lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2024-03-27T10:45:57Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3110_2fDevices redaction corrupts session2024-03-27T10:45:57ZDaniel Berteaud_2fDevices redaction corrupts session### Affected version
Version: 2.18.2
Platform: Alma Linux 9, custom Docker image (using the RPMS from https://lemonldap-ng.org/redhat/stable/)
### Summary
Active Directory grants an auth level of 2, and some apps require an auth leve...### Affected version
Version: 2.18.2
Platform: Alma Linux 9, custom Docker image (using the RPMS from https://lemonldap-ng.org/redhat/stable/)
### Summary
Active Directory grants an auth level of 2, and some apps require an auth level of 5. The Upgrade Session plugins handles the re-auth with a second factor (WebAuthn and TOTP are configured). While this is working, I sometime have a corrupted session. The issue comes from the \_2fDevices, which looks like
```plaintext
"_2fDevices": "******"
```
As LL::NG is expecting a JSON array, this is breaking. The session can neither be displayed in the manager, nor can it be upgraded with 2FA. If I try to access a app which requires an authLevel of 5, I just get a white page with "Internal Server Error" instead of the 2FA upgrade page on the portal.
### Logs
```plaintext
[Wed Feb 28 10:04:12 2024] [LLNG:655] [warn] User rejected due to insufficient authentication level
[Wed Feb 28 10:04:12 2024] [LLNG:655] [warn] -> Session upgrade enabled
[Wed Feb 28 10:04:12 2024] [LLNG:655] [error] Corrupted session (_2fDevices): malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "******") at /usr/share/perl5/vendor_perl/JSON.pm line 190.
[uwsgi-perl error] Can't use an undefined value as an ARRAY reference at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/2F/Engines/Default.pm line 305.
[Wed Feb 28 10:04:54 2024] [LLNG:41] [error] Corrupted session (_2fDevices): malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "******") at /usr/share/perl5/vendor_perl/JSON.pm line 190.
[uwsgi-perl error] Can't use an undefined value as an ARRAY reference at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/2F/Engines/Default.pm line 305.
```
### Backends used
uwsgi and nginx for the portal and manager, Traefik and uwsgi for the Handler, postgres for configuration and sessions, Active Directory (samba4) for UserDB and PasswordDB. Handlers are using the REST API for config and session. I think the issue comes from here. 2fDevices is an hidden attribute (don't know where this is configured yet). I've enabled "Export secrets attributes" on the REST server, but it doesn't look like it changes anything. As the handler gets a "\*\*\*\*\*\*\*" from the REST API for the session, when it updates the session, it corrupts it in the session database. Attribute redaction should honor attribute type (eg, set 2fDevices as \["\*\*\*\*\*"\] instead of "\*\*\*\*\*") so at least the session wouldn't be corrupted. I also need to find how to remove 2fDevices from the hidden attribute list so it can be served to my handlers with the REST API, but this is probably just a matter of correct configuration.2.20.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2918CAS issuer can't handle urn: URIs2023-05-09T09:26:37ZMaxime BessonCAS issuer can't handle urn: URIs### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
Some CAS apps (jnlp) use urn:my:app URLs, which currently don't work (PE_ERROR)### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
Some CAS apps (jnlp) use urn:my:app URLs, which currently don't work (PE_ERROR)In discussionMaxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2861MFA / 2FA does not correct send _password via REST2024-03-27T09:49:37ZDave ConroyMFA / 2FA does not correct send _password via REST### Concerned version
Version: %2.0.16
Platform: (Nginx) | Docker
### Summary
An application that is protected via a REST LLNG Handler and are passing headers to the application like so:
- `uid` as `REMOTE_USER`
- `_password` `REMOT...### Concerned version
Version: %2.0.16
Platform: (Nginx) | Docker
### Summary
An application that is protected via a REST LLNG Handler and are passing headers to the application like so:
- `uid` as `REMOTE_USER`
- `_password` `REMOTE_PASSWORD`
Works fine - with the exception of impersonation/context switching, but that is another issue that cannot be resolved.
When using MFA (We have tested with Webauthn) we have found the _password variable is not sent to the Remote LLNG Handler anymore and sends a blank `REMOTE_PASSWORD` header to the protected application.
### Backends used
Simple system with Portal, Handler, and Manager all on one host, and remote handlers that are connected via REST (previously SOAP) either per service or for each physical machine. Postgresql storage for LLNG Portal, and filesystem storage for REST.
````mermaid
graph TD
LLNGPORTAL(Portal Server) -->LLNGHANDLER(LLNG Remote Handler REST) -->APP(Application)
LLNGHANDLER-->LLNGPORTAL
````BacklogChristophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2837Unable to delete FIDO MFA Key2023-12-14T09:16:55ZDave ConroyUnable to delete FIDO MFA Key### Concerned version
Version: 2.15.1
Platform: Nginx (tiredofit/docker-lemonldap -- My image)
### Summary
After registering with a Fido Device (oddly enough I don't get confirmation when I do, and can only see it back at 2fa Manager...### Concerned version
Version: 2.15.1
Platform: Nginx (tiredofit/docker-lemonldap -- My image)
### Summary
After registering with a Fido Device (oddly enough I don't get confirmation when I do, and can only see it back at 2fa Manager)
I now have a Fido key registered to me. When I try to remove it, I am presented with a JS popup "This operation cannot be undone" and select Unregister.
It removes from the screen, but upon page reload, the key reappears.
### Logs
```
2022-12-14 10:08:08 | LLNG[2717]: [debug] daveconroy request to delete webauthn2f device
2022-12-14 10:08:08 | LLNG[2717]: [debug] Impersonation plugin is enabled
2022-12-14 10:08:08 | LLNG[2717]: [debug] ContextSwitching plugin is enabled
2022-12-14 10:08:08 | LLNG[2717]: [debug] daveconroy is allowed to update 2FA
2022-12-14 10:08:08 | LLNG[2717]: [debug] Deleted 2F Device: { type => WebAuthn, epoch => 1670956099 }
2022-12-14 10:08:08 | LLNG[2717]: [debug] Found 'whatToTrace' -> daveconroy
2022-12-14 10:08:08 | LLNG[2717]: [debug] Update daveconroy persistent session
2022-12-14 10:08:08 | LLNG[2717]: [debug] Update session MASKED
2022-12-14 10:08:08 | LLNG[2717]: [debug] Update sessionInfo _2fDevices
2022-12-14 10:08:08 | LLNG[2717]: [debug] Dump: $VAR1 = '[]';
```
From manager, the key can be removed.In discussionMaxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2822Nginx FastCGI error SAML related "Can't call method "data" on an undefined va...2024-03-27T10:54:11ZYannick BELUCHENginx FastCGI error SAML related "Can't call method "data" on an undefined value"### Concerned version
Version: %2.0.15.1-1
Platform: (Nginx)
### Summary
I encountered the following error in nginx LLNG portal logs and I couldn't figured out where that came from.
### Logs
In portal-nginx.log:
```
2022/11/17 11:...### Concerned version
Version: %2.0.15.1-1
Platform: (Nginx)
### Summary
I encountered the following error in nginx LLNG portal logs and I couldn't figured out where that came from.
### Logs
In portal-nginx.log:
```
2022/11/17 11:18:43 [error] 3283#3283: *576932 FastCGI sent in stderr: "Can't call method "data" on an undefined value at /usr/share/perl5/Lemonldap/NG/Portal/Lib/SAML.pm line 3240" while reading response header from upstream, client: <IP>, server: auth.mydomain.com, request: "POST /saml/proxySingleLogoutSOAP HTTP/1.1", upstream "fastcgi://unix:/var/run/llng-fastcgi.sock:", host: "auth.mydomain.com"
```
### Backends used
Apache::File
### Possible fixes2.19.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2818Multiple SAML SP in the same LLNG session2023-12-14T09:17:06ZAndrea PassuelloMultiple SAML SP in the same LLNG sessionHi,
I use the last version of LLNG with a LDAP backend and SAML to do SSO with different service providers.
I'm able to login to the different SPs but I noticed that sometimes when i login in a SP (not a specific one) the lasso session ...Hi,
I use the last version of LLNG with a LDAP backend and SAML to do SSO with different service providers.
I'm able to login to the different SPs but I noticed that sometimes when i login in a SP (not a specific one) the lasso session contains several times the same SP, something like this:
<Session Version="2" xmlns="http://www.entrouvert.org/namespaces/lasso/0.0">
<NidAndSessionIndex AssertionID="_403818F21FB74BDBD8BA9171EB4D9B6F" ProviderID="https://SP1.mydomain.com/saml/metadata" SessionIndex="e0eaf29f16feef17ccc00305d52e4c5f8f66168679d37234e1d9a204cbf84d7c">
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">_7C57585F1CFEDA90602B7C3B5B8F1C05</saml:NameID>
</NidAndSessionIndex>
<NidAndSessionIndex AssertionID="_5451C47D26975A3F118CB6924AE8C945" ProviderID="https://SP1.mydomain.com/saml/metadata" SessionIndex="84305ba43f548a9eb59797e89b6c6e62c4e708fb904ca913a31ae5e4e7c395b6">
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">_82BB2826B989215A844782170C929215</saml:NameID>
</NidAndSessionIndex>
</Session>
In a case like this the SLO does not work.
Sometimes it happens to have different sessions also for SP2, SP3, ....
For having this situation I did these steps:
1. login to the portal
2. first login to the "SP1" SAML SP
3. second login to the "SP1" SAML SP (for this I deleted the SP1 cookie to simulate the expiration of the SP1 session)
4. logout from the portal
After the logout I'm still connected to SP1 (but not to LLNG).
If I do the logout without the second SP1 login (step 3) the logout works as expected and I'm logged out from LLNG and also from SP1.
**STEP 2**
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Get configuration from cache without verification.
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] VH PORTAL.mydomain.com is HTTPS
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler::Main::Run
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Check session validity from Handler
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Session timeout -> 86400
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Session _utime -> 1668079744
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] now -> 1668079765
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Session timeoutActivityInterval -> 60
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Session TTL = 86379
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] No URL authentication level found...
