Commit d881605f authored by Xavier Guimard's avatar Xavier Guimard

Merge branch 'v2.0'

parents 374cac78 0b69baa5
......@@ -133,6 +133,10 @@ License: CC-3
Comment: This work, "CustomAuth.png", is a derivative of
"Noun project 1162.svg" by Christopher T. Howlett, under CC-BY-3.0.
Files: lemonldap-ng-portal/site/htdocs/static/common/fonts/password.ttf
Copyright: 2007, the Tap2Play Team, https://git.tap2play.org.au/tap2play/web/tree/dev/fonts
License: Expat
Files: lemonldap-ng-portal/site/htdocs/static/common/backgrounds/*
Copyright: Various artists
License: CC-BY-NC-ND-3.0 or GFDL-1.3
......
......@@ -3,4 +3,4 @@ log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
'"$http_referer" "$http_user_agent" $lmremote_custom';
log_format lm_app '$remote_addr - $upstream_http_lm_remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $lmremote_custom';
'"$http_referer" "$http_user_agent" $upstream_http_lm_remote_custom';
......@@ -116,7 +116,7 @@
</IfVersion>
</Location>
# Enabe compression
# Enable compression
<Location />
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
......
......@@ -87,7 +87,7 @@
Deny from all
</Location>
# Enabe compression
# Enable compression
<Location />
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
......
---
generation: 2
last_run_time: 1567071551.30841
generation: 3
last_run_time: 1568228253.60673
tests:
t/01-Common-Conf.t:
elapsed: 0.472490072250366
gen: 2
last_pass_time: 1567071550.71014
elapsed: 0.0860559940338135
gen: 3
last_pass_time: 1568228253.51096
last_result: 0
last_run_time: 1567071550.71014
last_run_time: 1568228253.51096
last_todo: 0
seq: 5
total_passes: 1
mtime: 1566161618
seq: 14
total_passes: 2
t/02-Common-Conf-File.t:
elapsed: 0.0793302059173584
gen: 2
last_pass_time: 1567071550.68052
elapsed: 0.0139250755310059
gen: 3
last_pass_time: 1568228253.60618
last_result: 0
last_run_time: 1567071550.68052
last_run_time: 1568228253.60618
last_todo: 0
seq: 4
total_passes: 1
mtime: 1566161618
seq: 22
total_passes: 2
t/03-Common-Conf-CDBI.t:
elapsed: 0.61043119430542
gen: 2
last_pass_time: 1567071550.95767
elapsed: 0.166121959686279
gen: 3
last_pass_time: 1568228253.58678
last_result: 0
last_run_time: 1567071550.95767
last_run_time: 1568228253.58678
last_todo: 0
seq: 6
total_passes: 1
mtime: 1567458069
seq: 19
total_passes: 2
t/03-Common-Conf-RDBI.t:
elapsed: 0.66497802734375
gen: 2
last_pass_time: 1567071551.00435
elapsed: 0.187541961669922
gen: 3
last_pass_time: 1568228253.60138
last_result: 0
last_run_time: 1567071551.00435
last_run_time: 1568228253.60138
last_todo: 0
seq: 7
total_passes: 1
mtime: 1567458069
seq: 21
total_passes: 2
t/05-Common-Conf-LDAP.t:
elapsed: 0.64878511428833
gen: 2
last_pass_time: 1567071551.07637
elapsed: 0.157251119613647
gen: 3
last_pass_time: 1568228253.57577
last_result: 0
last_run_time: 1567071551.07637
last_run_time: 1568228253.57577
last_todo: 0
seq: 8
total_passes: 1
mtime: 1566161616
seq: 16
total_passes: 2
t/30-Common-Safelib.t:
elapsed: 0.0283739566802979
gen: 2
last_pass_time: 1567071550.40529
elapsed: 0.0150928497314453
gen: 3
last_pass_time: 1568228253.58625
last_result: 0
last_run_time: 1567071550.40529
last_run_time: 1568228253.58625
last_todo: 0
seq: 1
total_passes: 1
mtime: 1566161617
seq: 18
total_passes: 2
t/35-Common-Crypto.t:
elapsed: 0.190783977508545
gen: 2
last_pass_time: 1567071550.63236
