Update doc

doc/pages/documentation/current/applications.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:applications</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,applications"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="applications.html"/>

doc/pages/documentation/current/applications/adfs.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:applications:adfs</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,applications,adfs"/>
 <link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="adfs.html"/>

doc/pages/documentation/current/applications/img/icons.png

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=378132ea54accc5c67c7c9ceda71bf59"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=62a29c35a267f658799e362598e991b4"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1489508242" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1490850178" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/applications/img/loader.gif

@@ -90,7 +90,7 @@
         <form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
         
         <ul class="nav navbar-nav">
-                    <li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=378132ea54accc5c67c7c9ceda71bf59"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
+                    <li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=62a29c35a267f658799e362598e991b4"  class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li>        </ul>
 
       </div>
 
@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
       
     </div><!-- /site -->
 
-    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1489508242" width="2" height="1" alt="" /></div>
+    <div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1490850178" width="2" height="1" alt="" /></div>
     <div id="screen__mode" class="no">
       <span class="visible-xs"></span>
       <span class="visible-sm"></span>

doc/pages/documentation/current/authcombination.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authcombination</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,authcombination"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authcombination.html"/>
@@ -60,6 +60,8 @@
 <li class="level3"><div class="li"><a href="#let_s_be_crazy">Let&#039;s be crazy</a></div></li>
 </ul>
 </li>
+<li class="level2"><div class="li"><a href="#combine_second_factor">Combine second factor</a></div></li>
+<li class="level2"><div class="li"><a href="#display_multiple_forms">Display multiple forms</a></div></li>
 </ul>
 </li>
 <li class="level1"><div class="li"><a href="#known_problems">Known problems</a></div>
@@ -268,18 +270,54 @@ The following rule is valid:
 
 </div>
 <!-- EDIT7 SECTION "Rule chain" [1304-3610] -->
-<h2 class="sectionedit11" id="known_problems">Known problems</h2>
+<h3 class="sectionedit11" id="combine_second_factor">Combine second factor</h3>
+<div class="level3">
+
+<p>
+Imagine you want to authenticate users either by SSL or LDAP+U2F, you can&#039;t directly write this rule: this is done in 2 steps:
+</p>
+<ul>
+<li class="level1"><div class="li"> use this combination rule: <code>[SSL,LDAP] or [LDAP]</code></div>
+</li>
+<li class="level1"><div class="li"> enable U2F with this rule: <code>$_auth eq “LDAP”</code> or <code>$_authenticationLevel &lt; 4</code> <em>(and adapt U2F authentication level)</em></div>
+</li>
+</ul>
+
+<p>
+Now if you want to authenticate users either by LDAP or LDAP+U2F <em>(to have 2 different authentication level)</em>, 2 possibilities:
+</p>
+<ul>
+<li class="level1"><div class="li"> configure 2 portals and overwrite U2F activation in the second</div>
+</li>
+<li class="level1"><div class="li"> Modify login template to propose the choice <em>(add a “submit” button that points to the second portal)</em></div>
+</li>
+</ul>
+
+</div>
+<!-- EDIT11 SECTION "Combine second factor" [3611-4260] -->
+<h3 class="sectionedit12" id="display_multiple_forms">Display multiple forms</h3>
+<div class="level3">
+
+<p>
+Combination module returns the form corresponding to the first authentication scheme available for the current request. You can force it to display the forms chosen using <code>combinationForms</code> in lemonldap-ng.ini. Example:
+</p>
+<pre class="code :ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
+<span class="re1">combinationForms</span> <span class="sy0">=</span><span class="re2"> standardform, openidform</span></pre>
+
+</div>
+<!-- EDIT12 SECTION "Display multiple forms" [4261-4589] -->
+<h2 class="sectionedit13" id="known_problems">Known problems</h2>
 <div class="level2">
 
 </div>
-<!-- EDIT11 SECTION "Known problems" [3611-3638] -->
-<h3 class="sectionedit12" id="federation_protocols">Federation protocols</h3>
+<!-- EDIT13 SECTION "Known problems" [4590-4617] -->
+<h3 class="sectionedit14" id="federation_protocols">Federation protocols</h3>
 <div class="level3">
 
 <p>
 <a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a>, <a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a>, <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS</a> or <a href="authopenid.html" class="wikilink1" title="documentation:2.0:authopenid">old OpenID</a> can&#039;t be chained with a “and” for authentication part. So “[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP]” isn&#039;t valid. This is because their authentication kinematic don&#039;t use the same steps.
 </p>
-<div class="table sectionedit13"><table class="inline table table-bordered table-striped">
+<div class="table sectionedit15"><table class="inline table table-bordered table-striped">
 	<thead>
 	<tr class="row0 roweven">
 		<th class="col0 centeralign">  Bad expression  </th><th class="col1 centeralign">  Solution  </th><th class="col2 centeralign">  Explanation  </th>
@@ -292,10 +330,10 @@ The following rule is valid:
 		<td class="col0"> <em><code>[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP] or [LDAP]</code></em> </td><td class="col1"> <code>[<abbr title="Security Assertion Markup Language">SAML</abbr>, <abbr title="Security Assertion Markup Language">SAML</abbr> and LDAP] or [LDAP]</code> </td><td class="col2"> Authentication is done by <abbr title="Security Assertion Markup Language">SAML</abbr> or LDAP but user must match an LDAP entry </td>
 	</tr>
 </table></div>
-<!-- EDIT13 TABLE [3938-4270] -->
+<!-- EDIT15 TABLE [4917-5249] -->
 </div>
-<!-- EDIT12 SECTION "Federation protocols" [3639-4271] -->
-<h3 class="sectionedit14" id="authapache_authentication">AuthApache authentication</h3>
+<!-- EDIT14 SECTION "Federation protocols" [4618-5250] -->
+<h3 class="sectionedit16" id="authapache_authentication">AuthApache authentication</h3>
 <div class="level3">
 
 <p>
@@ -311,8 +349,8 @@ To bypass this, follow the documentation of <a href="authapache.html" class="wik
 </p>
 
 </div>
-<!-- EDIT14 SECTION "AuthApache authentication" [4272-4688] -->
-<h3 class="sectionedit15" id="ssl_authentication">SSL authentication</h3>
+<!-- EDIT16 SECTION "AuthApache authentication" [5251-5667] -->
+<h3 class="sectionedit17" id="ssl_authentication">SSL authentication</h3>
 <div class="level3">
 
 <p>
@@ -320,6 +358,6 @@ To chain SSL, you have to set “SSLRequire optional” in Apache configuration,
 </p>
 
 </div>
-<!-- EDIT15 SECTION "SSL authentication" [4689-] --></div>
+<!-- EDIT17 SECTION "SSL authentication" [5668-] --></div>
 </body>
 </html>

doc/pages/documentation/current/authopenidconnect.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authopenidconnect</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,authopenidconnect"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authopenidconnect.html"/>

doc/pages/documentation/current/authpam.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:authpam</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="noindex,nofollow"/>
+<meta name="robots" content="index,follow"/>
 <meta name="keywords" content="documentation,2.0,authpam"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="authpam.html"/>

doc/pages/documentation/current/configvhost.html

@@ -217,6 +217,8 @@ Then you can take any virtual host and modify it:
     auth_request /lmauth;
     auth_request_set $lmremote_user $upstream_http_lm_remote_user;
     auth_request_set $lmlocation $upstream_http_location;
+    auth_request_set $cookie_value $upstream_http_set_cookie;
+    add_header Set-Cookie $cookie_value;
     error_page 401 $lmlocation;
     try_files $uri $uri/ =404;
  
@@ -251,7 +253,7 @@ Then you can take any virtual host and modify it:
   }</pre>
 
 </div>
-<!-- EDIT6 SECTION "Nginx configuration" [3049-4833] -->
+<!-- EDIT6 SECTION "Nginx configuration" [3049-4936] -->
 <h3 class="sectionedit7" id="hosted_application1">Hosted application</h3>
 <div class="level3">
 
@@ -310,7 +312,7 @@ server {
 }</pre>
 
 </div>
-<!-- EDIT7 SECTION "Hosted application" [4834-6463] -->
+<!-- EDIT7 SECTION "Hosted application" [4937-6566] -->
 <h3 class="sectionedit8" id="reverse_proxy1">Reverse proxy</h3>
 <div class="level3">
 
@@ -361,7 +363,7 @@ server {
 }</pre>
 
 </div>
-<!-- EDIT8 SECTION "Reverse proxy" [6464-7758] -->
+<!-- EDIT8 SECTION "Reverse proxy" [6567-7861] -->
 <h2 class="sectionedit9" id="lemonldapng_configuration">LemonLDAP::NG configuration</h2>
 <div class="level2">
 
@@ -388,7 +390,7 @@ A virtual host contains:
 </ul>
 
 </div>
-<!-- EDIT9 SECTION "LemonLDAP::NG configuration" [7759-8246] -->
+<!-- EDIT9 SECTION "LemonLDAP::NG configuration" [7862-8349] -->
 <h3 class="sectionedit10" id="access_rules_and_http_headers">Access rules and HTTP headers</h3>
 <div class="level3">
 
@@ -397,7 +399,7 @@ See <strong><a href="writingrulesand_headers.html" class="wikilink1" title="docu
 </p>
 
 </div>
-<!-- EDIT10 SECTION "Access rules and HTTP headers" [8247-8439] -->
+<!-- EDIT10 SECTION "Access rules and HTTP headers" [8350-8542] -->
 <h3 class="sectionedit11" id="post_data">POST data</h3>
 <div class="level3">
 
@@ -406,7 +408,7 @@ See <strong><a href="formreplay.html" class="wikilink1" title="documentation:2.0
 </p>
 
 </div>
-<!-- EDIT11 SECTION "POST data" [8440-8574] -->
+<!-- EDIT11 SECTION "POST data" [8543-8677] -->
 <h3 class="sectionedit12" id="options">Options</h3>
 <div class="level3">
 
@@ -427,6 +429,6 @@ These options are used to build redirection <abbr title="Uniform Resource Locato
 </p>
 
 </div>
-<!-- EDIT12 SECTION "Options" [8575-] --></div>
+<!-- EDIT12 SECTION "Options" [8678-] --></div>
 </body>
 </html>

doc/pages/documentation/current/customfunctions.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <title>documentation:2.0:customfunctions</title>
 <meta name="generator" content="DokuWiki"/>
-<meta name="robots" content="index,follow"/>
+<meta name="robots" content="noindex,nofollow"/>
 <meta name="keywords" content="documentation,2.0,customfunctions"/>
 <link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
 <link rel="start" href="customfunctions.html"/>
@@ -86,30 +86,21 @@ Create your Perl module with custom functions. You can name your module as you w
 <pre class="code file perl"><a href="http://perldoc.perl.org/functions/package.html"><span class="kw3">package</span></a> SSOExtensions<span class="sy0">;</span>
 &nbsp;
 <span class="kw2">sub</span> function1 <span class="br0">&#123;</span>
-  <span class="kw1">my</span> <span class="re0">$url</span> <span class="sy0">=</span> <a href="http://perldoc.perl.org/functions/shift.html"><span class="kw3">shift</span></a><span class="sy0">;</span>
-  <span class="kw1">my</span> <span class="re0">$param</span> <span class="sy0">=</span> <a href="http://perldoc.perl.org/functions/shift.html"><span class="kw3">shift</span></a><span class="sy0">;</span>
+  <span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">@args</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
 &nbsp;
   <span class="co1"># Your nice code here</span>
-&nbsp;
-  <a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="re0">$param</span><span class="sy0">;</span>
+  <a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="re0">$result</span><span class="sy0">;</span>
 <span class="br0">&#125;</span>
 &nbsp;
 <span class="nu0">1</span><span class="sy0">;</span></pre>
-<div class="notetip">First parameter passed to the custom function is the requested <abbr title="Uniform Resource Locator">URL</abbr>, that is<ul>
-<li class="level1"><div class="li"> <strong>portal full <abbr title="Uniform Resource Locator">URL</abbr></strong> if custom function is run by portal (e.g. <a href="https://auth.example.com/" class="urlextern" title="https://auth.example.com/"  rel="nofollow">https://auth.example.com/</a>)</div>
-</li>
-<li class="level1"><div class="li"> <strong>absolute <abbr title="Uniform Resource Locator">URL</abbr></strong> if it is run by handler (e.g. /admin/index.php?param=foo).</div>
-</li>
-</ul>
 
 </div>
-</div>
-<!-- EDIT2 SECTION "Write custom functions library" [220-844] -->
+<!-- EDIT2 SECTION "Write custom functions library" [220-554] -->
 <h2 class="sectionedit3" id="import_custom_functions_in_lemonldapng">Import custom functions in LemonLDAP::NG</h2>
 <div class="level2">
 
 </div>
-<!-- EDIT3 SECTION "Import custom functions in LemonLDAP::NG" [845-898] -->
+<!-- EDIT3 SECTION "Import custom functions in LemonLDAP::NG" [555-608] -->
 <h3 class="sectionedit4" id="declare_module_in_handler_server">Declare module in handler server</h3>
 <div class="level3">
 
@@ -151,7 +142,7 @@ GROUP=www-data
 CUSTOM_FUNCTIONS_FILE=/root/SSOExtensions.pm</pre>
 
 </div>
-<!-- EDIT4 SECTION "Declare module in handler server" [899-1833] -->
+<!-- EDIT4 SECTION "Declare module in handler server" [609-1543] -->
 <h3 class="sectionedit5" id="declare_custom_functions">Declare custom functions</h3>
 <div class="level3">
 
@@ -162,16 +153,16 @@ Go in Manager, <code>General Parameters</code> » <code>Advanced Parameters</cod
 <div class="noteimportant">If your function is not compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail.
 </div>
 </div>
-<!-- EDIT5 SECTION "Declare custom functions" [1834-2130] -->
+<!-- EDIT5 SECTION "Declare custom functions" [1544-1840] -->
 <h2 class="sectionedit6" id="use_it">Use it</h2>
 <div class="level2">
 
 <p>
 You can now use your function in a macro, an header or an access rule, for example:
 </p>
-<pre class="code">Custom-Header =&gt; function1($uid)</pre>
+<pre class="code">Custom-Header =&gt; function1( $uid, $ENV{REMOTE_ADDR} )</pre>
 
 </div>
-<!-- EDIT6 SECTION "Use it" [2131-] --></div>
+<!-- EDIT6 SECTION "Use it" [1841-] --></div>
 </body>
 </html>

doc/pages/documentation/current/extendedfunctions.html

@@ -62,6 +62,7 @@
 <li class="level2"><div class="li"><a href="#groupmatch">groupMatch</a></div></li>
 <li class="level2"><div class="li"><a href="#encrypt">encrypt</a></div></li>
 <li class="level2"><div class="li"><a href="#token">token</a></div></li>
+<li class="level2"><div class="li"><a href="#isinnet6">isInNet6</a></div></li>
 </ul></li>
 </ul>
 </div>
@@ -126,13 +127,19 @@ Inside this jail, you can access to:
 </li>
 <li class="level2"><div class="li"> <a href="#groupmatch" title="documentation:2.0:extendedfunctions ↵" class="wikilink1">groupMatch</a></div>
 </li>
+<li class="level2"><div class="li"> <a href="#encrypt" title="documentation:2.0:extendedfunctions ↵" class="wikilink1">encrypt</a></div>
+</li>
+<li class="level2"><div class="li"> <a href="#token" title="documentation:2.0:extendedfunctions ↵" class="wikilink1">token</a></div>
+</li>
+<li class="level2"><div class="li"> <a href="#isinnet6" title="documentation:2.0:extendedfunctions ↵" class="wikilink1">isInNet6</a></div>
+</li>
 </ul>
 </li>
 </ul>
 <div class="notetip">To know more about the jail, check <a href="http://perldoc.perl.org/Safe.html" class="urlextern" title="http://perldoc.perl.org/Safe.html"  rel="nofollow">Safe module documentation</a>.
 </div>
 </div>
-<!-- EDIT2 SECTION "Presentation" [35-1192] -->
+<!-- EDIT2 SECTION "Presentation" [35-1271] -->
 <h2 class="sectionedit3" id="request_information">Request information</h2>
 <div class="level2">
 
@@ -159,12 +166,12 @@ The following data about the current request are available through functions :
 </ul>
 
 </div>
-<!-- EDIT3 SECTION "Request information" [1193-1598] -->
+<!-- EDIT3 SECTION "Request information" [1272-1677] -->
 <h2 class="sectionedit4" id="extended_functions_list">Extended Functions List</h2>
 <div class="level2">
 
 </div>
-<!-- EDIT4 SECTION "Extended Functions List" [1599-1635] -->
+<!-- EDIT4 SECTION "Extended Functions List" [1678-1714] -->
 <h3 class="sectionedit5" id="date">date</h3>
 <div class="level3">
 
@@ -174,7 +181,7 @@ Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT by callin
 <pre class="code">date(1)</pre>
 
 </div>
-<!-- EDIT5 SECTION "date" [1636-1755] -->
+<!-- EDIT5 SECTION "date" [1715-1834] -->
 <h3 class="sectionedit6" id="checklogonhours">checkLogonHours</h3>
 <div class="level3">
 
@@ -231,7 +238,7 @@ You can modify the default behavior for people without value in ssoLogonHours. I
 <pre class="code">checkLogonHours($ssoLogonHours, &#039;&#039;, &#039;&#039;, &#039;1&#039;)</pre>
 
 </div>
-<!-- EDIT6 SECTION "checkLogonHours" [1756-3693] -->
+<!-- EDIT6 SECTION "checkLogonHours" [1835-3772] -->
 <h3 class="sectionedit7" id="checkdate">checkDate</h3>
 <div class="level3">
 
@@ -263,7 +270,7 @@ Simple usage example:
 <pre class="code">checkDate($ssoStartDate, $ssoEndDate)</pre>
 
 </div>
-<!-- EDIT7 SECTION "checkDate" [3694-4321] -->
+<!-- EDIT7 SECTION "checkDate" [3773-4400] -->
 <h3 class="sectionedit8" id="basic">basic</h3>
 <div class="level3">
 <div class="noteimportant">This function is not compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
@@ -288,7 +295,7 @@ Simple usage example:
 <pre class="code">basic($uid,$_password)</pre>
 
 </div>
-<!-- EDIT8 SECTION "basic" [4322-4784] -->
+<!-- EDIT8 SECTION "basic" [4401-4863] -->
 <h3 class="sectionedit9" id="unicode2iso">unicode2iso</h3>
 <div class="level3">
 <div class="noteimportant">This function is not compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
@@ -311,7 +318,7 @@ Simple usage example:
 <pre class="code">unicode2iso($name)</pre>
 
 </div>
-<!-- EDIT9 SECTION "unicode2iso" [4785-5089] -->
+<!-- EDIT9 SECTION "unicode2iso" [4864-5168] -->
 <h3 class="sectionedit10" id="iso2unicode">iso2unicode</h3>
 <div class="level3">
 <div class="noteimportant">This function is not compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
@@ -334,7 +341,7 @@ Simple usage example:
 <pre class="code">iso2unicode($name)</pre>
 
 </div>
-<!-- EDIT10 SECTION "iso2unicode" [5090-5394] -->
+<!-- EDIT10 SECTION "iso2unicode" [5169-5473] -->
 <h3 class="sectionedit11" id="groupmatch">groupMatch</h3>
 <div class="level3">
 
@@ -360,7 +367,7 @@ Simple usage example:
 <pre class="code">groupMatch($hGroups, &#039;description&#039;, &#039;Service 1&#039;)</pre>
 
 </div>
-<!-- EDIT11 SECTION "groupMatch" [5395-5753] -->
+<!-- EDIT11 SECTION "groupMatch" [5474-5832] -->
 <h3 class="sectionedit12" id="encrypt">encrypt</h3>
 <div class="level3">
 <div class="notetip">Since version 2.0, this function is now compliant with <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>.
@@ -371,7 +378,7 @@ This function uses the secret key of LLNG configuration to crypt a data. This ca
 <pre class="code">encrypt($_whatToTrace)</pre>
 
 </div>
-<!-- EDIT12 SECTION "encrypt" [5754-6059] -->
+<!-- EDIT12 SECTION "encrypt" [5833-6138] -->
 <h3 class="sectionedit13" id="token">token</h3>
 <div class="level3">
 
@@ -381,6 +388,16 @@ This function generates token used to <a href="servertoserver.html" class="wikil
 <pre class="code">token($_session_id,&#039;webapp1.example.com&#039;,&#039;webapp2.example.com&#039;)</pre>
 
 </div>
-<!-- EDIT13 SECTION "token" [6060-] --></div>
+<!-- EDIT13 SECTION "token" [6139-6343] -->
+<h3 class="sectionedit14" id="isinnet6">isInNet6</h3>
+<div class="level3">
+
+<p>
+Function to check if an IPv6 address is in a subnet. Example <em>check if <abbr title="Internet Protocol">IP</abbr> address is local</em>:
+</p>
+<pre class="code perl">isInNet6<span class="br0">&#40;</span><span class="re0">$ipAddr</span><span class="sy0">,</span> <span class="st_h">'fe80::/10'</span><span class="br0">&#41;</span></pre>
+
+</div>
+<!-- EDIT14 SECTION "isInNet6" [6344-] --></div>
 </body>
 </html>

doc/pages/documentation/current/external2f.html

+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="utf-8" />
+  <title>documentation:2.0:external2f</title>
+<meta name="generator" content="DokuWiki"/>
+<meta name="robots" content="index,follow"/>
+<meta name="keywords" content="documentation,2.0,external2f"/>
+<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
+<link rel="start" href="external2f.html"/>
+<link rel="contents" href="external2f.html" title="Sitemap"/>
+<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
+<!-- //if:usedebianlibs
+  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
+//elsif:useexternallibs
+  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
+//elsif:cssminified
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
+//else -->
+  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
+<!-- //endif -->
+<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:external2f","namespace":"documentation:2.0"};
+/*!]]>*/</script>
+<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
+<!-- //if:usedebianlibs
+<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
+//elsif:useexternallibs
+<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
+//elsif:jsminified
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
+//else -->
+<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
+<!-- //endif -->
+<!-- //if:usedebianlibs
+  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
+//elsif:useexternallibs
+  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
+//elsif:jsminified
+  <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
+//else -->
+  <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
+<!-- //endif -->
+</head>
+<body>
+<div class="dokuwiki export container">
+
+<h1 class="sectionedit1" id="external_second_factor">External Second Factor</h1>
+<div class="level1">
+
+<p>
+This simple plugin can be used to add a second factor for authentication (SMS, OTP,…). It uses external commands to send and validate the second factor. You can use any language to call your 2nd factor system.
+</p>
+
+</div>
+<!-- EDIT1 SECTION "External Second Factor" [1-251] -->
+<h2 class="sectionedit2" id="commands">Commands</h2>
+<div class="level2">
+
+<p>
+Commands received arguments on the command line and must return a 0 code if succeed, another else. <strong>Nothing must be written to STDOUT</strong>, STDERR is reported in logs  <em>(but may be lost with FastCGI server)</em>.
+</p>
+
+</div>
+<!-- EDIT2 SECTION "Commands" [252-483] -->
+<h3 class="sectionedit3" id="configuration">Configuration</h3>
+<div class="level3">
+
+<p>
+All parameters are configured in “General Parameters » Portal Parameters » Extensions » External 2nd Factor”.
+</p>
+<ul>
+<li class="level1"><div class="li"> <strong>Activation</strong></div>
+</li>
+<li class="level1"><div class="li"> <strong>Send command</strong>: define your command using <em>$attribute</em> like in rules. Example: <code>/usr/local/bin/sendOtp –uid $uid</code></div>
+</li>
+<li class="level1"><div class="li"> <strong>Validation command</strong>: you must also use <em>$code</em> which is the value entered by user; Example: <code>/usr/local/bin/verify –uid $uid –code $code</code></div>
+</li>
+<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
+</li>
+</ul>
+<div class="noteimportant">The command line is split in an array and launch with exec(). So you don&#039;t need to enclose arguments in “” and this protects your system against shell injection. However, you can not use any space except to separate arguments.
+</div>
+</div>
+<!-- EDIT3 SECTION "Configuration" [484-] --></div>
+</body>
+</html>

doc/pages/documentation/current/federationproxy.html

@@ -62,19 +62,20 @@ So you can configure it to authenticate users using a federation protocol and si
 </p>
 
 <p>
-For example, a <abbr title="LemonLDAP::NG">LL::NG</abbr> server can be:
+Schemes validated:
 </p>
 <ul>
-<li class="level1"><div class="li"> A <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS server</a> with <a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML authentication</a></div>
+<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong>⇔</strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a> proxy <strong>⇔</strong> OIDC Provider</div>
 </li>
-<li class="level1"><div class="li"> An <a href="idpopenid.html" class="wikilink1" title="documentation:2.0:idpopenid">OpenID server</a> with <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS authentication</a></div>
-</li>
-<li class="level1"><div class="li"> An <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML server</a> with <a href="authopenid.html" class="wikilink1" title="documentation:2.0:authopenid">OpenID authentication</a></div>
-</li>
-<li class="level1"><div class="li"> …</div>
+<li class="level1"><div class="li"> OIDC-RP <strong>⇔</strong> LLNG as <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID-Connect</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong>⇔</strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
 </li>
 </ul>
 
+<p>
+Note that OpenID-Connect consortium hasn&#039;t already defined single-logout initiated by OpenID-Connect Provider. LLNG will implement it when this standard will be published.
+</p>
+<div class="noteimportant">Development of federation can be complex. Don&#039;t hesitate to contact us on lemonldap-ng-users@ow2.org
+</div>
 <p>
 See the following chapters:
 </p>

doc/pages/documentation/current/performances.html

@@ -211,11 +211,15 @@ The portal is the biggest component of Lemonldap::NG. Since version 2.0, it is r
 <li class="level1"><div class="li"> …</div>
 </li>
 </ul>
+
+<p>
+By default it uses local storage to store its tokens. If you have more than 1 portal and if your load-balancer doesn&#039;t keep state, you have to disable this to use the global session storage <em>(General parameters » portal Parameters » Advanced Parameters » Forms)</em>. Note that this will decrease performances.
+</p>
 <div class="notetip">In production environment for network performance, prefer using minified versions of javascript and css libs: use <code>make install <strong>PROD=yes</strong></code>. This is done by default in RPM/DEB packages.
 
 </div>
 </div>
-<!-- EDIT7 SECTION "General performances" [3645-4198] -->
+<!-- EDIT7 SECTION "General performances" [3645-4511] -->
 <h3 class="sectionedit8" id="apachesession_performances">Apache::Session performances</h3>
 <div class="level3">
 
@@ -262,11 +266,11 @@ Index      -&gt; ipAddr uid</pre>
 <p>
 Note that Apache::Session::Browseable::MySQL doesn&#039;t use MySQL locks.
 </p>
-<div class="notetip">A <a href="https://metacpan.org/module/Apache::Session::Browseable::Redis" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::Redis"  rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster (except for session explorer, defeated by Apache::Session::Browseable::<a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable"  rel="nofollow">DBI</a>/<a href="https://metacpan.org/module/Apache::Session::Browseable::LDAP" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::LDAP"  rel="nofollow">LDAP</a> &gt;= 1.0)
+<div class="notetip">A <a href="https://metacpan.org/module/Apache::Session::Browseable::Redis" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::Redis"  rel="nofollow">Apache::Session::Browseable::Redis</a> has been created, it is the faster (except for session explorer, defeated by Apache::Session::Browseable::<a href="https://metacpan.org/module/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable"  rel="nofollow">DBI</a>/<a href="https://metacpan.org/module/Apache::Session::Browseable::LDAP" class="urlextern" title="https://metacpan.org/module/Apache::Session::Browseable::LDAP"  rel="nofollow">LDAP</a> ≥ 1.0)
 </div><div class="noteimportant">Some Apache::Session module are not fully usable by Lemonldap::NG such as Apache::Session::Memcached since this modules do not offer capability to browse sessions. They does not allow one to use sessions explorer neither manage one-off sessions.
 </div>
 </div>
-<!-- EDIT8 SECTION "Apache::Session performances" [4199-6555] -->
+<!-- EDIT8 SECTION "Apache::Session performances" [4512-6869] -->
 <h3 class="sectionedit9" id="ldap_performances">LDAP performances</h3>
 <div class="level3">
 
@@ -303,12 +307,12 @@ Now ldapgroups contains “admin su”
 
 </div>