...
 
Commits (50)
## map directive must be in http context
# Uncomment this if you use Auth SSL:
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
# default "";
# ~/CN=(?<CN>[^/]+) $CN;
#}
server {
listen __PORT__;
server_name auth.__DNSDOMAIN__;
......@@ -29,11 +36,7 @@ server {
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Uncomment this if you use Auth SSL:
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
# default "";
# ~/CN=(?<CN>[^/]+) $CN;
#}
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
# OR TO USE uWSGI
#include /etc/nginx/uwsgi_params;
......@@ -41,6 +44,8 @@ server {
#uwsgi_param LLTYPE psgi;
#uwsgi_param SCRIPT_FILENAME $document_root$sc;
#uwsgi_param SCRIPT_NAME $sc;
# Uncomment this if you use Auth SSL:
#uwsgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
}
......@@ -49,7 +54,7 @@ server {
try_files $uri $uri/ =404;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "15768000";
#add_header Strict-Transport-Security max-age=15768000;
}
location /static/ {
......
......@@ -28,6 +28,7 @@ sub defaultValues {
'casAccessControlPolicy' => 'none',
'casAuthnLevel' => 1,
'checkTime' => 600,
'checkUserHiddenAttributes' => 'UA _2fDevices _loginHistory',
'checkXSS' => 1,
'confirmFormMethod' => 'post',
'cookieName' => 'lemonldap',
......@@ -240,6 +241,7 @@ sub defaultValues {
'samlOrganizationDisplayName' => 'Example',
'samlOrganizationName' => 'Example',
'samlOrganizationURL' => 'http://www.example.com',
'samlOverrideIDPEntityID' => '',
'samlRelayStateTimeout' => 600,
'samlServiceSignatureMethod' => 'RSA_SHA1',
'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
......
......@@ -66,7 +66,7 @@ our $issuerParameters = {
issuerDBOpenIDConnect => [qw(issuerDBOpenIDConnectActivation issuerDBOpenIDConnectPath issuerDBOpenIDConnectRule)],
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
};
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlIdPResolveCookie samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlOverrideIDPEntityID)];
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcStorage oidcStorageOptions)];
1;
......@@ -60,7 +60,7 @@ sub _run {
$self->routes( $self->authRoutes );
$req->userData( $self->api->data );
}
else {
elsif ( $res->[0] != 403 ) {
# Unset headers (handler adds a Location header)
$self->logger->debug(
"User not authenticated, Try in use, cancel redirection");
......@@ -68,6 +68,9 @@ sub _run {
$req->respHeaders( [] );
$self->routes( $self->unAuthRoutes );
}
else {
return $res;
}
$res = $self->handler($req);
# Insert respHeaders in response only if not already set
......
......@@ -767,6 +767,22 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 600,
'type' => 'int'
},
'checkUser' => {
'default' => 0,
'type' => 'bool'
},
'checkUserDisplayEmptyValues' => {
'default' => 0,
'type' => 'bool'
},
'checkUserDisplayPersistentInfo' => {
'default' => 0,
'type' => 'bool'
},
'checkUserHiddenAttributes' => {
'default' => 'UA _2fDevices _loginHistory',
'type' => 'text'
},
'checkXSS' => {
'default' => 1,
'type' => 'bool'
......@@ -2849,6 +2865,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 'http://www.example.com',
'type' => 'text'
},
'samlOverrideIDPEntityID' => {
'default' => '',
'type' => 'text'
},
'samlRelayStateTimeout' => {
'default' => 600,
'type' => 'int'
......
......@@ -578,6 +578,30 @@ sub attributes {
documentation => 'Enable Cross Domain Authentication',
flags => 'hp',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => 'UA _2fDevices _loginHistory',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
checkXSS => {
default => 1,
type => 'bool',
......@@ -1968,6 +1992,11 @@ sub attributes {
default => 600,
documentation => 'SAML timeout of relay state',
},
samlOverrideIDPEntityID => {
type => 'text',
documentation => 'Override SAML EntityID when acting as an IDP',
default => '',
},
samlUseQueryStringSpecific => {
default => 0,
type => 'bool',
......
......@@ -637,6 +637,17 @@ sub tree {
form => 'simpleInputContainer',
nodes => [ 'checkState', 'checkStateSecret', ],
},
{
title => 'checkUsers',
help => 'checkuser.html',
form => 'simpleInputContainer',
nodes => [
'checkUser',
'checkUserHiddenAttributes',
'checkUserDisplayPersistentInfo',
'checkUserDisplayEmptyValues',
]
},
]
},
{
......@@ -986,7 +997,8 @@ sub tree {
'samlDiscoveryProtocolPolicy',
'samlDiscoveryProtocolIsPassive'
]
}
},
'samlOverrideIDPEntityID',
]
}
]
......
......@@ -151,6 +151,11 @@
"clickHereToForce":"انقر هنا لإجبار",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"اختيارالإعدادات",
"chooseLogo":"اختيار الشعار",
"chooseSkin":"اختيار الغلاف",
......@@ -243,7 +248,7 @@
"exportedVars":"المتغيرات المصدرة",
"external2f":"External second factor",
"ext2fActivation":"تفعيل",
"ext2fCodeActivation":"2F code generated by Portal",
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"مستوى إثبات الهوية",
"ext2fLogo":"Logo",
"ext2FSendCommand":"إرسال الأمر",
......@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"يو آر إل القارئ",
"samlCommonDomainCookieWriter":"يو آر إل الكاتب",
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -152,6 +152,11 @@
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"choiceParams":"Choice parameters",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"chooseLogo":"Choose logo",
"chooseSkin":"Choose skin",
"combination":"Combination",
......@@ -243,7 +248,7 @@
"exportedVars":"Exported Variables",
"external2f":"External second factor",
"ext2fActivation":"Activation",
"ext2fCodeActivation":"2F code generated by Portal",
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Authentication level",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand",
......@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -151,6 +151,11 @@
"clickHereToForce":"Click here to force",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"Choice parameters",
"chooseLogo":"Choose logo",
"chooseSkin":"Choose skin",
......@@ -243,7 +248,7 @@
"exportedVars":"Exported Variables",
"external2f":"External second factor",
"ext2fActivation":"Activation",
"ext2fCodeActivation":"2F code generated by Portal",
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Authentication level",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand",
......@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method"
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -152,6 +152,11 @@
"checkState":"Activation",
"checkStateSecret":"Secret partagé",
"choiceParams":"Paramètres des choix",
"checkUsers":"Vérification de session",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Attributs masqués",
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
"chooseLogo":"Choisir le logo",
"chooseSkin":"Choisir le thème",
"combination":"Combinaison",
......@@ -243,7 +248,7 @@
"exportedVars":"Attributs à exporter",
"external2f":"Second facteur externe",
"ext2fActivation":"Activation",
"ext2fCodeActivation":"2F code généré par le Portail",
"ext2fCodeActivation":"Expression régulière pour la génération du code",
"ext2fAuthnLevel":"Niveau de l'authentification",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Commande pour l'envoi",
......@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"URL de lecture",
"samlCommonDomainCookieWriter":"URL d'écriture",
"samlRelayStateTimeout":"Durée de vie d'une session RelayState",
"samlUseQueryStringSpecific":"Utilisation d'une fonction spécifique pour query_string"
"samlUseQueryStringSpecific":"Utilisation d'une fonction spécifique pour query_string",
"samlOverrideIDPEntityID": "Valeur de l'Entity ID en mode IDP"
}
......@@ -151,6 +151,11 @@
"clickHereToForce":"Clicca qui per forzare",
"checkState":"Attivazione",
"checkStateSecret":"Segreto condiviso",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"Scelta parametri",
"chooseLogo":"Scegli logo",
"chooseSkin":"Scegli interfaccia",
......@@ -243,7 +248,7 @@
"exportedVars":"Variabili esportate",
"external2f":"2° fattore esterno",
"ext2fActivation":"Attivazione",
"ext2fCodeActivation":"2F code generated by Portal",
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Livello di autenticazione",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Invia comando",
......@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"URL del lettore",
"samlCommonDomainCookieWriter":"URL dell'autore",
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -151,6 +151,11 @@
"clickHereToForce":"Nhấp vào đây để bắt buộc",
"checkState":"Kích hoạt",
"checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"Các tham số lựa chọn",
"chooseLogo":"Chọn logo",
"chooseSkin":"Chọn giao diện",
......@@ -243,7 +248,7 @@
"exportedVars":"Biến đã được xuất",
"external2f":"Yếu tố thứ 2 bên ngoài",
"ext2fActivation":"Kích hoạt",
"ext2fCodeActivation":"2F code generated by Portal",
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"Mức xác thực",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Gửi lệnh",
......@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"Trình đọc URL",
"samlCommonDomainCookieWriter":"Trình viết URL",
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
......@@ -151,6 +151,11 @@
"clickHereToForce":"Click here to force",
"checkState":"Activation",
"checkStateSecret":"Shared secret",
"checkUsers":"Session check",
"checkUser":"Activation",
"checkUserHiddenAttributes":"Hidden attributes",
"checkUserDisplayPersistentInfo":"Display persistent session",
"checkUserDisplayEmptyValues":"Display empty values",
"choiceParams":"Choice parameters",
"chooseLogo":"Choose logo",
"chooseSkin":"Choose skin",
......@@ -243,7 +248,7 @@
"exportedVars":"Exported Variables",
"external2f":"External second factor",
"ext2fActivation":"激活",
"ext2fCodeActivation":"2F code generated by Portal",
"ext2fCodeActivation":"Code regex",
"ext2fAuthnLevel":"认证级别",
"ext2fLogo":"Logo",
"ext2FSendCommand":"Send comand",
......@@ -964,5 +969,6 @@
"samlCommonDomainCookieReader":"Reader URL",
"samlCommonDomainCookieWriter":"Writer URL",
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method"
}
\ No newline at end of file
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID": "Override Entity ID when acting as IDP"
}
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -329,6 +329,7 @@ site/templates/bootstrap/customhead.tpl
site/templates/bootstrap/customheader.tpl
site/templates/bootstrap/customLoginFooter.tpl
site/templates/bootstrap/customLoginHeader.tpl
site/templates/bootstrap/error.json.example
site/templates/bootstrap/error.tpl
site/templates/bootstrap/ext2fcheck.tpl
site/templates/bootstrap/footer.tpl
......@@ -337,6 +338,7 @@ site/templates/bootstrap/header.tpl
site/templates/bootstrap/idpchoice.tpl
site/templates/bootstrap/info.tpl
site/templates/bootstrap/ldapPpGrace.tpl
site/templates/bootstrap/login.json
site/templates/bootstrap/login.tpl
site/templates/bootstrap/mail.tpl
site/templates/bootstrap/menu.tpl
......@@ -394,6 +396,7 @@ site/templates/common/oidc_checksession.tpl
site/templates/common/redirect.tpl
site/templates/common/registerBrowser.tpl
site/templates/common/script.tpl
site/templates/common/trover.tpl
site/templates/localeTranslations.txt
t/01-AuthDemo.t
t/01-pdata.t
......@@ -496,21 +499,22 @@ t/66-CDA-already-auth.t
t/66-CDA-with-REST.t
t/66-CDA-with-SOAP.t
t/66-CDA.t
t/70-2F-TOTP-with-HISTORY.t
t/70-2F-TOTP-with-History.t
t/70-2F-TOTP.t
t/70-2F-TOTP_8.t
t/71-2F-U2F-with-HISTORY.t
t/71-2F-U2F-with-History.t
t/71-2F-U2F.t
t/72-2F-REST-with-HISTORY.t
t/73-2F-UTOTP-TOTP-and-U2F-with-HISTORY.t
t/73-2F-UTOTP-TOTP-and-U2F-with-History.t
t/73-2F-UTOTP-TOTP-and-U2F.t
t/73-2F-UTOTP-TOTP-only-with-HISTORY.t
t/73-2F-UTOTP-TOTP-only-with-History.t
t/73-2F-UTOTP-TOTP-only.t
t/74-2F-Required.t
t/75-2F-Registers.t
t/76-2F-Ext-with-BruteForce.t
t/76-2F-Ext-with-CodeActivation.t
t/76-2F-Ext-with-GrantSession.t
t/76-2F-Ext-with-HISTORY.t
t/76-2F-Ext-with-History.t
t/77-2F-Mail.t
t/90-Translations.t
t/99-pod.t
......@@ -525,6 +529,7 @@ t/lmConf-1.json
t/pdata.pm
t/README.md
t/saml-lib.pm
t/sendCode.pl
t/sendOTP.pl
t/sessions/lock/.exists
t/sessions/saml/lock/.exists
......
......@@ -33,9 +33,11 @@ sub init {
if ( $self->conf->{ext2fLogo} );
return $self->SUPER::init();
}
if ( $self->conf->{ext2fCodeActivation}
and $self->conf->{ext2FSendCommand} )
{
if ( $self->conf->{ext2fCodeActivation} ) {
unless ( $self->conf->{ext2FSendCommand} ) {
$self->error("Missing 'ext2FSendCommand' parameter, aborting");
return 0;
}
$self->random( String::Random->new );
$self->logo( $self->conf->{ext2fLogo} )
if ( $self->conf->{ext2fLogo} );
......@@ -52,10 +54,11 @@ sub run {
my $checkLogins = $req->param('checkLogins');
$self->logger->debug("Ext2F checkLogins set") if ($checkLogins);
# Generate OTP to send
if ( $self->{random} ) {
my $code
= $self->random->randregex( $self->conf->{ext2fOTPActivation} );
# Generate Code to send
my $code;
if ( $self->conf->{ext2fCodeActivation} ) {
$code
= $self->random->randregex( $self->conf->{ext2fCodeActivation} );
$self->logger->debug("Generated ext2f code : $code");
$self->ott->updateToken( $token, __ext2fcode => $code );
}
......@@ -63,8 +66,9 @@ sub run {
# Prepare command and launch it
$self->logger->debug( 'Launching "Send" external 2F command -> '
. $self->conf->{ext2FSendCommand} );
if ( my $c
= $self->launch( $req->sessionInfo, $self->conf->{ext2FSendCommand} )
if (my $c = $self->launch(
$req->sessionInfo, $self->conf->{ext2FSendCommand}, $code
)
)
{
$self->logger->error("External send command failed (code $c)");
......@@ -92,7 +96,7 @@ sub verify {
my ( $self, $req, $session ) = @_;
my $usercode;
unless ( $usercode = $req->param('code') ) {
$self->userLogger->error('External 2F: no code');
$self->userLogger->error('External 2F: no code found');
return PE_FORMEMPTY;
}
......
......@@ -91,6 +91,11 @@ qr/^($saml_sso_get_url|$saml_sso_get_url_ret|$saml_sso_post_url|$saml_sso_post_u
);
return 0 unless ($res);
if ( $self->conf->{samlOverrideIDPEntityID} ) {
$self->lassoServer->ProviderID(
$self->conf->{samlOverrideIDPEntityID} );
}
# Single logout routes
$self->addUnauthRouteFromMetaDataURL(
"samlIDPSSODescriptorSingleLogoutServiceSOAP",
......
......@@ -97,14 +97,16 @@ sub init {
);
# Load override messages from file and lemonldap-ng.ini
if ( $self->{localConfig}->{translations} ) {
if ( $self->{localConfig}->{translations}
and -r $self->{localConfig}->{translations} )
{
open my $tr_file, '<', $self->{localConfig}->{translations}
or die "Can't open"
. $self->{localConfig}->{translations} . " : $!";
while (<$tr_file>) {
chomp;
$_ =~ /^([\w_]+)\s+=\s+(.+)$/;
$self->{localConfig}->{ $1 } = $2;
$self->{localConfig}->{$1} = $2;
}
close $tr_file or die "Can't close $tr_file : $!";
}
......
......@@ -25,6 +25,7 @@ our @pList = (
autoSigninRules => '::Plugins::AutoSignin',
checkState => '::Plugins::CheckState',
portalForceAuthn => '::Plugins::ForceAuthn',
checkUser => '::Plugins::CheckUser',
);
##@method list enabledPlugins
......
package Lemonldap::NG::Portal::Plugins::CheckUser;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS
PE_TOKENEXPIRED
PE_NOTOKEN
);
our $VERSION = '2.0.3';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
has ott => (
is => 'rw',
lazy => 1,
default => sub {
my $ott = $_[0]->{p}
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott;
}
);
sub hAttr {
$_[0]->{conf}->{checkUserHiddenAttributes} . ' '
. $_[0]->{conf}->{hiddenAttributes};
}
sub init {
my ($self) = @_;
$self->addAuthRoute( checkuser => 'check', ['POST'] );
$self->addAuthRoute( checkuser => 'display', ['GET'] );
return 1;
}
# RUNNING METHOD
sub check {
my ( $self, $req ) = @_;
my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] );
my $msg = my $auth = '';
# Check token
if ( $self->conf->{requireToken} ) {
my $token = $req->param('token');
unless ($token) {
$self->userLogger->warn('CheckUser try without token');
$msg = PE_NOTOKEN;
$token = $self->ott->createToken( $req->sessionInfo );
}
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn('Ask try with expired/bad token');
$msg = PE_TOKENEXPIRED;
$token = $self->ott->createToken( $req->sessionInfo );
}
return $self->p->sendHtml(
$req,
'checkuser',
params => {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => "PE$msg",
ALERTE => 'alert-warning',
TOKEN => $token,
}
) if $msg;
}
## Check user session datas
# Use submitted attribute if exists
my $url = $req->param('url') || '';
$req->{user} = $req->param('user') if ( $req->param('user') );
$self->logger->debug("Check requested for $req->{user}");
$attrs = $self->_userDatas($req);
if ( $req->error ) {
$msg = 'PE' . $req->{error};
$attrs = {};
}
else {
# Create an array of hashes for template loop
$self->logger->debug("Delete hidden or empty attributes");
foreach my $k ( sort keys %$attrs ) {
# Ignore hidden attributes or empty values
if ( $self->conf->{checkUserDisplayEmptyValues} ) {
push @$array_attrs, { key => $k, value => $attrs->{$k} }
unless ( $self->hAttr =~ /\b$k\b/ );
}
else {
push @$array_attrs, { key => $k, value => $attrs->{$k} }
unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} );
}
}
$msg = 'checkUser';
}
# Check if user is allowed to access submitted URL and compute headers
if ( $url and %$attrs ) {
# User is allowed ?
$auth = $self->_authorization( $req, $url );
$self->logger->debug(
"checkUser requested for user: $req->{user} and URL: $url");
$auth = $auth ? "allowed" : "forbidden";
$self->userLogger->notice( "checkUser -> $req->{user} is "
. uc($auth)
. " to access: $url" );
# Return VirtualHost headers
$array_hdrs = $self->_headers( $req, $url );
}
my $token = $self->ott->createToken( $req->sessionInfo );
# Display form
return $self->p->sendHtml(
$req,
'checkuser',
params => {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => $msg,
ALERTE =>
( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
LOGIN => (
$self->p->checkXSSAttack( 'LOGIN', $req->{user} ) ? ""
: $req->{user}
),
URL => (
$self->p->checkXSSAttack( 'URL', $url ) ? ""
: $url
),
ALLOWED => $auth,
ALERTE_AUTH =>
( $auth eq 'allowed' ? 'alert-success' : 'alert-danger' ),
HEADERS => $array_hdrs,
ATTRIBUTES => $array_attrs,
TOKEN => $token,
}
);
}
sub display {
my ( $self, $req ) = @_;
my $token = $self->ott->createToken( $req->sessionInfo );
# Display form
return $self->p->sendHtml(
$req,
'checkuser',
params => {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => 'checkUser',
ALERTE => 'alert-info',
LOGIN => (
$self->p->checkXSSAttack( 'LOGIN', $req->{user} )
? ""
: $req->{user}
),
TOKEN => $token,
}
);
}
sub _userDatas {
my ( $self, $req ) = @_;
# Search user in database
my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ];
$self->conf->{checkUserDisplayPersistentInfo}
? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups'
: push @$steps, 'setLocalGroups';
$req->steps($steps);
if ( my $error = $self->p->process($req) ) {
if ( $error == PE_BADCREDENTIALS ) {
$self->userLogger->warn( 'Check requested for an unvalid user ('
. $req->{user}
. ")" );
}
$self->logger->debug("Process returned error: $error");
return $req->error($error);
}
return $req->{sessionInfo};
}
sub _authorization {
my ( $self, $req, $uri ) = @_;
# Check rights
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
$vhost =~ s/:\d+$//;
$vhost = $self->p->HANDLER->resolveAlias($vhost);
$appuri ||= '/';
return $self->p->HANDLER->grant( $req, $req->{sessionInfo}, $appuri,
undef, $vhost );
}
sub _headers {
my ( $self, $req, $uri ) = @_;
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
$vhost =~ s/:\d+$//;
$req->{env}->{HTTP_HOST} = $vhost;
$self->p->HANDLER->headersInit( $self->{conf} );
return $self->p->HANDLER->checkHeaders( $req, $req->{sessionInfo} );
}
1;
......@@ -29,6 +29,9 @@ translatePage = (lang) ->
$(this).text txt
$("[trmsg]").each ->
$(this).text translate "PE#{$(this).attr 'trmsg'}"
msg = translate "PE#{$(this).attr 'trmsg'}"
if msg.match /_hide_/
$(this).parent().hide()
$("[trplaceholder]").each ->
$(this).attr 'placeholder', translate($(this).attr('trplaceholder'))
$("[localtime]").each ->
......@@ -53,6 +56,7 @@ getValues = () ->
catch e
console.log 'Parsing error', e
console.log 'JSON', $(this).text()
console.log values
values
# Code from http://snipplr.com/view/29434/
......
......@@ -37,7 +37,12 @@ LemonLDAP::NG Portal jQuery scripts
return $(this).text(txt);
});
$("[trmsg]").each(function() {
return $(this).text(translate("PE" + ($(this).attr('trmsg'))));
var msg;
$(this).text(translate("PE" + ($(this).attr('trmsg'))));
msg = translate("PE" + ($(this).attr('trmsg')));
if (msg.match(/_hide_/)) {
return $(this).parent().hide();
}
});
$("[trplaceholder]").each(function() {
return $(this).attr('placeholder', translate($(this).attr('trplaceholder')));
......@@ -78,6 +83,7 @@ LemonLDAP::NG Portal jQuery scripts
return console.log('JSON', $(this).text());
}
});
console.log(values);
return values;
};
......
......@@ -98,10 +98,12 @@
"accountCreated":"تم إنشاء حسابك و إرسال كلمة المرور المؤقتة إلى بريدك الإلكتروني.",
"accountCreationSuccess":"تم إنشاء حسابك بنجاح.",
"action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"معلومات أخرى:",
"areYouSure":"هل أنت واثق؟",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"بوابة إثبات الهوية",
"authRemaining":"٪ s المصادقة المتبقية، غيير كلمة المرور الخاصة بك!",
"autoAccept":"تقبل تلقائيا في 30 ثانية",
......@@ -114,6 +116,7 @@
"changeKey":"Generate new key",
"changePwd":"غير كلمة المرور الخاصة بك",
"checkLastLogins":"تحقق من آخر تسجيلات دخول الخاصة بي",
"checkUser":"Check user session",
"choose2f":"Choose your second factor",
"chooseApp":"اختر أحد التطبيقات المسموح لك بالدخول إليها",
"clickHere":"الرجاء الضغط هنا",
......@@ -137,15 +140,18 @@
"errorMsg":"رسالة خاطئة",
"fillTheForm":"Fill the form",
"firstName":"الاسم الاول",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"نسيت كلمة المرور؟",
"generatePwd":"إنشاء كلمة المرور تلقائيا",
"gotNewMessages":"لديك بعض الرسائل الجديدة",
"goToPortal":"انتقل إلى البوابة",
"gplSoft":"البرمجيات الحرة التي تغطيها رخصة GPL",
"headers":"HEADERS",
"id":"Id",
"imSure":"انا متاكد",
"info":"معلومات",
"ipAddr":"عنوان الأي بي",
"key":"Key",
"lastFailedLogins":"عمليات تسجيل الدخول الأخيرة الغير الناجحة",
"lastLogins":"آخر تسجيلات دخول",
"lastName":"اسم العائلة",
......@@ -227,6 +233,7 @@
"upgradeSession":"ترقية الجلسة",
"user":"المستخدم",
"useYubikey":"استخدم اليوبي كي الخاص بك",
"value":"Value",
"verify":"التحقق",
"wait":"انتظر",
"warning":"تحذير",
......
......@@ -98,10 +98,12 @@
"accountCreated":"Ihr Konto wurde erstellt, das temporäre Passwort wurde an Ihre E-Mail-Adresse gesendet.",
"accountCreationSuccess":"Ihr Account wurde erfolgreich erstellt.",
"action":"Aktion",
"allowed":"Access ALLOWED",
"anotherInformation":"Eine weitere Information:",
"areYouSure":"Sind Sie sicher ?",
"askToRenew":"Diese Anwendung benötigt eine neuere Authentifizierung. Möchten Sie sich erneut authentifizieren?",
"askToUpgrade":"Diese Anwendung benötigt eine höhere Authentifizierungsstufe. Möchten Sie sich erneut authentifizieren?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentifizierungsportal",
"authRemaining":"%sverbleibende Authentifizierungen, bitte Passwort ändern!",
"autoAccept":"Automatisch in 30 Sekunden annehmen",
......@@ -114,6 +116,7 @@
"changeKey":"Neuen Schlüssel erzeugen",
"changePwd":"Ändere dein Passwort",
"checkLastLogins":"Überprüfe meine letzten Logins",
"checkUser":"Check user session",
"choose2f":"Wählen deinen Ihren zweiten Faktor",
"chooseApp":"Wählen Sie eine Anwendung aus, auf die du zugreifen darfst",
"clickHere":"Bitte hier klicken",
......@@ -137,15 +140,18 @@
"errorMsg":"Fehlermeldung",
"fillTheForm":"Fülle das Formular aus",
"firstName":"Vorname",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Passwort vergessen ?",
"generatePwd":"Passwort automatisch generieren",
"gotNewMessages":"Du hast neue Nachrichten",
"goToPortal":"Zum Portal",
"gplSoft":"Freie Software, die von der GPL-Lizenz abgedeckt wird",
"headers":"HEADERS",
"id":"ID",
"imSure":"Ich bin sicher",
"info":"Information",
"ipAddr":"IP Adresse",
"key":"Key",
"lastFailedLogins":"Letzte fehlgeschlagene Anmeldungen",
"lastLogins":"Letzte Anmeldungen",
"lastName":"Nachname",
......@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session",
"user":"Benutzer",
"useYubikey":"use your Yubikey",
"value":"Value",
"verify":"Verify",
"wait":"Warten",
"warning":"Warnung",
......
......@@ -98,10 +98,12 @@
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
"accountCreationSuccess":"Your account was successfully created.",
"action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:",
"areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds",
......@@ -114,6 +116,7 @@
"changeKey": "Generate new key",
"changePwd":"Change your password",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user session",
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
......@@ -137,15 +140,18 @@
"errorMsg":"Error Message",
"fillTheForm":"Fill the form",
"firstName":"First name",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Forgot your password?",
"generatePwd":"Generate the password automatically",
"gotNewMessages":"You have some new messages",
"goToPortal":"Go to portal",
"gplSoft":"free software covered by the GPL license",
"headers":"HEADERS",
"id":"Id",
"imSure":"I'm sure",
"info":"Information",
"ipAddr":"IP address",
"key":"Key",
"lastFailedLogins":"Last failed logins",
"lastLogins":"Last logins",
"lastName":"Last name",
......@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session",
"user":"User",
"useYubikey":"use your Yubikey",
"value":"Value",
"verify": "Verify",
"wait":"Wait",
"warning":"Warning",
......
......@@ -98,10 +98,12 @@
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
"accountCreationSuccess":"Your account was successfully created.",
"action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:",
"areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds",
......@@ -114,6 +116,7 @@
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user session",
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
......@@ -137,15 +140,18 @@
"errorMsg":"Error Message",
"fillTheForm":"Fill the form",
"firstName":"First name",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Forgot your password?",
"generatePwd":"Generate the password automatically",
"gotNewMessages":"You have some new messages",
"goToPortal":"Go to portal",
"gplSoft":"free software covered by the GPL license",
"headers":"HEADERS",
"id":"Id",
"imSure":"I'm sure",
"info":"Information",
"ipAddr":"IP address",
"key":"Key",
"lastFailedLogins":"Last failed logins",
"lastLogins":"Last logins",
"lastName":"Last name",
......@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session",
"user":"User",
"useYubikey":"use your Yubikey",
"value":"Value",
"verify":"Verify",
"wait":"Wait",
"warning":"Warning",
......
......@@ -4,7 +4,7 @@
"PE2":"Identifiant ou mot de passe non renseigné",
"PE3":"Compte ou mot de passe LDAP de l'application incorrect",
"PE4":"Utilisateur inexistant",
"PE5":"Mot de passe ou identifiant incorrect",
"PE5":"Identifiant ou mot de passe incorrect",
"PE6":"Connexion impossible au serveur LDAP",
"PE7":"Erreur anormale du serveur LDAP",
"PE8":"Erreur du module Apache::Session choisi",
......@@ -98,10 +98,12 @@
"accountCreated":"Votre compte a été créé, un mot de passe temporaire a été envoyé à votre adresse mail.",
"accountCreationSuccess":"Votre compte a bien été créé.",
"action":"Action",
"allowed":"Accès AUTORISE",
"anotherInformation":"Une autre information :",
"areYouSure":"Êtes-vous sûr ?",
"askToRenew":"Cette application nécessite une authentification plus récente. Voulez-vous vous réauthentifier ?",
"askToUpgrade":"Cette application nécessite un plus haut niveau d'authentification. Voulez-vous vous réauthentifier ?",
"attributes":"ATTRIBUTS",
"authPortal":"Portail d'authentification",
"authRemaining":"%s authentifications restantes, changez votre mot de passe !",
"autoAccept":"Acceptation automatique dans 30 secondes",
......@@ -114,6 +116,7 @@
"changeKey": "Générer une nouvelle clef",
"changePwd":"Changez votre mot de passe",
"checkLastLogins":"Voir mes dernières connexions",
"checkUser":"Vérifier la session d'un utilisateur",
"choose2f":"Choisissez votre second facteur",
"chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder",
"clickHere":"Cliquez ici",
......@@ -136,16 +139,19 @@
"enterYubikey":"Utilisez votre Yubikey",
"errorMsg":"Message d'erreur",
"fillTheForm":"Remplissez le formulaire",
"forbidden":"Accès INTERDIT",
"firstName":"Prénom",
"forgotPwd":"Mot de passe oublié ?",
"generatePwd":"Générer le mot de passe automatiquement",
"gotNewMessages":"Vous avez de nouveaux messages",
"goToPortal":"Aller au portail",
"gplSoft":"logiciel libre protégé par la licence GPL",
"headers":"ENTETES",
"id":"Id",
"imSure":"Je suis sûr",
"info":"Information",
"ipAddr":"Adresse IP",
"key":"Clef",
"lastFailedLogins":"Dernières connexions refusées",
"lastLogins":"Dernières connexions",
"lastName":"Nom",
......@@ -227,6 +233,7 @@
"upgradeSession":"Se réauthentifier",
"user":"Utilisateur",
"useYubikey":"Utilisez votre Yubikey",
"value":"Valeur",
"verify": "Vérifier",
"wait":"Attendre",
"warning":"Attention",
......
......@@ -98,10 +98,12 @@
"accountCreated":"Il tuo account è stato creato, la tua password temporanea è stata inviata all'indirizzo email.",
"accountCreationSuccess":"Il tuo account è stato creato con successo.",
"action":"Azione",
"allowed":"Access ALLOWED",
"anotherInformation":"Un'altra informazione:",
"areYouSure":"Sei sicuro?",
"askToRenew":"Questa applicazione richiede un'autenticazione più recente. Vuoi reautenticare?",
"askToUpgrade":"Questa applicazione richiede un livello di autenticazione superiore. Vuoi reautenticare?",
"attributes":"ATTRIBUTES",
"authPortal":"Portale di autenticazione",
"authRemaining":"Rimangono ancora %s autenticazioni, modifica la password!",
"autoAccept":"Accetta automaticamente in 30 secondi",
......@@ -114,6 +116,7 @@
"changeKey":"Genera nuova chiave",
"changePwd":"Cambia la tua password",
"checkLastLogins":"Controllare i miei ultimi accessi",
"checkUser":"Check user session",
"choose2f":"Scegli il tuo secondo fattore",
"chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso",
"clickHere":"Per favore clicka qui",
......@@ -137,15 +140,18 @@
"errorMsg":"Messaggio di errore",
"fillTheForm":"Compila il modulo",
"firstName":"Nome",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Password dimenticata?",
"generatePwd":"Generare automaticamente la password",
"gotNewMessages":"Hai dei nuovi messaggi",
"goToPortal":"Vai al portale",
"gplSoft":"Software libero coperto dalla licenza GPL",
"headers":"HEADERS",
"id":"Id",
"imSure":"Sono sicuro",
"info":"Informazioni",
"ipAddr":"Indirizzo IP",
"key":"Key",
"lastFailedLogins":"Ultimi login non riusciti",
"lastLogins":"Ultimi accessi",
"lastName":"Cognome",
......@@ -227,6 +233,7 @@
"upgradeSession":"Sessione di aggiornamento",
"user":"Utente",
"useYubikey":"Usa la tua Yubikey",
"value":"Value",
"verify":"Verifica",
"wait":"Attendere",
"warning":"Avvertimento",
......
......@@ -98,10 +98,12 @@
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
"accountCreationSuccess":"Your account was successfully created.",
"action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:",
"areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds",
......@@ -114,6 +116,7 @@
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user session",
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
......@@ -137,15 +140,18 @@
"errorMsg":"Error Message",
"fillTheForm":"Fill the form",
"firstName":"First name",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Forgot your password?",
"generatePwd":"Generate the password automatically",
"gotNewMessages":"You have some new messages",
"goToPortal":"Go to portal",
"gplSoft":"free software covered by the GPL license",
"headers":"HEADERS",
"id":"Id",
"imSure":"I'm sure",
"info":"Information",
"ipAddr":"IP address",
"key":"Key",
"lastFailedLogins":"Last failed logins",
"lastLogins":"Last logins",
"lastName":"Last name",
......@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session",
"user":"User",
"useYubikey":"use your Yubikey",
"value":"Value",
"verify":"Verify",
"wait":"Wait",
"warning":"Warning",
......