elapsed: 0.0329771041870117
gen: 3
last_pass_time: 1568228253.46102
last_result: 0
last_run_time: 1567071550.63236
last_run_time: 1568228253.46102
last_todo: 0
seq: 3
total_passes: 1
mtime: 1567541253
seq: 12
total_passes: 2
t/36-Common-Regexp.t:
elapsed: 0.0631709098815918
gen: 2
last_pass_time: 1567071550.50944
elapsed: 0.00531005859375
gen: 3
last_pass_time: 1568228253.59092
last_result: 0
last_run_time: 1567071550.50944
last_run_time: 1568228253.59092
last_todo: 0
seq: 2
total_passes: 1
mtime: 1566161618
seq: 20
total_passes: 2
t/40-Common-Session.t:
elapsed: 0.184284210205078
gen: 2
last_pass_time: 1567071551.11977
elapsed: 0.0833292007446289
gen: 3
last_pass_time: 1568228253.51475
last_result: 0
last_run_time: 1567071551.11977
last_run_time: 1568228253.51475
last_todo: 0
seq: 9
total_passes: 1
mtime: 1566161618
seq: 15
total_passes: 2
t/50-Combination-Parser.t:
elapsed: 0.108580827713013
gen: 2
last_pass_time: 1567071551.1593
elapsed: 0.0678761005401611
gen: 3
last_pass_time: 1568228253.50556
last_result: 0
last_run_time: 1567071551.1593
last_run_time: 1568228253.50556
last_todo: 0
seq: 10
total_passes: 1
mtime: 1566161617
seq: 13
total_passes: 2
t/99-pod.t:
elapsed: 0.128799915313721
gen: 2
last_pass_time: 1567071551.30716
elapsed: 0.100279092788696
gen: 3
last_pass_time: 1568228253.57739
last_result: 0
last_run_time: 1567071551.30716
last_run_time: 1568228253.57739
last_todo: 0
seq: 11
total_passes: 1
mtime: 1566161617
seq: 17
total_passes: 2
version: 1
...
......@@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|p(?:ortal(?:ErrorOn(?:ExpiredSession|MailNotFound)|DisplayRe(?:setPassword|gister)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs)|bruteForceProtection)$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
......
......@@ -200,6 +200,10 @@ sub defaultValues {
'pamAuthnLevel' => 2,
'pamService' => 'login',
'passwordDB' => 'Demo',
'passwordPolicyMinDigit' => 0,
'passwordPolicyMinLower' => 0,
'passwordPolicyMinSize' => 0,
'passwordPolicyMinUpper' => 0,
'passwordResetAllowedRetries' => 3,
'port' => -1,
'portal' => 'http://auth.example.com/',
......@@ -238,6 +242,7 @@ sub defaultValues {
'requireToken' => 1,
'rest2fActivation' => 0,
'restAuthnLevel' => 2,
'restClockTolerance' => 15,
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'samlAuthnContextMapKerberos' => 4,
......
......@@ -36,7 +36,7 @@ our $authParameters = {
adParams => [qw(ADPwdMaxAge ADPwdExpireWarning)],
apacheParams => [qw(apacheAuthnLevel)],
casParams => [qw(casAuthnLevel)],
choiceParams => [qw(authChoiceParam authChoiceModules)],
choiceParams => [qw(authChoiceParam authChoiceModules authChoiceAuthBasic)],
combinationParams => [qw(combination combModules combinationForms)],
customParams => [qw(customAuth customUserDB customPassword customRegister customAddParams)],
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
......@@ -44,7 +44,7 @@ our $authParameters = {
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret facebookUserField)],
gpgParams => [qw(gpgAuthnLevel gpgDb)],
kerberosParams => [qw(krbAuthnLevel krbKeytab krbByJs krbRemoveDomain)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword ldapITDS)],
linkedinParams => [qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInUserField linkedInScope)],
nullParams => [qw(nullAuthnLevel)],
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
......
......@@ -2,7 +2,7 @@ package Lemonldap::NG::Handler::Lib::AuthBasic;
use strict;
use Exporter;
use Digest::MD5;
use Digest::SHA;
use MIME::Base64;
use HTTP::Headers;
......@@ -29,7 +29,7 @@ sub fetchId {
$creds =~ s/^Basic\s+//;
my @date = localtime;
my $day = $date[5] * 366 + $date[7];
return Digest::MD5::md5_hex( $creds . $day );
return Digest::SHA::sha256_hex( $creds . $day );
}
else {
return 0;
......@@ -94,7 +94,13 @@ sub createSession {
build_urlencoded(
user => $user,
password => $pwd,
secret => $class->tsv->{cipher}->encrypt(time)
secret => $class->tsv->{cipher}->encrypt(time),
(
$class->tsv->{authChoiceAuthBasic}
? ( $class->tsv->{authChoiceParam} =>
$class->tsv->{authChoiceAuthBasic} )
: ()
)
)
);
my $resp = $class->ua->request($get);
......@@ -162,8 +168,8 @@ sub ua {
my ($class) = @_;
return $_ua if ($_ua);
$_ua = Lemonldap::NG::Common::UserAgent->new( {
lwpOpts => $class->localConfig->{lwpOpts},
lwpSslOpts => $class->localConfig->{lwpSslOpts}
lwpOpts => $class->tsv->{lwpOpts},
lwpSslOpts => $class->tsv->{lwpSslOpts}
}
);
......
......@@ -197,7 +197,8 @@ sub defaultValuesInit {
securedCookie timeout timeoutActivity
timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
useSafeJail whatToTrace handlerInternalCache
handlerServiceTokenTTL customToTrace
handlerServiceTokenTTL customToTrace lwpOpts lwpSslOpts
authChoiceParam authChoiceAuthBasic
)
);
......
......@@ -278,6 +278,9 @@ sub attributes {
'keyTest' => qr/\w/,
'type' => 'catAndAppList'
},
'authChoiceAuthBasic' => {
'type' => 'text'
},
'authChoiceModules' => {
'keyMsgFail' => '__badChoiceKey__',
'keyTest' => qr/^(\d*)?[a-zA-Z0-9_]+$/,
......@@ -605,6 +608,10 @@ sub attributes {
'default' => 'TOTP,U2F,Yubikey',
'type' => 'text'
},
'browsersDontStorePassword' => {
'default' => 0,
'type' => 'bool'
},
'bruteForceProtection' => {
'default' => 0,
'type' => 'bool'
......@@ -1475,6 +1482,10 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
'default' => 0,
'type' => 'bool'
},
'ldapITDS' => {
'default' => 0,
'type' => 'bool'
},
'ldapPasswordResetAttribute' => {
'default' => 'pwdReset',
'type' => 'text'
......@@ -2255,6 +2266,22 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
],
'type' => 'select'
},
'passwordPolicyMinDigit' => {
'default' => 0,
'type' => 'int'
},
'passwordPolicyMinLower' => {
'default' => 0,
'type' => 'int'
},
'passwordPolicyMinSize' => {
'default' => 0,
'type' => 'int'
},
'passwordPolicyMinUpper' => {
'default' => 0,
'type' => 'int'
},
'passwordResetAllowedRetries' => {
'default' => 3,
'type' => 'int'
......@@ -2315,6 +2342,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => '$_oidcConnectedRP',
'type' => 'boolOrExpr'
},
'portalDisplayPasswordPolicy' => {
'default' => 0,
'type' => 'bool'
},
'portalDisplayRegister' => {
'default' => 1,
'type' => 'bool'
......@@ -2609,6 +2640,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'restAuthUrl' => {
'type' => 'url'
},
'restClockTolerance' => {
'default' => 15,
'type' => 'int'
},
'restConfigServer' => {
'default' => 0,
'type' => 'bool'
......
......@@ -877,6 +877,11 @@ sub attributes {
default => '^[\w\.\-@]+$',
documentation => 'Regular expression to validate login',
},
browsersDontStorePassword => {
default => 0,
type => 'bool',
documentation => 'Avoid browsers to store users password',
},
useRedirectOnError => {
type => 'bool',
default => 1,
......@@ -1297,6 +1302,31 @@ sub attributes {
type => 'bool',
documentation => 'Hide old password in portal',
},
passwordPolicyMinSize => {
default => 0,
type => 'int',
documentation => 'Password policy: minimal size',
},
passwordPolicyMinLower => {
default => 0,
type => 'int',
documentation => 'Password policy: minimal lower characters',
},
passwordPolicyMinUpper => {
default => 0,
type => 'int',
documentation => 'Password policy: minimal upper characters',
},
passwordPolicyMinDigit => {
default => 0,
type => 'int',
documentation => 'Password policy: minimal digit characters',
},
portalDisplayPasswordPolicy => {
default => 0,
type => 'bool',
documentation => 'Display policy in password form',
},
# SMTP server
SMTPServer => {
......@@ -1798,6 +1828,12 @@ sub attributes {
documentation =>
'Allow to export secret keys in REST session server',
},
restClockTolerance => {
default => 15,
type => 'int',
documentation =>
'How tolerant the REST session server will be to clock dift',
},
restConfigServer => {
default => 0,
type => 'bool',
......@@ -2970,6 +3006,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
type => 'bool',
documentation => 'Allow a user to reset his expired password',
},
ldapITDS => {
default => 0,
type => 'bool',
documentation => 'Support for IBM Tivoli Directory Server',
},
# SSL
SSLAuthnLevel => {
......@@ -3298,6 +3339,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => 'lmAuth',
documentation => 'Applications list',
},
authChoiceAuthBasic => {
type => 'text',
documentation => 'Auth module used by AuthBasic handler',
},
authChoiceModules => {
type => 'authChoiceContainer',
keyTest => qr/^(\d*)?[a-zA-Z0-9_]+$/,
......
......@@ -85,7 +85,12 @@ sub tree {
nodes => [
'portalRequireOldPassword',
'hideOldPassword',
'mailOnPasswordChange'
'mailOnPasswordChange',
'passwordPolicyMinSize',
'passwordPolicyMinLower',
'passwordPolicyMinUpper',
'passwordPolicyMinDigit',
'portalDisplayPasswordPolicy',
]
},
{
......@@ -134,7 +139,7 @@ sub tree {
{
title => 'choiceParams',
help => 'authchoice.html',
nodes => [ 'authChoiceParam', 'authChoiceModules' ]
nodes => [ 'authChoiceParam', 'authChoiceModules', 'authChoiceAuthBasic' ]
},
{
title => 'apacheParams',
......@@ -286,7 +291,8 @@ sub tree {
'ldapUsePasswordResetAttribute',
'ldapPasswordResetAttribute',
'ldapPasswordResetAttributeValue',
'ldapAllowResetExpiredPassword'
'ldapAllowResetExpiredPassword',
'ldapITDS'
]
},
]
......@@ -587,9 +593,9 @@ sub tree {
form => 'simpleInputContainer',
nodes => [
'wsdlServer', 'restSessionServer',
'restExportSecretKeys', 'restConfigServer',
'soapSessionServer', 'soapConfigServer',
'exportedAttr',
'restExportSecretKeys', 'restClockTolerance',
'restConfigServer', 'soapSessionServer',
'soapConfigServer', 'exportedAttr',
]
},
{
......@@ -868,6 +874,7 @@ sub tree {
help => 'security.html#configure_security_settings',
nodes => [
'userControl',
'browsersDontStorePassword',
'portalForceAuthn',
'portalForceAuthnInterval',
'key',
......
......@@ -14,8 +14,8 @@
"title": "addSrvCasPartner",
"action": "addCasSrv",
"icon": "plus-sign"
}, {
},{
"title": "deleteEntry",
"icon": "plus-sign"
"icon": "minus-sign"
}]
</script>
......@@ -100,11 +100,11 @@
},{
"title": "down",
"icon": "arrow-down"
},{
"title": "deleteEntry",
"icon": "minus-sign"
},{
"title": "newApp",
"icon": "plus-sign"
},{
"title": "deleteEntry",
"icon": "minus-sign"
}]
</script>
......@@ -27,12 +27,12 @@
},{
"title": "down",
"icon": "arrow-down"
},{
"title": "deleteEntry",
"icon": "minus-sign"
},{
"title": "newApp",
"icon": "plus-sign"
},{
"title": "deleteEntry",
"icon": "minus-sign"
}]
</script>
<!-- Uncomment this snippet to enable sub categories
......@@ -43,15 +43,15 @@
},{
"title": "down",
"icon": "arrow-down"
},{
"title": "deleteEntry",
"icon": "minus-sign"
},{
"title": "newCat",
"icon": "plus-sign"
},{
"title": "newApp",
"icon": "plus-sign"
},{
"title": "deleteEntry",
"icon": "minus-sign"
}]
</script>
-->
\ No newline at end of file
......@@ -50,10 +50,10 @@
</div>
<script type="text/menu">
[{
"title": "deleteEntry",
"icon": "minus-sign"
},{
"title": "addSamlAttribute",
"icon": "plus-sign"
},{
"title": "deleteEntry",
"icon": "minus-sign"
}]
</script>
......@@ -14,8 +14,8 @@
"title": "addIDPSamlPartner",
"action": "addSamlIDP",
"icon": "plus-sign"
}, {
},{
"title": "deleteEntry",
"icon": "plus-sign"
"icon": "minus-sign"
}]
</script>
......@@ -54,6 +54,7 @@
"authAndUserdb":"الترخيص وقاعدة بيانات المستخدم",
"authChain":"سلسلة إثبات الهوية",
"authChoice":"اختيار إثبات الهوية",
"authChoiceAuthBasic":"AuthBasic handler parameter",
"authChoiceModules":"الوحدات المسموح بها",
"authChoiceParam":"معايير URL",
"authentication":"وحدة إثبات الهوية",
......@@ -94,6 +95,7 @@
"badVariableName":"اسم المتغيرة خاطئ",
"blackList":"القائمة السوداء",
"browse":"تصفح",
"browsersDontStorePassword":"Avoid browsers to store users password",
"browserIdAuthnLevel":"مستوى إثبات الهوية",
"browserIdAutoLogin":"تسجيل الدخول التلقائي",
"browserIdBackgroundColor":"لون الخلفية",
......@@ -385,6 +387,7 @@
"ldapGroupObjectClass":"أوبجكت كلاس",
"ldapGroupRecursive":"تكراري",
"ldapGroups":"المجموعات",
"ldapITDS":"IBM Tivoli DS support",
"ldapParams":"معايير إل‌داب",
"ldapPassword":"كلمة المرور",
"ldapPasswordResetAttribute":"إعادة تعيين السمة",
......@@ -630,6 +633,10 @@
"password":"كلمة المرور",
"passwordDB":"وحدة كلمة المرور",
"passwordManagement":"إدارة كلمة المرور",
"passwordPolicyMinSize":"Minimal size",
"passwordPolicyMinLower":"Minimal lower characters",
"passwordPolicyMinUpper":"Minimal upper characters",
"passwordPolicyMinDigit":"Minimal digit characters",
"passwordResetAllowedRetries":"Max reset password retries",
"persistent":"الثابتة",
"persistentSessions":"الجلسات الثابتة",
......@@ -648,6 +655,7 @@
"portalDisplayChangePassword":"تغيير كلمة المرور",
"portalDisplayLoginHistory":"سجل تسجيل الدخول",
"portalDisplayLogout":"تسجيل الخروج",
"portalDisplayPasswordPolicy":"Display policy in password form",
"portalDisplayOidcConsents":"OIDC Consents",
"portalDisplayRegister":"تسجيل حساب جديد",
"portalDisplayResetPassword":"إعادة تعيين كلمة المرور",
......@@ -738,6 +746,7 @@
"restPwdConfirmUrl":"عنوان اليو آر إل لتأكيد كلمة المرور",
"restPwdModifyUrl":"عنوان اليو آر إل لتغيير كلمة المرور",
"restSessionServer":"خادم جلسة ريست",
"restClockTolerance":"REST server clock tolerance",
"restUserDBUrl":"عنوان يو آر إل لبيانات المستخدم",
"returnUrl":"إرجاع اليو آر إل",
"rp":"Relying Party",
......
......@@ -54,6 +54,7 @@
"authAndUserdb":"Authz and user DB",
"authChain":"Authentication chain",
"authChoice":"Authentication choice",
"authChoiceAuthBasic":"AuthBasic handler parameter",
"authChoiceModules":"Allowed modules",
"authChoiceParam":"URL parameter",
"authentication":"Authentication module",
......@@ -94,6 +95,7 @@
"badVariableName":"Bad variable name",
"blackList":"Black list",
"browse":"Browse",
"browsersDontStorePassword":"Avoid browsers to store users password",
"browserIdAuthnLevel":"Authentication level",
"browserIdAutoLogin":"Automatic login",
"browserIdBackgroundColor":"Background color",
......@@ -384,6 +386,7 @@
"ldapGroupObjectClass":"Object class",
"ldapGroupRecursive":"Recursive",
"ldapGroups":"Groups",
"ldapITDS":"IBM Tivoli DS support",
"ldapParams":"LDAP parameters",
"ldapPassword":"Password",
"ldapPasswordResetAttribute":"Reset attribute",
......@@ -629,6 +632,10 @@
"password":"Password",
"passwordDB":"Password module",
"passwordManagement":"Password management",