lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2020-04-05T10:22:53Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1455Registering U2F 2FA doesn't work2020-04-05T10:22:53ZPaul CurieRegistering U2F 2FA doesn't work### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
OS : Debian 9
### Summary
I activated U2F 2FA on llng manager and self registration, trying self registration, nothing happens if ...### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
OS : Debian 9
### Summary
I activated U2F 2FA on llng manager and self registration, trying self registration, nothing happens if I click on register and verify. also nothing in logs (apache mode debug, llng mode debug).
Also, on the 2FA registration page, "2ndFA Management" button redirect to https://auth.xps.local2fregisters/ instead of https://auth.xps.local/2fregisters/
Here's what I did :
- Install libu2f-server-dev from debian packages (1.0.1-3+b1)
- Install Crypt::U2F::Server::Simple 0.43 from sources (perl Makefile.pl, make, make install)
- Activation U2F on llng manager (Activation on, self registration on, U2F level 3, authorize to remove on)
- Try on chrome stable (67.0.3396.87-1) nothing happens
- Try on chromium-browser (66.0.3359.181-0ubuntu0.16.04.1) nothing happens
- Try on firefox (60.0.2) after setting security.webauth.u2f to true, nothing happens
I tried the old FIDO and new FIDO2 U2F security keys from yubikey (they both currently work with google/github)
I using a self-signed certificate for SSL, will try with a letsencrypt one.
### Logs
Clicking on 2FA management in portal :
```
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.174313 2018] [ssl:info] [pid 1166] [client 192.168.56.1:51154] AH01964: Connection to child 3 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.174839 2018] [ssl:debug] [pid 1166] ssl_engine_kernel.c(2115): [client 192.168.56.1:51154] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.174944 2018] [core:debug] [pid 1166] protocol.c(2219): [client 192.168.56.1:51154] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.176196 2018] [ssl:debug] [pid 1166] ssl_engine_kernel.c(2042): [client 192.168.56.1:51154] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.176521 2018] [ssl:info] [pid 1166] (70014)End of file found: [client 192.168.56.1:51154] AH01991: SSL input filter read failed.
[Thu Jun 14 20:12:40.178213 2018] [ssl:info] [pid 1168] [client 192.168.56.1:51156] AH01964: Connection to child 5 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.178646 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(2115): [client 192.168.56.1:51156] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.178707 2018] [core:debug] [pid 1168] protocol.c(2219): [client 192.168.56.1:51156] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.179382 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(2042): [client 192.168.56.1:51156] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.176928 2018] [ssl:debug] [pid 1166] ssl_engine_io.c(1044): [client 192.168.56.1:51154] AH02001: Connection closed to child 3 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:40.179942 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(366): [client 192.168.56.1:51156] AH02034: Initial (No.1) HTTPS request received for child 5 (server auth.xps.local:443), referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.180093 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.180107 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.180206 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.180217 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/
==> /var/log/apache2/error.log <==
[debug] Get session 9b2cd6ddbc456071ebfbe7e6886353bacc06be8f88ac5fdb1142c04c5b523f5f from Handler internal cache
[debug] removing cookie
[debug] User fd-admin was granted to access to /2fregisters
[debug] Start routing 2fregisters
[debug] Looking if u2F register is available
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.192924 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(366): [client 192.168.56.1:51156] AH02034: Subsequent (No.2) HTTPS request received for child 5 (server auth.xps.local:443), referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.193360 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.193577 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.193951 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.194191 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/
==> /var/log/apache2/error.log <==
[debug] Get session 9b2cd6ddbc456071ebfbe7e6886353bacc06be8f88ac5fdb1142c04c5b523f5f from Handler internal cache
[debug] removing cookie
[debug] User fd-admin was granted to access to /2fregisters/u
[debug] Start routing 2fregisters
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/u2fregister.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/u2fregister.tpl
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.200004 2018] [deflate:debug] [pid 1168] mod_deflate.c(853): [client 192.168.56.1:51156] AH01384: Zlib: Compressed 4996 to 1700 : URL /index.fcgi/2fregisters/u, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.215299 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(366): [client 192.168.56.1:51156] AH02034: Subsequent (No.3) HTTPS request received for child 5 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.216650 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.217790 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.219187 2018] [ssl:info] [pid 1172] [client 192.168.56.1:51158] AH01964: Connection to child 8 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.219903 2018] [ssl:debug] [pid 1172] ssl_engine_kernel.c(2115): [client 192.168.56.1:51158] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.220208 2018] [ssl:info] [pid 1188] [client 192.168.56.1:51160] AH01964: Connection to child 14 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.220459 2018] [ssl:info] [pid 1182] [client 192.168.56.1:51162] AH01964: Connection to child 0 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.220660 2018] [ssl:info] [pid 1164] [client 192.168.56.1:51164] AH01964: Connection to child 1 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.221264 2018] [ssl:debug] [pid 1164] ssl_engine_kernel.c(2115): [client 192.168.56.1:51164] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.221908 2018] [ssl:debug] [pid 1182] ssl_engine_kernel.c(2115): [client 192.168.56.1:51162] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.222591 2018] [ssl:debug] [pid 1188] ssl_engine_kernel.c(2115): [client 192.168.56.1:51160] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.223815 2018] [core:debug] [pid 1182] protocol.c(2219): [client 192.168.56.1:51162] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.224368 2018] [core:debug] [pid 1164] protocol.c(2219): [client 192.168.56.1:51164] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.224904 2018] [core:debug] [pid 1172] protocol.c(2219): [client 192.168.56.1:51158] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.225205 2018] [core:debug] [pid 1188] protocol.c(2219): [client 192.168.56.1:51160] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.226953 2018] [ssl:info] [pid 1189] [client 192.168.56.1:51166] AH01964: Connection to child 15 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.227920 2018] [ssl:info] [pid 1170] [client 192.168.56.1:51168] AH01964: Connection to child 7 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.228788 2018] [ssl:info] [pid 1173] [client 192.168.56.1:51170] AH01964: Connection to child 9 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.229205 2018] [ssl:debug] [pid 1173] ssl_engine_kernel.c(2115): [client 192.168.56.1:51170] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.229586 2018] [core:debug] [pid 1173] protocol.c(2219): [client 192.168.56.1:51170] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.230343 2018] [ssl:debug] [pid 1173] ssl_engine_kernel.c(2042): [client 192.168.56.1:51170] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.230881 2018] [ssl:debug] [pid 1189] ssl_engine_kernel.c(2115): [client 192.168.56.1:51166] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.231200 2018] [ssl:debug] [pid 1170] ssl_engine_kernel.c(2115): [client 192.168.56.1:51168] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.231444 2018] [core:debug] [pid 1170] protocol.c(2219): [client 192.168.56.1:51168] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.231611 2018] [core:debug] [pid 1189] protocol.c(2219): [client 192.168.56.1:51166] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.232664 2018] [ssl:debug] [pid 1164] ssl_engine_kernel.c(2042): [client 192.168.56.1:51164] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.232907 2018] [ssl:debug] [pid 1188] ssl_engine_kernel.c(2042): [client 192.168.56.1:51160] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.233271 2018] [ssl:info] [pid 1188] (70014)End of file found: [client 192.168.56.1:51160] AH01991: SSL input filter read failed.
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.233552 2018] [ssl:debug] [pid 1173] ssl_engine_kernel.c(366): [client 192.168.56.1:51170] AH02034: Initial (No.1) HTTPS request received for child 9 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.233964 2018] [ssl:debug] [pid 1189] ssl_engine_kernel.c(2042): [client 192.168.56.1:51166] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.234210 2018] [ssl:info] [pid 1164] (70014)End of file found: [client 192.168.56.1:51164] AH01991: SSL input filter read failed.
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.234591 2018] [authz_core:debug] [pid 1173] mod_authz_core.c(809): [client 192.168.56.1:51170] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.234852 2018] [ssl:debug] [pid 1189] ssl_engine_kernel.c(366): [client 192.168.56.1:51166] AH02034: Initial (No.1) HTTPS request received for child 15 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.235275 2018] [ssl:debug] [pid 1164] ssl_engine_io.c(1044): [client 192.168.56.1:51164] AH02001: Connection closed to child 1 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:40.235993 2018] [ssl:debug] [pid 1188] ssl_engine_io.c(1044): [client 192.168.56.1:51160] AH02001: Connection closed to child 14 with standard shutdown (server auth.xps.local:443)
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.236721 2018] [ssl:info] [pid 1174] [client 192.168.56.1:51172] AH01964: Connection to child 10 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.237192 2018] [ssl:debug] [pid 1174] ssl_engine_kernel.c(2115): [client 192.168.56.1:51172] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.237446 2018] [core:debug] [pid 1174] protocol.c(2219): [client 192.168.56.1:51172] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.237984 2018] [ssl:debug] [pid 1170] ssl_engine_kernel.c(2042): [client 192.168.56.1:51168] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.238398 2018] [ssl:debug] [pid 1174] ssl_engine_kernel.c(2042): [client 192.168.56.1:51172] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.238601 2018] [ssl:debug] [pid 1174] ssl_engine_kernel.c(366): [client 192.168.56.1:51172] AH02034: Initial (No.1) HTTPS request received for child 10 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.238982 2018] [authz_core:debug] [pid 1174] mod_authz_core.c(809): [client 192.168.56.1:51172] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.239725 2018] [authz_core:debug] [pid 1174] mod_authz_core.c(809): [client 192.168.56.1:51172] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.241378 2018] [authz_core:debug] [pid 1189] mod_authz_core.c(809): [client 192.168.56.1:51166] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.241841 2018] [ssl:debug] [pid 1172] ssl_engine_kernel.c(2042): [client 192.168.56.1:51158] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.242380 2018] [authz_core:debug] [pid 1173] mod_authz_core.c(809): [client 192.168.56.1:51170] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.243227 2018] [authz_core:debug] [pid 1189] mod_authz_core.c(809): [client 192.168.56.1:51166] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.243664 2018] [ssl:debug] [pid 1182] ssl_engine_kernel.c(2042): [client 192.168.56.1:51162] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.243886 2018] [ssl:info] [pid 1172] (70014)End of file found: [client 192.168.56.1:51158] AH01991: SSL input filter read failed.
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.244314 2018] [ssl:debug] [pid 1170] ssl_engine_kernel.c(366): [client 192.168.56.1:51168] AH02034: Initial (No.1) HTTPS request received for child 7 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.246244 2018] [ssl:debug] [pid 1172] ssl_engine_io.c(1044): [client 192.168.56.1:51158] AH02001: Connection closed to child 8 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:40.247672 2018] [deflate:debug] [pid 1173] mod_deflate.c(853): [client 192.168.56.1:51170] AH01384: Zlib: Compressed 1673 to 691 : URL /static/bootstrap/css/styles.min.css, referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.248321 2018] [ssl:info] [pid 1182] (70014)End of file found: [client 192.168.56.1:51162] AH01991: SSL input filter read failed.
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.249951 2018] [ssl:debug] [pid 1182] ssl_engine_io.c(1044): [client 192.168.56.1:51162] AH02001: Connection closed to child 0 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:40.250809 2018] [deflate:debug] [pid 1174] mod_deflate.c(853): [client 192.168.56.1:51172] AH01384: Zlib: Compressed 1899 to 710 : URL /static//common/js/u2fregistration.min.js, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.251439 2018] [authz_core:debug] [pid 1170] mod_authz_core.c(809): [client 192.168.56.1:51168] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.253355 2018] [authz_core:debug] [pid 1170] mod_authz_core.c(809): [client 192.168.56.1:51168] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.254126 2018] [deflate:debug] [pid 1170] mod_deflate.c(853): [client 192.168.56.1:51168] AH01384: Zlib: Compressed 9052 to 2302 : URL /static//common/js/u2f-api.min.js, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.254525 2018] [deflate:debug] [pid 1189] mod_deflate.c(853): [client 192.168.56.1:51166] AH01384: Zlib: Compressed 23409 to 2758 : URL /static/bwr/bootstrap/dist/css/bootstrap-theme.min.css, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.258695 2018] [deflate:debug] [pid 1168] mod_deflate.c(853): [client 192.168.56.1:51156] AH01384: Zlib: Compressed 121200 to 19726 : URL /static/bwr/bootstrap/dist/css/bootstrap.min.css, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.312857 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(366): [client 192.168.56.1:51156] AH02034: Subsequent (No.4) HTTPS request received for child 5 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.313215 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.313395 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.314158 2018] [deflate:debug] [pid 1168] mod_deflate.c(853): [client 192.168.56.1:51156] AH01384: Zlib: Compressed 10722 to 3845 : URL /static/languages/en.json, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:45.257757 2018] [ssl:debug] [pid 1174] ssl_engine_io.c(1044): [client 192.168.56.1:51172] AH02001: Connection closed to child 10 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:45.259121 2018] [ssl:debug] [pid 1189] ssl_engine_io.c(1044): [client 192.168.56.1:51166] AH02001: Connection closed to child 15 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:45.259443 2018] [ssl:debug] [pid 1170] ssl_engine_io.c(1044): [client 192.168.56.1:51168] AH02001: Connection closed to child 7 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:45.259487 2018] [ssl:debug] [pid 1173] ssl_engine_io.c(1044): [client 192.168.56.1:51170] AH02001: Connection closed to child 9 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:45.320358 2018] [ssl:debug] [pid 1168] ssl_engine_io.c(1044): [client 192.168.56.1:51156] AH02001: Connection closed to child 5 with standard shutdown (server auth.xps.local:443)
```
Clicking on register or verify doesn't log anything
### Backends used
LDAP for auth/users/password
Files for sessions/config2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1453Error when displaying CAS servers list2018-06-14T09:53:20ZClément OUDOTError when displaying CAS servers listLogs:
```
[debug] Processing extractFormInfo
[debug] Redirecting user to CAS server list
[debug] Returned error: 42
[debug] Display: confirm detected
[debug] Skin returned: confirm
[debug] Calling sendHtml with template confirm
[debug] S...Logs:
```
[debug] Processing extractFormInfo
[debug] Redirecting user to CAS server list
[debug] Returned error: 42
[debug] Display: confirm detected
[debug] Skin returned: confirm
[debug] Calling sendHtml with template confirm
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[warn] [anonymous] Unable to load template: HTML::Template::param() : attempt to set parameter 'list' with a scalar - parameter is not a TMPL_VAR! at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 268.