......@@ -98,10 +98,12 @@
"accountCreated":"Your account has been created, your temporary password has been sent to your mail address.",
"accountCreationSuccess":"Your account was successfully created.",
"action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:",
"areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds",
......@@ -114,6 +116,7 @@
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user session",
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
......@@ -137,15 +140,18 @@
"errorMsg":"Error Message",
"fillTheForm":"Fill the form",
"firstName":"First name",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Forgot your password?",
"generatePwd":"Generate the password automatically",
"gotNewMessages":"You have some new messages",
"goToPortal":"Go to portal",
"gplSoft":"free software covered by the GPL license",
"headers":"HEADERS",
"id":"Id",
"imSure":"I'm sure",
"info":"Information",
"ipAddr":"IP address",
"key":"Key",
"lastFailedLogins":"Last failed logins",
"lastLogins":"Last logins",
"lastName":"Last name",
......@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session",
"user":"User",
"useYubikey":"use your Yubikey",
"value":"Value",
"verify":"Verify",
"wait":"Wait",
"warning":"Warning",
......
......@@ -99,9 +99,11 @@
"accountCreationSuccess":"Your account was successfully created.",
"action":"Action",
"anotherInformation":"Another information:",
"allowed":"Access ALLOWED",
"areYouSure":"Are you sure?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!",
"autoAccept":"Automatically accept in 30 seconds",
......@@ -114,6 +116,7 @@
"changeKey":"Generate new key",
"changePwd":"Change your password",
"checkLastLogins":"Check my last logins",
"checkUser":"Check user session",
"choose2f":"Choose your second factor",
"chooseApp":"Choose an application your are allowed to access to",
"clickHere":"Please click here",
......@@ -137,15 +140,18 @@
"errorMsg":"Error Message",
"fillTheForm":"Fill the form",
"firstName":"First name",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Forgot your password?",
"generatePwd":"Generate the password automatically",
"gotNewMessages":"You have some new messages",
"goToPortal":"Go to portal",
"gplSoft":"free software covered by the GPL license",
"headers":"HEADERS",
"id":"Id",
"imSure":"I'm sure",
"info":"Information",
"ipAddr":"IP address",
"key":"Key",
"lastFailedLogins":"Last failed logins",
"lastLogins":"Last logins",
"lastName":"Last name",
......@@ -227,6 +233,7 @@
"upgradeSession":"Upgrade session",
"user":"User",
"useYubikey":"use your Yubikey",
"value":"Value",
"verify":"Verify",
"wait":"Wait",
"warning":"Warning",
......
......@@ -99,9 +99,11 @@
"accountCreationSuccess":"Tài khoản của bạn đã được tạo thành công.",
"action":"Action",
"anotherInformation":"Thông tin khác:",
"allowed":"Access ALLOWED",
"areYouSure":"Bạn có chắc không?",
"askToRenew":"Ứng dụng này cần có chứng thực gần đây hơn. Bạn có muốn chứng thực lại?",
"askToUpgrade":"Ứng dụng này cần một mức xác thực cao hơn. Bạn có muốn chứng thực lại?",
"attributes":"ATTRIBUTES",
"authPortal":"Cổng thông tin xác thực",
"authRemaining":"%s xác thực vẫn còn, thay đổi mật khẩu của bạn!",
"autoAccept":"Tự động chấp nhận trong 30 giây",
......@@ -114,6 +116,7 @@
"changeKey":"Generate new key",
"changePwd":"Thay đổi mật khẩu của bạn",
"checkLastLogins":"Kiểm tra lần đăng nhập cuối cùng của bạn",
"checkUser":"Check user session",
"choose2f":"Choose your second factor",
"chooseApp":"Chọn một ứng dụng bạn được phép truy cập vào",
"clickHere":"Vui lòng nhấp vào đây",
......@@ -137,15 +140,18 @@
"errorMsg":"Thông báo lỗi",
"fillTheForm":"Fill the form",
"firstName":"Tên",
"forbidden":"Access FORBIDDEN",
"forgotPwd":"Quên mật khẩu của bạn?",
"generatePwd":"Tạo mật khẩu tự động",
"gotNewMessages":"Bạn có một số tin nhắn mới",
"goToPortal":"Đi tới cổng thông tin",
"gplSoft":"phần mềm tự do được cấp phép bởi GPL",
"headers":"HEADERS",
"id":"Id",
"imSure":"Tôi chắc chắn",
"info":"Thông tin",
"ipAddr":"Địa chỉ IP",
"key":"Key",
"lastFailedLogins":"Lần cuối đăng nhập thất bại",
"lastLogins":"Đăng nhập lần cuối",
"lastName":"Họ",
......@@ -227,6 +233,7 @@
"upgradeSession":"Phiên nâng cấp",
"user":"Người dùng",
"useYubikey":"sử dụng Yubikey của bạn",
"value":"Value",
"verify":"Xác minh",
"wait":"Hãy đợi",
"warning":"Cảnh báo",
......
......@@ -98,10 +98,12 @@
"accountCreated":"您的账号已创建,临时密码已发送至您的邮箱",
"accountCreationSuccess":"你的账户已创建",
"action":"Action",
"allowed":"Access ALLOWED",
"anotherInformation":"Another information:",
"areYouSure":"您确定吗?",
"askToRenew":"This application needs a more recent authentication. Do you want to reauthenticate?",
"askToUpgrade":"This application needs an higher authentication level. Do you want to reauthenticate?",
"attributes":"ATTRIBUTES",
"authPortal":"Authentication portal",
"authRemaining":"%s authentications remaining, change your password!",