lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-11-28T17:49:54Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1410Possibility to impose/propose a second factor when creating an account2018-11-28T17:49:54ZYaddPossibility to impose/propose a second factor when creating an account### Summary
If registration is enabled with 2FA, LLNG could propose or impose a 2F token registration
### Design proposition
* case "propose": when a 2F is available for a new user, at the end of registration, add a link to `/2fregist...### Summary
If registration is enabled with 2FA, LLNG could propose or impose a 2F token registration
### Design proposition
* case "propose": when a 2F is available for a new user, at the end of registration, add a link to `/2fregisters`
* case "impose": at the end of registration process, don't validate account until a 2F is registered *(session temporarily created and available only for `/2fregisters`)*3.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1401History not well managed by 2F engine2018-03-21T19:48:37ZYaddHistory not well managed by 2F engineVersion: 2.0Version: 2.02.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1400CLUSTER - Status page who check the working state of LLNG2018-05-17T04:31:32ZMathieu Lecompte-melançonCLUSTER - Status page who check the working state of LLNG### Summary
The idea is to tell Keepalived service that LLNG not working fine.
(EX: memory issue, or mongodb issue have generate an error 500) but nginx not fail-back even if there something wrong...
The idea is to add a HTTP_GET health...### Summary
The idea is to tell Keepalived service that LLNG not working fine.
(EX: memory issue, or mongodb issue have generate an error 500) but nginx not fail-back even if there something wrong...
The idea is to add a HTTP_GET healthcheck to told keepalived service to force a fail-over on the backup-node. That easy to do.
But to get it working on LLNG side we need a status page who will try to authenticate an (defined test user) and return a result like: Everthing seem to work! if not, another message. It's more like an unit test page who call on demand (every 30 seconde by keepalived service)
### Design proposition
auth.exemple.com/check_state
return a simple HTML page with the result.
Note: the result should not change between version to avoid failover when upgrade to a new version.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1399Yubikey as second factor2018-03-26T08:15:53ZYaddYubikey as second factor### Summary
Yubikey 2FA: Yubikey is proposed today as authentication backend. Classic usage for these keys is more a 2FA.### Summary
Yubikey 2FA: Yubikey is proposed today as authentication backend. Classic usage for these keys is more a 2FA.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/13982F Error after applying trunk2018-03-19T17:55:15ZMathieu Lecompte-melançon2F Error after applying trunk### Concerned version
Version: TRUNK
### Summary
After applying last trunk get an error page on login
### Logs
```
Mar 19 08:20:01 srv-test-nginxv2 LLNG[1495]: Loading configuration 79 for process 1495
Mar 19 08:20:01 srv-test-nginxv...### Concerned version
Version: TRUNK
### Summary
After applying last trunk get an error page on login
### Logs
```
Mar 19 08:20:01 srv-test-nginxv2 LLNG[1495]: Loading configuration 79 for process 1495
Mar 19 08:20:01 srv-test-nginxv2 LLNG[1495]: Using demonstration mode, go to Manager to edit the configuration
Mar 19 08:20:01 srv-test-nginxv2 LLNG[1495]: Using demonstration mode, go to Manager to edit the configuration
Mar 19 08:20:01 srv-test-nginxv2 LLNG[1495]: No cookie found
Mar 19 08:20:01 srv-test-nginxv2 LLNG[1495]: Scheme "Demo" returned 9, trying next
Mar 19 08:20:02 srv-test-nginxv2 LLNG[1495]: Scheme "Rest" returned 9, trying next
Mar 19 08:20:02 srv-test-nginxv2 LLNG[1495]: All schemes failed
Mar 19 08:20:09 srv-test-nginxv2 LLNG[1490]: No cookie found
Mar 19 08:20:09 srv-test-nginxv2 LLNG[1490]: Second factor required for dwho
Mar 19 08:20:09 srv-test-nginxv2 LLNG[1490]: REST 2F error: hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this) at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Lib/REST.pm line 22.
```
### Backends used
NGINX+ Last version
### Possible fixes2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1395error - openid connect2018-03-13T14:10:39Zpit piterror - openid connectHi,
I have this error in the *error.log* on nginx, when I check openid connect authentication (*Lemonldap 2.0 is an OP*)
``2018/03/11 15:35:21 [error] 53937#53937: *77 FastCGI sent in stderr: "Can't call method "data" on an undefined va...Hi,
I have this error in the *error.log* on nginx, when I check openid connect authentication (*Lemonldap 2.0 is an OP*)
``2018/03/11 15:35:21 [error] 53937#53937: *77 FastCGI sent in stderr: "Can't call method "data" on an undefined value at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm line 908" while reading response header from upstream, client: xx.xx.xx.xx server: auth.exemple.com, request: "POST /oauth2/token HTTP/1.1", upstream: "fastcgi://unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock:", host: "auth.exemple.com"
``2.0.0https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1394Impersonate Mode?2019-06-28T15:07:39ZDave ConroyImpersonate Mode?First off, I know this could be used for nefarious purposes, but I was wondering about the feasability of an Impersonate/Override mode that based on a series of passwords allocated to specific support team members could use to grant acce...First off, I know this could be used for nefarious purposes, but I was wondering about the feasability of an Impersonate/Override mode that based on a series of passwords allocated to specific support team members could use to grant access bypassing the Password lookup Module regular workings.