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] PORTAL.mydomain.com: Apply default rule
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] removing cookie
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Cookies -> llnglanguage=it; cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] CookieName -> cookiename_test
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] newCookies -> llnglanguage=it;
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] User my_username was granted to access to /saml/singleSignOn?SAMLRequest=hZLdT8IwFMX%2FlaXvsA%2FdgGZbgswlJPgRUB98Mc24QJOtnb23oP%2B93YiKiYGnJqf3tOd32hRFU7d8ammnlvBuAcn7aGqFvN%2FImDWKa4ESuRINIKeKr6Z3Cx4NA94aTbrSNTuxnHcIRDAktWLevMjYW5mEs2gSTkZJEMfj0U2ZxNdFNL6N46IMrpKAeS9g0M1nzNmdCdHCXCEJRU4KomgQhoMweApDHk14FL8yr3AMUgnqXTuiFrnvCwcYDQ9yDVujbTsE63dpfZRqW8NKbtWDyzTTCqE7%2BRxDdRzilTXGrQPZtLWsJDGv1KaCvsqMbUSN0AV%2BdMxyDz%2FK9LuC7jLbgFmB2csKnpeL37hVQ%2F%2BlbTXSErDtErA87TTeV2LyC84GSKwFidQ%2FNaXH1793jPPiUTuMzw6iERcq6BS5Hmz6UU5GKJSuCgdX1%2FowMyDIAZOxwPz8eOXfP5Z%2FAQ%3D%3D&RelayState=https%3A%2F%2FSP1.mydomain.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=G9bJPn8NOnfnL0nu%2FrOOaNfAbmD3icS9MRnLbbgXJ%2FWBz3XbolzwSQP8R3CCgug9%2BeYsXb8u617eUXJelz4pgOw%2FgSo4GHiaxhwIuhHZFgnrf%2F1vjijq4j4nKPUOVBULqFAFl5w4NnEdT%2BWDs719jzsotHraC0ASjJsheOn2Gwq8v%2B7KTD8a5SFw5s085deGM3xRl85vQxfD7OWQjiY2lk%2FymMmJ25tuI9ua5%2BfpUqQAh5lGcwK4rVVXYPVP8%2FXViKDviehaKDbh%2FL818WgROiJ%2FqChU5L1H3WlFgOMpvR16MgKEyvlBLIMjv1o7Fk88feXEZ%2Fp%2B%2Bcod%2Bcn6r8u0sgsIcejoyBHwzlO%2B8bFYFmohZY1J4XaZjuLJVuGdQyrHwDXSTFkH2mzpR9aRh2CyX780vPtEFPoWnL3qGk6miU5e8WSupsGO%2FYmiR2c93axzK29ClGe8UEPaNnzEIRUH0%2FAljOHDGe352IYV9nxv1vhZeRmh7ZdsGRvb7AKRR5rcrywzioVZZQQ3e1T9bJgoLti%2B%2BfgnzOkMOMEUgU9RM9DQA07LMoqAq2WCW%2B1SKGIedZT0IqYruzq%2BcshE8s3JGsgC12eTZlZK0pCCJ4UnL6auEIaIoHW8Huw0UIs0rusZeo3EdKcJ9bqjP9rhrB0ldnd2Q7t5v91EYmKcNs9UPck%3D
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Start routing saml
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing _forAuthUser
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Cleaning pdata
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing importHandlerData
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing controlUrl
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Launching ::Plugins::CDA::changeUrldc
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Launching ::Password::LDAP::_modifyPassword
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] URL /saml/singleSignOn?SAMLRequest=hZLdT8IwFMX/laXvsA/dgGZbgswlJPgRUB98Mc24QJOtnb23oP+93YiKiYGnJqf3tOd32hRFU7d8ammnlvBuAcn7aGqFvN/ImDWKa4ESuRINIKeKr6Z3Cx4NA94aTbrSNTuxnHcIRDAktWLevMjYW5mEs2gSTkZJEMfj0U2ZxNdFNL6N46IMrpKAeS9g0M1nzNmdCdHCXCEJRU4KomgQhoMweApDHk14FL8yr3AMUgnqXTuiFrnvCwcYDQ9yDVujbTsE63dpfZRqW8NKbtWDyzTTCqE7+RxDdRzilTXGrQPZtLWsJDGv1KaCvsqMbUSN0AV+dMxyDz/K9LuC7jLbgFmB2csKnpeL37hVQ/+lbTXSErDtErA87TTeV2LyC84GSKwFidQ/NaXH1793jPPiUTuMzw6iERcq6BS5Hmz6UU5GKJSuCgdX1/owMyDIAZOxwPz8eOXfP5Z/AQ==&RelayState=https://SP1.mydomain.com/&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=G9bJPn8NOnfnL0nu/rOOaNfAbmD3icS9MRnLbbgXJ/WBz3XbolzwSQP8R3CCgug9+eYsXb8u617eUXJelz4pgOw/gSo4GHiaxhwIuhHZFgnrf/1vjijq4j4nKPUOVBULqFAFl5w4NnEdT+WDs719jzsotHraC0ASjJsheOn2Gwq8v+7KTD8a5SFw5s085deGM3xRl85vQxfD7OWQjiY2lk/ymMmJ25tuI9ua5+fpUqQAh5lGcwK4rVVXYPVP8/XViKDviehaKDbh/L818WgROiJ/qChU5L1H3WlFgOMpvR16MgKEyvlBLIMjv1o7Fk88feXEZ/p++cod+cn6r8u0sgsIcejoyBHwzlO+8bFYFmohZY1J4XaZjuLJVuGdQyrHwDXSTFkH2mzpR9aRh2CyX780vPtEFPoWnL3qGk6miU5e8WSupsGO/YmiR2c93axzK29ClGe8UEPaNnzEIRUH0/AljOHDGe352IYV9nxv1vhZeRmh7ZdsGRvb7AKRR5rcrywzioVZZQQ3e1T9bJgoLti++fgnzOkMOMEUgU9RM9DQA07LMoqAq2WCW+1SKGIedZT0IqYruzq+cshE8s3JGsgC12eTZlZK0pCCJ4UnL6auEIaIoHW8Huw0UIs0rusZeo3EdKcJ9bqjP9rhrB0ldnd2Q7t5v91EYmKcNs9UPck= detected as an SSO request URL
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SAML method: HTTP-REDIRECT
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] HTTP-REDIRECT: SAML Request SAMLRequest=hZLdT8IwFMX%2FlaXvsA%2FdgGZbgswlJPgRUB98Mc24QJOtnb23oP%2B93YiKiYGnJqf3tOd32hRFU7d8ammnlvBuAcn7aGqFvN%2FImDWKa4ESuRINIKeKr6Z3Cx4NA94aTbrSNTuxnHcIRDAktWLevMjYW5mEs2gSTkZJEMfj0U2ZxNdFNL6N46IMrpKAeS9g0M1nzNmdCdHCXCEJRU4KomgQhoMweApDHk14FL8yr3AMUgnqXTuiFrnvCwcYDQ9yDVujbTsE63dpfZRqW8NKbtWDyzTTCqE7%2BRxDdRzilTXGrQPZtLWsJDGv1KaCvsqMbUSN0AV%2BdMxyDz%2FK9LuC7jLbgFmB2csKnpeL37hVQ%2F%2BlbTXSErDtErA87TTeV2LyC84GSKwFidQ%2FNaXH1793jPPiUTuMzw6iERcq6BS5Hmz6UU5GKJSuCgdX1%2FowMyDIAZOxwPz8eOXfP5Z%2FAQ%3D%3D&RelayState=https%3A%2F%2FSP1.mydomain.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=G9bJPn8NOnfnL0nu%2FrOOaNfAbmD3icS9MRnLbbgXJ%2FWBz3XbolzwSQP8R3CCgug9%2BeYsXb8u617eUXJelz4pgOw%2FgSo4GHiaxhwIuhHZFgnrf%2F1vjijq4j4nKPUOVBULqFAFl5w4NnEdT%2BWDs719jzsotHraC0ASjJsheOn2Gwq8v%2B7KTD8a5SFw5s085deGM3xRl85vQxfD7OWQjiY2lk%2FymMmJ25tuI9ua5%2BfpUqQAh5lGcwK4rVVXYPVP8%2FXViKDviehaKDbh%2FL818WgROiJ%2FqChU5L1H3WlFgOMpvR16MgKEyvlBLIMjv1o7Fk88feXEZ%2Fp%2B%2Bcod%2Bcn6r8u0sgsIcejoyBHwzlO%2B8bFYFmohZY1J4XaZjuLJVuGdQyrHwDXSTFkH2mzpR9aRh2CyX780vPtEFPoWnL3qGk6miU5e8WSupsGO%2FYmiR2c93axzK29ClGe8UEPaNnzEIRUH0%2FAljOHDGe352IYV9nxv1vhZeRmh7ZdsGRvb7AKRR5rcrywzioVZZQQ3e1T9bJgoLti%2B%2BfgnzOkMOMEUgU9RM9DQA07LMoqAq2WCW%2B1SKGIedZT0IqYruzq%2BcshE8s3JGsgC12eTZlZK0pCCJ4UnL6auEIaIoHW8Huw0UIs0rusZeo3EdKcJ9bqjP9rhrB0ldnd2Q7t5v91EYmKcNs9UPck%3D
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Found entityID https://SP1.mydomain.com/saml/metadata in SAML message
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] https://SP1.mydomain.com/saml/metadata match SP1.mydomain.com SP in configuration
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Signature is valid
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Calling hook samlGotAuthnRequest
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Using AssertionConsumerServiceURL https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [notice] User my_username is authorized to access to SP1.mydomain.com
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] [notice] User my_username is authorized to access to SP1.mydomain.com
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Get NameID format urn:oasis:names:tc:SAML:2.0:nameid-format:transient from request
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Force AllowCreate flag in NameIDgroup2
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SSO: authentication request is valid
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Found ForceAuthn flag with value 0
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Authentication context is urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668079744 in SAML2 date: 2022-11-10T11:29:04Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668166144 in SAML2 date: 2022-11-11T11:29:04Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668079765 in SAML2 date: 2022-11-10T11:29:25Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668166165 in SAML2 date: 2022-11-11T11:29:25Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SSO: assertion is built
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] NameID Format is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] NameID Content is _7C57585F1CFEDA90602B7C3B5B8F1C05
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SAML2 attribute uid will be set with uid session key (https://SP1.mydomain.com/saml/metadata)
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Decode UTF8 value my_username
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Create attribute value my_username
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Push my_username in SAML attribute uid
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Set sessionIndex e0eaf29f16feef17ccc00305d52e4c5f8f66168679d37234e1d9a204cbf84d7c (linked to session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5)
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Convert timestamp 1668166144 in SAML2 date: 2022-11-11T11:29:04Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Set sessionNotOnOrAfter 2022-11-11T11:29:04Z
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SSO response signature according to metadata
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [notice] SAML authentication response sent to SAML SP SP1.mydomain.com for my_username with transient NameID _7C57585F1CFEDA90602B7C3B5B8F1C05
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] [notice] SAML authentication response sent to SAML SP SP1.mydomain.com for my_username with transient NameID _7C57585F1CFEDA90602B7C3B5B8F1C05
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Calling hook samlBuildAuthnResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] SSO: authentication response is built
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Save Lasso session in session
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Update session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Update sessionInfo _lassoSessionDumpI
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Dump: $VAR1 = '<Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Try to get SSO session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Portal::Main::Run
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Return SSO session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Store NameID <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_7C57585F1CFEDA90602B7C3B5B8F1C05</saml:NameID> and SessionIndex e0eaf29f16feef17ccc00305d52e4c5f8f66168679d37234e1d9a204cbf84d7c for session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Link session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 to SAML session d61965cc17a92d10c3a4f693b4f0a99a7038a0379a2cde0458b53250cbb6deba
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Processing autoPost
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Delete all hidden values
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Store PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfRTQxODA4QTUwMThCM0Y0OUM4MUIwQTExQzBDQkFGOTQiIEluUmVzcG9uc2VUbz0iX0Y2MUMyOTE5NzYwNTU4N0JGNjU0RDI4RTU1REYwMzYwIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMi0xMS0xMFQxMToyOToyNVoiIERlc3RpbmF0aW9uPSJodHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvcG9zdFJlc3BvbnNlIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hdXRoMi53aWRlZ3JvdXAuZXUvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CjxTaWduZWRJbmZvPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgo8UmVmZXJlbmNlIFVSST0iI19FNDE4MDhBNTAxOEIzRjQ5QzgxQjBBMTFDMENCQUY5NCI+CjxUcmFuc2Zvcm1zPgo8VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPERpZ2VzdFZhbHVlPlRSa2hCQnNxeVBDOE8xR0dLRHF1ZWhrZnQ3NThWanZEK1ZNbEYwVW9NL2c9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4KPFNpZ25hdHVyZVZhbHVlPm8zcVdoaDVrRzlxRjBxS0tuQ3E3andSaWVzRjJEYm1zK2hmamlFb0xZSExSd1BrUmozVUx5Qk0zUUQ0WDVwc2EKTVlYVXpGd2NaV1BHclFaV2JmejBETDhMemZnN1FVYWh2d0JIUkh1dzhsNXlNVnBiWUM0TVlkQzhIb2tXcWxqNApxcVlSeS81cGV5Z1dBM0JQQnBXVk94eUEra0tWWVRPL21tZmFzckI5L2hFTkF6REV6UjdraTJQWllBV1JzRXlnCkdBd0h4MzBLdzgwSkVIYUFmclgwVFZhSkVjSWJOdFpzOUd5UEF3Q2oxSFdrTko4YTJFOUE1UkgrMUZzWkI2S1EKQTllTzJZSEpDMTB0MDhKbHdHTTRzR1lsc2pFbFBTWjBTdCs5bnpwc0JVTUxjVTR3WFlvOGlYYTNnazB1endlOApDWGJGU0lCLzBIQW5SNUU0QkdDWEpnPT08L1NpZ25hdHVyZVZhbHVlPgo8S2V5SW5mbz4KPFg1MDlEYXRhPgo8WDUwOUNlcnRpZmljYXRlPk1JSUN0ekNDQVorZ0F3SUJBZ0lGQUlpeEN5NHdEUVlKS29aSWh2Y05BUUVMQlFBd0hURWJNQmtHQTFVRUF3d1MKWVhWMGFESXVkMmxrWldkeWIzVndMbVYxTUI0WERUSXlNRGt3T0RFek5Ua3pObG9YRFRReU1Ea3dNekV6TlRregpObG93SFRFYk1Ca0dBMVVFQXd3U1lYVjBhREl1ZDJsa1pXZHliM1Z3TG1WMU1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTBMNVFQaVJ2OUZCKzlkY0ljSmd5bXRpU3lpMnJKSkhjRmQ0a0pCWDYKWkNPc0RIUTBpRlhvNkd3Z2tYUjVRUlRBTjArcTVtS2FOWFJmdzhRUEV1MVV5NlZtK0JVVTkrTE52N2hrU3E5NQphbzI2bUJXdWViLzVkdG1ZSUswRUpZOThnRjVFYk9sOXNJeVBSQjZkcWIrbkpZQzQycHNDZ2FMK3RpdjZBZnFrCncrektyOWUxZThLaVNSbXB6bW1FNDVzSitiMzJFSFhVSnNWdjBTNGIwQmtWRVBFSTJ6SHhoTi8zM2dIYUdkUEMKbmxIbUFIMTA0emxFNFB0YlQ5Yk8rUkR0UDdIUGVablNGL09zSnI1UXZIUlI5UVJ3VE1obHgrbzVnNm4yNkFRVQo3dHlBVngxUmkyWVZZZkhVcnRXTmVaV1poVDZwYmtKVWZYbHlLL2pnMkVyNHJRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQjNsamEvWC9SQjVtYXF0L1drU0hvQTdaQktRSk1OLy82dDJsaDdySWRVcWsrUE9BRGIKcEVWZWpvV2l2U1lwMnNycHU0UStKU0paZkZTRkdxQ0tFN2FRb0VReDVVakZjaXhlcHpVVHNPdUY0QzNPbFRMNgpFWEF1NDMvMUc2MW1nakE5c3pVUytsaC9PcTlxTVplMWZOSXk1LzdqeGg1clRTOEhBUVBoeEVoS0d4NFFaVDRrClRYa0p6andOSVFIL3VZZ0wwY0huZzREZCtDUXJwU1MyL2RidWtJdi9ZRUttMGdremFjV091OTlWYnh2TlBSeksKK0ludnVYcTJGajNLQndyM1lvWURTZFUvMjNITHVLOS9CVVVoOGNUZnpnUldsQjFsN0w5MndPbFY5T1QyYllPZApNWGdqYVZHTlVvU3hONHgyVS9NNGlhb1pRUkJWYVVZbzI0TEw8L1g1MDlDZXJ0aWZpY2F0ZT4KPC9YNTA5RGF0YT4KPC9LZXlJbmZvPgo8L1NpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0iMi4wIiBJRD0iXzQwMzgxOEYyMUZCNzRCREJEOEJBOTE3MUVCNEQ5QjZGIiBJc3N1ZUluc3RhbnQ9IjIwMjItMTEtMTBUMTE6Mjk6MjVaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hdXRoMi53aWRlZ3JvdXAuZXUvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CjxTaWduZWRJbmZvPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgo8UmVmZXJlbmNlIFVSST0iI180MDM4MThGMjFGQjc0QkRCRDhCQTkxNzFFQjREOUI2RiI+CjxUcmFuc2Zvcm1zPgo8VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPERpZ2VzdFZhbHVlPi9DT1VoMnVMZDdVOEtlRnlNTy9PK2lLYjIrWVZUWEJLVDhMQSswNW9rODQ9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4KPFNpZ25hdHVyZVZhbHVlPnl1c2x1QlNCRVJ4dHNwRFI1bmVHN214K3RkK2Z0YTZTYmVjUjc1N2xqOHNSVmhPY3lpRU5nMExSWkhRNGFTSzMKQ3dCQldIbGxGNWV6ZkpiVFNKbUdWZlA3OE54dzFyUG5mbXJvL0xQY2lVYnhKdUpKNy8xRFM3d2dzTUMwc2dIeAppQld3QWxLbG9wajA1c3FCcGNVaTFDZC9Nay8vcURqWW1jTnlpME5QNysrQVNoV0R2WStUSkVQTG4zcC8yU0orCjdjUUEvd21USjRnRGxPeHF0Mm8yQzJJZHNBQzRxcW9KYXR4Wm9IVzJLMFUwRENQVFlJY3RjdkM2c3ZQVDNiKzUKdmxsS3J2M1Nld1c5YXBNZktHbDdCWmRGdlRSeVVaWEhRcncyMnp2NnBSYUpFNENaMHA3Rm10eTZiZWZ1b214bQp2Zy9BMzM4cjIreVQrcUl6cE8zL1l3PT08L1NpZ25hdHVyZVZhbHVlPgo8S2V5SW5mbz4KPFg1MDlEYXRhPgo8WDUwOUNlcnRpZmljYXRlPk1JSUN0ekNDQVorZ0F3SUJBZ0lGQUlpeEN5NHdEUVlKS29aSWh2Y05BUUVMQlFBd0hURWJNQmtHQTFVRUF3d1MKWVhWMGFESXVkMmxrWldkeWIzVndMbVYxTUI0WERUSXlNRGt3T0RFek5Ua3pObG9YRFRReU1Ea3dNekV6TlRregpObG93SFRFYk1Ca0dBMVVFQXd3U1lYVjBhREl1ZDJsa1pXZHliM1Z3TG1WMU1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTBMNVFQaVJ2OUZCKzlkY0ljSmd5bXRpU3lpMnJKSkhjRmQ0a0pCWDYKWkNPc0RIUTBpRlhvNkd3Z2tYUjVRUlRBTjArcTVtS2FOWFJmdzhRUEV1MVV5NlZtK0JVVTkrTE52N2hrU3E5NQphbzI2bUJXdWViLzVkdG1ZSUswRUpZOThnRjVFYk9sOXNJeVBSQjZkcWIrbkpZQzQycHNDZ2FMK3RpdjZBZnFrCncrektyOWUxZThLaVNSbXB6bW1FNDVzSitiMzJFSFhVSnNWdjBTNGIwQmtWRVBFSTJ6SHhoTi8zM2dIYUdkUEMKbmxIbUFIMTA0emxFNFB0YlQ5Yk8rUkR0UDdIUGVablNGL09zSnI1UXZIUlI5UVJ3VE1obHgrbzVnNm4yNkFRVQo3dHlBVngxUmkyWVZZZkhVcnRXTmVaV1poVDZwYmtKVWZYbHlLL2pnMkVyNHJRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQjNsamEvWC9SQjVtYXF0L1drU0hvQTdaQktRSk1OLy82dDJsaDdySWRVcWsrUE9BRGIKcEVWZWpvV2l2U1lwMnNycHU0UStKU0paZkZTRkdxQ0tFN2FRb0VReDVVakZjaXhlcHpVVHNPdUY0QzNPbFRMNgpFWEF1NDMvMUc2MW1nakE5c3pVUytsaC9PcTlxTVplMWZOSXk1LzdqeGg1clRTOEhBUVBoeEVoS0d4NFFaVDRrClRYa0p6andOSVFIL3VZZ0wwY0huZzREZCtDUXJwU1MyL2RidWtJdi9ZRUttMGdremFjV091OTlWYnh2TlBSeksKK0ludnVYcTJGajNLQndyM1lvWURTZFUvMjNITHVLOS9CVVVoOGNUZnpnUldsQjFsN0w5MndPbFY5T1QyYllPZApNWGdqYVZHTlVvU3hONHgyVS9NNGlhb1pRUkJWYVVZbzI0TEw8L1g1MDlDZXJ0aWZpY2F0ZT4KPC9YNTA5RGF0YT4KPC9LZXlJbmZvPgo8L1NpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+XzdDNTc1ODVGMUNGRURBOTA2MDJCN0MzQjVCOEYxQzA1PC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjI5OjI1WiIgUmVjaXBpZW50PSJodHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvcG9zdFJlc3BvbnNlIiBJblJlc3BvbnNlVG89Il9GNjFDMjkxOTc2MDU1ODdCRjY1NEQyOEU1NURGMDM2MCIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDIyLTExLTEwVDExOjI4OjI1WiIgTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjMwOjI1WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvbWV0YWRhdGE8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIyLTExLTEwVDExOjI5OjA0WiIgU2Vzc2lvbkluZGV4PSJlMGVhZjI5ZjE2ZmVlZjE3Y2NjMDAzMDVkNTJlNGM1ZjhmNjYxNjg2NzlkMzcyMzRlMWQ5YTIwNGNiZjg0ZDdjIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjI5OjA0WiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiBGcmllbmRseU5hbWU9InVpZCI+PHNhbWw6QXR0cmlidXRlVmFsdWU+YW5kcmVhLnBhc3N1ZWxsbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== in hidden key SAMLResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Store https://SP1.mydomain.com/ in hidden key RelayState
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Returned status: -2 (PE_REDIRECT)
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Skin returned: redirect
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Calling sendHtml with template redirect
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/myskin/redirect.tpl
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Sending /usr/share/lemonldap-ng/portal/templates/myskin/redirect.tpl
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Apply following CORS group2:
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Allow-Origin
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] *
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Allow-Credentials
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] true
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Allow-Headers
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] *
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Allow-Methods
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] POST,GET
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Expose-Headers
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] *
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Access-Control-Max-Age
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] 86400
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Required urldc: https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Set CSP form-action with urldc: https://SP1.mydomain.com
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Required Params URL: https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Set CSP form-action with Params URL: https://SP1.mydomain.com
Nov 10 12:29:25 VHOST2 apache2-error-default [Thu Nov 10 12:29:25 2022] [LLNG:8054] [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://SP1.mydomain.com https://SP1.mydomain.com;frame-ancestors 'none';
**STEP 3**
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Get configuration from cache without verification.
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] VH PORTAL.mydomain.com is HTTPS
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler::Main::Run
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Check session validity from Handler
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Session timeout -> 86400
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Session _utime -> 1668079744
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] now -> 1668079786
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Session timeoutActivityInterval -> 60
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Session TTL = 86358
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] No URL authentication level found...
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] PORTAL.mydomain.com: Apply default rule
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] removing cookie
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Cookies -> llnglanguage=it; cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] CookieName -> cookiename_test
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] newCookies -> llnglanguage=it;
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] User my_username was granted to access to /saml/singleSignOn?SAMLRequest=hZLdT8IwFMX%2FlaXvsA8nkWYjgX0kJKgE1AdfTDMu0GRrZ%2B8t6H9vN6JiYuCpyek97fmdNkHR1C2fWtqrFbxbQPI%2Bmloh7zdSZo3iWqBErkQDyKni6%2Bn9gkfDgLdGk650zc4slx0CEQxJrZg3z1P2dpcVN0FRTIs4i8tRmAdhVpbjMC7K2WhWZDHzXsCgm0%2BZszsTooW5QhKKnBRE0SAMB2HwFIY8GvP49pV5uWOQSlDv2hO1yH1fOMBoeJQb2Blt2yFYv0vro1S7GtZypx5dpkwrhO7kSwzVaYhX1hi3DmTT1rKSxLxSmwr6KlO2FTVCF3jpmOUBfpTpdwXdZbYBswZzkBU8rxa%2FcauG%2FkvbaqQVYNslYJOk03hfiZlccTZAYiNIJP65KTm9%2FoNjnOdL7TA%2BO4hGXKmgU%2BRmsO1HORmhULoqHFxd62NmQJADJmOB%2BZPTlX%2F%2F2OQL&RelayState=https%3A%2F%2FSP1.mydomain.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=VsojqXho%2BJW6F3%2BbBKlF5B%2FKzDiN7KCeO1INq1GpMfl4abW5tRr6kYOKigqzVsYaNQnjrfPSm9lCJCM%2FbeXZCgNNCaO7YmQ4gsnrASh16IsL7%2Bsev85JvrH1v1oZL7QYiGEI9tRhRSzanL3yW4%2BCWMjjypjcfNs7uleD7%2FcAl9ikGivDPuSbkIif6ZjvDtOa85FedfpeHSTynvIWq89MU5YxJQsMEFLtvsyTJtMjyKsjtGur0Tc9ncVpeW5Ns5IbZXh%2Bc2ymQhM5t8K%2Fu8u8jrA2XxcDJuA0YhmWYfSYFyLDoEkvvthJ4mXTuWu2cjL%2B5xlKLY6%2BJOPzbkc%2BlaDWTEhFwm8OkuABS7U9k%2Fnv1EDWB7C0XsHOg53VnHbo8QUJvVvpdZuUBz1w1u7klILb%2BTFlt3ZytiyWgLWalb2s5TRVx5OxfhEvgeM8b5tXf1INjnWl18ockHqEFUXdVOrWDqwyx0UtetebWe%2BAw7brQjlt%2F8q0f1p5fJta5O5wORGwC%2B1%2F6QbCNyzwy6B32i5UHYTMqxsHvLVwHRjy9bqG2H2gDbfImmnDU8Tq1NpMHv6CS3LAEe0kFdu3gaemeylgXgtBLMePwhJ%2FeWlb1E4bIrbsC36GFNAZgl0Z%2FptEH05YVkOE1grA0vGJaifAgTmdYZbnDTBPw2iAuMjDVoFiAGg%3D
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Start routing saml
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing _forAuthUser
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Cleaning pdata
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing importHandlerData
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing controlUrl
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Launching ::Plugins::CDA::changeUrldc
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Launching ::Password::LDAP::_modifyPassword
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] URL /saml/singleSignOn?SAMLRequest=hZLdT8IwFMX/laXvsA8nkWYjgX0kJKgE1AdfTDMu0GRrZ+8t6H9vN6JiYuCpyek97fmdNkHR1C2fWtqrFbxbQPI+mloh7zdSZo3iWqBErkQDyKni6+n9gkfDgLdGk650zc4slx0CEQxJrZg3z1P2dpcVN0FRTIs4i8tRmAdhVpbjMC7K2WhWZDHzXsCgm0+ZszsTooW5QhKKnBRE0SAMB2HwFIY8GvP49pV5uWOQSlDv2hO1yH1fOMBoeJQb2Blt2yFYv0vro1S7GtZypx5dpkwrhO7kSwzVaYhX1hi3DmTT1rKSxLxSmwr6KlO2FTVCF3jpmOUBfpTpdwXdZbYBswZzkBU8rxa/cauG/kvbaqQVYNslYJOk03hfiZlccTZAYiNIJP65KTm9/oNjnOdL7TA+O4hGXKmgU+RmsO1HORmhULoqHFxd62NmQJADJmOB+ZPTlX//2OQL&RelayState=https://SP1.mydomain.com/&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=VsojqXho+JW6F3+bBKlF5B/KzDiN7KCeO1INq1GpMfl4abW5tRr6kYOKigqzVsYaNQnjrfPSm9lCJCM/beXZCgNNCaO7YmQ4gsnrASh16IsL7+sev85JvrH1v1oZL7QYiGEI9tRhRSzanL3yW4+CWMjjypjcfNs7uleD7/cAl9ikGivDPuSbkIif6ZjvDtOa85FedfpeHSTynvIWq89MU5YxJQsMEFLtvsyTJtMjyKsjtGur0Tc9ncVpeW5Ns5IbZXh+c2ymQhM5t8K/u8u8jrA2XxcDJuA0YhmWYfSYFyLDoEkvvthJ4mXTuWu2cjL+5xlKLY6+JOPzbkc+laDWTEhFwm8OkuABS7U9k/nv1EDWB7C0XsHOg53VnHbo8QUJvVvpdZuUBz1w1u7klILb+TFlt3ZytiyWgLWalb2s5TRVx5OxfhEvgeM8b5tXf1INjnWl18ockHqEFUXdVOrWDqwyx0UtetebWe+Aw7brQjlt/8q0f1p5fJta5O5wORGwC+1/6QbCNyzwy6B32i5UHYTMqxsHvLVwHRjy9bqG2H2gDbfImmnDU8Tq1NpMHv6CS3LAEe0kFdu3gaemeylgXgtBLMePwhJ/eWlb1E4bIrbsC36GFNAZgl0Z/ptEH05YVkOE1grA0vGJaifAgTmdYZbnDTBPw2iAuMjDVoFiAGg= detected as an SSO request URL
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SAML method: HTTP-REDIRECT
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] HTTP-REDIRECT: SAML Request SAMLRequest=hZLdT8IwFMX%2FlaXvsA8nkWYjgX0kJKgE1AdfTDMu0GRrZ%2B8t6H9vN6JiYuCpyek97fmdNkHR1C2fWtqrFbxbQPI%2Bmloh7zdSZo3iWqBErkQDyKni6%2Bn9gkfDgLdGk650zc4slx0CEQxJrZg3z1P2dpcVN0FRTIs4i8tRmAdhVpbjMC7K2WhWZDHzXsCgm0%2BZszsTooW5QhKKnBRE0SAMB2HwFIY8GvP49pV5uWOQSlDv2hO1yH1fOMBoeJQb2Blt2yFYv0vro1S7GtZypx5dpkwrhO7kSwzVaYhX1hi3DmTT1rKSxLxSmwr6KlO2FTVCF3jpmOUBfpTpdwXdZbYBswZzkBU8rxa%2FcauG%2FkvbaqQVYNslYJOk03hfiZlccTZAYiNIJP65KTm9%2FoNjnOdL7TA%2BO4hGXKmgU%2BRmsO1HORmhULoqHFxd62NmQJADJmOB%2BZPTlX%2F%2F2OQL&RelayState=https%3A%2F%2FSP1.mydomain.com%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=VsojqXho%2BJW6F3%2BbBKlF5B%2FKzDiN7KCeO1INq1GpMfl4abW5tRr6kYOKigqzVsYaNQnjrfPSm9lCJCM%2FbeXZCgNNCaO7YmQ4gsnrASh16IsL7%2Bsev85JvrH1v1oZL7QYiGEI9tRhRSzanL3yW4%2BCWMjjypjcfNs7uleD7%2FcAl9ikGivDPuSbkIif6ZjvDtOa85FedfpeHSTynvIWq89MU5YxJQsMEFLtvsyTJtMjyKsjtGur0Tc9ncVpeW5Ns5IbZXh%2Bc2ymQhM5t8K%2Fu8u8jrA2XxcDJuA0YhmWYfSYFyLDoEkvvthJ4mXTuWu2cjL%2B5xlKLY6%2BJOPzbkc%2BlaDWTEhFwm8OkuABS7U9k%2Fnv1EDWB7C0XsHOg53VnHbo8QUJvVvpdZuUBz1w1u7klILb%2BTFlt3ZytiyWgLWalb2s5TRVx5OxfhEvgeM8b5tXf1INjnWl18ockHqEFUXdVOrWDqwyx0UtetebWe%2BAw7brQjlt%2F8q0f1p5fJta5O5wORGwC%2B1%2F6QbCNyzwy6B32i5UHYTMqxsHvLVwHRjy9bqG2H2gDbfImmnDU8Tq1NpMHv6CS3LAEe0kFdu3gaemeylgXgtBLMePwhJ%2FeWlb1E4bIrbsC36GFNAZgl0Z%2FptEH05YVkOE1grA0vGJaifAgTmdYZbnDTBPw2iAuMjDVoFiAGg%3D
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Lasso Session loaded
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Found entityID https://SP1.mydomain.com/saml/metadata in SAML message
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] https://SP1.mydomain.com/saml/metadata match SP1.mydomain.com SP in configuration
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Signature is valid
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Calling hook samlGotAuthnRequest
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Using AssertionConsumerServiceURL https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [notice] User my_username is authorized to access to SP1.mydomain.com
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] [notice] User my_username is authorized to access to SP1.mydomain.com
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Get NameID format urn:oasis:names:tc:SAML:2.0:nameid-format:transient from request
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Force AllowCreate flag in NameIDgroup2
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SSO: authentication request is valid
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Found ForceAuthn flag with value 0
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Authentication context is urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668079744 in SAML2 date: 2022-11-10T11:29:04Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668166144 in SAML2 date: 2022-11-11T11:29:04Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668079786 in SAML2 date: 2022-11-10T11:29:46Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668166186 in SAML2 date: 2022-11-11T11:29:46Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SSO: assertion is built
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] NameID Format is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] NameID Content is _82BB2826B989215A844782170C929215
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SAML2 attribute uid will be set with uid session key (https://SP1.mydomain.com/saml/metadata)
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Decode UTF8 value my_username
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Create attribute value my_username
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Push my_username in SAML attribute uid
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Set sessionIndex 84305ba43f548a9eb59797e89b6c6e62c4e708fb904ca913a31ae5e4e7c395b6 (linked to session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5)
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Convert timestamp 1668166144 in SAML2 date: 2022-11-11T11:29:04Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Set sessionNotOnOrAfter 2022-11-11T11:29:04Z
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SSO response signature according to metadata
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [notice] SAML authentication response sent to SAML SP SP1.mydomain.com for my_username with transient NameID _82BB2826B989215A844782170C929215
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] [notice] SAML authentication response sent to SAML SP SP1.mydomain.com for my_username with transient NameID _82BB2826B989215A844782170C929215
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Calling hook samlBuildAuthnResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] SSO: authentication response is built
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Save Lasso session in session
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Update session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Update sessionInfo _lassoSessionDumpI
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Dump: $VAR1 = '<Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Try to get SSO session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Portal::Main::Run
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Return SSO session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Store NameID <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_82BB2826B989215A844782170C929215</saml:NameID> and SessionIndex 84305ba43f548a9eb59797e89b6c6e62c4e708fb904ca913a31ae5e4e7c395b6 for session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Link session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 to SAML session 0956b1f44994c7b97587bcb078cd66355c52c267689cf48ab077e8bad5a8e2b1
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Processing autoPost
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Delete all hidden values
