Commit 291c5679 authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : * Liberty alliance module from FederID project

                * Debian integration in progress
parent a6077277
lemonldap-ng (0.9) unstable; urgency=low
* Liberty Alliance module issued of the FederID project is now included.
-- Xavier Guimard <x.guimard@free.fr> Sun, 14 Oct 2007 12:02:33 +0200
lemonldap-ng (0.8.3) unstable; urgency=high
* Syntax errors in configuration are now displayed
......
lemonldap-ng (0.8.3-0) unstable; urgency=low
* Local build
-- Xavier Guimard <x.guimard@free.fr> Sun, 14 Oct 2007 09:11:36 +0200
......@@ -55,8 +55,7 @@ Description: Lemonldap::NG apache manager part
Package: liblemonldap-ng-portal-perl
Architecture: all
Depends: libapache-session-perl, libnet-ldap-perl, liblemonldap-ng-conf-perl (>=0.8.2.3)
Recommends: liblasso-perl
Depends: libapache-session-perl, libnet-ldap-perl, liblemonldap-ng-conf-perl (>=0.8.2.3), liblasso-perl
Description: Lemonldap::NG apache authentication portal part
Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
or directly on application apache servers.
......
......@@ -6,13 +6,12 @@ Copyright:
Copyright 2004, 2005, 2006 by Xavier Guimard
Licence:
Lemonldap::NG is distributed under your choice of the GNU General Public
License or the Artistic License. On Debian GNU/Linux systems, the copyright
terms for Perl itself are located in `/usr/share/doc/perl/copyright'. On Debian
GNU/Linux systems, the complete text of the GNU General Public License version
2 can be found in `/usr/share/common-licenses/GPL' and the Artistic Licence in
`/usr/share/common-licenses/Artistic'.
Lemonldap::NG is distributed under your choice under the GNU General Public
License or the Artistic License.
On Debian GNU/Linux systems, the complete text of the GNU General Public
License version 2 can be found in `/usr/share/common-licenses/GPL' and the
Artistic Licence in `/usr/share/common-licenses/Artistic'.
File lemonldap-ng-manager/example/lemonldap-ng-manager.js is distributed under
GNU General Public License version 2.
......@@ -67,7 +67,7 @@ binary-indep: build install
binary-arch: build install
dh_testdir
dh_testroot
dh_installchangelogs changelogs
dh_installchangelogs changelog
dh_installdocs
mkdir debian/tmp/var/lib/lemonldap-ng/protected
cp _example/index.pl debian/tmp/var/lib/lemonldap-ng/protected
......
Changes
example/AuthLA/idps.xml
example/AuthLA/index.pl
example/AuthLA/la.log
example/AuthLA/liberty/assertionConsumer.pl
example/AuthLA/liberty/federationTermination.pl
example/AuthLA/liberty/federationTerminationReturn.pl
example/AuthLA/liberty/singleLogout.pl
example/AuthLA/liberty/singleLogoutReturn.pl
example/AuthLA/liberty/soapCall.pl
example/AuthLA/liberty/soapEndpoint.pl
example/AuthLA/ressources/db/liberty_tables.sql
example/AuthLA/ressources/db/taccounts.sql
example/AuthLA/ressources/db/tnameid.sql
example/AuthLA/ressources/db/tsessions.sql
example/AuthLA/ressources/lemonsp-metadata.xml
example/AuthLA/tpl/auth.tpl
example/AuthLA/tpl/themes/bouton_authentic.png
example/AuthLA/tpl/themes/bouton_federid.png
example/AuthLA/tpl/themes/bouton_interldap.png
example/AuthLA/tpl/themes/bouton_lemonldap::ng.png
example/AuthLA/tpl/themes/CHANGELOG
example/AuthLA/tpl/themes/dc2/button-hover.png
example/AuthLA/tpl/themes/dc2/button-normal.png
example/AuthLA/tpl/themes/dc2/default.css
example/AuthLA/tpl/themes/dc2/dotclear-logo.png
example/AuthLA/tpl/themes/dc2/drag.png
example/AuthLA/tpl/themes/dc2/head-bg.png
example/AuthLA/tpl/themes/dc2/head-logo.png
example/AuthLA/tpl/themes/dc2/magnifier.png
example/AuthLA/tpl/themes/dc2/msg-error.png
example/AuthLA/tpl/themes/dc2/msg-std.png
example/AuthLA/tpl/themes/dc2/page-bg.png
example/AuthLA/tpl/themes/dc2/tab-bg.png
example/AuthLA/tpl/themes/dc2/tab-c-l.png
example/AuthLA/tpl/themes/dc2/tab-c-r.png
example/AuthLA/tpl/themes/dc2/tab-l-l.png
example/AuthLA/tpl/themes/dc2/tab-l-r.png
example/AuthLA/tpl/themes/dc2/tab-n-l.png
example/AuthLA/tpl/themes/dc2/tab-n-r.png
example/AuthLA/tpl/themes/federid-dc2/button-hover.png
example/AuthLA/tpl/themes/federid-dc2/button-normal.png
example/AuthLA/tpl/themes/federid-dc2/default.css
example/AuthLA/tpl/themes/federid-dc2/head-bg.png
example/AuthLA/tpl/themes/federid-dc2/head-logo.png
example/AuthLA/tpl/themes/federid-dc2/msg-error.png
example/AuthLA/tpl/themes/federid-dc2/msg-std.png
example/AuthLA/tpl/themes/federid-dc2/page-bg.png
example/AuthLA/tpl/themes/federid/button-hover.png
example/AuthLA/tpl/themes/federid/button-normal.png
example/AuthLA/tpl/themes/federid/default.css
example/AuthLA/tpl/themes/federid/fond.jpg
example/AuthLA/tpl/themes/federid/head-bg.png
example/AuthLA/tpl/themes/federid/head-logo.png
example/AuthLA/tpl/themes/federid/idp.css
example/AuthLA/tpl/themes/federid/laap.css
example/AuthLA/tpl/themes/federid/msg-error.png
example/AuthLA/tpl/themes/federid/msg-std.png
example/AuthLA/tpl/themes/federid/page-bg.png
example/AuthLA/tpl/themes/federid/sso.css
example/AuthLA/tpl/themes/federid/wui.css
example/AuthLA/tpl/themes/README
example/AuthLA/tpl/themes/styleswitcher.js
example/AuthLA/tpl/themes/template.html
example/index.pl
example/scripts/purgeCentralCache
example/scripts/purgeCentralCache.cron.d
......
<laIdpList>
<idp name="Identity Provider 1 : Authentic">
<url>http://idp1/liberty/metadata</url>
<metadata>/path/to/idp1-metadata.xml</metadata>
<pubkey>/path/to/idp1-key-public.pem</pubkey>
<certificate>/path/to/idp1-key-public.pem</certificate>
</idp>
<idp name="Identity Provider 2 : Other">
<url>http://idp2/liberty/metadata</url>
<metadata>/path/to/idp2-metadata.xml</metadata>
<pubkey>/path/to/idp2-key-public.pem</pubkey>
<certificate>/path/to/idp2-key-public.pem</certificate>
</idp>
</laIdpList>
#!/usr/bin/perl
use strict ;
use warnings ;
use HTML::Template ;
use Lemonldap::NG::Portal::AuthLA;
my $portal = Lemonldap::NG::Portal::AuthLA->new({
configStorage => {
type => 'File' ,
dirName => '/var/lib/lemonldap-ng/config' ,
} ,
# Liberty Parameters
laSp => {
certificate => '/var/lib/lemonldap-ng/web/portal/ressources/lemonsp-key-public.pem' ,
metadata => '/var/lib/lemonldap-ng/web/portal/ressources/lemonsp-metadata.xml' ,
privkey => '/var/lib/lemonldap-ng/web/portal/ressources/lemonsp-key-private.pem' ,
secretkey => '/var/lib/lemonldap-ng/web/portal/ressources/lemonsp-key-private.pem' ,
} ,
laIdpsFile => '/var/lib/lemonldap-ng/web/portal/idps.xml' ,
laStorage => 'Apache::Session::File',
laStorageOptions => {
Directory => '/var/lib/lemonldap-ng/var/assertion' ,
LockDirectory => '/var/lib/lemonldap-ng/var/lock' ,
} ,
laDebug => 1 ,
laLdapLoginAttribute => 'uid' ,
# Parameters that permit to access lemonldap::NG::Handler local cache
localStorage => 'Cache::FileCache' ,
localStorageOptions => {} ,
});
if( $portal->process() ) {
# Print protected URLs
print $portal->header ;
print "<a href=\"http://$_\"> $_</a><br/>"
foreach ($portal->getProtectedURLs) ;
} else {
# Retrieve IDP list.
my @idps = () ;
foreach ($portal->getIdpIDs) {
my %row_data ;
$row_data{IDPNAME} = $_ ;
push (@idps, \%row_data) ;
}
@idps = sort {$a cmp $b} @idps ;
# Print template
print $portal->header ;
my $template = HTML::Template->new( filename => '/var/lib/lemonldap-ng/web/portal/tpl/auth.tpl' ) ;
$template->param( AUTH_ERROR => $portal->error ) ;
$template->param( AUTH_URL => $portal->param('url') ) ;
$template->param( AUTH_IDPS => \@idps ) ;
print $template->output ;
}
create table taccounts
(
id_account int NOT NULL AUTO_INCREMENT,
uid blob NOT NULL,
identity_dump blob NOT NULL,
timestamp TIMESTAMP,
divers blob NULL,
unique index (id_account),
primary key (id_account)
);
create table tnameid
(
id_nameid int NOT NULL AUTO_INCREMENT,
nameid varchar(100) NOT NULL,
id_account int NOT NULL,
timestamp TIMESTAMP,
divers blob NULL,
unique index (id_nameid),
primary key (id_nameid)
);
create table tsessions
(
id_session int NOT NULL AUTO_INCREMENT,
session_nb blob NOT NULL,
id_account int NOT NULL,
id_nameid int NOT NULL,
session_dump blob NULL,
timestamp TIMESTAMP,
divers blob NULL,
unique index (id_session),
primary key (id_session)
);
create table taccounts
(
id_account int NOT NULL AUTO_INCREMENT,
uid blob NOT NULL,
identity_dump blob NULL,
timestamp TIMESTAMP,
divers blob NULL,
unique index (id_account),
primary key (id_account)
);
create table tnameid
(
id_nameid int NOT NULL AUTO_INCREMENT,
nameid varchar(100) NOT NULL,
id_account int NOT NULL,
timestamp TIMESTAMP,
divers blob NULL,
unique index (id_nameid),
primary key (id_nameid)
);
create table tsessions
(
id_session int NOT NULL AUTO_INCREMENT,
session_nb blob NOT NULL,
id_account int NOT NULL,
id_nameid int NOT NULL,
session_dump blob NULL,
timestamp TIMESTAMP,
divers blob NULL,
unique index (id_session),
primary key (id_session)
);
<?xml version="1.0"?>
<EntityDescriptor
providerID="http://auth.example.com"
xmlns="urn:liberty:metadata:2003-08">
<SPDescriptor protocolSupportEnumeration="urn:liberty:iff:2003-08">
<AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">http://auth.example.com/liberty/assertionConsumer.pl</AssertionConsumerServiceURL>
<SingleLogoutServiceURL>http://auth.example.com/liberty/singleLogout.pl</SingleLogoutServiceURL>
<SingleLogoutServiceReturnURL>http://auth.example.com/liberty/singleLogoutReturn.pl</SingleLogoutServiceReturnURL>
<SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
<SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</SingleLogoutProtocolProfile>
<SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</SingleLogoutProtocolProfile>
<SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile>
<FederationTerminationServiceURL>http://auth.example.com/liberty/federationTermination.pl</FederationTerminationServiceURL>
<FederationTerminationServiceReturnURL>http://auth.example.com/liberty/federationTerminationReturn.pl</FederationTerminationServiceReturnURL>
<FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</FederationTerminationNotificationProtocolProfile>
<FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</FederationTerminationNotificationProtocolProfile>
<FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile>
<FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile>
<!--
<RegisterNameIdentifierServiceURL>https://sp1.lasso.lan:2006/registerNameIdentifier</RegisterNameIdentifierServiceURL>
<RegisterNameIdentifierServiceReturnURL>https://sp1.lasso.lan:2006/registerNameIdentifierReturn</RegisterNameIdentifierServiceReturnURL>
<RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</RegisterNameIdentifierProtocolProfile>
<RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</RegisterNameIdentifierProtocolProfile>
<RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
<RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
-->
<SoapEndpoint>http://auth.example.com/liberty/soapEndpoint.pl</SoapEndpoint>
<AuthnRequestsSigned>true</AuthnRequestsSigned>
</SPDescriptor>
<Organization>
<OrganizationName>Lemonldap-NG Service Provider</OrganizationName>
<OrganizationDisplayName xml:lang="en">Lemonldap-NG Service Provider</OrganizationDisplayName>
<OrganizationURL xml:lang="en">http://auth.example.com/</OrganizationURL>
</Organization>
</EntityDescriptor>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>LemonLDAP::NG Portal - Authentication</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="en" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<link rel="stylesheet" type="text/css" href="tpl/themes/federid/sso.css" title="FederID"/>
</head>
<body>
<div id="page">
<div id="top"><h1>&nbsp;</h1></div>
<div id="info-box"><h1>FederID WebSSO</h1><p>LemonLDAP::NG Portal - Authentication</p></div>
<div id="content">
<form method="post">
<div class="error"><p><TMPL_VAR NAME="AUTH_ERROR"></p></div>
<input type="hidden" name="url" value="<TMPL_VAR NAME="AUTH_URL">" />
<fieldset><legend>Authentication on this service (no Identity federation)</legend>
<label class="required">Login</label>
<TMPL_IF NAME="AUTH_USER">
<input type="hidden" name="user" value="<TMPL_VAR NAME="AUTH_USER">" />
<TMPL_VAR NAME="AUTH_USER"><br />
<TMPL_ELSE>
<input name="user" size="30" /><br />
</TMPL_IF>
<label class="required">Password</label>
<input name="password" type="password" autocomplete="off" size="30" /></td>
</fieldset>
<fieldset><legend>Liberty Alliance authentication</legend>
<select name="idpChoice">
<option value="null">Selection d'un IDP</option>
<TMPL_LOOP NAME="AUTH_IDPS">
<option value="<TMPL_VAR NAME="IDPNAME">"><TMPL_VAR NAME="IDPNAME"></option>
</TMPL_LOOP>
</select>
</fieldset>
<fieldset><legend>Submit your choice</legend>
<input type="submit" name="submit" value="Submit" />
<input type="reset" name="reset" value="Reset" />
</fieldset>
</form>
</body>
</html>
- 22/O7/2007 - Clement OUDOT :
* Remove old skins
* Create alternatives for all FederID components, based on specifc colors
- 20/07/2007 - Clement OUDOT:
* Modifiy layout -> template.html
* Import DotClear 2 admin theme
* Build a first FederID theme based upon DC2 admin
* Build a real FederID theme
- 08/07/2007 - Clement OUDOT :
* Import default theme from Authentic project, based on DotClear 2 theme
* Create sample test page
================================================================================
README
================================================================================
These are the themes for FederID project. The goal is to provide to all FederID
components the same Look 'n Feel.
Each theme has its own directory (eg. default/) and can have alternatives.
A sample page test (template.html) must be modified to allow switching between
the themes that are created.
You can use this page locally to test your theme.
body {
font: 62.5%/1.5em "DejaVu Sans","Lucida Grande","Lucida Sans Unicode",Arial,sans-serif;
color : #000;
background : #fff url(page-bg.png) repeat-y top left;
margin : 0;
padding : 0;
}
a img,:link img,:visited img { border:none }
a, a:link, a:visited {
color : #06c;
text-decoration : none;
border-bottom : 1px dotted #f90;
}
a:hover, a:active, a:focus {
}
h1, h2, h3, h4, h5, h6, p {
margin-top : 0;
margin-bottom: 0.6em;
}
h2 {
font-family : Arial,Helvetica,sans-serif;
color : #069;
font-size : 1.4em;
}
h3 {
color : #333;
font-size : 1.2em;
}
p, div.p {
margin : 0 0 1em 0;
}
hr {
height : 1px;
border-width : 1px 0 0 0;
border-color : #999;
border-style : solid;
}
pre, code {
font: 100% "Andale Mono","Courier New",monospace;
}
/* LAYOUT
-------------------------------------------------------- */
/* General font-size */
#top, #info-box, #content, #main-menu, #footer {
font-size: 1.1em;
}
#top {
margin : 0;
padding : 0;
background : transparent url(head-bg.png) repeat-x;
}
#top h1 {
padding : 0;
margin : 0;
height : 58px;
text-indent : -1000px;
background : transparent url(head-logo.png) no-repeat 0 0;
}
#info-box {
position : absolute;
right : 20px;
top : 6px;
margin : 0;
padding : 3px 3px 4px 15px;
}
#main-menu {
width : 135px;
float : left;
margin-top : 0;
margin-bottom : 10px;
}
#main-menu h3 {
margin : 0;
padding : 0 0 0 5px;
}
#main-menu ul {
margin : 0 0 1em 0;
padding : 0;
list-style : none;
}
#main-menu li {
display : block;
margin : 0.5em 0 0 5px;
padding : 2px 0 1px 20px;
background-repeat: no-repeat;
background-position: 0 0;
}
#main-menu a {
font-weight : bold;
}
#main-menu .active a {
border-bottom-style: solid;
}
#content {
margin-left : 155px;
margin-bottom : 10px;
padding-top : 1px;
margin-right : 15px;
}
#footer {
clear : both;
padding : 3px 5px 0 25px;
}
#footer a {
border: none;
}
/* CLASSES
-------------------------------------------------------- */
.error {
border : 2px solid #c00;
padding : 0.5em 0.5em 0.5em 40px;
margin-bottom : 1em;
background : transparent url(msg-error.png) no-repeat 5px 50%;
}
.message {
font-weight : bold;
color : #f60;
padding : 0.5em 0.5em 0.5em 40px;
border : 1px solid #ccc;
background : transparent url(msg-std.png) no-repeat 5px 50%;
}
/* TABLES
-------------------------------------------------------- */
table {
font-size : 1em;
border-collapse : collapse;
margin : 0 0 1em 0;
}
tr.line:hover {
background : #ddd;
}
th, td {
border-width : 0 0 1px 0;
border-style : solid;
border-color : #ccc;
padding : 2px 5px;
vertical-align : top;
}
th {
text-align : left;
border-bottom-color : #666;
}
/* FORMS
-------------------------------------------------------- */
form {
display : block;
margin : 0;
padding : 0;
}
fieldset {
display : block;
margin : 0 0 1em 0;
padding : 1em 0.5em;
border-width : 1px 0;
border-style: solid;
border-color: #ccc;