Closed
Milestone
Jan 1, 2016–Nov 30, 2018
2.0.0
2.0 first release
-
Bugs:
- #757: "Attempt to free unreferenced scalar" in Lemonldap::NG::Common::Session
- #789: Apache reloading breaks SAML authentication
- #804: Uncomplete logout in Issuer modules
- #856: LemonLDAP loses exportedVars conf randomly
- #863: get_url function builds wrong Portal URL
- #918: Env variables are searched in backends
- #998: encode_base64 can be udefined after a reload by URL
- #1061: Multiple segfault using ModPerl::Registry with Apache2.4
- #1113: OIDC Provider to SAML SP does not work
- #1150: Can't get captcha to work with LDAP as backend
- #1171: Session explorer freezes when session number is high
- #1327: Facebook module not working due to API changes in Facebook
- #1420: Answering to CAS proxy requests as CAS Provider
- #1468: Enabling both Auth::SAML and Issuer::SAML breaks SLO
-
New features:
- #575: Display differences between 2 conf
- #782: Node.js handler
- #819: Support of FIDO Alliance (multi-factor authentication)
- #826: Tab in portal to manage OpenID Connect consent
- #852: Possibility to reload/refresh his session without logout and relogin
- #970: REST API for Portal
- #971: Server-to-Server Handler
- #1015: Two-Factor Authentication with OTP for portal user logins
- #1019: Evaluate custom template parameters
- #1091: Handler for DevOps (SSOaaS)
- #1131: Portal plugin to "Stay connected on this device"
- #1138: Generate Content-Security-Policy headers and related
- #1148: U2F - Universal 2nd Factor Authentication
- #1151: Replace Multi by a Combination parser
- #1161: Manage access rules for CAS, SAML and OpenID Connect clients
- #1162: Capability to use Log4Perl (and other log backends)
- #1174: Auth and UserDB REST (delegation by web-service)
- #1188: Custom auth/userDB/password/register modules
- #1196: Auth::PAM module
- #1204: Propose reauthentication if higher access level is requested
- #1206: TLS support for mails
- #1208: YAML configuration backend
- #1212: Propose SSL authentication by Ajax
- #1318: Auto-Signin based on $env rules
- #1330: Menu rules for applications using SAML/CAS/OIDC
- #1359: TOTP plugin
- #1379: Feature: External Second Factor over REST API
- #1391: Mixed TOTP/U2F second factor plugin
- #1397: Plack servers support
- #1399: Yubikey as second factor
- #1419: Dispatch logger
- #1427: Alternative FastCGI-Client handler for Apache2
- #1438: Build trunk debian repository (nightly build)
- #1458: Local conf backend
- #1478: SAML Discovery Protocol (WAYF)
- #1500: Possibility to override parameters in Choice modules
- #1503: RENATER metadata download script
- #1512: Option to choose which SAML attribute will be used as "user" key
- #1535: Append Portal parameter to modify Handler Internal Cache
- #1539: Option to enable / disable languages choice display
-
Improvements:
- #354: Session Explorer: possibility to order sessions by date
- #587: Selecting language while connecting to LemonLDAP
- #595: Portal powered by FastCGI (using Plack)
- #651: Common::CGI::abort should return 500 as HTTP status code
- #673: Split conf/session/flags management from the Portal $self object
- #713: Request management to handle sessions
- #803: AuthSSL : Ability to choose SSLvar or UserDB depending of the CA
- #868: Replace XML format by JSON for notifications
- #1033: Translate mail subject - forgotten password
- #1044: Adapt FastCGI server to be able to use an event Plack engine
- #1065: Provide SSL options for AuthBasic
- #1118: Manage unicode in session and configuration backends
- #1133: Translation system for mails
- #1137: Avoid using inline Javascript and CSS
- #1140: Add CSRF protection to login and password change forms
- #1160: Reorganize handler architecture
- #1173: Performance: minimize Apache::Session access
- #1181: Make Debian packages autopkgtestable
- #1183: Rewrite CAS authentication module
- #1201: IPv6 support
- #1220: Vietnamese translation
- #1222: Arabic translation
- #1232: Italian translation
- #1247: Support RSA SHA256 signature in SAML
- #1267: Allow custom regexp for vhost display
- #1302: Move all HTML fragments into templates
- #1317: Wildcard in virtualhost names
- #1322: Get user attributes in Auth module for external authentication
- #1388: Auto-generation of parameters list in doc
- #1400: CLUSTER - Status page who check the working state of LLNG
- #1418: Sentry Logger (experimental)
- #1427: Alternative FastCGI-Client handler for Apache2
- #1428: Provide better logs with Nginx
- #1429: Use cached configuration when configuration database isn't available
- #1442: Last logins not shown when second factors are enabled
- #1443: Hide countdown block when stopped
- #1445: Let's stop french manager doc translation
- #1448: Full status for Nginx
- #1461: Remember Choice and other context settings before redirecting user to an external service
- #1473: Complex nodes not well displayed in manager
- #1488: Be tolerant with whitespaces in ini file
- #1490: Be able to use DBD::MariaDB
- #1499: CSP prevents to submit OIDC consents form
- #1501: Improve Login history module
- #1504: Upgrade to bootstrap 4
- #1515: Possibility to configure main logo on portal page
- #1522: Notifications with checkbox does not work
- #1526: Portal menu application and categorie logos not displayed
- #1542: Provide sessions attributes in template
- #1546: Configuration comparator does not work
- #1550: Error when enables "SSL, Custom " Auth modules with Choice
Unstarted Issues (open and unassigned)
0
Ongoing Issues (open and assigned)
0
Completed Issues (closed)
251
- Implement a brut force attack protection
- Check iframe protection
- Avoid using inline Javascript and CSS
- Generate Content-Security-Policy headers and related
- Add CSRF protection to login and password change forms
- Configuration save generates bad warnings
- Enabling both Auth::SAML and Issuer::SAML breaks SLO
- Answering to CAS proxy requests as CAS Provider
- "Attempt to free unreferenced scalar" in Lemonldap::NG::Common::Session
- Apache reloading breaks SAML authentication
- Uncomplete logout in Issuer modules
- LemonLDAP loses exportedVars conf randomly
- get_url function builds wrong Portal URL
- Env variables are searched in backends
- encode_base64 can be udefined after a reload by URL
- Multiple segfault using ModPerl::Registry with Apache2.4
- OIDC Provider to SAML SP does not work
- Can't get captcha to work with LDAP as backend
- Session explorer freezes when session number is high
- Facebook module not working due to API changes in Facebook
- Do not require to edit /etc/hosts to add reload vhost
- Warning in test suite when building on EL7
- Uninitialized vars errors with FCGIClient handler
- Do not remember choice in pdata when redirecting user for logout
- Parameter portalRequireOldPassword is not restored after mail reset
- Read timeout when configuration reload is too long
- Error when enables "SSL, Custom " Auth modules with Choice
- Confirmation password not verified in menu password change form
- Configuration comparator does not work
- Issue with Debian packages built with pipelines
- Issue with CDA
- Provide sessions attributes in template
- Wrong LDAP DN encoding when modifying password
- Option to enable / disable languages choice display
- Yubikey always valid if no internet connection
- Append Portal parameter to modify Handler Internal Cache
- Provide ipAddr in $req->env for rules
- OIDC Consent always required
- The source list for CSP directive 'form-action' contains an invalid source
- LDAP parameters are dropped if authentication backend is AD
- AD Password module is missing
- Custom modules are erased by package updates
- Issuer CAS redirect on bad service URL
- Strange issue with build_urlencoded
- Portal menu application and categorie logos not displayed
- Auto protected page
- The choice is not saved in $req-data
- Notifications with checkbox does not work
- Possibility to override portal messages
- Password backend not called with Choice
- Possibility to configure main logo on portal page
- SAML replay protection is not replaying authentication
- Option to choose which SAML attribute will be used as "user" key
- GrantSession module does not work
- Test all password reset by mail workflows
- Force authentication to access to Portal is no more available
- Upgrade to bootstrap 4
- RENATER metadata download script
- Server error when SAML metadata parsing not possible
- Improve Login history module
- Possibility to override parameters in Choice modules
- CSP prevents to submit OIDC consents form
- Move "afterData" entry point before "buildCookie" and add "endAuth" entrypoint
- Server error when LL::NG can't connect to LDAP directory
- 2FManagment.png is non DFSG free
- MongoDB session and configuration backend
- Be able to use DBD::MariaDB
- Be tolerant with whitespaces in ini file
- Get a link on totp request page to firstly register device
- Error after a configuration migration
- State Check Activation option does not work
- Persistent Connections option does not work
- Choice URL and CSP on form-action
- SAML Discovery Protocol (WAYF)
- SAML Common Domain Cookie
- Complex nodes not well displayed in manager
- 2FA manager does not work anymore
- Default configuration values not displayed in manager
- Enhance IDP selection
- Modify oidcConsents keys storage structure
- Login form JS errors
- RPM packages for 2.0
- Remember Choice and other context settings before redirecting user to an external service
- Warning in Main::Process
- Local conf backend
- Registering U2F 2FA doesn't work
- Portal doesn't update app urls
- Error when displaying CAS servers list
- Mouse < 2.5.1 breaks ApacheMP2 handler
- CAS service ticket not validated with Choice + CAS client
- Notifications module
- Error in SAML SOAP SLO
- Full status for Nginx
- No CDA redirection if already authenticated
- Let's stop french manager doc translation
- Hide countdown block when stopped
- Last logins not shown when second factors are enabled
- /saml/metadata route not working
- CDA init failure
- Client Handler trips on empty values in SOAP config
- Build trunk debian repository (nightly build)
- diff.html with only one config
- OIDC consents not well stored in session / displayed in portal
- JS errors in OpenID Connect checksession iframe
- Use cached configuration when configuration database isn't available
- Provide better logs with Nginx
- Alternative FastCGI-Client handler for Apache2
- CAS gateway mode
- CAS renew + Auth Choice leads to empty page
- Dispatch logger
- Sentry Logger (experimental)
- Better 2FA screen for end users
- JS error in sessions explorer
- Incorrect date when creating a new account
- History not well managed by 2F engine
- CLUSTER - Status page who check the working state of LLNG
- Yubikey as second factor
- 2F Error after applying trunk
- Plack servers support
- logout not working with Nginx on query parameters
- error - openid connect
- Mixed TOTP/U2F second factor plugin
- Auto-generation of parameters list in doc
- Multiple U2F keys
- POST data are URL encoded
- Content Security Policy prevent SAML redirection
- Include 2nd factor register page in menu
- Feature: External Second Factor over REST API
- Manager: Required authentication level display an empty error message
- Remove old menu methods in Lemonldap::NG::Portal::Main::Menu
- Centos - Issue with starting service llng-fastcgi-server
- TOTP plugin
- Mail not searched in LDAP directory in mail reset workflow
- dependency problem installing lemonldap-ng 2.0 with centos 7
- $_auth/$_userDB/... not available in session with Choice
- IDP selection in SAML IDP selection screen does not work
- Cannot remove an authentication choice in Manager
- Refresh my rights does not work with Choice
- Bad encoding when values submitted from register form
- Server internal error with Register module
- LDAP groups not correctly set in session
- Menu rules for applications using SAML/CAS/OIDC
- Publish WSDL for SOAP services
- Add system to overload parameters in *Choice (like "multi" key)
- Session Explorer: possibility to order sessions by date
- Timer for automatic redirection in info.tpl
- Display differences between 2 conf
- Selecting language while connecting to LemonLDAP
- Portal powered by FastCGI (using Plack)
- Common::CGI::abort should return 500 as HTTP status code
- Split conf/session/flags management from the Portal $self object
- Request management to handle sessions
- Multi backend authentication with SAML + LDAP
- Node.js handler
- AuthSSL : Ability to choose SSLvar or UserDB depending of the CA
- Support of FIDO Alliance (multi-factor authentication)
- Tab in portal to manage OpenID Connect consent
- AuthMulti : display multiple forms
- Auth Yubikey : second factor authentication module
- Possibility to reload/refresh his session without logout and relogin
- Adapt apache log level message on multi authentication scheme
- Replace XML format by JSON for notifications
- Simplify handler arch
- Warnings on OpenID attributes when configuration is saved
- REST API for Portal
- Server-to-Server Handler
- Two-Factor Authentication with OTP for portal user logins
- Evaluate custom template parameters
- Translate mail subject - forgotten password
- Adapt FastCGI server to be able to use an event Plack engine
- Provide SSL options for AuthBasic
- CDA: use different cookies for each protected vhost instead of one for all
- Rename lmConf-1.js to lmConf-1.json
- Handler for DevOps (SSOaaS)
- Manage unicode in session and configuration backends
- Portal plugin to "Stay connected on this device"
- Translation system for mails
- U2F - Universal 2nd Factor Authentication
- Replace Multi by a Combination parser
- Export SAML request parameters in %ENV
- Reorganize handler architecture
- Manage access rules for CAS, SAML and OpenID Connect clients
- Capability to use Log4Perl (and other log backends)
- Be consistent in session "private" variable names
- Performance: minimize Apache::Session access
- Auth and UserDB REST (delegation by web-service)
- Make Debian packages autopkgtestable
- Rewrite CAS authentication module
- Remove old skins and keep only bootsrap
- Custom auth/userDB/password/register modules
- Auth::PAM module
- IPv6 support
- Propose reauthentication if higher access level is requested
- Remove "experimental" from lemonldap-ng-cli
- TLS support for mails
- YAML configuration backend
- Propose SSL authentication by Ajax
- CDA error while loading plugin
- Session not deleted in cache when removing session from Sessions Explorer
- Missing PasswordDBNull
- Choice are not displayed on portal
- Vietnamese translation
- Arabic translation
- Unable to configure CAS proxiedServices in Manager
- No proxy tickets received when proxiedServices configured
- Old password input not shown in password form in menu
- Logo not displayed in Choices tab
- Unable to select Cas UserDB in Choices
- Redirector JS error
- Italian translation
- HTML entities not authorized in translation files
- Confirm buttons always return 1
- No redirect is done after OpenID Connect logout
- Unable to load Manager without existing configuration (ZeroConf)
- Add an alt attribute and a cursor to flag icons
- Support RSA SHA256 signature in SAML
- Invalid call to upgradesession in OpenID Connect authorization
- OIDC Consent is automatically accepted
- No translation and no logo in OIDC consent page
- Internal Server error if no OIDC session storage defined
- Bad URL in OIDC authentication flow when first authentication
- no successful password notification message
- RPM Update for SLES12, RHEL7+ and Fedora
- Add dependency to documentation
- Allow custom regexp for vhost display
- Error on reload
- Bad behaviour with static content
- Underlying object can't load conf
- Can't call method "logger" on an undefined value
- Missing docs on portal addons/Servers
- Handler Reload.pm need fixing (apache)
- Error on save configuration with combination enable
- Typo in /lemonldap-ng/etc/init.d/llng-fastcgi-server
- nginx handler, error on reload
- Server error when REST/SOAP servers enabled
- Menu categories order is not correctly saved/loaded
- Improve "reload Urls" restrictions
- Move all HTML fragments into templates
- Logout fails when SAML issuer is enabled
- When authentication parameter = 'Authentication choice', the reload handler reports "userDB: Invalid value 'Choice' for this select"
- Custom functions can't be evaluated when the portal is on Apache
- errors using saml post sso
- History not display during login
- Wildcard in virtualhost names
- Auto-Signin based on $env rules
- Consents given not saved
- CAS conflict with logout (url parameter)
- Choice/renew conflict
- Get user attributes in Auth module for external authentication
- Use conf and session cache outside /tmp for Handler unit tests
- Configuration of registerUrl