[error] Error 500: Unable to load template: HTML::Template::param() : attempt to set parameter 'list' with a scalar - parameter is not a TMPL_VAR! at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 268.
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1451CAS service ticket not validated with Choice + CAS client2018-06-13T10:25:19ZClément OUDOTCAS service ticket not validated with Choice + CAS clientLL::NG configured with Choice and CAS client
The initial service value when requesting ST is https://auth.openid.club/?lmAuth=8CAS, but the service valued when calling serviceValidate is https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CA...LL::NG configured with Choice and CAS client
The initial service value when requesting ST is https://auth.openid.club/?lmAuth=8CAS, but the service valued when calling serviceValidate is https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS.
Logs on CAS server (LL::NG 1.9):
```
[Wed Jun 13 11:29:03.436694 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Get service validate request with ticket ST-a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b for service https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS
[Wed Jun 13 11:29:03.439241 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: SERVICE ticket session a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b found
[Wed Jun 13 11:29:03.444351 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(114): /usr/share/perl5/Lemonldap/NG/Portal/IssuerDBCAS.pm 317:
[Wed Jun 13 11:29:03.444472 2018] [perl:error] [pid 2083:tid 140310743086848] Submitted service https://auth.openid.club/?lmAuth=8CAS&&lmAuth=8CAS does not match initial service https://auth.openid.club/?lmAuth=8CAS
[Wed Jun 13 11:29:03.465267 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: CAS session a68d2469f888296f2e7a8dc0813d623294a98ab1fd39ad0088e976d9fdb8ec0b deleted
[Wed Jun 13 11:29:03.465508 2018] [perl:debug] [pid 2083:tid 140310743086848] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Return CAS service validate error INVALID_SERVICE (Submitted service does not match initial service)
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1450Notifications module2018-06-24T15:30:07ZChristophe Maudouxchrmdx@gmail.comNotifications module### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Needs minor improvements :
- datepeeker doesn t work
- logins history not displayed after notification agreement
- set default required value if not fi...### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Needs minor improvements :
- datepeeker doesn t work
- logins history not displayed after notification agreement
- set default required value if not filled
- disable delete button when unuseful
### Backends used
json file
### Possible fixes
may be afterDatas ???2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1449Error in SAML SOAP SLO2018-06-30T06:43:22ZClément OUDOTError in SAML SOAP SLOLogs:
```
[info] No cookie found
[debug] Build URL https://auth.openid.club/saml/singleLogoutSOAP
[debug] Redirect 81.250.130.213 to portal (url was /saml/singleLogoutSOAP)
[debug] User not authenticated, Try in use, cancel redirection
[...Logs:
```
[info] No cookie found
[debug] Build URL https://auth.openid.club/saml/singleLogoutSOAP
[debug] Redirect 81.250.130.213 to portal (url was /saml/singleLogoutSOAP)
[debug] User not authenticated, Try in use, cancel redirection
[debug] Start routing saml
[debug] URL /saml/singleLogoutSOAP detected as an SLO URL
[debug] SAML method: HTTP-SOAP
[debug] HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutRequest ID="_D8BE91A18DBF1A0E39126D5F5C9C334F" Version="2.0" IssueInstant="2018-06-12T14:09:26Z" Destination="https://auth.openid.club/saml/singleLogoutSOAP"><saml:Issuer>http://auth.example.com/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_D8BE91A18DBF1A0E39126D5F5C9C334F">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>QL0hbUrxYkjJ1nriazjbecV0/jw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>dUinvXMdWwSdncUyJnsZaaDgWIhqB8oL1LQ2nRrJhFZWYPT/+nLaxf3TR4Y3u/Op
Z17apn3ziOnVM5baCplHp6c/5tQg4cUK0ToMOi5niK9e6XgFi2lJ8K16euoykpFk
B570kxzbqq222CHc/Mblm/QjMgVQkK/VITbMVfgn8HdL+B69xLydya6gJb/pKH2f
peDmk/FDAhwJoedFHScGcksljKEQq0BqzdmIR9bUOMZx1J+mX9NyMUrNDCPHJQgv
RASg4vVXuNYLodsLjHvcfDH0pwJ5E5h6Kx4BYpY+XuB2mh22nUiSNtRnnjKtMuIu
07YDQm3ujnix7xQ8p27Xfg==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>
kkxNhKZRa3SyMsK5fuGG7Uc/wDCRomk7x46dfmtgON8I7jABnWTzs38acdMI6JNC
xTEZ9BFTgcott5rCrvXJlg9u/JJxy3alT5HqJXV+AXw/6YIDiBkWO4Ow/NAKjqFM
S7wt2iPimdB/NzCC5lD3jTVrpsAR7TcaSLpnwP25WSK0TnvMXxUjVub3kxyf4+BX
ylKC+xAcphrSrwgcpwsGDvKpl66/jAEB7IP21ijUqY35UeMaaNVpajOsgGzTmqXK
P3U6L3YcVONi4v0tSM2ne1gIlmG8fS2xye9ns8ZuTEVk3DlHO5Zs4FaEb57GV1eD
Rxko/uJF7QWmWvUPeUPEcQ==
</Modulus>
<Exponent>
AQAB
</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">clement@oodo.net</saml:NameID><samlp:SessionIndex>02e3a70e5ea92083b236d97b030e2f55</samlp:SessionIndex>
</samlp:LogoutRequest></s:Body></s:Envelope>
[debug] SLO: Logout request is valid
[debug] Found entityID http://auth.example.com/saml/metadata in SAML message
[debug] http://auth.example.com/saml/metadata match ader-sfl SP in configuration
[debug] Get session id 43b011e743a811673980ca2d6c23457b (from session index 02e3a70e5ea92083b236d97b030e2f55)
[debug] Try to get SSO session 43b011e743a811673980ca2d6c23457b
[debug] Return SSO session 43b011e743a811673980ca2d6c23457b
[debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
<NidAndSessionIndex ProviderID="http://auth.example.com/saml/metadata" AssertionID="_C6F75D428CAC49D6C9004D0CA3BDBFB6" SessionIndex="02e3a70e5ea92083b236d97b030e2f55">
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">clement@oodo.net</saml:NameID>
</NidAndSessionIndex>
</Session>
[debug] Lasso Session loaded
[debug] Signature is valid
[debug] Destination https://auth.openid.club/saml/singleLogoutSOAP found in SAML message
[debug] Destination match URL https://auth.openid.club/saml/singleLogoutSOAP
[debug] Retrieve SAML session f7177e5995c85ad8b518010c5a3b8180
[debug] SAML session f7177e5995c85ad8b518010c5a3b8180 deleted
[debug] Processing code ref
[debug] Processing code ref
[debug] Processing code ref
[debug] Processing code ref
[debug] No CAS session found for session 43b011e743a811673980ca2d6c23457b
[debug] Processing code ref
[debug] Processing code ref
[debug] Processing deleteSession
[debug] Try to get SSO session 43b011e743a811673980ca2d6c23457b
[debug] Return SSO session 43b011e743a811673980ca2d6c23457b
[debug] Local handler logout
[notice] User coudot has been disconnected
[debug] Session 43b011e743a811673980ca2d6c23457b deleted from global storage
[debug] Returned error: 47
[debug] Calling autoredirect
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0"/>
[debug] SOAP response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutResponse ID="_05545D8FD79B02929AFCFC1AC73EBA0B" InResponseTo="_D8BE91A18DBF1A0E39126D5F5C9C334F" Version="2.0" IssueInstant="2018-06-12T14:09:26Z"><saml:Issuer>https://auth.openid.club/saml/metadata</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_05545D8FD79B02929AFCFC1AC73EBA0B">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>ztM0STN4rZ07Wjoh85Ti/FWFWk8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Vwv9WLlrPPFrg6jdGQjgorfHBziq947nDvCcTlW1LUQA8wdbT8h2gmLC8h97wbFX
uNIrWBAOB9G2ryRv4f4LHhxeogl3Ljsu2V9LHadYrxbE8lVadePJMrwOrg5YtOU/
Xi8YTua3Ao3i1pVZ2TuAYGOVFvhTC0bgVqC30bevVhOAkpxVh1QIbcqu9+asXdps
IsMtkhPwPNm7fXBFd6Tqfcb+loZX2+qdyc3nyK70gEbI/M6jV+6NOxuyNHrjwFRr
K12SZBA58YUiAKzUAHXVLDe0wz1EPZS2PYrKH1PVBeTQTUDeD2ilyN3m+HN83jlk
7Odfj53BY6Nswi97W+ZW/g==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDQDCCAigCCQDPU9MLFZJbWTANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJG
UjETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UEBwwETHlvbjEUMBIGA1UECgwL
T3BlbklEIENsdWIxGTAXBgNVBAMMEGF1dGgub3BlbmlkLmNsdWIwHhcNMTYwMjAx
MTU1NzQ4WhcNMjYwMTI5MTU1NzQ4WjBiMQswCQYDVQQGEwJGUjETMBEGA1UECAwK
U29tZS1TdGF0ZTENMAsGA1UEBwwETHlvbjEUMBIGA1UECgwLT3BlbklEIENsdWIx
GTAXBgNVBAMMEGF1dGgub3BlbmlkLmNsdWIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCocpKK4XMtIB7Wds1SPzJmEO4JnNNwoQ6cWT6TQazmOBynxNB/
rk/LjMC4TFJWHCnX/VYUahwPOnv7gmxB9mSgVspCV8AAiKeySJHqN/fRI2thA/Vv
P1cQa+mADlMVinQTHHr9hcTfjOCKwuIj8w4r52oYgTfWcgOss11IWDFbKW2kgJ2K
f8dUUy4TDblcl0hdbBw4sZdySYE8zIY1nt0KkqzNR3EFREUYcRZAsYv8weTbOCOR
bT84FWY/RosAb+Vhj11MsoTUrz8MVJ2KCTygbGYHYjcWgYDNOrqzDJjtkmB7pUE0
Jix/rHef0BkR5rJAFIizzkVMgldEnyERyfdBAgMBAAEwDQYJKoZIhvcNAQELBQAD
ggEBAHEle4w7HtVxrjiXOLkrXVGuD8INbdWoHLfVT+lE73A/uL+L+cCH1CWnB3JD
sn5W/0GD6vi85KY+ZSjQ7FaqGKeARYt+w2M5sYHysfLPztOw0IZLTYuOdDdOUTO7
U4wfidmxNnAHC30gCHH1SpfZ1/wxeW4Dn3BftFlelQRstz88o8Vf9dtv0K/LQpbe
ge4zD/HYKyu2voMCI1A1Wj+lrG0TSVIML24lrfP5DHfZeE2Scln5MdZjztKmMthb
4HEXF3zatGKaepuUZTT+3VU9NZyN/fMcRgNe65YSE9rAyA0Gu2/rGg3E9PbgxyFv
UQjBaidULEoGTRxqMIfed77zTjE=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope>
[info] No cookie found
[debug] Build URL https://auth.openid.club/saml/singleLogoutSOAP
[debug] Redirect 81.250.130.213 to portal (url was /saml/singleLogoutSOAP)
[debug] User not authenticated, Try in use, cancel redirection
[debug] Start routing saml
[debug] URL /saml/singleLogoutSOAP detected as an SLO URL
[debug] SAML method: HTTP-SOAP
[debug] HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><s:Body><samlp:LogoutRequest ID="_A62C5FF94A7B5DE2889923685D4C50B8" Version="2.0" IssueInstant="2018-06-12T14:09:26Z" Destination="https://auth.openid.club/saml/singleLogoutSOAP"><saml:Issuer>http://auth.example.com/saml/metadata</saml:Issuer><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">clement@oodo.net</saml:NameID><samlp:SessionIndex>02e3a70e5ea92083b236d97b030e2f55</samlp:SessionIndex>
</samlp:LogoutRequest></s:Body></s:Envelope>
[debug] SLO: Logout request is valid
[debug] Found entityID http://auth.example.com/saml/metadata in SAML message
[debug] http://auth.example.com/saml/metadata match ader-sfl SP in configuration
[warn] SAML session 02e3a70e5ea92083b236d97b030e2f55 isn't yet available
[Tue Jun 12 16:09:26.711616 2018] [fcgid:warn] [pid 60891] [client 81.250.130.213:48200] mod_fcgid: stderr: Can't use string ("59") as an ARRAY ref while "strict refs" in use at /usr/share/perl5/Lemonldap/NG/Handler/PSGI/Try.pm line 74.
[info] Session 43b011e743a811673980ca2d6c23457b can't be retrieved
[info] Session cannot be tied: Object does not exist in the data store at /usr/share/perl5/Apache/Session/Store/File.pm line 98.
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1448Full status for Nginx2018-06-13T04:16:09ZYaddFull status for Nginx### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.### Summary
Nginx doesn't provide good "status" feature: status daemon isn't unique.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1446No CDA redirection if already authenticated2018-06-11T12:05:13ZDejan SANADERNo CDA redirection if already authenticatedHello,
If I'm already authenticated on the main domain, I can't access a cross domain site.
If I authenticate through the cross domain site first, there is no such issue.
I've empirically pinpointed it to the following part (the CDA r...Hello,
If I'm already authenticated on the main domain, I can't access a cross domain site.
