Commit 1a3af1de authored by Xavier Guimard's avatar Xavier Guimard

Update doc (#1359)

parent a1290818
......@@ -179,13 +179,16 @@ If none of above methods is available, you can try:
<td class="col0 centeralign"> <a href="applications/tomcat.html" class="media" title="documentation:2.0:applications:tomcat"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/tomcat.html" class="wikilink1" title="documentation:2.0:applications:tomcat">Tomcat</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row31 rowodd">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/wordpress.html" class="media" title="documentation:2.0:applications:wordpress"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/wordpress.html" class="wikilink1" title="documentation:2.0:applications:wordpress">Wordpress</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row32 roweven">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row33 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
</table></div>
<!-- EDIT4 TABLE [1223-5126] -->
<!-- EDIT4 TABLE [1223-5260] -->
</div>
<!-- EDIT3 SECTION "Application list" [1192-] --></div>
</body>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=df00727bb453bdfe152489fdb4e33ed5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1516959167" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1519247446" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=df00727bb453bdfe152489fdb4e33ed5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1516959167" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1519247446" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:wordpress</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,wordpress"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="wordpress.html"/>
<link rel="contents" href="wordpress.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:wordpress","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#cas">CAS</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#plugin_installation">Plugin installation</a></div></li>
<li class="level2"><div class="li"><a href="#plugin_configuration">Plugin configuration</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#general_settings">General settings</a></div></li>
<li class="level3"><div class="li"><a href="#user_roles_settings">User Roles Settings</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="wordpress">Wordpress</h1>
<div class="level1">
<p>
<img src="wordpress_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Wordpress" [1-73] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://wordpress.org/" class="urlextern" title="https://wordpress.org/" rel="nofollow">Wordpress</a> is a famous tool to create websites.
</p>
<p>
A lot of authentication plugins are available. We propose here to use <abbr title="Central Authentication Service">CAS</abbr> protocol and <a href="https://wordpress.org/plugins/wp-cassify/" class="urlextern" title="https://wordpress.org/plugins/wp-cassify/" rel="nofollow">WP Cassify</a> plugin.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [74-327] -->
<h2 class="sectionedit3" id="cas">CAS</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "CAS" [328-344] -->
<h3 class="sectionedit4" id="plugin_installation">Plugin installation</h3>
<div class="level3">
<p>
Go in Wordpress admin and install <a href="https://wordpress.org/plugins/wp-cassify/" class="urlextern" title="https://wordpress.org/plugins/wp-cassify/" rel="nofollow">WP Cassify</a> plugin.
</p>
</div>
<!-- EDIT4 SECTION "Plugin installation" [345-475] -->
<h3 class="sectionedit5" id="plugin_configuration">Plugin configuration</h3>
<div class="level3">
<p>
The full documentation is available on <a href="https://wpcassify.wordpress.com/" class="urlextern" title="https://wpcassify.wordpress.com/" rel="nofollow">https://wpcassify.wordpress.com/</a>
</p>
</div>
<h4 id="general_settings">General settings</h4>
<div class="level4">
<p>
Configure <abbr title="Central Authentication Service">CAS</abbr> server and <abbr title="Central Authentication Service">CAS</abbr> version:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Server base url : <a href="https://auth.example.com/cas/" class="urlextern" title="https://auth.example.com/cas/" rel="nofollow">https://auth.example.com/cas/</a></div>
</li>
<li class="level1"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Version protocol: 2</div>
</li>
</ul>
<p>
Other options are correct by default.
</p>
</div>
<h4 id="user_roles_settings">User Roles Settings</h4>
<div class="level4">
<p>
You can assign WP Roles depending on values sent by <abbr title="Central Authentication Service">CAS</abbr>.
</p>
<p>
The rules syntax is quite special, you can use it or you can just define macros on <abbr title="LemonLDAP::NG">LL::NG</abbr> side and send them trough <abbr title="Central Authentication Service">CAS</abbr> to keep simple rules on WP side.
</p>
<p>
For example create a macro <code>role_wordpress_admin</code> which contains <code>1</code> if the user is admin on WP, and send it in <abbr title="Central Authentication Service">CAS</abbr> attributes.
</p>
<p>
Then create this rule on WP side:
</p>
<pre class="code">administrator|(CAS{role_wordpress_admin} -EQ &quot;1&quot;)</pre>
</div>
<!-- EDIT5 SECTION "Plugin configuration" [476-] --></div>
</body>
</html>
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=df00727bb453bdfe152489fdb4e33ed5" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=cf4c71aa95ca9de8db78e281e71fa354" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1516959187" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1519247470" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:samlservice</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,samlservice"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="samlservice.html"/>
......@@ -137,7 +137,7 @@ This documentation explains how configure <abbr title="Security Assertion Markup
</p>
<p>
SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="urlextern" title="http://lasso.entrouvert.org" rel="nofollow">Lasso</a>. You will need a very recent version of Lasso (&gt;= 2.3.0).
SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="urlextern" title="http://lasso.entrouvert.org" rel="nofollow">Lasso</a>. You will need a very recent version of Lasso (&gt;= 2.5.0).
</p>
</div>
......@@ -146,7 +146,7 @@ SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="ur
<div class="level4">
<p>
There are packages available here: <a href="http://deb.entrouvert.org/" class="urlextern" title="http://deb.entrouvert.org/" rel="nofollow">http://deb.entrouvert.org/</a>.
You can use official Debian packages or those available here: <a href="http://deb.entrouvert.org/" class="urlextern" title="http://deb.entrouvert.org/" rel="nofollow">http://deb.entrouvert.org/</a>.
</p>
<p>
......@@ -160,14 +160,14 @@ You will only need to install liblasso-perl package:
<div class="level4">
<p>
RPMs are available in <abbr title="LemonLDAP::NG">LL::NG</abbr> RPM repository (see <a href="installrpm.html#yum_repository" class="wikilink1" title="documentation:2.0:installrpm">yum_repository</a>)
RPMs are available in <abbr title="LemonLDAP::NG">LL::NG</abbr> RPM “extras” repository (see <a href="installrpm.html#yum_repository" class="wikilink1" title="documentation:2.0:installrpm">yum_repository</a>)
</p>
<p>
Then install lasso and lasso-perl packages:
</p>
<pre class="code">yum install lasso lasso-perl</pre>
<div class="noteimportant">Only EL6 64bits and EL7 64bits package are available.
<div class="noteimportant">Only 64bits package are available.
</div>
</div>
......@@ -179,7 +179,7 @@ Then install lasso and lasso-perl packages:
</p>
</div>
<!-- EDIT4 SECTION "Lasso" [717-1485] -->
<!-- EDIT4 SECTION "Lasso" [717-1502] -->
<h2 class="sectionedit5" id="service_configuration">Service configuration</h2>
<div class="level2">
......@@ -189,7 +189,7 @@ Go in Manager and click on <code><abbr title="Security Assertion Markup Language
<div class="notetip">You can use #PORTAL# in values to replace the portal <abbr title="Uniform Resource Locator">URL</abbr>.
</div>
</div>
<!-- EDIT5 SECTION "Service configuration" [1486-1649] -->
<!-- EDIT5 SECTION "Service configuration" [1503-1666] -->
<h3 class="sectionedit6" id="entry_identifier">Entry Identifier</h3>
<div class="level3">
......@@ -204,7 +204,7 @@ Your EntityID, often use as metadata <abbr title="Uniform Resource Locator">URL<
</div><div class="notewarning">If you modify <code>/saml/metadata</code> suffix you have to change corresponding Apache rewrite rule.
</div>
</div>
<!-- EDIT6 SECTION "Entry Identifier" [1650-2047] -->
<!-- EDIT6 SECTION "Entry Identifier" [1667-2064] -->
<h3 class="sectionedit7" id="security_parameters">Security parameters</h3>
<div class="level3">
......@@ -240,7 +240,7 @@ $ openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</
</div>
</div>
<!-- EDIT7 SECTION "Security parameters" [2048-3310] -->
<!-- EDIT7 SECTION "Security parameters" [2065-3327] -->
<h3 class="sectionedit8" id="nameid_formats">NameID formats</h3>
<div class="level3">
......@@ -277,7 +277,7 @@ Other NameID formats are automatically managed:
</ul>
</div>
<!-- EDIT8 SECTION "NameID formats" [3311-4069] -->
<!-- EDIT8 SECTION "NameID formats" [3328-4086] -->
<h3 class="sectionedit9" id="authentication_contexts">Authentication contexts</h3>
<div class="level3">
......@@ -301,7 +301,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT9 SECTION "Authentication contexts" [4070-4793] -->
<!-- EDIT9 SECTION "Authentication contexts" [4087-4810] -->
<h3 class="sectionedit10" id="organization">Organization</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Organization metadata section:
......@@ -321,7 +321,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT10 SECTION "Organization" [4794-5305] -->
<!-- EDIT10 SECTION "Organization" [4811-5322] -->
<h3 class="sectionedit11" id="service_provider">Service Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
......@@ -404,7 +404,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT11 SECTION "Service Provider" [5306-6360] -->
<!-- EDIT11 SECTION "Service Provider" [5323-6377] -->
<h3 class="sectionedit12" id="identity_provider">Identity Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
......@@ -489,7 +489,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT12 SECTION "Identity Provider" [6361-7349] -->
<!-- EDIT12 SECTION "Identity Provider" [6378-7366] -->
<h3 class="sectionedit13" id="attribute_authority">Attribute Authority</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Attribute Authority metadata section
......@@ -512,7 +512,7 @@ Response Location should be empty, as SOAP responses are directly returned (sync
</p>
</div>
<!-- EDIT13 SECTION "Attribute Authority" [7350-7761] -->
<!-- EDIT13 SECTION "Attribute Authority" [7367-7778] -->
<h3 class="sectionedit14" id="advanced">Advanced</h3>
<div class="level3">
......@@ -571,6 +571,6 @@ Configuration parameters are:
</ul>
</div>
<!-- EDIT14 SECTION "Advanced" [7762-] --></div>
<!-- EDIT14 SECTION "Advanced" [7779-] --></div>
</body>
</html>
......@@ -50,7 +50,8 @@
<ul class="toc">
<li class="level1"><div class="li"><a href="#disk_cache_sessions_an_configuration">Disk cache (sessions an configuration)</a></div></li>
<li class="level1"><div class="li"><a href="#access_to_ldap">Access to LDAP</a></div></li>
<li class="level1"><div class="li"><a href="#ldap">LDAP</a></div></li>
<li class="level1"><div class="li"><a href="#databases">Databases</a></div></li>
<li class="level1"><div class="li"><a href="#memcache">Memcache</a></div></li>
<li class="level1"><div class="li"><a href="#proxy_http">Proxy HTTP</a></div></li>
</ul>
......@@ -77,24 +78,30 @@ To persist the rule:
<pre class="code">semanage fcontext -a -t http_sys_content_t /tmp</pre>
</div>
<!-- EDIT2 SECTION "Disk cache (sessions an configuration)" [103-290] -->
<h2 class="sectionedit3" id="access_to_ldap">Access to LDAP</h2>
<!-- EDIT2 SECTION "Disk cache (sessions an configuration)" [103-291] -->
<h2 class="sectionedit3" id="ldap">LDAP</h2>
<div class="level2">
<pre class="code">setsebool -P httpd_can_connect_ldap 1</pre>
</div>
<!-- EDIT3 SECTION "Access to LDAP" [291-370] -->
<h2 class="sectionedit4" id="memcache">Memcache</h2>
<!-- EDIT3 SECTION "LDAP" [292-361] -->
<h2 class="sectionedit4" id="databases">Databases</h2>
<div class="level2">
<pre class="code">setsebool -P httpd_can_network_connect_db 1</pre>
</div>
<!-- EDIT4 SECTION "Databases" [362-442] -->
<h2 class="sectionedit5" id="memcache">Memcache</h2>
<div class="level2">
<pre class="code">setsebool -P httpd_can_network_memcache 1</pre>
</div>
<!-- EDIT4 SECTION "Memcache" [371-448] -->
<h2 class="sectionedit5" id="proxy_http">Proxy HTTP</h2>
<!-- EDIT5 SECTION "Memcache" [443-520] -->
<h2 class="sectionedit6" id="proxy_http">Proxy HTTP</h2>
<div class="level2">
<pre class="code">setsebool -P httpd_can_network_relay 1</pre>
</div>
<!-- EDIT5 SECTION "Proxy HTTP" [449-] --></div>
<!-- EDIT6 SECTION "Proxy HTTP" [521-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:sqlconfbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,sqlconfbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="sqlconfbackend.html"/>
......
This diff is collapsed.
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:totp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,totp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="totp2f.html"/>
<link rel="contents" href="totp2f.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:totp2f","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#assistance">Assistance</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="totp_2nd_factor_authentication_u2f">TOTP 2nd Factor Authentication (U2F)</h1>
<div class="level1">
<p>
<a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm" class="urlextern" title="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm" rel="nofollow">Time based One Time Password</a> (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. This is currently what <a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">Google Authenticator</a> or <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a> use.
</p>
<p>
LLNG can propose to users to register this kind of software to increase authentication level.
</p>
<div class="notetip">Note that it&#039;s a second factor, not an authentication module. Users are authenticated by both login form and TOTP.
</div>
</div>
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication (U2F)" [1-633] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<p>
In the manager (advanced parameters), you just have to enable it:
</p>
<ul>
<li class="level1"><div class="li"> TOTP ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/totpregister.html" class="urlextern" title="https://auth.your.domain/totpregister.html" rel="nofollow">https://auth.your.domain/totpregister.html</a>)</em></div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em></div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Issuer: default to portal hostname</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Interval: interval for TOTP algorithm (default: 30)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Range: number of additional intervals to test (default: 1)</div>
</li>
<li class="level1"><div class="li"> TOTP ⇒ Digits: number of digit of codes (default: 6)</div>
</li>
</ul>
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_totp2fSecret</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [634-1701] -->
<h2 class="sectionedit3" id="assistance">Assistance</h2>
<div class="level2">
<p>
If a user lost its key, you may remove it&#039;s persistent session using the session explorer.
</p>
</div>
<!-- EDIT3 SECTION "Assistance" [1702-1817] -->
<h2 class="sectionedit4" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
If you have another TOTP registration interface, you have to populate session (using exported variables) to set these keys:
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Name </th><th class="col1"> Value </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> _totp2fSecret </td><td class="col1"> key handle value, base32 encoded </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1973-2091] -->
</div>
<!-- EDIT4 SECTION "Developer corner" [1818-] --></div>
</body>
</html>
......@@ -51,6 +51,7 @@
<ul class="toc">
<li class="level1"><div class="li"><a href="#prerequisites_and_dependencies">Prerequisites and dependencies</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#browser_compatibility">Browser compatibility</a></div></li>
<li class="level1"><div class="li"><a href="#assistance">Assistance</a></div></li>
<li class="level1"><div class="li"><a href="#developer_corner">Developer corner</a></div></li>
</ul>
......@@ -78,9 +79,10 @@ LLNG can propose to users to register their keys. When done, registered user can
<p>
This feature uses <a href="https://metacpan.org/pod/Crypt::U2F::Server::Simple" class="urlextern" title="https://metacpan.org/pod/Crypt::U2F::Server::Simple" rel="nofollow">Crypt::U2F::Server::Simple</a> that is available only via CPAN for now. Before compiling it, you must install Yubico&#039;s C library headers (called libu2f-server-dev on Debian).
</p>
<div class="noteimportant">An HTTPS portal is required to use U2F
</div>
</div>
<!-- EDIT2 SECTION "Prerequisites and dependencies" [522-811] -->
<!-- EDIT2 SECTION "Prerequisites and dependencies" [522-873] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
......@@ -90,7 +92,7 @@ In the manager (advanced parameters), you just have to enable it:
<ul>
<li class="level1"><div class="li"> U2F ⇒ Activation: set it to “on”</div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="http://auth.your.domain/u2fregister.html" class="urlextern" title="http://auth.your.domain/u2fregister.html" rel="nofollow">http://auth.your.domain/u2fregister.html</a>)</em></div>
<li class="level1"><div class="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <a href="https://auth.your.domain/u2fregister.html" class="urlextern" title="https://auth.your.domain/u2fregister.html" rel="nofollow">https://auth.your.domain/u2fregister.html</a>)</em></div>
</li>
<li class="level1"><div class="li"> U2F ⇒ Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em></div>
</li>
......@@ -98,8 +100,29 @@ In the manager (advanced parameters), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_u2fKeyHandle and $_u2fUserKey</code>, else U2F will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [812-1637] -->
<h2 class="sectionedit4" id="assistance">Assistance</h2>
<!-- EDIT3 SECTION "Configuration" [874-1701] -->
<h2 class="sectionedit4" id="browser_compatibility">Browser compatibility</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Chrome/Chromium &gt;= 38</div>
</li>
<li class="level1"><div class="li"> Firefox :</div>
<ul>
<li class="level2"><div class="li"> 38 to 56 with <a href="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" class="urlextern" title="https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/" rel="nofollow">U2F Support Add-on</a></div>
</li>
<li class="level2"><div class="li"> 57 to 58, with “security.webauth.u2f” set to “true” in “about:config” <em>(see <a href="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" class="urlextern" title="https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/" rel="nofollow">Yubico explanations</a>)</em></div>
</li>
<li class="level2"><div class="li"> probably enabled by default for versions &gt;= 59</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Opera &gt;= 40</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Browser compatibility" [1702-2139] -->
<h2 class="sectionedit5" id="assistance">Assistance</h2>
<div class="level2">
<p>
......@@ -107,14 +130,14 @@ If a user lost its key, you may remove it&#039;s persistent session using the se
</p>
</div>
<!-- EDIT4 SECTION "Assistance" [1638-1753] -->
<h2 class="sectionedit5" id="developer_corner">Developer corner</h2>
<!-- EDIT5 SECTION "Assistance" [2140-2255] -->
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
If you have another U2F registration interface, you have to populate session (using exported variables) to set these keys:
</p>
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Name </th><th class="col1"> Value </th>
......@@ -127,12 +150,12 @@ If you have another U2F registration interface, you have to populate session (us
<td class="col0"> _u2fUserKey </td><td class="col1"> user key value, base64 encoded </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [1908-2026] -->
<!-- EDIT7 TABLE [2410-2528] -->
<p>
Note that both “origin” and “appId” are fixed to portal <abbr title="Uniform Resource Locator">URL</abbr>.
</p>
</div>
<!-- EDIT5 SECTION "Developer corner" [1754-] --></div>
<!-- EDIT6 SECTION "Developer corner" [2256-] --></div>
</body>
</html>
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -51,10 +51,10 @@
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
<li class="level1"><div class="li"><a href="#installation">Installation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<li class="level1"><div class="li"><a href="#http_headers">HTTP headers</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#dokuwiki_local_configuration">Configuration locale Dokuwiki</a></div></li>
<li class="level2"><div class="li"><a href="#plugin_installation">Plugin installation</a></div></li>
<li class="level2"><div class="li"><a href="#dokuwiki_configuration">Dokuwiki configuration</a></div></li>
<li class="level2"><div class="li"><a href="#dokuwiki_virtual_host">Dokuwiki virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#dokuwiki_virtual_host_in_manager">Hôte virtuel Dokuwiki dans le manager</a></div></li>
</ul></li>
......@@ -80,37 +80,49 @@
</p>
<div class="notetip">Le wiki LemonLDAP::NG est un Dokuwiki !
</div>
</div><!-- EDIT2 SECTION "Presentation" [65-559] -->