Commit 4905e30b authored by Xavier Guimard's avatar Xavier Guimard

Update doc

parent c71e88ae
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,applications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="applications.html"/>
......@@ -206,13 +206,13 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/googleapps.html" class="media" title="documentation:2.0:applications:googleapps"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/cornerstone.html" class="media" title="documentation:2.0:applications:cornerstone"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col3 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> NextCloud </th><th class="col1 leftalign"> </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
<th class="col0 centeralign"> NextCloud </th><th class="col1 centeralign"> ADFS </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/adfs.html" class="media" title="documentation:2.0:applications:adfs"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT18 TABLE [2482-2957] -->
<!-- EDIT18 TABLE [2482-3024] -->
</div>
<!-- EDIT17 SECTION "SAML connectors" [2363-] --></div>
</body>
......
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:adfs</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,applications,adfs"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="adfs.html"/>
<link rel="contents" href="adfs.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:adfs","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="active_directory_federation_services">Active Directory Federation Services</h1>
<div class="level1">
<p>
<img src="microsoft-adfs.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Active Directory Federation Services" [1-100] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Microsoft ADFS (Active Directory Federation Services) is an Identity/Service Provider, compatible with several protocols, including <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0.
</p>
<div class="noteimportant">This documentation does not explains how to setup ADFS, but give only tricks to make it works with <abbr title="LemonLDAP::NG">LL::NG</abbr>
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [101-399] -->
<h2 class="sectionedit3" id="adfs_as_identity_provider">ADFS as Identity Provider</h2>
<div class="level2">
<p>
When ADFS is declared as an Identity Provider in LemonLDAP::NG, you need to take care of the following items:
</p>
<ul>
<li class="level1"><div class="li"> HTTPS is mandatory on <abbr title="LemonLDAP::NG">LL::NG</abbr> portal</div>
</li>
<li class="level1"><div class="li"> You need to use a certificate in <abbr title="LemonLDAP::NG">LL::NG</abbr> <abbr title="Security Assertion Markup Language">SAML</abbr> metadata instead of a raw public key</div>
</li>
<li class="level1"><div class="li"> Activate option <code>Use specific query_string method</code> in <abbr title="Security Assertion Markup Language">SAML</abbr> Service</div>
</li>
<li class="level1"><div class="li"> Use SHA1 instead of SHA256 as signature algorithm on ADFS if using a Lasso version &lt; 2.5.0</div>
</li>
<li class="level1"><div class="li"> Force <abbr title="Security Assertion Markup Language">SAML</abbr> response to be sent by POST and not Artifact (signature verification fails with Artifact)</div>
</li>
<li class="level1"><div class="li"> Enable <code>Allow proxy authentication</code> in IDP options on <abbr title="LemonLDAP::NG">LL::NG</abbr> side</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "ADFS as Identity Provider" [400-] --></div>
</body>
</html>
......@@ -73,6 +73,14 @@ For GLPI &gt;= 0.71, it is a simple configuration in GLPI: Setup → Authenticat
For older version, check <a href="http://wiki.glpi-project.org/doku.php?id=en:authautoad" class="urlextern" title="http://wiki.glpi-project.org/doku.php?id=en:authautoad" rel="nofollow">http://wiki.glpi-project.org/doku.php?id=en:authautoad</a>
</p>
<p>
If you use Nginx, you need to add this in configuration:
</p>
<pre class="code file nginx">proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</pre>
</div>
<!-- EDIT3 SECTION "Configuration" [532-] --></div>
</body>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=680699e3c0234f8feda99a5fd3910f13" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=378132ea54accc5c67c7c9ceda71bf59" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1488909657" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1489508242" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=680699e3c0234f8feda99a5fd3910f13" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=378132ea54accc5c67c7c9ceda71bf59" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1488909657" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1489508242" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcustom.html"/>
......@@ -72,7 +72,11 @@ This artifact allows one to define its own modules (authentication, user databas
<div class="level2">
<p>
You just have to define class names of your custom modules in “Custom module names”.
You just have to define class names of your custom modules in “Custom module names”. You can also add your custom parameters in “Additional parameters”. Be careful to use names not already used elsewhere in configuration. This parameters are available in your plugins using <code>$self→conf→{<em>customName</em>}</code>.
</p>
<p>
See portal manpages to see how to write these plugins.
</p>
</div>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authopenidconnect</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authopenidconnect"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authopenidconnect.html"/>
......@@ -124,14 +124,15 @@ You can use this authentication module to link your <abbr title="LemonLDAP::NG">
<td class="col0 centeralign"> <a href="authopenidconnect_google.html" class="media" title="documentation:2.0:authopenidconnect_google"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="authopenidconnect_franceconnect.html" class="media" title="documentation:2.0:authopenidconnect_franceconnect"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [905-1106] -->
<!-- EDIT4 TABLE [905-1106] --><div class="noteimportant">OpenID-Connect specification isn&#039;t finished for logout propagation. So logout initiated by relaying-party will be forward to OpenID-Connect provider but logout initiated by the provider (or another RP) will not be propagated. LLNG will implement this when <abbr title="specification">spec</abbr> will be published.
</div>
<!-- EDIT3 SECTION "Presentation" [96-1106] -->
</div>
<!-- EDIT3 SECTION "Presentation" [96-1410] -->
<h2 class="sectionedit5" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT5 SECTION "Configuration" [1107-1133] -->
<!-- EDIT5 SECTION "Configuration" [1411-1437] -->
<h3 class="sectionedit6" id="openid_connect_service">OpenID Connect Service</h3>
<div class="level3">
......@@ -140,7 +141,7 @@ See <a href="openidconnectservice.html" class="wikilink1" title="documentation:2
</p>
</div>
<!-- EDIT6 SECTION "OpenID Connect Service" [1134-1242] -->
<!-- EDIT6 SECTION "OpenID Connect Service" [1438-1546] -->
<h3 class="sectionedit7" id="authentication_and_userdb">Authentication and UserDB</h3>
<div class="level3">
......@@ -168,7 +169,7 @@ Then in <code>General Parameters</code> &gt; <code>Authentication modules</code>
</ul>
</div>
<!-- EDIT7 SECTION "Authentication and UserDB" [1243-2034] -->
<!-- EDIT7 SECTION "Authentication and UserDB" [1547-2338] -->
<h3 class="sectionedit8" id="register_llng_to_an_openid_connect_provider">Register LL::NG to an OpenID Connect Provider</h3>
<div class="level3">
......@@ -194,7 +195,7 @@ After registration, the OP must give you a client ID and a client secret, that w
</p>
</div>
<!-- EDIT8 SECTION "Register LL::NG to an OpenID Connect Provider" [2035-2749] -->
<!-- EDIT8 SECTION "Register LL::NG to an OpenID Connect Provider" [2339-3053] -->
<h3 class="sectionedit9" id="declare_the_openid_connect_provider_in_llng">Declare the OpenID Connect Provider in LL::NG</h3>
<div class="level3">
......@@ -427,6 +428,6 @@ So you can define for example:
</ul>
</div>
<!-- EDIT9 SECTION "Declare the OpenID Connect Provider in LL::NG" [2750-] --></div>
<!-- EDIT9 SECTION "Declare the OpenID Connect Provider in LL::NG" [3054-] --></div>
</body>
</html>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authpam</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authpam"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authpam.html"/>
<link rel="contents" href="authpam.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authpam","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#install_authenpam">Install Authen::PAM</a></div></li>
<li class="level2"><div class="li"><a href="#configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="pam">PAM</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [20-77] -->
</div>
<!-- EDIT1 SECTION "PAM" [1-78] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use <a href="https://en.wikipedia.org/wiki/Pluggable_authentication_module" class="urlextern" title="https://en.wikipedia.org/wiki/Pluggable_authentication_module" rel="nofollow">Pluggable authentication module</a> as a simple authentication backend.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [79-254] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [255-281] -->
<h3 class="sectionedit5" id="install_authenpam">Install Authen::PAM</h3>
<div class="level3">
<p>
You have to install the corresponding Perl module.
</p>
<p>
For CentOS/RHEL:
</p>
<pre class="code shell">yum install perl-Authen-PAM</pre>
<p>
In Debian/Ubuntu, install the library through apt-get command
</p>
<pre class="code shell">apt-get install libauthen-pam-perl</pre>
</div>
<!-- EDIT5 SECTION "Install Authen::PAM" [282-550] -->
<h3 class="sectionedit6" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose PAM for authentication.
</p>
<div class="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code>PAM parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for PAM module</div>
</li>
<li class="level1"><div class="li"> <strong>PAM service</strong>: the PAM service to use <em>(default: login)</em></div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Configuration of LemonLDAP::NG" [551-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:extendedfunctions</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,extendedfunctions"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="extendedfunctions.html"/>
......
......@@ -99,13 +99,13 @@
<td class="col0 centeralign"> <a href="applications/googleapps.html" class="media" title="documentation:2.0:applications:googleapps"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/cornerstone.html" class="media" title="documentation:2.0:applications:cornerstone"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col3 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> NextCloud </th><th class="col1 leftalign"> </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
<th class="col0 centeralign"> NextCloud </th><th class="col1 centeralign"> ADFS </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/adfs.html" class="media" title="documentation:2.0:applications:adfs"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [2482-2957] -->
<!-- EDIT5 TABLE [2482-3024] -->
</div>
<!-- EDIT4 PLUGIN_INCLUDE_END "documentation:2.0:applications" [0-] --></div>
<div class="level2">
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:logs</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,logs"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="logs.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:prereq</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,prereq"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="prereq.html"/>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=680699e3c0234f8feda99a5fd3910f13" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=378132ea54accc5c67c7c9ceda71bf59" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1488909673" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1489508257" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:restsessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,restsessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="restsessionbackend.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:servertoserver</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,servertoserver"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="servertoserver.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:soapminihowto</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,soapminihowto"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="soapminihowto.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:soapservices</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,soapservices"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="soapservices.html"/>
......
This diff is collapsed.
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:u2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,u2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="u2f.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:upgrade</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,upgrade"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="upgrade.html"/>
......
This diff is collapsed.
......@@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,applications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="applications.html"/>
......@@ -207,12 +207,12 @@ Les applications listées ci-dessous sont connues pour être faciles à intégre
<td class="col0 centeralign"> <a href="applications/googleapps.html" class="media" title="documentation:2.0:applications:googleapps"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/cornerstone.html" class="media" title="documentation:2.0:applications:cornerstone"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col3 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> NextCloud </th><th class="col1 leftalign"> </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
<th class="col0 centeralign"> NextCloud </th><th class="col1 centeralign"> ADFS </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/adfs.html" class="media" title="documentation:2.0:applications:adfs"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
</tr>
</table></div><!-- EDIT18 TABLE [2482-2957] -->
</table></div><!-- EDIT18 TABLE [2482-3024] -->
</div><!-- EDIT17 SECTION "SAML connectors" [2363-] -->
</div>
......
<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:applications:adfs</title><!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,applications,adfs"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="adfs.html"/>
<link rel="contents" href="adfs.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:adfs","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script><!-- //endif --><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script><!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="active_directory_federation_services">Active Directory Federation Services</h1>
<div class="level1">
<p>
<img src="microsoft-adfs.png" class="mediacenter" alt="" />
</p>
</div><!-- EDIT1 SECTION "Active Directory Federation Services" [1-100] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<p>
Microsoft ADFS (Active Directory Federation Services) is an Identity/Service Provider, compatible with several protocols, including <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0.
</p>
<div class="noteimportant">This documentation does not explains how to setup ADFS, but give only tricks to make it works with <abbr title="LemonLDAP::NG">LL::NG</abbr>
</div>
</div><!-- EDIT2 SECTION "Presentation" [101-399] -->
<h2 class="sectionedit3" id="adfs_as_identity_provider">ADFS as Identity Provider</h2>
<div class="level2">
<p>
When ADFS is declared as an Identity Provider in LemonLDAP::NG, you need to take care of the following items:
</p>
<ul>
<li class="level1"><div class="li"> HTTPS is mandatory on <abbr title="LemonLDAP::NG">LL::NG</abbr> portal</div>
</li>
<li class="level1"><div class="li"> You need to use a certificate in <abbr title="LemonLDAP::NG">LL::NG</abbr> <abbr title="Security Assertion Markup Language">SAML</abbr> metadata instead of a raw public key</div>
</li>
<li class="level1"><div class="li"> Activate option <code>Use specific query_string method</code> in <abbr title="Security Assertion Markup Language">SAML</abbr> Service</div>
</li>
<li class="level1"><div class="li"> Use SHA1 instead of SHA256 as signature algorithm on ADFS if using a Lasso version &lt; 2.5.0</div>
</li>
<li class="level1"><div class="li"> Force <abbr title="Security Assertion Markup Language">SAML</abbr> response to be sent by POST and not Artifact (signature verification fails with Artifact)</div>
</li>
<li class="level1"><div class="li"> Enable <code>Allow proxy authentication</code> in IDP options on <abbr title="LemonLDAP::NG">LL::NG</abbr> side</div>
</li>
</ul>
</div><!-- EDIT3 SECTION "ADFS as Identity Provider" [400-] -->
</div>
</body>
</html>
......@@ -74,6 +74,16 @@ Pour GLPI &gt;= 0.71, une simple configuration de GLPI suffit : Setup → Authen
Pour les versions plus anciennes, voir <a href="http://wiki.glpi-project.org/doku.php?id=en:authautoad" class="urlextern" title="http://wiki.glpi-project.org/doku.php?id=en:authautoad" rel="nofollow">http://wiki.glpi-project.org/doku.php?id=en:authautoad</a>
</p>
<p>
If you use Nginx, you need to add this in configuration:
</p>
<pre class="code file nginx">proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</pre>
</div><!-- EDIT3 SECTION "Configuration" [532-] -->
</div>
</body>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=680699e3c0234f8feda99a5fd3910f13" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=378132ea54accc5c67c7c9ceda71bf59" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1488909657" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1489508242" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......