lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-05-19T19:41:51Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1313History not display during login2018-05-19T19:41:51ZYaddHistory not display during loginHistory is well displayed in menu but not during login (if asked)History is well displayed in menu but not during login (if asked)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1312errors using saml post sso2018-05-19T19:41:51Zdcoutadeur dcoutadeurerrors using saml post ssoHere is the use case:
- LemonLDAP 2.0 SAML IdP, authentication = combination (Kerberos, LDAP)
- LemonLDAP SAML SP
On the IdP, I get the following errors, which lead to a 500 internal error
```
Use of uninitialized value $encryp...Here is the use case:
- LemonLDAP 2.0 SAML IdP, authentication = combination (Kerberos, LDAP)
- LemonLDAP SAML SP
On the IdP, I get the following errors, which lead to a 500 internal error
```
Use of uninitialized value $encryption_mode in pattern match (m//) at /usr/local/share/perl5/Lemonldap/NG/Portal/Lib/SAML.pm line 2888.
Use of uninitialized value $encryption_mode in pattern match (m//) at /usr/local/share/perl5/Lemonldap/NG/Portal/Lib/SAML.pm line 2890.
Use of uninitialized value $encryption_mode in concatenation (.) or string at /usr/local/share/perl5/Lemonldap/NG/Portal/Lib/SAML.pm line 362.
[warn] No IDP found in configuration
Argument "Lasso::Constants::LOGIN_PROTOCOL_PROFILE_BRWS_ART" isn't numeric in numeric eq (==) at /usr/local/share/perl5/Lemonldap/NG/Portal/Issuer/SAML.pm line 726.
Argument "Lasso::Constants::LOGIN_PROTOCOL_PROFILE_BRWS_ART" isn't numeric in numeric eq (==) at /usr/local/share/perl5/Lemonldap/NG/Portal/Issuer/SAML.pm line 743.
mod_fcgid: stderr: Attribute (storageModule) does not pass the type constraint because: Validation failed for 'Str' with value undef at /usr/lib64/perl5/vendor_perl/Mouse/Util.pm line 383., referer: https://www.auth.example.com/
mod_fcgid: stderr: \tMouse::Util::throw_error('Mouse::Meta::Attribute=HASH(0x198c3e8)', 'Attribute (storageModule) does not pass the type constraint b...', 'data', undef, 'depth', -1) called at /usr/local/share/perl5/Lemonldap/NG/Portal/Lib/SAML.pm line 2778, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Portal::Lib::SAML::getSamlSession('Lemonldap::NG::Portal::Issuer::SAML=HASH(0x2, referer: https://www.auth.example.com/
mod_fcgid: stderr: 1a10a0)', undef, 'HASH(0x3ea8bd8)') called at /usr/local/share/perl5/Lemonldap/NG/Portal/Issuer/SAML.pm line 809, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Portal::Issuer::SAML::run('Lemonldap::NG::Portal::Issuer::SAML=HASH(0x21a10a0)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)', 'singleSignOn') called at /usr/local/share/perl5/Lemonldap/NG/Portal/Main/Issuer.pm line 123, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Portal::Main::Issuer::__ANON__('Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)') called at /usr/local/share/perl5/Lemonldap, referer: https://www.auth.example.com/
mod_fcgid: stderr: /NG/Portal/Main/Process.pm line 25, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Portal::Main::process('Lemonldap::NG::Portal::Main=HASH(0x1631c20)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)') called at /usr/local/share/perl5/Lemonldap/NG/Portal/Main/Run.pm line 162, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Portal::Main::do('Lemonldap::NG::Portal::Main=HASH(0x1631c20)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)', 'ARRAY(0x3ea2660)') called at /usr/local/share/perl5/Lemonldap/NG/Portal/Main/Issuer.pm line 125, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Porta, referer: https://www.auth.example.com/
