Commit cd3e50cb authored by Xavier Guimard's avatar Xavier Guimard

Update doc (#1379)

parent 7c4748b5
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=5121361b80183f088d9f748a8b127b90" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1519247446" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1519384896" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=5121361b80183f088d9f748a8b127b90" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1519247446" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1519384896" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authrest</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authrest"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authrest.html"/>
......@@ -122,7 +122,7 @@ REST web services just have to respond with a “result” key in a JSON file. A
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Parameter </th><th class="col1 centeralign"> Query </th><th class="col2 centeralign"> Response </th>
<th class="col0 centeralign"> <abbr title="Uniform Resource Locator">URL</abbr> </th><th class="col1 centeralign"> Query </th><th class="col2 centeralign"> Response </th>
</tr>
</thead>
<tr class="row1 rowodd">
......@@ -138,7 +138,7 @@ REST web services just have to respond with a “result” key in a JSON file. A
<td class="col0 centeralign"> Password change <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,“password”:$password}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [824-1351] --><div class="notetip">To have only one call, you can set only REST authentication, set datas in “info” key response and set Null as User Database.
<!-- EDIT7 TABLE [824-1345] --><div class="notetip">To have only one call, you can set only REST authentication, set datas in “info” key response and set Null as User Database.
</div>
</div>
<!-- EDIT6 SECTION "REST Dialog" [614-] --></div>
......
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:rest2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,rest2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="rest2f.html"/>
<link rel="contents" href="rest2f.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:rest2f","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#arguments">Arguments</a></div></li>
<li class="level1"><div class="li"><a href="#rest_dialog">REST Dialog</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="rest_second_factor">REST Second Factor</h1>
<div class="level1">
<p>
This plugin can be used to add a second factor for authentication (SMS, OTP,…). It uses external web service to send and validate the second factor.
</p>
</div>
<!-- EDIT1 SECTION "REST Second Factor" [1-186] -->
<h3 class="sectionedit2" id="configuration">Configuration</h3>
<div class="level3">
<p>
All parameters are configured in “General Parameters » Portal Parameters » Second Factors » REST 2nd Factor”.
</p>
<ul>
<li class="level1"><div class="li"> <strong>Activation</strong></div>
</li>
<li class="level1"><div class="li"> <strong>Init <abbr title="Uniform Resource Locator">URL</abbr></strong> <em>(optional)</em>: REST <abbr title="Uniform Resource Locator">URL</abbr> to initialize dialog <em>(send OTP)</em>. Leave it blank if your <abbr title="Application Programming Interface">API</abbr> doesn&#039;t need any initialization</div>
</li>
<li class="level1"><div class="li"> <strong>Init arguments</strong>: list of arguments to send <em>(see below)</em></div>
</li>
<li class="level1"><div class="li"> <strong>Verify <abbr title="Uniform Resource Locator">URL</abbr></strong> <em>(required)</em>: REST <abbr title="Uniform Resource Locator">URL</abbr> to verify code</div>
</li>
<li class="level1"><div class="li"> <strong>Verify arguments</strong>: list of arguments to send <em>(see below)</em></div>
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Configuration" [187-837] -->
<h2 class="sectionedit3" id="arguments">Arguments</h2>
<div class="level2">
<p>
Arguments are a list of key/value. Key is the name of JSON entry, value is attribute or macro name.
</p>
<div class="noteimportant">For Verify <abbr title="Uniform Resource Locator">URL</abbr>, you should send $code at least
</div>
</div>
<!-- EDIT3 SECTION "Arguments" [838-1032] -->
<h2 class="sectionedit4" id="rest_dialog">REST Dialog</h2>
<div class="level2">
<p>
REST web services just have to respond with a “result” key in a JSON file. Auth/UserDB can add a “info” array to will be copied is session data (without reading “Exported variables”).
