Commit a8cdb046 authored by Xavier Guimard's avatar Xavier Guimard

Update doc

parent af138325
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=b1ead7f504050dc6ea4ebced99caf5c1" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=5e53528a309f1afd578fccb6a5f04cf7" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -220,7 +220,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1526412059" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1526585770" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=b1ead7f504050dc6ea4ebced99caf5c1" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=5e53528a309f1afd578fccb6a5f04cf7" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -220,7 +220,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1526412059" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1526585770" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -66,25 +66,25 @@ Just enable it in the manager (section “plugins”). You <em class="u">must</e
<div class="level2">
<p>
When enabled, <code>/checkstate</code> <abbr title="Uniform Resource Locator">URL</abbr> path is handled by this plugin. It can be called only by an unauthenticated request. GET parameters:
When enabled, <code>/checkstate</code> <abbr title="Uniform Resource Locator">URL</abbr> path is handled by this plugin. GET parameters:
</p>
<div class="table sectionedit4"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Parameter </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> Value </th>
<th class="col0 centeralign"> GET Parameter </th><th class="col1 centeralign"> Need </th><th class="col2 centeralign"> Value </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> secret </td><td class="col1 centeralign"> required </td><td class="col2"> Same value as the shared secret given to the manager </td>
<td class="col0 centeralign"> <code>secret</code> </td><td class="col1 centeralign"> required </td><td class="col2"> Same value as the shared secret given to the manager </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> user </td><td class="col1 centeralign"> optional </td><td class="col2"> If set (with password), a login/logout process will be tried </td>
<td class="col0 centeralign"> <code>user</code> </td><td class="col1 centeralign"> optional </td><td class="col2" rowspan="2"> If set (with password), a login/logout process will be tried </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> password </td><td class="col1 centeralign"> optional </td><td class="col2 leftalign"> </td>
<td class="col0 centeralign"> <code>password</code> </td><td class="col1 centeralign"> optional </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [466-693] -->
<!-- EDIT4 TABLE [413-667] -->
<p>
Example: <code><a href="https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho" class="urlextern" title="https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho" rel="nofollow">https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho</a></code>
</p>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:cli_examples</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,cli_examples"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="cli_examples.html"/>
......@@ -298,7 +298,13 @@ In this example we have:
</li>
<li class="level1"><div class="li"> Client secret : testclientsecret</div>
</li>
<li class="level1"><div class="li"> Allowed redirection <abbr title="Uniform Resource Locator">URL</abbr>: <a href="https://testrp.e-serv.ch/?callback=1" class="urlextern" title="https://testrp.e-serv.ch/?callback=1" rel="nofollow">https://testrp.e-serv.ch/?callback=1</a></div>
<li class="level1"><div class="li"> Allowed redirection <abbr title="Uniform Resource Locator">URL</abbr>:</div>
<ul>
<li class="level2"><div class="li"> For login: <a href="https://testrp.example.com/?callback=1" class="urlextern" title="https://testrp.example.com/?callback=1" rel="nofollow">https://testrp.example.com/?callback=1</a></div>
</li>
<li class="level2"><div class="li"> For logout: <a href="https://testrp.example.com/" class="urlextern" title="https://testrp.example.com/" rel="nofollow">https://testrp.example.com/</a></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Exported attributes:</div>
<ul>
......@@ -325,12 +331,12 @@ In this example we have:
<li class="level1"><div class="li"> Redirection:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsRedirectUris &#039;https://testrp.e-serv.ch/?callback=1&#039;</pre>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsRedirectUris &#039;https://testrp.example.com/?callback=1&#039; oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsPostLogoutRedirectUris &#039;https://testrp.example.com/&#039;</pre>
<ul>
<li class="level1"><div class="li"> Signature and token expiration:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataOptions/idm oidcRPMetaDataOptionsIDTokenSignAlg RS512 oidcRPMetaDataOptions/idm oidcRPMetaDataOptionsIDTokenExpiration 3600 oidcRPMetaDataOptions/idm oidcRPMetaDataOptionsAccessTokenExpiration 3600</pre>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsIDTokenSignAlg RS512 oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsIDTokenExpiration 3600 oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsAccessTokenExpiration 3600</pre>
</div>
<!-- EDIT9 SECTION "Register an OpenID Connect Relying Party" [7670-] --></div>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:configapache</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,configapache"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="configapache.html"/>
......@@ -46,13 +46,13 @@
<h1 class="sectionedit1" id="deploy_apache_configuration">Deploy Apache configuration</h1>
<div class="level1">
<div class="noteclassic">This step should already have been if you installed <abbr title="LemonLDAP::NG">LL::NG</abbr> with packages.
<div class="noteclassic">This step should have been already done if you installed <abbr title="LemonLDAP::NG">LL::NG</abbr> with packages.
</div>
</div>
<!-- EDIT1 SECTION "Deploy Apache configuration" [1-131] -->
<!-- EDIT1 SECTION "Deploy Apache configuration" [1-136] -->
<h2 class="sectionedit2" id="files">Files</h2>
<div class="level2">
<div class="noteimportant">Apache-ModPerl is no longer usable since version 2.4 <em>(many segfaults,…)</em>. No problem for portal and manager since they are now handle by FastCGI.
<div class="noteimportant">Apache-ModPerl is no longer usable since 2.4 version <em>(many segfaults,…)</em>. No problem for portal and manager since they are now handled by FastCGI.
