Commit 77301e70 authored by Xavier Guimard's avatar Xavier Guimard

Merge branch 'v2.0'

parents 82242481 bc2bef4f
Pipeline #4610 passed with stages
in 10 minutes and 23 seconds
......@@ -142,8 +142,9 @@
},
"locationRules": {
"auth.example.com" : {
"(?#checkUser)/checkuser" : "$uid eq \"dwho\"",
"default" : "deny"
"(?#checkUser)^/checkuser": "$uid eq \"dwho\"",
"(?#errors)^/lmerror/": "accept",
"default" : "accept"
},
"manager.example.com": {
"(?#Configuration)^/(manager\\.html|conf/)": "$uid eq \"dwho\"",
......
.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
......@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.if !\nF .nr F 0
.if \nF>0 \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
......@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "llng-fastcgi-server 1"
.TH llng-fastcgi-server 1 "2018-08-03" "perl v5.26.2" "User Contributed Perl Documentation"
.TH llng-fastcgi-server 1 "2019-03-05" "perl v5.28.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -64,30 +64,34 @@ sub defaultValues {
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
},
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'impersonationHiddenAttributes' => '_2fDevices _loginHistory',
'impersonationPrefix' => 'real_',
'impersonationRule' => 0,
'impersonationSkipEmptyValues' => 1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'cn' => 'cn',
'mail' => 'mail',
'uid' => 'uid'
......
......@@ -41,12 +41,12 @@ sub serviceToXML {
samlOrganizationURL
);
if ($type and $type eq 'idp') {
$template->param( 'hideSPMetadata', 1);
if ( $type and $type eq 'idp' ) {
$template->param( 'hideSPMetadata', 1 );
}
if ($type and $type eq 'sp') {
$template->param( 'hideIDPMetadata', 1);
if ( $type and $type eq 'sp' ) {
$template->param( 'hideIDPMetadata', 1 );
}
foreach (@param_auto) {
......
......@@ -31,8 +31,8 @@ sub new {
$self->env->{PATH_INFO} =~ s|^$tmp|/|;
}
$self->env->{PATH_INFO} ||= '/';
$self->{uri} = uri_unescape( $self->env->{REQUEST_URI} );
$self->{uri} =~ s|^//+|/|g;
$self->env->{REQUEST_URI} =~ s|^//+|/|g;
$self->{uri} = uri_unescape( $self->env->{REQUEST_URI} );
$self->{data} = {};
$self->{error} = 0;
$self->{respHeaders} = [];
......
......@@ -51,7 +51,6 @@ sub defaultUnauthRoute {
sub _run {
my $self = shift;
$self->rule(1);
return sub {
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
......@@ -61,6 +60,7 @@ sub _run {
$req->userData( $self->api->data );
}
elsif ( $res->[0] != 403 ) {
# Unset headers (handler adds a Location header)
$self->logger->debug(
"User not authenticated, Try in use, cancel redirection");
......
......@@ -1195,6 +1195,26 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
'default' => -1,
'type' => 'trool'
},
'impersonationHiddenAttributes' => {
'default' => '_2fDevices _loginHistory',
'type' => 'text'
},
'impersonationMergeSSOgroups' => {
'default' => 0,
'type' => 'bool'
},
'impersonationPrefix' => {
'default' => 'real_',
'type' => 'text'
},
'impersonationRule' => {
'default' => 0,
'type' => 'boolOrExpr'
},
'impersonationSkipEmptyValues' => {
'default' => 1,
'type' => 'bool'
},
'infoFormMethod' => {
'default' => 'get',
'select' => [ {
......
......@@ -416,6 +416,59 @@ sub attributes {
type => 'text',
documentation => 'Secret token for CheckState plugin',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory hGroups',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
impersonationMergeSSOgroups => {
default => 0,
type => 'bool',
documentation => 'Merge spoofed and real SSO groups',
flags => 'p',
},
impersonationPrefix => {
type => 'text',
default => 'real_',
documentation => 'Prefix to rename real session attributes',
flags => 'p',
},
impersonationRule => {
type => 'boolOrExpr',
default => 0,
documentation => 'Impersonation activation rule',
},
impersonationHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory',
documentation => 'Attributes to skip',
flags => 'p',
},
impersonationSkipEmptyValues => {
default => 1,
type => 'bool',
documentation => 'Skip session empty values',
flags => 'p',
},
skipRenewConfirmation => {
type => 'bool',
default => 0,
......@@ -578,30 +631,6 @@ sub attributes {
documentation => 'Enable Cross Domain Authentication',
flags => 'hp',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory hGroups',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
checkXSS => {
default => 1,
type => 'bool',
......
......@@ -22,7 +22,8 @@ sub cTrees {
'locationRules',
'exportedHeaders',
'post',
{ title => 'vhostOptions',
{
title => 'vhostOptions',
help => 'configvhost.html#options',
form => 'simpleInputContainer',
nodes => [
......@@ -36,7 +37,8 @@ sub cTrees {
'samlIDPMetaDataXML',
'samlIDPMetaDataExportedAttributes',
{ title => "samlIDPMetaDataOptionsSession",
{
title => "samlIDPMetaDataOptionsSession",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsAdaptSessionUtime",
......@@ -45,7 +47,8 @@ sub cTrees {
"samlIDPMetaDataOptionsUserAttribute"
]
},
{ title => "samlIDPMetaDataOptionsSignature",
{
title => "samlIDPMetaDataOptionsSignature",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsSignSSOMessage",
......@@ -54,14 +57,16 @@ sub cTrees {
"samlIDPMetaDataOptionsCheckSLOMessageSignature"
]
},
{ title => "samlIDPMetaDataOptionsBinding",
{
title => "samlIDPMetaDataOptionsBinding",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsSSOBinding",
"samlIDPMetaDataOptionsSLOBinding"
]
},
{ title => "samlIDPMetaDataOptionsSecurity",
{
title => "samlIDPMetaDataOptionsSecurity",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsEncryptionMode",
......@@ -69,7 +74,8 @@ sub cTrees {
"samlIDPMetaDataOptionsCheckAudience"
]
},
{ title => 'samlIDPMetaDataOptions',
{
title => 'samlIDPMetaDataOptions',
help => 'authsaml.html#options',
form => 'simpleInputContainer',
nodes => [
......@@ -83,7 +89,8 @@ sub cTrees {
'samlIDPMetaDataOptionsRelayStateURL',
],
},
{ title => "samlIDPMetaDataOptionsDisplay",
{
title => "samlIDPMetaDataOptionsDisplay",
form => 'simpleInputContainer',
nodes => [
"samlIDPMetaDataOptionsDisplayName",
......@@ -94,10 +101,11 @@ sub cTrees {
samlSPMetaDataNode => [
"samlSPMetaDataXML",
"samlSPMetaDataExportedAttributes",
{ title => "samlSPMetaDataOptions",
{
title => "samlSPMetaDataOptions",
help => 'idpsaml.html#options',
nodes => [
{ title => "samlSPMetaDataOptionsAuthnResponse",
nodes => [ {