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> <abbr title="Uniform Resource Locator">URL</abbr> </th><th class="col1 centeralign"> Query </th><th class="col2 centeralign"> Response </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> Init <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,…}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> Verify <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,“code”:“$code”,…}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1243-1472] -->
</div>
<!-- EDIT4 SECTION "REST Dialog" [1033-] --></div>
</body>
</html>
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=5121361b80183f088d9f748a8b127b90" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1519247470" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1519384915" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -347,13 +347,16 @@
<td class="col0"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External Second Factor</a> <em>(OTP, SMS,…)</em> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row34 roweven">
<th class="col0"> Auth addons </th><th class="col1 centeralign"> Authentication </th><td class="col2"></td><td class="col3"></td>
<td class="col0"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST Second Factor</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row35 rowodd">
<th class="col0"> Auth addons </th><th class="col1 centeralign"> Authentication </th><td class="col2"></td><td class="col3"></td>
</tr>
<tr class="row36 roweven">
<td class="col0"> <a href="autosignin.html" class="wikilink1" title="documentation:2.0:autosignin">Auto Signin</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2"></td><td class="col3"></td>
</tr>
</table></div>
<!-- EDIT9 TABLE [2221-4313] -->
<!-- EDIT9 TABLE [2221-4378] -->
<p>
</div></div>
</p>
......@@ -397,13 +400,13 @@
<td class="col0"> <a href="issuerdbget.html" class="wikilink1" title="documentation:2.0:issuerdbget">Get parameters provider</a> <em>(for poor applications)</em> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT10 TABLE [4659-5020] -->
<!-- EDIT10 TABLE [4724-5085] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT8 SECTION "Portal" [1685-5048] -->
<!-- EDIT8 SECTION "Portal" [1685-5113] -->
<h3 class="sectionedit11" id="handlers">Handlers</h3>
<div class="level3">
......@@ -444,7 +447,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 leftalign"> </td><td class="col4 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [5287-6120] -->
<!-- EDIT12 TABLE [5352-6185] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionality.</em>
</p>
......@@ -454,7 +457,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
</p>
</div>
<!-- EDIT11 SECTION "Handlers" [5049-6243] -->
<!-- EDIT11 SECTION "Handlers" [5114-6308] -->
<h3 class="sectionedit13" id="llng_databases">LLNG databases</h3>
<div class="level3">
......@@ -500,7 +503,7 @@ Handlers are software control agents to install on your web servers <em>(Nginx,
<td class="col0 centeralign"> <a href="restconfbackend.html" class="wikilink1" title="documentation:2.0:restconfbackend">REST</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> Proxy backend to be used in conjunction with another configuration backend. <br/><strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [6542-7524] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT14 TABLE [6607-7589] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
......@@ -555,13 +558,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [8389-10068] -->
<!-- EDIT15 TABLE [8454-10133] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT13 SECTION "LLNG databases" [6244-10096] -->
<!-- EDIT13 SECTION "LLNG databases" [6309-10161] -->
<h2 class="sectionedit16" id="applications_protection">Applications protection</h2>
<div class="level2">
......@@ -590,7 +593,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT16 SECTION "Applications protection" [10097-10587] -->
<!-- EDIT16 SECTION "Applications protection" [10162-10652] -->
<h3 class="sectionedit17" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
......@@ -682,7 +685,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT17 SECTION "Well known compatible applications" [10588-12668] -->
<!-- EDIT17 SECTION "Well known compatible applications" [10653-12733] -->
<h2 class="sectionedit18" id="advanced_features">Advanced features</h2>
<div class="level2">
......@@ -735,7 +738,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT18 SECTION "Advanced features" [12669-13717] -->
<!-- EDIT18 SECTION "Advanced features" [12734-13782] -->
<h2 class="sectionedit19" id="mini_howtos">Mini howtos</h2>
<div class="level2">
......@@ -766,7 +769,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Mini howtos" [13718-14387] -->
<!-- EDIT19 SECTION "Mini howtos" [13783-14452] -->
<h2 class="sectionedit20" id="exploitation">Exploitation</h2>
<div class="level2">
......@@ -799,7 +802,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Exploitation" [14388-14808] -->
<!-- EDIT20 SECTION "Exploitation" [14453-14873] -->
<h2 class="sectionedit21" id="bug_report">Bug report</h2>
<div class="level2">
......@@ -808,7 +811,7 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT21 SECTION "Bug report" [14809-14873] -->
<!-- EDIT21 SECTION "Bug report" [14874-14938] -->
<h2 class="sectionedit22" id="developer_corner">Developer corner</h2>
<div class="level2">
......@@ -879,6 +882,6 @@ To translate this doc (Manager help):
</ul>
</div>
<!-- EDIT22 SECTION "Developer corner" [14874-] --></div>
<!-- EDIT22 SECTION "Developer corner" [14939-] --></div>
</body>
</html>
......@@ -50,6 +50,7 @@
<ul class="toc">
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#enrollment">Enrollment</a></div></li>
<li class="level1"><div class="li"><a href="#assistance">Assistance</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div></li>
</ul>
......@@ -82,7 +83,7 @@ In the manager (advanced parameters), you just have to enable it:
</li>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/totpregister.html" class="urlextern" title="https://auth.your.domain/totpregister.html" rel="nofollow">https://auth.your.domain/totpregister.html</a>)</em></div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em></div>
<li class="level1"><div class="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Issuer: default to portal hostname</div>
</li>
......@@ -96,8 +97,17 @@ In the manager (advanced parameters), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_totp2fSecret</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [634-1701] -->
<h2 class="sectionedit3" id="assistance">Assistance</h2>
<!-- EDIT2 SECTION "Configuration" [634-1815] -->
<h2 class="sectionedit3" id="enrollment">Enrollment</h2>
<div class="level2">
<p>
If you&#039;ve enabled self registration, users can get their key using <a href="https://portal/totpregister.html" class="urlextern" title="https://portal/totpregister.html" rel="nofollow">https://portal/totpregister.html</a>
</p>
</div>
<!-- EDIT3 SECTION "Enrollment" [1816-1940] -->
<h2 class="sectionedit4" id="assistance">Assistance</h2>
<div class="level2">
<p>
......@@ -105,14 +115,14 @@ If a user lost its key, you may remove it&#039;s persistent session using the se
</p>
</div>
<!-- EDIT3 SECTION "Assistance" [1702-1817] -->
<h2 class="sectionedit4" id="developer_corner">Developer corner</h2>
<!-- EDIT4 SECTION "Assistance" [1941-2056] -->
<h2 class="sectionedit5" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
If you have another TOTP registration interface, you have to populate session (using exported variables) to set these keys:
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Name </th><th class="col1"> Value </th>
......@@ -125,8 +135,8 @@ If you have another TOTP registration interface, you have to populate session (u
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1973-2091] -->
<!-- EDIT6 TABLE [2212-2330] -->
</div>
<!-- EDIT4 SECTION "Developer corner" [1818-] --></div>
<!-- EDIT5 SECTION "Developer corner" [2057-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:u2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,u2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="u2f.html"/>
......@@ -52,6 +52,7 @@
<li class="level1"><div class="li"><a href="#prerequisites_and_dependencies">Prerequisites and dependencies</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#browser_compatibility">Browser compatibility</a></div></li>
<li class="level1"><div class="li"><a href="#enrollment">Enrollment</a></div></li>
<li class="level1"><div class="li"><a href="#assistance">Assistance</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div></li>
</ul>
......@@ -94,13 +95,13 @@ In the manager (advanced parameters), you just have to enable it:
</li>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/u2fregister.html" class="urlextern" title="https://auth.your.domain/u2fregister.html" rel="nofollow">https://auth.your.domain/u2fregister.html</a>)</em></div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em></div>
<li class="level1"><div class="li"> U2F ⇒ Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
</li>
</ul>
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_u2fKeyHandle and $_u2fUserKey</code>, else U2F will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [874-1701] -->
<!-- EDIT3 SECTION "Configuration" [874-1815] -->
<h2 class="sectionedit4" id="browser_compatibility">Browser compatibility</h2>
<div class="level2">
<ul>
......@@ -121,8 +122,17 @@ In the manager (advanced parameters), you just have to enable it:
</ul>
</div>
<!-- EDIT4 SECTION "Browser compatibility" [1702-2139] -->
<h2 class="sectionedit5" id="assistance">Assistance</h2>
<!-- EDIT4 SECTION "Browser compatibility" [1816-2253] -->
<h2 class="sectionedit5" id="enrollment">Enrollment</h2>
<div class="level2">
<p>
If you&#039;ve enabled self registration, users can register their FIDO key using <a href="https://portal/u2fregister.html" class="urlextern" title="https://portal/u2fregister.html" rel="nofollow">https://portal/u2fregister.html</a>
</p>
</div>
<!-- EDIT5 SECTION "Enrollment" [2254-2387] -->
<h2 class="sectionedit6" id="assistance">Assistance</h2>
<div class="level2">
<p>
......@@ -130,14 +140,14 @@ If a user lost its key, you may remove it&#039;s persistent session using the se
</p>
</div>
<!-- EDIT5 SECTION "Assistance" [2140-2255] -->
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
<!-- EDIT6 SECTION "Assistance" [2388-2503] -->
<h2 class="sectionedit7" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
If you have another U2F registration interface, you have to populate session (using exported variables) to set these keys:
</p>
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Name </th><th class="col1"> Value </th>
......@@ -150,12 +160,12 @@ If you have another U2F registration interface, you have to populate session (us
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [2410-2528] -->
<!-- EDIT8 TABLE [2658-2776] -->
<p>
Note that both “origin” and “appId” are fixed to portal <abbr title="Uniform Resource Locator">URL</abbr>.
</p>
</div>
<!-- EDIT6 SECTION "Developer corner" [2256-] --></div>
<!-- EDIT7 SECTION "Developer corner" [2504-] --></div>
</body>
</html>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:rest2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,rest2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="rest2f.html"/>
<link rel="contents" href="rest2f.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:rest2f","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#arguments">Arguments</a></div></li>
<li class="level1"><div class="li"><a href="#rest_dialog">REST Dialog</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="rest_second_factor">REST Second Factor</h1>
<div class="level1">
<p>
This plugin can be used to add a second factor for authentication (SMS, OTP,…). It uses external web service to send and validate the second factor.
</p>
</div>
<!-- EDIT1 SECTION "REST Second Factor" [1-186] -->
<h3 class="sectionedit2" id="configuration">Configuration</h3>
<div class="level3">
<p>
All parameters are configured in “General Parameters » Portal Parameters » Second Factors » REST 2nd Factor”.
</p>
<ul>
<li class="level1"><div class="li"> <strong>Activation</strong></div>
</li>
<li class="level1"><div class="li"> <strong>Init <abbr title="Uniform Resource Locator">URL</abbr></strong> <em>(optional)</em>: REST <abbr title="Uniform Resource Locator">URL</abbr> to initialize dialog <em>(send OTP)</em>. Leave it blank if your <abbr title="Application Programming Interface">API</abbr> doesn&#039;t need any initialization</div>
</li>
<li class="level1"><div class="li"> <strong>Init arguments</strong>: list of arguments to send <em>(see below)</em></div>
</li>
<li class="level1"><div class="li"> <strong>Verify <abbr title="Uniform Resource Locator">URL</abbr></strong> <em>(required)</em>: REST <abbr title="Uniform Resource Locator">URL</abbr> to verify code</div>
</li>
<li class="level1"><div class="li"> <strong>Verify arguments</strong>: list of arguments to send <em>(see below)</em></div>
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Configuration" [187-837] -->
<h2 class="sectionedit3" id="arguments">Arguments</h2>
<div class="level2">
<p>
Arguments are a list of key/value. Key is the name of JSON entry, value is attribute or macro name.
</p>
<div class="noteimportant">For Verify <abbr title="Uniform Resource Locator">URL</abbr>, you should send $code at least
</div>
</div>
<!-- EDIT3 SECTION "Arguments" [838-1032] -->
<h2 class="sectionedit4" id="rest_dialog">REST Dialog</h2>
<div class="level2">
<p>
REST web services just have to respond with a “result” key in a JSON file. Auth/UserDB can add a “info” array to will be copied is session data (without reading “Exported variables”).
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> <abbr title="Uniform Resource Locator">URL</abbr> </th><th class="col1 centeralign"> Query </th><th class="col2 centeralign"> Response </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> Init <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,…}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> Verify <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,“code”:“$code”,…}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1243-1472] -->
</div>
<!-- EDIT4 SECTION "REST Dialog" [1033-] --></div>
</body>
</html>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment