Merge branch 'v2.0'

_example/conf/lmConf-1.json

@@ -125,7 +125,7 @@
          "default" : "accept"
       },
       "manager.__DNSDOMAIN__" : {
-         "(?#Configuration)^/(manager\\.html|conf|$)" : "$uid eq \"dwho\"",
+         "(?#Configuration)^/(manager\\.html|confs|$)" : "$uid eq \"dwho\"",
          "(?#Notifications)/notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
          "(?#Sessions)/sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
          "default" : "$uid eq \"dwho\" or $uid eq \"rtyler\""

_example/etc/test-nginx.conf

@@ -26,6 +26,10 @@ server {
     fastcgi_param HOST $http_host;
     # Keep original request (LLNG server will receive /lmauth)
     fastcgi_param X_ORIGINAL_URI  $request_uri;
+    # Improve performances
+    #fastcgi_buffer_size 32k;
+    #fastcgi_buffers 32 32k;
+    
 
     # OR TO USE uWSGI
     #include /etc/nginx/uwsgi_params;
@@ -34,6 +38,9 @@ server {
     #uwsgi_param CONTENT_LENGTH "";
     #uwsgi_param HOST $http_host;
     #uwsgi_param X_ORIGINAL_URI  $request_uri;
+    # Improve performances
+    #uwsgi_buffer_size 32k;
+    #uwsgi_buffers 32 32k;
   }
 
   # Client requests

doc/pages/documentation/current/applications/discourse.html

+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="utf-8" />
+  <title>documentation:2.0:applications:discourse</title>
+<meta name="generator" content="DokuWiki"/>
+<meta name="robots" content="index,follow"/>
+<meta name="keywords" content="documentation,2.0,applications,discourse"/>
+<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
+<link rel="start" href="discourse.html"/>
+<link rel="contents" href="discourse.html" title="Sitemap"/>
+<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
+<!-- //if:usedebianlibs
+  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
+//elsif:useexternallibs
+  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
+//elsif:cssminified
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
+//else -->
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
+<!-- //endif -->
+<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:discourse","namespace":"documentation:2.0:applications"};
+/*!]]>*/</script>
+<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
+<!-- //if:usedebianlibs
+<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
+//elsif:useexternallibs
+<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
+//elsif:jsminified
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
+//else -->
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
+<!-- //endif -->
+<!-- //if:usedebianlibs
+  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
+//elsif:useexternallibs
+  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
+//elsif:jsminified
+  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
+//else -->
+  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
+<!-- //endif -->
+</head>
+<body>
+<div class="dokuwiki export container">
+<!-- TOC START -->
+<div id="dw__toc">
+<h3 class="toggle">Table of Contents</h3>
+<div>
+
+<ul class="toc">
+<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
+<li class="level1"><div class="li"><a href="#discourse_configuration">Discourse configuration</a></div>
+<ul class="toc">
+<li class="level2"><div class="li"><a href="#plugin_installation">Plugin installation</a></div></li>
+<li class="level2"><div class="li"><a href="#plugin_configuration">Plugin configuration</a></div></li>
+</ul></li>
+</ul>
+</div>
+</div>
+<!-- TOC END -->
+
+<h1 class="sectionedit1" id="discourse">Discourse</h1>
+<div class="level1">
+
+<p>
+<a href="discourse.jpg_documentation_2.0_applications_discourse.html" class="media" title="applications:discourse.jpg"><img src="discourse.jpeg" class="mediacenter" title="discourse.jpg" alt="discourse.jpg" /></a>
+</p>
+
+</div>
+<!-- EDIT1 SECTION "Discourse" [1-61] -->
+<h2 class="sectionedit2" id="presentation">Presentation</h2>
+<div class="level2">
+
+<p>
+<a href="https://www.discourse.org/" class="urlextern" title="https://www.discourse.org/"  rel="nofollow">Discourse</a> is a conversation-oriented forum engine 
+</p>
+
+<p>
+Discourse supports <a href="https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045" class="urlextern" title="https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045"  rel="nofollow">its own Single-Sign-On scheme</a> but is also compatible with standard protocols such as <abbr title="Security Assertion Markup Language">SAML</abbr> and OpenID Connect, through plugins. 
+</p>
+
+<p>
+This documentation illustrates the OpenID Connect plugin.
+</p>
+
+<p>
+First, make sure you have set up LemonLDAP::NG &#039;s <a href="../openidconnectservice.html" class="wikilink1" title="documentation:2.0:openidconnectservice">OpenID Connect service</a> and added <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">a Relaying Party for your Discourse instance</a>
+</p>
+
+<p>
+Discourse can use the following OpenID Connect attributes to fill the user&#039;s profile:
+</p>
+<ul>
+<li class="level1"><div class="li"> name</div>
+</li>
+<li class="level1"><div class="li"> email</div>
+</li>
+<li class="level1"><div class="li"> given_name</div>
+</li>
+<li class="level1"><div class="li"> family_name</div>
+</li>
+<li class="level1"><div class="li"> preferred_username</div>
+</li>
+<li class="level1"><div class="li"> picture</div>
+</li>
+</ul>
+
+<p>
+Make sure you create a username and password for the Relying Party, and that the discourse callback <abbr title="Uniform Resource Locator">URL</abbr> is allowed : <a href="https://discourse.example.com/auth/oidc/callback" class="urlextern" title="https://discourse.example.com/auth/oidc/callback"  rel="nofollow">https://discourse.example.com/auth/oidc/callback</a>
+</p>
+
+</div>
+<!-- EDIT2 SECTION "Presentation" [62-985] -->
+<h2 class="sectionedit3" id="discourse_configuration">Discourse configuration</h2>
+<div class="level2">
+
+</div>
+<!-- EDIT3 SECTION "Discourse configuration" [986-1022] -->
+<h3 class="sectionedit4" id="plugin_installation">Plugin installation</h3>
+<div class="level3">
+
+<p>
+Install the <a href="https://meta.discourse.org/t/openid-connect-authentication-plugin/103632" class="urlextern" title="https://meta.discourse.org/t/openid-connect-authentication-plugin/103632"  rel="nofollow">Discourse OpenID Connect Plugin</a> according to these instructions
+</p>
+
+</div>
+<!-- EDIT4 SECTION "Plugin installation" [1023-1207] -->
+<h3 class="sectionedit5" id="plugin_configuration">Plugin configuration</h3>
+<div class="level3">
+
+<p>
+Browse to your Discourse admin interface, and to the plugin settings
+</p>
+<ul>
+<li class="level1"><div class="li"> openid_connect_enabled: <em>Yes</em></div>
+</li>
+<li class="level1"><div class="li"> openid_connect_discovery_document: <a href="https://auth.example.com/.well-known/openid-configuration" class="urlextern" title="https://auth.example.com/.well-known/openid-configuration"  rel="nofollow">https://auth.example.com/.well-known/openid-configuration</a></div>
+</li>
+<li class="level1"><div class="li"> openid_connect_client_id: <em>Client ID you chose when configuring the Relying Party</em></div>
+</li>
+<li class="level1"><div class="li"> openid_connect_client_secret: <em>Client Secret you chose when configuring the Relying Party</em></div>
+</li>
+<li class="level1"><div class="li"> openid_connect_authorize_scope: <em>openid email profile</em></div>
+</li>
+</ul>
+
+</div>
+<!-- EDIT5 SECTION "Plugin configuration" [1208-] --></div>
+</body>
+</html>

doc/pages/documentation/current/applications/discourse.jpg_documentation_2.0_applications_discourse.html

+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
+ lang="en" dir="ltr" class="no-js">
+<head>
+  <meta charset="UTF-8" />
+  <title>applications:discourse.jpg [LemonLDAP::NG]</title>
+  <script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
+  <meta name="viewport" content="width=device-width,initial-scale=1" />
+  <link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
+<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
+      <!-- //if:usedebianlibs
+  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
+//elsif:useexternallibs
+  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
+//elsif:cssminified
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
+//else -->
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
+<!-- //endif -->/>
+    <script type="text/javascript">/*<![CDATA[*/
+    var TPL_CONFIG = {"tableFullWidth":1};
+  /*!]]>*/</script>
+  <meta name="generator" content="DokuWiki"/>
+<meta name="robots" content="index,follow"/>
+<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
+<link rel="start" href="discourse.html"/>
+<link rel="contents" href="discourse.html" title="Sitemap"/>
+<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
+<!-- //if:usedebianlibs
+  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
+//elsif:useexternallibs
+  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
+//elsif:cssminified
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
+//else -->
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
+<!-- //endif -->
+<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
+/*!]]>*/</script>
+<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
+<!-- //if:usedebianlibs
+<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
+//elsif:useexternallibs
+<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
+//elsif:jsminified
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
+//else -->
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
+<!-- //endif -->
+<!-- //if:usedebianlibs
+  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
+//elsif:useexternallibs
+  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
+//elsif:jsminified
+  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
+//else -->
+  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
+<!-- //endif -->
+  <script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
+  <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
+  <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
+  <!--[if lt IE 9]>
+  <![endif]-->
+</head>
+
+<body class="container">
+  <!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
+  <div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3   ">
+
+    
+    
+      <h1 class="page-header">
+        <i class="glyphicon glyphicon-picture"></i> applications:discourse.jpg      </h1>
+
+      <div class="content">
+
+        <a href="discourse.0fea6a13c52b4d4725368f24b045ca84.jpeg" title="View original file"><img width="218" height="64" class="img_detail" alt="discourse.jpg" title="discourse.jpg" src="discourse.6e7dfb78b54a5324836f41bb225c015f.jpeg"/></a>
+        <div class="img_detail">
+
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> discourse.jpg</h2>
+            </div>
+            <div class="panel-body">
+              <dl><dt>Date:</dt><dd>2019/02/21 16:43</dd><dt>Filename:</dt><dd>discourse.jpg</dd><dt>Format:</dt><dd>JPEG</dd><dt>Size:</dt><dd>4KB</dd><dt>Width:</dt><dd>218</dd><dt>Height:</dt><dd>64</dd></dl>                          </div>
+          </div>
+
+        </div>
+      </div><!-- /.content -->
+
+      <p class="back">
+
+        <hr/>
+
+        <div class="btn-group">
+          <a href="discourse.html"  class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:discourse [B]">Back to documentation:2.0:applications:discourse</a>                  </div>
+
+      </p>
+
+      </div>
+  <!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
+</body>
+</html>

doc/pages/documentation/current/applications/img/icons.png

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=0f10c8fca57376e7bc8695f4a434476e"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1549988821" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1554841473" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/applications/img/loader.gif

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=0f10c8fca57376e7bc8695f4a434476e"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1549988821" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1554841473" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/applications/roundcube.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:applications:roundcube</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,applications,roundcube"/>
 <link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="roundcube.html"/>

doc/pages/documentation/current/applications/salesforce.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:applications:salesforce</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,applications,salesforce"/>
 <link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="salesforce.html"/>

doc/pages/documentation/current/applications/zimbra.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:applications:zimbra</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,applications,zimbra"/>
 <link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="zimbra.html"/>
@@ -82,10 +82,9 @@
 Zimbra use a specific <a href="http://wiki.zimbra.com/index.php?title=Preauth" class="urlextern" title="http://wiki.zimbra.com/index.php?title=Preauth"  rel="nofollow">preauthentication protocol</a> to provide <abbr title="Single Sign On">SSO</abbr> on its application. This protocol is implemented in an <abbr title="LemonLDAP::NG">LL::NG</abbr> specific Handler.
 </p>
 <div class="notetip">Zimbra can also be connected to <abbr title="LemonLDAP::NG">LL::NG</abbr> via <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML protocol</a> (see <a href="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" class="urlextern" title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"  rel="nofollow">Zimbra blog</a>).
-</div><div class="noteimportant">For now, Zimbra isn&#039;t supported by Nginx handler. You have to use Apache.
 </div>
 </div>
-<!-- EDIT2 SECTION "Presentation" [61-1097] -->
+<!-- EDIT2 SECTION "Presentation" [61-999] -->
 <h2 class="sectionedit3" id="configuration">Configuration</h2>
 <div class="level2">
 
@@ -104,7 +103,7 @@ The integration with <abbr title="LemonLDAP::NG">LL::NG</abbr> is the following:
 </ul>
 
 </div>
-<!-- EDIT3 SECTION "Configuration" [1098-1438] -->
+<!-- EDIT3 SECTION "Configuration" [1000-1340] -->
 <h3 class="sectionedit4" id="zimbra_preauth_key">Zimbra preauth key</h3>
 <div class="level3">
 
@@ -117,7 +116,7 @@ See <a href="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_f
 </p>
 
 </div>
-<!-- EDIT4 SECTION "Zimbra preauth key" [1439-1637] -->
+<!-- EDIT4 SECTION "Zimbra preauth key" [1341-1539] -->
 <h3 class="sectionedit5" id="zimbra_application_in_menu">Zimbra application in menu</h3>
 <div class="level3">
 
@@ -126,7 +125,7 @@ Choose for example <a href="http://zimbra.example.com/zimbrasso" class="urlexter
 </p>
 
 </div>
-<!-- EDIT5 SECTION "Zimbra application in menu" [1638-1819] -->
+<!-- EDIT5 SECTION "Zimbra application in menu" [1540-1721] -->
 <h3 class="sectionedit6" id="zimbra_virtual_host">Zimbra virtual host</h3>
 <div class="level3">
 
@@ -135,7 +134,7 @@ You just have to set “Type: ZimbraPreAuth” in virtualhost options and reload
 </p>
 
 </div>
-<!-- EDIT6 SECTION "Zimbra virtual host" [1820-1959] -->
+<!-- EDIT6 SECTION "Zimbra virtual host" [1722-1861] -->
 <h3 class="sectionedit7" id="zimbra_handler_parameters">Zimbra Handler parameters</h3>
 <div class="level3">
 
@@ -164,6 +163,6 @@ Zimbra parameters are the following:
 
 </div>
 </div>
-<!-- EDIT7 SECTION "Zimbra Handler parameters" [1960-] --></div>
+<!-- EDIT7 SECTION "Zimbra Handler parameters" [1862-] --></div>
 </body>
 </html>

doc/pages/documentation/current/authgpg.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authgpg</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,authgpg"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authgpg.html"/>
@@ -68,14 +68,25 @@ LLNG can use GPG to authenticate users. It is not useful for day-to-day authenti
 
 </div>
 <!-- EDIT3 SECTION "Presentation" [91-329] -->
-<h2 class="sectionedit4" id="configuration">Configuration</h2>
-<div class="level2">
+<h3 class="sectionedit4" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
+<div class="level3">
 
 <p>
 In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose GPG for authentication, users and/or password modules. Then you just have to set GPG database. For example <code>/usr/share/keyrings/debian-keyring.gpg</code>
 </p>
+<div class="notetip">You can then choose any other module for users and password.
+</div>
+<p>
+Then, go in <code>GPG parameters</code>:
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module</div>
+</li>
+<li class="level1"><div class="li"> <strong>GPG database</strong>: database to store users GPG public key</div>
+</li>
+</ul>
 
 </div>
-<!-- EDIT4 SECTION "Configuration" [330-] --></div>
+<!-- EDIT4 SECTION "Configuration of LemonLDAP::NG" [330-] --></div>
 </body>
 </html>

doc/pages/documentation/current/authrest.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authrest</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,authrest"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authrest.html"/>
@@ -89,7 +89,7 @@ In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modu
 </p>
 
 <p>
-Then you just have to set REST <abbr title="Uniform Resource Locator">URL</abbr> to provide wanted services:
+Then, go in <code>REST parameters</code> and you just have to set REST <abbr title="Uniform Resource Locator">URL</abbr> to provide wanted services:
 </p>
 <div class="table sectionedit5"><table class="inline table table-bordered table-striped">
 	<thead>
@@ -98,21 +98,25 @@ Then you just have to set REST <abbr title="Uniform Resource Locator">URL</abbr>
 	</tr>
 	</thead>
 	<tr class="row1 rowodd">
-		<td class="col0 centeralign">  Authentication  </td><td class="col1 centeralign">  Authentication <abbr title="Uniform Resource Locator">URL</abbr>  </td>
+		<td class="col0 centeralign">  Authentication level  </td><td class="col1 centeralign">  Authentication level for this module  </td>
 	</tr>
 	<tr class="row2 roweven">
-		<td class="col0 centeralign">  User database  </td><td class="col1 centeralign">  User data <abbr title="Uniform Resource Locator">URL</abbr>  </td>
+		<td class="col0 centeralign">  Authentication  </td><td class="col1 centeralign">  Authentication <abbr title="Uniform Resource Locator">URL</abbr>  </td>
 	</tr>
 	<tr class="row3 rowodd">
-		<td class="col0 centeralign">  Password  </td><td class="col1 centeralign">  Password confirmation <abbr title="Uniform Resource Locator">URL</abbr>  </td>
+		<td class="col0 centeralign">  User database  </td><td class="col1 centeralign">  User data <abbr title="Uniform Resource Locator">URL</abbr>  </td>
 	</tr>
 	<tr class="row4 roweven">
-		<td class="col0 centeralign">  Password  </td><td class="col1 centeralign">  Password change <abbr title="Uniform Resource Locator">URL</abbr>  </td>
+		<td class="col0 centeralign">  Password confirmation  </td><td class="col1 centeralign">  Password confirmation <abbr title="Uniform Resource Locator">URL</abbr>  </td>
+	</tr>
+	<tr class="row5 rowodd">
+		<td class="col0 centeralign">  Password change  </td><td class="col1 centeralign">  Password change <abbr title="Uniform Resource Locator">URL</abbr>  </td>
 	</tr>
 </table></div>
-<!-- EDIT5 TABLE [420-612] -->
+<!-- EDIT5 TABLE [451-731] --><div class="notetip">You can then choose any other module for users and password.
+</div>
 </div>
-<!-- EDIT4 SECTION "Configuration" [192-613] -->
+<!-- EDIT4 SECTION "Configuration" [192-811] -->
 <h2 class="sectionedit6" id="rest_dialog">REST Dialog</h2>
 <div class="level2">
 
@@ -138,9 +142,9 @@ REST web services have just to respond with a “result” key in a JSON file. A
 		<td class="col0 centeralign">  Password change <abbr title="Uniform Resource Locator">URL</abbr>  </td><td class="col1"> JSON file: <code>{“user”:$user,“password”:$password}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
 	</tr>
 </table></div>
-<!-- EDIT7 TABLE [827-1348] --><div class="notetip">To have just one call, you can only set REST authentication, set datas in “info” key response and set Null as User Database.
+<!-- EDIT7 TABLE [1025-1546] --><div class="notetip">To have just one call, you can only set REST authentication, set datas in “info” key response and set Null as User Database.
 </div>
 </div>
-<!-- EDIT6 SECTION "REST Dialog" [614-] --></div>
+<!-- EDIT6 SECTION "REST Dialog" [812-] --></div>
 </body>
 </html>

doc/pages/documentation/current/authsaml.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authsaml</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,authsaml"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authsaml.html"/>
@@ -148,11 +148,11 @@ After configuring <abbr title="Security Assertion Markup Language">SAML</abbr> S
 </p>
 
 <p>
-They are available at the EntityID <abbr title="Uniform Resource Locator">URL</abbr>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata"  rel="nofollow">http://auth.example.com/saml/metadata</a>.
+They are available at the EntityID <abbr title="Uniform Resource Locator">URL</abbr>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata"  rel="nofollow">http://auth.example.com/saml/metadata</a>. You can also use <a href="http://auth.example.com/saml/metadata/sp" class="urlextern" title="http://auth.example.com/saml/metadata/sp"  rel="nofollow">http://auth.example.com/saml/metadata/sp</a> to have only SP related metadata.
 </p>
 
 </div>
-<!-- EDIT7 SECTION "Register LemonLDAP::NG on partner Identity Provider" [1468-1714] -->
+<!-- EDIT7 SECTION "Register LemonLDAP::NG on partner Identity Provider" [1468-1806] -->
 <h3 class="sectionedit8" id="register_partner_identity_provider_on_lemonldapng">Register partner Identity Provider on LemonLDAP::NG</h3>
 <div class="level3">
 
@@ -315,6 +315,6 @@ Used only if you have more than 1 <abbr title="Security Assertion Markup Languag
 <div class="notetip">The chosen logo must be in Portal icons directory (<code>portal/static/common/icons/</code>). You can set a custom icon by setting the icon file name directly in the field and copy the logo file in portal icons directory
 </div>
 </div>
-<!-- EDIT8 SECTION "Register partner Identity Provider on LemonLDAP::NG" [1715-] --></div>
+<!-- EDIT8 SECTION "Register partner Identity Provider on LemonLDAP::NG" [1807-] --></div>
 </body>
 </html>

doc/pages/documentation/current/authssl.html

@@ -59,7 +59,11 @@
 <li class="level3"><div class="li"><a href="#apache_portal_ssl_configuration">Apache portal SSL configuration</a></div></li>
 </ul>
 </li>
-<li class="level2"><div class="li"><a href="#with_nginx">With Nginx</a></div></li>
+<li class="level2"><div class="li"><a href="#with_nginx">With Nginx</a></div>
+<ul class="toc">
+<li class="level3"><div class="li"><a href="#nginx_ssl_virtual_host_example_with_uwsgi">Nginx SSL Virtual Host example with uWSGI</a></div></li>
+</ul>
+</li>
 <li class="level2"><div class="li"><a href="#configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></div></li>
 <li class="level2"><div class="li"><a href="#auto_reloading_ssl_certificates">Auto reloading SSL Certificates</a></div></li>
 </ul>
@@ -206,14 +210,53 @@ ssl_crl /etc/nginx/ssl/crl/my.crl;</pre>
 <p>
 You must also export SSL_CLIENT_S_<abbr title="Distinguished Name">DN</abbr>_CN in FastCGI params:
 </p>
-<pre class="code file nginx">map $ssl_client_s_dn  $ssl_client_s_dn_cn {
+<pre class="code file nginx"># map directive must be in http context
+map $ssl_client_s_dn  $ssl_client_s_dn_cn {
            default           &quot;&quot;;
            ~/CN=(?&lt;CN&gt;[^/]+) $CN;
       }
 fastcgi_param  SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;</pre>
 
 </div>
-<!-- EDIT6 SECTION "With Nginx" [2685-3246] -->
+
+<h4 id="nginx_ssl_virtual_host_example_with_uwsgi">Nginx SSL Virtual Host example with uWSGI</h4>
+<div class="level4">
+<pre class="code file nginx">server {
+  listen 443;
+  server_name authssl.example.com;
+  root /usr/share/lemonldap-ng/portal/htdocs/;
+  # Use &quot;lm_app&quot; format to get username in nginx.log (see nginx-lmlog.conf)
+  access_log /var/log/nginx/access.log lm_app;
+&nbsp;
+  ssl_verify_client on;
+  ssl_verify_depth 3;
+&nbsp;
+  # Full chain CRL is required
+  # All CRLs must be concatenated in a single .pem format file
+  ssl_crl /etc/nginx/ssl/crl/crls.pem;
+  if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
+    rewrite ^/(.*)$ /index.psgi/$1 break;
+  }
+&nbsp;
+  location ~ ^(?&lt;sc&gt;/.*\.psgi)(?:$|/) {
+    # uWSGI Configuration
+    include /etc/nginx/uwsgi_params;
+    uwsgi_pass 127.0.0.1:5000;
+    uwsgi_param LLTYPE psgi;
+    uwsgi_param SCRIPT_FILENAME $document_root$sc;
+    uwsgi_param SCRIPT_NAME $sc;
+    uwsgi_param  SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
+  }
+&nbsp;
+  #index index.psgi;
+  location / {
+    try_files $uri $uri/ =404;
+    add_header Strict-Transport-Security max-age=15768000;
+  }
+}</pre>
+
+</div>
+<!-- EDIT6 SECTION "With Nginx" [2685-4318] -->
 <h3 class="sectionedit7" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
 <div class="level3">
 
@@ -233,7 +276,7 @@ Then, go in <code>SSL parameters</code>:
 </ul>
 
 </div>
-<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [3247-3672] -->
+<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [4319-4744] -->
 <h3 class="sectionedit8" id="auto_reloading_ssl_certificates">Auto reloading SSL Certificates</h3>
 <div class="level3">
 
@@ -341,7 +384,7 @@ $('.enteteBouton').click( function (e) {
 <div class="notewarning">It is incompatible with authentication combination because of Apache parameter “SSLVerifyClient”, which must have the value “require”. To enable SSL with <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a>, use <a href="#ssl_by_ajax" title="documentation:2.0:authssl ↵" class="wikilink1">SSL by Ajax</a>
 </div>
 </div>
-<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [3673-6936] -->
+<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [4745-8008] -->
 <h2 class="sectionedit9" id="ssl_by_ajax">SSL by Ajax</h2>
 <div class="level2">
 
@@ -358,8 +401,32 @@ If you enable this feature, you must configure 2 portal virtual hosts:
 <p>
 then declare the second <abbr title="Uniform Resource Locator">URL</abbr> in SSL options in the Manager. That&#039;s all ! Then you can chain it in a <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">combination</a>.
 </p>
+<div class="noteclassic">With <a href="authchoice.html" class="wikilink1" title="documentation:2.0:authchoice">choice</a>, the second <abbr title="Uniform Resource Locator">URL</abbr> should be also declared in module <abbr title="Uniform Resource Locator">URL</abbr> parameter to redirect user to Portal menu.
+
+</div><div class="noteimportant"><strong>Content Security Policy</strong> may prevent to submit Ajax Request.
+To avoid security warning,
+<p>
+Go to : <code>General Parameters &gt; Advanced Parameters &gt; Security &gt; Content security policy</code>
+</p>
+
+<p>
+and set :
+</p>
+
+<p>
+<strong>Default value</strong>     =&gt; &#039;self&#039; “Ajax request <abbr title="Uniform Resource Locator">URL</abbr>”
+</p>
 
+<p>
+<strong>Form destinations</strong> =&gt; &#039;self&#039; “Ajax request <abbr title="Uniform Resource Locator">URL</abbr>”
+</p>
+
+<p>
+<strong>Ajax destinations</strong> =&gt; &#039;self&#039; “Ajax request <abbr title="Uniform Resource Locator">URL</abbr>”