lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-11-29T17:58:01Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1560Do not require to edit /etc/hosts to add reload vhost2018-11-29T17:58:01ZClément OUDOTDo not require to edit /etc/hosts to add reload vhostWe don't need to edit /etc/hosts, we should instead set the reload URL key to localhost, so it works by default at first installation. We then have a documentation to explain how configure reload URLs for cluster or complex installations.We don't need to edit /etc/hosts, we should instead set the reload URL key to localhost, so it works by default at first installation. We then have a documentation to explain how configure reload URLs for cluster or complex installations.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1555Do not remember choice in pdata when redirecting user for logout2018-11-28T10:37:52ZClément OUDOTDo not remember choice in pdata when redirecting user for logoutFor example in CAS protocol, the user is redirected back to the CAS server when the logout has ended. When LL::NG is a CAS client configured with Choice, we get well redirected to CAS server, but the CAS authentication is remembered, so ...For example in CAS protocol, the user is redirected back to the CAS server when the logout has ended. When LL::NG is a CAS client configured with Choice, we get well redirected to CAS server, but the CAS authentication is remembered, so when using the portal page, we are always redirected back to CAS server, we can not select another authentication Choice.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1554Parameter portalRequireOldPassword is not restored after mail reset2018-11-24T11:04:36ZClément OUDOTParameter portalRequireOldPassword is not restored after mail resetIn Mail Reset plugin, we modify portalRequireOldPassword so that the password change form do not require the old password, but we need to restore this parameter after.In Mail Reset plugin, we modify portalRequireOldPassword so that the password change form do not require the old password, but we need to restore this parameter after.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1553Read timeout when configuration reload is too long2018-11-26T13:18:26ZClément OUDOTRead timeout when configuration reload is too longWhen we have a big configuration (for example after loading all IDPs of Renater), the reload is a little longer.
In this case after saving a configuration, we have :
```
[notice] Apply configuration for 134.158.39.71: ok
[error] Apply c...When we have a big configuration (for example after loading all IDPs of Renater), the reload is a little longer.
In this case after saving a configuration, we have :
```
[notice] Apply configuration for 134.158.39.71: ok
[error] Apply configuration for 134.158.39.70: error 500 (read timeout)
Status : [
{
'134.158.39.70' => 'Error 500 (read timeout)',
'134.158.39.71' => 'OK'
}
];
```
We should be able to adjust timeout value for reload.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1544Issue with CDA2018-11-15T14:17:27ZClément OUDOTIssue with CDAThe CDA does not seem to work:
```
[debug] CDA request
[debug] Try to get a new CDA session
[debug] Check session validity -> 700s
[debug] Return CDA session 9ebd303f7932ba327369cc887d02c33e
[debug] Update sessionInfo _utime with 154228...The CDA does not seem to work:
```
[debug] CDA request
[debug] Try to get a new CDA session
[debug] Check session validity -> 700s
[debug] Return CDA session 9ebd303f7932ba327369cc887d02c33e
[debug] Update sessionInfo _utime with 1542288651
[debug] Update sessionInfo cookie_value with 2b36c148951a7ab6673a5deb044c7b35
[debug] Update sessionInfo cookie_name with lemonldap
[debug] Try to get SSO session 9ebd303f7932ba327369cc887d02c33e
[debug] Get session 9ebd303f7932ba327369cc887d02c33e from Portal::Main::Run
[debug] Check session validity -> 700s
[debug] Return SSO session 9ebd303f7932ba327369cc887d02c33e
[debug] CDA redirection to https://test1.openid.cda/?lemonldapcda=9ebd303f7932ba327369cc887d02c33e
[debug] Processing code ref
[debug] Launching ::Plugins::Notifications::checkNotifDuringAuth
[debug] Processing code ref
[debug] Launching ::Plugins::History::run
[debug] Processing code ref
[debug] Launching ::Password::Choice::_endAuth
[debug] Unable to find enabledMods2 in this context: endAuth
[debug] Processing code ref
[debug] Cleaning pdata
[debug] Calling autoredirect
[debug] Building redirection to https://test1.openid.cda/?lemonldapcda=9ebd303f7932ba327369cc887d02c33e
[Thu Nov 15 14:30:51.295452 2018] [perl:debug] [pid 102179] Check configuration for Lemonldap::NG::Handler::ApacheMP2::Main
[Thu Nov 15 14:30:51.296960 2018] [perl:debug] [pid 102179] Lemonldap::NG::Common::Conf::Backends::File loaded.\nGet configuration from cache without verification.
