Skip to content

Commit 42eaad2

Browse files
committed
A new module to allow debugging SP logins (#2381)
* A new module to allow debugging SP logins The ability to test SP logins by non admin users was available in SSP 1.x. In the 2.x series only the admin can do such testing in the admin module. This module allows testing SP logins by non admin users. At the moment there is no login needed in order to test an SP. This is based on the code from #2372 I have not brought forward the translations that the code was using in the admin module. I will add that as a subsequent update once we know we want this module and where we are wanting to place it. I have left the list of SP available. Probing for an SP that does not exist is not an error, it just shows the list again. Trying to use a non SP also just shows a list of valid SPs that you might try. This way you can not try to guess the name of an auth mechanism as attempts at both non existing and non SP return the same result. * Remove copy of status page. This came from the status.twig in the admin module. Tim mentioned that there is a base page auth_status.twig which we could use here instead of making another duplicate. Thanks! Perhaps we could also look at comparing @admin/status.twig and the base auth_status.twig page. * lint * lint * Change page title. Add en/fr locales with strings To add a language you need to put in place a fairly empty file such as debugsp/locales/fr/LC_MESSAGES/debugsp.po then php bin/translations translations:update:translatable will extract the translation strings into that file for you to translate. * The CSS from here doesn't seem to do anything for this module. Might as well not maintain two of them then. * Might as well just add these po files to make it easier for folks No need to run any commands to make them in order to translate. The easier it can be made to add translations for a person who speaks two langauges the better it might be for SSP :) * Add a blank comment line for the linter * Add some docs * lint * only a few little psalm issues. including here.
1 parent 391053c commit 42eaad2

File tree

55 files changed

+1410
-2
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

55 files changed

+1410
-2
lines changed

docs/simplesamlphp-changelog.md

Lines changed: 116 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,125 @@
55
This document lists the changes between versions of SimpleSAMLphp.
66
See the [upgrade notes](https://simplesamlphp.org/docs/stable/simplesamlphp-upgrade-notes.html) for specific information about upgrading.
77

8-
## Version 2.2.2
8+
## Version 2.4.0
99

1010
Released TBD
1111

12+
* Fixed PHP 8.4 deprecation notices
13+
* Fixed infinite recursion (#2367)
14+
* Added a new feature flag `encryption.optional` to allow unencrypted assertions if the SP does
15+
not provide an encryption certificate (#2208)
16+
* Make translations tool theme-aware (#2315)
17+
* Fixed build-workflow to only re-build the website once
18+
* Bugfix: Use entityID from state to allow overriding the issuer (#2345)
19+
* When only a single IdP is in scope, skip discovery screen (#2355)
20+
* Fixed "Undefined array key" warning in RequestedAuthnContextSelector if no RAC is present in the request
21+
22+
`adfs`
23+
24+
* PHP 8.4 support
25+
* The ADFS-module has been disconnected from the SSP release. To continue to use it, the module has to be manually installed.
26+
* The ADFS-module was completely rewritten and now uses our own XML-libraries for building, signing and encrypting XML (v3.0.0)
27+
28+
`authcrypt`
29+
30+
* PHP 8.4 support
31+
32+
`discopower`
33+
34+
* Hide tab list when there's only one tab (simplesamlphp/simplesamlphp-module-discopower#27) (v1.5.0)
35+
* Bugfix: Use jquery-assets repo to work around symlink-issue (simplesamlphp/simplesamlphp-module-discopower#28) (v1.5.1)
36+
37+
`ldap`
38+
39+
* Add SASL-support (v2.4.0). Note that this required a newer version of symfony/ldap than the one packaged (v2.4.3)
40+
41+
`saml`
42+
43+
* Stricter regexp to verify SubjectID/PairwiseID: disallow trailing spaces.
44+
* Feature: Add authproc-filter to be able to manipulate the Assertion's Issuer (#2346)
45+
46+
`debugsp`
47+
48+
* Added module to allow testing the SP you have in your installation without needing admin login
49+
This is similar to the admin/test page but can more easily be used by an IdP who may not have admin
50+
privileges on your site.
51+
52+
## Version 2.3.0
53+
54+
Released 2024-08-20
55+
56+
* The SubjectID authproc-filter now has a new option `hashed`, which if set to true
57+
will automatically hash the unique part of the ID. This will also automatically
58+
make the unique part of the ID in compliance with the specs (#2006)
59+
* Add microsecond support to the FileLoggingHandler (#2084)
60+
* Session ID's are now hashed when stored in a database (#2106)
61+
* Improved HTML 5 compatibility (#2162)
62+
* Fix: preloaded resource not used (#2207)
63+
* BC-break (unintentional): plain-text admin-password are no longer allowed (#2113)
64+
65+
`authorize`
66+
67+
* Feature: allow a user to reauthenticate with a different account (simplesamlphp/simplesamlphp-module-authorize#17) (v1.5.0)
68+
* Feature: show user what account he's using when authorization fails (simplesamlphp/simplesamlphp-module-authorize#20) (v1.6.0)
69+
* Fix: fix faulty translation (v1.6.1)
70+
71+
`consent`
72+
73+
* Update Luxembourgish translations (v1.4.0)
74+
75+
`negotiate`
76+
77+
* Add support for SPNEGO channel binding (v2.3.1)
78+
79+
`sqlauth`
80+
81+
* Add username_regex option - run regular expression over username before querying the
82+
database (simplesamlphp/simplesamlphp-module-sqlauth#11) (v1.3.0)
83+
84+
## Version 2.2.3
85+
86+
Released 2024-08-20
87+
88+
* Added a missing use-statement that would cause a 'class not found' exception.
89+
* Improved Luxembourgish (LB) translations (#2129, #2140)
90+
* Fix regression introduced in v2.2.2 regarding autofilling usernames.
91+
* Restore the possibility to set `trusted.url.domains` to null
92+
* Improved documentation on cachedir-setting (#2153)
93+
* Fix bug in post.twig (#2161)
94+
* Fix MDQ cache file bugs (#2200)
95+
96+
`adfs`
97+
98+
* Fixed metadata download to become a proper xml-file
99+
* Prevent metadata-download from ever being cached
100+
101+
`authorize`
102+
103+
* Fixed logout button (simplesamlphp/simplesamlphp-module-authorize#16) (v1.4.1)
104+
105+
`ldap`
106+
107+
* Fixed a bug that would throw an unhandled exception to the user if they would enter
108+
a non-existing organization and `username_organization_method` is set to `allow` or `force` (v2.3.6).
109+
110+
`metarefresh`
111+
112+
* Fixed incorrect parsing of configuration (v1.2.2)
113+
114+
`radius`
115+
116+
* Fixed security bug known as Blast-Radius (CVE-2024-3596) (simplesamlphp/simplesamlphp-module-radius#10) (v2.0.2)
117+
118+
## Version 2.2.2
119+
120+
:warning: IMPORTANT NOTE :warning:
121+
122+
Due to a mistake, this bugfix-release can turn out to become a backwards-incompatibility for those who override the loginuserpass.twig in their custom theme.
123+
Please update your theme to reflect the changes in [this commit](https://github.com/simplesamlphp/simplesamlphp/pull/2022/commits/691199e9b963a2861d731e6583555c7a8df39992) before updating.
124+
125+
Released 2024-04-30
126+
12127
* Fix regression when setting the host-variable in `saml20-idp-hosted` (was #1922)
13128

14129
## Version 2.2.1

modules/.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
!/admin/
77
!/core/
88
!/cron/
9+
!/debugsp/
910
!/exampleauth/
1011
!/multiauth/
1112
!/saml/

modules/debugsp/docs/debugsp.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
# DebugSP
2+
3+
[TOC]
4+
5+
## Introduction
6+
7+
The debugsp allows you to logon to any SP offered by your SimpleSAMLphp installation.
8+
This is similar to the functionality on the admin/test page but using debugsp does not
9+
require you to login as the admin user. This can be useful if an IdP you are talking to
10+
wishes to verify that a login session can be created using your SP and their IdP.
11+
12+
## Preparations
13+
14+
You need to enable the module in `config.php`
15+
16+
```shell
17+
'module.enable' => [
18+
'debugsp => true,
19+
20+
],
21+
```
22+
23+
## Using debugsp
24+
25+
Visit the link debugsp/test at your site. All the SP you have configured will be listed.
26+
You can try to login as an SP. Once successful you will see a list of the attributes the
27+
IdP supplied. You can then logout again and test another SP if desired.
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
msgid ""
2+
msgstr ""
3+
"Content-Transfer-Encoding: 8bit\n"
4+
"Content-Type: text/plain; charset=UTF-8\n"
5+
"Language: af\n"
6+
"MIME-Version: 1.0\n"
7+
"Project-Id-Version: SimpleSAMLphp\n"
8+
"X-Domain: debugsp\n"
9+
10+
msgid "Logged out"
11+
msgstr ""
12+
13+
msgid "SimpleSAMLphp installation page"
14+
msgstr ""
15+
16+
msgid "Test SP login"
17+
msgstr ""
18+
19+
msgid "Test another SP login for this site"
20+
msgstr ""
21+
22+
msgid "You have been logged out."
23+
msgstr ""
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
msgid ""
2+
msgstr ""
3+
"Content-Transfer-Encoding: 8bit\n"
4+
"Content-Type: text/plain; charset=UTF-8\n"
5+
"Language: ar\n"
6+
"MIME-Version: 1.0\n"
7+
"Project-Id-Version: SimpleSAMLphp\n"
8+
"X-Domain: debugsp\n"
9+
10+
msgid "Logged out"
11+
msgstr ""
12+
13+
msgid "SimpleSAMLphp installation page"
14+
msgstr ""
15+
16+
msgid "Test SP login"
17+
msgstr ""
18+
19+
msgid "Test another SP login for this site"
20+
msgstr ""
21+
22+
msgid "You have been logged out."
23+
msgstr ""
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
msgid ""
2+
msgstr ""
3+
"Content-Transfer-Encoding: 8bit\n"
4+
"Content-Type: text/plain; charset=UTF-8\n"
5+
"Language: ca\n"
6+
"MIME-Version: 1.0\n"
7+
"Project-Id-Version: SimpleSAMLphp\n"
8+
"X-Domain: debugsp\n"
9+
10+
msgid "Logged out"
11+
msgstr ""
12+
13+
msgid "SimpleSAMLphp installation page"
14+
msgstr ""
15+
16+
msgid "Test SP login"
17+
msgstr ""
18+
19+
msgid "Test another SP login for this site"
20+
msgstr ""
21+
22+
msgid "You have been logged out."
23+
msgstr ""
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
msgid ""
2+
msgstr ""
3+
"Content-Transfer-Encoding: 8bit\n"
4+
"Content-Type: text/plain; charset=UTF-8\n"
5+
"Language: cs\n"
6+
"MIME-Version: 1.0\n"
7+
"Project-Id-Version: SimpleSAMLphp\n"
8+
"X-Domain: debugsp\n"
9+
10+
msgid "Logged out"
11+
msgstr ""
12+
13+
msgid "SimpleSAMLphp installation page"
14+
msgstr ""
15+
16+
msgid "Test SP login"
17+
msgstr ""
18+
19+
msgid "Test another SP login for this site"
20+
msgstr ""
21+
22+
msgid "You have been logged out."
23+
msgstr ""
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
msgid ""
2+
msgstr ""
3+
"Content-Transfer-Encoding: 8bit\n"
4+
"Content-Type: text/plain; charset=UTF-8\n"
5+
"Language: da\n"
6+
"MIME-Version: 1.0\n"
7+
"Project-Id-Version: SimpleSAMLphp\n"
8+
"X-Domain: debugsp\n"
9+
10+
msgid "Logged out"
11+
msgstr ""
12+
13+
msgid "SimpleSAMLphp installation page"
14+
msgstr ""
15+
16+
msgid "Test SP login"
17+
msgstr ""
18+
19+
msgid "Test another SP login for this site"
20+
msgstr ""
21+
22+
msgid "You have been logged out."
23+
msgstr ""
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
msgid ""
2+
msgstr ""
3+
"Content-Transfer-Encoding: 8bit\n"
4+
"Content-Type: text/plain; charset=UTF-8\n"
5+
"Language: de\n"
6+
"MIME-Version: 1.0\n"
7+
"Project-Id-Version: SimpleSAMLphp\n"
8+
"X-Domain: debugsp\n"
9+
10+
msgid "Logged out"
11+
msgstr ""
12+
13+
msgid "SimpleSAMLphp installation page"
14+
msgstr ""
15+
16+
msgid "Test SP login"
17+
msgstr ""
18+
19+
msgid "Test another SP login for this site"
20+
msgstr ""
21+
22+
msgid "You have been logged out."
23+
msgstr ""
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
msgid ""
2+
msgstr ""
3+
"Content-Transfer-Encoding: 8bit\n"
4+
"Content-Type: text/plain; charset=UTF-8\n"
5+
"Language: el\n"
6+
"MIME-Version: 1.0\n"
7+
"Project-Id-Version: SimpleSAMLphp\n"
8+
"X-Domain: debugsp\n"
9+
10+
msgid "Logged out"
11+
msgstr ""
12+
13+
msgid "SimpleSAMLphp installation page"
14+
msgstr ""
15+
16+
msgid "Test SP login"
17+
msgstr ""
18+
19+
msgid "Test another SP login for this site"
20+
msgstr ""
21+
22+
msgid "You have been logged out."
23+
msgstr ""

0 commit comments

Comments
 (0)