mod_fcgid: stderr: l::Main::Issuer::_forAuthUser('Lemonldap::NG::Portal::Issuer::SAML=HASH(0x21a10a0)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)', 'singleSignOn') called at /usr/local/share/perl5/Lemonldap/NG/Portal/Main/Plugin.pm line 45, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Portal::Main::Plugin::__ANON__('Lemonldap::NG::Portal::Main=HASH(0x1631c20)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)', 'singleSignOn') called at /usr/local/share/perl5/Lemonldap/NG/Common/PSGI/Router.pm line 145, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Common::PSGI, referer: https://www.auth.example.com/
mod_fcgid: stderr: ::Router::followPath('Lemonldap::NG::Portal::Main=HASH(0x1631c20)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)', 'HASH(0x28b6900)', 'ARRAY(0x1908c18)') called at /usr/local/share/perl5/Lemonldap/NG/Common/PSGI/Router.pm line 141, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Common::PSGI::Router::followPath('Lemonldap::NG::Portal::Main=HASH(0x1631c20)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)', 'HASH(0xafa820)', 'ARRAY(0x1908c18)') called at /usr/local/share/perl5/Lemonldap/NG/Common/PSGI/Router.pm line 1, referer: https://www.auth.example.com/
mod_fcgid: stderr: 29, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Common::PSGI::Router::handler('Lemonldap::NG::Portal::Main=HASH(0x1631c20)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)') called at /usr/local/share/perl5/Lemonldap/NG/Portal/Main/Run.pm line 36, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Portal::Main::handler('Lemonldap::NG::Portal::Main=HASH(0x1631c20)', 'Lemonldap::NG::Portal::Main::Request=HASH(0x3e6db80)') called at /usr/local/share/perl5/Lemonldap/NG/Handler/PSGI/Try.pm line 71, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tLemonldap::NG::Handler::PSGI::Try::__ANON__('HASH(0x3e5faa0)') , referer: https://www.auth.example.com/
mod_fcgid: stderr: called at /usr/share/perl5/vendor_perl/Plack/Util.pm line 142, referer: https://www.auth.example.com/
mod_fcgid: stderr: \teval {...} called at /usr/share/perl5/vendor_perl/Plack/Util.pm line 142, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tPlack::Util::run_app('CODE(0x3e5d178)', 'HASH(0x3e5faa0)') called at /usr/share/perl5/vendor_perl/Plack/Handler/FCGI.pm line 134, referer: https://www.auth.example.com/
mod_fcgid: stderr: \tPlack::Handler::FCGI::run('Plack::Handler::FCGI=HASH(0xadfc48)', 'CODE(0x3e5d178)') called at /usr/local/lemonldap-ng/htdocs/portal/htdocs/index.fcgi line 8, referer: https://www.auth.example.com/
```
It seems some Lasso variables are not loaded. The other errors may be only consequences...2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1309Custom functions can't be evaluated when the portal is on Apache2018-05-19T19:41:51ZValérie BaucheCustom functions can't be evaluated when the portal is on ApacheWhen portal is deployed with Apache, we cannot set custom function file :
PerlRequire won't work with fcgi
llng-fastcgi-server is only for nginx
So when a custom function needs to be evaluated on the portal it fails (Undefined subro...When portal is deployed with Apache, we cannot set custom function file :
PerlRequire won't work with fcgi
llng-fastcgi-server is only for nginx
So when a custom function needs to be evaluated on the portal it fails (Undefined subroutine)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1305Logout fails when SAML issuer is enabled2018-05-19T19:41:51ZRick JongbloedLogout fails when SAML issuer is enabledWhen logging out an error is displayed "Internal server error". This occurs both in Apache and NGINX.
I've atached the Apache2 logging as this logging is more verbose, but the same error occurs. I haven't yet had the time to troublesh...When logging out an error is displayed "Internal server error". This occurs both in Apache and NGINX.
