Commit 692231f6 authored by Xavier Guimard's avatar Xavier Guimard

Update generated fr doc

parent 048d0b75
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -50,13 +50,11 @@
</div><!-- EDIT2 SECTION "Mailing lists" [35-756] -->
<h2 class="sectionedit3" id="professional_services">Professional Services</h2>
<h2 class="sectionedit3" id="professional_services">Services professionnel</h2>
<div class="level2">
<p>
If you need a professional service or support, please contact one of the companies listed on <a href="professionalservices.html" class="wikilink1" title="professionalservices">the following page</a>.
Pour obtenir un support ou un service professionnel, contacter l'unde des entreprises citées à <a href="professionalservices.html" class="wikilink1" title="professionalservices">la page suivante</a>.
</p>
</div><!-- EDIT3 SECTION "Professional Services" [757-930] -->
......@@ -103,7 +101,7 @@ Pas de client <abbr title="Internet Relay Chat">IRC</abbr> ? <a href="http://web
</li>
<li class="level1"><div class="li"> <a href="https://plus.google.com/u/0/101819048603406959766/" class="urlextern" title="https://plus.google.com/u/0/101819048603406959766/" rel="nofollow">Google+</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://www.open-source-guide.com/Solutions/Developpement-et-couches-intermediaires/Authentification-federation-et-de-gestion-d-identite/Lemonldap-ng" class="urlextern" title="http://www.open-source-guide.com/Solutions/Developpement-et-couches-intermediaires/Authentification-federation-et-de-gestion-d-identite/Lemonldap-ng" rel="nofollow">Open Source Guide</a></div>
<li class="level1"><div class="li"> <a href="http://www.open-source-guide.com/Solutions/Developpement-et-couches-intermediaires/Authentification-federation-et-de-gestion-d-identite/Lemonldap-ng" class="urlextern" title="http://www.open-source-guide.com/Solutions/Developpement-et-couches-intermediaires/Authentification-federation-et-de-gestion-d-identite/Lemonldap-ng" rel="nofollow">Guide Open Source</a></div>
</li>
</ul>
......
......@@ -29,9 +29,7 @@
<div class="level2">
<p>
To use Active Directory as LDAP backend, you must change few things in the manager :
Pour utiliser Active Directory comme serveur LDAP, vous devez effectuer quelques modifications dans le manager :
</p>
<ul>
<li class="level1"><div class="li"> Utiliser “Active Directory” comme systèmes d'authentification, de gestion des utilisateurs et des mots-de-passe,</div>
......
......@@ -88,11 +88,11 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/bugzilla.html" class="media" title="documentation:1.9:applications:bugzilla"><img src="../../../media/applications/bugzilla_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="https://forge.indepnet.net/projects/glpi/wiki/GLPI-SSO" class="media" title="https://forge.indepnet.net/projects/glpi/wiki/GLPI-SSO" rel="nofollow"><img src="../../../media/applications/glpi_logo.png" class="media" alt="" width="100" /></a> </td>
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/bugzilla.html" class="media" title="documentation:1.9:applications:bugzilla"><img src="../../../media/applications/bugzilla_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/glpi.html" class="media" title="documentation:1.9:applications:glpi"><img src="../../../media/applications/glpi_logo.png" class="media" alt="" width="100" /></a> </td>
</tr>
</table></div><!-- EDIT10 TABLE [1073-1264] -->
</table></div><!-- EDIT10 TABLE [1073-1229] -->
</div><!-- EDIT9 SECTION "Bugtracker, Service Management" [1031-1265] -->
</div><!-- EDIT9 SECTION "Bugtracker, Service Management" [1031-1230] -->
<h3 class="sectionedit11" id="other">Autres</h3>
<div class="level3">
......@@ -103,7 +103,7 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="http://grr.mutualibre.org/documentation/body.php?id=35" class="media" title="http://grr.mutualibre.org/documentation/body.php?id=35" rel="nofollow"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/phpldapadmin.html" class="media" title="documentation:1.9:applications:phpldapadmin"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" class="media" title="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" rel="nofollow"><img src="../../../media/applications/linshare_logo.png" class="media" alt="" /></a> </td><td class="col3 centeralign"> <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="media" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" rel="nofollow"><img src="../../../media/applications/saplogo.gif" class="media" title="SAP" alt="SAP" /></a> </td>
