lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-10-29T16:04:52Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1531LDAP parameters are dropped if authentication backend is AD2018-10-29T16:04:52ZClément OUDOTLDAP parameters are dropped if authentication backend is ADIf we choose AD as authentication backend, all LDAP parameters are dropped.If we choose AD as authentication backend, all LDAP parameters are dropped.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1530AD Password module is missing2018-10-29T17:35:44ZClément OUDOTAD Password module is missingThe Portal/Password/AD.pm module is missingThe Portal/Password/AD.pm module is missing2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1529Custom modules are erased by package updates2018-11-15T09:32:44ZClément OUDOTCustom modules are erased by package updatesWe have the possibility to have Custom modules in 2.0, but as they are part of the distribution, if we modify them, they are erased by packages update.
We should not ship these modules inside LL::NG code, or call them "Custom.example" i...We have the possibility to have Custom modules in 2.0, but as they are part of the distribution, if we modify them, they are erased by packages update.
We should not ship these modules inside LL::NG code, or call them "Custom.example" instead of "Custom.pm", or ship them in doc/, not in modules.
What do you think?2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1528Issuer CAS redirect on bad service URL2018-11-15T09:38:22ZClément OUDOTIssuer CAS redirect on bad service URLWhen service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).When service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1524The choice is not saved in $req-data2018-10-16T15:26:00ZClément OUDOTThe choice is not saved in $req-dataWe have some code to read $req->data->{_authChoice} but this data is never set.We have some code to read $req->data->{_authChoice} but this data is never set.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1518Possibility to override portal messages2018-10-17T09:44:45ZClément OUDOTPossibility to override portal messagesIn 1.9 we had the possibility to override portal messages, see https://lemonldap-ng.org/documentation/1.9/portalcustom#messages
This does not seem possible in 2.0 anymore, as translations are provided trough a JSON file.
How could we r...In 1.9 we had the possibility to override portal messages, see https://lemonldap-ng.org/documentation/1.9/portalcustom#messages
This does not seem possible in 2.0 anymore, as translations are provided trough a JSON file.
How could we restore this feature?2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1517Password backend not called with Choice2018-11-19T17:40:07ZClément OUDOTPassword backend not called with ChoiceI have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemo...I have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[debug] Get session 0e7d87c9809be37657096372bd2af908
[debug] removing cookie
[debug] User coudot was granted to access to /
[debug] Start routing default route
[debug] Processing importHandlerData
[debug] Processing restoreArgs
[debug] Processing controlUrl
[debug] Processing checkLogout
[debug] Processing code ref
[debug] Launching ::Auth::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::UserDB::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::Password::Choice::_modifyPassword
[debug] Choice 2LDAP selected
[debug] Choice 2LDAP selected from pdata
[debug] Bad old password
[debug] Unbind and disconnect from ldap://localhost
[debug] Returned error: 39
[debug] Skin returned: error
[debug] Calling sendHtml with template error
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Apply following CSP : form-action 'self';frame-ancestors 'none';
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1513SAML replay protection is not replaying authentication2018-10-28T12:27:08ZClément OUDOTSAML replay protection is not replaying authenticationAs SAML SP, when we check replay protection, we should replay authentication if the check fails:
```
unless ( $self->replayProtection($assertion_responded) ) {
# Assertion was already consumed or is e...As SAML SP, when we check replay protection, we should replay authentication if the check fails:
```
unless ( $self->replayProtection($assertion_responded) ) {
# Assertion was already consumed or is expired
# Force authentication replay
$self->userLogger->error(
"Message $assertion_responded already used or expired, replay authentication"
);
delete $req->{urldc};
$req->mustRedirect(1);
$req->steps( [] );
return PE_OK;
}
```
But at this moment we did not set $req->user so we end with this error in Portal/Main/Process.pm
```
sub extractFormInfo {
my ( $self, $req ) = @_;
return PE_ERROR unless ( $self->_authentication );
my $ret = $self->_authentication->extractFormInfo($req);
if ( $ret == PE_OK and not( $req->user or $req->continue ) ) {
$self->logger->error(
'Authentication module succeed but has not set $req->user');
return PE_ERROR;
}
```
Should we not set "$req->continue" in our SAML code?2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1510GrantSession module does not work2018-10-07T20:42:22ZChristophe Maudouxchrmdx@gmail.comGrantSession module does not work### Concerned version
Version: 2.0
### Summary
1/ GrantSession.pm is not loaded when rules are set from Manager
2/ Seems rules are not applied
### Logs
[debug] **Store dwho in session key uid**
[debug] Launching ::Plugins::GrantSess...### Concerned version
Version: 2.0
### Summary
1/ GrantSession.pm is not loaded when rules are set from Manager
2/ Seems rules are not applied
### Logs
[debug] **Store dwho in session key uid**
[debug] Launching ::Plugins::GrantSession::run
[debug] **Grant session condition "$uid ne "dwho"##no"**
[debug] Processing storeHistory
[debug] Current login saved into successLogin
[debug] Found 'whatToTrace' -> dwho2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1508Test all password reset by mail workflows2020-07-28T14:01:48ZClément OUDOTTest all password reset by mail workflowsWhen testing password reset, submitting twice the same mail did not show a confirmation page to inform that a mail was already sent.
