lemonldap-ng issues
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues
2017-11-28T17:47:23Z
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/62
[SAML] samldate2timestamp is not returning correct timestamp
2017-11-28T17:47:23Z
Clément OUDOT
[SAML] samldate2timestamp is not returning correct timestamp
Indeed, mktime just suppose our date is localtime, not gmtime. So I will use Time::Local to do this.
Indeed, mktime just suppose our date is localtime, not gmtime. So I will use Time::Local to do this.
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/64
SLO error with simpleSAMLphp
2017-11-28T17:47:23Z
Clément OUDOT
SLO error with simpleSAMLphp
A SLO request from simpleSAMLphp gives this error:
```
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: URL http://auth.example.com/saml/singleLogout detected as an SLO URL
[Wed May 19 15:18:23 2010] [d...
A SLO request from simpleSAMLphp gives this error:
```
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: URL http://auth.example.com/saml/singleLogout detected as an SLO URL
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SAML method: HTTP-REDIRECT
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: HTTP-REDIRECT: SAML Request RelayState=_25b896281fcede6c1b7352761cab6b4be1b0ab4cf8;Signature=iQLYh7Oza796e7PxAZjmHnRt2N0LIxYzS8ZcAwj0ebs75LptPmOZ7oR%2BUDhM%2Fl0St5HHMfXQ6tkWDbnPoytXAoIdZrXEOMQZAW%2B88noCV%2Fgipir6LtwVbWxHcTny5LjqczfSL32Clh5I%2FwcmKqNKKiS75DtY4h%2BoPodSNO3gSrA%3D;SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1;SAMLRequest=fZJtT9swFIX%2FSuSvqI3dlyzx2midyrZowEbLkOALMrGTevJL5muL0l%2BPm3QSIG3frGM%2F55575AUwrTp6YVsb%2FEb8CQJ8stfKAO1vlig4Qy0DCdQwLYD6mm5Xlxd0Msa0c9bb2ir0Cvk%2FwQCE89IalFTrJXrICjbL82KezaZzMmkIb%2Bq6mWePmJMPj0XGc55jMisKzFFyKxxEcomiUcQBgqgMeGZ8lDDBIzwfkeKGTCnJ6QTfo2Qdt5GG%2BZ7aed%2FRNGXB78Ziz3SnxLi2Oj2GTkGaVomhBlQujhrtJ7jyxIE8En0pu%2B6NgbY8xGOUT15dqoVnnHnWi1w0LCg%2Fgm6RvjYeplzFjqp18sU6zfy%2FyyNj0iuSj5r%2BKRWaSbXi3AkAVNY2cOs%2Fqbhuax07BvuYvBeta08RhqlDhI5uo0XsqDJc7EvTVnX1fHN2xlebYmXvbt3XKQ4%2FzLaSnw%2BTX%2FfmNzzn5z%2Fra9l80%2FrJnq%2Fxvjkc1PenzfWuYNkw4Z3pX%2FHNRytfAA%3D%3D
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso Session loaded
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso Identity loaded
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SLO: Logout request is valid
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Found entityID http://simplesamlphp.example.com/module.php/saml/sp/metadata.php/default-sp in SAML message
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: http://simplesamlphp.example.com/module.php/saml/sp/metadata.php/default-sp match SimpleSAMLPHP SP in configuration
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: No logout request found, build it
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-05-19 15:18:23\tEncoded a RelayState of more than 80 bytes, see #3.4.3 of saml-bindings-2.0-os
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Send HTTP-REDIRECT logout request to http://wcs.example.com/saml/metadata
[Wed May 19 15:18:23 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Set _25b896281fcede6c1b7352761cab6b4be1b0ab4cf8 in RelayState
[Wed May 19 15:18:23 2010] [error] Can't call method "SessionIndex" on an undefined value at /usr/local/share/perl/5.10.1/Lemonldap/NG/Portal/IssuerDBSAML.pm line 855.\n
```
We have to eval the code calling SessionIndex.
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/66
[SAMl][IDP] Options to check message signatures
2017-11-28T17:47:23Z
Clément OUDOT
[SAMl][IDP] Options to check message signatures
We should use options to check (or not) messages signatures in IDP, as we do in SP.
We should use options to check (or not) messages signatures in IDP, as we do in SP.
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/67
[SAML][IDP] Map NameID Format to local session keys
2017-11-28T17:47:23Z
Clément OUDOT
[SAML][IDP] Map NameID Format to local session keys
We should be able to configure which session key correspond to an SAML NameID Format for IDP.
We should be able to configure which session key correspond to an SAML NameID Format for IDP.
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/68
Failed to load signing key for http://urlIDP/saml/metadata
2017-11-28T17:47:23Z
Romain GUIGNARD
Failed to load signing key for http://urlIDP/saml/metadata
I have configured two lemonldap. The first as an Identity Provider and the second as a Service Provider.
I have imported the metadata of the identity provider in the service provider. When I try to go on the application test1 for example...
I have configured two lemonldap. The first as an Identity Provider and the second as a Service Provider.
I have imported the metadata of the identity provider in the service provider. When I try to go on the application test1 for example, I have always this error in the service provider log.
"Failed to load signing public key for http://auth.test.lemonldap/saml/metadata"
In attachment :
1) Log_Apache_SP
2) Metadata-IDP
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/70
Do not throw error if no SP or no IDP configured
2017-11-28T17:47:23Z
Clément OUDOT
Do not throw error if no SP or no IDP configured
We cannot run portal if SAML is set as authentication or issuerDB and no IDP or SP were added. This should not prevent to run the portal.
We cannot run portal if SAML is set as authentication or issuerDB and no IDP or SP were added. This should not prevent to run the portal.
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/72
[SAML] UTF-8 encoded attributes are reencoded
2017-11-28T17:47:23Z
Clément OUDOT
[SAML] UTF-8 encoded attributes are reencoded
I have a LL::NG as SP and another as IDP. The IDP send an UTF-8 encoded attribute to the SP, and the SP reencoded it, so the value in SP is bad : Clément OUDOT
I have a LL::NG as SP and another as IDP. The IDP send an UTF-8 encoded attribute to the SP, and the SP reencoded it, so the value in SP is bad : Clément OUDOT
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/73
[SAML] Initial URL is not kept when IDP is choosen in AuthSAML
2017-11-28T17:47:31Z
Clément OUDOT
[SAML] Initial URL is not kept when IDP is choosen in AuthSAML
When we are redirected on an SAML portal from the handler, the url parameter is lost when choosing the IDP, and not set in relaystate.
When we are redirected on an SAML portal from the handler, the url parameter is lost when choosing the IDP, and not set in relaystate.
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/74
[error] Unable to open relaystate session
2017-11-28T17:47:31Z
Clément OUDOT
[error] Unable to open relaystate session
I use 2 LL::NNG : one as SP, the other as IDP
When a relaystate is passed from SP to IDP, and then came back, I have this error in SP error log :
{quote}
[Fri May 28 11:28:14 2010] [error] Unable to open relaystate session: Invalid ses...
I use 2 LL::NNG : one as SP, the other as IDP
When a relaystate is passed from SP to IDP, and then came back, I have this error in SP error log :
{quote}
[Fri May 28 11:28:14 2010] [error] Unable to open relaystate session: Invalid session ID: 4ab77597b391473a3525a95a534b6589;Signature=vHAs5C3NEQHdK4tmI9kCT5kmZHTuEosLjGQSe4DhltoylWOyG/hHXYsVSe0aJfZDrjkkC4C5VdlE2W2ypN5UGA==;SigAlg=http://www.w3.org/2000/09/xmldsig#rsa-sha1;SAMLRequest=fZJLb8IwEIT/SuQ7SQgBGiuJlJBWQuqDlqqHXiorLGDJj9TeUPrvawdVhUO5jvfbnRk5t0yKjlY97tULfPZgMThKoSwdHgrSG0U1s9xSxSRYii1dVw/3NAlj2hmNutWCnCHXCWYtGORakWDZFOQjrW/n2WKRVFVWJbNJVU3qZFrHk/G0mad1nJHgDYx18wVxuIOs7WGpLDKFTorH8SiejpKb1zijyYym6TsJGpeBK4YDtUfsaBQxly88yCQUILXyPkPhZnbasLDVMvJKZLnaCVjznXpy/u60aWHopSBbJiz46ysXgB/gVylzD9LBlSnPb8GRyU7A33IJyDYMWR6dI/mp/kdX1LJZacHbb39YMrzeo1f4ZrQdRmnnO7IICkmwXvllzz0TfMvBXDbwrysSVELor4UBhi4dmh5IVJ68Xv6O8gc= at /usr/share/perl5/Apache/Session/Generate/MD5.pm line 40.\n
{quote}
The relaystate parameter is obtained with a $self->param('RelayState') on SP side. This works well with other IDP, so I think the pb should come from the IDP part.
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/75
SSO HTTP-POST profile not declared in IDP metadata
2017-11-28T17:47:31Z
Clément OUDOT
SSO HTTP-POST profile not declared in IDP metadata
We should be able to use SSO POST profile on IDP, and this is not allowed because not shown in metadata :
{quote}
[Fri May 28 11:42:02 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Use method 3 with IDP lemonldapng for SS...
We should be able to use SSO POST profile on IDP, and this is not allowed because not shown in metadata :
{quote}
[Fri May 28 11:42:02 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Use method 3 with IDP lemonldapng for SSO profile
[Fri May 28 11:42:02 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error code -409: Unsupported protocol profile
[Fri May 28 11:42:02 2010] [error] Could not initiate authentication request on http://auth.vm2.lemonsaml.linagora.com/saml/metadata
[Fri May 28 11:42:02 2010] [error] Could not create authentication request on lemonldapng
{quote}
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/76
[SAML] SOAP SLO denied on IDP
2017-11-28T17:47:31Z
Clément OUDOT
[SAML] SOAP SLO denied on IDP
When sending an SLO Request from SP to IDP using SOAP:
{quote}
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: URL http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP detected as an SLO URL
[Fr...
When sending an SLO Request from SP to IDP using SOAP:
{quote}
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: URL http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP detected as an SLO URL
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SAML method: HTTP-SOAP
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:LogoutRequest ID="_3A43E6DC4747B114B1A4F29E7388B851" Version="2.0" IssueInstant="2010-05-28T12:59:33Z" Destination="http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP"><saml:Issuer>http://auth.vm1.lemonsaml.linagora.com/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n<Reference URI="#_3A43E6DC4747B114B1A4F29E7388B851">\n<Transforms>\n<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n</Transforms>\n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\n<DigestValue>7ImBQ6AqbRnYErKHx8iJclsTxrg=</DigestValue>\n</Reference>\n</SignedInfo>\n<SignatureValue>Rwh7Y5at66rbx0rzmm3p3x27eFH7Zs8sfupif15RgpwPDr11F8kQamhhU37NjoH8\nT/nqmAnpg6Vb6FyD0kBQ3Q==</SignatureValue>\n</Signature><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="http://auth.vm2.lemonsaml.linagora.com/saml/metadata" SPNameQualifier="http://auth.vm1.lemonsaml.linagora.com/saml/metadata">_DB52CAE945DE9E1736D67A1958928E10</saml:NameID><samlp:SessionIndex>zf9SIllOvEaMXvRqYDZuKkwI8kM50lagPAXxjZAQOFjAsnaU2PXu/nn8TNi9N9h/</samlp:SessionIndex></samlp:LogoutRequest></s:Body></s:Envelope>
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SLO: Logout request is valid
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Found entityID http://auth.vm1.lemonsaml.linagora.com/saml/metadata in SAML message
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: http://auth.vm1.lemonsaml.linagora.com/saml/metadata match lemonldapng SP in configuration
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Signature is valid
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Destination http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP found in SAML message
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Destination match URL http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SOAP response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:LogoutResponse ID="_CCA6680BA2797FCC06A03EF5BB31F4C8" InResponseTo="_3A43E6DC4747B114B1A4F29E7388B851" Version="2.0" IssueInstant="2010-05-28T12:59:33Z"><saml:Issuer>http://auth.vm2.lemonsaml.linagora.com/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n<Reference URI="#_CCA6680BA2797FCC06A03EF5BB31F4C8">\n<Transforms>\n<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n</Transforms>\n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\n<DigestValue>w8JJ5aivST95HyUYDqgSrsUhr8U=</DigestValue>\n</Reference>\n</SignedInfo>\n<SignatureValue>h4vQZCx22lvWbgyYtiTTa0+Okqa3qmmttsP7NUtEO2dipFtTGVg2r5PbKnzTjUDY\npRY70rqKouSVv2ETJLUD/oCQNWcOhOfaO7LORVKUGe68v+sfC08Zu2S43IrwQ1ed\nNd9ss71gvgxkuiir5PY7NNo6oFQuI53m94vAWLgcKog=</SignatureValue>\n</Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied"/></samlp:StatusCode></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
[Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub returnSOAPMessage
{quote}
We have a bad status code:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied"/></samlp:StatusCode
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/77
Error when no SessionNotOnOrAfter value in authn statement
2017-11-28T17:47:31Z
Clément OUDOT
Error when no SessionNotOnOrAfter value in authn statement
After today's Lasso update, I had this error:
{quote}
[Mon May 31 15:17:02 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub setAuthSessionInfo
[Mon May 31 15:17:02 2010] [error] Month '-1' out of range 0..1...
After today's Lasso update, I had this error:
{quote}
[Mon May 31 15:17:02 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub setAuthSessionInfo
[Mon May 31 15:17:02 2010] [error] Month '-1' out of range 0..11 at /usr/local/share/perl/5.10.1/Lemonldap/NG/Portal/_SAML.pm line 1969\n
{quote}
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/78
Request Denied on SOAP SLO request on IDP
2017-11-28T17:47:32Z
Clément OUDOT
Request Denied on SOAP SLO request on IDP
When SP do an SOAP SLO request on IDP, I have this debug trace:
SP side:
{quote}
[Mon May 31 16:28:37 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Use method SOAP with IDP lemonldapng-vm2 for SLO profile
[Mon May 31 16:2...
When SP do an SOAP SLO request on IDP, I have this debug trace:
SP side:
{quote}
[Mon May 31 16:28:37 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Use method SOAP with IDP lemonldapng-vm2 for SLO profile
[Mon May 31 16:28:37 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Set 7b3dba313cd02d3e1ce02955774a59a5 in RelayState
[Mon May 31 16:28:37 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Logout request created
[Mon May 31 16:28:37 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Keep request ID _9C33E765434194C44E4D3187D5019E9B in assertion session adbad1925ba4ad4133e020aa60a3919e
[Mon May 31 16:28:37 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Send SOAP message <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:LogoutRequest ID="_9C33E765434194C44E4D3187D5019E9B" Version="2.0" IssueInstant="2010-05-31T14:28:37Z" Destination="http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP"><saml:Issuer>http://auth.example.com/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n<Reference URI="#_9C33E765434194C44E4D3187D5019E9B">\n<Transforms>\n<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n</Transforms>\n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\n<DigestValue>n8YveIW+A6qRSrUTp5zS9joVCDs=</DigestValue>\n</Reference>\n</SignedInfo>\n<SignatureValue>suV+p6x6PfIolKlyEvzhWdkT8me4fqXA8nNGOlBT0aYf4wKk5cI9L2i768/AXEOg\nGL38rQwqnFeQq6/xal2wEg==</SignatureValue>\n</Signature><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">coudot@linagora.com</saml:NameID><samlp:SessionIndex>f5+Ke/5WbO1QKLlbTDdL9o41vrt6jZ/Gs6v+WAuJt9VjuIc3U79JqPGFgRlppaK8</samlp:SessionIndex></samlp:LogoutRequest></s:Body></s:Envelope> to http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP
[Mon May 31 16:28:37 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Get response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:LogoutResponse ID="_FC7174C22CE3E06365A8A41C918B1830" InResponseTo="_9C33E765434194C44E4D3187D5019E9B" Version="2.0" IssueInstant="2010-05-31T14:28:35Z"><saml:Issuer>http://auth.vm2.lemonsaml.linagora.com/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n<Reference URI="#_FC7174C22CE3E06365A8A41C918B1830">\n<Transforms>\n<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n</Transforms>\n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\n<DigestValue>m2xwXkyGR2iMIg0FW6xupbfzmVA=</DigestValue>\n</Reference>\n</SignedInfo>\n<SignatureValue>bWrwGnVIYPz69AhUge6LvNwPw0PhfxbWEpJ/xc0CAwdTclX/KkPDewaRVB+DkHtk\njX1qcqz9NCTxZuQ06LATpQ9pDkmrjXCS9/6DkNHXeCiwlfabowUKuzxdrFdIVCTE\na6xDOvi9lqEBT0vviZS5CejjsuzyRoSIq/DM+gYfE+8=</SignatureValue>\n</Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied"/></samlp:StatusCode></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
[Mon May 31 16:28:37 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error code 302: Request denied by identity provider
[Mon May 31 16:28:37 2010] [error] Fail to process logout response
{quote}
IDP side:
{quote}
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: URL http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP detected as an SLO URL
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SAML method: HTTP-SOAP
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:LogoutRequest ID="_9C33E765434194C44E4D3187D5019E9B" Version="2.0" IssueInstant="2010-05-31T14:28:37Z" Destination="http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP"><saml:Issuer>http://auth.example.com/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n<Reference URI="#_9C33E765434194C44E4D3187D5019E9B">\n<Transforms>\n<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n</Transforms>\n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\n<DigestValue>n8YveIW+A6qRSrUTp5zS9joVCDs=</DigestValue>\n</Reference>\n</SignedInfo>\n<SignatureValue>suV+p6x6PfIolKlyEvzhWdkT8me4fqXA8nNGOlBT0aYf4wKk5cI9L2i768/AXEOg\nGL38rQwqnFeQq6/xal2wEg==</SignatureValue>\n</Signature><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">coudot@linagora.com</saml:NameID><samlp:SessionIndex>f5+Ke/5WbO1QKLlbTDdL9o41vrt6jZ/Gs6v+WAuJt9VjuIc3U79JqPGFgRlppaK8</samlp:SessionIndex></samlp:LogoutRequest></s:Body></s:Envelope>
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SLO: Logout request is valid
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Found entityID http://auth.example.com/saml/metadata in SAML message
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: http://auth.example.com/saml/metadata match coudot SP in configuration
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Signature is valid
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Destination http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP found in SAML message
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Destination match URL http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SOAP response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:LogoutResponse ID="_FC7174C22CE3E06365A8A41C918B1830" InResponseTo="_9C33E765434194C44E4D3187D5019E9B" Version="2.0" IssueInstant="2010-05-31T14:28:35Z"><saml:Issuer>http://auth.vm2.lemonsaml.linagora.com/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n<Reference URI="#_FC7174C22CE3E06365A8A41C918B1830">\n<Transforms>\n<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n</Transforms>\n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\n<DigestValue>m2xwXkyGR2iMIg0FW6xupbfzmVA=</DigestValue>\n</Reference>\n</SignedInfo>\n<SignatureValue>bWrwGnVIYPz69AhUge6LvNwPw0PhfxbWEpJ/xc0CAwdTclX/KkPDewaRVB+DkHtk\njX1qcqz9NCTxZuQ06LATpQ9pDkmrjXCS9/6DkNHXeCiwlfabowUKuzxdrFdIVCTE\na6xDOvi9lqEBT0vviZS5CejjsuzyRoSIq/DM+gYfE+8=</SignatureValue>\n</Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied"/></samlp:StatusCode></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
[Mon May 31 16:28:35 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub returnSOAPMessage
{quote}
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/79
Mandatory attributes are not requested
2017-11-28T17:47:32Z
Clément OUDOT
Mandatory attributes are not requested
Mandatory attributes are not requested. This is because $idp was not replace by $idpConfKey in UserDBSAML.
Mandatory attributes are not requested. This is because $idp was not replace by $idpConfKey in UserDBSAML.
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/80
POST fields should be hidden
2017-11-28T17:47:32Z
Clément OUDOT
POST fields should be hidden
In SAML, when we use POST bindings, we see POST fields. We should mask them, and maybe set a information message to the user (informations are in transfer...)
In SAML, when we use POST bindings, we see POST fields. We should mask them, and maybe set a information message to the user (informations are in transfer...)
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/81
SessionNotOnOrAfter should be set explicitely
2017-11-28T17:47:32Z
Clément OUDOT
SessionNotOnOrAfter should be set explicitely
As said in this mail : http://lists.labs.libre-entreprise.org/pipermail/lasso-devel/2010-May/002765.html
SessionNotOnOrAfter is no more set by default, we should set it explicitely
As said in this mail : http://lists.labs.libre-entreprise.org/pipermail/lasso-devel/2010-May/002765.html
SessionNotOnOrAfter is no more set by default, we should set it explicitely
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/83
Set NameID in attribute request
2017-11-28T17:47:32Z
Clément OUDOT
Set NameID in attribute request
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/84
Check format and friendly name of requested attribute
2017-11-28T17:47:32Z
Clément OUDOT
Check format and friendly name of requested attribute
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/85
Check requested attribute values
2017-11-28T17:47:32Z
Clément OUDOT
Check requested attribute values
1.0-rc2
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/86
Do not parse metadata on each authentication
2017-11-28T17:47:32Z
Clément OUDOT
Do not parse metadata on each authentication
We should not parse metadata (service and partners) on each authentication, because it will slow down the process. We have to add a caching method to keep the Lasso::Server object.
We should not parse metadata (service and partners) on each authentication, because it will slow down the process. We have to add a caching method to keep the Lasso::Server object.
1.0-rc2