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/grr.html" class="media" title="documentation:1.9:applications:grr"><img src="../../../media/applications/grr_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/phpldapadmin.html" class="media" title="documentation:1.9:applications:phpldapadmin"><img src="../../../media/applications/phpldapadmin_logo.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" class="media" title="http://www.linpki.org/projects/linshare/wiki/HttpHeaderSSOEN" rel="nofollow"><img src="../../../media/applications/linshare_logo.png" class="media" alt="" /></a> </td><td class="col3 centeralign"> <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="media" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" rel="nofollow"><img src="../../../media/applications/saplogo.gif" class="media" title="SAP" alt="SAP" /></a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> LimeSurvey </th><th class="col1 leftalign"> </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
......@@ -111,9 +111,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/limesurvey.html" class="media" title="documentation:1.9:applications:limesurvey"><img src="../../../media/applications/limesurvey_logo.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col1"> </td><td class="col2"> </td><td class="col3"> </td>
</tr>
</table></div><!-- EDIT12 TABLE [1283-1861] -->
</table></div><!-- EDIT12 TABLE [1248-1789] -->
</div><!-- EDIT11 SECTION "Other" [1266-1862] -->
</div><!-- EDIT11 SECTION "Other" [1231-1790] -->
<h2 class="sectionedit13" id="frameworks">Frameworks</h2>
<div class="level2">
......@@ -126,9 +126,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/spring.html" class="media" title="documentation:1.9:applications:spring"><img src="../../../media/applications/spring_logo.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/django.html" class="media" title="documentation:1.9:applications:django"><img src="../../../media/applications/django_logo.png" class="media" alt="" /></a> </td>
</tr>
</table></div><!-- EDIT14 TABLE [1887-2054] -->
</table></div><!-- EDIT14 TABLE [1815-1982] -->
</div><!-- EDIT13 SECTION "Frameworks" [1863-2055] -->
</div><!-- EDIT13 SECTION "Frameworks" [1791-1983] -->
<h2 class="sectionedit15" id="connectors">Connecteurs</h2>
<div class="level2">
......@@ -149,9 +149,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<a href="http://en.wikipedia.org/wiki/IBM_Lotus_iNotes" class="urlextern" title="http://en.wikipedia.org/wiki/IBM_Lotus_iNotes" rel="nofollow">IBM Lotus iNotes</a> </td><td class="col1 centeralign"> <a href="http://www.lambdaprobe.org" class="urlextern" title="http://www.lambdaprobe.org" rel="nofollow">Probe</a> <br/>
<a href="http://fr.lutece.paris.fr" class="urlextern" title="http://fr.lutece.paris.fr" rel="nofollow">Lutece</a> </td><td class="col2"> </td>
</tr>
</table></div><!-- EDIT16 TABLE [2080-2571] -->
</table></div><!-- EDIT16 TABLE [2008-2499] -->
</div><!-- EDIT15 SECTION "Connectors" [2056-2572] -->
</div><!-- EDIT15 SECTION "Connectors" [1984-2500] -->
<h2 class="sectionedit17" id="saml_connectors">Connecteurs SAML</h2>
<div class="level2">
......@@ -169,7 +169,7 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="../../documentation/1.9/applications/googleapps.html" class="media" title="documentation:1.9:applications:googleapps"><img src="../../../media/applications/googleapps_logo.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="../../documentation/1.9/applications/cornerstone.html" class="media" title="documentation:1.9:applications:cornerstone"><img src="../../../media/applications/csod_logo.png" class="mediacenter" alt="" /></a> </td><td class="col2 centeralign"> <a href="../../documentation/1.9/applications/salesforce.html" class="media" title="documentation:1.9:applications:salesforce"><img src="../../../media/applications/salesforce-logo.jpg" class="mediacenter" alt="" /></a> </td>
</tr>
</table></div><!-- EDIT18 TABLE [2692-2963] -->
</table></div><!-- EDIT18 TABLE [2620-2891] -->
</div>
</div><!-- closes <div class="dokuwiki export">--></body></html>
\ No newline at end of file
......@@ -33,18 +33,15 @@
<div class="level2">
<p>
<a href="https://www.alfresco.com/" class="urlextern" title="https://www.alfresco.com/" rel="nofollow">Alfresco</a> is an ECM/BPM software.
<a href="https://www.alfresco.com/" class="urlextern" title="https://www.alfresco.com/" rel="nofollow">Alfresco</a> est un logiciel ECM/BPM.
</p>
<p>
Since 4.0 release, it offers an easy way to configure <abbr title="Authentification unique (Single Sign On)">SSO</abbr> thanks to authentication subsystems.
Depuis la version 4.0, il permet facilement de configurer un <abbr title="Authentification unique (Single Sign On)">SSO</abbr> grace au sous-système d'authentification.
</p>
<p>
</p><p></p><div class="noteimportant">If you use an older version, you need to refer to the following documentation: <a href="https://wiki.alfresco.com/wiki/SSO" class="urlextern" title="https://wiki.alfresco.com/wiki/SSO" rel="nofollow">https://wiki.alfresco.com/wiki/SSO</a>
</p><p></p><div class="noteimportant">Pour les versions plus anciennes, se référer à cette documentation : <a href="https://wiki.alfresco.com/wiki/SSO" class="urlextern" title="https://wiki.alfresco.com/wiki/SSO" rel="nofollow">https://wiki.alfresco.com/wiki/SSO</a>
</div></p>
</p>
......@@ -59,14 +56,12 @@ Since 4.0 release, it offers an easy way to configure <abbr title="Authentificat
<div class="level3">
<p>
</p><p></p><div class="notetip">The official documentation can be found here: <a href="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" class="urlextern" title="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" rel="nofollow">http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html</a>
</p><p></p><div class="notetip">La documentation officielle se trouve ici : <a href="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" class="urlextern" title="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" rel="nofollow">http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html</a>
</div></p>
</p>
<p>
You need to find the following files in your Alfresco installation:
Les fichiers suivants sont nécessaires dans l'installation Alfresco :
</p>
<ul>
<li class="level1"><div class="li"> <code>alfresco-global.properties</code> (ex: <code>tomcat/shared/classes/alfresco-global.properties</code>)</div>
......@@ -76,15 +71,11 @@ You need to find the following files in your Alfresco installation:
</ul>
<p>
The first will allow to configure <abbr title="Authentification unique (Single Sign On)">SSO</abbr> for the alfresco webapp, and the other for the share webapp.
Le premier autorise la configuration du <abbr title="Authentification unique (Single Sign On)">SSO</abbr> pour la webapp Alfresco et l'autre pour la webapp partagée.
</p>
<p>
Edit first <code>alfresco-global.properties</code> and add the following:
Éditer d'abord <code>alfresco-global.properties</code> et ajouter :
</p>
<pre class="code file java">### SSO ###
authentication.<span class="me1">chain</span><span class="sy0">=</span>external1<span class="sy0">:</span>external
......@@ -95,9 +86,7 @@ external.<span class="me1">authentication</span>.<span class="me1">proxyHeader</
external.<span class="me1">authentication</span>.<span class="me1">userIdPattern</span><span class="sy0">=</span></pre>
<p>
Edit then <code>share-config-custom.xml</code> and uncomment the last part. In the <code>&lt;endpoint&gt;</code>, change <code>&lt;connector-id&gt;</code> value to <code>alfrescoHeader</code> and change the <code>&lt;userHeader&gt;</code> value to <code>Auth-User</code>:
Éditer ensuite <code>share-config-custom.xml</code> et décommenter la dernière partie. Dans le "<code>&lt;endpoint&gt;</code>", changer la valeur de <code>&lt;connector-id&gt;</code> en <code>alfrescoHeader</code> et changer la valeur de <code>&lt;userHeader&gt;</code> en <code>Auth-User</code> :
</p>
<pre class="code file xml"> <span class="sc3"><span class="re1">&lt;config</span> <span class="re0">evaluator</span>=<span class="st0">"string-compare"</span> <span class="re0">condition</span>=<span class="st0">"Remote"</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;remote<span class="re2">&gt;</span></span></span>
......@@ -135,14 +124,11 @@ Edit then <code>share-config-custom.xml</code> and uncomment the last part. In t
<span class="sc3"><span class="re1">&lt;/config<span class="re2">&gt;</span></span></span></pre>
<p>
You need to restart Tomcat to apply changes.
Un redémarrage de Tomcat est nécessaire pour appliquer les changements.
</p>
<p>
</p><p></p><div class="notewarning">Now you can log in with a simple HTTP header. You need to restrict access to Alfresco to <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</p><p></p><div class="notewarning">On peut ensuite se connecter avec un simple en-tête HTTP. Il faut restreindre l'accès à Alfresco à <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</div></p>
</p>
......@@ -152,19 +138,16 @@ You need to restart Tomcat to apply changes.
<div class="level3">
<p>
Just set the <code>Auth-User</code> header with the attribute that carries the user login, for example <code>$uid</code>.
Renseigner simplement l'en-tête <code>Auth-User</code> avec l'attribut qui contient le nom de login, par exemple <code>$uid</code>.
</p>
<p>
You can intercept the logout with this rule: <code>^/share/page/dologout ⇒ logout_app_sso</code>
On peut intercepter les déconnexions avec cette règle : <code>^/share/page/dologout ⇒ logout_app_sso</code>
</p>
</div><!-- EDIT5 SECTION "LL::NG" [3120-3332] -->
<h2 class="sectionedit6" id="other_resources">Other resources</h2>
<h2 class="sectionedit6" id="other_resources">Autres documents</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="https://www.youtube.com/watch?v=5tS0XrC_-rw" class="urlextern" title="https://www.youtube.com/watch?v=5tS0XrC_-rw" rel="nofollow">DevCon 2012: Unlocking the Secrets of Alfresco Authentication, Mehdi Belmekki</a></div>
......
......@@ -32,15 +32,18 @@
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<p>
</p><p></p><div class="noteimportant">Pour l'instant, cette fonctionnalité n'est offerte qu'avec le handler Apache.
</div></p>
</p>
<p>
Extrait de <a href="http://fr.wikipedia.org/wiki/HTTP_Authentification" class="urlextern" title="http://fr.wikipedia.org/wiki/HTTP_Authentification" rel="nofollow">l'article Wikipedia</a>:
</p>
<p>
</p><blockquote>
In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request.
Dans le contexte d'une transaction HTTP, l'authentification basique est une méthode qui permet au navigateur ou un autre programme client de fournir des éléments d'authentification – sous la forme d'un nom et d'un mot de passe – à chaque requête.
</p>
<p>
......@@ -49,24 +52,22 @@ Avant la transmission, le nom et le mot de passe sont encodés en base-64. Par e
</p>
<p>
So HTTP Basic Autentication is managed trough an HTTP header (<code>Authorization</code>), that can be forged by <abbr title="LemonLDAP::NG">LL::NG</abbr>, with this precautions:
Ainsi l'authentification basique HTTP est gérée par des en-têtes HTTP (<code>Autorisation</code>), qui peut être générée par <abbr title="LemonLDAP::NG">LL::NG</abbr>, avec les précautions suivantes :
</p>
<ul>
<li class="level1"><div class="li"> Data should not contains accents or special characters, as HTTP protocol only allow <abbr title="American Standard Code for Information Interchange">ASCII</abbr> values in header (but depending on the HTTP server, you can use ISO encoded values)</div>
<li class="level1"><div class="li"> Les données ne doivent pas contenir de caractères spéciaux, car le protocole HTTP n'autorise que les caractères <abbr title="American Standard Code for Information Interchange">ASCII</abbr> dans les en-têtes (mais suivant le serveur HTTP, vous pouvez utiliser des valeurs encodées ISO)</div>
</li>
<li class="level1"><div class="li"> Il est nécessaire d'exporter le mot-de-passe, qui peut être le mot-de-passe principal de l'utilisateur (si <a href="../../../documentation/1.9/passwordstore.html" class="wikilink1" title="documentation:1.9:passwordstore">le mot-de-passe est stocké dans la session</a>, ou n'importe quel attribut utilisateur (si d'autres mots-de-passe sont stockés dans la base de données des utilisateurs).</div>
</li>
</ul>
</div><!-- EDIT2 SECTION "Presentation" [78-1452] -->
</div><!-- EDIT2 SECTION "Presentation" [78-1535] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
The Basic Authentication relies on a specific HTTP header, as described above. Il suffit donc de déclarer cet en-tête pour l'hôte virtuel dans le manager.
L'authentification basique est portée par un en-tête HTTP spécifique, tel que décrit ci-dessous. Il suffit donc de déclarer cet en-tête pour l'hôte virtuel dans le manager.
</p>
<p>
......@@ -84,8 +85,7 @@ Ainsi l'exemple ci-dessous peut être écrit simplement :
<pre class="code">Authorization =&gt; basic($uid,$_password)</pre>
<p>
</p><p></p><div class="notetip">The <code>basic</code> function will also force conversion from UTF-8 to ISO-8859-1, which should be accepted by most of HTTP servers.
</p><p></p><div class="notetip">La fonction <code>basic</code> force la conversion des caractères UTF-8 en ISO-8859-1, qui peut être accepté par la plupart des serveurs HTTP.
</div></p>
</p>
......
......@@ -37,9 +37,7 @@
</p>
<p>
Bugzilla can authenticate a user with HTTP headers, and auto-create its account with a few information:
Bugzilla peut authentifier un utilisateur par en-tête HTTP et auto-générer son compte avec quelques informations :
</p>
<ul>
<li class="level1"><div class="li"> User ID</div>
......
......@@ -33,19 +33,18 @@
<div class="level2">
<p>
<a href="http://www.cornerstoneondemand.com/" class="urlextern" title="http://www.cornerstoneondemand.com/" rel="nofollow">CornerStone On Demand (CSOD)</a> allows to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It works by default with IDP intiated mechanism, but can works with the standard SP initiated cinematic.
<a href="http://www.cornerstoneondemand.com/" class="urlextern" title="http://www.cornerstoneondemand.com/" rel="nofollow">CornerStone On Demand (CSOD)</a> permet d'utiliser <abbr title="Security Assertion Markup Language">SAML</abbr> pour authentifier les utilisateurs. Il fonctionne par défaut avec un mécanisme initié par l'IDP mais permet un fonctionnement standard initié par le SP.
</p>
<p>
Pour fonctionner avec <abbr title="LemonLDAP::NG">LL::NG</abbr> il faut :
</p>
<ul>
<li class="level1"><div class="li"> An enterprise account</div>
<li class="level1"><div class="li"> un compte entreprise</div>
</li>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configuré comme <a href="../../../documentation/1.9/idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml">fournisseur d'identité SAML</a></div>
</li>
<li class="level1"><div class="li"> Registered users on CSOD with the same email than those used by <abbr title="LemonLDAP::NG">LL::NG</abbr> (email will be the NameID exchanged between CSOD and <abbr title="LemonLDAP::NG">LL::NG</abbr>)</div>
<li class="level1"><div class="li"> Enregistrer les utilisateurs dans CSOD avec la même adresse mail que celle utilisée dans <abbr title="LemonLDAP::NG">LL::NG</abbr> (l'adresse mail sera le NameID échangé entre CSOD et <abbr title="LemonLDAP::NG">LL::NG</abbr>)</div>
</li>
</ul>
......@@ -64,14 +63,12 @@ Il est nécessaire d'avoir configuré <abbr title="LemonLDAP::NG">LL::NG</abbr>
</p>
<p>
Now we will add CSOD as a new <abbr title="Security Assertion Markup Language">SAML</abbr> Service Provider:
Ajouter CSOD comme nouveau fournisseur de service <abbr title="Security Assertion Markup Language">SAML</abbr> :
</p>
<ol>
<li class="level1"><div class="li"> Dans le manager, cliquer sur fournisseurs de service <abbr title="Security Assertion Markup Language">SAML</abbr> puis sur le bouton <code>Nouveau fournisseur de service</code>.</div>
</li>
<li class="level1"><div class="li"> Set csod as Service Provider name.</div>
<li class="level1"><div class="li"> Mettre csod comme nom de fournisseur de service.</div>
</li>
<li class="level1"><div class="li"> Mettre <code>Email</code> dans <code>Options</code> » <code>Réponse d'authentification</code> » <code>Format NameID par défaut</code></div>
</li>
......@@ -95,25 +92,22 @@ Base64 encoded CSOD certificate
<span class="sc3"><span class="re1">&lt;/md:EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
<p>
</p><p></p><div class="noteimportant">Change <strong>mycompanyid</strong> (in <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) into your CSOD company ID and put the certificate value inside the ds:X509Certificate markup
</p><p></p><div class="noteimportant">Changer <strong>mycompanyid</strong> (dans <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) avec l'ID CSOD de l'entreprise et mettre la valeur du certificat dans ds:X509Certificate markup
</div></p>
</p>
</div><!-- EDIT4 SECTION "New Service Provider" [602-2116] -->
<h3 class="sectionedit5" id="csod_control_panel">CSOD control panel</h3>
<h3 class="sectionedit5" id="csod_control_panel">Panneau de configuration CSOD</h3>
<div class="level3">
<p>
CSOD needs two things to configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as an IDP:
CSOD nécessite 2 éléments pour configurer <abbr title="LemonLDAP::NG">LL::NG</abbr> comme IDP :
</p>
<ul>
<li class="level1"><div class="li"> Certificat</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> assertion</div>
<li class="level1"><div class="li"> Assertion <abbr title="Security Assertion Markup Language">SAML</abbr></div>
</li>
</ul>
......@@ -142,13 +136,11 @@ openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out ce
</div>
<h4 id="saml_assertion">SAML assertion</h4>
<h4 id="saml_assertion">Assertion SAML</h4>
<div class="level4">
<p>
You need to use the IDP initiated feature of <abbr title="LemonLDAP::NG">LL::NG</abbr>. Just call this <abbr title="Uniform Resource Locator">URL</abbr>:
Il faut utiliser la fonctionnalité initiée par l'IDP de <abbr title="LemonLDAP::NG">LL::NG</abbr>. Lancer simplement cette <abbr title="Uniform Resource Locator">URL</abbr>:
</p>
<pre class="code">https://auth.example.com/saml/singleSignOn?IDPInitiated=1&amp;sp=mycompanyid.csod.com</pre>
......
......@@ -33,7 +33,7 @@
<div class="level2">
<p>
<a href="http://drupal.org" class="urlextern" title="http://drupal.org" rel="nofollow">Drupal</a> is a <abbr title="Système de gestion de contenu">CMS</abbr> written in PHP. Il peut utiliser des modules externes pour étendre ses fonctionnalités. One of this module can be used to delegate authentication server to the web server: <a href="http://drupal.org/project/Webserver_auth" class="urlextern" title="http://drupal.org/project/Webserver_auth" rel="nofollow">Webserver Auth</a>.
<a href="http://drupal.org" class="urlextern" title="http://drupal.org" rel="nofollow">Drupal</a> est un <abbr title="Système de gestion de contenu">CMS</abbr> écrit en PHP. Il peut utiliser des modules externes pour étendre ses fonctionnalités. L'un de ses modules peut être utilisé pour déléger l'authentification serveur au serveur web : <a href="http://drupal.org/project/Webserver_auth" class="urlextern" title="http://drupal.org/project/Webserver_auth" rel="nofollow">Webserver Auth</a>.
</p>
</div><!-- EDIT2 SECTION "Presentation" [61-353] -->
......
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr"
lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title><!-- metadata --><!-- style sheet links -->
<meta name="generator" content="Hors ligne" />
<meta name="version" content="Hors-ligne 0.1" />
<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1 class="sectionedit1" id="glpi">GLPI</h1>
<div class="level1">
<p>
<img src="../../../../media/applications/glpi_logo.png" class="mediacenter" alt="" />
</p>
</div><!-- EDIT1 SECTION "GLPI" [1-63] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<p>
<a href="http://www.glpi-project.org" class="urlextern" title="http://www.glpi-project.org" rel="nofollow">GLPI</a> est un gestionnaire d'informations de ressources avec une interface additionnelle d'administration. On peut construire une base de données contenant un inventaire de l'entreprise (ordinateurs, logiciels, imprimantes,…). Il dispose de functions avancées pour faciliter la vie des administrateurs, telle un détecteur de tâches avec notification par mail et des méthodes pour construire la base de données avec des informations minimales sur la topologie du réseau.
</p>
</div><!-- EDIT2 SECTION "Presentation" [64-531] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
Pour GLPI &gt;= 0.71, une simple configuration de GLPI suffit : Setup → Authentication. Dans “External authentications” cliquer sur “Others” et dans “Field holding the login in the _SERVER array” choisir “REMOTE_USER”
</p>
<p>
Pour les versions plus anciennes, voir <a href="http://wiki.glpi-project.org/doku.php?id=en:authautoad" class="urlextern" title="http://wiki.glpi-project.org/doku.php?id=en:authautoad" rel="nofollow">http://wiki.glpi-project.org/doku.php?id=en:authautoad</a>
</p>
</div>
</div><!-- closes <div class="dokuwiki export">--></body></html>
\ No newline at end of file
......@@ -89,7 +89,7 @@ Puis configurer tous les paramètres <abbr title="Security Assertion Markup Lang
<ul>
<li class="level1"><div class="li"> <strong>Enable Single Sign-On</strong>: sélectionner. Le désélectionner désactive l'authentification <abbr title="Security Assertion Markup Language">SAML</abbr> (à utiliser, si votre fournisseur d'identité est hors service).</div>
</li>
<li class="level1"><div class="li"> <strong>Sign-in page <abbr title="Uniform Resource Locator">URL</abbr></strong>: <abbr title="Authentification unique (Single Sign On)">SSO</abbr> access point (HTTP-Redirect binding). Example: <a href="http://auth.example.com/saml/singleSignOn" class="urlextern" title="http://auth.example.com/saml/singleSignOn" rel="nofollow">http://auth.example.com/saml/singleSignOn</a></div>
<li class="level1"><div class="li"> <strong>Sign-in page <abbr title="Uniform Resource Locator">URL</abbr></strong>: point d'accès <abbr title="Authentification unique (Single Sign On)">SSO</abbr> (HTTP-Redirect binding). Exemple : <a href="http://auth.example.com/saml/singleSignOn" class="urlextern" title="http://auth.example.com/saml/singleSignOn" rel="nofollow">http://auth.example.com/saml/singleSignOn</a></div>
</li>
<li class="level1"><div class="li"> <strong>Sign-out page <abbr title="Uniform Resource Locator">URL</abbr></strong>: il ne s'agit pas du point d'accès de déconnexion globale (SLO) (Google Apps ne le supporte pas), mais de la page de déconnexion. Exemple: <a href="http://auth.example.com/?logout=1" class="urlextern" title="http://auth.example.com/?logout=1" rel="nofollow">http://auth.example.com/?logout=1</a></div>
</li>
......@@ -103,13 +103,11 @@ Puis configurer tous les paramètres <abbr title="Security Assertion Markup Lang
<div class="level3">
<p>
Pour le certificate, vous pouvez le construire en signant la clef privée enregistrée dans le Manager. Select the key, and export it (button <code>Download</code>). This will download the public and the private key.
Pour le certificate, vous pouvez le construire en signant la clef privée enregistrée dans le Manager. Selectionner la clef, et l'exporter (bouton <code>Télécharger</code>): Ceci télécharge les clefs publique et privée.
</p>
<p>
Keep the private key in a file, for example lemonldap-ng-priv.key, then use openssl to generate an auto-signed certificate:
Garder la clef privée dans un fichier, par exemple lemonldap-ng-priv.key, et utiliser openssl pour générer un certificat auto-signé :
</p>
<pre class="code">openssl req -new -key lemonldap-ng-priv.key -out cert.csr
openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out cert.pem</pre>
......@@ -119,7 +117,7 @@ Télécharger ensuite le certificat (<code>cert.pem</code>) dans Google Apps.
</p>
<p>
</p><p></p><div class="notetip">You can also use the certificate instead of public key in <abbr title="Security Assertion Markup Language">SAML</abbr> metadata, see <a href="../../../documentation/1.9/samlservice.html#security_parameters" class="wikilink1" title="documentation:1.9:samlservice">SAML service configuration</a>
</p><p></p><div class="notetip">On peut aussi utiliser le certificat au lieu de la clef publique dans les métadatas <abbr title="Security Assertion Markup Language">SAML</abbr>, voir <a href="../../../documentation/1.9/samlservice.html#security_parameters" class="wikilink1" title="documentation:1.9:samlservice">configuration du service SAML</a>
</div></p>
</p>
......@@ -155,7 +153,7 @@ Ajouter ensuite Google Apps comme nouveau fournisseur de service <abbr title="Se
<span class="sc3"><span class="re1">&lt;/md:EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
<p>
</p><p></p><div class="noteimportant">Changer <strong>mydomain.org</strong> (dans <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) en votre domaine Google Apps. Also adapt your entityID to match the Assertion issuer: google.com/a/mydomain.org
</p><p></p><div class="noteimportant">Changer <strong>mydomain.org</strong> (dans <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) en votre domaine Google Apps. Adapter également l' "entityID" pour qu'elle corresponde à l'émetteur de l'assertion : google.com/a/mydomain.org
</div></p>
</p>
......
