Commit ea00b9d6 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

New FR doc

parent a38386f0
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>LemonLDAP::NG offline documentation</title>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css"/>
</head>
<body>
<div class="container text-center">
<h1>LemonLDAP::NG offline documentation</h1>
<hr />
<a href="pages/documentation/current/start.html" class="btn btn-lg btn-primary">Documentation</a>
</div>
</body>
</html>
<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:activedirectoryminihowto</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,activedirectoryminihowto"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="activedirectoryminihowto.html"/>
<link rel="contents" href="activedirectoryminihowto.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:activedirectoryminihowto","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="using_lemonldapng_with_active-directory">Utiliser Lemonldap::NG avec Active-Directory</h1>
<div class="level1">
</div><!-- EDIT1 SECTION "Using LemonLDAP::NG with Active-Directory" [1-57] -->
<h2 class="sectionedit2" id="authentication_with_loginpassword">Authentification par nom-de-compte/mot-de-passe</h2>
<div class="level2">
<p>
Pour utiliser Active Directory comme serveur LDAP, vous devez effectuer quelques modifications dans le manager :
</p>
<ul>
<li class="level1"><div class="li"> Utiliser “Active Directory” comme systèmes d'authentification, de gestion des utilisateurs et des mots-de-passe,</div>
</li>
<li class="level1"><div class="li"> Exporter sAMAccountName dans la liste des <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">variables exportées</a></div>
</li>
<li class="level1"><div class="li"> Changer l'attribut utilisateur à stocker dans les journaux d'Apache <em>(“Paramètres généraux » Journaux » REMOTE_USER”)</em> : utiliser la variable ci-dessus</div>
</li>
</ul>
</div><!-- EDIT2 SECTION "Authentication with login/password" [58-494] -->
<h2 class="sectionedit3" id="authentication_with_kerberos">Authentification avec Kerberos</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Choisir “Apache” comme module d'authentification <em>(“Paramètres généraux » Modules d'authentification » Module d'authentification”)</em></div>
</li>
<li class="level1"><div class="li"> <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">Configurer le serveur Apache</a> qui héberge le portail utilisant le module d'authentification Kerberos d'Apache</div>
</li>
</ul>
</div><!-- EDIT3 SECTION "Authentication with Kerberos" [495-] -->
</div>
</body>
</html>
<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:applications</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="applications.html"/>
<link rel="contents" href="applications.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:applications","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container"><!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#known_supported_applications">Applications connues pour être supportées</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#mail_agenda_groupware">Mail, Agenda, Groupware</a></div></li>
<li class="level2"><div class="li"><a href="#wiki">Wiki</a></div></li>
<li class="level2"><div class="li"><a href="#cms_portal_ecm">CMS, Portal, ECM</a></div></li>
<li class="level2"><div class="li"><a href="#bugtracker_service_management">Bugtracker, gestion de services</a></div></li>
<li class="level2"><div class="li"><a href="#other">Autres</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#frameworks">Frameworks</a></div></li>
<li class="level1"><div class="li"><a href="#connectors">Connecteurs</a></div></li>
<li class="level1"><div class="li"><a href="#saml_connectors">Connecteurs SAML</a></div></li>
</ul>
</div>
</div><!-- TOC END -->
<h1 class="sectionedit1" id="applications">Applications</h1>
<div class="level1">
</div><!-- EDIT1 SECTION "Applications" [1-28] -->
<h2 class="sectionedit2" id="known_supported_applications">Applications connues pour être supportées</h2>
<div class="level2">
<p>
Les applications listées ci-dessous sont connues pour être faciles à intégrer à <abbr title="LemonLDAP::NG">LL::NG</abbr>. Comme <abbr title="LemonLDAP::NG">LL::NG</abbr> fonctionne comme un WebSSO classique (tel Siteminder™), de nombreuses applications sont faciles à integrer.
</p>
</div><!-- EDIT2 SECTION "Known supported applications" [29-248] -->
<h3 class="sectionedit3" id="mail_agenda_groupware">Mail, Agenda, Groupware</h3>
<div class="level3">
<div class="table sectionedit4"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> OBM </th><th class="col1 centeralign"> Sympa </th><th class="col2 centeralign"> Zimbra </th><th class="col3 centeralign"> RoundCube </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/obm.html" class="media" title="documentation:2.0:applications:obm"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/sympa.html" class="media" title="documentation:2.0:applications:sympa"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col3 centeralign"> <a href="applications/roundcube.html" class="media" title="documentation:2.0:applications:roundcube"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
</table></div><!-- EDIT4 TABLE [284-580] -->
</div><!-- EDIT3 SECTION "Mail, Agenda, Groupware" [249-581] -->
<h3 class="sectionedit5" id="wiki">Wiki</h3>
<div class="level3">
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Dokuwiki </th><th class="col1 centeralign"> Mediawiki </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/dokuwiki.html" class="media" title="documentation:2.0:applications:dokuwiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/mediawiki.html" class="media" title="documentation:2.0:applications:mediawiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
</table></div><!-- EDIT6 TABLE [598-764] -->
</div><!-- EDIT5 SECTION "Wiki" [582-765] -->
<h3 class="sectionedit7" id="cms_portal_ecm">CMS, Portal, ECM</h3>
<div class="level3">
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Drupal </th><th class="col1 centeralign"> Liferay </th><th class="col2 centeralign"> Alfresco </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/drupal.html" class="media" title="documentation:2.0:applications:drupal"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/liferay.html" class="media" title="documentation:2.0:applications:liferay"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/alfresco.html" class="media" title="documentation:2.0:applications:alfresco"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
</table></div><!-- EDIT8 TABLE [794-1029] -->
</div><!-- EDIT7 SECTION "CMS, Portal, ECM" [766-1030] -->
<h3 class="sectionedit9" id="bugtracker_service_management">Bugtracker, gestion de services</h3>
<div class="level3">
<div class="table sectionedit10"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Bugzilla </th><th class="col1 centeralign"> GLPI </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/bugzilla.html" class="media" title="documentation:2.0:applications:bugzilla"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/glpi.html" class="media" title="documentation:2.0:applications:glpi"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td>
</tr>
</table></div><!-- EDIT10 TABLE [1073-1229] -->
</div><!-- EDIT9 SECTION "Bugtracker, Service Management" [1031-1230] -->
<h3 class="sectionedit11" id="other">Autres</h3>
<div class="level3">
<div class="table sectionedit12"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> GRR </th><th class="col1 centeralign"> phpLDAPadmin </th><th class="col2 centeralign"> LimeSurvey </th><th class="col3 centeralign"> SAP </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/grr.html" class="media" title="documentation:2.0:applications:grr"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/phpldapadmin.html" class="media" title="documentation:2.0:applications:phpldapadmin"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/limesurvey.html" class="media" title="documentation:2.0:applications:limesurvey"><img src="icons/kmultiple.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col3 centeralign"> <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="media" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" rel="nofollow"><img src="icons/kmultiple.png" class="media" title="SAP" alt="SAP" /></a> </td>
</tr>
</table></div><!-- EDIT12 TABLE [1248-1651] -->
</div><!-- EDIT11 SECTION "Other" [1231-1652] -->
<h2 class="sectionedit13" id="frameworks">Frameworks</h2>
<div class="level2">
<div class="table sectionedit14"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Java (Spring) </th><th class="col1 centeralign"> Python (Django) </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/spring.html" class="media" title="documentation:2.0:applications:spring"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/django.html" class="media" title="documentation:2.0:applications:django"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
</table></div><!-- EDIT14 TABLE [1677-1844] -->
</div><!-- EDIT13 SECTION "Frameworks" [1653-1845] -->
<h2 class="sectionedit15" id="connectors">Connecteurs</h2>
<div class="level2">
<div class="table sectionedit16"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> HTTP Auth-Basic </th><th class="col1 centeralign"> Tomcat </th><th class="col2 centeralign"> Nginx </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/authbasic.html" class="media" title="documentation:2.0:applications:authbasic"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/tomcat.html" class="media" title="documentation:2.0:applications:tomcat"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/nginx.html" class="media" title="documentation:2.0:applications:nginx"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign" colspan="3"> Quelques applications l'utilisant </th>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="http://en.wikipedia.org/wiki/Outlook_Web_App" class="urlextern" title="http://en.wikipedia.org/wiki/Outlook_Web_App" rel="nofollow">Outlook Web App</a> <br/>
<a href="http://en.wikipedia.org/wiki/IBM_Lotus_iNotes" class="urlextern" title="http://en.wikipedia.org/wiki/IBM_Lotus_iNotes" rel="nofollow">IBM Lotus iNotes</a> </td><td class="col1 centeralign"> <a href="http://www.lambdaprobe.org" class="urlextern" title="http://www.lambdaprobe.org" rel="nofollow">Probe</a> <br/>
<a href="http://fr.lutece.paris.fr" class="urlextern" title="http://fr.lutece.paris.fr" rel="nofollow">Lutece</a> </td><td class="col2"> </td>
</tr>
</table></div><!-- EDIT16 TABLE [1870-2361] -->
</div><!-- EDIT15 SECTION "Connectors" [1846-2362] -->
<h2 class="sectionedit17" id="saml_connectors">Connecteurs SAML</h2>
<div class="level2">
<div class="noteclassic">Ceci nécessite de configurer <abbr title="LemonLDAP::NG">LL::NG</abbr> comme <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">fournisseur d'identité SAML</a>.
</div><div class="table sectionedit18"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Google Apps </th><th class="col1 centeralign"> Cornerstone </th><th class="col2 centeralign"> SalesForce </th><th class="col3 centeralign"> simpleSAMLphp </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/googleapps.html" class="media" title="documentation:2.0:applications:googleapps"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/cornerstone.html" class="media" title="documentation:2.0:applications:cornerstone"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col3 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> NextCloud </th><th class="col1 leftalign"> </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
</tr>
</table></div><!-- EDIT18 TABLE [2482-2957] -->
</div><!-- EDIT17 SECTION "SAML connectors" [2363-] -->
</div>
</body>
</html>
<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:applications:alfresco</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,alfresco"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="alfresco.html"/>
<link rel="contents" href="alfresco.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:alfresco","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container"><!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#alfresco1">Alfresco</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#other_resources">Autres documents</a></div></li>
</ul>
</div>
</div><!-- TOC END -->
<h1 class="sectionedit1" id="alfresco">Alfresco</h1>
<div class="level1">
<p>
<img src="alfresco_logo.png" class="mediacenter" alt="" />
</p>
</div><!-- EDIT1 SECTION "Alfresco" [1-71] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<p>
<a href="https://www.alfresco.com/" class="urlextern" title="https://www.alfresco.com/" rel="nofollow">Alfresco</a> est un logiciel ECM/BPM.
</p>
<p>
Depuis la version 4.0, il permet facilement de configurer un <abbr title="Authentification unique (Single Sign On)">SSO</abbr> grace au sous-système d'authentification.
</p>
<div class="noteimportant">Pour les versions plus anciennes, se référer à cette documentation : <a href="https://wiki.alfresco.com/wiki/SSO" class="urlextern" title="https://wiki.alfresco.com/wiki/SSO" rel="nofollow">https://wiki.alfresco.com/wiki/SSO</a>
</div>
</div><!-- EDIT2 SECTION "Presentation" [72-395] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div><!-- EDIT3 SECTION "Configuration" [396-422] -->
<h3 class="sectionedit4" id="alfresco1">Alfresco</h3>
<div class="level3">
<div class="notetip">La documentation officielle se trouve ici : <a href="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" class="urlextern" title="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" rel="nofollow">http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html</a>
</div>
<p>
Les fichiers suivants sont nécessaires dans l'installation Alfresco :
</p>
<ul>
<li class="level1"><div class="li"> <code>alfresco-global.properties</code> (ex: <code>tomcat/shared/classes/alfresco-global.properties</code>)</div>
</li>
<li class="level1"><div class="li"> <code>share-config-custom.xml</code> (ex: <code>tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml</code>)</div>
</li>
</ul>
<p>
Le premier autorise la configuration du <abbr title="Authentification unique (Single Sign On)">SSO</abbr> pour la webapp Alfresco et l'autre pour la webapp partagée.
</p>
<p>
Éditer d'abord <code>alfresco-global.properties</code> et ajouter :
</p>
<pre class="code file java">### SSO ###
authentication.<span class="me1">chain</span><span class="sy0">=</span>external1<span class="sy0">:</span>external
external.<span class="me1">authentication</span>.<span class="me1">enabled</span><span class="sy0">=</span><span class="kw2">true</span>
external.<span class="me1">authentication</span>.<span class="me1">defaultAdministratorUserNames</span><span class="sy0">=</span>
external.<span class="me1">authentication</span>.<span class="me1">proxyUserName</span><span class="sy0">=</span>
external.<span class="me1">authentication</span>.<span class="me1">proxyHeader</span><span class="sy0">=</span>Auth<span class="sy0">-</span>User
external.<span class="me1">authentication</span>.<span class="me1">userIdPattern</span><span class="sy0">=</span></pre>
<p>
Éditer ensuite <code>share-config-custom.xml</code> et décommenter la dernière partie. Dans le "<code>&lt;endpoint&gt;</code>", changer la valeur de <code>&lt;connector-id&gt;</code> en <code>alfrescoHeader</code> et changer la valeur de <code>&lt;userHeader&gt;</code> en <code>Auth-User</code> :
</p>
<pre class="code file xml"> <span class="sc3"><span class="re1">&lt;config</span> <span class="re0">evaluator</span>=<span class="st0">"string-compare"</span> <span class="re0">condition</span>=<span class="st0">"Remote"</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;remote<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;keystore<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>alfresco/web-extension/alfresco-system.p12<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;type<span class="re2">&gt;</span></span></span>pkcs12<span class="sc3"><span class="re1">&lt;/type<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;password<span class="re2">&gt;</span></span></span>alfresco-system<span class="sc3"><span class="re1">&lt;/password<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/keystore<span class="re2">&gt;</span></span></span>
&nbsp;
<span class="sc3"><span class="re1">&lt;connector<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;id<span class="re2">&gt;</span></span></span>alfrescoCookie<span class="sc3"><span class="re1">&lt;/id<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;name<span class="re2">&gt;</span></span></span>Alfresco Connector<span class="sc3"><span class="re1">&lt;/name<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;description<span class="re2">&gt;</span></span></span>Connects to an Alfresco instance using cookie-based authentication<span class="sc3"><span class="re1">&lt;/description<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;class<span class="re2">&gt;</span></span></span>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector<span class="sc3"><span class="re1">&lt;/class<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/connector<span class="re2">&gt;</span></span></span>
&nbsp;
<span class="sc3"><span class="re1">&lt;connector<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;id<span class="re2">&gt;</span></span></span>alfrescoHeader<span class="sc3"><span class="re1">&lt;/id<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;name<span class="re2">&gt;</span></span></span>Alfresco Connector<span class="sc3"><span class="re1">&lt;/name<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;description<span class="re2">&gt;</span></span></span>Connects to an Alfresco instance using header and cookie-based authentication<span class="sc3"><span class="re1">&lt;/description<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;class<span class="re2">&gt;</span></span></span>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector<span class="sc3"><span class="re1">&lt;/class<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;userHeader<span class="re2">&gt;</span></span></span>Auth-User<span class="sc3"><span class="re1">&lt;/userHeader<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/connector<span class="re2">&gt;</span></span></span>
&nbsp;
<span class="sc3"><span class="re1">&lt;endpoint<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;id<span class="re2">&gt;</span></span></span>alfresco<span class="sc3"><span class="re1">&lt;/id<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;name<span class="re2">&gt;</span></span></span>Alfresco - user access<span class="sc3"><span class="re1">&lt;/name<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;description<span class="re2">&gt;</span></span></span>Access to Alfresco Repository WebScripts that require user authentication<span class="sc3"><span class="re1">&lt;/description<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;connector-id<span class="re2">&gt;</span></span></span>alfrescoHeader<span class="sc3"><span class="re1">&lt;/connector-id<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;endpoint-url<span class="re2">&gt;</span></span></span>http://localhost:8080/alfresco/wcs<span class="sc3"><span class="re1">&lt;/endpoint-url<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;identity<span class="re2">&gt;</span></span></span>user<span class="sc3"><span class="re1">&lt;/identity<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;external-auth<span class="re2">&gt;</span></span></span>true<span class="sc3"><span class="re1">&lt;/external-auth<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/endpoint<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/remote<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/config<span class="re2">&gt;</span></span></span></pre>
<p>
Un redémarrage de Tomcat est nécessaire pour appliquer les changements.
</p>
<div class="notewarning">On peut ensuite se connecter avec un simple en-tête HTTP. Il faut restreindre l'accès à Alfresco à <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</div>
</div><!-- EDIT4 SECTION "Alfresco" [423-3119] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
<p>
Renseigner simplement l'en-tête <code>Auth-User</code> avec l'attribut qui contient le nom de login, par exemple <code>$uid</code>.
</p>
<p>
On peut intercepter les déconnexions avec cette règle : <code>^/share/page/dologout ⇒ logout_app_sso</code>
</p>
</div><!-- EDIT5 SECTION "LL::NG" [3120-3332] -->
<h2 class="sectionedit6" id="other_resources">Autres documents</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="https://www.youtube.com/watch?v=5tS0XrC_-rw" class="urlextern" title="https://www.youtube.com/watch?v=5tS0XrC_-rw" rel="nofollow">DevCon 2012: Unlocking the Secrets of Alfresco Authentication, Mehdi Belmekki</a></div>
</li>
</ul>
</div><!-- EDIT6 SECTION "Other resources" [3333-] -->
</div>
</body>
</html>
<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:applications:authbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,authbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authbasic.html"/>
<link rel="contents" href="authbasic.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:authbasic","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="http_basic_authentication">Authentification basique HTTP</h1>
<div class="level1">
<p>
<a href="http_logo.png_documentation_2.0_applications_authbasic.html" class="media" title="applications:http_logo.png"><img src="http_logo.png" class="mediacenter" alt="" /></a>
</p>
</div><!-- EDIT1 SECTION "HTTP Basic Authentication" [1-77] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<div class="noteimportant">Pour l'instant, cette fonctionnalité n'est offerte qu'avec le handler Apache.
</div>
<p>
Extrait de <a href="http://fr.wikipedia.org/wiki/HTTP_Authentification" class="urlextern" title="http://fr.wikipedia.org/wiki/HTTP_Authentification" rel="nofollow">l'article Wikipedia</a>:
</p>
<p>
</p><blockquote>
Dans le contexte d'une transaction HTTP, l'authentification basique est une méthode qui permet au navigateur ou un autre programme client de fournir des éléments d'authentification – sous la forme d'un nom et d'un mot de passe – à chaque requête.
</p>
<p>
Avant la transmission, le nom et le mot de passe sont encodés en base-64. Par exemple, le nom Aladdin et le mot-de-passe "open sesame" vont être assemblés en "Aladdin:open sesame" – dont l'équivalent est QWxhZGRpbjpvcGVuIHNlc2FtZQ== en Base64. Un petit effort est requis pour décoder ces chaînes et de nombreux outils de sécurité les décodent à la volée.
</blockquote>
</p>
<p>
Ainsi l'authentification basique HTTP est gérée par des en-têtes HTTP (<code>Autorisation</code>), qui peut être générée par <abbr title="LemonLDAP::NG">LL::NG</abbr>, avec les précautions suivantes :
</p>
<ul>
<li class="level1"><div class="li"> Les données ne doivent pas contenir de caractères spéciaux, car le protocole HTTP n'autorise que les caractères <abbr title="American Standard Code for Information Interchange">ASCII</abbr> dans les en-têtes (mais suivant le serveur HTTP, vous pouvez utiliser des valeurs encodées ISO)</div>
</li>
<li class="level1"><div class="li"> Il est nécessaire d'exporter le mot-de-passe, qui peut être le mot-de-passe principal de l'utilisateur (si <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">le mot-de-passe est stocké dans la session</a>, ou n'importe quel attribut utilisateur (si d'autres mots-de-passe sont stockés dans la base de données des utilisateurs).</div>
</li>
</ul>
</div><!-- EDIT2 SECTION "Presentation" [78-1535] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
L'authentification basique est portée par un en-tête HTTP spécifique, tel que décrit ci-dessous. Il suffit donc de déclarer cet en-tête pour l'hôte virtuel dans le manager.
</p>
<p>
Par exemple, pour exporter l'identifiant (<code>$uid</code>) et le mot-de-passe (<code>$_password</code> si <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">le mot-de-passe est stocké dans la session</a>):
</p>
<pre class="code">Authorization =&gt; "Basic ".encode_base64("$uid:$_password")</pre>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> fournit une fonction spéciale nommée <a href="../extendedfunctions.html#basic" class="wikilink1" title="documentation:2.0:extendedfunctions">basic</a> pour construire cet en-tête.
</p>
<p>
Ainsi l'exemple ci-dessous peut être écrit simplement :
</p>
<pre class="code">Authorization =&gt; basic($uid,$_password)</pre>
<div class="notetip">La fonction <code>basic</code> force la conversion des caractères UTF-8 en ISO-8859-1, qui peut être accepté par la plupart des serveurs HTTP.
</div>
</div><!-- EDIT3 SECTION "Configuration" [1536-] -->
</div>
</body>
</html>