title => "samlSPMetaDataOptionsAuthnResponse",
form => 'simpleInputContainer',
nodes => [
"samlSPMetaDataOptionsNameIDFormat",
......@@ -108,7 +116,8 @@ sub cTrees {
"samlSPMetaDataOptionsForceUTF8"
]
},
{ title => "samlSPMetaDataOptionsSignature",
{
title => "samlSPMetaDataOptionsSignature",
form => 'simpleInputContainer',
nodes => [
"samlSPMetaDataOptionsSignSSOMessage",
......@@ -117,7 +126,8 @@ sub cTrees {
"samlSPMetaDataOptionsCheckSLOMessageSignature"
]
},
{ title => "samlSPMetaDataOptionsSecurity",
{
title => "samlSPMetaDataOptionsSecurity",
form => 'simpleInputContainer',
nodes => [
"samlSPMetaDataOptionsEncryptionMode",
......@@ -132,9 +142,10 @@ sub cTrees {
'oidcOPMetaDataJSON',
'oidcOPMetaDataJWKS',
'oidcOPMetaDataExportedVars',
{ title => 'oidcOPMetaDataOptions',
nodes => [
{ title => 'oidcOPMetaDataOptionsConfiguration',
{
title => 'oidcOPMetaDataOptions',
nodes => [ {
title => 'oidcOPMetaDataOptionsConfiguration',
form => 'simpleInputContainer',
nodes => [
'oidcOPMetaDataOptionsConfigurationURI',
......@@ -144,7 +155,8 @@ sub cTrees {
'oidcOPMetaDataOptionsStoreIDToken'
]
},
{ title => 'oidcOPMetaDataOptionsProtocol',
{
title => 'oidcOPMetaDataOptionsProtocol',
form => 'simpleInputContainer',
nodes => [
'oidcOPMetaDataOptionsScope',
......@@ -161,7 +173,8 @@ sub cTrees {
},
]
},
{ title => 'oidcOPMetaDataOptionsDisplayParams',
{
title => 'oidcOPMetaDataOptionsDisplayParams',
form => 'simpleInputContainer',
nodes => [
'oidcOPMetaDataOptionsDisplayName',
......@@ -172,9 +185,10 @@ sub cTrees {
oidcRPMetaDataNode => [
'oidcRPMetaDataExportedVars',
'oidcRPMetaDataOptionsExtraClaims',
{ title => 'oidcRPMetaDataOptions',
nodes => [
{ title => 'oidcRPMetaDataOptionsAuthentication',
{
title => 'oidcRPMetaDataOptions',
nodes => [ {
title => 'oidcRPMetaDataOptionsAuthentication',
form => 'simpleInputContainer',
nodes => [
'oidcRPMetaDataOptionsClientID',
......@@ -187,7 +201,8 @@ sub cTrees {
'oidcRPMetaDataOptionsAccessTokenExpiration',
'oidcRPMetaDataOptionsRedirectUris',
'oidcRPMetaDataOptionsBypassConsent',
{ title => 'logout',
{
title => 'logout',
form => 'simpleInputContainer',
nodes => [
'oidcRPMetaDataOptionsPostLogoutRedirectUris',
......@@ -199,7 +214,8 @@ sub cTrees {
'oidcRPMetaDataOptionsRule',
]
},
{ title => 'oidcRPMetaDataOptionsDisplay',
{
title => 'oidcRPMetaDataOptionsDisplay',
form => 'simpleInputContainer',
nodes => [
'oidcRPMetaDataOptionsDisplayName',
......@@ -210,7 +226,8 @@ sub cTrees {
casSrvMetaDataNode => [
'casSrvMetaDataExportedVars',
'casSrvMetaDataOptionsProxiedServices',
{ title => 'casSrvMetaDataOptions',
{
title => 'casSrvMetaDataOptions',
form => 'simpleInputContainer',
nodes => [
'casSrvMetaDataOptionsUrl',
......@@ -218,7 +235,8 @@ sub cTrees {
'casSrvMetaDataOptionsGateway',
]
},
{ title => 'casSrvMetaDataOptionsDisplay',
{
title => 'casSrvMetaDataOptionsDisplay',
form => 'simpleInputContainer',
nodes => [
'casSrvMetaDataOptionsDisplayName',
......@@ -226,8 +244,8 @@ sub cTrees {
]
},
],
casAppMetaDataNode => [
{ title => 'casAppMetaDataOptions',
casAppMetaDataNode => [ {
title => 'casAppMetaDataOptions',
form => 'simpleInputContainer',
nodes => [
'casAppMetaDataOptionsService',
......
......@@ -498,8 +498,7 @@ sub tree {
title => 'logParams',
help => 'logs.html',
form => 'simpleInputContainer',
nodes =>
[ 'whatToTrace', 'hiddenAttributes' ]
nodes => [ 'whatToTrace', 'hiddenAttributes' ]
},
{
title => 'cookieParams',
......@@ -648,6 +647,18 @@ sub tree {
'checkUserDisplayEmptyValues',
]
},
{
title => 'impersonation',
help => 'impersonation.html',
form => 'simpleInputContainer',
nodes => [
'impersonationRule',
'impersonationPrefix',
'impersonationHiddenAttributes',
'impersonationSkipEmptyValues',
'impersonationMergeSSOgroups',
]
},
]
},
{
......
......@@ -151,7 +151,7 @@
"clickHereToForce":"انقر هنا لإجبار",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session Check",
"checkUsers":"SSO profile Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"إخفاء الشجرة",
"httpOnly":"الحماية بواسطة جافا سكريبت",
"https":"إتش تي تي بي س",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"الحقول المطلوبة مفقودة",
"index":"فهرس",
"infoFormMethod":"طريقة للحصول على معلومات الإستمارة",
......
......@@ -151,7 +151,7 @@
"clickHereToForce":"Click here to force",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session Check",
"checkUsers":"SSO profile Check",
"choiceParams":"Choice parameters",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
......@@ -151,7 +151,7 @@
"clickHereToForce":"Click here to force",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session Check",
"checkUsers":"SSO profile Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
......@@ -151,7 +151,7 @@
"clickHereToForce":"Cliquer ici pour forcer",
"checkState":"Activation",
"checkStateSecret":"Secret partagé",
"checkUsers":"Vérification de session",
"checkUsers":"Vérification des profils SSO",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Attributs masqués",
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
......@@ -286,6 +286,12 @@
"hideTree":"Masquer l'arbre",
"httpOnly":"Protection contre javascript",
"https":"HTTPS",
"impersonation":"Usurpation d'identité",
"impersonationRule":"Règle d'utilisation",
"impersonationHiddenAttributes":"Attributs masqués",
"impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
"impersonationPrefix":"Préfix des vrais attributs",
"impersonationSkipEmptyValues":"Ignorer les valeurs nulles",
"incompleteForm":"Des champs requis manquent",
"index":"Index",
"infoFormMethod":"Méthode du formulaire d'information",
......
......@@ -151,7 +151,7 @@
"clickHereToForce":"Clicca qui per forzare",
"checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso",
"checkUsers":"Session Check",
"checkUsers":"SSO profile Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"Nascondi l'albero",
"httpOnly":"Protezione Javascript",
"https":"HTTPS",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Mancano campi obbligatori",
"index":"Indice",
"infoFormMethod":"Metodo per il modulo informazioni",
......
......@@ -286,6 +286,12 @@
"hideTree":"Ẩn cây",
"httpOnly":"Bảo vệ Javascript",
"https":"HTTPS",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Các trường bắt buộc bị thiếu",
"index":"Chỉ mục",
"infoFormMethod":"Phương pháp cho mẫu thông tin",
......
......@@ -151,7 +151,7 @@
"clickHereToForce":"Click here to force",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session Check",
"checkUsers":"SSO profile Check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
......@@ -286,6 +286,12 @@
"hideTree":"Hide tree",
"httpOnly":"Javascript protection",
"https":"HTTPS",
"impersonation":"Impersonation",
"impersonationRule":"Use rule",
"impersonationHiddenAttributes":"Hidden attributes",
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
"impersonationPrefix":"Real attributes prefix",
"impersonationSkipEmptyValues":"Skip empty values",
"incompleteForm":"Required fields are missing",
"index":"Index",
"infoFormMethod":"Method for info form",
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -2,7 +2,7 @@
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" type="image/vnd.microsoft.icon" sizes="16x16 32x32 48x48 64x64 128x128" href="<TMPL_VAR NAME="STATIC_PREFIX">logos/favicon.ico" />
<link rel="icon" type="image/vnd.microsoft.icon" sizes="16x16 32x32 48x48 64x64 128x128" href="<TMPL_VAR NAME="STATIC_PREFIX">logos/favicon.ico" />
......
......@@ -104,6 +104,7 @@ lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
lib/Lemonldap/NG/Portal/Plugins/ForceAuthn.pm
lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm