Append option to override Issuer OTT storage (#1993)

lemonldap-ng-common/lemonldap-ng.ini

@@ -305,9 +305,10 @@ languages    = en, fr, vi, it, ar, de, fi
 ; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page.
 ;customPlugins = My::Package1, My::Package2
 
-; To avoid bad/expired OTT if authssl and auth are served by different Load Balancers
-; you can override OTT configuration to store Upgrade OTT into global storage
+; To avoid bad/expired OTT if "authssl" and "auth" are served by different Load Balancers
+; you can override OTT configuration to store Upgrade or Issuer OTT into global storage
 ;forceGlobalStorageUpgradeOTT = 1
+;forceGlobalStorageIssuerOTT = 1
 
 [handler]
 

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -541,6 +541,11 @@ sub attributes {
             documentation =>
               'Avoid asking confirmation when an Issuer asks to renew auth',
         },
+        forceGlobalStorageIssuerOTT => {
+            type => 'bool',
+            documentation =>
+              'Force Issuer tokens be stored into Global Storage',
+        },
         handlerInternalCache => {
             type          => 'int',
             default       => 15,
@@ -1468,7 +1473,7 @@ sub attributes {
         forceGlobalStorageUpgradeOTT => {
             type => 'bool',
             documentation =>
-              'Force upgrade tokens be stored into Global Storage',
+              'Force Upgrade tokens be stored into Global Storage',
         },
 
         # 2F

lemonldap-ng-manager/t/80-attributes.t

@@ -56,7 +56,7 @@ my @notManagedAttributes = (
     'max2FDevices',              'max2FDevicesNameLength', 'checkTime',
     'mySessionAuthorizedRWKeys', 'handlerInternalCache',
     'handlerServiceTokenTTL',    'impersonationPrefix', 'pdataDomain',
-    'forceGlobalStorageUpgradeOTT'
+    'forceGlobalStorageUpgradeOTT', 'forceGlobalStorageIssuerOTT'
 );
 
 # Words used either as attribute name and node title

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm

@@ -20,17 +20,14 @@ use Lemonldap::NG::Portal::Main::Constants qw(
 
 extends 'Lemonldap::NG::Portal::Main::Plugin';
 
-our $VERSION = '2.0.6';
+our $VERSION = '2.0.7';
 
 # PROPERTIES
 
-has type => ( is => 'rw' );
-
-has path => ( is => 'rw' );
-
+has type  => ( is => 'rw' );
+has path  => ( is => 'rw' );
 has ipath => ( is => 'rw' );
-
-has _ott => (
+has _ott  => (
     is      => 'rw',
     lazy    => 1,
     default => sub {
@@ -52,6 +49,12 @@ sub beforeLogout { 'logout' }
 
 sub init {
     my ($self) = @_;
+    if ( $self->conf->{forceGlobalStorageIssuerOTT} ) {
+        $self->logger->debug(
+            "-> Issuer tokens will be stored into global storage");
+        $self->_ott->cache(undef);
+    }
+
     my $type = ref( $_[0] );
     $type =~ s/.*:://;
     $self->type($type);
@@ -91,7 +94,7 @@ sub _redirect {
             'Add ' . $self->ipath . ', ' . $self->ipath . 'Path in keepPdata' );
         push @{ $req->pdata->{keepPdata} }, $self->ipath, $self->ipath . 'Path';
         $req->{urldc} = $self->conf->{portal} . '/' . $self->path;
-        $req->pdata->{_url} = encode_base64($req->urldc, '');
+        $req->pdata->{_url} = encode_base64( $req->urldc, '' );
     }
     else {
         $self->logger->debug('Not seen as Issuer request, skipping');

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm

@@ -29,7 +29,7 @@ sub init {
     my ($self) = @_;
     if ( $self->conf->{forceGlobalStorageUpgradeOTT} ) {
         $self->logger->debug(
-            "Upgrade token will be stored into global storage");
+            "-> Upgrade tokens will be stored into global storage");
         $self->ott->cache(undef);
     }
     $self->addAuthRoute( upgradesession => 'ask',     ['GET'] );