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr"
lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title><!-- metadata --><!-- style sheet links -->
<meta name="generator" content="Hors ligne" />
<meta name="version" content="Hors-ligne 0.1" />
<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1 class="sectionedit1" id="grr">GRR</h1>
<div class="level1">
<p>
<img src="../../../../media/applications/grr_logo.png" class="mediacenter" alt="" />
</p>
</div><!-- EDIT1 SECTION "GRR" [1-61] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<p>
<a href="http://grr.devome.com/fr/" class="urlextern" title="http://grr.devome.com/fr/" rel="nofollow">GRR</a> is a room booking software.
</p>
</div><!-- EDIT2 SECTION "Presentation" [62-150] -->
<h3 class="sectionedit3" id="configuration">Configuration</h3>
<div class="level3">
<p>
GRR has a <abbr title="Authentification unique (Single Sign On)">SSO</abbr> configuration page in its administration panel. You just need to choose if the authenticated user will be a “user” or a “guest”.
</p>
</div>
</div><!-- closes <div class="dokuwiki export">--></body></html>
\ No newline at end of file
This diff is collapsed.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr"
lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title><!-- metadata --><!-- style sheet links -->
<meta name="generator" content="Hors ligne" />
<meta name="version" content="Hors-ligne 0.1" />
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1 class="sectionedit1" id="deploy_nginx_configuration">Deploy Nginx configuration</h1>
<div class="level1">
</div><!-- EDIT1 SECTION "Deploy Nginx configuration" [1-42] -->
<h2 class="sectionedit2" id="files">Files</h2>
<div class="level2">
<p>
With tarball installation, Nginx configuration files will be installed in <code>/usr/local/lemonldap-ng/etc/</code>, else they are in <code>/etc/lemonldap-ng</code>.
</p>
<p>
You have to include them in Nginx main configuration.
</p>
</div><!-- EDIT2 SECTION "Files" [43-265] -->
<h3 class="sectionedit3" id="debianubuntu">Debian/Ubuntu</h3>
<div class="level3">
<p>
Link files into <code>sites-available</code> directory (should already have been done if you used packages):
</p>
<pre class="code">ln -s /etc/lemonldap-ng/handler-nginx.conf /etc/nginx/sites-available/
ln -s /etc/lemonldap-ng/manager-nginx.conf /etc/nginx/sites-available/
ln -s /etc/lemonldap-ng/portal-nginx.conf /etc/nginx/sites-available/
ln -s /etc/lemonldap-ng/test-nginx.conf /etc/nginx/sites-available/</pre>
<p>
Enable sites:
</p>
<pre class="code">ln -s /etc/nginx/sites-available/handler-nginx.conf /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/manager-nginx.conf /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/portal-nginx.conf /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/test-nginx.conf /etc/nginx/sites-enabled/</pre>
</div><!-- EDIT3 SECTION "Debian/Ubuntu" [266-1024] -->
<h3 class="sectionedit4" id="red_hatcentos">Red Hat/CentOS</h3>
<div class="level3">
<p>
Link files directly in <code>conf.d</code> directory:
</p>
<pre class="code">ln -s /etc/lemonldap-ng/handler-nginx.conf /etc/nginx/conf.d/
ln -s /etc/lemonldap-ng/manager-nginx.conf /etc/nginx/conf.d/
ln -s /etc/lemonldap-ng/portal-nginx.conf /etc/nginx/conf.d/
ln -s /etc/lemonldap-ng/test-nginx.conf /etc/nginx/conf.d/</pre>
</div>
</div><!-- closes <div class="dokuwiki export">--></body></html>
\ No newline at end of file
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment