Alexandre Dulaunoy
78d6f8b93f
Merge pull request #8217 from DCSO/linotp_errormessages
...
[chg] LinOTP error exceptions up to the ui
2022-03-17 15:48:35 +01:00
Hendrik Baecker
eb7a1301bb
[chg] LinOTP now with enable/disable as config feature
2022-03-17 15:19:58 +01:00
Hendrik Baecker
c42d34faac
[chg] LinOTP error exceptions up to the ui
2022-03-17 14:23:24 +01:00
Nils Kuhnert
48752ba624
Update OidcAuth readme
...
Replaced required dependency.
2022-03-17 14:12:32 +01:00
Jakub Onderka
ff39069bbc
fix: [oidc] Undefined index
2022-03-17 09:29:02 +01:00
Jakub Onderka
0783bda85b
fix: [oidc] Specify correct column for user fetch
2022-03-15 10:20:43 +01:00
Jakub Onderka
3c8d07ca75
fix: [oidc] Throw exception if user email is empty
2022-03-15 09:55:50 +01:00
Jakub Onderka
8409a1871e
chg: [oidc] Move OIDC to different class
2022-02-19 16:07:11 +01:00
Jakub Onderka
f5e32123c5
chg: [oidc] Check user org when checking if user is valid
2022-02-19 16:07:11 +01:00
Jakub Onderka
316b6a9b9a
chg: [oidc] Remove support for Jumbojett\OpenIDConnectClient
2022-02-19 16:07:11 +01:00
Jakub Onderka
6cb30515e7
chg: [oidc] Check user role when checking if user is valid
2022-02-19 16:07:11 +01:00
Jakub Onderka
e1774abe80
new: [oidc] Check user validity
2022-02-19 16:07:10 +01:00
Jakub Onderka
fc8f399b89
new: [oidc] Support for setting code challenge method
2022-02-07 14:00:48 +01:00
Jakub Onderka
f2bff258f5
chg: [oidc] Store user sid in session
2022-02-04 15:13:46 +01:00
Jakub Onderka
7ae6f4af32
new: [oidc] Add new option: OidcAuth.authentication_method
2022-01-28 15:11:44 +01:00
Jakub Onderka
d067e69ad5
new: [oidc] Add support for jakub-onderka/openid-connect-php OIDC fork
2022-01-28 14:24:31 +01:00
Hendrik Baecker
a49ee739be
[chg] Improved LinOTP error handling
...
Matches if ssl verify fails for example
2022-01-13 13:16:03 +01:00
iglocska
f905eef8f0
Merge branch '8042' into develop
2021-12-21 16:42:50 +01:00
Hendrik Baecker
12ba2981ef
LinOTP: nitpicking and failsafe
...
Also one CodeFactor fix
2021-12-21 15:59:55 +01:00
Hendrik Baecker
8964a36b39
[chg] Ensure 'false' if LinOTP Request fails
2021-12-21 13:48:02 +01:00
Hendrik Baecker
83c08362b9
[chg] Establish 'mixedauth'
...
mixedauth=false: Only query LinOTP for OTP (or OTP-Pin+OTP Value)
mixedauth=true: Use MISP Userbase for Passwordchecking AND LinOTP for second factor
mixedauth=true will throw exceptions if OTP doesn't match to not fall back
to FormAuthenticate from MISP - which would get the 2FA useless.
2021-12-15 12:48:44 +01:00
Hendrik Baecker
f5eb5828bf
[chg] Extract otp from request
2021-12-15 12:45:41 +01:00
Hendrik Baecker
e58e4f712a
[chg] Fix typos
2021-12-15 12:45:04 +01:00
Hendrik Baecker
fecba0beec
[chg] Adjust handling LinOTP response
2021-12-15 12:44:37 +01:00
Hendrik Baecker
edf6bd41b7
[chg] no more php-curl but cake socket
2021-12-14 17:42:43 +01:00
Jakub Onderka
741a74165e
Merge pull request #7974 from JakubOnderka/url-cache
...
fix: [internal] Remove UrlCache
2021-11-22 15:59:59 +01:00
Jakub Onderka
0a941bd7f3
fix: [internal] Remove UrlCache
2021-11-19 11:56:14 +01:00
Jakub Onderka
e8c4378893
new: [internal] Faster caching
2021-11-18 18:48:34 +01:00
Jakub Onderka
6806cdf574
new: [user] Add sub field for user
2021-11-11 16:34:27 +01:00
Thijs Kinkhorst
abb8cecb7e
Fix docblock formatting and add newer settings to README documentation
2021-11-05 15:53:15 +01:00
Thijs Kinkhorst
a0cf77bdc9
Clarify some aspects of the Shibboleth config
2021-10-29 09:24:52 +02:00
Jakub Onderka
3773fdff93
new: [CLI] Assign UserSetting to list output
2021-10-18 10:08:20 +02:00
Jakub Onderka
2ed41a0964
new: [oidc] User setting for oidc metadata
2021-10-18 10:08:18 +02:00
Jakub Onderka
904a747738
new: [oidc] Allow to automatically unblock user after successful login
2021-08-24 20:59:09 +02:00
Liviu Valsan
4b74a0d342
chg: [shibbauth] added option to block organisation changes at login
...
- New ApacheShibbAuth.BlockOrgModifications setting added, defaults to false, boolean. If set to true, will block updates to the organisation of existing users on authentication. This preserves any modifications made by a site admin in MISP and is similar to ApacheShibbauth.BlockRoleModifications (same logic applied to role modifications).
2021-07-27 15:27:48 +02:00
mzp
e1fee78dd5
Block org modiufication option for shibb auth.
2021-07-16 11:40:16 +02:00
Jakub Onderka
ad1b373766
new: [log] Audit log
2021-05-03 13:44:44 +02:00
Jakub Onderka
c25dd7082a
Merge pull request #7230 from jozuatec/patch-2
...
Update OidcAuthenticate.php
2021-04-20 14:46:30 +02:00
iglocska
e3799d7104
Merge branch '2.4' into develop
2021-03-24 21:49:16 +01:00
Jeroen Pinoy
a8e08a6892
chg: [ShibbAuth] Add login entry on logging in for audit
2021-03-23 13:32:58 +01:00
jozuatec
85040d68f1
Update OidcAuthenticate.php
...
With our IDP the user roles do not get delivered through claims. With this edit (get roles through "requestUserInfo" when claims fails to do so), our IDP can deliver the roles through an "Extra Attributes" field.
I am already using this code in our production, it works fine for us.
2021-03-22 09:36:38 +01:00
iglocska
5a917f008f
Merge branch '2.4' into develop
2021-03-16 23:15:30 +01:00
iglocska
a65cb60d7a
fix: [shibbauth] fixed invalid varname
2021-03-15 20:37:25 +01:00
iglocska
2312fd72ff
chg: [shibbauth] added two extra settings
...
- ApacheShibbauth.DefaultRole: defaults to false, if set, pick the supplied roleID for any user authenticating. Can be used together with BlockRoleModifications
- ApacheShibbauth.BlockRoleModifications: defaults to false, boolean. If set to true, will block any updates to the existing users on authentication. This preserves any modifications made by a site admin in MISP.
2021-03-15 14:51:48 +01:00
Jakub Onderka
6487a079d6
Merge pull request #7138 from JakubOnderka/oidc-role-fix
...
fix: [OIDC] Change algo how roles are assigned to users
2021-03-03 13:58:47 +01:00
Jakub Onderka
6a553d39da
fix: [OIDC] Change algo how roles are assigned to users
2021-03-03 13:37:08 +01:00
iglocska
e7f6c10256
Merge branch '2.4' into develop
2021-03-03 01:26:18 +01:00
Andras Iklody
2fee084250
Merge pull request #6661 from cudeso/2.4
...
Azure Active Directory Authentication
2021-03-03 00:14:30 +01:00
Jakub Onderka
af4e248690
Merge pull request #7094 from JakubOnderka/oidc-readme
...
new: [oidc] Readme
2021-03-01 08:59:11 +01:00
Jakub Onderka
37dd3038b1
new: [oidc] Readme
2021-03-01 08:58:45 +01:00
Jakub Onderka
8cf1bbb9a9
chg: [oidc] Use first match as user role
2021-02-27 16:54:23 +01:00
Jakub Onderka
08925f4612
new: [oidc] OpenID Connect authentication
2021-02-16 10:47:56 +01:00
Alexandre Dulaunoy
3247d3959c
Merge branch '2.4' into develop
2020-12-22 12:52:36 +01:00
Alexandre Dulaunoy
99166f9f7b
handlerSSL should be true
2020-12-22 10:48:23 +01:00
Steve Clement
f6eccb65b1
Merge branch '2.4' into develop
2020-12-21 13:33:26 +09:00
iglocska
06bbde7141
Merge branch 'develop' into 2.4
2020-12-16 11:53:18 +01:00
Jakub Onderka
9310f5f871
chg: [shibb] Better log messages for ApacheShibbAuthenticate
2020-12-15 13:20:15 +01:00
Alexandre Dulaunoy
ce96003b89
fix: [doc] Location typo fixed
2020-12-08 15:47:03 +01:00
Jakub Onderka
1381e6c0d4
chg: [shibb] Newly created org should be local
2020-12-04 20:40:26 +01:00
Koen Van Impe
b5e67948ed
Avoid "TODO" in the README to avoid CodeFactor
2020-11-27 20:29:38 +01:00
Koen Van Impe
a8275e7503
Azure Active Directory Authentication
2020-11-27 12:41:23 +01:00
Jakub Onderka
c9e96322a9
new: [shibb] Allow to get organisation UUID from HTTP headers
2020-11-25 21:21:14 +01:00
Jakub Onderka
088c573040
chg: [internal] Code style
2020-11-19 21:16:32 +01:00
Jakub Onderka
3a253cda6d
chg: [logging] Allow to disable syslog logging to stderr
2020-11-19 21:16:31 +01:00
Jakub Onderka
be1e861117
fix: [internal] Do not start session for shell commands
2020-10-31 18:12:21 +01:00
Jeroen Pinoy
2311ce2f85
Extending documentation of ShibbAuth plugin
2020-10-16 15:49:25 +00:00
mokaddem
944b613a19
Merge branch '2.4' of github.com:MISP/MISP into pr-5856
2020-05-18 09:22:46 +02:00
Jakub Onderka
a0476bda3d
new: [internal] Do not log auhtkeys
2020-05-04 15:13:17 +02:00
Jakub Onderka
a2933030b6
fix: [internal] syslog shouldn't end with new line
...
Because then two lines are logged
2020-04-27 18:19:29 +02:00
garanews
85c28ce36e
Fix some typo
...
Fix some typo
2019-10-04 13:02:59 +02:00
Andras Iklody
267e48ce66
Merge pull request #4470 from pettai/ShibbAuth
...
Update README.md
2019-04-13 18:45:18 +02:00
frpet
e9352bf811
Update README.md
...
Makes API Authorization work
2019-04-13 04:32:04 +02:00
Andreas Rammhold
516cf0767b
new: WIP LinOTP authentication
2019-03-13 14:15:06 +01:00
Fredrik Pettai
7d0f605ae1
add date_created for provisioned users
...
add date_created then new users are provisioned via shibbauth
2018-09-29 22:04:15 +02:00
Fredrik Pettai
69ae9155c8
fix docs
...
fix docs
(DefaultRoleId is not implemented in the code)
2018-09-28 14:33:50 +02:00
Fredrik Pettai
de24c88e8c
fix typo
...
fix typo in error message
2018-09-28 14:16:13 +02:00
Steve Clement
1bac3749c5
fix: [i18n] Variables are in no need to be translated, it will break stuff, horribly.
...
upd: [i18n] Update default.pot again
2018-08-21 14:48:23 +03:00
iglocska
6135468c41
new: Added full audit logging to ZMQ and Syslog, fixes #2635
...
- syslog now includes all audit log entries and it's separated into proper severity levels
- ZMQ logging and syslog logging are both optional features
2017-11-24 12:01:53 +01:00
Pablo Panero
491e826690
added possibility to use always default org for new users
2017-11-17 17:06:52 +01:00
Richard van den Berg
0e97e67be0
Allow creating users with CertAuth via userDefaults, fixes #2538
2017-10-05 11:41:54 +02:00
iglocska
48b1679216
Merge branch '2.4' into objects_wip
2017-09-18 10:41:54 +02:00
iglocska
be111a4702
fix: Fix to certauth pains
2017-09-08 14:25:36 +02:00
iglocska
9c9048422a
fix: fixes various issues with the certauth
2017-09-07 00:06:02 +02:00
iglocska
4230601116
fix: Fixes to various issues with the cert auth
2017-09-06 23:26:21 +02:00
iglocska
d10c7cd4b0
Merge branch '2.4' into objects_wip
2017-07-02 00:08:14 +02:00
iglocska
ee1c1c5de9
new: Further progress on the objects
2017-07-02 00:05:15 +02:00
Guilherme Capilé
794acb987e
fixed issue #2036
2017-06-27 19:56:32 -03:00
Guilherme Capilé
4fd5df3b38
bugfixes in certificate authentication
2017-06-27 19:17:46 -03:00
Pablo Panero
8829e90547
newsread attribute fixed for user registration via sso
2017-05-11 14:49:42 +02:00
Ángel González
926895733b
Cosmetic changes
...
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
2017-05-08 00:45:57 +02:00
Alexandre Dulaunoy
9affedaab9
Markdown typo fixed
2017-04-27 14:55:42 +02:00
Pablo Panero
0def28e57e
Update README.md
...
Updated readme with apache config for API/Syncs filtering from SSO
2017-02-22 12:15:38 +01:00
devnull-
5b79e80bbf
Clean & improve README.md of CertAuth
2017-02-16 18:46:34 +01:00
devnull-
a40c0c456a
Don't login or create an empty account if the user doesn't exist
2017-02-16 18:29:36 +01:00
ppanero
bfca484c2a
default org changed to id instead of name
2016-09-23 14:34:20 +02:00
ppanero
7493107634
warining due to session start fixed, warning due to org assigment when possible null fixed, readme updated
2016-09-20 16:12:31 +02:00
Andreas Ziegler
7a5dad6598
chg: use new Tool for random string generation
2016-09-15 17:07:12 +02:00
Andras Iklody
7f0ae7554d
Merge pull request #1520 from ppanero/shibbsso
...
stringer checks on email and nids_sid of user calculated from max
2016-09-09 23:47:59 +02:00
ppanero
8820133ae0
stringer checks on email and nids_sid of user calculated from max
2016-09-09 10:01:42 +02:00
Alexandre Dulaunoy
ad3b59e9c7
Merge pull request #1504 from ppanero/shibbsso
...
shibboleth sso debug log capabilities added
2016-09-07 11:13:31 +02:00