The log seems to show the opposite:
```
[debug] Build URL http://auth.example.com:19876/resetpwd?skin=b...When testing password reset, submitting twice the same mail did not show a confirmation page to inform that a mail was already sent.
The log seems to show the opposite:
```
[debug] Build URL http://auth.example.com:19876/resetpwd?skin=bootstrap
[debug] Redirect 127.0.0.1 to portal (url was /resetpwd?skin=bootstrap)
[debug] User not authenticated, Try in use, cancel redirection
[debug] Start routing resetpwd
[debug] Trying to load token 1537653191_524
[debug] Good captcha response
[debug] Captcha code verified
[debug] Processing getUser
[debug] Processing setSessionInfo
[debug] Processing setMacros
[debug] Processing setGroups
[debug] Processing setPersistentSessionInfo
[debug] Persistent session found for dwho
[debug] Restore persistent parameter _loginHistory
[debug] Restore persistent parameter _updateTime
[debug] Processing setLocalGroups
[debug] Try to get SSO session be2b1fb4c2201bf63c2243073335d0262b9b399965a375c4acd137f7c8803456
[debug] Return SSO session be2b1fb4c2201bf63c2243073335d0262b9b399965a375c4acd137f7c8803456
[debug] Mail session found: be2b1fb4c2201bf63c2243073335d0262b9b399965a375c4acd137f7c8803456
[debug] Mail expiration timestamp: 1537796370
[debug] Mail start timestamp: 1537724370
[notice] Reset mail already sent to dwho
[debug] Display called with code: 72
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Display "confirm mail sent"
[debug] Starting HTML generation using /home/clement/dev/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/mail.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /home/clement/dev/lemonldap-ng/lemonldap-ng-portal/site/templates/bootstrap/mail.tpl
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self';frame-ancestors 'none';
auth.example.com:80 127.0.0.1 - - [23/Sep/2018:19:51:21 +0200] "POST /resetpwd?skin=bootstrap HTTP/1.1" 200 7597
auth.example.com:80 127.0.0.1 - - [23/Sep/2018:19:51:21 +0200] "GET /static/bwr/bootstrap/dist/css/bootstrap-theme.css HTTP/1.1" 302 543
```
Maybe an issue in the template.2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1507Force authentication to access to Portal is no more available2018-11-24T11:21:16ZChristophe Maudouxchrmdx@gmail.comForce authentication to access to Portal is no more available### Summary
On 2.0.0 Option is missing...
Force authentication: set to 'On' to force authentication when user connects to portal, even if he has a valid session
### Design proposition
Like in 1.9### Summary
On 2.0.0 Option is missing...
Force authentication: set to 'On' to force authentication when user connects to portal, even if he has a valid session
### Design proposition
Like in 1.92.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1502Server error when SAML metadata parsing not possible2018-09-11T09:07:46ZClément OUDOTServer error when SAML metadata parsing not possibleIf we have some metadata that are not compliant to Lasso parser, we return a server error (Error 500).
As SAML metadata parsing occurs at init, we can't display the portal anymore. I suggest we just set a warn log message and let the po...If we have some metadata that are not compliant to Lasso parser, we return a server error (Error 500).
As SAML metadata parsing occurs at init, we can't display the portal anymore. I suggest we just set a warn log message and let the portal end its process.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1497Move "afterData" entry point before "buildCookie" and add "endAuth" entrypoint2018-09-05T13:43:59ZYaddMove "afterData" entry point before "buildCookie" and add "endAuth" entrypointNeeds also to modify notificationsNeeds also to modify notifications2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1477SAML Common Domain Cookie2018-09-04T09:50:03ZClément OUDOTSAML Common Domain CookieThe SAML CDC feature seems not working
First, I tried to create the local CDC page (CDC writer URL), like this:
```
# vi /usr/share/lemonldap-ng/portal/htdocs/cdc.fcgi
```
```perl
#!/usr/bin/perl
use Plack::Handler::FCGI;
use Lemonldap...The SAML CDC feature seems not working
First, I tried to create the local CDC page (CDC writer URL), like this:
```
# vi /usr/share/lemonldap-ng/portal/htdocs/cdc.fcgi
```
```perl
#!/usr/bin/perl
use Plack::Handler::FCGI;
use Lemonldap::NG::Portal::CDC;
# Roll your own
my $server = Plack::Handler::FCGI->new();
$server->run( Lemonldap::NG::Portal::CDC->run( {} ) );
```
```
# chmod +x /usr/share/lemonldap-ng/portal/htdocs/cdc.fcgi
```
When accessing to https://auth.openid.club/cdc.fcgi, we have this error:
```
==> /var/log/apache2/error.log <==
[Wed Jul 18 09:21:21.548027 2018] [fcgid:warn] [pid 94631] (104)Connection reset by peer: [client 92.184.102.58:40262] mod_fcgid: error reading data from FastCGI server
[Wed Jul 18 09:21:21.548173 2018] [core:error] [pid 94631] [client 92.184.102.58:40262] End of script output before headers: cdc.fcgi
==> /var/log/apache2/other_vhosts_access.log <==
auth.openid.club:443 92.184.102.58 - - [18/Jul/2018:09:21:21 +0200] "GET /cdc.fcgi HTTP/1.1" 302 725 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
```
Then, when calling the CDC code from the Auth::SAML module, we have another error:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[info] No cookie found
[debug] Build URL https://auth.openid.club/
[debug] Redirect 92.184.102.58 to portal (url was /)
[debug] User not authenticated, Try in use, cancel redirection
[debug] Start routing default route
[debug] Processing restoreArgs
[debug] Processing controlUrl
[debug] Processing code ref
[debug] Processing code ref
[debug] Launching ::Issuer::SAML::storeEnv
[debug] Processing code ref
[debug] Launching ::Issuer::CAS::storeEnvAndCheckGateway
[debug] Processing code ref
[debug] Launching ::Issuer::OpenIDConnect::exportRequestParameters
[debug] Processing code ref
[debug] Launching ::Plugins::AutoSignin::check
[debug] Processing extractFormInfo
[debug] Will try to use Common Domain Cookie for IDP resolution
[Wed Jul 18 09:22:33.016415 2018] [fcgid:warn] [pid 94498] [client 92.184.102.58:40270] mod_fcgid: stderr: Can't locate object method "self_url" via package "Lemonldap::NG::Portal::Auth::SAML" at /usr/share/perl5/Lemonldap/NG/Portal/Auth/SAML.pm line 1418., referer: https://auth.openid.club/
==> /var/log/apache2/other_vhosts_access.log <==
auth.openid.club:443 92.184.102.58 - - [18/Jul/2018:09:22:33 +0200] "POST / HTTP/1.1" 500 3929 "https://auth.openid.club/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1465Enhance IDP selection2018-11-19T22:09:59ZClément OUDOTEnhance IDP selectionWe need a dedicated template for IDP selection, to keep confirm template for confirmation steps.
We should also have the same features for all protocols (CAS/SAML/OIDC):
* Automatic redirection when only one IDP available
* No timer whe...We need a dedicated template for IDP selection, to keep confirm template for confirmation steps.
We should also have the same features for all protocols (CAS/SAML/OIDC):
* Automatic redirection when only one IDP available
* No timer when redirecting to IDP (or make it configurable)
* IDP preslection rule
* Icon configuration2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1464Modify oidcConsents keys storage structure2018-07-22T21:15:23ZChristophe Maudouxchrmdx@gmail.comModify oidcConsents keys storage structure### Summary
Use an array of Json to store oidcConsents in persistent session.
Why not in SSO sessions too...
### Design proposition
Like _2fDevices### Summary
Use an array of Json to store oidcConsents in persistent session.