Example: We are an online school and have over 10,000 accounts and utilize many 3rd party services which do or don't have a way to see "What the user" is seeing. We presently use SimpleSAMLPHP with a similar modification for my support team to regularly login to a learners/parents account to test their access or perform tasks. We keep a log of whenever the password is used for verification.
This would greatly help us in our environment. Is it possible? Even if it didn't make it into the master branch, we would be interested in supporting your group for custom development.2.0.5Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1393Trusted Device (Yubikey)2019-12-13T13:43:17ZMathieu Lecompte-melançonTrusted Device (Yubikey)### Summary
Use a device like Yubikey or custum certificat to trust a device who try to authenticate.
### Design proposition
The main idea is to told to LLNG a list of device who can acces to some critical website,
It's not like a 2F ...### Summary
Use a device like Yubikey or custum certificat to trust a device who try to authenticate.
### Design proposition
The main idea is to told to LLNG a list of device who can acces to some critical website,
It's not like a 2F who is linked to a user. It's more like if you want to access to this web site you have to be on a secure computer(device) and you need to authenticate yourself also if the device is authorised to the website...3.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1392Features, 2F management page for IT Team2019-11-22T20:53:54ZMathieu Lecompte-melançonFeatures, 2F management page for IT TeamOn enterprise usage, it would be good to let access to the IT team to register/unregister 2f to all user.
And also, maybe an REST api to let<s is done by some automatic scriptOn enterprise usage, it would be good to let access to the IT team to register/unregister 2f to all user.
And also, maybe an REST api to let<s is done by some automatic script3.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1391Mixed TOTP/U2F second factor plugin2018-04-17T21:01:39ZYaddMixed TOTP/U2F second factor plugin### Summary
Like Gitlab, the idea is to have a 2F module that authorize to register an U2F key only if a TOTP has been registered. Auth process proposes the 2 options
### More
This cannot be done with TOTP and U2F plugins:
* during au...### Summary
Like Gitlab, the idea is to have a 2F module that authorize to register an U2F key only if a TOTP has been registered. Auth process proposes the 2 options
### More
This cannot be done with TOTP and U2F plugins:
* during auth, U2F will be enabled with TOTP input, user has just to touch is key or enter its code
* If TOTP is unregistered, U2F keys will also be removed2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1390Choice module allows XSS attack2018-03-16T10:22:52ZJean-Charles RogezChoice module allows XSS attack### Concerned version
Version: 1.9.15 on Debian 8
### Summary
With the Choice module, it is possible to inject arbitrary Javascript code on the portal, even with the option checkXSS on.
Example : If you send this URL directly (withou...### Concerned version
Version: 1.9.15 on Debian 8
### Summary
With the Choice module, it is possible to inject arbitrary Javascript code on the portal, even with the option checkXSS on.
Example : If you send this URL directly (without URI encoding) to the portal :
`GET //?"><script>alert("XSSAttack")</script>"`
You get an alert window on the portal.
The URI is inserted directly into the template without call to checkXSSAttack :
```
<!-- Forms -->
<div id="1Carte">
<form action="https://portal/?"><script>alert("XSSAttack")</script>"" method="post" class="login Card">
```
### Backends used
Choice
### Possible fixes
We propose this patch to prevent this attack.
[_Choice.pm.patch](/uploads/ddf1cdc609d418c80bac11c7092810c1/_Choice.pm.patch)1.9.16Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1389Kerberos ticket revalidated in Multi mode2018-03-13T17:13:50ZClément OUDOTKerberos ticket revalidated in Multi modeHello,
when using AuthKerberos mode in AuthMutli, and trying to search authenticated user in several AD (so using UserDBMutli), the Kerberos ticket is revalidated and it fails (seems Kerberos has a replay protection):
```
[Thu Mar 08 17...Hello,
when using AuthKerberos mode in AuthMutli, and trying to search authenticated user in several AD (so using UserDBMutli), the Kerberos ticket is revalidated and it fails (seems Kerberos has a replay protection):
```
[Thu Mar 08 17:09:15.642852 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Multi (type 0): trying extractFormInfo for module Kerberos
[Thu Mar 08 17:09:15.642883 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Kerberos ticket received: YIIIQQYGKwYBBQUCoIIINTCCCDGgMDAuBgkqhkiC9x...