I've atached the Apache2 logging as this logging is more verbose, but the same error occurs. I haven't yet had the time to troubleshoot the file Session.pm
[debug] Get session b9ae5cce84b7d6ad9d0736812a86f92be519e84118afb4c76504831c3c3b7882 from Handler internal cache
[debug] removing cookie
[debug] User adminuser was granted to access to /?logout=1
[debug] Start routing default route
[debug] Processing importHandlerDatas
[debug] Processing controlUrl
[debug] Processing checkLogout
[debug] Processing code ref
[debug] Processing code ref
[debug] Processing code ref
[Sat Sep 23 18:01:54.244076 2017] [fcgid:warn] [pid 6501] [client 192.168.1.19:42089] mod_fcgid: stderr: Can't call method "can" on an undefined value at /usr/local/share/perl/5.24.1/Lemonldap/NG/Common/Apache/Session.pm line 22., referer: https://auth.artificialcreature.com:20443/
[Sat Sep 23 18:01:54.244838 2017] [deflate:debug] [pid 6501] mod_deflate.c(853): [client 192.168.1.19:42089] AH01384: Zlib: Compressed 21 to 23 : URL /index.fcgi, referer: https://auth.artificialcreature.com:20443/
if you need more information, please let me know as i've got both NGINX and Apache2 setup.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1302Move all HTML fragments into templates2018-05-19T19:41:51ZYaddMove all HTML fragments into templatesThe following files generate HTML fragment inside Perl code. The idea is to move HTML strings into template files.
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
* l...The following files generate HTML fragment inside Perl code. The idea is to move HTML strings into template files.
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/History.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SingleSession.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm
* lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1300Improve "reload Urls" restrictions2018-05-19T19:41:50ZYaddImprove "reload Urls" restrictionsA workaround has been found for ##1297 (1.9.12) but should be improved for 2.0.A workaround has been found for ##1297 (1.9.12) but should be improved for 2.0.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1292Menu categories order is not correctly saved/loaded2018-05-19T19:41:50ZClément OUDOTMenu categories order is not correctly saved/loadedWhen changing order of categories in menu, we see that they are saved:
```
[debug] User dwho was granted to access to /mysession/persistent
[debug] Start routing mysession
[debug] Update dwho persistent session
auth.example.com:80 ...When changing order of categories in menu, we see that they are saved:
```
[debug] User dwho was granted to access to /mysession/persistent
[debug] Start routing mysession
[debug] Update dwho persistent session
auth.example.com:80 127.0.0.1 - - [04/Sep/2017:14:56:24 +0200] "PUT /mysession/persistent HTTP/1.1" 200 390 "http://auth.example.com:19876/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0"
{code}
But when reconnecting the order is not correctly loaded, values seems buggy:
{code}
[debug] Store sort_,sort_,sort_ in session key _appsListOrder
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1290Server error when REST/SOAP servers enabled2018-05-19T19:41:50ZClément OUDOTServer error when REST/SOAP servers enabledWhen enabling REST/SOAP servers and reloading portal page, we have this error:
```
[info] Loading configuration 2 for process 30641
[debug] Process 30641 calls defaultValuesInit
[debug] Process 30641 calls jailInit
[debug] Custom f...When enabling REST/SOAP servers and reloading portal page, we have this error:
```
[info] Loading configuration 2 for process 30641
[debug] Process 30641 calls defaultValuesInit
[debug] Process 30641 calls jailInit
[debug] Custom function : My::hello
[debug] Custom function : My::get_additional_arg
[debug] Process 30641 calls portalInit
[debug] Process 30641 calls locationRulesInit
[info] Rules logout_app and logout_app_sso require Apache>=2
[info] Rules logout_app and logout_app_sso require Apache>=2
[debug] Process 30641 calls sessionStorageInit
[debug] Process 30641 calls headersInit
[debug] Process 30641 calls postUrlInit
[debug] Compiling POST data for /form.html
[debug] Process 30641 calls aliasInit
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[debug] Launching Lemonldap::NG::Portal::Main->reloadConf(conf)
[debug] Module Lemonldap::NG::Portal::Auth::Demo loaded
[warn] Using demonstration mode, go to Manager to edit the configuration
[debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
[debug] Plugin ::Auth::Demo initializated
[debug] Module Lemonldap::NG::Portal::UserDB::Demo loaded
[debug] Plugin ::UserDB::Demo initializated
[debug] Vhost test1.example.com added in trusted domains
[debug] Vhost manager.example.com added in trusted domains
[debug] Vhost test2.example.com added in trusted domains
[debug] Module Lemonldap::NG::Portal::Main::Menu loaded
[debug] Plugin ::Main::Menu initializated
[debug] Module Lemonldap::NG::Portal::Plugins::History loaded
[debug] Found afterDatas entry point:
[debug] -> run
[debug] Plugin ::Plugins::History initializated
[debug] Module Lemonldap::NG::Portal::Plugins::Upgrade loaded
[debug] Declaring auth route
[debug] Add GET route:
[debug] route upgradesession added
[debug] Declaring auth route
[debug] Add POST route:
[debug] route upgradesession added
[debug] Plugin ::Plugins::Upgrade initializated
[debug] Module Lemonldap::NG::Portal::Plugins::SOAPServer loaded
[debug] Declaring unauth route
[debug] Add POST route:
[debug] route sessions added
[debug] Declaring unauth route
[debug] Add POST route:
[debug] route adminSessions added
[debug] Declaring auth route
[debug] Add POST route:
[debug] route sessions added
[debug] Declaring auth route
[debug] Add POST route:
[debug] route adminSessions added
[debug] Declaring unauth route
[debug] Add POST route:
[debug] route config added
[debug] Declaring auth route
[debug] Add POST route:
[debug] route config added
[debug] Plugin ::Plugins::SOAPServer initializated
[debug] Module Lemonldap::NG::Portal::Plugins::RESTServer loaded
[debug] Declaring unauth route
[debug] Add GET route:
[debug] route virtualHosts added
[debug] route samlIDPMetaDataNodes added
[debug] route samlSPMetaDataNodes added
[debug] route applicationList added
[debug] route oidcOPMetaDataNodes added
[debug] route oidcRPMetaDataNodes added
[debug] route authChoiceModules added
[debug] route grantSessionRules added
[debug] route : added
[debug] route confs added
[debug] Declaring unauth route
[debug] Add GET route:
[debug] route * added
[debug] route : added
[debug] route confs added
[debug] Declaring unauth route
[debug] Add GET route:
[debug] route : added
[debug] route sessions added
[debug] Declaring unauth route
[debug] Add POST route:
Not a HASH reference at /home/clement/dev/lemonldap/trunk/lemonldap-ng-common/blib/lib/Lemonldap/NG/Common/PSGI/Router.pm line 41, <FILE> line 1.
[Wed Aug 30 18:50:46.506860 2017] [fcgid:warn] [pid 30613:tid 140497117656832] (104)Connexion ré-initialisée par le correspondant: [client 127.0.0.1:45846] mod_fcgid: error reading data from FastCGI server, referer: http://manager.example.com:19876/manager.html
[Wed Aug 30 18:50:46.507060 2017] [core:error] [pid 30613:tid 140497117656832] [client 127.0.0.1:45846] End of script output before headers: index.fcgi, referer: http://manager.example.com:19876/manager.html
auth.example.com:80 127.0.0.1 - - [30/Aug/2017:18:50:46 +0200] "GET / HTTP/1.1" 302 506 "http://manager.example.com:19876/manager.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0"
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1273Can't call method "logger" on an undefined value2018-05-19T19:41:49ZMathieu Lecompte-melançonCan't call method "logger" on an undefined valueWith "COMBI" mode between LDAP and DEMO, i can't login with my user ldap to LDAP backend
2017/07/17 15:05:16 [error] 2340#2340: *1636 FastCGI sent in stderr: "Can't call method "logger" on an undefined value at /usr/share/perl5/vendor...With "COMBI" mode between LDAP and DEMO, i can't login with my user ldap to LDAP backend
2017/07/17 15:05:16 [error] 2340#2340: *1636 FastCGI sent in stderr: "Can't call method "logger" on an undefined value at /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Lib/Net/LDAP.pm line 591" while reading response header from upstream, client: 10.193.11.11, server: auth.beta.urgences-sante.qc.ca, request: "POST / HTTP/1.1", upstream: "fastcgi://unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock:", host: "auth.beta.urgences-sante.qc.ca", referrer: "http://auth.beta.urgences-sante.qc.ca/"2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1271Bad behaviour with static content2018-05-19T19:41:49ZMathieu Lecompte-melançonBad behaviour with static contentIn test page, ther some js reference to portal js like:
http://auth.beta.urgences-sante.qc.ca/skins/bootstrap/js/bootstrap.js
But apparently when i load manually the link i obtain the portal web page note the JSIn test page, ther some js reference to portal js like:
http://auth.beta.urgences-sante.qc.ca/skins/bootstrap/js/bootstrap.js
But apparently when i load manually the link i obtain the portal web page note the JS2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1267Allow custom regexp for vhost display2018-05-19T19:41:49ZMathieu ParentAllow custom regexp for vhost displayCurrently "Display application" has 3 possibilities : yes/no/auto (auto means use location rules).
We need a fourth possibility to have an application visible in the portal to a group while being accessible by a more broad group.
P...Currently "Display application" has 3 possibilities : yes/no/auto (auto means use location rules).
We need a fourth possibility to have an application visible in the portal to a group while being accessible by a more broad group.
Proposal : accept an expression like in location rules.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1258no successful password notification message2018-05-19T19:41:49Zdcoutadeur dcoutadeurno successful password notification messageWhen changing password on the portal, the user never gets a successful notification message.When changing password on the portal, the user never gets a successful notification message.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1252Bad URL in OIDC authentication flow when first authentication2018-05-19T19:41:48ZClément OUDOTBad URL in OIDC authentication flow when first authenticationWhen testing OIDC authentication from RP without being authenticated on OP, the flow ends with a "Bad URL" error after login+consent screen:
```
[debug] Get session 8faa76011d8e811799d0c1af8c754e70a0448801040170684b2e219fe473892b
[debug...When testing OIDC authentication from RP without being authenticated on OP, the flow ends with a "Bad URL" error after login+consent screen:
```
[debug] Get session 8faa76011d8e811799d0c1af8c754e70a0448801040170684b2e219fe473892b
[debug] removing cookie
[debug] User dwho was granted to access to /oauth2/authorize?response_type=code&client_id=lemonldap&scope=openid%20profile%20address%20email%20phone&redirect_uri=http%3A%2F%2Fauth.example.com%2Foauth2.pl%3Fopenidconnectcallback%3D1&state=ABCDEFGHIJKLMNOPQRSTUVWXXZ&nonce=1234567890&display=popup&prompt=consent&ui_locales=fr-CA%20en-GB%20en%20fr-FR%20fr
[debug] Start routing oauth2
[debug] Processing _forAuthUser
[notice] Bad (or expired) token 1497288803_7661
[debug] Processing importHandlerDatas
[debug] Processing controlUrl
[debug] Confirm parameter accepted 1
[error] Value must be in BASE64 (param: url | value: http://auth.example.com:19876/oauth2/authorize?issuerRequestoauth2=1497288803_7661)
[debug] Returned error: 37
Status: Unknown command line : dwho => /oauth2/authorize?response_type=code&client_id=lemonldap&scope=openid profile address email phone&redirect_uri=http:/auth.example.com/oauth2.pl?openidconnectcallback=1&state=ABCDEFGHIJKLMNOPQRSTUVWXXZ&nonce=1234567890&display=popup&prompt=consent&ui_locales=fr-CA en-GB en fr-FR fr 37
[debug] Skin returned: error
[debug] Calling sendHtml with template error
[debug] Starting HTML generation using /home/clement/dev/lemonldap/trunk/lemonldap-ng-portal/site/templates/bootstrap/error.tpl
```2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1251Internal Server error if no OIDC session storage defined2018-05-19T19:41:48ZClément OUDOTInternal Server error if no OIDC session storage definedIn a simple OIDC configuration, we may not need to define a specific session stroage for OIDC technical sessions.
But in this case we have this error:
```
[Tue Jun 13 15:15:05.678223 2017] [fcgid:warn] [pid 21088:tid 139656070940416] [...In a simple OIDC configuration, we may not need to define a specific session stroage for OIDC technical sessions.
But in this case we have this error:
```
[Tue Jun 13 15:15:05.678223 2017] [fcgid:warn] [pid 21088:tid 139656070940416] [client 127.0.0.1:39570] mod_fcgid: stderr: Attribute (storageModule) does not pass the type constraint because: Validation failed for 'Str' with value undef at /usr/lib/x86_64-linux-gnu/perl5/5.22/Mouse/Util.pm line 386., referer: http://auth.example.com:19876/oauth2/authorize?response_type=code&client_id=lemonldap&scope=openid%20profile%20address%20email%20phone&redirect_uri=http%3A%2F%2Fauth.example.com%2Foauth2.pl%3Fopenidconnectcallback%3D1&state=ABCDEFGHIJKLMNOPQRSTUVWXXZ&nonce=1234567890&display=popup&prompt=consent&ui_locales=fr-CA%20en-GB%20en%20fr-FR%20fr
[Tue Jun 13 15:15:05.678261 2017] [fcgid:warn] [pid 21088:tid 139656070940416] [client 127.0.0.1:39570] mod_fcgid: stderr: \tMouse::Util::throw_error(Mouse::Meta::Attribute=HASH(0x559b3f4c8500), "Attribute (storageModule) does not pass the type constraint b"..., "data", undef, "depth", -1) called at /home/clement/dev/lemonldap/trunk/lemonldap-ng-portal/blib/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm line 652, referer: http://auth.example.com:19876/oauth2/authorize?response_type=code&client_id=lemonldap&scope=openid%20profile%20address%20email%20phone&redirect_uri=http%3A%2F%2Fauth.example.com%2Foauth2.pl%3Fopenidconnectcallback%3D1&state=ABCDEFGHIJKLMNOPQRSTUVWXXZ&nonce=1234567890&display=popup&prompt=consent&ui_locales=fr-CA%20en-GB%20en%20fr-FR%20fr
```
All technical session storage should use the default one if not configured.
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1250No translation and no logo in OIDC consent page2018-05-19T19:41:48ZClément OUDOTNo translation and no logo in OIDC consent pageWhen displaying OIDC consent file, translated strings are not shown, see screenshot.
And we also have CSP error if logo is not in portal
```
Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à...When displaying OIDC consent file, translated strings are not shown, see screenshot.
And we also have CSP error if logo is not in portal
```
Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à https://lemonldap-ng.org/_media/wiki/logo.png (« img-src http://auth.example.com:19876 data: »)
```
But for this I think we just need to update CSP parameter for portal when using logos from outside. It should be said in documentation.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1249OIDC Consent is automatically accepted2018-05-19T19:41:48ZClément OUDOTOIDC Consent is automatically acceptedWhen using OIDC and requesting user consent for attributes sharing, the consent is automatically accepted after 30s even if the timer is not displayed.
The form should never be automatically submitted if timer is not active.When using OIDC and requesting user consent for attributes sharing, the consent is automatically accepted after 30s even if the timer is not displayed.
The form should never be automatically submitted if timer is not active.2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1248Invalid call to upgradesession in OpenID Connect authorization2018-05-19T19:41:48ZClément OUDOTInvalid call to upgradesession in OpenID Connect authorizationWhen testing OIDC with prompt=consent, I have this error:
```
[debug] Client id lemonldap match RP rp-example
Use of uninitialized value $_lastAuthnUTime in addition (+) at /home/clement/dev/lemonldap/trunk/lemonldap-ng-portal/blib/lib/...When testing OIDC with prompt=consent, I have this error:
```
[debug] Client id lemonldap match RP rp-example
Use of uninitialized value $_lastAuthnUTime in addition (+) at /home/clement/dev/lemonldap/trunk/lemonldap-ng-portal/blib/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm line 281.
Use of uninitialized value $_lastAuthnUTime in concatenation (.) or string at /home/clement/dev/lemonldap/trunk/lemonldap-ng-portal/blib/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm line 282.
[debug] Reauthentication forced cause authentication time () is too old (>3600 s)
[debug] Returned error: 85
Status: Unknown command line : dwho => /oauth2/authorize?response_type=code&client_id=lemonldap&scope=openid profile address email phone&redirect_uri=http:/auth.example.com/oauth2.pl?openidconnectcallback=1&state=ABCDEFGHIJKLMNOPQRSTUVWXXZ&nonce=1234567890&display=popup&prompt=consent&ui_locales=fr-CA en-GB en fr-FR fr&login_hint=coudot&max_age=3600&id_token_hint=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhenAiOiJsZW1vbmxkYXAiLCJzdWIiOiJjb3Vkb3QiLCJpYXQiOjE0MjcyOTkyMzIsImF1dGhfdGltZSI6MTQyNzI5NjA1NCwiZXhwIjoiMzYwMCIsIm5vbmNlIjoiMTIzNDU2Nzg5MCIsImF1ZCI6WyJsZW1vbmxkYXAiXSwiYXRfaGFzaCI6InBkR0Fwb2VUTy01MzR6X1dDbDFxS1EiLCJhY3IiOiJsb2EtMiIsImlzcyI6Imh0dHA6Ly9hdXRoLmV4YW1wbGUuY29tLyJ9.QRU8KV0dDwUbfAYA3CbcNpYE3SGaqn2nHb6qT76i2-Y 85
[debug] Skin returned: upgradesession
[debug] Calling sendHtml with template upgradesession
```2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1239Add an alt attribute and a cursor to flag icons2018-05-19T19:41:48ZClément OUDOTAdd an alt attribute and a cursor to flag iconsWhen flag icon, we should display an alternative text instead of a broken image (and this will also increase accessibility).
And also a click cursor can be better to materialize that flags are buttons.When flag icon, we should display an alternative text instead of a broken image (and this will also increase accessibility).
And also a click cursor can be better to materialize that flags are buttons.2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1236No redirect is done after OpenID Connect logout2018-05-19T19:41:47ZClément OUDOTNo redirect is done after OpenID Connect logoutI updated OpenID Connect code on 2.0 for #1233 and I found that post_logout_redirect_uri is not taken into account if the user choose to close its session (after confirmation).
I notice that the logout process always return an error, an...I updated OpenID Connect code on 2.0 for #1233 and I found that post_logout_redirect_uri is not taken into account if the user choose to close its session (after confirmation).
I notice that the logout process always return an error, and I don't find why:
```
[debug] URL detected as an OpenID Connect END SESSION URL
[debug] OIDC request parameter post_logout_redirect_uri: http://auth.example.com/oauth2.pl
[debug] Store http://auth.example.com/oauth2.pl in hidden key post_logout_redirect_uri
[debug] OIDC request parameter state: ABCDEFGHIJKLMNOPQRSTUVW
[debug] Store ABCDEFGHIJKLMNOPQRSTUVW in hidden key state
[debug] Processing code ref
[debug] Processing authLogout
[debug] Processing deleteSession
[debug] Try to get SSO session 66cef3d689e22f16712e803e6304587c14578b0fd4967f0aee74154423a1b0ec
[debug] Return SSO session 66cef3d689e22f16712e803e6304587c14578b0fd4967f0aee74154423a1b0ec
[debug] Local handler logout
[notice] User dwho has been disconnected
[debug] Session 66cef3d689e22f16712e803e6304587c14578b0fd4967f0aee74154423a1b0ec deleted from global storage
[debug] Returned error: 47
[error] Logout process returns error code 47
[debug] Returned error: 24
```
Any idea?
2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1235Confirm buttons always return 12018-05-19T19:41:47ZClément OUDOTConfirm buttons always return 1When using the confirm.tpl template, it seems that "accept" and "refuse" buttons both set confirm parameter to 1.
Here is a log when "refuse" button is clicked:
```
[debug] Processing controlUrl
[debug] Confirm parameter accepted 1
```When using the confirm.tpl template, it seems that "accept" and "refuse" buttons both set confirm parameter to 1.
Here is a log when "refuse" button is clicked:
```
[debug] Processing controlUrl
[debug] Confirm parameter accepted 1
```2.0.0Clément OUDOTClément OUDOT