Why not in SSO sessions too...
### Design proposition
Like _2fDevices2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1463Login form JS errors2018-06-26T09:12:15ZChristophe Maudouxchrmdx@gmail.comLogin form JS errors### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
### Possible fixes
Modify HTML code
See screenshot
![login](/uploads/8ffee6c118835d8162f95f01b688fe44/login.png)### Concerned version
Version: 2.0.0
Platform: (Nginx/Apache/Node.js)
### Summary
### Possible fixes
Modify HTML code
See screenshot
![login](/uploads/8ffee6c118835d8162f95f01b688fe44/login.png)2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1460Warning in Main::Process2018-06-21T15:11:00ZClément OUDOTWarning in Main::Process```
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/^Lemonldap::NG::Portal::Main=HASH(0x5611f4d93788)->conf->{ <-- HERE multiValuesSeparator}/ at /usr/share/perl5/Lemonldap/NG/Portal/Main/Pro...```
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/^Lemonldap::NG::Portal::Main=HASH(0x5611f4d93788)->conf->{ <-- HERE multiValuesSeparator}/ at /usr/share/perl5/Lemonldap/NG/Portal/Main/Process.pm line 401.
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1455Registering U2F 2FA doesn't work2020-04-05T10:22:53ZPaul CurieRegistering U2F 2FA doesn't work### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
OS : Debian 9
### Summary
I activated U2F 2FA on llng manager and self registration, trying self registration, nothing happens if ...### Concerned version
Version: 2.0.0~alpha3+20180614095215+2019+master+stretch+olab1
Platform: Apache
OS : Debian 9
### Summary
I activated U2F 2FA on llng manager and self registration, trying self registration, nothing happens if I click on register and verify. also nothing in logs (apache mode debug, llng mode debug).
Also, on the 2FA registration page, "2ndFA Management" button redirect to https://auth.xps.local2fregisters/ instead of https://auth.xps.local/2fregisters/
Here's what I did :
- Install libu2f-server-dev from debian packages (1.0.1-3+b1)
- Install Crypt::U2F::Server::Simple 0.43 from sources (perl Makefile.pl, make, make install)
- Activation U2F on llng manager (Activation on, self registration on, U2F level 3, authorize to remove on)
- Try on chrome stable (67.0.3396.87-1) nothing happens
- Try on chromium-browser (66.0.3359.181-0ubuntu0.16.04.1) nothing happens
- Try on firefox (60.0.2) after setting security.webauth.u2f to true, nothing happens
I tried the old FIDO and new FIDO2 U2F security keys from yubikey (they both currently work with google/github)
I using a self-signed certificate for SSL, will try with a letsencrypt one.
### Logs
Clicking on 2FA management in portal :
```
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.174313 2018] [ssl:info] [pid 1166] [client 192.168.56.1:51154] AH01964: Connection to child 3 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.174839 2018] [ssl:debug] [pid 1166] ssl_engine_kernel.c(2115): [client 192.168.56.1:51154] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.174944 2018] [core:debug] [pid 1166] protocol.c(2219): [client 192.168.56.1:51154] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.176196 2018] [ssl:debug] [pid 1166] ssl_engine_kernel.c(2042): [client 192.168.56.1:51154] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.176521 2018] [ssl:info] [pid 1166] (70014)End of file found: [client 192.168.56.1:51154] AH01991: SSL input filter read failed.
[Thu Jun 14 20:12:40.178213 2018] [ssl:info] [pid 1168] [client 192.168.56.1:51156] AH01964: Connection to child 5 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.178646 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(2115): [client 192.168.56.1:51156] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.178707 2018] [core:debug] [pid 1168] protocol.c(2219): [client 192.168.56.1:51156] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.179382 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(2042): [client 192.168.56.1:51156] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.176928 2018] [ssl:debug] [pid 1166] ssl_engine_io.c(1044): [client 192.168.56.1:51154] AH02001: Connection closed to child 3 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:40.179942 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(366): [client 192.168.56.1:51156] AH02034: Initial (No.1) HTTPS request received for child 5 (server auth.xps.local:443), referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.180093 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.180107 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.180206 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.180217 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/
==> /var/log/apache2/error.log <==
[debug] Get session 9b2cd6ddbc456071ebfbe7e6886353bacc06be8f88ac5fdb1142c04c5b523f5f from Handler internal cache
[debug] removing cookie
[debug] User fd-admin was granted to access to /2fregisters
[debug] Start routing 2fregisters
[debug] Looking if u2F register is available
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.192924 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(366): [client 192.168.56.1:51156] AH02034: Subsequent (No.2) HTTPS request received for child 5 (server auth.xps.local:443), referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.193360 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.193577 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.193951 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.194191 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/
==> /var/log/apache2/error.log <==
[debug] Get session 9b2cd6ddbc456071ebfbe7e6886353bacc06be8f88ac5fdb1142c04c5b523f5f from Handler internal cache
[debug] removing cookie
[debug] User fd-admin was granted to access to /2fregisters/u
[debug] Start routing 2fregisters
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/u2fregister.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/u2fregister.tpl
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.200004 2018] [deflate:debug] [pid 1168] mod_deflate.c(853): [client 192.168.56.1:51156] AH01384: Zlib: Compressed 4996 to 1700 : URL /index.fcgi/2fregisters/u, referer: https://auth.xps.local/
[Thu Jun 14 20:12:40.215299 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(366): [client 192.168.56.1:51156] AH02034: Subsequent (No.3) HTTPS request received for child 5 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.216650 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.217790 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.219187 2018] [ssl:info] [pid 1172] [client 192.168.56.1:51158] AH01964: Connection to child 8 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.219903 2018] [ssl:debug] [pid 1172] ssl_engine_kernel.c(2115): [client 192.168.56.1:51158] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.220208 2018] [ssl:info] [pid 1188] [client 192.168.56.1:51160] AH01964: Connection to child 14 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.220459 2018] [ssl:info] [pid 1182] [client 192.168.56.1:51162] AH01964: Connection to child 0 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.220660 2018] [ssl:info] [pid 1164] [client 192.168.56.1:51164] AH01964: Connection to child 1 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.221264 2018] [ssl:debug] [pid 1164] ssl_engine_kernel.c(2115): [client 192.168.56.1:51164] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.221908 2018] [ssl:debug] [pid 1182] ssl_engine_kernel.c(2115): [client 192.168.56.1:51162] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.222591 2018] [ssl:debug] [pid 1188] ssl_engine_kernel.c(2115): [client 192.168.56.1:51160] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.223815 2018] [core:debug] [pid 1182] protocol.c(2219): [client 192.168.56.1:51162] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.224368 2018] [core:debug] [pid 1164] protocol.c(2219): [client 192.168.56.1:51164] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.224904 2018] [core:debug] [pid 1172] protocol.c(2219): [client 192.168.56.1:51158] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.225205 2018] [core:debug] [pid 1188] protocol.c(2219): [client 192.168.56.1:51160] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.226953 2018] [ssl:info] [pid 1189] [client 192.168.56.1:51166] AH01964: Connection to child 15 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.227920 2018] [ssl:info] [pid 1170] [client 192.168.56.1:51168] AH01964: Connection to child 7 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.228788 2018] [ssl:info] [pid 1173] [client 192.168.56.1:51170] AH01964: Connection to child 9 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.229205 2018] [ssl:debug] [pid 1173] ssl_engine_kernel.c(2115): [client 192.168.56.1:51170] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.229586 2018] [core:debug] [pid 1173] protocol.c(2219): [client 192.168.56.1:51170] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.230343 2018] [ssl:debug] [pid 1173] ssl_engine_kernel.c(2042): [client 192.168.56.1:51170] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.230881 2018] [ssl:debug] [pid 1189] ssl_engine_kernel.c(2115): [client 192.168.56.1:51166] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.231200 2018] [ssl:debug] [pid 1170] ssl_engine_kernel.c(2115): [client 192.168.56.1:51168] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.231444 2018] [core:debug] [pid 1170] protocol.c(2219): [client 192.168.56.1:51168] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.231611 2018] [core:debug] [pid 1189] protocol.c(2219): [client 192.168.56.1:51166] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.232664 2018] [ssl:debug] [pid 1164] ssl_engine_kernel.c(2042): [client 192.168.56.1:51164] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.232907 2018] [ssl:debug] [pid 1188] ssl_engine_kernel.c(2042): [client 192.168.56.1:51160] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.233271 2018] [ssl:info] [pid 1188] (70014)End of file found: [client 192.168.56.1:51160] AH01991: SSL input filter read failed.
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.233552 2018] [ssl:debug] [pid 1173] ssl_engine_kernel.c(366): [client 192.168.56.1:51170] AH02034: Initial (No.1) HTTPS request received for child 9 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.233964 2018] [ssl:debug] [pid 1189] ssl_engine_kernel.c(2042): [client 192.168.56.1:51166] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.234210 2018] [ssl:info] [pid 1164] (70014)End of file found: [client 192.168.56.1:51164] AH01991: SSL input filter read failed.
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.234591 2018] [authz_core:debug] [pid 1173] mod_authz_core.c(809): [client 192.168.56.1:51170] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.234852 2018] [ssl:debug] [pid 1189] ssl_engine_kernel.c(366): [client 192.168.56.1:51166] AH02034: Initial (No.1) HTTPS request received for child 15 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.235275 2018] [ssl:debug] [pid 1164] ssl_engine_io.c(1044): [client 192.168.56.1:51164] AH02001: Connection closed to child 1 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:40.235993 2018] [ssl:debug] [pid 1188] ssl_engine_io.c(1044): [client 192.168.56.1:51160] AH02001: Connection closed to child 14 with standard shutdown (server auth.xps.local:443)
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.236721 2018] [ssl:info] [pid 1174] [client 192.168.56.1:51172] AH01964: Connection to child 10 established (server manager.xps.local:443)
[Thu Jun 14 20:12:40.237192 2018] [ssl:debug] [pid 1174] ssl_engine_kernel.c(2115): [client 192.168.56.1:51172] AH02043: SSL virtual host for servername auth.xps.local found
[Thu Jun 14 20:12:40.237446 2018] [core:debug] [pid 1174] protocol.c(2219): [client 192.168.56.1:51172] AH03155: select protocol from , choices=h2,http/1.1 for server auth.xps.local
[Thu Jun 14 20:12:40.237984 2018] [ssl:debug] [pid 1170] ssl_engine_kernel.c(2042): [client 192.168.56.1:51168] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.238398 2018] [ssl:debug] [pid 1174] ssl_engine_kernel.c(2042): [client 192.168.56.1:51172] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.238601 2018] [ssl:debug] [pid 1174] ssl_engine_kernel.c(366): [client 192.168.56.1:51172] AH02034: Initial (No.1) HTTPS request received for child 10 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.238982 2018] [authz_core:debug] [pid 1174] mod_authz_core.c(809): [client 192.168.56.1:51172] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.239725 2018] [authz_core:debug] [pid 1174] mod_authz_core.c(809): [client 192.168.56.1:51172] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.241378 2018] [authz_core:debug] [pid 1189] mod_authz_core.c(809): [client 192.168.56.1:51166] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.241841 2018] [ssl:debug] [pid 1172] ssl_engine_kernel.c(2042): [client 192.168.56.1:51158] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.242380 2018] [authz_core:debug] [pid 1173] mod_authz_core.c(809): [client 192.168.56.1:51170] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.243227 2018] [authz_core:debug] [pid 1189] mod_authz_core.c(809): [client 192.168.56.1:51166] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.243664 2018] [ssl:debug] [pid 1182] ssl_engine_kernel.c(2042): [client 192.168.56.1:51162] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Jun 14 20:12:40.243886 2018] [ssl:info] [pid 1172] (70014)End of file found: [client 192.168.56.1:51158] AH01991: SSL input filter read failed.
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.244314 2018] [ssl:debug] [pid 1170] ssl_engine_kernel.c(366): [client 192.168.56.1:51168] AH02034: Initial (No.1) HTTPS request received for child 7 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.246244 2018] [ssl:debug] [pid 1172] ssl_engine_io.c(1044): [client 192.168.56.1:51158] AH02001: Connection closed to child 8 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:40.247672 2018] [deflate:debug] [pid 1173] mod_deflate.c(853): [client 192.168.56.1:51170] AH01384: Zlib: Compressed 1673 to 691 : URL /static/bootstrap/css/styles.min.css, referer: https://auth.xps.local/2fregisters/u
==> /var/log/apache2/manager.log <==
[Thu Jun 14 20:12:40.248321 2018] [ssl:info] [pid 1182] (70014)End of file found: [client 192.168.56.1:51162] AH01991: SSL input filter read failed.
==> /var/log/apache2/portal.log <==
[Thu Jun 14 20:12:40.249951 2018] [ssl:debug] [pid 1182] ssl_engine_io.c(1044): [client 192.168.56.1:51162] AH02001: Connection closed to child 0 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:40.250809 2018] [deflate:debug] [pid 1174] mod_deflate.c(853): [client 192.168.56.1:51172] AH01384: Zlib: Compressed 1899 to 710 : URL /static//common/js/u2fregistration.min.js, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.251439 2018] [authz_core:debug] [pid 1170] mod_authz_core.c(809): [client 192.168.56.1:51168] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.253355 2018] [authz_core:debug] [pid 1170] mod_authz_core.c(809): [client 192.168.56.1:51168] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.254126 2018] [deflate:debug] [pid 1170] mod_deflate.c(853): [client 192.168.56.1:51168] AH01384: Zlib: Compressed 9052 to 2302 : URL /static//common/js/u2f-api.min.js, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.254525 2018] [deflate:debug] [pid 1189] mod_deflate.c(853): [client 192.168.56.1:51166] AH01384: Zlib: Compressed 23409 to 2758 : URL /static/bwr/bootstrap/dist/css/bootstrap-theme.min.css, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.258695 2018] [deflate:debug] [pid 1168] mod_deflate.c(853): [client 192.168.56.1:51156] AH01384: Zlib: Compressed 121200 to 19726 : URL /static/bwr/bootstrap/dist/css/bootstrap.min.css, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.312857 2018] [ssl:debug] [pid 1168] ssl_engine_kernel.c(366): [client 192.168.56.1:51156] AH02034: Subsequent (No.4) HTTPS request received for child 5 (server auth.xps.local:443), referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.313215 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of Require all granted: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.313395 2018] [authz_core:debug] [pid 1168] mod_authz_core.c(809): [client 192.168.56.1:51156] AH01626: authorization result of <RequireAny>: granted, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:40.314158 2018] [deflate:debug] [pid 1168] mod_deflate.c(853): [client 192.168.56.1:51156] AH01384: Zlib: Compressed 10722 to 3845 : URL /static/languages/en.json, referer: https://auth.xps.local/2fregisters/u
[Thu Jun 14 20:12:45.257757 2018] [ssl:debug] [pid 1174] ssl_engine_io.c(1044): [client 192.168.56.1:51172] AH02001: Connection closed to child 10 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:45.259121 2018] [ssl:debug] [pid 1189] ssl_engine_io.c(1044): [client 192.168.56.1:51166] AH02001: Connection closed to child 15 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:45.259443 2018] [ssl:debug] [pid 1170] ssl_engine_io.c(1044): [client 192.168.56.1:51168] AH02001: Connection closed to child 7 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:45.259487 2018] [ssl:debug] [pid 1173] ssl_engine_io.c(1044): [client 192.168.56.1:51170] AH02001: Connection closed to child 9 with standard shutdown (server auth.xps.local:443)
[Thu Jun 14 20:12:45.320358 2018] [ssl:debug] [pid 1168] ssl_engine_io.c(1044): [client 192.168.56.1:51156] AH02001: Connection closed to child 5 with standard shutdown (server auth.xps.local:443)
```
Clicking on register or verify doesn't log anything
### Backends used
LDAP for auth/users/password
Files for sessions/config2.0.0Christophe Maudouxchrmdx@gmail.comChristophe Maudouxchrmdx@gmail.comhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1453Error when displaying CAS servers list2018-06-14T09:53:20ZClément OUDOTError when displaying CAS servers listLogs:
```
[debug] Processing extractFormInfo
[debug] Redirecting user to CAS server list
[debug] Returned error: 42
[debug] Display: confirm detected
[debug] Skin returned: confirm
[debug] Calling sendHtml with template confirm
[debug] S...Logs:
```
[debug] Processing extractFormInfo
[debug] Redirecting user to CAS server list
[debug] Returned error: 42
[debug] Display: confirm detected
[debug] Skin returned: confirm
[debug] Calling sendHtml with template confirm
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/confirm.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[warn] [anonymous] Unable to load template: HTML::Template::param() : attempt to set parameter 'list' with a scalar - parameter is not a TMPL_VAR! at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 268.
[error] Error 500: Unable to load template: HTML::Template::param() : attempt to set parameter 'list' with a scalar - parameter is not a TMPL_VAR! at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 268.
```2.0.0Clément OUDOTClément OUDOT