[Thu Nov 15 14:30:51.297064 2018] [perl:debug] [pid 102179] Get configuration 285
[Thu Nov 15 14:30:51.297186 2018] [perl:info] [pid 102179] Loading configuration 285 for process 102179
[Thu Nov 15 14:30:51.297271 2018] [perl:debug] [pid 102179] Process 102179 calls defaultValuesInit
[Thu Nov 15 14:30:51.297430 2018] [perl:debug] [pid 102179] Options maintenance for vhost test1.openid.cda: 0
[Thu Nov 15 14:30:51.297538 2018] [perl:debug] [pid 102179] Process 102179 calls jailInit
[Thu Nov 15 14:30:51.299478 2018] [perl:debug] [pid 102179] Process 102179 calls portalInit
[Thu Nov 15 14:30:51.299620 2018] [perl:debug] [pid 102179] Process 102179 calls locationRulesInit
[Thu Nov 15 14:30:51.300857 2018] [perl:debug] [pid 102179] Process 102179 calls sessionStorageInit
[Thu Nov 15 14:30:51.304438 2018] [perl:debug] [pid 102179] Process 102179 calls headersInit
[Thu Nov 15 14:30:51.305920 2018] [perl:debug] [pid 102179] Process 102179 calls postUrlInit
[Thu Nov 15 14:30:51.306030 2018] [perl:debug] [pid 102179] Process 102179 calls aliasInit
[Thu Nov 15 14:30:51.306153 2018] [perl:debug] [pid 102179] Lemonldap::NG::Handler::ApacheMP2::Main: configuration is up to date
[Thu Nov 15 14:30:51.307165 2018] [perl:debug] [pid 102179] CDA request with id 9ebd303f7932ba327369cc887d02c33e
[Thu Nov 15 14:30:51.308751 2018] [perl:debug] [pid 102179] Get CDA session 9ebd303f7932ba327369cc887d02c33e
[Thu Nov 15 14:30:51.309846 2018] [perl:debug] [pid 102179] Build URL https://test1.openid.cda/
[Thu Nov 15 14:30:51.310001 2018] [perl:error] [pid 102179] [client 92.184.112.17:43320] Undefined subroutine &Lemonldap::NG::Handler::Lib::CDA::expires called at /usr/share/perl5/Lemonldap/NG/Handler/Lib/CDA.pm line 44.\n, referer: https://auth.openid.club/
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1542Provide sessions attributes in template2018-11-15T10:54:39ZClément OUDOTProvide sessions attributes in templateFor customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can ca...For customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can call this in template:
```html
<TMPL_VAR NAME="session_cn">
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1534Provide ipAddr in $req->env for rules2018-11-09T11:05:49ZClément OUDOTProvide ipAddr in $req->env for rulesWe had in 1.9 the $ipAddr that could be used in rules, we need the same in 2.0.We had in 1.9 the $ipAddr that could be used in rules, we need the same in 2.0.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1531LDAP parameters are dropped if authentication backend is AD2018-10-29T16:04:52ZClément OUDOTLDAP parameters are dropped if authentication backend is ADIf we choose AD as authentication backend, all LDAP parameters are dropped.If we choose AD as authentication backend, all LDAP parameters are dropped.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1530AD Password module is missing2018-10-29T17:35:44ZClément OUDOTAD Password module is missingThe Portal/Password/AD.pm module is missingThe Portal/Password/AD.pm module is missing2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1528Issuer CAS redirect on bad service URL2018-11-15T09:38:22ZClément OUDOTIssuer CAS redirect on bad service URLWhen service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).When service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1524The choice is not saved in $req-data2018-10-16T15:26:00ZClément OUDOTThe choice is not saved in $req-dataWe have some code to read $req->data->{_authChoice} but this data is never set.We have some code to read $req->data->{_authChoice} but this data is never set.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1512Option to choose which SAML attribute will be used as "user" key2018-10-02T15:21:03ZClément OUDOTOption to choose which SAML attribute will be used as "user" keyFor the moment, we use the NameID value as "user" key, which can be a problem to use it as pivot on another userDB.
We need an option to choose which SAML attribute will be used as "user" key.For the moment, we use the NameID value as "user" key, which can be a problem to use it as pivot on another userDB.
We need an option to choose which SAML attribute will be used as "user" key.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1503RENATER metadata download script2018-11-08T14:48:33ZClément OUDOTRENATER metadata download scriptWhen using SAML with RENATER (or eduGAIN), we need to download metadata of all registered partners and configure them inside LL:NG. Unless this, the WAYF (see #1478) is not working, as the selected partner is not registered.
Technical d...When using SAML with RENATER (or eduGAIN), we need to download metadata of all registered partners and configure them inside LL:NG. Unless this, the WAYF (see #1478) is not working, as the selected partner is not registered.
Technical details for script implementation: https://services.renater.fr/federation/technique/metadata2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1502Server error when SAML metadata parsing not possible2018-09-11T09:07:46ZClément OUDOTServer error when SAML metadata parsing not possibleIf we have some metadata that are not compliant to Lasso parser, we return a server error (Error 500).
As SAML metadata parsing occurs at init, we can't display the portal anymore. I suggest we just set a warn log message and let the po...If we have some metadata that are not compliant to Lasso parser, we return a server error (Error 500).
As SAML metadata parsing occurs at init, we can't display the portal anymore. I suggest we just set a warn log message and let the portal end its process.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1480Choice URL and CSP on form-action2018-08-29T05:54:37ZClément OUDOTChoice URL and CSP on form-actionWhen we define an URL in a choice module, the CSP on form-action prevent to post on this URL.
It seems we don't have any parameter to manage CSP on form-action.When we define an URL in a choice module, the CSP on form-action prevent to post on this URL.
It seems we don't have any parameter to manage CSP on form-action.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1478SAML Discovery Protocol (WAYF)2018-11-20T21:50:57ZClément OUDOTSAML Discovery Protocol (WAYF)There is a discovery protocol in SAML different from the Common Domain Cookie specification: https://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf
This protocol is used for example by Renater WAYF: h...There is a discovery protocol in SAML different from the Common Domain Cookie specification: https://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf
This protocol is used for example by Renater WAYF: https://discovery.renater.fr/renater/WAYF
We need to support it in LemonLDAP::NG.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1465Enhance IDP selection2018-11-19T22:09:59ZClément OUDOTEnhance IDP selectionWe need a dedicated template for IDP selection, to keep confirm template for confirmation steps.
We should also have the same features for all protocols (CAS/SAML/OIDC):
* Automatic redirection when only one IDP available
* No timer whe...We need a dedicated template for IDP selection, to keep confirm template for confirmation steps.
We should also have the same features for all protocols (CAS/SAML/OIDC):
* Automatic redirection when only one IDP available
* No timer when redirecting to IDP (or make it configurable)
* IDP preslection rule
* Icon configuration2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1462RPM packages for 2.02018-11-29T14:42:48ZClément OUDOTRPM packages for 2.0RPM packages needed for 2.0RPM packages needed for 2.02.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1453Error when displaying CAS servers list2018-06-14T09:53:20ZClément OUDOTError when displaying CAS servers listLogs:
```
[debug] Processing extractFormInfo
[debug] Redirecting user to CAS server list
[debug] Returned error: 42
[debug] Display: confirm detected
[debug] Skin returned: confirm
[debug] Calling sendHtml with template confirm
[debug] S...Logs:
```
[debug] Processing extractFormInfo
[debug] Redirecting user to CAS server list
[debug] Returned error: 42
[debug] Display: confirm detected
[debug] Skin returned: confirm
[debug] Calling sendHtml with template confirm
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[warn] [anonymous] Unable to load template: HTML::Template::param() : attempt to set parameter 'list' with a scalar - parameter is not a TMPL_VAR! at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 268.
[error] Error 500: Unable to load template: HTML::Template::param() : attempt to set parameter 'list' with a scalar - parameter is not a TMPL_VAR! at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 268.
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1451CAS service ticket not validated with Choice + CAS client2018-06-13T10:25:19ZClément OUDOTCAS service ticket not validated with Choice + CAS clientLL::NG configured with Choice and CAS client
The initial service value when requesting ST is https://auth.openid.club/?lmAuth=8CAS, but the service valued when calling serviceValidate is https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CA...LL::NG configured with Choice and CAS client
The initial service value when requesting ST is https://auth.openid.club/?lmAuth=8CAS, but the service valued when calling serviceValidate is https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS.
Logs on CAS server (LL::NG 1.9):
```
[Wed Jun 13 11:29:03.436694 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Get service validate request with ticket ST-a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b for service https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS
[Wed Jun 13 11:29:03.439241 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: SERVICE ticket session a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b found
[Wed Jun 13 11:29:03.444351 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(114): /usr/share/perl5/Lemonldap/NG/Portal/IssuerDBCAS.pm 317:
[Wed Jun 13 11:29:03.444472 2018] [perl:error] [pid 2083:tid 140310743086848] Submitted service https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS does not match initial service https://auth.openid.club/?lmAuth=8CAS
[Wed Jun 13 11:29:03.465267 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: CAS session a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b deleted
[Wed Jun 13 11:29:03.465508 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Return CAS service validate error INVALID_SERVICE (Submitted service does not match initial service)
```2.0.0Clément OUDOTClément OUDOT