Commit bd68e07f authored by Xavier Guimard's avatar Xavier Guimard

Add #971 doc

parent f6ba42fb
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=2b27042c7ea27b981c79c249980f9e96" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=68b5cb03080e7ca22e1a6430f03e7332" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1488279002" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1488637738" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=2b27042c7ea27b981c79c249980f9e96" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=68b5cb03080e7ca22e1a6430f03e7332" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1488279002" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1488637738" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authrest</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authrest"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authrest.html"/>
......
......@@ -52,9 +52,14 @@
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#enable_ssl_in_apache">Enable SSL in Apache</a></div></li>
<li class="level2"><div class="li"><a href="#apache_ssl_global_configuration">Apache SSL global configuration</a></div></li>
<li class="level2"><div class="li"><a href="#apache_portal_ssl_configuration">Apache portal SSL configuration</a></div></li>
<li class="level2"><div class="li"><a href="#with_apache">With Apache</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#enable_ssl_in_apache">Enable SSL in Apache</a></div></li>
<li class="level3"><div class="li"><a href="#apache_ssl_global_configuration">Apache SSL global configuration</a></div></li>
<li class="level3"><div class="li"><a href="#apache_portal_ssl_configuration">Apache portal SSL configuration</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#with_nginx">With Nginx</a></div></li>
<li class="level2"><div class="li"><a href="#configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></div></li>
<li class="level2"><div class="li"><a href="#auto_reloading_ssl_certificates">Auto reloading SSL Certificates</a></div></li>
</ul></li>
......@@ -98,9 +103,14 @@
</div>
<!-- EDIT4 SECTION "Configuration" [402-428] -->
<h3 class="sectionedit5" id="enable_ssl_in_apache">Enable SSL in Apache</h3>
<h3 class="sectionedit5" id="with_apache">With Apache</h3>
<div class="level3">
</div>
<h4 id="enable_ssl_in_apache">Enable SSL in Apache</h4>
<div class="level4">
<p>
You have to install mod_ssl for Apache.
</p>
......@@ -109,16 +119,13 @@ You have to install mod_ssl for Apache.
For CentOS/RHEL:
</p>
<pre class="code shell">yum install mod_ssl</pre>
<p>
In Debian/Ubuntu mod_ssl is already shipped in <code>apache2.2-common</code> package.
</p>
<div class="notetip">For CentOS/RHEL, We advice to disable the default SSL virtual host configured in /etc/httpd/conf.d/ssl.conf.
<div class="notetip">In Debian/Ubuntu mod_ssl is already shipped in <code>apache*-common</code> package.
</div><div class="notetip">For CentOS/RHEL, We advice to disable the default SSL virtual host configured in /etc/httpd/conf.d/ssl.conf.
</div>
</div>
<!-- EDIT5 SECTION "Enable SSL in Apache" [429-765] -->
<h3 class="sectionedit6" id="apache_ssl_global_configuration">Apache SSL global configuration</h3>
<div class="level3">
<h4 id="apache_ssl_global_configuration">Apache SSL global configuration</h4>
<div class="level4">
<p>
You can then use this default SSL configuration, for example in the head of /etc/lemonldap-ng/portal-apache2.conf:
......@@ -145,9 +152,9 @@ If you specify port in virtual host, then declare SSL port:
<span class="kw1">NameVirtualHost</span> *:<span class="nu0">443</span></pre>
</div>
<!-- EDIT6 SECTION "Apache SSL global configuration" [766-1531] -->
<h3 class="sectionedit7" id="apache_portal_ssl_configuration">Apache portal SSL configuration</h3>
<div class="level3">
<h4 id="apache_portal_ssl_configuration">Apache portal SSL configuration</h4>
<div class="level4">
<p>
Edit the portal virtual host to enable SSL double authentication:
......@@ -175,8 +182,33 @@ Here are the main options used by <abbr title="LemonLDAP::NG">LL::NG</abbr>:
</ul>
</div>
<!-- EDIT7 SECTION "Apache portal SSL configuration" [1532-2368] -->
<h3 class="sectionedit8" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<!-- EDIT5 SECTION "With Apache" [429-2399] -->
<h3 class="sectionedit6" id="with_nginx">With Nginx</h3>
<div class="level3">
<p>
Enable SSL:
</p>
<pre class="code file nginx">ssl on;
ssl_verify_client optional;
ssl_certificate /etc/letsencrypt/live/my/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my/privkey.pem;
ssl_verify_depth 3;
ssl_client_certificate /etc/nginx/ssl/ca.pem;
ssl_crl /etc/nginx/ssl/crl/my.crl;</pre>
<p>
You must also export SSL_CLIENT_S_<abbr title="Distinguished Name">DN</abbr>_CN in FastCGI params:
</p>
<pre class="code file nginx">map $ssl_client_s_dn $ssl_client_s_dn_cn {
default &quot;&quot;;
~/CN=(?&lt;CN&gt;[^/]+) $CN;
}
fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;</pre>
</div>
<!-- EDIT6 SECTION "With Nginx" [2400-2961] -->
<h3 class="sectionedit7" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
<p>
......@@ -192,13 +224,11 @@ Then, go in <code>SSL parameters</code>:
</li>
<li class="level1"><div class="li"> <strong>Extracted certificate field</strong>: field of the certificate affected to $user internal variable</div>
</li>
<li class="level1"><div class="li"> <strong>Conditional extracted certificate field</strong>: field of the certificate affected to $user internal variable depending on the certificate authority. Key is the CA <abbr title="Distinguished Name">DN</abbr>, value is the field.</div>
</li>
</ul>
</div>
<!-- EDIT8 SECTION "Configuration of LemonLDAP::NG" [2369-2982] -->
<h3 class="sectionedit9" id="auto_reloading_ssl_certificates">Auto reloading SSL Certificates</h3>
<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [2962-3387] -->
<h3 class="sectionedit8" id="auto_reloading_ssl_certificates">Auto reloading SSL Certificates</h3>
<div class="level3">
<p>
......@@ -302,9 +332,9 @@ $('.enteteBouton').click( function (e) {
});
<span class="sc2">&lt;<span class="sy0">/</span><a href="http://december.com/html/4/element/script.html"><span class="kw2">script</span></a>&gt;</span>
<span class="sc2">&lt;<span class="sy0">/</span><a href="http://december.com/html/4/element/body.html"><span class="kw2">body</span></a>&gt;</span></pre>
<div class="notewarning">It is incompatible with authentication chaining (see Stack Multiple backends), because of Apache parameter “SSLVerifyClient”, which must have the value “require”
<div class="notewarning">It is incompatible with authentication combination because of Apache parameter “SSLVerifyClient”, which must have the value “require”
</div>
</div>
<!-- EDIT9 SECTION "Auto reloading SSL Certificates" [2983-] --></div>
<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [3388-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:nodehandler</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,nodehandler"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="nodehandler.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:notifications</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,notifications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="notifications.html"/>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=2b27042c7ea27b981c79c249980f9e96" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=68b5cb03080e7ca22e1a6430f03e7332" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1488279020" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1488637753" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
server_to_server.0fea6a13c52b4d4725368f24b045ca84.png
\ No newline at end of file
server_to_server.0fea6a13c52b4d4725368f24b045ca84.png
\ No newline at end of file
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>documentation:2.0:server_to_server.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="servertoserver.html"/>
<link rel="contents" href="servertoserver.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> documentation:2.0:server_to_server.png </h1>
<div class="content">
<a href="server_to_server.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="867" height="542" class="img_detail" alt="server_to_server.png" title="server_to_server.png" src="server_to_server.5462faf15ddb078d04b190542596d5c2.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> server_to_server.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2017/03/04 15:16</dd><dt>Filename:</dt><dd>server_to_server.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>52KB</dd><dt>Width:</dt><dd>867</dd><dt>Height:</dt><dd>542</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="servertoserver.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:servertoserver [B]">Back to documentation:2.0:servertoserver</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:servertoserver</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,servertoserver"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="servertoserver.html"/>
<link rel="contents" href="servertoserver.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:servertoserver","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="handling_server_webservice_calls">Handling server webservice calls</h1>
<div class="level1">
<p>
In modern applications, web application may need to call some other web application on behalf of the connected users. There is three way to do it: the ugly and the smart.
</p>
<p>
The ugly consists to give the cookie value to the webapp 1 which use it in cookie header of its request. Since version 2.0, LLNG gives a better way to do it using tokens with limited scope.
</p>
<p>
<a href="server_to_server.png_documentation_2.0_servertoserver.html" class="media" title="documentation:2.0:server_to_server.png"><img src="server_to_server.png" class="media" title="Kinematic" alt="Kinematic" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Handling server webservice calls" [1-447] -->
<h2 class="sectionedit2" id="webapp1_handler_configuration">Webapp1 handler configuration</h2>
<div class="level2">
<p>
Insert a header containing this value:
</p>
<pre class="code file perl">token<span class="br0">&#40;</span> <span class="re0">$_session_id</span><span class="sy0">,</span> <span class="st_h">'webapp2.example.com'</span><span class="sy0">,</span> <span class="st_h">'webapp3.example.com'</span> <span class="br0">&#41;</span></pre>
<p>
Webapp1 can read this header and use it in its requests in the <code>X-Llng-Token</code> header. The token is build using the session ID and the list of authorized virtualhosts. The token is available only 30 and only the listed virtualhosts.
</p>
</div>
<!-- EDIT2 SECTION "Webapp1 handler configuration" [448-854] -->
<h2 class="sectionedit3" id="webapp2_handler_configuration">Webapp2 handler configuration</h2>
<div class="level2">
<p>
Change handler type to “ServiceToken”. So it is able to manage both user and server connections. And that&#039;s all !
</p>
<div class="noteimportant">If you use “Server” platform (Nginx), don&#039;t forget to give the <code>X-Llng-Token</code> header to the FastCGI handler (formatted as <code>HTTP_X_LLNG_TOKEN</code>).
</div>
</div>
<!-- EDIT3 SECTION "Webapp2 handler configuration" [855-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:soapservices</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,soapservices"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="soapservices.html"/>
......
......@@ -585,6 +585,8 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</li>
<li class="level1"><div class="li"> <a href="devopshandler.html" class="wikilink1" title="documentation:2.0:devopshandler">DevOps Handler</a></div>
</li>
<li class="level1"><div class="li"> <a href="servertoserver.html" class="wikilink1" title="documentation:2.0:servertoserver">Handling server webservice calls</a></div>
</li>
<li class="level1"><div class="li"> <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a></div>
</li>
<li class="level1"><div class="li"> <a href="loginhistory.html" class="wikilink1" title="documentation:2.0:loginhistory">Login history</a></div>
......@@ -600,7 +602,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT18 SECTION "Advanced features" [9292-10173] -->
<!-- EDIT18 SECTION "Advanced features" [9292-10229] -->
<h2 class="sectionedit19" id="mini_howtos">Mini howtos</h2>
<div class="level2">
......@@ -631,7 +633,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Mini howtos" [10174-10843] -->
<!-- EDIT19 SECTION "Mini howtos" [10230-10899] -->
<h2 class="sectionedit20" id="exploitation">Exploitation</h2>
<div class="level2">
......@@ -664,7 +666,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Exploitation" [10844-11264] -->
<!-- EDIT20 SECTION "Exploitation" [10900-11320] -->
<h2 class="sectionedit21" id="developer_corner">Developer corner</h2>
<div class="level2">
......@@ -715,6 +717,6 @@ To translate this doc (Manager help):
</ul>
</div>
<!-- EDIT21 SECTION "Developer corner" [11265-] --></div>
<!-- EDIT21 SECTION "Developer corner" [11321-] --></div>
</body>
</html>
......@@ -15,7 +15,7 @@ sub fetchId {
$class->userLogger->error('Bad token');
return 0;
}
unless ( $t <= time and $t > time - 15 ) {
unless ( $t <= time and $t > time - 30 ) {
$class->userLogger->warn('Expired token');
return 0;
}
......
......@@ -15900,14 +15900,6 @@ $cgi-&gt;authorize();
<seg>Auth-Cn: $cn</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>In Debian/Ubuntu mod_ssl is already shipped in apache2.2-common package.</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120221T065635Z" changeid="xavier">
<seg>Dans Debian/Ubuntu mod_ssl est installé avec le paquet apache2.2-common.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>As you may have guessed, these accounts are famous characters from the TV show Doctor Who.</seg>
......@@ -31756,14 +31748,6 @@ Le nouveau rôle doit-il être autorisé à créer de nouveaux rôles ?</seg>
<seg>error : si l'utilisateur n'a pas accès, une erreur est affichée sur le portail, l'utilisateur n'est pas redirigé vers le service CAS</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>It is incompatible with authentication chaining (see Stack Multiple backends), because of Apache parameter “SSLVerifyClient”, which must have the value “require”</seg>
</tuv>
<tuv lang="FR-FR" changedate="20160229T214047Z" changeid="xavier">
<seg>Ce n'est pas compatible avec une chaîne d'authentification (voir Empiler plusieurs backends), en raison du paramètre Apache “SSLVerifyClient”, qui doit être mis à la valeur “require”</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>See also general kinematics presentation.</seg>
......@@ -15900,14 +15900,6 @@ server {</seg>
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>Auth-Cn<ept i='0'>&lt;/s0&gt;</ept>: $cn</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>In Debian/Ubuntu mod_ssl is already shipped in <bpt i='0' x='0'>&lt;c0&gt;</bpt>apache2.2-common<ept i='0'>&lt;/c0&gt;</ept> package.</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20120221T065635Z" changeid="xavier">
<seg>Dans Debian/Ubuntu mod_ssl est installé avec le paquet <bpt i='0' x='0'>&lt;c0&gt;</bpt>apache2.2-common<ept i='0'>&lt;/c0&gt;</ept>.</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>As you may have guessed, these accounts are famous characters from the TV show <bpt i='0' x='0'>&lt;a0&gt;</bpt>Doctor Who<ept i='0'>&lt;/a0&gt;</ept>.</seg>
......@@ -31756,14 +31748,6 @@ Le nouveau rôle doit-il être autorisé à créer de nouveaux rôles ?</seg>
<seg><bpt i='0' x='0'>&lt;s0&gt;</bpt>error<ept i='0'>&lt;/s0&gt;</ept> : si l'utilisateur n'a pas accès, une erreur est affichée sur le portail, l'utilisateur n'est pas redirigé vers le service <bpt i='1' x='1'>&lt;a1&gt;</bpt>CAS<ept i='1'>&lt;/a1&gt;</ept></seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>It is incompatible with authentication chaining (see Stack Multiple backends), because of Apache parameter “SSLVerifyClient”, which must have the value “require”</seg>
</tuv>
<tuv xml:lang="FR-FR" changedate="20160229T214047Z" changeid="xavier">
<seg>Ce n'est pas compatible avec une chaîne d'authentification (voir Empiler plusieurs backends), en raison du paramètre Apache “SSLVerifyClient”, qui doit être mis à la valeur “require”</seg>
</tuv>
</tu>
<tu>
<tuv xml:lang="EN-US">
<seg>See also <bpt i='0' x='0'>&lt;a0&gt;</bpt>general kinematics presentation<ept i='0'>&lt;/a0&gt;</ept>.</seg>
......@@ -15900,14 +15900,6 @@ server {</seg>
<seg>&lt;s0&gt;Auth-Cn&lt;/s0&gt;: $cn</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>In Debian/Ubuntu mod_ssl is already shipped in &lt;c0&gt;apache2.2-common&lt;/c0&gt; package.</seg>
</tuv>
<tuv lang="FR-FR" changedate="20120221T065635Z" changeid="xavier">
<seg>Dans Debian/Ubuntu mod_ssl est installé avec le paquet &lt;c0&gt;apache2.2-common&lt;/c0&gt;.</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>As you may have guessed, these accounts are famous characters from the TV show &lt;a0&gt;Doctor Who&lt;/a0&gt;.</seg>
......@@ -31756,14 +31748,6 @@ Le nouveau rôle doit-il être autorisé à créer de nouveaux rôles ?</seg>
<seg>&lt;s0&gt;error&lt;/s0&gt; : si l'utilisateur n'a pas accès, une erreur est affichée sur le portail, l'utilisateur n'est pas redirigé vers le service &lt;a1&gt;CAS&lt;/a1&gt;</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>It is incompatible with authentication chaining (see Stack Multiple backends), because of Apache parameter “SSLVerifyClient”, which must have the value “require”</seg>
</tuv>
<tuv lang="FR-FR" changedate="20160229T214047Z" changeid="xavier">
<seg>Ce n'est pas compatible avec une chaîne d'authentification (voir Empiler plusieurs backends), en raison du paramètre Apache “SSLVerifyClient”, qui doit être mis à la valeur “require”</seg>
</tuv>
</tu>
<tu>
<tuv lang="EN-US">
<seg>See also &lt;a0&gt;general kinematics presentation&lt;/a0&gt;.</seg>
This diff is collapsed.
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=2b27042c7ea27b981c79c249980f9e96" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=68b5cb03080e7ca22e1a6430f03e7332" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1488279002" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1488637738" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=2b27042c7ea27b981c79c249980f9e96" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=68b5cb03080e7ca22e1a6430f03e7332" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1488279002" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1488637738" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -11,7 +11,7 @@
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authrest"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authrest.html"/>
......
......@@ -53,9 +53,14 @@
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#enable_ssl_in_apache">Activer SSL dans Apache</a></div></li>
<li class="level2"><div class="li"><a href="#apache_ssl_global_configuration">Configuration globale de ssl dans Apache</a></div></li>
<li class="level2"><div class="li"><a href="#apache_portal_ssl_configuration">Configuration SSL du portail dans Apache</a></div></li>
<li class="level2"><div class="li"><a href="#with_apache">With Apache</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#enable_ssl_in_apache">Activer SSL dans Apache</a></div></li>
<li class="level3"><div class="li"><a href="#apache_ssl_global_configuration">Configuration globale de ssl dans Apache</a></div></li>
<li class="level3"><div class="li"><a href="#apache_portal_ssl_configuration">Configuration SSL du portail dans Apache</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#with_nginx">With Nginx</a></div></li>
<li class="level2"><div class="li"><a href="#configuration_of_lemonldapng">Configuration de LemonLDAP::NG</a></div></li>
<li class="level2"><div class="li"><a href="#auto_reloading_ssl_certificates">Rechargement automatique des certificats SSL</a></div></li>
</ul></li>
......@@ -99,9 +104,14 @@
</div><!-- EDIT4 SECTION "Configuration" [402-428] -->
<h3 class="sectionedit5" id="enable_ssl_in_apache">Activer SSL dans Apache</h3>
<h3 class="sectionedit5" id="with_apache">With Apache</h3>
<div class="level3">
</div>
<h4 id="enable_ssl_in_apache">Activer SSL dans Apache</h4>
<div class="level4">
<p>
Installer mod_ssl pour Apache.
</p>
......@@ -110,16 +120,14 @@ Installer mod_ssl pour Apache.
Pour CentOS/RHEL :
</p>
<pre class="code shell">yum install mod_ssl</pre>
<div class="notetip">In Debian/Ubuntu mod_ssl is already shipped in <code>apache*-common</code> package.
<p>
Dans Debian/Ubuntu mod_ssl est installé avec le paquet <code>apache2.2-common</code>.
</p>
<div class="notetip">Pour CentOS/RHEL, il est recommandé de désactiver l'hôte virtuel SSL par défaut configuré dans /etc/httpd/conf.d/ssl.conf.
</div><div class="notetip">Pour CentOS/RHEL, il est recommandé de désactiver l'hôte virtuel SSL par défaut configuré dans /etc/httpd/conf.d/ssl.conf.
</div>
</div>
</div><!-- EDIT5 SECTION "Enable SSL in Apache" [429-765] -->
<h3 class="sectionedit6" id="apache_ssl_global_configuration">Configuration globale de ssl dans Apache</h3>
<div class="level3">
<h4 id="apache_ssl_global_configuration">Configuration globale de ssl dans Apache</h4>
<div class="level4">
<p>
Il est possible d'utiliser cette configuration SSL par défaut, par exemple en tête de /etc/lemonldap-ng/portal-apache2.conf :
......@@ -145,10 +153,10 @@ SI le port est spécifié, déclarer le port SSL :
<pre class="code file apache"><span class="kw1">NameVirtualHost</span> *:<span class="nu0">80</span>
<span class="kw1">NameVirtualHost</span> *:<span class="nu0">443</span></pre>
</div><!-- EDIT6 SECTION "Apache SSL global configuration" [766-1531] -->
</div>
<h3 class="sectionedit7" id="apache_portal_ssl_configuration">Configuration SSL du portail dans Apache</h3>
<div class="level3">
<h4 id="apache_portal_ssl_configuration">Configuration SSL du portail dans Apache</h4>
<div class="level4">
<p>
Éditer l'hôte virtuel du portail pour activer la double authentification SSL :
......@@ -175,9 +183,38 @@ Ci-dessous les principales options utilisées par <abbr title="LemonLDAP::NG">LL
</li>