[Thu Mar 08 17:09:15.642996 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Set KRB5_KTNAME env to FILE:/etc/lemonldap-ng/auth.keytab
[Thu Mar 08 17:09:15.656337 2018] [perl:debug] [pid 15128] /usr/share/perl5/vendor_perl/Lemonldap/NG/Common/CGI.pm 305:
[Thu Mar 08 17:09:15.656369 2018] [perl:notice] [pid 15128] Lemonldap::NG : USER@EXAMPLE.COM authentified by Kerberos
...
[Thu Mar 08 17:09:15.693201 2018] [perl:debug] [pid 15128] /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/_Multi.pm 92:
[Thu Mar 08 17:09:15.693230 2018] [perl:info] [pid 15128] Retriving user with AD#1 failed, trying next
[Thu Mar 08 17:09:15.693254 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Replay all methods until sub getUser
[Thu Mar 08 17:09:15.693287 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: processing to sub authInit
[Thu Mar 08 17:09:15.693340 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Evaluate expression: 1
[Thu Mar 08 17:09:15.693390 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Evaluation result: 1
[Thu Mar 08 17:09:15.693411 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Multi (type 0): trying authInit for module Kerberos
[Thu Mar 08 17:09:15.693429 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: processing to sub extractFormInfo
[Thu Mar 08 17:09:15.693470 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Evaluate expression: 1
[Thu Mar 08 17:09:15.693497 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Evaluation result: 1
[Thu Mar 08 17:09:15.693513 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Multi (type 0): trying extractFormInfo for module Kerberos
[Thu Mar 08 17:09:15.693544 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Kerberos ticket received: YIIIQQYGKwYBBQUCoIIINTCCCDGgMDAuB....
[Thu Mar 08 17:09:15.693582 2018] [perl:debug] [pid 15128] Lemonldap::NG::Portal::SharedConf: Set KRB5_KTNAME env to FILE:/etc/lemonldap-ng/auth.keytab
[Thu Mar 08 17:09:15.693961 2018] [perl:debug] [pid 15128] /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/AuthKerberos.pm 98:
[Thu Mar 08 17:09:15.693982 2018] [perl:error] [pid 15128] Unable to accept security context
```
I think we should check in extractFormInfo if Kerberos User was already found, and in this case do not try to revalidate ticket.1.9.16Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1386Multiple U2F keys2019-04-29T20:35:14ZYaddMultiple U2F keys### Summary
#1148 permits the registration of 1 U2F key. This issue propose to register more than one key _(inspired by GitLab)_.
### ToDo list
* Store more than one key in _u2f* entries *(comma separated)*
* Add a _u2f* entry to stor...### Summary
#1148 permits the registration of 1 U2F key. This issue propose to register more than one key _(inspired by GitLab)_.
### ToDo list
* Store more than one key in _u2f* entries *(comma separated)*
* Add a _u2f* entry to store a name for the key *(comma separated in the same order)*
* Modify self registration page to choose which key to remove
* Update manager U2F interface to choose which key to delete2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1385POST data are URL encoded2018-03-14T06:04:34ZClément OUDOTPOST data are URL encodedWhen testing SAML with 2.0, I see that if the SAML Response is sent trough POST, it is URL encoded, and it should not.
With 1.9, the SAMLRequest in POST is like this:
```
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U...When testing SAML with 2.0, I see that if the SAML Response is sent trough POST, it is URL encoded, and it should not.
With 1.9, the SAMLRequest in POST is like this:
```
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNkNBQzU5NkE2QzU0RjJFNzk0QzU5M0I0RUVERkYwNDIiIEluUmVzcG9uc2VUbz0iXzg1Q0RERDE3MkQ3NDlBOEIyQkQ1MTE5RDEzNDhFQ0ZGIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxOC0wMy0wMlQxODoxNTo1N1oiIERlc3RpbmF0aW9uPSJodHRwOi8vbWVsbG9uLmV4YW1wbGUuY29tL21lbGxvbi9wb3N0UmVzcG9uc2UiPjxzYW1sOklzc3Vlcj5odHRwOi8vYXV0aC5leGFtcGxlLmNvbS9zYW1sL21ldGFkYXRhPC9zYW1sOklzc3Vlcj48c2Ft…SJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiBGcmllbmRseU5hbWU9InVpZCI+PHNhbWw6QXR0cmlidXRlVmFsdWU+ZHdobzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiBGcmllbmRseU5hbWU9Im1haWwiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlPmR3aG9AYmFkd29sZi5vcmc8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=
```
With 2.0, for the exactly same SAML SP, the SAMLRequest in POST is like this:
```
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfQTU3QTcwNEZCRTU2QzZFNDFDQUFERDA1OEE3OTAyNzIiIEluUmVzcG9uc2VUbz0iXzk3ODhEOUU0QjNBNEUwM0M1OTE5NUI0QzQ0M0QwQzg5IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxOC0wMy0wMlQxODoyMjo0MVoiIERlc3RpbmF0aW9uPSJodHRwOi8vbWVsbG9uLmV4YW1wbGUuY29tL21lbGxvbi9wb3N0UmVzcG9uc2UiPjxzYW1sOklzc3Vlcj5odHRwczovL2F1dGgub3BlbmlkLmNsdWIvc2FtbC9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI%2BPF…ybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ%2BPC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiBGcmllbmRseU5hbWU9InVpZCI%2BPHNhbWw6QXR0cmlidXRlVmFsdWU%2BY291ZG90PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U%2B
```
And we have this error:
```
[Fri Mar 02 19:22:43.281515 2018] [auth_mellon:debug] [pid 5393] auth_mellon_handler.c(268): [client 127.0.0.1:60994] loaded IdP "https://auth.openid.club/saml/metadata" from "/etc/apache2/mellon/idp-metadata.xml".
