lemonldap-ng issues
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues
2024-03-27T10:55:07Z
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3019
Update fontawesome to v5 (LTS)
2024-03-27T10:55:07Z
Benjamin Demarteau
Update fontawesome to v5 (LTS)
### Summary
Font awesome 4 which was [added a few months ago](https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/322) is great, but the next LTS has been available for a long time and has a lot more icons to chose from.
...
### Summary
Font awesome 4 which was [added a few months ago](https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/322) is great, but the next LTS has been available for a long time and has a lot more icons to chose from.
### Design proposition
Migrating from one the v4 to the v5 should be mostly painless (cf https://fontawesome.com/v5/docs/web/setup/upgrade-from-v4). Not sure if there are attention points.
2.20.0
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3015
Minimal skin to help developers
2024-03-27T10:04:16Z
Yadd
Minimal skin to help developers
LLNG is distributed with a bootstrap skin. We decided some years ago to stop developing alternatives skins because it requires too many work.
However, create a custom skin is a huge work if one wants to change for example bootstrap to s...
LLNG is distributed with a bootstrap skin. We decided some years ago to stop developing alternatives skins because it requires too many work.
However, create a custom skin is a huge work if one wants to change for example bootstrap to something else.
Proposition:
* continue to distribute LLNG with one elaborated skin
* add a very minimal skin, "_ready-to-be-changed_":
* no CSS
* minimize `portal.js` dependencies (maybe `jQuery` isn't really needed) **or** build it using a modern way _(Typescript + rollup)_
* no tabs and such CSS-based scripts...: Choice will simply provides `<ul><li>`
* move dependencies from common/*tpl to bootstrap/*.tpl
NB: this skin could also be used to simplify HTML parsing inside Perl tests
2.20.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3008
System to override any parameter using environment variables
2023-09-20T06:31:31Z
Yadd
System to override any parameter using environment variables
The idea here is to be able to override any LLNG parameter using an environment variable, especially when using docker images without manager.
Example:
```yaml
environment:
- LLNG_OVERRIDE_checkXSS = 0
- LLNG_OVERRIDE_ldapExpo...
The idea here is to be able to override any LLNG parameter using an environment variable, especially when using docker images without manager.
Example:
```yaml
environment:
- LLNG_OVERRIDE_checkXSS = 0
- LLNG_OVERRIDE_ldapExportedVars = {"Name":"cn"}
- LLNG_OVERRIDE_exportedVars_uid = cn
```
Then during configuration load, configuration changes to:
```js
{
"checkXSS": 0,
// Whole key changed
"ldapExportedVars": {
"Name": "cn"
},
// Only a subkey changed
"exportedVars": {
// ...
"uid": "cn",
// ...
},
}
```
Maybe useful to store secrets in env variables. Example:
```yaml
environment:
- LLNG_OVERRIDE_oidcRPMetaDataOption_tmail_clientSecret = mysuperpassword
- LLNG_OVERRIDE_key = mysecretkey
- LLNG_OVERRIDE_oidcServicePrivateKeySig = ...
```
Such system is implemented in my docker images.
In discussion
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3006
OIDC shouldn't rotate keys when they are fixed in lemonldap-ng.ini
2023-11-20T16:27:28Z
Yadd
OIDC shouldn't rotate keys when they are fixed in lemonldap-ng.ini
In discussion
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3005
Warning message in logs: Route "renewcaptcha" redefined
2023-12-14T16:54:17Z
Clément OUDOT
Warning message in logs: Route "renewcaptcha" redefined
At each restart/reload, we see this message in logs:
```
[Thu Sep 7 15:12:47 2023] [LLNG:1079613] [warn] Route "renewcaptcha" redefined
```
Not a real issue but would be better to fix.
At each restart/reload, we see this message in logs:
```
[Thu Sep 7 15:12:47 2023] [LLNG:1079613] [warn] Route "renewcaptcha" redefined
```
Not a real issue but would be better to fix.
In discussion
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3004
t/41-Captcha-with-LDAP.t fails in an updated Debian testing
2023-11-20T16:06:38Z
Yadd
t/41-Captcha-with-LDAP.t fails in an updated Debian testing
Here are the logs in debug mode:
```
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Logger Lemonldap::NG::Common::Logger::Std loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] User logger Lemonldap::NG::Common::Logger::Std load...
Here are the logs in debug mode:
```
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Logger Lemonldap::NG::Common::Logger::Std loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] User logger Lemonldap::NG::Common::Logger::Std loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Get remote configuration (localStorage unavailable).
Get configuration 1.
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Get configuration 1 aged 1428138808
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [info] Loading configuration 1 for process 2296308
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls defaultValuesInit
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls jailInit
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls portalInit
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls locationRulesInit
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls sessionStorageInit
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls headersInit
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls postUrlInit
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls aliasInit
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Process 2296308 calls oauth2Init
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Launching Lemonldap::NG::Portal::Main->reloadConf(conf)
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add POST route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add POST route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route psgi.js added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route psgi.js added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route portal.css added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route portal.css added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route : added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route : added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route ping added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route ping added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route refresh added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add OPTIONS route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add OPTIONS route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route logout added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route logout added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Initialized CSP headers : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Initialized CORS headers : Access-Control-Allow-Origin;*;Access-Control-Allow-Credentials;true;Access-Control-Allow-Headers;*;Access-Control-Allow-Methods;POST,GET;Access-Control-Expose-Headers;*;Access-Control-Max-Age;86400;
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Cookies will use SameSite=Lax
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::Main::Menu loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::Main::Menu initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::Auth::LDAP loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] LDAP Search base: dc=example,dc=com
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] LDAP transformed filter: (&(uid=".$req->{user}.")(objectClass=inetOrgPerson))
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::Auth::LDAP initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::UserDB::LDAP loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] LDAP Search base: dc=example,dc=com
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] LDAP transformed filter: (&(uid=".$req->{user}.")(objectClass=inetOrgPerson))
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::UserDB::LDAP initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::2F::Engines::Default loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking utotp2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking totp2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking u2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking rest2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking mail2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking ext2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking webauthn2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking yubikey2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking radius2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking password2fActivation
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking password2fSelfRegistration
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking totp2fSelfRegistration
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking u2fSelfRegistration
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking webauthn2fSelfRegistration
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Checking yubikey2fSelfRegistration
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> not enabled
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing Extra 2F modules
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::2F::Engines::Default initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::Captcha::SecurityImage loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route renewcaptcha added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::Captcha::SecurityImage initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::Plugins::History loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Found endAuth entry point:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> run
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::Plugins::History initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::Plugins::Upgrade loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route upgradesession added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add POST route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route upgradesession added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route renewsession added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add POST route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route renewsession added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::Plugins::Upgrade initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::Plugins::RESTServer loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add POST route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add DELETE route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route * added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route : added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add PUT route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route : added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route myapplications added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring auth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route languages added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Declaring unauth route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Add GET route:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] route languages added
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::Plugins::RESTServer initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::Password::Null loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Found forAuthUser entry point:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> _modifyPassword
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Plugin ::Password::Null initialized
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Vhost manager.example.com added in trusted domains
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Vhost test1.example.com added in trusted domains
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Vhost %.oneonly.llng added in trusted domains
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Vhost test.example.org added in trusted domains
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Vhost *.example.llng added in trusted domains
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Vhost test2.example.com added in trusted domains
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Vhost auth.example.com added in trusted domains
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [info] New request Lemonldap::NG::Portal::Main GET /
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] No cookie found
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Build URL http://auth.example.com/
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Redirect 127.0.0.1 to portal (url was /)
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] User not authenticated, Try in use, cancel redirection
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Start routing default route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing checkUnauthLogout
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing controlUrl
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing code ref
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing extractFormInfo
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Token 1694007948_1193 created
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Prepare captcha
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Calling hook sendHtml
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Returned error: 9 (PE_FIRSTACCESS)
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Display type standardform
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Skin returned: login
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Calling sendHtml with template login
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Calling hook sendHtml
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Starting HTML generation using site/templates/bootstrap/login.tpl
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Sending site/templates/bootstrap/login.tpl
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Apply following CORS policy:
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Access-Control-Allow-Origin
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] *
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Access-Control-Allow-Credentials
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] true
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Access-Control-Allow-Headers
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] *
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Access-Control-Allow-Methods
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] POST,GET
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Access-Control-Expose-Headers
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] *
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Access-Control-Max-Age
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] 86400
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Apply following CSP: default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action *;frame-ancestors 'none';
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [info] New request Lemonldap::NG::Portal::Main POST /
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] No cookie found
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Build URL http://auth.example.com/
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Redirect 127.0.0.1 to portal (url was /)
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] User not authenticated, Try in use, cancel redirection
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Start routing default route
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing checkUnauthLogout
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing restoreArgs
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing controlUrl
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing code ref
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing extractFormInfo
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Trying to load token 1694007948_1193
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Good captcha response
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Captcha code verified
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing getUser
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Try to build new LDAP connection with: ldap://localhost
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing authenticate
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Try to build new LDAP connection with: ldap://localhost
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Call bind for uid=dwho,ou=users,dc=example,dc=com
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] -> authResult = 0
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing setAuthSessionInfo
[Thu Sep 7 13:43:48 2023] [LLNG:2296308] [debug] Processing setSessionInfo
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing setMacros
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing setGroups
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing setPersistentSessionInfo
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Persistent session found for dwho
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing setLocalGroups
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing store
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store DEMO_demo in session key zeAUTHMODE_authmode
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store LDAP in session key _auth
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store dwho in session key _whatToTrace
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store DEMO in session key authMode
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store dwho in session key uid
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store 1694079828 in session key _lastAuthnUTime
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store 127.0.0.1 in session key ipAddr
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store uid=dwho,ou=users,dc=example,dc=com in session key _dn
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store LDAP in session key _userDB
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store dwho in session key _user
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store 2 in session key authenticationLevel
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store 1694079828 in session key _utime
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store Dr Who in session key cn
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store in session key array
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store su in session key groups
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store 20230907134348 in session key _startTime
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store en in session key _language
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Store HASH(0x55efea4059d0) in session key hGroups
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Dump: $VAR1 = {'su' => {'name' => 'su'}};
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Try to get a new SSO session
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Return SSO session 9dbf9f8ab008087a28106ddfde3193877c4f10371e2acbf946eed6a2b2d0cbb6
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] No 2F module authorized -> Update current request
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing secondFactor
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing storeHistory
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing buildCookie
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [notice] User dwho successfully authenticated at level 2
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] [notice] User dwho successfully authenticated at level 2
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing code ref
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Launching ::Plugins::History::run
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Processing code ref
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Removing keepPdata from pdata
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [notice] dwho connected
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] [notice] dwho connected
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Calling autoredirect
[Thu Sep 7 13:43:49 2023] [LLNG:2296308] [debug] Building redirection to http://auth.example.com/
# Failed test ' HTTP code is 200'
# at t/41-Captcha-with-LDAP.t line 61.
# Expect 200, get $VAR1 = [302,['Location','http://auth.example.com/','Set-Cookie','lemonldap=9dbf9f8ab008087a28106ddfde3193877c4f10371e2acbf946eed6a2b2d0cbb6; domain=.example.com; path=/; HttpOnly=1; SameSite=Lax'],[]];
# Failed test ' Page contains a form'
# at t/41-Captcha-with-LDAP.t line 61.
Use of uninitialized value in pattern match (m//) at t/41-Captcha-with-LDAP.t line 62.
# Failed test 'Password: Found text input'
# at t/41-Captcha-with-LDAP.t line 62.
Use of uninitialized value $query in substitution (s///) at t/41-Captcha-with-LDAP.t line 65.
# Failed test ' Token value is defined'
# at t/41-Captcha-with-LDAP.t line 66.
Use of uninitialized value in pattern match (m//) at t/41-Captcha-with-LDAP.t line 67.
# Failed test ' Login found'
# at t/41-Captcha-with-LDAP.t line 67.
Use of uninitialized value in pattern match (m//) at t/41-Captcha-with-LDAP.t line 69.
# Failed test ' Error found'
# at t/41-Captcha-with-LDAP.t line 69.
# Expect PE_6 or PE_7 found, get
Use of uninitialized value in pattern match (m//) at t/41-Captcha-with-LDAP.t line 72.
# Failed test ' Captcha image inserted'
# at t/41-Captcha-with-LDAP.t line 72.
# Expect Captcha found, get
Assert_Defined failed: Cache::BaseCache line 194
# Tests were run but no plan was declared and done_testing() was not seen.
# Looks like your test exited with 255 just after 23.
t/41-Captcha-with-LDAP.t ..........................................
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 7/23 subtests
```
In discussion
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2999
Better Session API
2024-03-27T09:45:47Z
Maxime Besson
Better Session API
The current session API is not very satisfying:
* We use the same method to create and update a session (getApacheSession) which leads to bugs when $id is unexpectedly `undef`, or when creation works but setting attributes fail
* Error ...
The current session API is not very satisfying:
* We use the same method to create and update a session (getApacheSession) which leads to bugs when $id is unexpectedly `undef`, or when creation works but setting attributes fail
* Error reporting is difficult (we need to test `$session->error`) and incomplete (#2995)
* Locking is not supported in most backends, which may cause bugs on high load
* Implementation is difficult to debug (use of `tie` behind the scenes, etc)
We should work on a new session API with cleaner methods, maybe we could even replace Apache::Session completely since I'm pretty sure noone uses Apache::Session::Browseable except for us, and Browseable backends are the recommended way to deploy LemonLDAP::NG ?
2.20.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2995
No error reporting when session update fails on DBI based modules (probably o...
2024-03-27T09:45:52Z
Maxime Besson
No error reporting when session update fails on DBI based modules (probably on others too)
### Affected version
Version: 2.17
### Summary
* Simulate a SQL error by adding a die() in the update() method of an Apache::Session::Store module
* Try to login
* No error reporting, but a session is created with invalid data (just t...
### Affected version
Version: 2.17
### Summary
* Simulate a SQL error by adding a die() in the update() method of an Apache::Session::Store module
* Try to login
* No error reporting, but a session is created with invalid data (just the session ID)
### Possible fixes
Hard to fix because the update method is called in Apache::Session destructor, so we cannot easily catch when the Store module dies because of a SQL error.
2.20.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2989
Bad parameter name : don't set oidcRPMetaDataOptionsRefreshToken when you wan...
2023-08-25T12:37:47Z
Yadd
Bad parameter name : don't set oidcRPMetaDataOptionsRefreshToken when you want to use refresh_token
Here is the strange code:
```perl
elsif ( $self->rpOptions->{$rp}->{oidcRPMetaDataOptionsRefreshToken} ) {
my $refreshTokenSession = $self->new...
Here is the strange code:
```perl
elsif ( $self->rpOptions->{$rp}->{oidcRPMetaDataOptionsRefreshToken} ) {
my $refreshTokenSession = $self->newRefreshToken(
$rp,
{
redirect_uri => $codeSession->data->{redirect_uri},
scope => $scope,
client_id => $client_id,
user_session_id => $codeSession->data->{user_session_id},
grant_type => "authorizationcode",
},
0,
);
```
The "0" disable the use of `oidcServiceOfflineSessionExpiration` _(or `oidcRPMetaDataOptionsOfflineSessionExpiration`)_ so `refresh_token` timeout is set to `$conf->{timeout}`.
@maxbes, @clement_oudot: is it normal or a bug ?
FAQ
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2978
Using the (unimplemented) claims= parameter in an OIDC authorize request trig...
2024-03-27T09:48:50Z
Maxime Besson
Using the (unimplemented) claims= parameter in an OIDC authorize request triggers XSS detection with authentication=Choice
### Affected version
Version: 2.16.2
### Summary
* Configure Choice as auth module (one Demo choice)
* Enable OIDC issuer
* Send an OIDC request with a "claims" parameter:
https://auth.example.com/oauth2/authorize?response_type=code...
### Affected version
Version: 2.16.2
### Summary
* Configure Choice as auth module (one Demo choice)
* Enable OIDC issuer
* Send an OIDC request with a "claims" parameter:
https://auth.example.com/oauth2/authorize?response_type=code&scope=openid&client_id=testrp&state=5azlOvBCuQcmlu_TeCGL317RuSk&redirect_uri=http%3A%2F%2Frp.example.com%2Foauth2callback&nonce=DkqDQChJVDWiLtyDknOYkRyC4xEDhlRMq_wEGtB8twU&claims={%22mail%22:%20null})
* A scary log is generated, but no other side effect (unless a custom URL is set in Choice module, maybe)*
### Logs
```
[error] XSS attack detected (param: URI | value: /oauth2/authorize?response_type=code&scope=openid&client_id=testrp&state=5azlOvBCuQcmlu_TeCGL317RuSk&redirect_uri=http%3A%2F%2Frp.example.com%2Foauth2callback&nonce=DkqDQChJVDWiLtyDknOYkRyC4xEDhlRMq_wEGtB8twU&claims={%22mail%22:%20null})
```
### Possible fixes
Relevant code from Lib::Choice
```
# Default URL
$req->data->{cspFormAction} ||= {};
if (
defined $url
and not $self->checkXSSAttack( 'URI',
$req->env->{'REQUEST_URI'} )
and $url =~
q%^(https?://)?[^\s/.?#$].[^\s]+$% # URL must be well formatted
)
{
my $csp_uri = $self->cspGetHost($url);
$req->data->{cspFormAction}->{$csp_uri} = 1;
}
```
There is no point in checking REQUEST_URI for potential XSS because REQUEST_URI is not used in Choice anymore.
In fact, I'm the one who accidentally removed REQUEST_URI from form destinations (see cd97d3b9227f16f0edcdd30b43a7dfe80f1c56f6).
There hasn't been any complains because pdata already saves REQUEST_URI.
@guimard: I need some advice here on what to do
* Fix my mistake and introduce back the following line:
```
$url .= $req->env->{'REQUEST_URI'};
```
which will break OIDC requests that use the "claims" parameter ?
* Or just remove the useless XSS check ?
2.20.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2976
Wish to sync LLNG to github
2023-07-25T11:52:31Z
Yadd
Wish to sync LLNG to github
From [GitHub](https://github.com/LemonLDAPNG/lemonldap-ng/issues/1)
> Thank you to the team for developing LemonLDAP-NG.
>
> LLNG is hosted on https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/. It's not easy to report bugs & contribute...
From [GitHub](https://github.com/LemonLDAPNG/lemonldap-ng/issues/1)
> Thank you to the team for developing LemonLDAP-NG.
>
> LLNG is hosted on https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/. It's not easy to report bugs & contribute.
>
> That would be great if this repository could be synchronized on GitHub and handle issues from both sides.
In discussion
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2969
Allow OAuth2 tokens in Portal's REST server
2023-07-18T08:21:00Z
Yadd
Allow OAuth2 tokens in Portal's REST server
### Summary
For now, REST server accepts only LLNG cookie to allow authenticated APIs.
When using mobile applications, it could be interesting to allow authentication by OAuth2 token. Use case: `/myapplication` returns allowed applicat...
### Summary
For now, REST server accepts only LLNG cookie to allow authenticated APIs.
When using mobile applications, it could be interesting to allow authentication by OAuth2 token. Use case: `/myapplication` returns allowed applications. To build an app grid in mobile application, I'd like to get /myapplication using an access_token.
FAQ
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2967
SAML federation plugin should use Name instead of FriendlyName
2024-03-27T10:04:42Z
Maxime Besson
SAML federation plugin should use Name instead of FriendlyName
Currently, SAML federation defines *session attributes* => *SAML attributes* mapping based on the FriendlyName of the requested attribute:
```
<md:RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" N...
Currently, SAML federation defines *session attributes* => *SAML attributes* mapping based on the FriendlyName of the requested attribute:
```
<md:RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:0.9.2342.19200300.100.1.3" FriendlyName="mail" isRequired="true"/>
```
Creates a "mail" > "urn:oid:0.9.2342.19200300.100.1.3" mapping
However, in the Edugain federation, some attributes have different FriendlyNames:
```
<md:RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:0.9.2342.19200300.100.1.3" FriendlyName="Email" isRequired="true"/>
```
which forces us to create macros to map "Email" => "$mail"
We must find a different way to handle SAML attributes in federation, perhaps ship a dictionary for standard attributes, and let the users do the mapping themselves?
2.20.0
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2958
SAML module Lasso error code -501
2023-07-13T09:37:44Z
Léo Roques
SAML module Lasso error code -501
### Affected version
Version: lemonldap-ng 2.16.1 (from official debian packages)
Platform: debian 12 / nginx 1.22.1 / perl 5.36.0 / liblasso 2.8.1
### Summary
Following the firsts steps for [SAML service configuration](https://lemon...
### Affected version
Version: lemonldap-ng 2.16.1 (from official debian packages)
Platform: debian 12 / nginx 1.22.1 / perl 5.36.0 / liblasso 2.8.1
### Summary
Following the firsts steps for [SAML service configuration](https://lemonldap-ng.org/documentation/2.0/samlservice.html)
Activating SAML module via General Parameters » Issuer modules » SAML » Activation: set to On
Authentication portal go down, printing "Internal Server Error"
Manager interface is still working properly
### Logs
Each time the authentication page is reloaded, a new process is started and the sequence lead to the same lasso error.
```
Jul 03 09:46:51 ************* LLNG[215]: [debug] Logger Lemonldap::NG::Common::Logger::Syslog loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] User logger Lemonldap::NG::Common::Logger::Syslog loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 03 09:46:51 ************* LLNG[215]: [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.
Jul 03 09:46:51 ************* LLNG[215]: [debug] Get configuration 13 aged 1688135511
Jul 03 09:46:51 ************* LLNG[215]: [info] Loading configuration 13 for process 215
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls defaultValuesInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Options https for vhost auth.*********.com: 1
Jul 03 09:46:51 ************* LLNG[215]: [debug] Options https for vhost manager.*********.com: 1
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls jailInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls portalInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls locationRulesInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls sessionStorageInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls headersInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls postUrlInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls aliasInit
Jul 03 09:46:51 ************* LLNG[215]: [debug] Process 215 calls oauth2Init
Jul 03 09:46:51 ************* LLNG[215]: [debug] Launching Lemonldap::NG::Handler::FastCGI::Loader->loadCustomHandlers(conf)
Jul 03 09:46:51 ************* LLNG[215]: [debug] Launching Lemonldap::NG::Portal::Main->reloadConf(conf)
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add POST route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add POST route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route psgi.js added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route psgi.js added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route portal.css added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route portal.css added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route : added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route : added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route ping added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route ping added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route refresh added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add OPTIONS route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add OPTIONS route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route logout added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route logout added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Initialized CSP headers : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src
'self';script-src 'self';
Jul 03 09:46:51 ************* LLNG[215]: [debug] Initialized CORS headers : Access-Control-Allow-Origin;*;Access-Control-Allow-Credentials;true;Access-Control-
Allow-Headers;*;Access-Control-Allow-Methods;POST,GET;Access-Control-Expose-Headers;*;Access-Control-Max-Age;86400;
Jul 03 09:46:51 ************* LLNG[215]: [debug] Cookies will use SameSite=None
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Main::Menu loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::Main::Menu initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Auth::LDAP loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Lib::OneTimeToken loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Try to build new LDAP connection with: ldap://******.*********.com
Jul 03 09:46:51 ************* LLNG[215]: [debug] LDAP Search base: dc=*********,dc=com
Jul 03 09:46:51 ************* LLNG[215]: [debug] LDAP transformed filter: (&(uid=".$req->{user}.")(objectClass=inetOrgPerson))
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::Auth::LDAP initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::UserDB::LDAP loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Try to build new LDAP connection with: ldap://******.*********.com
Jul 03 09:46:51 ************* LLNG[215]: [debug] LDAP Search base: dc=*********,dc=com
Jul 03 09:46:51 ************* LLNG[215]: [debug] LDAP transformed filter: (&(uid=".$req->{user}.")(objectClass=inetOrgPerson))
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::UserDB::LDAP initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::2F::Engines::Default loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking utotp2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking totp2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking u2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking rest2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking mail2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking ext2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking webauthn2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking yubikey2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking radius2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking password2fActivation
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking password2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking totp2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking u2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking webauthn2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Checking yubikey2fSelfRegistration
Jul 03 09:46:51 ************* LLNG[215]: [debug] -> not enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Processing Extra 2F modules
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::2F::Engines::Default initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Captcha::SecurityImage loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route renewcaptcha added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Plugin ::Captcha::SecurityImage initialized
Jul 03 09:46:51 ************* LLNG[215]: [debug] IssuerSAML enabled
Jul 03 09:46:51 ************* LLNG[215]: [debug] Module Lemonldap::NG::Portal::Issuer::SAML loaded
Jul 03 09:46:51 ************* LLNG[215]: [debug] SAML rule -> 0
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring unauth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add POST route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Declaring auth route
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add GET route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Add POST route:
Jul 03 09:46:51 ************* LLNG[215]: [debug] route * added
Jul 03 09:46:51 ************* LLNG[215]: [debug] Lasso thin-sessions flag set
Jul 03 09:46:51 ************* LLNG[215]: [debug] Certificate will be used in SAML responses
Jul 03 09:46:51 ************* LLNG[215]: [debug] Get Metadata for this service
Jul 03 09:46:51 ************* LLNG[215]: [error] Lasso error code -501: An object type provided as parameter is invalid or object is NULL.
Jul 03 09:46:52 ************* LLNG[216]: [debug] Logger Lemonldap::NG::Common::Logger::Syslog loaded
Jul 03 09:46:52 ************* LLNG[216]: [debug] User logger Lemonldap::NG::Common::Logger::Syslog loaded
Jul 03 09:46:52 ************* LLNG[216]: [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
Jul 03 09:46:52 ************* LLNG[216]: [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.
Jul 03 09:46:52 ************* LLNG[216]: [debug] Get configuration 13 aged 1688135511
Jul 03 09:46:52 ************* LLNG[216]: [info] Loading configuration 13 for process 216
```
In discussion
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2951
Append a conf test to check if password generation regexp matches LLNG passwo...
2024-03-27T10:05:09Z
Christophe Maudoux
chrmdx@gmail.com
Append a conf test to check if password generation regexp matches LLNG password policy
### Affected version
Version: All
Platform: All
### Summary
When saving conf, a test should warn if password generation RegExp does not match the LLNG password policy
### Affected version
Version: All
Platform: All
### Summary
When saving conf, a test should warn if password generation RegExp does not match the LLNG password policy
2.20.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2947
Append an OAuth2ST handler wrapper
2024-03-27T10:05:35Z
Christophe Maudoux
chrmdx@gmail.com
Append an OAuth2ST handler wrapper
### Summary
Some WebServices can be requested by OIDC applications using AccessToken and Web applications using ServiceToken.
It leads to define two routes, 1 protected by the ST handler and 1 protected by the OAuth2 handler.
### Desig...
### Summary
Some WebServices can be requested by OIDC applications using AccessToken and Web applications using ServiceToken.
It leads to define two routes, 1 protected by the ST handler and 1 protected by the OAuth2 handler.
### Design proposition
The idea is to provide a handler able to serve both AT and ST like DevOpsST wrapper.
2.20.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2937
Possibility to generate partner SP metadata from entityID and ACS
2024-03-27T10:57:26Z
Clément OUDOT
Possibility to generate partner SP metadata from entityID and ACS
Nowadays a lot of applications are not providing their SP SAML metadata, but only entityID and ACS URL (and if lucky a certificate).
We are forced to wrtie the metadata content with these informations (or generate it from https://www.sa...
Nowadays a lot of applications are not providing their SP SAML metadata, but only entityID and ACS URL (and if lucky a certificate).
We are forced to wrtie the metadata content with these informations (or generate it from https://www.samltool.com/sp_metadata.php)
It could be nice to have a feature in Manager to do this.
2.20.0
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2925
Support samlValidate in CAS 3.0 protocol
2024-03-27T10:57:42Z
Clément OUDOT
Support samlValidate in CAS 3.0 protocol
Some products rely on /samlValidate for ticket validation
https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#42-samlvalidate-cas-30
We should implement it
Some products rely on /samlValidate for ticket validation
https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#42-samlvalidate-cas-30
We should implement it
Backlog
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2918
CAS issuer can't handle urn: URIs
2023-05-09T09:26:37Z
Maxime Besson
CAS issuer can't handle urn: URIs
### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
Some CAS apps (jnlp) use urn:my:app URLs, which currently don't work (PE_ERROR)
### Concerned version
Version: 2.16.1
Platform: (Nginx/Apache/Node.js)
### Summary
Some CAS apps (jnlp) use urn:my:app URLs, which currently don't work (PE_ERROR)
In discussion
Maxime Besson
Maxime Besson
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2916
TOTP: "Internal Server Error" after user enabled it
2023-04-29T08:51:46Z
Mathieu MD
TOTP: "Internal Server Error" after user enabled it
### Concerned version
Version: %2.16.1
Platform: Nginx
### Summary
After an user has enabled TOTP in her account (flashed and confirmed the code), she cannot go back to `https://auth.example.com/2fregisters` without getting a mere "I...
### Concerned version
Version: %2.16.1
Platform: Nginx
### Summary
After an user has enabled TOTP in her account (flashed and confirmed the code), she cannot go back to `https://auth.example.com/2fregisters` without getting a mere "Internal Server Error".
### Logs
```
[error] Corrupted session (_2fDevices): malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "**********") at /usr/share/perl5/JSON.pm line 190.
```
### Possible fixes
Anything else is working fine. Even logout and login again, with TOTP. It's only accessing to `/2fregisters` (via sub-menu at the top-right) that fails like that.
Backlog
Maxime Besson
Maxime Besson