If I authenticate through the cross domain site first, there is no such issue.
I've empirically pinpointed it to the following part (the CDA redir block is not evaluated if authenticated) :
```diff
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index e32d0c027..af3f23d04 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -87,7 +87,8 @@ sub authenticatedRequest {
$req,
[
'importHandlerDatas', 'controlUrl',
- 'checkLogout', @{ $self->forAuthUser }
+ 'checkLogout', @{ $self->forAuthUser },
+ @{ $self->afterDatas },
]
);
}
```
I don't know if this change can cause some side effects, I've not witnessed any yet.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1443Hide countdown block when stopped2018-06-07T18:56:14ZChristophe Maudouxchrmdx@gmail.comHide countdown block when stopped### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Hide the countdown block when "wait" button is clicked.
Take a look at screenshot in attachment
![last_logins](/uploads/f2694ecdc4291d356192d098ace2f...### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
Hide the countdown block when "wait" button is clicked.
Take a look at screenshot in attachment
![last_logins](/uploads/f2694ecdc4291d356192d098ace2f049/last_logins.png)
### Possible fixes
Modify page js script2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1442Last logins not shown when second factors are enabled2018-06-13T21:12:12ZChristophe Maudouxchrmdx@gmail.comLast logins not shown when second factors are enabled### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
I checked the "Check my last logins" box at portal authentication form.
I entered my TOTP and wasn't redirect to last logins page.
### Possible fixes...### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
I checked the "Check my last logins" box at portal authentication form.
I entered my TOTP and wasn't redirect to last logins page.
### Possible fixes
Modify redirect rule2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1440CDA init failure2018-06-06T15:00:40ZDejan SANADERCDA init failureHello,
I've tried enabling CDA on a remote Handler following :
https://lemonldap-ng.org/documentation/2.0/soapminihowto
https://lemonldap-ng.org/documentation/2.0/cda
Access to the protected cross domain generates 500 errors :
```Can...Hello,
I've tried enabling CDA on a remote Handler following :
https://lemonldap-ng.org/documentation/2.0/soapminihowto
https://lemonldap-ng.org/documentation/2.0/cda
Access to the protected cross domain generates 500 errors :
```Can't locate object method "init" via package "Lemonldap::NG::Handler::Lib::CDA" at /usr/share/perl5/Lemonldap/NG/Handler/Lib/CDA.pm line 51```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1439Client Handler trips on empty values in SOAP config2018-06-01T15:20:42ZDejan SANADERClient Handler trips on empty values in SOAP configHello,
After enabling access to the global configuration through SOAP, the handler outputs 500 errors with the following detail :
```Can't use string ("") as a HASH ref while "strict refs" in use at /usr/share/perl5/Lemonldap/NG/Handle...Hello,
After enabling access to the global configuration through SOAP, the handler outputs 500 errors with the following detail :
```Can't use string ("") as a HASH ref while "strict refs" in use at /usr/share/perl5/Lemonldap/NG/Handler/Main/Reload.pm line 352```
The script trips on empty values (`=> ''`) in the configuration.
Commenting `use strict;` helped circumventing the error.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1437diff.html with only one config2018-06-24T14:55:40ZChristophe Maudouxchrmdx@gmail.comdiff.html with only one config### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
See screenshot in attachment
May be previous configuration does not exist anymore or only one remaining... ![diff](/uploads/c0e1b79fa1a3d36a1f20f4fd35f75577/diff.png)### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
See screenshot in attachment
May be previous configuration does not exist anymore or only one remaining... ![diff](/uploads/c0e1b79fa1a3d36a1f20f4fd35f75577/diff.png)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1431OIDC consents not well stored in session / displayed in portal2020-11-28T12:05:15ZClément OUDOTOIDC consents not well stored in session / displayed in portalSee ![Screenshot-2018-5-24_Authentication_portal](/uploads/119ca37100f88745d5a5e198e9c599cc/Screenshot-2018-5-24_Authentication_portal.png)See ![Screenshot-2018-5-24_Authentication_portal](/uploads/119ca37100f88745d5a5e198e9c599cc/Screenshot-2018-5-24_Authentication_portal.png)2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1430JS errors in OpenID Connect checksession iframe2018-11-08T21:59:12ZClément OUDOTJS errors in OpenID Connect checksession iframeWhen testing checksession, I got javascript errors in console:
```
TypeError: b is undefined[En savoir plus]
sha256.min.js:1:223
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:223
<anonyme>
https://auth.openid.cl...When testing checksession, I got javascript errors in console:
```
TypeError: b is undefined[En savoir plus]
sha256.min.js:1:223
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:223
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:199
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:164
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/sha256.min.js:1:2
TypeError: g is undefined[En savoir plus]
enc-base64.min.js:1:222
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/enc-base64.min.js:1:222
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/enc-base64.min.js:1:199
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/enc-base64.min.js:1:164
<anonyme>
https://auth.openid.club/static/bwr/crypto-js/enc-base64.min.js:1:2
ReferenceError: receiveMessage is not defined[En savoir plus]
oidcchecksession.min.js:1:316
<anonyme>
https://auth.openid.club/static/common/js/oidcchecksession.min.js:1:316
<anonyme>
https://auth.openid.club/static/common/js/oidcchecksession.min.js:1:2
ReferenceError: receiveMessage is not defined[En savoir plus]
oidcchecksession.min.js:1:251
<anonyme>
https://auth.openid.club/static/common/js/oidcchecksession.min.js:1:251
i
https://auth.openid.club/static/bwr/jquery/dist/jquery.min.js:2:27146
fireWith
https://auth.openid.club/static/bwr/jquery/dist/jquery.min.js:2:27914
ready
https://auth.openid.club/static/bwr/jquery/dist/jquery.min.js:2:29705
J
https://auth.openid.club/static/bwr/jquery/dist/jquery.min.js:2:29890
```2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1428Provide better logs with Nginx2018-05-22T16:41:12ZYaddProvide better logs with Nginx### Summary
In 1.9.*, Nginx doesn't log user id in access.log for LLNG applications (portal and manager). This is fixed in %"2.0.0" (commit 5493626)### Summary
In 1.9.*, Nginx doesn't log user id in access.log for LLNG applications (portal and manager). This is fixed in %"2.0.0" (commit 5493626)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1425CAS gateway mode2018-06-25T08:44:50ZClément OUDOTCAS gateway modeIn CAS protocol, if we use gateway=true, if the user is not authenticated, we should not stop on login form but redirect to CAS service without ticket.
This was working in 1.9 but not in 2.0.In CAS protocol, if we use gateway=true, if the user is not authenticated, we should not stop on login form but redirect to CAS service without ticket.
This was working in 1.9 but not in 2.0.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1422CAS renew + Auth Choice leads to empty page2018-05-20T07:17:14ZClément OUDOTCAS renew + Auth Choice leads to empty pageWhen testing CAS renew parameter and Auth Choice, we end up on an empty page:
![Screenshot-2018-5-14_Authentication_portal](/uploads/ba05ec271386be58e6fa0e1f2efd1aac/Screenshot-2018-5-14_Authentication_portal.png)
We should instead be ...When testing CAS renew parameter and Auth Choice, we end up on an empty page:
![Screenshot-2018-5-14_Authentication_portal](/uploads/ba05ec271386be58e6fa0e1f2efd1aac/Screenshot-2018-5-14_Authentication_portal.png)
We should instead be able to reauthenticate2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1417Better 2FA screen for end users2018-05-08T12:45:57ZClément OUDOTBetter 2FA screen for end usersTrying to use 2FA management skins, when key display is diabled we have a page with big blank zone:
![Screenshot-2018-5-6_Authentication_portal](/uploads/50ca56be14b75a4a64694e758887ee02/Screenshot-2018-5-6_Authentication_portal.png)
O...Trying to use 2FA management skins, when key display is diabled we have a page with big blank zone:
![Screenshot-2018-5-6_Authentication_portal](/uploads/50ca56be14b75a4a64694e758887ee02/Screenshot-2018-5-6_Authentication_portal.png)
Other issue, I don't see where we can remove the key (the option is enabled in Manager, but no button is shown).2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1401History not well managed by 2F engine2018-03-21T19:48:37ZYaddHistory not well managed by 2F engineVersion: 2.0Version: 2.02.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1400CLUSTER - Status page who check the working state of LLNG2018-05-17T04:31:32ZMathieu Lecompte-melançonCLUSTER - Status page who check the working state of LLNG### Summary
The idea is to tell Keepalived service that LLNG not working fine.
(EX: memory issue, or mongodb issue have generate an error 500) but nginx not fail-back even if there something wrong...
The idea is to add a HTTP_GET health...### Summary
The idea is to tell Keepalived service that LLNG not working fine.
(EX: memory issue, or mongodb issue have generate an error 500) but nginx not fail-back even if there something wrong...
The idea is to add a HTTP_GET healthcheck to told keepalived service to force a fail-over on the backup-node. That easy to do.
But to get it working on LLNG side we need a status page who will try to authenticate an (defined test user) and return a result like: Everthing seem to work! if not, another message. It's more like an unit test page who call on demand (every 30 seconde by keepalived service)
### Design proposition
auth.exemple.com/check_state
return a simple HTML page with the result.
Note: the result should not change between version to avoid failover when upgrade to a new version.2.0.0YaddYadd