Commit 1a3af1de authored by Xavier Guimard's avatar Xavier Guimard

Update doc (#1359)

parent a1290818
......@@ -179,13 +179,16 @@ If none of above methods is available, you can try:
<td class="col0 centeralign"> <a href="applications/tomcat.html" class="media" title="documentation:2.0:applications:tomcat"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/tomcat.html" class="wikilink1" title="documentation:2.0:applications:tomcat">Tomcat</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row31 rowodd">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/wordpress.html" class="media" title="documentation:2.0:applications:wordpress"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/wordpress.html" class="wikilink1" title="documentation:2.0:applications:wordpress">Wordpress</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row32 roweven">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row33 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
</table></div>
<!-- EDIT4 TABLE [1223-5126] -->
<!-- EDIT4 TABLE [1223-5260] -->
</div>
<!-- EDIT3 SECTION "Application list" [1192-] --></div>
</body>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=df00727bb453bdfe152489fdb4e33ed5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1516959167" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1519247446" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=df00727bb453bdfe152489fdb4e33ed5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1516959167" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1519247446" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:wordpress</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,wordpress"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="wordpress.html"/>
<link rel="contents" href="wordpress.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:wordpress","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#cas">CAS</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#plugin_installation">Plugin installation</a></div></li>
<li class="level2"><div class="li"><a href="#plugin_configuration">Plugin configuration</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#general_settings">General settings</a></div></li>
<li class="level3"><div class="li"><a href="#user_roles_settings">User Roles Settings</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="wordpress">Wordpress</h1>
<div class="level1">
<p>
<img src="wordpress_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Wordpress" [1-73] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://wordpress.org/" class="urlextern" title="https://wordpress.org/" rel="nofollow">Wordpress</a> is a famous tool to create websites.
</p>
<p>
A lot of authentication plugins are available. We propose here to use <abbr title="Central Authentication Service">CAS</abbr> protocol and <a href="https://wordpress.org/plugins/wp-cassify/" class="urlextern" title="https://wordpress.org/plugins/wp-cassify/" rel="nofollow">WP Cassify</a> plugin.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [74-327] -->
<h2 class="sectionedit3" id="cas">CAS</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "CAS" [328-344] -->
<h3 class="sectionedit4" id="plugin_installation">Plugin installation</h3>
<div class="level3">
<p>
Go in Wordpress admin and install <a href="https://wordpress.org/plugins/wp-cassify/" class="urlextern" title="https://wordpress.org/plugins/wp-cassify/" rel="nofollow">WP Cassify</a> plugin.
</p>
</div>
<!-- EDIT4 SECTION "Plugin installation" [345-475] -->
<h3 class="sectionedit5" id="plugin_configuration">Plugin configuration</h3>
<div class="level3">
<p>
The full documentation is available on <a href="https://wpcassify.wordpress.com/" class="urlextern" title="https://wpcassify.wordpress.com/" rel="nofollow">https://wpcassify.wordpress.com/</a>
</p>
</div>
<h4 id="general_settings">General settings</h4>
<div class="level4">
<p>
Configure <abbr title="Central Authentication Service">CAS</abbr> server and <abbr title="Central Authentication Service">CAS</abbr> version:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Server base url : <a href="https://auth.example.com/cas/" class="urlextern" title="https://auth.example.com/cas/" rel="nofollow">https://auth.example.com/cas/</a></div>
</li>
<li class="level1"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Version protocol: 2</div>
</li>
</ul>
<p>
Other options are correct by default.
</p>
</div>
<h4 id="user_roles_settings">User Roles Settings</h4>
<div class="level4">
<p>
You can assign WP Roles depending on values sent by <abbr title="Central Authentication Service">CAS</abbr>.
</p>
<p>
The rules syntax is quite special, you can use it or you can just define macros on <abbr title="LemonLDAP::NG">LL::NG</abbr> side and send them trough <abbr title="Central Authentication Service">CAS</abbr> to keep simple rules on WP side.
</p>
<p>
For example create a macro <code>role_wordpress_admin</code> which contains <code>1</code> if the user is admin on WP, and send it in <abbr title="Central Authentication Service">CAS</abbr> attributes.
</p>
<p>
Then create this rule on WP side:
</p>
<pre class="code">administrator|(CAS{role_wordpress_admin} -EQ &quot;1&quot;)</pre>
</div>
<!-- EDIT5 SECTION "Plugin configuration" [476-] --></div>
</body>
</html>
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=df00727bb453bdfe152489fdb4e33ed5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1516959187" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1519247470" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:samlservice</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,samlservice"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="samlservice.html"/>
......@@ -137,7 +137,7 @@ This documentation explains how configure <abbr title="Security Assertion Markup
</p>
<p>
SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="urlextern" title="http://lasso.entrouvert.org" rel="nofollow">Lasso</a>. You will need a very recent version of Lasso (&gt;= 2.3.0).
SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="urlextern" title="http://lasso.entrouvert.org" rel="nofollow">Lasso</a>. You will need a very recent version of Lasso (&gt;= 2.5.0).
</p>
</div>
......@@ -146,7 +146,7 @@ SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="ur
<div class="level4">
<p>
There are packages available here: <a href="http://deb.entrouvert.org/" class="urlextern" title="http://deb.entrouvert.org/" rel="nofollow">http://deb.entrouvert.org/</a>.
You can use official Debian packages or those available here: <a href="http://deb.entrouvert.org/" class="urlextern" title="http://deb.entrouvert.org/" rel="nofollow">http://deb.entrouvert.org/</a>.
</p>
<p>
......@@ -160,14 +160,14 @@ You will only need to install liblasso-perl package:
<div class="level4">
<p>
RPMs are available in <abbr title="LemonLDAP::NG">LL::NG</abbr> RPM repository (see <a href="installrpm.html#yum_repository" class="wikilink1" title="documentation:2.0:installrpm">yum_repository</a>)
RPMs are available in <abbr title="LemonLDAP::NG">LL::NG</abbr> RPM “extras” repository (see <a href="installrpm.html#yum_repository" class="wikilink1" title="documentation:2.0:installrpm">yum_repository</a>)
</p>
<p>
Then install lasso and lasso-perl packages:
</p>
<pre class="code">yum install lasso lasso-perl</pre>
<div class="noteimportant">Only EL6 64bits and EL7 64bits package are available.
<div class="noteimportant">Only 64bits package are available.
</div>
</div>
......@@ -179,7 +179,7 @@ Then install lasso and lasso-perl packages:
</p>
</div>
<!-- EDIT4 SECTION "Lasso" [717-1485] -->
<!-- EDIT4 SECTION "Lasso" [717-1502] -->
<h2 class="sectionedit5" id="service_configuration">Service configuration</h2>
<div class="level2">
......@@ -189,7 +189,7 @@ Go in Manager and click on <code><abbr title="Security Assertion Markup Language
<div class="notetip">You can use #PORTAL# in values to replace the portal <abbr title="Uniform Resource Locator">URL</abbr>.
</div>
</div>
<!-- EDIT5 SECTION "Service configuration" [1486-1649] -->
<!-- EDIT5 SECTION "Service configuration" [1503-1666] -->
<h3 class="sectionedit6" id="entry_identifier">Entry Identifier</h3>
<div class="level3">
......@@ -204,7 +204,7 @@ Your EntityID, often use as metadata <abbr title="Uniform Resource Locator">URL<
</div><div class="notewarning">If you modify <code>/saml/metadata</code> suffix you have to change corresponding Apache rewrite rule.
</div>
</div>
<!-- EDIT6 SECTION "Entry Identifier" [1650-2047] -->
<!-- EDIT6 SECTION "Entry Identifier" [1667-2064] -->
<h3 class="sectionedit7" id="security_parameters">Security parameters</h3>
<div class="level3">
......@@ -240,7 +240,7 @@ $ openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</
</div>
</div>
<!-- EDIT7 SECTION "Security parameters" [2048-3310] -->
<!-- EDIT7 SECTION "Security parameters" [2065-3327] -->
<h3 class="sectionedit8" id="nameid_formats">NameID formats</h3>
<div class="level3">
......@@ -277,7 +277,7 @@ Other NameID formats are automatically managed:
</ul>
</div>
<!-- EDIT8 SECTION "NameID formats" [3311-4069] -->
<!-- EDIT8 SECTION "NameID formats" [3328-4086] -->
<h3 class="sectionedit9" id="authentication_contexts">Authentication contexts</h3>
<div class="level3">
......@@ -301,7 +301,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT9 SECTION "Authentication contexts" [4070-4793] -->
<!-- EDIT9 SECTION "Authentication contexts" [4087-4810] -->
<h3 class="sectionedit10" id="organization">Organization</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Organization metadata section:
......@@ -321,7 +321,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT10 SECTION "Organization" [4794-5305] -->
<!-- EDIT10 SECTION "Organization" [4811-5322] -->
<h3 class="sectionedit11" id="service_provider">Service Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
......@@ -404,7 +404,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT11 SECTION "Service Provider" [5306-6360] -->
<!-- EDIT11 SECTION "Service Provider" [5323-6377] -->
<h3 class="sectionedit12" id="identity_provider">Identity Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
......@@ -489,7 +489,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT12 SECTION "Identity Provider" [6361-7349] -->
<!-- EDIT12 SECTION "Identity Provider" [6378-7366] -->
<h3 class="sectionedit13" id="attribute_authority">Attribute Authority</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Attribute Authority metadata section
......@@ -512,7 +512,7 @@ Response Location should be empty, as SOAP responses are directly returned (sync
</p>
</div>
<!-- EDIT13 SECTION "Attribute Authority" [7350-7761] -->
<!-- EDIT13 SECTION "Attribute Authority" [7367-7778] -->
<h3 class="sectionedit14" id="advanced">Advanced</h3>
<div class="level3">
......@@ -571,6 +571,6 @@ Configuration parameters are:
</ul>
</div>
<!-- EDIT14 SECTION "Advanced" [7762-] --></div>
<!-- EDIT14 SECTION "Advanced" [7779-] --></div>
</body>
</html>
......@@ -50,7 +50,8 @@
<ul class="toc">
<li class="level1"><div class="li"><a href="#disk_cache_sessions_an_configuration">Disk cache (sessions an configuration)</a></div></li>
<li class="level1"><div class="li"><a href="#access_to_ldap">Access to LDAP</a></div></li>
<li class="level1"><div class="li"><a href="#ldap">LDAP</a></div></li>
<li class="level1"><div class="li"><a href="#databases">Databases</a></div></li>
<li class="level1"><div class="li"><a href="#memcache">Memcache</a></div></li>
<li class="level1"><div class="li"><a href="#proxy_http">Proxy HTTP</a></div></li>
</ul>
......@@ -77,24 +78,30 @@ To persist the rule:
<pre class="code">semanage fcontext -a -t http_sys_content_t /tmp</pre>
</div>
<!-- EDIT2 SECTION "Disk cache (sessions an configuration)" [103-290] -->
<h2 class="sectionedit3" id="access_to_ldap">Access to LDAP</h2>
<!-- EDIT2 SECTION "Disk cache (sessions an configuration)" [103-291] -->
<h2 class="sectionedit3" id="ldap">LDAP</h2>
<div class="level2">
<pre class="code">setsebool -P httpd_can_connect_ldap 1</pre>
</div>
<!-- EDIT3 SECTION "Access to LDAP" [291-370] -->
<h2 class="sectionedit4" id="memcache">Memcache</h2>
<!-- EDIT3 SECTION "LDAP" [292-361] -->
<h2 class="sectionedit4" id="databases">Databases</h2>
<div class="level2">
<pre class="code">setsebool -P httpd_can_network_connect_db 1</pre>
</div>
<!-- EDIT4 SECTION "Databases" [362-442] -->
<h2 class="sectionedit5" id="memcache">Memcache</h2>
<div class="level2">
<pre class="code">setsebool -P httpd_can_network_memcache 1</pre>
</div>
<!-- EDIT4 SECTION "Memcache" [371-448] -->
<h2 class="sectionedit5" id="proxy_http">Proxy HTTP</h2>
<!-- EDIT5 SECTION "Memcache" [443-520] -->
<h2 class="sectionedit6" id="proxy_http">Proxy HTTP</h2>
<div class="level2">
<pre class="code">setsebool -P httpd_can_network_relay 1</pre>
</div>
<!-- EDIT5 SECTION "Proxy HTTP" [449-] --></div>
<!-- EDIT6 SECTION "Proxy HTTP" [521-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:sqlconfbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,sqlconfbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="sqlconfbackend.html"/>
......
This diff is collapsed.
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:totp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,totp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="totp2f.html"/>
<link rel="contents" href="totp2f.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:totp2f","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#assistance">Assistance</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="totp_2nd_factor_authentication_u2f">TOTP 2nd Factor Authentication (U2F)</h1>
<div class="level1">
<p>
<a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm" class="urlextern" title="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm" rel="nofollow">Time based One Time Password</a> (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. This is currently what <a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">Google Authenticator</a> or <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a> use.
</p>
<p>
LLNG can propose to users to register this kind of software to increase authentication level.
</p>
<div class="notetip">Note that it&#039;s a second factor, not an authentication module. Users are authenticated by both login form and TOTP.
</div>
</div>
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication (U2F)" [1-633] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<p>
In the manager (advanced parameters), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> TOTP ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/totpregister.html" class="urlextern" title="https://auth.your.domain/totpregister.html" rel="nofollow">https://auth.your.domain/totpregister.html</a>)</em></div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em></div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Issuer: default to portal hostname</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Interval: interval for TOTP algorithm (default: 30)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Range: number of additional intervals to test (default: 1)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Digits: number of digit of codes (default: 6)</div>
</li>
</ul>
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_totp2fSecret</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [634-1701] -->
<h2 class="sectionedit3" id="assistance">Assistance</h2>
<div class="level2">
<p>
If a user lost its key, you may remove it&#039;s persistent session using the session explorer.
</p>
</div>
<!-- EDIT3 SECTION "Assistance" [1702-1817] -->
<h2 class="sectionedit4" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
If you have another TOTP registration interface, you have to populate session (using exported variables) to set these keys:
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Name </th><th class="col1"> Value </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> _totp2fSecret </td><td class="col1"> key handle value, base32 encoded </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1973-2091] -->
</div>
<!-- EDIT4 SECTION "Developer corner" [1818-] --></div>
</body>
</html>
......@@ -51,6 +51,7 @@
<ul class="toc">
<li class="level1"><div class="li"><a href="#prerequisites_and_dependencies">Prerequisites and dependencies</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#browser_compatibility">Browser compatibility</a></div></li>
<li class="level1"><div class="li"><a href="#assistance">Assistance</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div></li>
</ul>
......@@ -78,9 +79,10 @@ LLNG can propose to users to register their keys. When done, registered user can
<p>
This feature uses <a href="https://metacpan.org/pod/Crypt::U2F::Server::Simple" class="urlextern" title="https://metacpan.org/pod/Crypt::U2F::Server::Simple" rel="nofollow">Crypt::U2F::Server::Simple</a> that is available only via CPAN for now. Before compiling it, you must install Yubico&#039;s C library headers (called libu2f-server-dev on Debian).
</p>
<div class="noteimportant">An HTTPS portal is required to use U2F
</div>
</div>
<!-- EDIT2 SECTION "Prerequisites and dependencies" [522-811] -->
<!-- EDIT2 SECTION "Prerequisites and dependencies" [522-873] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
......@@ -90,7 +92,7 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level1"><div class="li"> U2F ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="http://auth.your.domain/u2fregister.html" class="urlextern" title="http://auth.your.domain/u2fregister.html" rel="nofollow">http://auth.your.domain/u2fregister.html</a>)</em></div>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/u2fregister.html" class="urlextern" title="https://auth.your.domain/u2fregister.html" rel="nofollow">https://auth.your.domain/u2fregister.html</a>)</em></div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em></div>
</li>
......@@ -98,8 +100,29 @@ In the manager (advanced parameters), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_u2fKeyHandle and $_u2fUserKey</code>, else U2F will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [812-1637] -->
<h2 class="sectionedit4" id="assistance">Assistance</h2>
<!-- EDIT3 SECTION "Configuration" [874-1701] -->
<h2 class="sectionedit4" id="browser_compatibility">Browser compatibility</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Chrome/Chromium &gt;= 38</div>
</li>
<li class="level1"><div class="li"> Firefox :</div>
<ul>
<li class="level2"><div class="li"> 38 to 56 with <a href="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" class="urlextern" title="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" rel="nofollow">U2F Support Add-on</a></div>