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Store PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfOUI1QTc1Q0M4N0M4NTI5MjA5NjE2Q0U0MDVEMkE0RTgiIEluUmVzcG9uc2VUbz0iXzhDRTMwRUVBRTRDNEY2MUQwMUNGRjkxNEVGQjZCRUM0IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMi0xMS0xMFQxMToyOTo0NloiIERlc3RpbmF0aW9uPSJodHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvcG9zdFJlc3BvbnNlIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hdXRoMi53aWRlZ3JvdXAuZXUvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CjxTaWduZWRJbmZvPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgo8UmVmZXJlbmNlIFVSST0iI185QjVBNzVDQzg3Qzg1MjkyMDk2MTZDRTQwNUQyQTRFOCI+CjxUcmFuc2Zvcm1zPgo8VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPERpZ2VzdFZhbHVlPk4vNXA4eEFmZkVwMWRlSEVSZ1VBcS9RUlE1NExPczh3S1ZxTm5EWkhQemM9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4KPFNpZ25hdHVyZVZhbHVlPkFMeEhqMWI4c1p4NFVZcVI5eWwxTm1LN0FDYTlUK2ErZHJSQXVOK2NweEpJVUtLWEdLVnlJVkZwZHJ5VWo4bkkKMDRINTNIcTZUQmlJS0ZLNmpSajR2MVNNS042dTNwU1VtZ3BnK2E3OFEwVWhGRUtFK3hlbmNtTWtQYk5NOE1FWQptRnZqR0ViYXpHVGpuTVJxeEJ6TzhHemNLM2VKL21NMGpMU0g1aGQ2MG05TW9SWmI3aWo0ZVUrU0VNOUVMaWNvCkhwUWNZengzcW82M3B4NzliM1BmczhYZ3pJbTRSWEFQbWMzMzFOTi9mZmpGVTcwU2tHZkFPU1VmQklYbnNEdTgKTStCUVdZTWZrMXVLRUhVdXdDWFRpZS9IWUo2UHZEQzQxYjUyTklyLzFzYWVFK1B1VC8xUVdvTnMwYTY4djYvVgpVSG9QYSs3QTRFQ2lyaU9jRkl2MjZRPT08L1NpZ25hdHVyZVZhbHVlPgo8S2V5SW5mbz4KPFg1MDlEYXRhPgo8WDUwOUNlcnRpZmljYXRlPk1JSUN0ekNDQVorZ0F3SUJBZ0lGQUlpeEN5NHdEUVlKS29aSWh2Y05BUUVMQlFBd0hURWJNQmtHQTFVRUF3d1MKWVhWMGFESXVkMmxrWldkeWIzVndMbVYxTUI0WERUSXlNRGt3T0RFek5Ua3pObG9YRFRReU1Ea3dNekV6TlRregpObG93SFRFYk1Ca0dBMVVFQXd3U1lYVjBhREl1ZDJsa1pXZHliM1Z3TG1WMU1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTBMNVFQaVJ2OUZCKzlkY0ljSmd5bXRpU3lpMnJKSkhjRmQ0a0pCWDYKWkNPc0RIUTBpRlhvNkd3Z2tYUjVRUlRBTjArcTVtS2FOWFJmdzhRUEV1MVV5NlZtK0JVVTkrTE52N2hrU3E5NQphbzI2bUJXdWViLzVkdG1ZSUswRUpZOThnRjVFYk9sOXNJeVBSQjZkcWIrbkpZQzQycHNDZ2FMK3RpdjZBZnFrCncrektyOWUxZThLaVNSbXB6bW1FNDVzSitiMzJFSFhVSnNWdjBTNGIwQmtWRVBFSTJ6SHhoTi8zM2dIYUdkUEMKbmxIbUFIMTA0emxFNFB0YlQ5Yk8rUkR0UDdIUGVablNGL09zSnI1UXZIUlI5UVJ3VE1obHgrbzVnNm4yNkFRVQo3dHlBVngxUmkyWVZZZkhVcnRXTmVaV1poVDZwYmtKVWZYbHlLL2pnMkVyNHJRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQjNsamEvWC9SQjVtYXF0L1drU0hvQTdaQktRSk1OLy82dDJsaDdySWRVcWsrUE9BRGIKcEVWZWpvV2l2U1lwMnNycHU0UStKU0paZkZTRkdxQ0tFN2FRb0VReDVVakZjaXhlcHpVVHNPdUY0QzNPbFRMNgpFWEF1NDMvMUc2MW1nakE5c3pVUytsaC9PcTlxTVplMWZOSXk1LzdqeGg1clRTOEhBUVBoeEVoS0d4NFFaVDRrClRYa0p6andOSVFIL3VZZ0wwY0huZzREZCtDUXJwU1MyL2RidWtJdi9ZRUttMGdremFjV091OTlWYnh2TlBSeksKK0ludnVYcTJGajNLQndyM1lvWURTZFUvMjNITHVLOS9CVVVoOGNUZnpnUldsQjFsN0w5MndPbFY5T1QyYllPZApNWGdqYVZHTlVvU3hONHgyVS9NNGlhb1pRUkJWYVVZbzI0TEw8L1g1MDlDZXJ0aWZpY2F0ZT4KPC9YNTA5RGF0YT4KPC9LZXlJbmZvPgo8L1NpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0iMi4wIiBJRD0iXzU0NTFDNDdEMjY5NzVBM0YxMThDQjY5MjRBRThDOTQ1IiBJc3N1ZUluc3RhbnQ9IjIwMjItMTEtMTBUMTE6Mjk6NDZaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hdXRoMi53aWRlZ3JvdXAuZXUvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CjxTaWduZWRJbmZvPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgo8UmVmZXJlbmNlIFVSST0iI181NDUxQzQ3RDI2OTc1QTNGMTE4Q0I2OTI0QUU4Qzk0NSI+CjxUcmFuc2Zvcm1zPgo8VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgo8L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz4KPERpZ2VzdFZhbHVlPldMbnBnZ3pDN2NSSDF3UWw0RmNzQUlzcXB1RElQWnh3TzVCaGh5MjNVY3c9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4KPFNpZ25hdHVyZVZhbHVlPlpWM24zcndZOUpMU2lKbEhYV1BtRXVLaWxOQTNNLzQwdXRLQjdTa05iNy9mZEJ4K3lWOWpsL2ttbkhmTWFsK3cKbmpEczgybUYrUjdZRVpGS0dGWURTcU5EQlQ5aDBNK1YwdjdzZ0ZCZExXMU8yNklvMFJ1UU8zUnMybmlXeTQ4eQpucU1xRS8zUitEOFkrSnorT0dtWHJXL1NWYWxZMUtxVFdCQlN0ZHQyODhjK1hUVzh3MGtBZlVBR3FqcW05dWlJCjZSOFAxU3gyVDBvTU9jZjM0TWhNMkM1TFVycmlBRlNYSGlWUFU0UnZldSs2ZDdTMDg5dkRDSXFHRWJ2TlFOd1kKVlZmOEx0QTgrK0dBQXJxeTdPS2xNVVMvUVRlM25ObjhPeTJGaHZ2SnZDaXBSWjAxQnRoSDIwanhYNS9oUzlrUApJSDhaVGlyQnBJdDd3S3d1VzNDSUhRPT08L1NpZ25hdHVyZVZhbHVlPgo8S2V5SW5mbz4KPFg1MDlEYXRhPgo8WDUwOUNlcnRpZmljYXRlPk1JSUN0ekNDQVorZ0F3SUJBZ0lGQUlpeEN5NHdEUVlKS29aSWh2Y05BUUVMQlFBd0hURWJNQmtHQTFVRUF3d1MKWVhWMGFESXVkMmxrWldkeWIzVndMbVYxTUI0WERUSXlNRGt3T0RFek5Ua3pObG9YRFRReU1Ea3dNekV6TlRregpObG93SFRFYk1Ca0dBMVVFQXd3U1lYVjBhREl1ZDJsa1pXZHliM1Z3TG1WMU1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTBMNVFQaVJ2OUZCKzlkY0ljSmd5bXRpU3lpMnJKSkhjRmQ0a0pCWDYKWkNPc0RIUTBpRlhvNkd3Z2tYUjVRUlRBTjArcTVtS2FOWFJmdzhRUEV1MVV5NlZtK0JVVTkrTE52N2hrU3E5NQphbzI2bUJXdWViLzVkdG1ZSUswRUpZOThnRjVFYk9sOXNJeVBSQjZkcWIrbkpZQzQycHNDZ2FMK3RpdjZBZnFrCncrektyOWUxZThLaVNSbXB6bW1FNDVzSitiMzJFSFhVSnNWdjBTNGIwQmtWRVBFSTJ6SHhoTi8zM2dIYUdkUEMKbmxIbUFIMTA0emxFNFB0YlQ5Yk8rUkR0UDdIUGVablNGL09zSnI1UXZIUlI5UVJ3VE1obHgrbzVnNm4yNkFRVQo3dHlBVngxUmkyWVZZZkhVcnRXTmVaV1poVDZwYmtKVWZYbHlLL2pnMkVyNHJRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQjNsamEvWC9SQjVtYXF0L1drU0hvQTdaQktRSk1OLy82dDJsaDdySWRVcWsrUE9BRGIKcEVWZWpvV2l2U1lwMnNycHU0UStKU0paZkZTRkdxQ0tFN2FRb0VReDVVakZjaXhlcHpVVHNPdUY0QzNPbFRMNgpFWEF1NDMvMUc2MW1nakE5c3pVUytsaC9PcTlxTVplMWZOSXk1LzdqeGg1clRTOEhBUVBoeEVoS0d4NFFaVDRrClRYa0p6andOSVFIL3VZZ0wwY0huZzREZCtDUXJwU1MyL2RidWtJdi9ZRUttMGdremFjV091OTlWYnh2TlBSeksKK0ludnVYcTJGajNLQndyM1lvWURTZFUvMjNITHVLOS9CVVVoOGNUZnpnUldsQjFsN0w5MndPbFY5T1QyYllPZApNWGdqYVZHTlVvU3hONHgyVS9NNGlhb1pRUkJWYVVZbzI0TEw8L1g1MDlDZXJ0aWZpY2F0ZT4KPC9YNTA5RGF0YT4KPC9LZXlJbmZvPgo8L1NpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+XzgyQkIyODI2Qjk4OTIxNUE4NDQ3ODIxNzBDOTI5MjE1PC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjI5OjQ2WiIgUmVjaXBpZW50PSJodHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvcG9zdFJlc3BvbnNlIiBJblJlc3BvbnNlVG89Il84Q0UzMEVFQUU0QzRGNjFEMDFDRkY5MTRFRkI2QkVDNCIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDIyLTExLTEwVDExOjI4OjQ2WiIgTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjMwOjQ2WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2NtdDIud2lkZWdyb3VwLmV1L3NhbWwvbWV0YWRhdGE8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIyLTExLTEwVDExOjI5OjA0WiIgU2Vzc2lvbkluZGV4PSI4NDMwNWJhNDNmNTQ4YTllYjU5Nzk3ZTg5YjZjNmU2MmM0ZTcwOGZiOTA0Y2E5MTNhMzFhZTVlNGU3YzM5NWI2IiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDIyLTExLTExVDExOjI5OjA0WiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiBGcmllbmRseU5hbWU9InVpZCI+PHNhbWw6QXR0cmlidXRlVmFsdWU+YW5kcmVhLnBhc3N1ZWxsbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== in hidden key SAMLResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Store https://SP1.mydomain.com/ in hidden key RelayState
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Returned status: -2 (PE_REDIRECT)
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Skin returned: redirect
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Calling sendHtml with template redirect
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/myskin/redirect.tpl
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Sending /usr/share/lemonldap-ng/portal/templates/myskin/redirect.tpl
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Apply following CORS group2:
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Allow-Origin
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] *
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Allow-Credentials
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] true
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Allow-Headers
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] *
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Allow-Methods
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] POST,GET
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Expose-Headers
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] *
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Access-Control-Max-Age
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] 86400
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Required urldc: https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Set CSP form-action with urldc: https://SP1.mydomain.com
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Required Params URL: https://SP1.mydomain.com/saml/postResponse
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Set CSP form-action with Params URL: https://SP1.mydomain.com
Nov 10 12:29:46 VHOST2 apache2-error-default [Thu Nov 10 12:29:46 2022] [LLNG:8054] [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://SP1.mydomain.com https://SP1.mydomain.com;frame-ancestors 'none';
**STEP 4**
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Logger Lemonldap::NG::Common::Logger::Std loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User logger Lemonldap::NG::Common::Logger::Std loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get configuration 246 aged 1667578460
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [info] Loading configuration 246 for process 8057
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls defaultValuesInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options https for vhost PORTAL.mydomain.com: 1
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options https for vhost MANAGER.mydomain.com: 1
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options maintenance for vhost PORTAL.mydomain.com: 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options maintenance for vhost VHOST1.mydomain.com: 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options maintenance for vhost MANAGER.mydomain.com: 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Options maintenance for vhost VHOST2.mydomain.com: 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls jailInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls portalInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls locationRulesInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls sessionStorageInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls headersInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls postUrlInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls aliasInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Process 8057 calls oPORTALInit
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Module Lemonldap::NG::Manager::Conf loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route manager.html will use manager
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route virtualHosts added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route samlIDPMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route samlSPMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route applicationList added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route oidcOPMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route oidcRPMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route casSrvMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route casAppMetaDataNodes added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route authChoiceModules added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route grantSessionRules added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route combModules added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route sfExtra added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route openIdIDPList added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route * added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add POST route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route sendTestMail added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route newCertificate added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route raw added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route newRSAKey added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route * added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add POST route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add PUT route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add PATCH route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route diff.html will use diff
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add POST route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route prx added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Plugin conf loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Module Lemonldap::NG::Manager::Sessions loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route sessions.html will use sessions
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Plugin sessions loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Module Lemonldap::NG::Manager::Notifications loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Use extension "json" to store notification files
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route notifications.html will use notifications
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route actives added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route done added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add POST route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route actives added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add PUT route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Plugin notifications loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Module Lemonldap::NG::Manager::2ndFA loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route 2ndfa.html added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add DELETE route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route : added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Plugin 2ndFA loaded
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route links added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Add GET route:
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] route psgi.js added
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Default module -> Lemonldap::NG::Manager::Conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Default index -> 0
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] PSGI app is protected
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler::Main::Run
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Check session validity from Handler
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Session timeout -> 86400
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Session _utime -> 1668079744
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] now -> 1668079800
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Session timeoutActivityInterval -> 60
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Session TTL = 86344
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Regexp "Configuration" match
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] newCookies ->
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.html
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Start routing manager.html
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Starting HTML generation using /usr/share/lemonldap-ng/manager/htdocs/templates/manager.tpl
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Sending /usr/share/lemonldap-ng/manager/htdocs/templates/manager.tpl
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Regexp "Configuration" match
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] newCookies ->
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/confs/latest
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Start routing confs
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgNum in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to latest
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgAuthor in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgDate in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgAuthorIP in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgLog in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for cfgVersion in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [info] REST request to get configuration metadata (246)
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Regexp "Configuration" match
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/confs/246/portal
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Start routing confs
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [info] REST request to get configuration key portal
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for portal in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Regexp "Configuration" match
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/confs/246/domain
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Start routing confs
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [info] REST request to get configuration key domain
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Search for domain in conf
Nov 10 12:30:00 VHOST2 apache2-error-default [Thu Nov 10 12:30:00 2022] [LLNG:8057] [debug] Cfgnum set to 246
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Get configuration from cache without verification.
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] User my_username was granted to access to /sessions.html
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Start routing sessions.html
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Starting HTML generation using /usr/share/lemonldap-ng/manager/htdocs/templates/sessions.tpl
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Sending /usr/share/lemonldap-ng/manager/htdocs/templates/sessions.tpl
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/sessions/global?groupBy=substr(_whatToTrace,1)
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] Start routing sessions
Nov 10 12:30:06 VHOST2 apache2-error-default [Thu Nov 10 12:30:06 2022] [LLNG:8057] [debug] First filter: _session_kind = SSO (searchOn)
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Get configuration from cache without verification.
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/sessions/global?_whatToTrace=a*&groupBy=_whatToTrace
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Start routing sessions
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] First filter: _whatToTrace = a* (searchOnExpr)
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Removing unless _whatToTrace =~ /^a*$/
Nov 10 12:30:08 VHOST2 apache2-error-default [Thu Nov 10 12:30:08 2022] [LLNG:8057] [debug] Removing unless _session_kind =~ /^SSO$/
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Get configuration from cache without verification.
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] VH PORTAL.mydomain.com is HTTPS
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler::Main::Run
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Check session validity from Handler
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Session timeout -> 86400
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Session _utime -> 1668079744
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] now -> 1668079809
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Session timeoutActivityInterval -> 60
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Session TTL = 86335
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] No URL authentication level found...
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] PORTAL.mydomain.com: Apply default rule
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] removing cookie
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Cookies -> llnglanguage=it; cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] CookieName -> cookiename_test
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] newCookies -> llnglanguage=it;
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] User my_username was granted to access to /index.fcgi/
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Start routing default route
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing importHandlerData
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing restoreArgs
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing controlUrl
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing checkLogout
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Launching ::Plugins::CDA::changeUrldc
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing code ref
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Launching ::Password::LDAP::_modifyPassword
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] Processing to JSON response
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8054] [debug] AJAX request from portal, allowing CORS
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/sessions/global?_whatToTrace=my_username
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Start routing sessions
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] First filter: _whatToTrace = my_username (searchOn)
Nov 10 12:30:09 VHOST2 apache2-error-default [Thu Nov 10 12:30:09 2022] [LLNG:8057] [debug] Removing unless _session_kind =~ /^SSO$/
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Get configuration from cache without verification.
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] VH MANAGER.mydomain.com is HTTPS
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Handler internal cache
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] No URL authentication level found...
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Regexp "Sessions" match
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] removing cookie
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Cookies -> cookiename_test=39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5; llnglanguage=it
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] CookieName -> cookiename_test
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] newCookies -> llnglanguage=it
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] User my_username was granted to access to /manager.fcgi/sessions/global/39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] User authenticated, calling handler()
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Start routing sessions
Nov 10 12:30:10 VHOST2 apache2-error-default [Thu Nov 10 12:30:10 2022] [LLNG:8057] [debug] Get session 39f471bcc22018246bb8da2b0963cfef28c176192fe7059cf01925a04da298e5 from Common::Session::REST
Is this a misconfiguration problem or am I doing something wrong?
Many thanks.In discussionMaxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2218Manager can generates non unique application id in menu2021-06-24T13:06:52ZClément OUDOTManager can generates non unique application id in menuWhen creating a new application in menu from Manager, the application id is computed from application name.
If this application has the same name than an application in another category, then it will get the same id, which is possible a...When creating a new application in menu from Manager, the application id is computed from application name.
If this application has the same name than an application in another category, then it will get the same id, which is possible as applications are sorted by categories in the application hash. But if you change the dislay rule of the first application, the second application will also be impacted, as they have the same id, and this id is removed from applications shown in the portal.
I am not sure on how to fix this...3.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2112Local session cache causing basic auth failures2022-12-13T13:44:07ZChris ALocal session cache causing basic auth failures### Concerned version
Version: %"2.0.7"
Platform: Nginx
### Summary
When using basic auth with a local session cache, basic auth will start to fail once a day for several minutes even though the backend authentication succeeds. It ...### Concerned version
Version: %"2.0.7"
Platform: Nginx
### Summary
When using basic auth with a local session cache, basic auth will start to fail once a day for several minutes even though the backend authentication succeeds. It seems to be related to the local session cache keeping an expired session, and the local purge script cleans it up too late.
### Logs
```
Feb 20 20:03:08 janus LLNG[15821]: [notice] Good REST authentication for xxx
Feb 20 20:03:08 janus LLNG[15821]: [debug] [notice] Good REST authentication for xxx
Feb 20 20:03:08 janus LLNG[15821]: [debug] Get session b901f55522ea2b002d10ad57e2a1c2de8503b167ee84fa251906e14348e7a7cf from
Handler::Main::Run
Feb 20 20:03:08 janus LLNG[15821]: [debug] Check session validity from Handler
Feb 20 20:03:08 janus LLNG[15821]: [debug] Session timeout -> 72000
Feb 20 20:03:08 janus LLNG[15821]: [debug] Session _utime -> 1582156801
Feb 20 20:03:08 janus LLNG[15821]: [debug] now -> 1582228988
Feb 20 20:03:08 janus LLNG[15821]: [debug] Session timeoutActivityInterval -> 60
Feb 20 20:03:08 janus LLNG[15821]: [debug] Session TTL = -187
Feb 20 20:03:08 janus LLNG[15821]: [info] Session b901f55522ea2b002d10ad57e2a1c2de8503b167ee84fa251906e14348e7a7cf expired
```
### Backends used
LDAP is used for the authentication backend, and Redis is used as the session storage. The session cache was the file backend.
### Possible fixes
If I manually delete the session from the file cache while the issue is happening, it is fixed. I have since disabled the session cache entirely which has also fixed the issue.
(just as a side note for anyone trying this, the manager interface did not allow an empty field, so I had to set an empty value in the config file manually)
I'm not sure what a proper fix would be, but it seems that the basic auth handler could fall back to the main session database if it sees an expired entry and somehow refresh the expired session in the cache.BacklogChristophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1981Unable to deactivate "Force UTF-8" in SAML SP attribute configuration2019-11-20T16:17:01ZFrançois JoulaudUnable to deactivate "Force UTF-8" in SAML SP attribute configuration### Concerned version
Version: %"1.9.22"
Platform: (Apache)
### Summary
When we unset "Force UTF-8" in "Authentication Response" section of SAML Service Provider configuration. Manager set samlSPMetaDataOptionsForceUTF8 to "0" but t...### Concerned version
Version: %"1.9.22"
Platform: (Apache)
### Summary
When we unset "Force UTF-8" in "Authentication Response" section of SAML Service Provider configuration. Manager set samlSPMetaDataOptionsForceUTF8 to "0" but this has not the intended effect as the mere presence of the key activate UTF-8 re-encoding.
### Backends used
Configuration is stored in json files.
### Possible fixes
Probably a change somewhere here by checking the value of `$force_utf8` and not only the presence of the key:
```
sub createAttributeValue {
my ( $self, $value, $force_utf8 ) = @_;
my $saml2value;
$force_utf8 = 1 unless defined($force_utf8);
# Value is required
return unless defined $value;
# Decode UTF-8
$self->logger->debug("Decode UTF8 value $value") if $force_utf8;
$value = decode( "utf8", $value ) if $force_utf8;
```
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/blob/master/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm#L2915In discussionhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1740Applications disappear from the portal in rare cases after saving configurati...2022-11-24T14:56:52ZMaxime BessonApplications disappear from the portal in rare cases after saving configuration in the manager### Concerned version
Version: %2.0.2
### Summary
I have witnessed a strange case in which all applications disappear from the portal after editing a completely unrelated setting.
Making a minor edit (description) to one application...### Concerned version
Version: %2.0.2
### Summary
I have witnessed a strange case in which all applications disappear from the portal after editing a completely unrelated setting.
Making a minor edit (description) to one application makes them appear again.
### Logs
The faulty applications look like this in configuration:
```
"applicationList" : {
...
"0005-cat" : {
"0006-app" : {
"options" : {
"description" : "Configure LemonLDAP::NG WebSSO",
"display" : "on",
"logo" : "configure.png",
"name" : "WebSSO Manager",
"uri" : "https://manager.example.com/manager.html"
},
"type" : "menuApp"
},
...
```
They have `type: menuApp` instead of `type: application`, and after making any minor edit, the type is set to the correct value again and they all display correctly
And this is a redacted diff between a working configuration and the faulty one:
```
--- /dev/fd/63 2019-05-07 17:49:13.393814123 +0200
+++ /dev/fd/62 2019-05-07 17:49:13.393814123 +0200
@@ -14,7 +14,7 @@
},
- "type" : "application"
+ "type" : "menuApp"
},
"0003-app" : {
"options" : {
@@ -24,7 +24,7 @@
- "type" : "application"
+ "type" : "menuApp"
},
"0004-app" : {
"options" : {
@@ -34,7 +34,7 @@
},
- "type" : "application"
+ "type" : "menuApp"
},
@@ -48,7 +48,7 @@
"name" : "WebSSO Manager",
},
- "type" : "application"
+ "type" : "menuApp"
},
"0007-app" : {
"options" : {
@@ -58,7 +58,7 @@
"name" : "Notifications explorer",
},
- "type" : "application"
+ "type" : "menuApp"
},
"0008-app" : {
"options" : {
@@ -68,7 +68,7 @@
"name" : "Sessions explorer",
},
- "type" : "application"
+ "type" : "menuApp"
},
"catname" : "Administration",
"type" : "category"
@@ -82,7 +82,7 @@
"name" : "Local documentation",
- "type" : "application"
+ "type" : "menuApp"
},
"0011-app" : {
"options" : {
@@ -92,7 +92,7 @@
"name" : "Official Website",
"uri" : "http://lemonldap-ng.org/"
},
- "type" : "application"
+ "type" : "menuApp"
},
"catname" : "Documentation",
"type" : "category"
@@ -113,9 +113,9 @@
"cda" : "0",
- "cfgDate" : 1557133222,
+ "cfgDate" : 1557135349,
"cfgLog" : "",
- "cfgNum" : 90,
+ "cfgNum" : 91,
"cfgVersion" : "2.0.2",
"checkXSS" : "1",
"combModules" : {
@@ -206,9 +206,10 @@
"uid" : "lc $_user"
},
"mail2fActivation" : "$_2fDevices !~ /\"type\"\\s*:\\s*\"(UBK|TOTP|U2F)\"/s",
- "mail2fAuthnLevel" : "3",
+ "mail2fAuthnLevel" : 3,
"mail2fCodeRegex" : "\\d{6}",
+ "mail2fTimeout" : 300,
"mailCharset" : "utf-8",
@@ -509,7 +510,7 @@
"totp2fUserCanRemoveKey" : "1",
"trustedDomains" : "'*'",
"u2fActivation" : "1",
- "u2fAuthnLevel" : "4",
+ "u2fAuthnLevel" : 4,
"u2fSelfRegistration" : "$authenticationLevel > 2",
"u2fUserCanRemoveKey" : "1",
"upgradeSession" : "1",
```
As you can see, the corruption occurs when saving some setting in the mail2f plugin. It's probably a coincidence, I tried to reproduce the same change, but it did not break the menu this time.
There seem to be something wrong going on when parsing the JSON sent by the manager into an LLNG config. But I couldn't figure out what after looking at `Conf::Parser.pm`.
### Backends used
JSON file backend is used
### Possible fixes
Saving the configuration again is enough to "repair" the applicationList by replacing the keyword `menuApp` by `application`.
```
EDITOR="sed -i 's/menuApp/application/'" /usr/*/lemonldap-ng/bin/lmConfigEditor
```In discussionChristophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1374LemonLDAP randomly turns in demonstration mode2018-10-08T07:44:48ZMickael BrideLemonLDAP randomly turns in demonstration modeThis occured 2 times in our production environment.
After making an action on the manager IHM (adding a new SAML identity provider), and saving the new configuration, LemonLDAP suddenly turns in demonstration mode.
A restart of Apache wa...This occured 2 times in our production environment.
After making an action on the manager IHM (adding a new SAML identity provider), and saving the new configuration, LemonLDAP suddenly turns in demonstration mode.
A restart of Apache was required to retrieve the normal behavior.
Here are the Apache logs during the issue when someone try to authenticate:
```
[Mon Feb 12 15:00:02.700765 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Now using configuration: 110
[Mon Feb 12 15:00:02.700897 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Menu loaded
[Mon Feb 12 15:00:02.700956 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Display loaded
[Mon Feb 12 15:00:02.701021 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::AuthDemo loaded
[Mon Feb 12 15:00:02.701347 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::UserDBMulti loaded
[Mon Feb 12 15:00:02.701410 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::PasswordDBLDAP loaded
[Mon Feb 12 15:00:02.701754 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::RegisterDBDemo loaded
[Mon Feb 12 15:00:02.702006 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module SAML
[Mon Feb 12 15:00:02.702018 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:02.702025 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module OpenID
[Mon Feb 12 15:00:02.702031 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:02.702037 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module CAS
[Mon Feb 12 15:00:02.702043 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:02.702049 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module OpenIDConnect
[Mon Feb 12 15:00:02.702055 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:02.702060 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module Get
[Mon Feb 12 15:00:02.702066 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:02.702156 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::IssuerDBNull loaded
[Mon Feb 12 15:00:02.702169 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] IssuerDB module Null loaded
[Mon Feb 12 15:00:02.702233 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::_SOAP loaded
[Mon Feb 12 15:00:02.702351 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub controlUrlOrigin
[Mon Feb 12 15:00:02.702417 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub checkNotifBack
[Mon Feb 12 15:00:02.702429 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub controlExistingSession
[Mon Feb 12 15:00:02.702474 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub issuerDBInit
[Mon Feb 12 15:00:02.702492 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub authInit
[Mon Feb 12 15:00:02.702536 2018] [perl:debug] [pid 30330] CGI.pm(114): /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/AuthDemo.pm 42:
[Mon Feb 12 15:00:02.702544 2018] [perl:warn] [pid 30330] Using demonstration mode, go in Manager to edit the configuration
[Mon Feb 12 15:00:02.702552 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub issuerForUnAuthUser
[Mon Feb 12 15:00:02.702568 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub extractFormInfo
[Mon Feb 12 15:00:02.702654 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Use customized message for error 9
[Mon Feb 12 15:00:02.702730 2018] [perl:debug] [pid 30330] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Display type standardform
```
Here are the Apache logs when it correctly works:
```
[Mon Feb 12 15:00:52.380004 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Now using configuration: 110
[Mon Feb 12 15:00:52.380112 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Menu loaded
[Mon Feb 12 15:00:52.380166 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::Display loaded
[Mon Feb 12 15:00:52.380231 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::AuthMulti loaded
[Mon Feb 12 15:00:52.380284 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::UserDBMulti loaded
[Mon Feb 12 15:00:52.380335 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::PasswordDBLDAP loaded
[Mon Feb 12 15:00:52.380623 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::RegisterDBDemo loaded
[Mon Feb 12 15:00:52.380826 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module SAML
[Mon Feb 12 15:00:52.380837 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:52.380843 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module OpenID
[Mon Feb 12 15:00:52.380849 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:52.380854 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module CAS
[Mon Feb 12 15:00:52.380868 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:52.380874 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module OpenIDConnect
[Mon Feb 12 15:00:52.380880 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:52.380886 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Try issuerDB module Get
[Mon Feb 12 15:00:52.380891 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] Activation flag set to off, trying next
[Mon Feb 12 15:00:52.380968 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::IssuerDBNull loaded
[Mon Feb 12 15:00:52.380979 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: [IssuerDB activation] IssuerDB module Null loaded
[Mon Feb 12 15:00:52.381035 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::_SOAP loaded
[Mon Feb 12 15:00:52.381139 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub controlUrlOrigin
[Mon Feb 12 15:00:52.381196 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub checkNotifBack
[Mon Feb 12 15:00:52.381208 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub controlExistingSession
[Mon Feb 12 15:00:52.381251 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub issuerDBInit
[Mon Feb 12 15:00:52.381269 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: processing to sub authInit
[Mon Feb 12 15:00:52.381377 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::AuthSAML loaded
[Mon Feb 12 15:00:52.381458 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::AuthLDAP loaded
[Mon Feb 12 15:00:52.381567 2018] [perl:debug] [pid 24364] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Module Lemonldap::NG::Portal::UserDBLDAP loaded
```
I notice in the first lines that "AuthDemo" is loaded instead of "AuthMulti".
Do you have any idea what could be the problem? Same action was done other times without any problem. It only happened 2 times but it was very critical as it avoids any new connection.
Do we need to make an Apache restart every time we make that kind of modification?
Thank youIn discussionhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3123JWKS timeout is not implemented2024-03-27T10:40:19ZMaxime BessonJWKS timeout is not implemented### Affected version
Version: 2.18.2
### Summary
* Configure Auth::OpenIDConnect with a test OP
* set oidcOPMetaDataOptionsJWKSTimeout = 30 (or any non zero value)
* When restarting portal, JWKS is downloaded :white_check_mark:
* Aft...### Affected version
Version: 2.18.2
### Summary
* Configure Auth::OpenIDConnect with a test OP
* set oidcOPMetaDataOptionsJWKSTimeout = 30 (or any non zero value)
* When restarting portal, JWKS is downloaded :white_check_mark:
* After 30 seconds, JWKS is not refreshed :x:2.19.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3122Random DB errors when using llng-fastcgi-server in foreground mode2024-03-27T09:37:24ZMaxime BessonRandom DB errors when using llng-fastcgi-server in foreground mode### Affected version
Version: 2.18.2
Platform: FastCGI server with the coudot/lemonldap-ng docker image
### Summary
* I have customized the coudot/lemonldap-ng image to use CDBI with a mariadb server
* I encounter difficult to predic...### Affected version
Version: 2.18.2
Platform: FastCGI server with the coudot/lemonldap-ng docker image
### Summary
* I have customized the coudot/lemonldap-ng image to use CDBI with a mariadb server
* I encounter difficult to predict DB errors
* Errors can be easily triggered with high load and a disabled configuration cache
### Logs
Some of the errors that pop up:
```
DBD::mysql::db selectrow_array failed: Unknown or undefined error code
...
DBD::mysql::db selectrow_arrayref failed: fetch() without execute()
```
### Root cause
llng-fastcgi-server instanciates a handler[](https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.18.2/fastcgi-server/sbin/llng-fastcgi-server?ref_type=tags#L121) during startup.
This is needed to have shared status (apparently). But this action causes DBI to cache a connection to the database.
This connection cache is preserved after the process are forked by
* Plack startup (only when --foreground is not set)
* The FastCGI process manager (NPROC worker processes)
During the plack startup fork, the parent process exists, which runs DBI cleanup and closes the file descriptor, therefore invalidating the cache in other processes.
When --foreground is set, the file descriptor remains open and is reused until:
* That shared connection is closed by the SQL server
* One of the process terminates
### Possible fixes
Either:
* Revert 019f1e75e829ec9fdfc34d23e2874398a5cba8f0 and find another way to share the status server
* Find another way to have working docker logs without --foreground, and remove this option
* Fork llng-fastcgi-server one more time before handing control to Plack2.20.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3091Send mail on password change doesn't work corretcly2024-03-27T10:46:54ZGabriele LicariSend mail on password change doesn't work corretcly### Affected version
Version: 2.18.1
Good Morning,
The option "Send a mail when password is changed" is activated, but users receive confirmation of the password change only when they force the reset (forgotten password) but not when ...### Affected version
Version: 2.18.1
Good Morning,
The option "Send a mail when password is changed" is activated, but users receive confirmation of the password change only when they force the reset (forgotten password) but not when they change it independently once logged in. What can I check to fix
this?
This seems to be a bug.2.19.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3061lwpOpts and lwpSslOpts parameters not used in REST session module2024-03-27T10:48:59ZClément OUDOTlwpOpts and lwpSslOpts parameters not used in REST session moduleWhen trying to use lwpOpts and lwpSslOpts for REST session backend, I noticed that these parameters are not used.
If we wen to set them, we need to add them in globalStorageOptions HASH, the values defined in global configuration are al...When trying to use lwpOpts and lwpSslOpts for REST session backend, I noticed that these parameters are not used.
If we wen to set them, we need to add them in globalStorageOptions HASH, the values defined in global configuration are always ignored
It think this is a bug and that the global parameters should be used.2.19.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3048Error in Notification DBI backend2024-03-27T10:53:14ZClément OUDOTError in Notification DBI backendOna production environment, we encounter this error:
```
DBD::Pg::st execute failed: aucune connexion au serveur at /usr/share/perl5/Lemonldap/NG/Common/Notifications/DBI.pm line 283.
```
The DB is well started, so I suspect a bad conne...Ona production environment, we encounter this error:
```
DBD::Pg::st execute failed: aucune connexion au serveur at /usr/share/perl5/Lemonldap/NG/Common/Notifications/DBI.pm line 283.
```
The DB is well started, so I suspect a bad connection management in Notification DBI module.
Not easy to reproduce.2.19.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3034Deletion of a 2FA in the middle of an authentication flow is not taken into a...2023-11-02T13:19:30ZMaxime BessonDeletion of a 2FA in the middle of an authentication flow is not taken into account### Affected version
Version: 2.17.1
### Summary
* As user, register a 2FA
* As user, go to portal, login with your 1st factor, and choose your 2FA
* You are prompted to enter a code or complete the webauthn challenge, and you have $...### Affected version
Version: 2.17.1
### Summary
* As user, register a 2FA
* As user, go to portal, login with your 1st factor, and choose your 2FA
* You are prompted to enter a code or complete the webauthn challenge, and you have $sfTimeout seconds to do it (can be several minutes)
* As an admin, delete the 2FA for this user
* As a user, complete the 2FA challenge successfully :x:
### Possible fixes
This is caused by the fact that `_2fdevices` is copied into the user's session, and stored as a OneTimeToken during the 2FA flow. Despite the 2FA being removed by the admin, it still exists in the OneTimeToken.
I think we should update the `_2fDevices` array when the 2FA challenge is completed to make sure the selected device still exists.In discussionMaxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3011Cannot override configuration in lemonldap-ng.ini when value is "0"2023-09-20T09:03:33ZMaxime BessonCannot override configuration in lemonldap-ng.ini when value is "0"### Concerned version
Reopening #2711 because it is still not fixed in branch v2.0, issue is the same
Version: 2.17.0
### Summary
* In config, set `portalDisplayRegister=1`
* In lemonldap-ng.ini, set `portalDisplayRegister=0`
* Expect...### Concerned version
Reopening #2711 because it is still not fixed in branch v2.0, issue is the same
Version: 2.17.0
### Summary
* In config, set `portalDisplayRegister=1`
* In lemonldap-ng.ini, set `portalDisplayRegister=0`
* Expected: Register button is not displayed
* Actual: register button is not displayed
trying to clear the cache or restart llng-fastcgi-server doesn't helphttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2995No error reporting when session update fails on DBI based modules (probably o...2024-03-27T09:45:52ZMaxime BessonNo error reporting when session update fails on DBI based modules (probably on others too)### Affected version
Version: 2.17
### Summary
* Simulate a SQL error by adding a die() in the update() method of an Apache::Session::Store module
* Try to login
* No error reporting, but a session is created with invalid data (just t...### Affected version
Version: 2.17
### Summary
* Simulate a SQL error by adding a die() in the update() method of an Apache::Session::Store module
* Try to login
* No error reporting, but a session is created with invalid data (just the session ID)
### Possible fixes
Hard to fix because the update method is called in Apache::Session destructor, so we cannot easily catch when the Store module dies because of a SQL error.2.20.0Maxime BessonMaxime Bessonhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2978Using the (unimplemented) claims= parameter in an OIDC authorize request trig...2024-03-27T09:48:50ZMaxime BessonUsing the (unimplemented) claims= parameter in an OIDC authorize request triggers XSS detection with authentication=Choice### Affected version
Version: 2.16.2
### Summary
* Configure Choice as auth module (one Demo choice)
* Enable OIDC issuer
* Send an OIDC request with a "claims" parameter:
https://auth.example.com/oauth2/authorize?response_type=code...### Affected version
Version: 2.16.2
### Summary
* Configure Choice as auth module (one Demo choice)
* Enable OIDC issuer
* Send an OIDC request with a "claims" parameter:
https://auth.example.com/oauth2/authorize?response_type=code&scope=openid&client_id=testrp&state=5azlOvBCuQcmlu_TeCGL317RuSk&redirect_uri=http%3A%2F%2Frp.example.com%2Foauth2callback&nonce=DkqDQChJVDWiLtyDknOYkRyC4xEDhlRMq_wEGtB8twU&claims={%22mail%22:%20null})
* A scary log is generated, but no other side effect (unless a custom URL is set in Choice module, maybe)*
### Logs
```
[error] XSS attack detected (param: URI | value: /oauth2/authorize?response_type=code&scope=openid&client_id=testrp&state=5azlOvBCuQcmlu_TeCGL317RuSk&redirect_uri=http%3A%2F%2Frp.example.com%2Foauth2callback&nonce=DkqDQChJVDWiLtyDknOYkRyC4xEDhlRMq_wEGtB8twU&claims={%22mail%22:%20null})
```
### Possible fixes
Relevant code from Lib::Choice
```
# Default URL
$req->data->{cspFormAction} ||= {};
if (
defined $url
and not $self->checkXSSAttack( 'URI',
$req->env->{'REQUEST_URI'} )
and $url =~
q%^(https?://)?[^\s/.?#$].[^\s]+$% # URL must be well formatted
)
{
my $csp_uri = $self->cspGetHost($url);
$req->data->{cspFormAction}->{$csp_uri} = 1;
}
```
There is no point in checking REQUEST_URI for potential XSS because REQUEST_URI is not used in Choice anymore.
In fact, I'm the one who accidentally removed REQUEST_URI from form destinations (see cd97d3b9227f16f0edcdd30b43a7dfe80f1c56f6).
There hasn't been any complains because pdata already saves REQUEST_URI.
@guimard: I need some advice here on what to do
* Fix my mistake and introduce back the following line:
```
$url .= $req->env->{'REQUEST_URI'};
```
which will break OIDC requests that use the "claims" parameter ?
* Or just remove the useless XSS check ?2.20.0Maxime BessonMaxime Besson