lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2021-01-28T14:20:23Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2452Ubble registration plugin2021-01-28T14:20:23ZYaddUbble registration plugin### Summary
[ubble](https://www.ubble.ai/) helps businesses fight against fraud with its frictionless online identity verification service that uses exclusive video live streaming and A.I. technology.
### Design proposition
Registrati...### Summary
[ubble](https://www.ubble.ai/) helps businesses fight against fraud with its frictionless online identity verification service that uses exclusive video live streaming and A.I. technology.
### Design proposition
Registration plugin to enforce enrollment3.0.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1823[Security:improvement] Improved use of cryptography2023-11-13T14:43:20ZRaphael Geissert[Security:improvement] Improved use of cryptographyPoking different parts of the code base it would appear that the use of cryptography by LLNG needs to be reviewed, updated, and simplified. Some examples:
* `Lemonldap::NG::Common::Crypto` has code to use md5 to what looks like a key-der...Poking different parts of the code base it would appear that the use of cryptography by LLNG needs to be reviewed, updated, and simplified. Some examples:
* `Lemonldap::NG::Common::Crypto` has code to use md5 to what looks like a key-derivation function. PBKDF2 and similar HMAC-based algorithms exist to do that.
* data seems to be encrypted, again with the Crypto module, but not signed. Authenticated encryption should be critical if the encrypted data is ever sent to or received from an untrusted party.
* Use of non-crypto-safe rngs like in #1803 and #1633
* Lastly, but worrisome, by using a low-level primitive like AES directly it appears that some basics were forgotten: the same key appears to be used to sign multiple messages without ever setting an initialization vector! meaning that the IV in use is always a zero.
Libraries such as NaCl and libsodium were created to reduce the complexity of using cryptographic functions the right way. Perhaps using one of the perl binding to libsodium could be a way to address these problems.
E.g. for #1803 there's `randombytes_uniform`. For encryption? `crypto_secretbox_*`, data authentication? `crypto_auth`.
Marking this issue as confidential given that the IV reuse could be pretty serious. I have not tried to asses the impact in the case of LLNG.
C.f. https://cwe.mitre.org/data/definitions/329.html3.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1808Room for improvement in Apache::Session::Generate::SHA2562021-10-16T06:04:16ZRaphael GeissertRoom for improvement in Apache::Session::Generate::SHA256The `Lemonldap::NG::Common::Apache::Session::Generate::SHA256` module could use an update, it:
* imports some methods like sha256 but doesn't use them,
* reads 64 bytes of urandom, but only because that's the length of the output of sha2...The `Lemonldap::NG::Common::Apache::Session::Generate::SHA256` module could use an update, it:
* imports some methods like sha256 but doesn't use them,
* reads 64 bytes of urandom, but only because that's the length of the output of sha256_hex,
* does a second round of hashing for no documented reason,
* hashes the output of: `time`, `{}`, and `$$`, but at best they do no harm and at worst they could leak information
Moreover, it doesn't handle the fact that `Crypt::URandom` could croak. Not sure if that's handled nicely by other parts of LLNG?3.0.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1570Manager : replace Angular-1* by React/Redux2021-05-16T14:57:31ZYaddManager : replace Angular-1* by React/Redux### Summary
Angular-1.8* is the last version and LTS until ~2022. Since we maintain at least 2 versions, we might replace it before 2020 to be sure to have a well maintained JS framework.
React used with Redux sounds good to replace An...### Summary
Angular-1.8* is the last version and LTS until ~2022. Since we maintain at least 2 versions, we might replace it before 2020 to be sure to have a well maintained JS framework.
React used with Redux sounds good to replace Angular-1.3.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1495Verify if bootstrap vulnerability can be exploited in LLNG2019-01-04T14:58:48ZYaddVerify if bootstrap vulnerability can be exploited in LLNG### Concerned version
Version: %"1.9.18", %"2.0.0"
### Summary
The following vulnerabilities were published for twitter-bootstrap3. If LLNG is vulnerable, update bootstrap at least to 4.1.2
[CVE-2018-14040](https://cve.mitre.org/cgi...### Concerned version
Version: %"1.9.18", %"2.0.0"
### Summary
The following vulnerabilities were published for twitter-bootstrap3. If LLNG is vulnerable, update bootstrap at least to 4.1.2
[CVE-2018-14040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14040): In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
[CVE-2018-14041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14041): In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
[CVE-2018-14042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14042): In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3122Random DB errors when using llng-fastcgi-server in foreground mode2024-03-27T09:37:24ZMaxime BessonRandom DB errors when using llng-fastcgi-server in foreground mode### Affected version
Version: 2.18.2
Platform: FastCGI server with the coudot/lemonldap-ng docker image
### Summary
* I have customized the coudot/lemonldap-ng image to use CDBI with a mariadb server
* I encounter difficult to predic...### Affected version
Version: 2.18.2
Platform: FastCGI server with the coudot/lemonldap-ng docker image
### Summary
* I have customized the coudot/lemonldap-ng image to use CDBI with a mariadb server
* I encounter difficult to predict DB errors
* Errors can be easily triggered with high load and a disabled configuration cache
### Logs
Some of the errors that pop up:
```
DBD::mysql::db selectrow_array failed: Unknown or undefined error code
...
DBD::mysql::db selectrow_arrayref failed: fetch() without execute()
```
### Root cause
llng-fastcgi-server instanciates a handler[](https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.18.2/fastcgi-server/sbin/llng-fastcgi-server?ref_type=tags#L121) during startup.
This is needed to have shared status (apparently). But this action causes DBI to cache a connection to the database.
This connection cache is preserved after the process are forked by
* Plack startup (only when --foreground is not set)
* The FastCGI process manager (NPROC worker processes)
During the plack startup fork, the parent process exists, which runs DBI cleanup and closes the file descriptor, therefore invalidating the cache in other processes.
When --foreground is set, the file descriptor remains open and is reused until:
* That shared connection is closed by the SQL server
* One of the process terminates
### Possible fixes
Either:
* Revert 019f1e75e829ec9fdfc34d23e2874398a5cba8f0 and find another way to share the status server
* Find another way to have working docker logs without --foreground, and remove this option
* Fork llng-fastcgi-server one more time before handing control to Plack2.20.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3110_2fDevices redaction corrupts session2024-03-27T10:45:57ZDaniel Berteaud_2fDevices redaction corrupts session### Affected version
Version: 2.18.2
Platform: Alma Linux 9, custom Docker image (using the RPMS from https://lemonldap-ng.org/redhat/stable/)
### Summary
Active Directory grants an auth level of 2, and some apps require an auth leve...### Affected version
Version: 2.18.2
Platform: Alma Linux 9, custom Docker image (using the RPMS from https://lemonldap-ng.org/redhat/stable/)
### Summary
Active Directory grants an auth level of 2, and some apps require an auth level of 5. The Upgrade Session plugins handles the re-auth with a second factor (WebAuthn and TOTP are configured). While this is working, I sometime have a corrupted session. The issue comes from the \_2fDevices, which looks like
```plaintext
"_2fDevices": "******"
```
As LL::NG is expecting a JSON array, this is breaking. The session can neither be displayed in the manager, nor can it be upgraded with 2FA. If I try to access a app which requires an authLevel of 5, I just get a white page with "Internal Server Error" instead of the 2FA upgrade page on the portal.
### Logs
```plaintext
[Wed Feb 28 10:04:12 2024] [LLNG:655] [warn] User rejected due to insufficient authentication level
[Wed Feb 28 10:04:12 2024] [LLNG:655] [warn] -> Session upgrade enabled
[Wed Feb 28 10:04:12 2024] [LLNG:655] [error] Corrupted session (_2fDevices): malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "******") at /usr/share/perl5/vendor_perl/JSON.pm line 190.
[uwsgi-perl error] Can't use an undefined value as an ARRAY reference at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/2F/Engines/Default.pm line 305.
[Wed Feb 28 10:04:54 2024] [LLNG:41] [error] Corrupted session (_2fDevices): malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "******") at /usr/share/perl5/vendor_perl/JSON.pm line 190.
[uwsgi-perl error] Can't use an undefined value as an ARRAY reference at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/2F/Engines/Default.pm line 305.
```
### Backends used
uwsgi and nginx for the portal and manager, Traefik and uwsgi for the Handler, postgres for configuration and sessions, Active Directory (samba4) for UserDB and PasswordDB. Handlers are using the REST API for config and session. I think the issue comes from here. 2fDevices is an hidden attribute (don't know where this is configured yet). I've enabled "Export secrets attributes" on the REST server, but it doesn't look like it changes anything. As the handler gets a "\*\*\*\*\*\*\*" from the REST API for the session, when it updates the session, it corrupts it in the session database. Attribute redaction should honor attribute type (eg, set 2fDevices as \["\*\*\*\*\*"\] instead of "\*\*\*\*\*") so at least the session wouldn't be corrupted. I also need to find how to remove 2fDevices from the hidden attribute list so it can be served to my handlers with the REST API, but this is probably just a matter of correct configuration.2.20.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3034Deletion of a 2FA in the middle of an authentication flow is not taken into a...2023-11-02T13:19:30ZMaxime BessonDeletion of a 2FA in the middle of an authentication flow is not taken into account### Affected version
Version: 2.17.1
### Summary
* As user, register a 2FA
* As user, go to portal, login with your 1st factor, and choose your 2FA
* You are prompted to enter a code or complete the webauthn challenge, and you have $...### Affected version
Version: 2.17.1
### Summary
* As user, register a 2FA
* As user, go to portal, login with your 1st factor, and choose your 2FA
* You are prompted to enter a code or complete the webauthn challenge, and you have $sfTimeout seconds to do it (can be several minutes)
* As an admin, delete the 2FA for this user
* As a user, complete the 2FA challenge successfully :x:
### Possible fixes
This is caused by the fact that `_2fdevices` is copied into the user's session, and stored as a OneTimeToken during the 2FA flow. Despite the 2FA being removed by the admin, it still exists in the OneTimeToken.
I think we should update the `_2fDevices` array when the 2FA challenge is completed to make sure the selected device still exists.In discussionMaxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3011Cannot override configuration in lemonldap-ng.ini when value is "0"2023-09-20T09:03:33ZMaxime BessonCannot override configuration in lemonldap-ng.ini when value is "0"### Concerned version
Reopening #2711 because it is still not fixed in branch v2.0, issue is the same
Version: 2.17.0
### Summary
* In config, set `portalDisplayRegister=1`
* In lemonldap-ng.ini, set `portalDisplayRegister=0`
* Expect...### Concerned version
Reopening #2711 because it is still not fixed in branch v2.0, issue is the same
Version: 2.17.0
### Summary
* In config, set `portalDisplayRegister=1`
* In lemonldap-ng.ini, set `portalDisplayRegister=0`
* Expected: Register button is not displayed
* Actual: register button is not displayed
trying to clear the cache or restart llng-fastcgi-server doesn't helphttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2995No error reporting when session update fails on DBI based modules (probably o...2024-03-27T09:45:52ZMaxime BessonNo error reporting when session update fails on DBI based modules (probably on others too)### Affected version
Version: 2.17
### Summary
* Simulate a SQL error by adding a die() in the update() method of an Apache::Session::Store module
* Try to login
* No error reporting, but a session is created with invalid data (just t...### Affected version
Version: 2.17
### Summary
* Simulate a SQL error by adding a die() in the update() method of an Apache::Session::Store module
* Try to login
* No error reporting, but a session is created with invalid data (just the session ID)
### Possible fixes
Hard to fix because the update method is called in Apache::Session destructor, so we cannot easily catch when the Store module dies because of a SQL error.2.20.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2978Using the (unimplemented) claims= parameter in an OIDC authorize request trig...2024-03-27T09:48:50ZMaxime BessonUsing the (unimplemented) claims= parameter in an OIDC authorize request triggers XSS detection with authentication=Choice### Affected version
Version: 2.16.2
### Summary
* Configure Choice as auth module (one Demo choice)
* Enable OIDC issuer
* Send an OIDC request with a "claims" parameter:
https://auth.example.com/oauth2/authorize?response_type=code...### Affected version
Version: 2.16.2
### Summary
* Configure Choice as auth module (one Demo choice)
* Enable OIDC issuer
* Send an OIDC request with a "claims" parameter:
https://auth.example.com/oauth2/authorize?response_type=code&scope=openid&client_id=testrp&state=5azlOvBCuQcmlu_TeCGL317RuSk&redirect_uri=http%3A%2F%2Frp.example.com%2Foauth2callback&nonce=DkqDQChJVDWiLtyDknOYkRyC4xEDhlRMq_wEGtB8twU&claims={%22mail%22:%20null})
* A scary log is generated, but no other side effect (unless a custom URL is set in Choice module, maybe)*
### Logs
```
[error] XSS attack detected (param: URI | value: /oauth2/authorize?response_type=code&scope=openid&client_id=testrp&state=5azlOvBCuQcmlu_TeCGL317RuSk&redirect_uri=http%3A%2F%2Frp.example.com%2Foauth2callback&nonce=DkqDQChJVDWiLtyDknOYkRyC4xEDhlRMq_wEGtB8twU&claims={%22mail%22:%20null})
```
### Possible fixes
Relevant code from Lib::Choice
```
# Default URL
$req->data->{cspFormAction} ||= {};
if (
defined $url
and not $self->checkXSSAttack( 'URI',
$req->env->{'REQUEST_URI'} )
and $url =~
q%^(https?://)?[^\s/.?#$].[^\s]+$% # URL must be well formatted
)
{
my $csp_uri = $self->cspGetHost($url);
$req->data->{cspFormAction}->{$csp_uri} = 1;
}
```
There is no point in checking REQUEST_URI for potential XSS because REQUEST_URI is not used in Choice anymore.
In fact, I'm the one who accidentally removed REQUEST_URI from form destinations (see cd97d3b9227f16f0edcdd30b43a7dfe80f1c56f6).
There hasn't been any complains because pdata already saves REQUEST_URI.
@guimard: I need some advice here on what to do
* Fix my mistake and introduce back the following line:
```
$url .= $req->env->{'REQUEST_URI'};
```
which will break OIDC requests that use the "claims" parameter ?
* Or just remove the useless XSS check ?2.20.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2958SAML module Lasso error code -5012023-07-13T09:37:44ZLéo RoquesSAML module Lasso error code -501### Affected version
Version: lemonldap-ng 2.16.1 (from official debian packages)
Platform: debian 12 / nginx 1.22.1 / perl 5.36.0 / liblasso 2.8.1
### Summary
Following the firsts steps for [SAML service configuration](https://lemon...### Affected version
Version: lemonldap-ng 2.16.1 (from official debian packages)
Platform: debian 12 / nginx 1.22.1 / perl 5.36.0 / liblasso 2.8.1
### Summary
Following the firsts steps for [SAML service configuration](https://lemonldap-ng.org/documentation/2.0/samlservice.html)
Activating SAML module via General Parameters » Issuer modules » SAML » Activation: set to On
Authentication portal go down, printing "Internal Server Error"
Manager interface is still working properly
### Logs
Each time the authentication page is reloaded, a new process is started and the sequence lead to the same lasso error.
```
Jul 03 09:46:51 ************* LLNG[215]: [debug] Logger Lemonldap::NG::Common::Logger::Syslog loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] User logger Lemonldap::NG::Common::Logger::Syslog loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 03 09:46:51 ************* LLNG[215]: [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.
Jul 03 09:46:51 ************* LLNG[215]: [debug] Get configuration 13 aged 1688135511
Jul 03 09:46:51 ************* LLNG[215]: [info] Loading configuration 13 for process 215
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls defaultValuesInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Options https for vhost auth.*********.com: 1
Jul 03 09:46:51 ************* LLNG[215]: [debug] Options https for vhost manager.*********.com: 1
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls jailInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls portalInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls locationRulesInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls sessionStorageInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls headersInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls postUrlInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls aliasInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls oauth2Init
Jul 03 09:46:51 ************* LLNG[215]: [debug] Launching Lemonldap::NG::Handler::FastCGI::Loader->loadCustomHandlers(conf)
Jul 03 09:46:51 ************* LLNG[215]: [debug] Launching Lemonldap::NG::Portal::Main->reloadConf(conf)
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add POST route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add POST route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route psgi.js added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route psgi.js added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route portal.css added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route portal.css added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route : added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route : added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route ping added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route ping added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route refresh added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add OPTIONS route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add OPTIONS route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route logout added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route logout added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Initialized CSP headers : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src
'self';script-src 'self';
Jul 03 09:46:51 ************* LLNG[215]: [debug] Initialized CORS headers : Access-Control-Allow-Origin;*;Access-Control-Allow-Credentials;true;Access-Control-
Allow-Headers;*;Access-Control-Allow-Methods;POST,GET;Access-Control-Expose-Headers;*;Access-Control-Max-Age;86400;
Jul 03 09:46:51 ************* LLNG[215]: [debug] Cookies will use SameSite=None
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Main::Menu loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::Main::Menu initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Auth::LDAP loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Try to build new LDAP connection with: ldap://******.*********.com
Jul 03 09:46:51 ************* LLNG[215]: [debug] LDAP Search base: dc=*********,dc=com
Jul 03 09:46:51 ************* LLNG[215]: [debug] LDAP transformed filter: (&(uid=".$req->{user}.")(objectClass=inetOrgPerson))
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::Auth::LDAP initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::UserDB::LDAP loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Try to build new LDAP connection with: ldap://******.*********.com
Jul 03 09:46:51 ************* LLNG[215]: [debug] LDAP Search base: dc=*********,dc=com
Jul 03 09:46:51 ************* LLNG[215]: [debug] LDAP transformed filter: (&(uid=".$req->{user}.")(objectClass=inetOrgPerson))
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::UserDB::LDAP initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::2F::Engines::Default loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking utotp2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking totp2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking u2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking rest2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking mail2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking ext2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking webauthn2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking yubikey2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking radius2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking password2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking password2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking totp2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking u2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking webauthn2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking yubikey2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Processing Extra 2F modules
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::2F::Engines::Default initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Captcha::SecurityImage loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route renewcaptcha added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::Captcha::SecurityImage initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] IssuerSAML enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Issuer::SAML loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] SAML rule -> 0
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add POST route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add POST route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Lasso thin-sessions flag set
Jul 03 09:46:51 ************* LLNG[215]: [debug] Certificate will be used in SAML responses
Jul 03 09:46:51 ************* LLNG[215]: [debug] Get Metadata for this service
Jul 03 09:46:51 ************* LLNG[215]: [error] Lasso error code -501: An object type provided as parameter is invalid or object is NULL.
Jul 03 09:46:52 ************* LLNG[216]: [debug] Logger Lemonldap::NG::Common::Logger::Syslog loaded
Jul 03 09:46:52 ************* LLNG[216]: [debug] User logger Lemonldap::NG::Common::Logger::Syslog loaded
Jul 03 09:46:52 ************* LLNG[216]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 03 09:46:52 ************* LLNG[216]: [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.
Jul 03 09:46:52 ************* LLNG[216]: [debug] Get configuration 13 aged 1688135511
Jul 03 09:46:52 ************* LLNG[216]: [info] Loading configuration 13 for process 216
```In discussionhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2918CAS issuer can't handle urn: URIs2023-05-09T09:26:37ZMaxime BessonCAS issuer can't handle urn: URIs### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
Some CAS apps (jnlp) use urn:my:app URLs, which currently don't work (PE_ERROR)### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
Some CAS apps (jnlp) use urn:my:app URLs, which currently don't work (PE_ERROR)In discussionMaxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2861MFA / 2FA does not correct send _password via REST2024-03-27T09:49:37ZDave ConroyMFA / 2FA does not correct send _password via REST### Concerned version
Version: %2.0.16
Platform: (Nginx) | Docker
### Summary
An application that is protected via a REST LLNG Handler and are passing headers to the application like so:
- `uid` as `REMOTE_USER`
- `_password` `REMOT...### Concerned version
Version: %2.0.16
Platform: (Nginx) | Docker
### Summary
An application that is protected via a REST LLNG Handler and are passing headers to the application like so:
- `uid` as `REMOTE_USER`
- `_password` `REMOTE_PASSWORD`
Works fine - with the exception of impersonation/context switching, but that is another issue that cannot be resolved.
When using MFA (We have tested with Webauthn) we have found the _password variable is not sent to the Remote LLNG Handler anymore and sends a blank `REMOTE_PASSWORD` header to the protected application.
### Backends used
Simple system with Portal, Handler, and Manager all on one host, and remote handlers that are connected via REST (previously SOAP) either per service or for each physical machine. Postgresql storage for LLNG Portal, and filesystem storage for REST.
````mermaid
graph TD
LLNGPORTAL(Portal Server) -->LLNGHANDLER(LLNG Remote Handler REST) -->APP(Application)
LLNGHANDLER-->LLNGPORTAL
````BacklogChristophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2837Unable to delete FIDO MFA Key2023-12-14T09:16:55ZDave ConroyUnable to delete FIDO MFA Key### Concerned version
Version: 2.15.1
Platform: Nginx (tiredofit/docker-lemonldap -- My image)
### Summary
After registering with a Fido Device (oddly enough I don't get confirmation when I do, and can only see it back at 2fa Manager...### Concerned version
Version: 2.15.1
Platform: Nginx (tiredofit/docker-lemonldap -- My image)
### Summary
After registering with a Fido Device (oddly enough I don't get confirmation when I do, and can only see it back at 2fa Manager)
I now have a Fido key registered to me. When I try to remove it, I am presented with a JS popup "This operation cannot be undone" and select Unregister.
It removes from the screen, but upon page reload, the key reappears.
### Logs
```
2022-12-14 10:08:08 | LLNG[2717]: [debug] daveconroy request to delete webauthn2f device
2022-12-14 10:08:08 | LLNG[2717]: [debug] Impersonation plugin is enabled
2022-12-14 10:08:08 | LLNG[2717]: [debug] ContextSwitching plugin is enabled
2022-12-14 10:08:08 | LLNG[2717]: [debug] daveconroy is allowed to update 2FA
2022-12-14 10:08:08 | LLNG[2717]: [debug] Deleted 2F Device: { type => WebAuthn, epoch => 1670956099 }
2022-12-14 10:08:08 | LLNG[2717]: [debug] Found 'whatToTrace' -> daveconroy
2022-12-14 10:08:08 | LLNG[2717]: [debug] Update daveconroy persistent session
2022-12-14 10:08:08 | LLNG[2717]: [debug] Update session MASKED
2022-12-14 10:08:08 | LLNG[2717]: [debug] Update sessionInfo _2fDevices
2022-12-14 10:08:08 | LLNG[2717]: [debug] Dump: $VAR1 = '[]';
```
From manager, the key can be removed.In discussionMaxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2818Multiple SAML SP in the same LLNG session2023-12-14T09:17:06ZAndrea PassuelloMultiple SAML SP in the same LLNG sessionHi,
I use the last version of LLNG with a LDAP backend and SAML to do SSO with different service providers.
I'm able to login to the different SPs but I noticed that sometimes when i login in a SP (not a specific one) the lasso session ...Hi,
I use the last version of LLNG with a LDAP backend and SAML to do SSO with different service providers.
I'm able to login to the different SPs but I noticed that sometimes when i login in a SP (not a specific one) the lasso session contains several times the same SP, something like this:
<Session Version="2" xmlns="http://www.entrouvert.org/namespaces/lasso/0.0">
<NidAndSessionIndex AssertionID="_403818F21FB74BDBD8BA9171EB4D9B6F" ProviderID="https://SP1.mydomain.com/saml/metadata" SessionIndex="e0eaf29f16feef17ccc00305d52e4c5f8f66168679d37234e1d9a204cbf84d7c">
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">_7C57585F1CFEDA90602B7C3B5B8F1C05</saml:NameID>
</NidAndSessionIndex>
<NidAndSessionIndex AssertionID="_5451C47D26975A3F118CB6924AE8C945" ProviderID="https://SP1.mydomain.com/saml/metadata" SessionIndex="84305ba43f548a9eb59797e89b6c6e62c4e708fb904ca913a31ae5e4e7c395b6">
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">_82BB2826B989215A844782170C929215</saml:NameID>
</NidAndSessionIndex>
</Session>
In a case like this the SLO does not work.
Sometimes it happens to have different sessions also for SP2, SP3, ....
For having this situation I did these steps:
1. login to the portal
2. first login to the "SP1" SAML SP
3. second login to the "SP1" SAML SP (for this I deleted the SP1 cookie to simulate the expiration of the SP1 session)
4. logout from the portal
After the logout I'm still connected to SP1 (but not to LLNG).
If I do the logout without the second SP1 login (step 3) the logout works as expected and I'm logged out from LLNG and also from SP1.
**STEP 2**
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Get configuration from cache without verification.
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] VH PORTAL.mydomain.com is HTTPS
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler::Main::Run
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Check session validity from Handler
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Session timeout -> 86400
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Session _utime -> 1668079744
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] now -> 1668079765
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Session timeoutActivityInterval -> 60
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Session TTL = 86379
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] No URL authentication level found...
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] PORTAL.mydomain.com: Apply default rule
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] removing cookie
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Cookies -> llnglanguage=it; cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] CookieName -> cookiename_test
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] newCookies -> llnglanguage=it;
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] User my_username was granted to access to /saml/singleSignOn?SAMLRequest=hZLdT8IwFMX%2FlaXvsA%2FdgGZbgswlJPgRUB98Mc24QJOtnb23oP%2B93YiKiYGnJqf3tOd32hRFU7d8ammnlvBuAcn7aGqFvN%2FImDWKa4ESuRINIKeKr6Z3Cx4NA94aTbrSNTuxnHcIRDAktWLevMjYW5mEs2gSTkZJEMfj0U2ZxNdFNL6N46IMrpKAeS9g0M1nzNmdCdHCXCEJRU4KomgQhoMweApDHk14FL8yr3AMUgnqXTuiFrnvCwcYDQ9yDVujbTsE63dpfZRqW8NKbtWDyzTTCqE7%2BRxDdRzilTXGrQPZtLWsJDGv1KaCvsqMbUSN0AV%2BdMxyDz%2FK9LuC7jLbgFmB2csKnpeL37hVQ%2F%2BlbTXSErDtErA87TTeV2LyC84GSKwFidQ%2FNaXH1793jPPiUTuMzw6iERcq6BS5Hmz6UU5GKJSuCgdX1%2FowMyDIAZOxwPz8eOXfP5Z%2FAQ%3D%3D&RelayState=https%3A%2F%2FSP1.mydomain.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=G9bJPn8NOnfnL0nu%2FrOOaNfAbmD3icS9MRnLbbgXJ%2FWBz3XbolzwSQP8R3CCgug9%2BeYsXb8u617eUXJelz4pgOw%2FgSo4GHiaxhwIuhHZFgnrf%2F1vjijq4j4nKPUOVBULqFAFl5w4NnEdT%2BWDs719jzsotHraC0ASjJsheOn2Gwq8v%2B7KTD8a5SFw5s085deGM3xRl85vQxfD7OWQjiY2lk%2FymMmJ25tuI9ua5%2BfpUqQAh5lGcwK4rVVXYPVP8%2FXViKDviehaKDbh%2FL818WgROiJ%2FqChU5L1H3WlFgOMpvR16MgKEyvlBLIMjv1o7Fk88feXEZ%2Fp%2B%2Bcod%2Bcn6r8u0sgsIcejoyBHwzlO%2B8bFYFmohZY1J4XaZjuLJVuGdQyrHwDXSTFkH2mzpR9aRh2CyX780vPtEFPoWnL3qGk6miU5e8WSupsGO%2FYmiR2c93axzK29ClGe8UEPaNnzEIRUH0%2FAljOHDGe352IYV9nxv1vhZeRmh7ZdsGRvb7AKRR5rcrywzioVZZQQ3e1T9bJgoLti%2B%2BfgnzOkMOMEUgU9RM9DQA07LMoqAq2WCW%2B1SKGIedZT0IqYruzq%2BcshE8s3JGsgC12eTZlZK0pCCJ4UnL6auEIaIoHW8Huw0UIs0rusZeo3EdKcJ9bqjP9rhrB0ldnd2Q7t5v91EYmKcNs9UPck%3D
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Start routing saml
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing _forAuthUser
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Cleaning pdata
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing importHandlerData
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing controlUrl
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Launching ::Plugins::CDA::changeUrldc
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Launching ::Password::LDAP::_modifyPassword
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] URL /saml/singleSignOn?SAMLRequest=hZLdT8IwFMX/laXvsA/dgGZbgswlJPgRUB98Mc24QJOtnb23oP+93YiKiYGnJqf3tOd32hRFU7d8ammnlvBuAcn7aGqFvN/ImDWKa4ESuRINIKeKr6Z3Cx4NA94aTbrSNTuxnHcIRDAktWLevMjYW5mEs2gSTkZJEMfj0U2ZxNdFNL6N46IMrpKAeS9g0M1nzNmdCdHCXCEJRU4KomgQhoMweApDHk14FL8yr3AMUgnqXTuiFrnvCwcYDQ9yDVujbTsE63dpfZRqW8NKbtWDyzTTCqE7+RxDdRzilTXGrQPZtLWsJDGv1KaCvsqMbUSN0AV+dMxyDz/K9LuC7jLbgFmB2csKnpeL37hVQ/+lbTXSErDtErA87TTeV2LyC84GSKwFidQ/NaXH1793jPPiUTuMzw6iERcq6BS5Hmz6UU5GKJSuCgdX1/owMyDIAZOxwPz8eOXfP5Z/AQ==&RelayState=https://SP1.mydomain.com/&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=G9bJPn8NOnfnL0nu/rOOaNfAbmD3icS9MRnLbbgXJ/WBz3XbolzwSQP8R3CCgug9+eYsXb8u617eUXJelz4pgOw/gSo4GHiaxhwIuhHZFgnrf/1vjijq4j4nKPUOVBULqFAFl5w4NnEdT+WDs719jzsotHraC0ASjJsheOn2Gwq8v+7KTD8a5SFw5s085deGM3xRl85vQxfD7OWQjiY2lk/ymMmJ25tuI9ua5+fpUqQAh5lGcwK4rVVXYPVP8/XViKDviehaKDbh/L818WgROiJ/qChU5L1H3WlFgOMpvR16MgKEyvlBLIMjv1o7Fk88feXEZ/p++cod+cn6r8u0sgsIcejoyBHwzlO+8bFYFmohZY1J4XaZjuLJVuGdQyrHwDXSTFkH2mzpR9aRh2CyX780vPtEFPoWnL3qGk6miU5e8WSupsGO/YmiR2c93axzK29ClGe8UEPaNnzEIRUH0/AljOHDGe352IYV9nxv1vhZeRmh7ZdsGRvb7AKRR5rcrywzioVZZQQ3e1T9bJgoLti++fgnzOkMOMEUgU9RM9DQA07LMoqAq2WCW+1SKGIedZT0IqYruzq+cshE8s3JGsgC12eTZlZK0pCCJ4UnL6auEIaIoHW8Huw0UIs0rusZeo3EdKcJ9bqjP9rhrB0ldnd2Q7t5v91EYmKcNs9UPck= detected as an SSO request URL
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SAML method: HTTP-REDIRECT
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] HTTP-REDIRECT: SAML Request SAMLRequest=hZLdT8IwFMX%2FlaXvsA%2FdgGZbgswlJPgRUB98Mc24QJOtnb23oP%2B93YiKiYGnJqf3tOd32hRFU7d8ammnlvBuAcn7aGqFvN%2FImDWKa4ESuRINIKeKr6Z3Cx4NA94aTbrSNTuxnHcIRDAktWLevMjYW5mEs2gSTkZJEMfj0U2ZxNdFNL6N46IMrpKAeS9g0M1nzNmdCdHCXCEJRU4KomgQhoMweApDHk14FL8yr3AMUgnqXTuiFrnvCwcYDQ9yDVujbTsE63dpfZRqW8NKbtWDyzTTCqE7%2BRxDdRzilTXGrQPZtLWsJDGv1KaCvsqMbUSN0AV%2BdMxyDz%2FK9LuC7jLbgFmB2csKnpeL37hVQ%2F%2BlbTXSErDtErA87TTeV2LyC84GSKwFidQ%2FNaXH1793jPPiUTuMzw6iERcq6BS5Hmz6UU5GKJSuCgdX1%2FowMyDIAZOxwPz8eOXfP5Z%2FAQ%3D%3D&RelayState=https%3A%2F%2FSP1.mydomain.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=G9bJPn8NOnfnL0nu%2FrOOaNfAbmD3icS9MRnLbbgXJ%2FWBz3XbolzwSQP8R3CCgug9%2BeYsXb8u617eUXJelz4pgOw%2FgSo4GHiaxhwIuhHZFgnrf%2F1vjijq4j4nKPUOVBULqFAFl5w4NnEdT%2BWDs719jzsotHraC0ASjJsheOn2Gwq8v%2B7KTD8a5SFw5s085deGM3xRl85vQxfD7OWQjiY2lk%2FymMmJ25tuI9ua5%2BfpUqQAh5lGcwK4rVVXYPVP8%2FXViKDviehaKDbh%2FL818WgROiJ%2FqChU5L1H3WlFgOMpvR16MgKEyvlBLIMjv1o7Fk88feXEZ%2Fp%2B%2Bcod%2Bcn6r8u0sgsIcejoyBHwzlO%2B8bFYFmohZY1J4XaZjuLJVuGdQyrHwDXSTFkH2mzpR9aRh2CyX780vPtEFPoWnL3qGk6miU5e8WSupsGO%2FYmiR2c93axzK29ClGe8UEPaNnzEIRUH0%2FAljOHDGe352IYV9nxv1vhZeRmh7ZdsGRvb7AKRR5rcrywzioVZZQQ3e1T9bJgoLti%2B%2BfgnzOkMOMEUgU9RM9DQA07LMoqAq2WCW%2B1SKGIedZT0IqYruzq%2BcshE8s3JGsgC12eTZlZK0pCCJ4UnL6auEIaIoHW8Huw0UIs0rusZeo3EdKcJ9bqjP9rhrB0ldnd2Q7t5v91EYmKcNs9UPck%3D
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Found entityID https://SP1.mydomain.com/saml/metadata in SAML message
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] https://SP1.mydomain.com/saml/metadata match SP1.mydomain.com SP in configuration
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Signature is valid
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Calling hook samlGotAuthnRequest
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Using AssertionConsumerServiceURL https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [notice] User my_username is authorized to access to SP1.mydomain.com
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] [notice] User my_username is authorized to access to SP1.mydomain.com
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Get NameID format urn:oasis:names:tc:SAML:2.0:nameid-format:transient from request
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Force AllowCreate flag in NameIDgroup2
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SSO: authentication request is valid
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Found ForceAuthn flag with value 0
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Authentication context is urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668079744 in SAML2 date: 2022-11-10T11:29:04Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668166144 in SAML2 date: 2022-11-11T11:29:04Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668079765 in SAML2 date: 2022-11-10T11:29:25Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668166165 in SAML2 date: 2022-11-11T11:29:25Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SSO: assertion is built
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] NameID Format is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] NameID Content is _7C57585F1CFEDA90602B7C3B5B8F1C05
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SAML2 attribute uid will be set with uid session key (https://SP1.mydomain.com/saml/metadata)
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Decode UTF8 value my_username
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Create attribute value my_username
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Push my_username in SAML attribute uid
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Set sessionIndex e0eaf29f16feef17ccc00305d52e4c5f8f66168679d37234e1d9a204cbf84d7c (linked to session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5)
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668166144 in SAML2 date: 2022-11-11T11:29:04Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Set sessionNotOnOrAfter 2022-11-11T11:29:04Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SSO response signature according to metadata
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [notice] SAML authentication response sent to SAML SP SP1.mydomain.com for my_username with transient NameID _7C57585F1CFEDA90602B7C3B5B8F1C05
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] [notice] SAML authentication response sent to SAML SP SP1.mydomain.com for my_username with transient NameID _7C57585F1CFEDA90602B7C3B5B8F1C05
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Calling hook samlBuildAuthnResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SSO: authentication response is built
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Save Lasso session in session
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Update session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Update sessionInfo _lassoSessionDumpI
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Dump: $VAR1 = '<Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Try to get SSO session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Portal::Main::Run
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Return SSO session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Store NameID <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_7C57585F1CFEDA90602B7C3B5B8F1C05</saml:NameID> and SessionIndex e0eaf29f16feef17ccc00305d52e4c5f8f66168679d37234e1d9a204cbf84d7c for session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Link session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 to SAML session d61965cc17a92d10c3a4f693b4f0a99a7038a0379a2cde0458b53250cbb6deba
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing autoPost
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Delete all hidden values
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Store PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfRTQxODA4QTUwMThCM0Y0OUM4MUIwQTExQzBDQkFGOTQiIEluUmVzcG9uc2VUbz0iX0Y2MUMyOTE5NzYwNTU4N0JGNjU0RDI4RTU1REYwMzYwIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMi0xMS0xMFQxMToyOToyNVoiIERlc3RpbmF0aW9uPSJodHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvcG9zdFJlc3BvbnNlIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hdXRoMi53aWRlZ3JvdXAuZXUvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CjxTaWduZWRJbmZvPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgo8UmVmZXJlbmNlIFVSST0iI19FNDE4MDhBNTAxOEIzRjQ5QzgxQjBBMTFDMENCQUY5NCI+CjxUcmFuc2Zvcm1zPgo8VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPERpZ2VzdFZhbHVlPlRSa2hCQnNxeVBDOE8xR0dLRHF1ZWhrZnQ3NThWanZEK1ZNbEYwVW9NL2c9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4KPFNpZ25hdHVyZVZhbHVlPm8zcVdoaDVrRzlxRjBxS0tuQ3E3andSaWVzRjJEYm1zK2hmamlFb0xZSExSd1BrUmozVUx5Qk0zUUQ0WDVwc2EKTVlYVXpGd2NaV1BHclFaV2JmejBETDhMemZnN1FVYWh2d0JIUkh1dzhsNXlNVnBiWUM0TVlkQzhIb2tXcWxqNApxcVlSeS81cGV5Z1dBM0JQQnBXVk94eUEra0tWWVRPL21tZmFzckI5L2hFTkF6REV6UjdraTJQWllBV1JzRXlnCkdBd0h4MzBLdzgwSkVIYUFmclgwVFZhSkVjSWJOdFpzOUd5UEF3Q2oxSFdrTko4YTJFOUE1UkgrMUZzWkI2S1EKQTllTzJZSEpDMTB0MDhKbHdHTTRzR1lsc2pFbFBTWjBTdCs5bnpwc0JVTUxjVTR3WFlvOGlYYTNnazB1endlOApDWGJGU0lCLzBIQW5SNUU0QkdDWEpnPT08L1NpZ25hdHVyZVZhbHVlPgo8S2V5SW5mbz4KPFg1MDlEYXRhPgo8WDUwOUNlcnRpZmljYXRlPk1JSUN0ekNDQVorZ0F3SUJBZ0lGQUlpeEN5NHdEUVlKS29aSWh2Y05BUUVMQlFBd0hURWJNQmtHQTFVRUF3d1MKWVhWMGFESXVkMmxrWldkeWIzVndMbVYxTUI0WERUSXlNRGt3T0RFek5Ua3pObG9YRFRReU1Ea3dNekV6TlRregpObG93SFRFYk1Ca0dBMVVFQXd3U1lYVjBhREl1ZDJsa1pXZHliM1Z3TG1WMU1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTBMNVFQaVJ2OUZCKzlkY0ljSmd5bXRpU3lpMnJKSkhjRmQ0a0pCWDYKWkNPc0RIUTBpRlhvNkd3Z2tYUjVRUlRBTjArcTVtS2FOWFJmdzhRUEV1MVV5NlZtK0JVVTkrTE52N2hrU3E5NQphbzI2bUJXdWViLzVkdG1ZSUswRUpZOThnRjVFYk9sOXNJeVBSQjZkcWIrbkpZQzQycHNDZ2FMK3RpdjZBZnFrCncrektyOWUxZThLaVNSbXB6bW1FNDVzSitiMzJFSFhVSnNWdjBTNGIwQmtWRVBFSTJ6SHhoTi8zM2dIYUdkUEMKbmxIbUFIMTA0emxFNFB0YlQ5Yk8rUkR0UDdIUGVablNGL09zSnI1UXZIUlI5UVJ3VE1obHgrbzVnNm4yNkFRVQo3dHlBVngxUmkyWVZZZkhVcnRXTmVaV1poVDZwYmtKVWZYbHlLL2pnMkVyNHJRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQjNsamEvWC9SQjVtYXF0L1drU0hvQTdaQktRSk1OLy82dDJsaDdySWRVcWsrUE9BRGIKcEVWZWpvV2l2U1lwMnNycHU0UStKU0paZkZTRkdxQ0tFN2FRb0VReDVVakZjaXhlcHpVVHNPdUY0QzNPbFRMNgpFWEF1NDMvMUc2MW1nakE5c3pVUytsaC9PcTlxTVplMWZOSXk1LzdqeGg1clRTOEhBUVBoeEVoS0d4NFFaVDRrClRYa0p6andOSVFIL3VZZ0wwY0huZzREZCtDUXJwU1MyL2RidWtJdi9ZRUttMGdremFjV091OTlWYnh2TlBSeksKK0ludnVYcTJGajNLQndyM1lvWURTZFUvMjNITHVLOS9CVVVoOGNUZnpnUldsQjFsN0w5MndPbFY5T1QyYllPZApNWGdqYVZHTlVvU3hONHgyVS9NNGlhb1pRUkJWYVVZbzI0TEw8L1g1MDlDZXJ0aWZpY2F0ZT4KPC9YNTA5RGF0YT4KPC9LZXlJbmZvPgo8L1NpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0iMi4wIiBJRD0iXzQwMzgxOEYyMUZCNzRCREJEOEJBOTE3MUVCNEQ5QjZGIiBJc3N1ZUluc3RhbnQ9IjIwMjItMTEtMTBUMTE6Mjk6MjVaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hdXRoMi53aWRlZ3JvdXAuZXUvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CjxTaWduZWRJbmZvPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgo8UmVmZXJlbmNlIFVSST0iI180MDM4MThGMjFGQjc0QkRCRDhCQTkxNzFFQjREOUI2RiI+CjxUcmFuc2Zvcm1zPgo8VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPERpZ2VzdFZhbHVlPi9DT1VoMnVMZDdVOEtlRnlNTy9PK2lLYjIrWVZUWEJLVDhMQSswNW9rODQ9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4KPFNpZ25hdHVyZVZhbHVlPnl1c2x1QlNCRVJ4dHNwRFI1bmVHN214K3RkK2Z0YTZTYmVjUjc1N2xqOHNSVmhPY3lpRU5nMExSWkhRNGFTSzMKQ3dCQldIbGxGNWV6ZkpiVFNKbUdWZlA3OE54dzFyUG5mbXJvL0xQY2lVYnhKdUpKNy8xRFM3d2dzTUMwc2dIeAppQld3QWxLbG9wajA1c3FCcGNVaTFDZC9Nay8vcURqWW1jTnlpME5QNysrQVNoV0R2WStUSkVQTG4zcC8yU0orCjdjUUEvd21USjRnRGxPeHF0Mm8yQzJJZHNBQzRxcW9KYXR4Wm9IVzJLMFUwRENQVFlJY3RjdkM2c3ZQVDNiKzUKdmxsS3J2M1Nld1c5YXBNZktHbDdCWmRGdlRSeVVaWEhRcncyMnp2NnBSYUpFNENaMHA3Rm10eTZiZWZ1b214bQp2Zy9BMzM4cjIreVQrcUl6cE8zL1l3PT08L1NpZ25hdHVyZVZhbHVlPgo8S2V5SW5mbz4KPFg1MDlEYXRhPgo8WDUwOUNlcnRpZmljYXRlPk1JSUN0ekNDQVorZ0F3SUJBZ0lGQUlpeEN5NHdEUVlKS29aSWh2Y05BUUVMQlFBd0hURWJNQmtHQTFVRUF3d1MKWVhWMGFESXVkMmxrWldkeWIzVndMbVYxTUI0WERUSXlNRGt3T0RFek5Ua3pObG9YRFRReU1Ea3dNekV6TlRregpObG93SFRFYk1Ca0dBMVVFQXd3U1lYVjBhREl1ZDJsa1pXZHliM1Z3TG1WMU1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTBMNVFQaVJ2OUZCKzlkY0ljSmd5bXRpU3lpMnJKSkhjRmQ0a0pCWDYKWkNPc0RIUTBpRlhvNkd3Z2tYUjVRUlRBTjArcTVtS2FOWFJmdzhRUEV1MVV5NlZtK0JVVTkrTE52N2hrU3E5NQphbzI2bUJXdWViLzVkdG1ZSUswRUpZOThnRjVFYk9sOXNJeVBSQjZkcWIrbkpZQzQycHNDZ2FMK3RpdjZBZnFrCncrektyOWUxZThLaVNSbXB6bW1FNDVzSitiMzJFSFhVSnNWdjBTNGIwQmtWRVBFSTJ6SHhoTi8zM2dIYUdkUEMKbmxIbUFIMTA0emxFNFB0YlQ5Yk8rUkR0UDdIUGVablNGL09zSnI1UXZIUlI5UVJ3VE1obHgrbzVnNm4yNkFRVQo3dHlBVngxUmkyWVZZZkhVcnRXTmVaV1poVDZwYmtKVWZYbHlLL2pnMkVyNHJRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQjNsamEvWC9SQjVtYXF0L1drU0hvQTdaQktRSk1OLy82dDJsaDdySWRVcWsrUE9BRGIKcEVWZWpvV2l2U1lwMnNycHU0UStKU0paZkZTRkdxQ0tFN2FRb0VReDVVakZjaXhlcHpVVHNPdUY0QzNPbFRMNgpFWEF1NDMvMUc2MW1nakE5c3pVUytsaC9PcTlxTVplMWZOSXk1LzdqeGg1clRTOEhBUVBoeEVoS0d4NFFaVDRrClRYa0p6andOSVFIL3VZZ0wwY0huZzREZCtDUXJwU1MyL2RidWtJdi9ZRUttMGdremFjV091OTlWYnh2TlBSeksKK0ludnVYcTJGajNLQndyM1lvWURTZFUvMjNITHVLOS9CVVVoOGNUZnpnUldsQjFsN0w5MndPbFY5T1QyYllPZApNWGdqYVZHTlVvU3hONHgyVS9NNGlhb1pRUkJWYVVZbzI0TEw8L1g1MDlDZXJ0aWZpY2F0ZT4KPC9YNTA5RGF0YT4KPC9LZXlJbmZvPgo8L1NpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+XzdDNTc1ODVGMUNGRURBOTA2MDJCN0MzQjVCOEYxQzA1PC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjI5OjI1WiIgUmVjaXBpZW50PSJodHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvcG9zdFJlc3BvbnNlIiBJblJlc3BvbnNlVG89Il9GNjFDMjkxOTc2MDU1ODdCRjY1NEQyOEU1NURGMDM2MCIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDIyLTExLTEwVDExOjI4OjI1WiIgTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjMwOjI1WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvbWV0YWRhdGE8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIyLTExLTEwVDExOjI5OjA0WiIgU2Vzc2lvbkluZGV4PSJlMGVhZjI5ZjE2ZmVlZjE3Y2NjMDAzMDVkNTJlNGM1ZjhmNjYxNjg2NzlkMzcyMzRlMWQ5YTIwNGNiZjg0ZDdjIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjI5OjA0WiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiBGcmllbmRseU5hbWU9InVpZCI+PHNhbWw6QXR0cmlidXRlVmFsdWU+YW5kcmVhLnBhc3N1ZWxsbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== in hidden key SAMLResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Store https://SP1.mydomain.com/ in hidden key RelayState
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Returned status: -2 (PE_REDIRECT)
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Skin returned: redirect
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Calling sendHtml with template redirect
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/myskin/redirect.tpl
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Sending /usr/share/lemonldap-ng/portal/templates/myskin/redirect.tpl
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Apply following CORS group2:
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Allow-Origin
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] *
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Allow-Credentials
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] true
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Allow-Headers
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] *
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Allow-Methods
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] POST,GET
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Expose-Headers
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] *
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Max-Age
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] 86400
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Required urldc: https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Set CSP form-action with urldc: https://SP1.mydomain.com
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Required Params URL: https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Set CSP form-action with Params URL: https://SP1.mydomain.com
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://SP1.mydomain.com https://SP1.mydomain.com;frame-ancestors 'none';
**STEP 3**
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Get configuration from cache without verification.
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] VH PORTAL.mydomain.com is HTTPS
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler::Main::Run
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Check session validity from Handler
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Session timeout -> 86400
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Session _utime -> 1668079744
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] now -> 1668079786
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Session timeoutActivityInterval -> 60
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Session TTL = 86358
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] No URL authentication level found...
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] PORTAL.mydomain.com: Apply default rule
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] removing cookie
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Cookies -> llnglanguage=it; cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] CookieName -> cookiename_test
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] newCookies -> llnglanguage=it;
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] User my_username was granted to access to /saml/singleSignOn?SAMLRequest=hZLdT8IwFMX%2FlaXvsA8nkWYjgX0kJKgE1AdfTDMu0GRrZ%2B8t6H9vN6JiYuCpyek97fmdNkHR1C2fWtqrFbxbQPI%2Bmloh7zdSZo3iWqBErkQDyKni6%2Bn9gkfDgLdGk650zc4slx0CEQxJrZg3z1P2dpcVN0FRTIs4i8tRmAdhVpbjMC7K2WhWZDHzXsCgm0%2BZszsTooW5QhKKnBRE0SAMB2HwFIY8GvP49pV5uWOQSlDv2hO1yH1fOMBoeJQb2Blt2yFYv0vro1S7GtZypx5dpkwrhO7kSwzVaYhX1hi3DmTT1rKSxLxSmwr6KlO2FTVCF3jpmOUBfpTpdwXdZbYBswZzkBU8rxa%2FcauG%2FkvbaqQVYNslYJOk03hfiZlccTZAYiNIJP65KTm9%2FoNjnOdL7TA%2BO4hGXKmgU%2BRmsO1HORmhULoqHFxd62NmQJADJmOB%2BZPTlX%2F%2F2OQL&RelayState=https%3A%2F%2FSP1.mydomain.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=VsojqXho%2BJW6F3%2BbBKlF5B%2FKzDiN7KCeO1INq1GpMfl4abW5tRr6kYOKigqzVsYaNQnjrfPSm9lCJCM%2FbeXZCgNNCaO7YmQ4gsnrASh16IsL7%2Bsev85JvrH1v1oZL7QYiGEI9tRhRSzanL3yW4%2BCWMjjypjcfNs7uleD7%2FcAl9ikGivDPuSbkIif6ZjvDtOa85FedfpeHSTynvIWq89MU5YxJQsMEFLtvsyTJtMjyKsjtGur0Tc9ncVpeW5Ns5IbZXh%2Bc2ymQhM5t8K%2Fu8u8jrA2XxcDJuA0YhmWYfSYFyLDoEkvvthJ4mXTuWu2cjL%2B5xlKLY6%2BJOPzbkc%2BlaDWTEhFwm8OkuABS7U9k%2Fnv1EDWB7C0XsHOg53VnHbo8QUJvVvpdZuUBz1w1u7klILb%2BTFlt3ZytiyWgLWalb2s5TRVx5OxfhEvgeM8b5tXf1INjnWl18ockHqEFUXdVOrWDqwyx0UtetebWe%2BAw7brQjlt%2F8q0f1p5fJta5O5wORGwC%2B1%2F6QbCNyzwy6B32i5UHYTMqxsHvLVwHRjy9bqG2H2gDbfImmnDU8Tq1NpMHv6CS3LAEe0kFdu3gaemeylgXgtBLMePwhJ%2FeWlb1E4bIrbsC36GFNAZgl0Z%2FptEH05YVkOE1grA0vGJaifAgTmdYZbnDTBPw2iAuMjDVoFiAGg%3D
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Start routing saml
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing _forAuthUser
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Cleaning pdata
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing importHandlerData
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing controlUrl
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Launching ::Plugins::CDA::changeUrldc
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Launching ::Password::LDAP::_modifyPassword
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] URL /saml/singleSignOn?SAMLRequest=hZLdT8IwFMX/laXvsA8nkWYjgX0kJKgE1AdfTDMu0GRrZ+8t6H9vN6JiYuCpyek97fmdNkHR1C2fWtqrFbxbQPI+mloh7zdSZo3iWqBErkQDyKni6+n9gkfDgLdGk650zc4slx0CEQxJrZg3z1P2dpcVN0FRTIs4i8tRmAdhVpbjMC7K2WhWZDHzXsCgm0+ZszsTooW5QhKKnBRE0SAMB2HwFIY8GvP49pV5uWOQSlDv2hO1yH1fOMBoeJQb2Blt2yFYv0vro1S7GtZypx5dpkwrhO7kSwzVaYhX1hi3DmTT1rKSxLxSmwr6KlO2FTVCF3jpmOUBfpTpdwXdZbYBswZzkBU8rxa/cauG/kvbaqQVYNslYJOk03hfiZlccTZAYiNIJP65KTm9/oNjnOdL7TA+O4hGXKmgU+RmsO1HORmhULoqHFxd62NmQJADJmOB+ZPTlX//2OQL&RelayState=https://SP1.mydomain.com/&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=VsojqXho+JW6F3+bBKlF5B/KzDiN7KCeO1INq1GpMfl4abW5tRr6kYOKigqzVsYaNQnjrfPSm9lCJCM/beXZCgNNCaO7YmQ4gsnrASh16IsL7+sev85JvrH1v1oZL7QYiGEI9tRhRSzanL3yW4+CWMjjypjcfNs7uleD7/cAl9ikGivDPuSbkIif6ZjvDtOa85FedfpeHSTynvIWq89MU5YxJQsMEFLtvsyTJtMjyKsjtGur0Tc9ncVpeW5Ns5IbZXh+c2ymQhM5t8K/u8u8jrA2XxcDJuA0YhmWYfSYFyLDoEkvvthJ4mXTuWu2cjL+5xlKLY6+JOPzbkc+laDWTEhFwm8OkuABS7U9k/nv1EDWB7C0XsHOg53VnHbo8QUJvVvpdZuUBz1w1u7klILb+TFlt3ZytiyWgLWalb2s5TRVx5OxfhEvgeM8b5tXf1INjnWl18ockHqEFUXdVOrWDqwyx0UtetebWe+Aw7brQjlt/8q0f1p5fJta5O5wORGwC+1/6QbCNyzwy6B32i5UHYTMqxsHvLVwHRjy9bqG2H2gDbfImmnDU8Tq1NpMHv6CS3LAEe0kFdu3gaemeylgXgtBLMePwhJ/eWlb1E4bIrbsC36GFNAZgl0Z/ptEH05YVkOE1grA0vGJaifAgTmdYZbnDTBPw2iAuMjDVoFiAGg= detected as an SSO request URL
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SAML method: HTTP-REDIRECT
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] HTTP-REDIRECT: SAML Request SAMLRequest=hZLdT8IwFMX%2FlaXvsA8nkWYjgX0kJKgE1AdfTDMu0GRrZ%2B8t6H9vN6JiYuCpyek97fmdNkHR1C2fWtqrFbxbQPI%2Bmloh7zdSZo3iWqBErkQDyKni6%2Bn9gkfDgLdGk650zc4slx0CEQxJrZg3z1P2dpcVN0FRTIs4i8tRmAdhVpbjMC7K2WhWZDHzXsCgm0%2BZszsTooW5QhKKnBRE0SAMB2HwFIY8GvP49pV5uWOQSlDv2hO1yH1fOMBoeJQb2Blt2yFYv0vro1S7GtZypx5dpkwrhO7kSwzVaYhX1hi3DmTT1rKSxLxSmwr6KlO2FTVCF3jpmOUBfpTpdwXdZbYBswZzkBU8rxa%2FcauG%2FkvbaqQVYNslYJOk03hfiZlccTZAYiNIJP65KTm9%2FoNjnOdL7TA%2BO4hGXKmgU%2BRmsO1HORmhULoqHFxd62NmQJADJmOB%2BZPTlX%2F%2F2OQL&RelayState=https%3A%2F%2FSP1.mydomain.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=VsojqXho%2BJW6F3%2BbBKlF5B%2FKzDiN7KCeO1INq1GpMfl4abW5tRr6kYOKigqzVsYaNQnjrfPSm9lCJCM%2FbeXZCgNNCaO7YmQ4gsnrASh16IsL7%2Bsev85JvrH1v1oZL7QYiGEI9tRhRSzanL3yW4%2BCWMjjypjcfNs7uleD7%2FcAl9ikGivDPuSbkIif6ZjvDtOa85FedfpeHSTynvIWq89MU5YxJQsMEFLtvsyTJtMjyKsjtGur0Tc9ncVpeW5Ns5IbZXh%2Bc2ymQhM5t8K%2Fu8u8jrA2XxcDJuA0YhmWYfSYFyLDoEkvvthJ4mXTuWu2cjL%2B5xlKLY6%2BJOPzbkc%2BlaDWTEhFwm8OkuABS7U9k%2Fnv1EDWB7C0XsHOg53VnHbo8QUJvVvpdZuUBz1w1u7klILb%2BTFlt3ZytiyWgLWalb2s5TRVx5OxfhEvgeM8b5tXf1INjnWl18ockHqEFUXdVOrWDqwyx0UtetebWe%2BAw7brQjlt%2F8q0f1p5fJta5O5wORGwC%2B1%2F6QbCNyzwy6B32i5UHYTMqxsHvLVwHRjy9bqG2H2gDbfImmnDU8Tq1NpMHv6CS3LAEe0kFdu3gaemeylgXgtBLMePwhJ%2FeWlb1E4bIrbsC36GFNAZgl0Z%2FptEH05YVkOE1grA0vGJaifAgTmdYZbnDTBPw2iAuMjDVoFiAGg%3D
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Lasso Session loaded
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Found entityID https://SP1.mydomain.com/saml/metadata in SAML message
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] https://SP1.mydomain.com/saml/metadata match SP1.mydomain.com SP in configuration
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Signature is valid
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Calling hook samlGotAuthnRequest
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Using AssertionConsumerServiceURL https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [notice] User my_username is authorized to access to SP1.mydomain.com
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] [notice] User my_username is authorized to access to SP1.mydomain.com
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Get NameID format urn:oasis:names:tc:SAML:2.0:nameid-format:transient from request
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Force AllowCreate flag in NameIDgroup2
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SSO: authentication request is valid
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Found ForceAuthn flag with value 0
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Authentication context is urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668079744 in SAML2 date: 2022-11-10T11:29:04Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668166144 in SAML2 date: 2022-11-11T11:29:04Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668079786 in SAML2 date: 2022-11-10T11:29:46Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668166186 in SAML2 date: 2022-11-11T11:29:46Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SSO: assertion is built
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] NameID Format is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] NameID Content is _82BB2826B989215A844782170C929215
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SAML2 attribute uid will be set with uid session key (https://SP1.mydomain.com/saml/metadata)
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Decode UTF8 value my_username
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Create attribute value my_username
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Push my_username in SAML attribute uid
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Set sessionIndex 84305ba43f548a9eb59797e89b6c6e62c4e708fb904ca913a31ae5e4e7c395b6 (linked to session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5)
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668166144 in SAML2 date: 2022-11-11T11:29:04Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Set sessionNotOnOrAfter 2022-11-11T11:29:04Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SSO response signature according to metadata
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [notice] SAML authentication response sent to SAML SP SP1.mydomain.com for my_username with transient NameID _82BB2826B989215A844782170C929215
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] [notice] SAML authentication response sent to SAML SP SP1.mydomain.com for my_username with transient NameID _82BB2826B989215A844782170C929215
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Calling hook samlBuildAuthnResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SSO: authentication response is built
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Save Lasso session in session
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Update session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Update sessionInfo _lassoSessionDumpI
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Dump: $VAR1 = '<Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Try to get SSO session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Portal::Main::Run
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Return SSO session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Store NameID <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_82BB2826B989215A844782170C929215</saml:NameID> and SessionIndex 84305ba43f548a9eb59797e89b6c6e62c4e708fb904ca913a31ae5e4e7c395b6 for session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Link session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 to SAML session 0956b1f44994c7b97587bcb078cd66355c52c267689cf48ab077e8bad5a8e2b1
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing autoPost
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Delete all hidden values
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Store PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfOUI1QTc1Q0M4N0M4NTI5MjA5NjE2Q0U0MDVEMkE0RTgiIEluUmVzcG9uc2VUbz0iXzhDRTMwRUVBRTRDNEY2MUQwMUNGRjkxNEVGQjZCRUM0IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMi0xMS0xMFQxMToyOTo0NloiIERlc3RpbmF0aW9uPSJodHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvcG9zdFJlc3BvbnNlIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hdXRoMi53aWRlZ3JvdXAuZXUvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CjxTaWduZWRJbmZvPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgo8UmVmZXJlbmNlIFVSST0iI185QjVBNzVDQzg3Qzg1MjkyMDk2MTZDRTQwNUQyQTRFOCI+CjxUcmFuc2Zvcm1zPgo8VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPERpZ2VzdFZhbHVlPk4vNXA4eEFmZkVwMWRlSEVSZ1VBcS9RUlE1NExPczh3S1ZxTm5EWkhQemM9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4KPFNpZ25hdHVyZVZhbHVlPkFMeEhqMWI4c1p4NFVZcVI5eWwxTm1LN0FDYTlUK2ErZHJSQXVOK2NweEpJVUtLWEdLVnlJVkZwZHJ5VWo4bkkKMDRINTNIcTZUQmlJS0ZLNmpSajR2MVNNS042dTNwU1VtZ3BnK2E3OFEwVWhGRUtFK3hlbmNtTWtQYk5NOE1FWQptRnZqR0ViYXpHVGpuTVJxeEJ6TzhHemNLM2VKL21NMGpMU0g1aGQ2MG05TW9SWmI3aWo0ZVUrU0VNOUVMaWNvCkhwUWNZengzcW82M3B4NzliM1BmczhYZ3pJbTRSWEFQbWMzMzFOTi9mZmpGVTcwU2tHZkFPU1VmQklYbnNEdTgKTStCUVdZTWZrMXVLRUhVdXdDWFRpZS9IWUo2UHZEQzQxYjUyTklyLzFzYWVFK1B1VC8xUVdvTnMwYTY4djYvVgpVSG9QYSs3QTRFQ2lyaU9jRkl2MjZRPT08L1NpZ25hdHVyZVZhbHVlPgo8S2V5SW5mbz4KPFg1MDlEYXRhPgo8WDUwOUNlcnRpZmljYXRlPk1JSUN0ekNDQVorZ0F3SUJBZ0lGQUlpeEN5NHdEUVlKS29aSWh2Y05BUUVMQlFBd0hURWJNQmtHQTFVRUF3d1MKWVhWMGFESXVkMmxrWldkeWIzVndMbVYxTUI0WERUSXlNRGt3T0RFek5Ua3pObG9YRFRReU1Ea3dNekV6TlRregpObG93SFRFYk1Ca0dBMVVFQXd3U1lYVjBhREl1ZDJsa1pXZHliM1Z3TG1WMU1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTBMNVFQaVJ2OUZCKzlkY0ljSmd5bXRpU3lpMnJKSkhjRmQ0a0pCWDYKWkNPc0RIUTBpRlhvNkd3Z2tYUjVRUlRBTjArcTVtS2FOWFJmdzhRUEV1MVV5NlZtK0JVVTkrTE52N2hrU3E5NQphbzI2bUJXdWViLzVkdG1ZSUswRUpZOThnRjVFYk9sOXNJeVBSQjZkcWIrbkpZQzQycHNDZ2FMK3RpdjZBZnFrCncrektyOWUxZThLaVNSbXB6bW1FNDVzSitiMzJFSFhVSnNWdjBTNGIwQmtWRVBFSTJ6SHhoTi8zM2dIYUdkUEMKbmxIbUFIMTA0emxFNFB0YlQ5Yk8rUkR0UDdIUGVablNGL09zSnI1UXZIUlI5UVJ3VE1obHgrbzVnNm4yNkFRVQo3dHlBVngxUmkyWVZZZkhVcnRXTmVaV1poVDZwYmtKVWZYbHlLL2pnMkVyNHJRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQjNsamEvWC9SQjVtYXF0L1drU0hvQTdaQktRSk1OLy82dDJsaDdySWRVcWsrUE9BRGIKcEVWZWpvV2l2U1lwMnNycHU0UStKU0paZkZTRkdxQ0tFN2FRb0VReDVVakZjaXhlcHpVVHNPdUY0QzNPbFRMNgpFWEF1NDMvMUc2MW1nakE5c3pVUytsaC9PcTlxTVplMWZOSXk1LzdqeGg1clRTOEhBUVBoeEVoS0d4NFFaVDRrClRYa0p6andOSVFIL3VZZ0wwY0huZzREZCtDUXJwU1MyL2RidWtJdi9ZRUttMGdremFjV091OTlWYnh2TlBSeksKK0ludnVYcTJGajNLQndyM1lvWURTZFUvMjNITHVLOS9CVVVoOGNUZnpnUldsQjFsN0w5MndPbFY5T1QyYllPZApNWGdqYVZHTlVvU3hONHgyVS9NNGlhb1pRUkJWYVVZbzI0TEw8L1g1MDlDZXJ0aWZpY2F0ZT4KPC9YNTA5RGF0YT4KPC9LZXlJbmZvPgo8L1NpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0iMi4wIiBJRD0iXzU0NTFDNDdEMjY5NzVBM0YxMThDQjY5MjRBRThDOTQ1IiBJc3N1ZUluc3RhbnQ9IjIwMjItMTEtMTBUMTE6Mjk6NDZaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hdXRoMi53aWRlZ3JvdXAuZXUvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CjxTaWduZWRJbmZvPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgo8UmVmZXJlbmNlIFVSST0iI181NDUxQzQ3RDI2OTc1QTNGMTE4Q0I2OTI0QUU4Qzk0NSI+CjxUcmFuc2Zvcm1zPgo8VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPERpZ2VzdFZhbHVlPldMbnBnZ3pDN2NSSDF3UWw0RmNzQUlzcXB1RElQWnh3TzVCaGh5MjNVY3c9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4KPFNpZ25hdHVyZVZhbHVlPlpWM24zcndZOUpMU2lKbEhYV1BtRXVLaWxOQTNNLzQwdXRLQjdTa05iNy9mZEJ4K3lWOWpsL2ttbkhmTWFsK3cKbmpEczgybUYrUjdZRVpGS0dGWURTcU5EQlQ5aDBNK1YwdjdzZ0ZCZExXMU8yNklvMFJ1UU8zUnMybmlXeTQ4eQpucU1xRS8zUitEOFkrSnorT0dtWHJXL1NWYWxZMUtxVFdCQlN0ZHQyODhjK1hUVzh3MGtBZlVBR3FqcW05dWlJCjZSOFAxU3gyVDBvTU9jZjM0TWhNMkM1TFVycmlBRlNYSGlWUFU0UnZldSs2ZDdTMDg5dkRDSXFHRWJ2TlFOd1kKVlZmOEx0QTgrK0dBQXJxeTdPS2xNVVMvUVRlM25ObjhPeTJGaHZ2SnZDaXBSWjAxQnRoSDIwanhYNS9oUzlrUApJSDhaVGlyQnBJdDd3S3d1VzNDSUhRPT08L1NpZ25hdHVyZVZhbHVlPgo8S2V5SW5mbz4KPFg1MDlEYXRhPgo8WDUwOUNlcnRpZmljYXRlPk1JSUN0ekNDQVorZ0F3SUJBZ0lGQUlpeEN5NHdEUVlKS29aSWh2Y05BUUVMQlFBd0hURWJNQmtHQTFVRUF3d1MKWVhWMGFESXVkMmxrWldkeWIzVndMbVYxTUI0WERUSXlNRGt3T0RFek5Ua3pObG9YRFRReU1Ea3dNekV6TlRregpObG93SFRFYk1Ca0dBMVVFQXd3U1lYVjBhREl1ZDJsa1pXZHliM1Z3TG1WMU1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTBMNVFQaVJ2OUZCKzlkY0ljSmd5bXRpU3lpMnJKSkhjRmQ0a0pCWDYKWkNPc0RIUTBpRlhvNkd3Z2tYUjVRUlRBTjArcTVtS2FOWFJmdzhRUEV1MVV5NlZtK0JVVTkrTE52N2hrU3E5NQphbzI2bUJXdWViLzVkdG1ZSUswRUpZOThnRjVFYk9sOXNJeVBSQjZkcWIrbkpZQzQycHNDZ2FMK3RpdjZBZnFrCncrektyOWUxZThLaVNSbXB6bW1FNDVzSitiMzJFSFhVSnNWdjBTNGIwQmtWRVBFSTJ6SHhoTi8zM2dIYUdkUEMKbmxIbUFIMTA0emxFNFB0YlQ5Yk8rUkR0UDdIUGVablNGL09zSnI1UXZIUlI5UVJ3VE1obHgrbzVnNm4yNkFRVQo3dHlBVngxUmkyWVZZZkhVcnRXTmVaV1poVDZwYmtKVWZYbHlLL2pnMkVyNHJRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQjNsamEvWC9SQjVtYXF0L1drU0hvQTdaQktRSk1OLy82dDJsaDdySWRVcWsrUE9BRGIKcEVWZWpvV2l2U1lwMnNycHU0UStKU0paZkZTRkdxQ0tFN2FRb0VReDVVakZjaXhlcHpVVHNPdUY0QzNPbFRMNgpFWEF1NDMvMUc2MW1nakE5c3pVUytsaC9PcTlxTVplMWZOSXk1LzdqeGg1clRTOEhBUVBoeEVoS0d4NFFaVDRrClRYa0p6andOSVFIL3VZZ0wwY0huZzREZCtDUXJwU1MyL2RidWtJdi9ZRUttMGdremFjV091OTlWYnh2TlBSeksKK0ludnVYcTJGajNLQndyM1lvWURTZFUvMjNITHVLOS9CVVVoOGNUZnpnUldsQjFsN0w5MndPbFY5T1QyYllPZApNWGdqYVZHTlVvU3hONHgyVS9NNGlhb1pRUkJWYVVZbzI0TEw8L1g1MDlDZXJ0aWZpY2F0ZT4KPC9YNTA5RGF0YT4KPC9LZXlJbmZvPgo8L1NpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+XzgyQkIyODI2Qjk4OTIxNUE4NDQ3ODIxNzBDOTI5MjE1PC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjI5OjQ2WiIgUmVjaXBpZW50PSJodHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvcG9zdFJlc3BvbnNlIiBJblJlc3BvbnNlVG89Il84Q0UzMEVFQUU0QzRGNjFEMDFDRkY5MTRFRkI2QkVDNCIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDIyLTExLTEwVDExOjI4OjQ2WiIgTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjMwOjQ2WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvbWV0YWRhdGE8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIyLTExLTEwVDExOjI5OjA0WiIgU2Vzc2lvbkluZGV4PSI4NDMwNWJhNDNmNTQ4YTllYjU5Nzk3ZTg5YjZjNmU2MmM0ZTcwOGZiOTA0Y2E5MTNhMzFhZTVlNGU3YzM5NWI2IiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjI5OjA0WiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiBGcmllbmRseU5hbWU9InVpZCI+PHNhbWw6QXR0cmlidXRlVmFsdWU+YW5kcmVhLnBhc3N1ZWxsbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== in hidden key SAMLResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Store https://SP1.mydomain.com/ in hidden key RelayState
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Returned status: -2 (PE_REDIRECT)
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Skin returned: redirect
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Calling sendHtml with template redirect
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/myskin/redirect.tpl
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Sending /usr/share/lemonldap-ng/portal/templates/myskin/redirect.tpl
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Apply following CORS group2:
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Allow-Origin
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] *
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Allow-Credentials
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] true
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Allow-Headers
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] *
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Allow-Methods
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] POST,GET
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Expose-Headers
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] *
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Max-Age
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] 86400
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Required urldc: https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Set CSP form-action with urldc: https://SP1.mydomain.com
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Required Params URL: https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Set CSP form-action with Params URL: https://SP1.mydomain.com
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://SP1.mydomain.com https://SP1.mydomain.com;frame-ancestors 'none';
**STEP 4**
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Logger Lemonldap::NG::Common::Logger::Std loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User logger Lemonldap::NG::Common::Logger::Std loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get configuration 246 aged 1667578460
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [info] Loading configuration 246 for process 8057
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls defaultValuesInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options https for vhost PORTAL.mydomain.com: 1
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options https for vhost MANAGER.mydomain.com: 1
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options maintenance for vhost PORTAL.mydomain.com: 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options maintenance for vhost VHOST1.mydomain.com: 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options maintenance for vhost MANAGER.mydomain.com: 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options maintenance for vhost VHOST2.mydomain.com: 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls jailInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls portalInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls locationRulesInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls sessionStorageInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls headersInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls postUrlInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls aliasInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls oPORTALInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Module Lemonldap::NG::Manager::Conf loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route manager.html will use manager
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route virtualHosts added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route samlIDPMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route samlSPMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route applicationList added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route oidcOPMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route oidcRPMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route casSrvMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route casAppMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route authChoiceModules added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route grantSessionRules added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route combModules added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route sfExtra added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route openIdIDPList added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route * added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add POST route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route sendTestMail added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route newCertificate added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route raw added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route newRSAKey added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route * added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add POST route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add PUT route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add PATCH route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route diff.html will use diff
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add POST route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route prx added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Plugin conf loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Module Lemonldap::NG::Manager::Sessions loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route sessions.html will use sessions
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Plugin sessions loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Module Lemonldap::NG::Manager::Notifications loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Use extension "json" to store notification files
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route notifications.html will use notifications
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route actives added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route done added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add POST route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route actives added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add PUT route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Plugin notifications loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Module Lemonldap::NG::Manager::2ndFA loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route 2ndfa.html added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Plugin 2ndFA loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route links added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route psgi.js added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Default module -> Lemonldap::NG::Manager::Conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Default index -> 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] PSGI app is protected
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler::Main::Run
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Check session validity from Handler
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Session timeout -> 86400
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Session _utime -> 1668079744
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] now -> 1668079800
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Session timeoutActivityInterval -> 60
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Session TTL = 86344
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Regexp "Configuration" match
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] newCookies ->
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.html
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Start routing manager.html
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Starting HTML generation using /usr/share/lemonldap-ng/manager/htdocs/templates/manager.tpl
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Sending /usr/share/lemonldap-ng/manager/htdocs/templates/manager.tpl
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Regexp "Configuration" match
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] newCookies ->
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/confs/latest
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Start routing confs
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgNum in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to latest
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgAuthor in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgDate in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgAuthorIP in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgLog in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgVersion in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [info] REST request to get configuration metadata (246)
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Regexp "Configuration" match
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/confs/246/portal
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Start routing confs
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [info] REST request to get configuration key portal
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for portal in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Regexp "Configuration" match
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/confs/246/domain
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Start routing confs
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [info] REST request to get configuration key domain
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for domain in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Get configuration from cache without verification.
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] User my_username was granted to access to /sessions.html
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Start routing sessions.html
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Starting HTML generation using /usr/share/lemonldap-ng/manager/htdocs/templates/sessions.tpl
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Sending /usr/share/lemonldap-ng/manager/htdocs/templates/sessions.tpl
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/sessions/global?groupBy=substr(_whatToTrace,1)
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Start routing sessions
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] First filter: _session_kind = SSO (searchOn)
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Get configuration from cache without verification.
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/sessions/global?_whatToTrace=a*&groupBy=_whatToTrace
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Start routing sessions
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] First filter: _whatToTrace = a* (searchOnExpr)
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Removing unless _whatToTrace =~ /^a*$/
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Removing unless _session_kind =~ /^SSO$/
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Get configuration from cache without verification.
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] VH PORTAL.mydomain.com is HTTPS
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler::Main::Run
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Check session validity from Handler
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Session timeout -> 86400
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Session _utime -> 1668079744
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] now -> 1668079809
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Session timeoutActivityInterval -> 60
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Session TTL = 86335
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] No URL authentication level found...
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] PORTAL.mydomain.com: Apply default rule
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] removing cookie
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Cookies -> llnglanguage=it; cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] CookieName -> cookiename_test
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] newCookies -> llnglanguage=it;
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] User my_username was granted to access to /index.fcgi/
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Start routing default route
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing importHandlerData
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing restoreArgs
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing controlUrl
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing checkLogout
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Launching ::Plugins::CDA::changeUrldc
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Launching ::Password::LDAP::_modifyPassword
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing to JSON response
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] AJAX request from portal, allowing CORS
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/sessions/global?_whatToTrace=my_username
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Start routing sessions
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] First filter: _whatToTrace = my_username (searchOn)
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Removing unless _session_kind =~ /^SSO$/
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Get configuration from cache without verification.
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/sessions/global/39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Start routing sessions
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Common::Session::REST
Is this a misconfiguration problem or am I doing something wrong?
Many thanks.In discussionMaxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2777No key found in JWKS data after OP key rotation2022-08-08T15:20:17ZMaxime BessonNo key found in JWKS data after OP key rotation### Concerned version
Version: %2.0.14
### Summary
When using LemonLDAP::NG as an OIDC client, oidcOPMetaDataOptionsJWKSTimeout does not work correctly
Expected scenario:
* After OIDC key rotation on OP, LemonLDAP should fail for oid...### Concerned version
Version: %2.0.14
### Summary
When using LemonLDAP::NG as an OIDC client, oidcOPMetaDataOptionsJWKSTimeout does not work correctly
Expected scenario:
* After OIDC key rotation on OP, LemonLDAP should fail for oidcOPMetaDataOptionsJWKSTimeout seconds and then fetch the updated JWKS
Actual scenario:
* refreshJWKSdata is only called by Auth::OpenIDConnect::init()
### Possible fixes
Refresh JWKS data in verifyJWTSignature when `kid` is not foundIn discussionhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2748Fix UTF-8 encoding/decoding2024-03-06T08:07:42ZMaxime BessonFix UTF-8 encoding/decodingCreating a global issue for all encoding bugs we intent to fix in 3.0 :
> In order to fully solve this issue, and the one affecting the other backends, I think LLNG should decode() UTF-8 values received by PSGI into proper Unicode stri...Creating a global issue for all encoding bugs we intent to fix in 3.0 :
> In order to fully solve this issue, and the one affecting the other backends, I think LLNG should decode() UTF-8 values received by PSGI into proper Unicode strings, and encode() them before sending the response, this seems to be how PSGI is supposed to work:
>
> https://metacpan.org/pod/release/MIYAGAWA/PSGI-1.10/PSGI/FAQ.pod#I-want-to-send-Unicode-content-in-the-HTTP-response.-How-can-I-do-so
>
> But there are many places in the code where this will have to be done for it to have a globally positive impact on encoding issues. As long as it's not done everywhere, it will only appear to break things
We need to handle properly encoded (UTF-8 data + UTF-8 perl flag) UTF-8 strings in all LLNG methods, and only convert them to latin-1 when doing the PSGI render. Most modules (LDAP/DBI/JSON..) behave correctly when handed correct UTF-8 strings
This require a lot of refactoring and will break compatibility with saved conf/sessions. A migration step will be required when migrating to 3.03.0.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2747Incorrect handling of custom schemes when auto-setting CSP form-action2023-01-10T17:04:57ZBipul BhattaraiIncorrect handling of custom schemes when auto-setting CSP form-actionI have another issue with mobile application(IOS) while submitting form I get "Refused to load fr.test.software.m.prd:///oauth2redirect?session_state=qvIiRZWEPp8JbyH665Q94uAY54jGBaT5gdwoa3HBjHI%3D.RUh1M3FZa3NNYmUzdzQyVldCVmxaamNDK3RKYVpz...I have another issue with mobile application(IOS) while submitting form I get "Refused to load fr.test.software.m.prd:///oauth2redirect?session_state=qvIiRZWEPp8JbyH665Q94uAY54jGBaT5gdwoa3HBjHI%3D.RUh1M3FZa3NNYmUzdzQyVldCVmxaamNDK3RKYVpzUmlIMTNwTEpaRzNpQ1Q5Wm96VzFxdlRQbnp6WDVXelNZa0VXVkRteVNrcVhISVFjeUw4cDdrYmhtaVhrVnZVVG14S0F1em5EUlFsOU09&state=7jPhuLwZjeXuHt0rH8EDbdF0nAW7LKkNTg3MI7UIg7Q&code=6847ad06fa56984ee3f74a8c59eccc0f# because it does not appear in the form-action directive of the Content Security Policy. i changed security policy to \* for all still same error. but if i refresh the browser it works. but first time i am not being able to login. Can you help me with this please Thank you3.0.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2722Postgres Session Storage2022-09-27T10:17:27ZPaul BargewellPostgres Session Storage### Concerned version
Version: %2.0.14
Platform: (Nginx/Apache/Node.js)
### Summary
When following the how-to cli documentation to move session storage into Postgres (https://lemonldap-ng.org/documentation/latest/cli_examples.html#co...### Concerned version
Version: %2.0.14
Platform: (Nginx/Apache/Node.js)
### Summary
When following the how-to cli documentation to move session storage into Postgres (https://lemonldap-ng.org/documentation/latest/cli_examples.html#configure-sessions-backend)
The sessions storage fails because the column user is not quoted.
### Logs
```
LINE 1: ...T INTO sessions (id,a_session,ipAddr,_whatToTrace,user) VALU...
^ at /usr/share/perl5/Apache/Session/Browseable/Store/DBI.pm line 37
```
### Backends used
Postgres 12-alpine
### Possible fixes
This is from yadd on IRC. The change works as it correctly quotes the columns names.
```shell
--- a/lib/Apache/Session/Browseable/Store/DBI.pm
+++ b/lib/Apache/Session/Browseable/Store/DBI.pm
@@ -19,9 +19,9 @@ sub insert {
if ( !defined $self->{insert_sth} ) {
$self->{insert_sth} =
- $self->{dbh}->prepare_cached( "INSERT INTO $self->{table_name} ("
- . join( ',', 'id', 'a_session', map { s/'/''/g; $_ } @$index )
- . ') VALUES ('
+ $self->{dbh}->prepare_cached( "INSERT INTO $self->{table_name} (\""
+ . join( '","', 'id', 'a_session', map { s/'/''/g; $_ } @$index )
+ . '") VALUES ('
. join( ',', ('?') x ( 2 + @$index ) )
. ')' );
}
```FAQYaddYadd