Commit 1103c3da authored by Yadd's avatar Yadd

Update doc (#1391 #1399)

parent e89db33b
Pipeline #1106 passed with stage
in 2 minutes and 16 seconds
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1521141343" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1521571149" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1521141343" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1521571149" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcustom.html"/>
......@@ -65,9 +65,10 @@
<p>
This artifact allows one to define its own modules (authentication, user database, password or register DB).
</p>
<div class="notetip">The developper documentation is available in Portal manpages.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [117-252] -->
<!-- EDIT3 SECTION "Presentation" [117-331] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
......@@ -80,6 +81,6 @@ See portal manpages to see how to write these plugins.
</p>
</div>
<!-- EDIT4 SECTION "Configuration" [253-] --></div>
<!-- EDIT4 SECTION "Configuration" [332-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authyubikey</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authyubikey"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authyubikey.html"/>
......@@ -46,67 +46,9 @@
<h1 class="sectionedit1" id="yubikey">Yubikey</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [24-81] -->
<div class="noteimportant">This module has been replaced by <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey Second Factor</a>
</div>
<!-- EDIT1 SECTION "Yubikey" [1-82] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
The <a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.yubico.com/yubikey" rel="nofollow">Yubikey</a> is a small material token shipped by <a href="http://www.yubico.com" class="urlextern" title="http://www.yubico.com" rel="nofollow">Yubico</a>. It sends an OTP, which is validated against Yubico server.
</p>
<p>
You need <a href="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" class="urlextern" title="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" rel="nofollow">Auth::Yubikey_WebClient</a> package.
</p>
<p>
You need to get an client ID and a secret key from Yubico. See <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/" rel="nofollow">Yubico API</a> page.
</p>
<div class="notetip">To use your Yubikeys as “second factor”, use <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">Universal 2nd Factor Authentication (U2F)</a> instead of this module
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [83-647] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Yubikey for authentication module.
</p>
<div class="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code>Yubikey parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Application Programming Interface">API</abbr> client ID</strong>: <abbr title="Application Programming Interface">API</abbr> client ID from Yubico</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Application Programming Interface">API</abbr> secret key</strong>: <abbr title="Application Programming Interface">API</abbr> secret key from Yubico</div>
</li>
<li class="level1"><div class="li"> <strong>OTP public ID part size</strong>: Part of Yubikey OTP that will be used as the media identifier (default: 12)</div>
</li>
</ul>
<div class="notetip">You have to register the media identifier in your user backend (LDAP or SQL) to match the yubikey with a real user. For example it can be stored as a second value of the uid attribute in the LDAP directory:<ul>
<li class="level1"><div class="li"> uid: coudot</div>
</li>
<li class="level1"><div class="li"> uid: 123456789012 </div>
</li>
</ul>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [648-] --></div>
</body>
</html>
......@@ -55,7 +55,9 @@
<!-- EDIT1 SECTION "Deploy LemonLDAP::NG on a Plack server" [1-295] -->
<h2 class="sectionedit2" id="complete_example">Complete example</h2>
<div class="level2">
<pre class="code :perl"><span class="co1">#!/usr/bin/perl</span>
<dl class="file">
<dt><a href="_export/code/documentation/2.0/configplack/codeblock.0.code" title="Download Snippet" class="mediafile mf_psgi">llapp.psgi</a></dt>
<dd><pre class="code file perl"><span class="co1">#!/usr/bin/perl</span>
&nbsp;
<span class="kw2">use</span> Data<span class="sy0">::</span><span class="me2">Dumper</span><span class="sy0">;</span>
<span class="kw2">use</span> Plack<span class="sy0">::</span><span class="me2">Builder</span><span class="sy0">;</span>
......@@ -106,6 +108,7 @@ builder <span class="br0">&#123;</span>
mount <span class="st_h">'http://auth.example.com/'</span> <span class="sy0">=&gt;</span> <span class="re0">$portal</span><span class="sy0">;</span>
mount <span class="st_h">'http://manager.example.com/'</span> <span class="sy0">=&gt;</span> <span class="re0">$manager</span><span class="sy0">;</span>
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
</dd></dl>
<p>
Launch it with <a href="https://github.com/miyagawa/Starman" class="urlextern" title="https://github.com/miyagawa/Starman" rel="nofollow">Starman</a> for example:
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:external2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,external2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="external2f.html"/>
......@@ -77,6 +77,8 @@ All parameters are configured in “General Parameters » Portal Parameters » E
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
<li class="level1"><div class="li"> Logo (Optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
<div class="noteimportant">The command line is split in an array and launch with exec(). So you don&#039;t need to enclose arguments in “” and this protects your system against shell injection. However, you can not use any space except to separate arguments.
</div>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:parameterlist</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,parameterlist"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="parameterlist.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:rest2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,rest2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="rest2f.html"/>
......@@ -85,10 +85,12 @@ All parameters are configured in “General Parameters » Portal Parameters » S
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
<li class="level1"><div class="li"> Logo (optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Configuration" [187-837] -->
<!-- EDIT2 SECTION "Configuration" [187-901] -->
<h2 class="sectionedit3" id="arguments">Arguments</h2>
<div class="level2">
......@@ -98,7 +100,7 @@ Arguments are a list of key/value. Key is the name of JSON entry, value is attri
<div class="noteimportant">For Verify <abbr title="Uniform Resource Locator">URL</abbr>, you should send $code at least
</div>
</div>
<!-- EDIT3 SECTION "Arguments" [838-1032] -->
<!-- EDIT3 SECTION "Arguments" [902-1096] -->
<h2 class="sectionedit4" id="rest_dialog">REST Dialog</h2>
<div class="level2">
......@@ -118,8 +120,8 @@ REST web services just have to respond with a “result” key in a JSON file. A
<td class="col0 centeralign"> Verify <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,“code”:“$code”,…}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1243-1472] -->
<!-- EDIT5 TABLE [1307-1536] -->
</div>
<!-- EDIT4 SECTION "REST Dialog" [1033-] --></div>
<!-- EDIT4 SECTION "REST Dialog" [1097-] --></div>
</body>
</html>
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=c879427e37ac73de4c6e85bc7f884468" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=0b96dfdde10e54bc7b60aeaed5a35886" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1521141362" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1521571168" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:soapsessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,soapsessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="soapsessionbackend.html"/>
......
......@@ -310,7 +310,7 @@
<td class="col0"> <a href="authwebid.html" class="wikilink1" title="documentation:2.0:authwebid">WebID</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td>
</tr>
<tr class="row21 rowodd">
<td class="col0"> <a href="authyubikey.html" class="wikilink1" title="documentation:2.0:authyubikey">Yubikey</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
<td class="col0"> <del><a href="authyubikey.html" class="wikilink1" title="documentation:2.0:authyubikey">Yubikey</a></del> </td><td class="col1 centeralign" colspan="3"> <em>Deprecated, replaced by Yubikey second factor</em> </td>
</tr>
<tr class="row22 roweven">
<td class="col0"> <a href="authcustom.html" class="wikilink1" title="documentation:2.0:authcustom">Custom modules</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td>
......@@ -340,25 +340,31 @@
<th class="col0"> Second factor </th><th class="col1 centeralign"> Authentication </th><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row31 rowodd">
<td class="col0"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="utotp2f.html" class="wikilink1" title="documentation:2.0:utotp2f">TOTP-or-U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row32 roweven">
<td class="col0"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(Google Authenticator,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row33 rowodd">
<td class="col0"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External Second Factor</a> <em>(OTP, SMS,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(Google Authenticator,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row34 roweven">
<td class="col0"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST Second Factor</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External Second Factor</a> <em>(OTP, SMS,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row35 rowodd">
<th class="col0"> Auth addons </th><th class="col1 centeralign"> Authentication </th><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST Second Factor</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"> </td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row36 roweven">
<td class="col0"> <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row37 rowodd">
<th class="col0"> Auth addons </th><th class="col1 centeralign"> Authentication </th><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row38 roweven">
<td class="col0"> <a href="autosignin.html" class="wikilink1" title="documentation:2.0:autosignin">Auto Signin</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
</table></div>
<!-- EDIT9 TABLE [2320-4477] -->
<!-- EDIT9 TABLE [2320-4642] -->
<p>
</div></div>
</p>
......@@ -402,13 +408,13 @@
<td class="col0"> <a href="issuerdbget.html" class="wikilink1" title="documentation:2.0:issuerdbget">Get parameters provider</a> <em>(for poor applications)</em> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT10 TABLE [4823-5184] -->
<!-- EDIT10 TABLE [4988-5349] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT8 SECTION "Portal" [1784-5212] -->
<!-- EDIT8 SECTION "Portal" [1784-5377] -->
<h3 class="sectionedit11" id="handlers">Handlers</h3>
<div class="level3">
......@@ -437,7 +443,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> For Cross Domain Authentication </td><td class="col5"></td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Allows application developers to define their rules within the application </td><td class="col5"></td>
<td class="col0"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps</a> <em>(SSOaaS)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Allows application developers to define their rules within the application </td><td class="col5"></td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">Secure Token</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4"> Designed to secure dialog between a LLNG reverse-proxy and a remote app </td><td class="col5"></td>
......@@ -449,7 +455,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [5451-6284] -->
<!-- EDIT12 TABLE [5616-6462] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionality.</em>
</p>
......@@ -459,7 +465,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
</p>
</div>
<!-- EDIT11 SECTION "Handlers" [5213-6407] -->
<!-- EDIT11 SECTION "Handlers" [5378-6585] -->
<h3 class="sectionedit13" id="llng_databases">LLNG databases</h3>
<div class="level3">
......@@ -505,7 +511,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0 centeralign"> <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [6706-7688] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT14 TABLE [6884-7866] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
......@@ -560,13 +566,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [8553-10232] -->
<!-- EDIT15 TABLE [8731-10410] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT13 SECTION "LLNG databases" [6408-10260] -->
<!-- EDIT13 SECTION "LLNG databases" [6586-10438] -->
<h2 class="sectionedit16" id="applications_protection">Applications protection</h2>
<div class="level2">
......@@ -595,7 +601,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT16 SECTION "Applications protection" [10261-10751] -->
<!-- EDIT16 SECTION "Applications protection" [10439-10929] -->
<h3 class="sectionedit17" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
......@@ -693,7 +699,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT17 SECTION "Well known compatible applications" [10752-12965] -->
<!-- EDIT17 SECTION "Well known compatible applications" [10930-13143] -->
<h2 class="sectionedit18" id="advanced_features">Advanced features</h2>
<div class="level2">
......@@ -725,7 +731,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</li>
<li class="level1"><div class="li"> <a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic Handler</a></div>
</li>
<li class="level1"><div class="li"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps Handler</a></div>
<li class="level1"><div class="li"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps Handler</a> <em>(SSOaaS)</em></div>
</li>
<li class="level1"><div class="li"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Handling server webservice calls</a></div>
</li>
......@@ -746,7 +752,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT18 SECTION "Advanced features" [12966-14014] -->
<!-- EDIT18 SECTION "Advanced features" [13144-14205] -->
<h2 class="sectionedit19" id="mini_howtos">Mini howtos</h2>
<div class="level2">
......@@ -777,7 +783,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Mini howtos" [14015-14684] -->
<!-- EDIT19 SECTION "Mini howtos" [14206-14875] -->
<h2 class="sectionedit20" id="exploitation">Exploitation</h2>
<div class="level2">
......@@ -810,7 +816,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Exploitation" [14685-15105] -->
<!-- EDIT20 SECTION "Exploitation" [14876-15296] -->
<h2 class="sectionedit21" id="bug_report">Bug report</h2>
<div class="level2">
......@@ -819,7 +825,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT21 SECTION "Bug report" [15106-15170] -->
<!-- EDIT21 SECTION "Bug report" [15297-15361] -->
<h2 class="sectionedit22" id="developer_corner">Developer corner</h2>
<div class="level2">
......@@ -890,6 +896,6 @@ To translate this doc (Manager help):
</ul>
</div>
<!-- EDIT22 SECTION "Developer corner" [15171-] --></div>
<!-- EDIT22 SECTION "Developer corner" [15362-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:totp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,totp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="totp2f.html"/>
......@@ -81,7 +81,7 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level1"><div class="li"> TOTP ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/totpregister.html" class="urlextern" title="https://auth.your.domain/totpregister.html" rel="nofollow">https://auth.your.domain/totpregister.html</a>)</em></div>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” if users are authorizated to generate themselves TOTP secret</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
......@@ -93,11 +93,15 @@ In the manager (advanced parameters), you just have to enable it:
</li>
<li class="level1"><div class="li"> TOTP ⇒ Digits: number of digit of codes (default: 6)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Display existing secret: display an already registered secret (default: disabled)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Change existing secret: authorize a user to change its already registered TOTP secret</div>
</li>
</ul>
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_totp2fSecret</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [634-1815] -->
<!-- EDIT2 SECTION "Configuration" [634-1941] -->
<h2 class="sectionedit3" id="enrollment">Enrollment</h2>
<div class="level2">
......@@ -106,7 +110,7 @@ If you&#039;ve enabled self registration, users can get their key using <a href=
</p>
</div>
<!-- EDIT3 SECTION "Enrollment" [1816-1940] -->
<!-- EDIT3 SECTION "Enrollment" [1942-2066] -->
<h2 class="sectionedit4" id="assistance">Assistance</h2>
<div class="level2">
......@@ -115,7 +119,7 @@ If a user lost its key, you may remove it&#039;s persistent session using the se
</p>
</div>
<!-- EDIT4 SECTION "Assistance" [1941-2056] -->
<!-- EDIT4 SECTION "Assistance" [2067-2182] -->
<h2 class="sectionedit5" id="developer_corner">Developer corner</h2>
<div class="level2">
......@@ -135,8 +139,8 @@ If you have another TOTP registration interface, you have to populate session (u
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [2212-2330] -->
<!-- EDIT6 TABLE [2338-2456] -->
</div>
<!-- EDIT5 SECTION "Developer corner" [2057-] --></div>
<!-- EDIT5 SECTION "Developer corner" [2183-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:u2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,u2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="u2f.html"/>
......@@ -88,12 +88,12 @@ This feature uses <a href="https://metacpan.org/pod/Crypt::U2F::Server::Simple"
<div class="level2">
<p>
In the manager (advanced parameters), you just have to enable it:
In the manager (second factors), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> U2F ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/u2fregister.html" class="urlextern" title="https://auth.your.domain/u2fregister.html" rel="nofollow">https://auth.your.domain/u2fregister.html</a>)</em></div>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” if users are authorizated to register their keys</div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
......@@ -101,7 +101,7 @@ In the manager (advanced parameters), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_u2fKeyHandle and $_u2fUserKey</code>, else U2F will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [874-1815] -->
<!-- EDIT3 SECTION "Configuration" [874-1733] -->
<h2 class="sectionedit4" id="browser_compatibility">Browser compatibility</h2>
<div class="level2">
<ul>
......@@ -111,9 +111,9 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level2"><div class="li"> 38 to 56 with <a href="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" class="urlextern" title="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" rel="nofollow">U2F Support Add-on</a></div>
</li>
<li class="level2"><div class="li"> 57 to 58, with “security.webauth.u2f” set to “true” in “about:config” <em>(see <a href="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" class="urlextern" title="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" rel="nofollow">Yubico explanations</a>)</em></div>
<li class="level2"><div class="li"> 57 to 59, with “security.webauth.u2f” set to “true” in “about:config” <em>(see <a href="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" class="urlextern" title="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" rel="nofollow">Yubico explanations</a>)</em></div>
</li>
<li class="level2"><div class="li"> probably enabled by default for versions &gt;= 59</div>
<li class="level2"><div class="li"> probably enabled by default for versions &gt;= 60</div>
</li>
</ul>
</li>
......@@ -122,7 +122,7 @@ In the manager (advanced parameters), you just have to enable it:
</ul>
</div>
<!-- EDIT4 SECTION "Browser compatibility" [1816-2253] -->
<!-- EDIT4 SECTION "Browser compatibility" [1734-2171] -->
<h2 class="sectionedit5" id="enrollment">Enrollment</h2>
<div class="level2">
......@@ -131,7 +131,7 @@ If you&#039;ve enabled self registration, users can register their FIDO key usin
</p>
</div>
<!-- EDIT5 SECTION "Enrollment" [2254-2387] -->
<!-- EDIT5 SECTION "Enrollment" [2172-2305] -->
<h2 class="sectionedit6" id="assistance">Assistance</h2>
<div class="level2">
......@@ -140,7 +140,7 @@ If a user lost its key, you may remove it&#039;s persistent session using the se
</p>
</div>
<!-- EDIT6 SECTION "Assistance" [2388-2503] -->
<!-- EDIT6 SECTION "Assistance" [2306-2421] -->