summaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Avoid concatenated error messagesorigin/errorcode-classHanne Moa2016-09-167-12/+10
| | | | For #455
* Move mtype array after Template-instantiationHanne Moa2016-09-151-1/+2
| | | | `noop()` is a method on the template after all.
* Remove concat: translated tab-titleHanne Moa2016-09-152-1/+16
| | | | | | For #455. Note that if translation tags were domain-free strings, the mapping from tab to tabtitle would be redundant. It would still be necessary to mark the strings as noop however.
* Get rid of the mtype-functionHanne Moa2016-09-152-35/+19
| | | | For #454, #455
* Remove concat: translated header in metadata.phpHanne Moa2016-09-152-2/+4
| | | | For #455
* Merge pull request #433 from thijskh/feature/deprecate-certFingerprintJaime Pérez Crespo2016-09-141-0/+5
|\ | | | | Deprecate the certFingerprint option.
| * Deprecate the certFingerprint option.Thijs Kinkhorst2016-08-051-0/+5
| | | | | | | | | | | | Issue a notice when the option is used nonetheless. Closes: #432
* | bugfix: The smartattributes:SmartName authproc fails to load.Jaime Pérez2016-09-071-1/+1
| | | | | | | | There was a typo in the name of the class, where the module was referenced as "smartattribute" instead of "smartattributes".
* | Add the SPL extension to the list of requirements in the web interface.Jaime Pérez2016-09-061-0/+1
| | | | | | | | This is needed for the autoloader to work, or code calling class_implements(), among others.
* | Remove the SimpleXML PHP extension from the requirements.Jaime Pérez2016-09-061-1/+0
| |
* | Enhance the checks for required PHP extensions.Jaime Pérez2016-09-061-0/+4
| | | | | | | | Added checks for Date/Time, JSON, cURL and Session.
* | Add mysteriosuly missing ;Hanne Moa2016-09-061-1/+1
| |
* | Split logic and data for authYubiKey-moduleHanne Moa2016-09-062-2/+4
| | | | | | | | For: #454
* | Split logic and data for negotiate-moduleHanne Moa2016-09-064-10/+6
| | | | | | | | For: #454
* | Allow setting the 'Comparison' attribute in authentication contexts.Jaime Pérez2016-09-053-2/+40
| | | | | | | | Even though the default "exact" is used by most people, and few products support anything else, there's people asking for this.
* | doc: Fix use of SAML2_Const in documentation.Jaime Pérez2016-09-051-1/+1
| | | | | | | | Since we have updated the version of the SAML2 library in use, we should use SAML2\Constants now.
* | Deprecate the old SimpleSAML_Error_NoPassive and ↵Jaime Pérez2016-08-311-0/+2
| | | | | | | | SimpleSAML_Error_ProxyCountExceeded exceptions.
* | Use the new SimpleSAML\Module\saml\Error\ProxyCountExceeded exception.Jaime Pérez2016-08-311-1/+4
| |
* | Use the new SAML error exceptions in the saml module.Jaime Pérez2016-08-313-20/+23
| | | | | | | | Instead of keeping SAML-specific error exceptions in lib/SimpleSAML/Error, it makes more sense to have those in the saml module. Now that we have the recent NoAvailableIDP and NoSupportedIDP errors moved there, it's time to change the code implemented recently that uses them.
* | Model some SAML errors as exceptions in the SAML module.Jaime Pérez2016-08-315-0/+140
| | | | | | | | This makes it easier to identify error conditions and return errors to an SP. More known errors should also be added here.
* | Keep the requested authentication context.Jaime Pérez2016-08-301-0/+3
| | | | | | | | The SAML2 IdP should keep the RequestedAuthnContext in the state array, so that authentication sources (or processing filters) can use that information during authentication.
* | Enhance the list of PHP extensions requirements.Jaime Pérez2016-08-221-4/+5
| |
* | bugfix: The configuration page checks for MySQL support, instead of PDO.Jaime Pérez2016-08-221-1/+1
| | | | | | | | | | | | We don't use the MySQL extension directly, but PDO instead. We should therefore check for the PDO extension. This resolves #448.
* | Multiple enhancements and fixes to IDPList support in proxy mode.Jaime Pérez2016-08-153-9/+58
| | | | | | | | | | | | | | - Bugfix: the modules/saml/www/proxy/invalid_session.php shouldn't call directly the error handler in sspmod_saml_IdP_SAML2. Instead, it should use the SimpleSAML_Auth_State::throwException() method to let it handle the exception appropriately (in this case, it should always return back to the requester). - The standard specifies that a "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP" or "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP" second-level status code should be returned to the requester in case an error occurs. Add a couple of exceptions to represent both statuses, and use them to set the right status code in the response. - We shouldn't ask the user to logout in case the IDPList does not offer an IdP we recognize, or in case the proxy enforces the use of an IdP ('idp' configuration option in the auth source) and such IdP is in the IDPList. - Similarly, these two cases should also handled in case we are authenticating for the first time, not only when reauthenticating.
* | bugfix: Avoid the SAML2 IdP resilient to failures when getting DOMNodeList ↵Jaime Pérez2016-08-101-2/+7
| | | | | | | | | | | | attribute values. Due to recent changes in the SAML2 library, when an attribute has a value that contains XML, its contents are returned as a DOMNodeList instead of a string. This causes problems when running as a proxy, since the SAML2 IdP will obtain attributes in a format that cannot be cast to string. Regardless of the attribute encoding configured in the IdP for a remote SP, we should handle those cases gracefully, so that the IdP don't end up in an uncaught exception.
* | bugfix: Make sure we log the user out before reauthenticating.Jaime Pérez2016-08-085-12/+214
|/ | | | | | When acting as a proxy, SimpleSAMLphp was re-authenticating the user in case the IdP that authenticated a user in a valid session was not included in the list of IdPs provided by an SP asking for authentication. Since we cannot use Single Sign On there, we should ask the user to logout before authenticating again, avoiding an inconsistent session with SPs associated to different IdPs. This resolves #84.
* Merge pull request #417 from pmeulen/feature/authnreq-subject-nameid-testsJaime Pérez Crespo2016-08-052-0/+14
|\ | | | | Test for https://github.com/simplesamlphp/simplesamlphp/pull/400
| * Allow the optional Subject NameID to be set in a SAML AuthnRequest through ↵Pieter van der Meulen2016-07-132-0/+14
| | | | | | | | "saml:NameID"
* | Remove link to the sandbox from configuration tab.Jaime Pérez2016-08-021-8/+0
| | | | | | | | If we want to access the sandbox, we can do that from admin/ or type the URL directly.
* | bugfix: Do not remove attribute values that are not scoped.Jaime Pérez2016-07-291-0/+1
| | | | | | | | The saml:FilterScopes filter was removing values that did not contain a scope. It shouldn't.
* | authproc: Add new filter to remove invalid scopes.Jaime Pérez2016-07-292-0/+168
| | | | | | | | | | | | The new saml:FilterScopes allows a SAML Service Provider to remove the values from a scoped attribute whose scope is not declared in the IdP metadata and/or does not match with the domain in use by the IdP itself. This closes #22.
* | Merge pull request #385 from grnet/bug/authfacebook-user-fieldsJaime Pérez Crespo2016-07-291-3/+19
|\ \ | | | | | | Fix issue with Facebook authentication retrieving only user id and name
| * | Fix issue with Facebook authentication retrieving only user id and nameNicolas Liampotis2016-05-081-3/+19
| | |
* | | Stop using SimpleSAML_Configuration::getBaseURL().Jaime Pérez2016-07-262-2/+2
| | | | | | | | | | | | Use the recently added SimpleSAML_Configuration::getBasePath() instead. It guarantees the path prepended with a slash, so no need to do that every time when calling the method. As a side effect, we get rid of buggy invocations (calling getBaseUrl() instead of getBaseURL()), and also of old-style convention for the 'baseurlpath' configuration option, allowing a star at the beginning.
* | | Bump the version of the SAML2 library.Jaime Pérez2016-07-2622-155/+155
| | | | | | | | | | | | Now we are finally using the 2.x branch of the SAML2 library, which was also migrated to use namespaces. Even though the library provides an autoloader that allows loading the classes with the old names using class aliasing, we need to do the migration in one commit (at least for most part of it). This is due to the way SimpleSAMLphp checks data types, using inheritance to check objects agains abstract or more general classes. Even though class aliasing works, there's no way to replicate those relationships, and type checks that use the old class names will fail because the aliases are virtually new classes that don't inherit from others.
* | | docs: Add documentation for ldap.port configuration option in authproc filters.Jaime Pérez2016-07-251-0/+11
| | | | | | | | | | | | This is related to PR #313. The option was in use but not documented.
* | | Merge pull request #313 from justinsg/patch-1Jaime Pérez Crespo2016-07-251-0/+1
|\ \ \ | | | | | | | | Added port to the LDAP base filter configuration
| * | | Added port to the LDAP base filter configurationJustin Standring2016-01-191-0/+1
| | | |
* | | | Fix typo and indentation.Jaime Pérez2016-07-221-2/+2
| | | |
* | | | Version checking: do not poll github when running master, and store result ↵Thijs Kinkhorst2016-07-151-19/+26
| | | | | | | | | | | | | | | | in session.
* | | | NL translation of warnings_outdatedThijs Kinkhorst2016-07-151-1/+2
| | | |
* | | | Make the "check for updates" new feature configurable.Jaime Pérez2016-07-141-22/+20
| | | | | | | | | | | | | | | | Add a configuration option named 'admin.checkforupdates' to enable or disable this feature.
* | | | bugfix: Set a low timeout for connections to github.Jaime Pérez2016-07-141-3/+1
| | | | | | | | | | | | | | | | We shouldn't wait for long when connecting to github's API to check for the latest release. Set a timeout of a couple of seconds. Also, remove commented debugging code.
* | | | feature: Check if we are running the latest version.Jaime Pérez2016-07-144-2/+33
| | | | | | | | | | | | | | | | Now that we have all our releases in github, we can use its API to see of the latest stable release there is newer than the version we are running. In that case, we show a warning in the configuration tab.
* | | | typo: s/reccomended/recommended/gJaime Pérez2016-07-143-4/+4
| |_|/ |/| |
* | | Merge branch 'master' of github.com:simplesamlphp/simplesamlphpHanne Moa2016-07-133-4/+4
|\ \ \ | | | | | | | | | | | | YA Merge
| * | | Fix some more references to SimpleSAML_Module and SimpleSAML_Logger.Jaime Pérez2016-07-133-4/+4
| | | | | | | | | | | | | | | | Both have been migrated to use namespaces.
* | | | Merge branch 'twigification'Hanne Moa2016-07-1313-8/+12
|\ \ \ \ | |/ / / |/| | | | | | | | | | | This allows for using twig templates, but does not include code for localizing twig templates.
| * | | s/-tpl.php/.tpl.php/Hanne Moa2016-02-2912-8/+8
| | | | | | | | | | | | | | | | WTF...
| * | | Link to sandbox from config overview pageHanne Moa2016-02-261-0/+4
| | | |
* | | | Reformat for full compliance to our coding standards.Jaime Pérez2016-07-072-41/+58
| | | |
* | | | PSR-2 updates suggested by @jaimeperezGuy Halse2016-07-062-131/+140
| | | | | | | | | | | | | | | | Improve the comment around error=user_denied
* | | | Update the authwindowslive:LiveID module to use OAuth 2.0 authorizationGuy Halse2016-07-062-46/+44
| | | | | | | | | | | | | | | | | | | | rather than the discontinued OAuth WRAP. Attributes are now retrieved from the Microsoft Graph API rather than the Messenger API.
* | | | Add an onlyIfEmpty option to core:ScopeAttribute.Guy Halse2016-07-012-1/+19
| | | | | | | | | | | | | | | | This makes the filter a little more useful for people who want to generate default values from another attribute only if none alreay exist.
* | | | Stop using the deprecated SimpleSAML_Configuration::getBaseURL() method.Jaime Perez Crespo2016-06-083-4/+4
| | | |
* | | | Change the extension of the documentation files from .txt to .md so that ↵Jaime Perez Crespo2016-06-0841-0/+0
| | | | | | | | | | | | | | | | they can processed as markdown and displayed in github.
* | | | If we have an exception registered in the state array while authenticating, ↵Jaime Perez Crespo2016-06-021-6/+1
| | | | | | | | | | | | | | | | we should throw that exception instead of just printing it as plain text and exit. This resolves #401.
* | | | Reformat the no_cookie error page code.Jaime Perez Crespo2016-06-012-9/+9
| | | |
* | | | Verify that the URL passed as a parameter in the no cookie error page is ↵Jaime Perez Crespo2016-06-011-1/+1
| | | | | | | | | | | | | | | | allowed. Reported by John Page (hyp3rlinx).
* | | | Merge pull request #387 from tvdijen/patch-1Jaime Pérez Crespo2016-05-182-2/+53
|\ \ \ \ | | | | | | | | | | General improvements of MemcacheMonitor module
| * | | | Update memcachestat.definition.jsonTim van Dijen2016-05-101-1/+52
| | | | | | | | | | | | | | | Added missing definitions
| * | | | Update memcachestat.tpl.phpTim van Dijen2016-05-101-1/+1
| | |_|/ | |/| | | | | | Fix missing type attribute to comply with W3c XHTML 1.0 Transitional
* | | | Fix PHP notices "Undefined index" in as_login.php. (#392)Jon Dufresne2016-05-151-2/+2
|/ / / | | | | | | | | | | | | | | | Sometimes appear in error logs as: PHP Notice: Undefined index: ReturnTo in .../modules/core/www/as_login.php on line 9 PHP Notice: Undefined index: AuthId in .../modules/core/www/as_login.php on line 13
* | | Modify the core:AttributeMap authentication processing filter to allow ↵Jaime Perez Crespo2016-04-152-4/+27
| | | | | | | | | | | | fetching mapping files from modules, not only from the 'attributemap' directory in the root of SSP's installation.
* | | Typos in core:AttributeMap.Jaime Perez Crespo2016-04-151-6/+6
| | |
* | | Reformat the code of the core:AttributeMap authentication processing filter.Jaime Perez Crespo2016-04-151-111/+119
| | |
* | | Change some NotFound exceptions into AuthSource exceptions.Jaime Perez Crespo2016-04-131-2/+3
| | |
* | | When exceptions happen in the context of a SAML transaction, we don't need ↵Jaime Perez Crespo2016-04-131-2/+2
| | | | | | | | | | | | to log the sspmod_saml_Error exception itself, as that doesn't have any valuable information. We log the exception itself instead. Reword the previous message a bit, too.
* | | Fix parse errors in JSON dictionary files.Jaime Perez Crespo2016-04-115-9/+7
| | |
* | | Resolve #359. The login button was disappearing in mobile devices. Reordered ↵Jaime Perez Crespo2016-04-111-6/+46
| | | | | | | | | | | | the form a bit too for those devices, so that the view is better.
* | | Add Polish translation for multiauth modulePiotr Goczal2016-04-081-1/+1
| | |
* | | Add Polish translation for multiauth modulePiotr Goczal2016-04-081-1/+3
| | |
* | | Creating a session doesn't seem the way to NOT create a session. Stop ↵Jaime Perez Crespo2016-03-311-2/+0
| | | | | | | | | | | | creating a transient session, it only causes trouble.
* | | This is related to #346, and closes #347. It enables richer NameIDPolicy ↵Jaime Perez Crespo2016-03-291-9/+20
| | | | | | | | | | | | configuration, allowing to set not only the format, but also the value for "AllowCreate".
* | | Fix missing curly bracketTim van Dijen2016-03-251-1/+1
| | | | | | | | | Fixes: Mar 25 11:06:53 simplesamlphp INFO [0015a148dc] Template: Looking up [{login:processing]: not translated at all.
* | | Merge pull request #344 from grnet/translation/elJaime Pérez Crespo2016-03-2220-184/+383
|\ \ \ | | | | | | | | Add Greek support
| * | | Add Greek translation for consentAdmin moduleNicolas Liampotis2016-03-201-21/+42
| | | |
| * | | Add Greek translation for memcacheMonitor moduleNicolas Liampotis2016-03-171-19/+38
| | | |
| * | | Add Greek translation for negotiate moduleNicolas Liampotis2016-03-171-5/+10
| | | |
| * | | Add Greek translation for authX509 moduleNicolas Liampotis2016-03-172-7/+14
| | | |
| * | | Add Greek translation for authorize moduleNicolas Liampotis2016-03-161-2/+4
| | | |
| * | | Add Greek translation for preprodwarning moduleNicolas Liampotis2016-03-161-3/+6
| | | |
| * | | Add Greek translation for authYubiKey moduleNicolas Liampotis2016-03-161-2/+4
| | | |
| * | | Add Greek translation for saml moduleNicolas Liampotis2016-03-161-2/+4
| | | |
| * | | Add Greek translation for multiauth moduleNicolas Liampotis2016-03-161-2/+4
| | | |
| * | | Add Greek translation for cron moduleNicolas Liampotis2016-03-161-8/+16
| | | |
| * | | Add Greek translation for expirycheck moduleNicolas Liampotis2016-03-161-11/+22
| | | |
| * | | Add Greek translation for core moduleNicolas Liampotis2016-03-165-69/+141
| | | |
| * | | Add Greek translation for disco/discopower modulesNicolas Liampotis2016-03-082-12/+36
| | | |
| * | | Add Greek translation for consent moduleNicolas Liampotis2016-03-071-21/+42
| | | |
* | | | Fix typo + authentication-failure on empty attributes-arrayTim van Dijen2016-03-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | An empty array shouldn't lead to an aborted logon. Example when we try to get the 'mail' attribute: UserA has a value set in the mail-attribute and passes the test -> Negotiate logon succeeds UserB has an empty mail-attribute and fails the test -> Negotiate logon fails and the user has to log on manually (fallback to LDAP is initiated)
* | | | Be graceful if a SAML assertion does not contain a NameID. Do not set it in ↵Jaime Perez Crespo2016-03-161-13/+32
| | | | | | | | | | | | | | | | the state array, and set logout as "saml1" to avoid SLO, since SLO requires NameIDs.
* | | | Reformat modules/core/www/authenticate.php, and remove misleading comment.Jaime Perez Crespo2016-03-161-33/+27
| | | |
* | | | Bugfix.Jaime Perez Crespo2016-03-161-1/+1
| | | |
* | | | Merge pull request #345 from brentboghosian/masterThijs Kinkhorst2016-03-092-2/+2
|\ \ \ \ | | | | | | | | | | Changes for PHP 7.
| * | | | Changes for PHP 7.Brent Boghosian2016-03-092-2/+2
| | | | |
* | | | | Update the modules too.Jaime Perez Crespo2016-03-09113-392/+391
|/ / / /
* | | | Do not release information about the PHP version running underneath.Jaime Perez Crespo2016-03-071-2/+2
|/ / /
* | | Use function from Utils\HTTP to get default for nasIdentifierThijs Kinkhorst2016-03-031-1/+1
| | |
* | | Add parameter 'realm' that will be suffixed to the username entered.Thijs Kinkhorst2016-03-012-2/+21
| | |
generated by cgit v1.1 at 2025-05-17 20:00:14 +0000