the kid to be set in JWKS document.
We should enable it by default on new installs, but not change its value on existing installs
### Design proposition
Add oidcServiceKeyIdSig => "key0" to lmConf-1.json2.0.11Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2443Add variables for scope and clientid for use in access rules and macros2021-01-19T15:01:34ZMaxime BessonAdd variables for scope and clientid for use in access rules and macros### Summary
An OAuth2 protected application might want to:
* Filter according to granted scope
* Export client ID in an http header
### Design proposition
Add variables such as _clientID or _scope before evaluating rules in OAuth2 ha...### Summary
An OAuth2 protected application might want to:
* Filter according to granted scope
* Export client ID in an http header
### Design proposition
Add variables such as _clientID or _scope before evaluating rules in OAuth2 handler
Might also be useful in the portal for some features (#1987, #2424...)2.0.11Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2442[CPAN RT #134062] Lemonldap-NG-Common: Can't locate JSON/XS.pm2021-01-29T05:31:46ZClément OUDOT[CPAN RT #134062] Lemonldap-NG-Common: Can't locate JSON/XS.pmSee https://rt.cpan.org/Public/Bug/Display.html?id=134062See https://rt.cpan.org/Public/Bug/Display.html?id=1340622.0.11YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2436CheckUser displays headers as they have been defined in conf intead of how th...2021-01-28T09:50:59ZChristophe Maudouxchrmdx@gmail.comCheckUser displays headers as they have been defined in conf intead of how they are sent### Summary
CGI norme is upercase with HTTP_ suffix and underscores substitued by -
### Design proposition
Append an option to display normalized headers### Summary
CGI norme is upercase with HTTP_ suffix and underscores substitued by -
### Design proposition
Append an option to display normalized headers2.0.11Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2397OAuth2 handler should make client_id and scopes of the access token available...2021-01-19T15:45:12ZMaxime BessonOAuth2 handler should make client_id and scopes of the access token available to rules and headers### Summary
When using a OAuth2 handler, we can use variables in rules and headers that are based on all session attributes, but not on the incoming Access Token.
It should be possible to restrict access depending on granted scopes, an...### Summary
When using a OAuth2 handler, we can use variables in rules and headers that are based on all session attributes, but not on the incoming Access Token.
It should be possible to restrict access depending on granted scopes, and the API protected by the handler might want to log the client_id that the access token was issued for.2.0.11Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1987add grant_type=client_credentials in OIDC2021-03-10T14:46:36ZVincent Filali-Ansaryadd grant_type=client_credentials in OIDC### Goal
add the features to login directly with user/password into OpenID Connect Relying Parties
actually only theses grant_types is supported:
*grant_types_supported*
* authorization_code
* implicit
* hybrid
The goal is to use th...### Goal
add the features to login directly with user/password into OpenID Connect Relying Parties
actually only theses grant_types is supported:
*grant_types_supported*
* authorization_code
* implicit
* hybrid
The goal is to use the silent-authentication, i mean without to display the portal web page.
like https://auth0.com/docs/api-auth/tutorials/silent-authentication
### Design proposition
None for the moment, but thanks a lot for your incredible Work !2.0.11Maxime BessonMaxime Besson