[Fri Mar 02 19:22:43.281553 2018] [auth_mellon:error] [pid 5393] [client 127.0.0.1:60994] Error processing authn response. Lasso error: [-409] Unsupported protocol profile
```
This is because the value is URL encoded, and it should not. This should only be the case with GET.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1384Content Security Policy prevent SAML redirection2018-04-03T20:35:39ZClément OUDOTContent Security Policy prevent SAML redirectionWhen trying SAML with POST, the autopost is not working because of CSP:
> Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à http://mellon.example.com/mellon/postResponse (« form-action https:/...When trying SAML with POST, the autopost is not working because of CSP:
> Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à http://mellon.example.com/mellon/postResponse (« form-action https://auth.openid.club https://mellon.example.com https://mellon.example.com »).2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1383Include 2nd factor register page in menu2018-05-09T04:51:33ZClément OUDOTInclude 2nd factor register page in menuI just tested the new TOTP feature and it works great!
I will try to add a menu button that will link to register page if the feature is enabled.
We also need to let user remove the 2nd factor if he wants to.I just tested the new TOTP feature and it works great!
I will try to add a menu button that will link to register page if the feature is enabled.
We also need to let user remove the 2nd factor if he wants to.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1382Kerberos - Username / Session uncorrectly set2018-03-01T13:12:39ZAnthony ROUSSELKerberos - Username / Session uncorrectly set### Concerned version
Version: 1.9.15
Apache 2.4.25 (debian)
### Summary
We try LL::NG with kerberos (1.9.15) to make LemonLdap our sso handler for self-made applications without auth form
Username (auth_user) is not set in session o...### Concerned version
Version: 1.9.15
Apache 2.4.25 (debian)
### Summary
We try LL::NG with kerberos (1.9.15) to make LemonLdap our sso handler for self-made applications without auth form
Username (auth_user) is not set in session or session isn't correctly created after kerberos auth.
In consequence, username isn't shown (tpl: AUTH_USER var > see screenshot: ![screen](/uploads/237f25b0b2ab0ea73c84efd65f7208f8/screen.png) & the session is not put in sessions history.
Despite this, it seems information needed are succesfully set because, I can get the information I want in saml token for example.
I think it's more a display issue or use-issue (uncorrect setting in manager?) but I don't know what kind of information I can provide to complete this report..1.9.16Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1380Propose a better look and feel for login form2019-12-09T10:27:03ZClément OUDOTPropose a better look and feel for login formI will see if we can have a better login form, without losing all configuration settings for buttons and authentication choices. There are a lot of examples here:
* https://www.webdesignboom.net/2014/html-css-login-form-templates/
* http...I will see if we can have a better login form, without losing all configuration settings for buttons and authentication choices. There are a lot of examples here:
* https://www.webdesignboom.net/2014/html-css-login-form-templates/
* https://colorlib.com/wp/html5-and-css3-login-forms/
This a low priority but could be really nice for 2.0.BacklogChristophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1379Feature: External Second Factor over REST API2018-02-27T16:47:25ZMathieu Lecompte-melançonFeature: External Second Factor over REST APIIt's possible to allow a direct call to a REST API for the second factor.
https://lemonldap-ng.org/documentation/2.0/external2f
Currently we trying to make a bash file, who make a curl request inside to use with the External process fe...It's possible to allow a direct call to a REST API for the second factor.
https://lemonldap-ng.org/documentation/2.0/external2f
Currently we trying to make a bash file, who make a curl request inside to use with the External process feature.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1376U2F registration fails with recent Firefox2018-03-14T06:05:03ZYaddU2F registration fails with recent FirefoxFAQYaddYadd