<p>
<strong>But for handlers, please use <a href="confignginx.html" class="wikilink1" title="documentation:2.0:confignginx">Nginx</a> !</strong>
</p>
......@@ -82,7 +82,7 @@ a2ensite test-apache2.conf</pre>
</div>
</div>
<!-- EDIT2 SECTION "Files" [132-1156] -->
<!-- EDIT2 SECTION "Files" [137-1162] -->
<h2 class="sectionedit3" id="modules">Modules</h2>
<div class="level2">
......@@ -104,6 +104,6 @@ You will also need to load some Apache modules:
</div>
</div>
<!-- EDIT3 SECTION "Modules" [1157-] --></div>
<!-- EDIT3 SECTION "Modules" [1163-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:handlerarch</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,handlerarch"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="handlerarch.html"/>
......@@ -44,14 +44,14 @@
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="handler_architecture">Handler architecture</h1>
<h1 class="sectionedit1" id="handler_libraries_architecture">Handler libraries architecture</h1>
<div class="level1">
<p>
Handlers are build on rows of modules:
</p>
<ul>
<li class="level1"><div class="li"> Applications or launchers that get the request and choose the good type <em>(Main, AuthBasic, ZimbraPreAuth,…)</em> and launch it <em>(may not inherits of other Handler::* modules)</em></div>
<li class="level1"><div class="li"> Applications or launchers that get the request and choose the right type <em>(Main, AuthBasic, ZimbraPreAuth,…)</em> and launch it <em>(may not inherits from other Handler::* modules)</em></div>
</li>
<li class="level1"><div class="li"> Wrappers that call “type” library and platform “Main” <em>(may all inherits from Platform::Main)</em></div>
</li>
......@@ -62,7 +62,7 @@ Handlers are build on rows of modules:
</ul>
</div>
<!-- EDIT1 SECTION "Handler architecture" [1-452] -->
<!-- EDIT1 SECTION "Handler libraries architecture" [1-465] -->
<h2 class="sectionedit2" id="overview_of_handler_packages">Overview of Handler packages</h2>
<div class="level2">
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
......@@ -84,7 +84,7 @@ Handlers are build on rows of modules:
<td class="col0 centeralign" colspan="2"> PSGI </td><td class="col2 centeralign"> PSGI::&lt;type&gt; </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [495-753] -->
<!-- EDIT3 TABLE [508-766] -->
<p>
Types are:
</p>
......@@ -102,6 +102,6 @@ Types are:
</ul>
</div>
<!-- EDIT2 SECTION "Overview of Handler packages" [453-] --></div>
<!-- EDIT2 SECTION "Overview of Handler packages" [466-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:handlerauthbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,handlerauthbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="handlerauthbasic.html"/>
......@@ -70,25 +70,25 @@
<div class="level2">
<p>
The AuthBasic Handler is a special Handler that will us AuthBasic to authenticate to a virtual host, and then play authorizations rules to allow access to the virtual
The AuthBasic Handler is a special Handler that will use AuthBasic to authenticate to a virtual host, and then run authorization rules to allow access to the virtual
host.
</p>
<p>
The Handler will send a WWW-Authenticate header to the client, to request user and password, and then check the credentials using REST web service (you must enable REST session service in the manager). When session is granted, the Handler will then check the authorizations like the standard Handler.
The Handler will send a WWW-Authenticate header to the client, to request user and password, and then check the credentials using REST web service (you must enable REST session service in the manager). Then, when session is granted, the Handler will check authorizations like the standard Handler.
</p>
<p>
This can be useful to allow an third party application to access a virtual host with users credentials by sending a Basic challenge to it.
This can be useful to allow a third party application to access a virtual host with users credentials by sending a Basic challenge to it.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [34-677] -->
<!-- EDIT2 SECTION "Presentation" [34-672] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [678-704] -->
<!-- EDIT3 SECTION "Configuration" [673-699] -->
<h3 class="sectionedit4" id="virtual_host">Virtual host</h3>
<div class="level3">
......@@ -107,7 +107,7 @@ If you want to protect only a virtualHost part, keep type on “Main” and set
</ul>
</div>
<!-- EDIT4 SECTION "Virtual host" [705-1095] -->
<!-- EDIT4 SECTION "Virtual host" [700-1090] -->
<h3 class="sectionedit5" id="nginx">Nginx</h3>
<div class="level3">
......@@ -144,7 +144,7 @@ location / {
}</pre>
</div>
<!-- EDIT5 SECTION "Nginx" [1096-2119] -->
<!-- EDIT5 SECTION "Nginx" [1091-2114] -->
<h3 class="sectionedit6" id="handler_parameters">Handler parameters</h3>
<div class="level3">
......@@ -153,6 +153,6 @@ No parameters needed. But you have to allow sessions web services, see <a href="
</p>
</div>
<!-- EDIT6 SECTION "Handler parameters" [2120-] --></div>
<!-- EDIT6 SECTION "Handler parameters" [2115-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:logs</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,logs"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="logs.html"/>
......
......@@ -88,7 +88,7 @@ Up-to-date documentation is available on GitHub.
</li>
<li class="level1"><div class="li"> Multi-lines are not supported in lemonldap-ng.ini</div>
</li>
<li class="level1"><div class="li"> Virtualhosts handled by node-lemonldap-ng-handler must be explicitly declared in you <code>lemonldap-ng.ini</code> file in <code>[node-handler]</code> section <em>(<strong>NB</strong>: section <code>[handler]</code> isn&#039;t used by node handler)</em>:</div>
<li class="level1"><div class="li"> Virtualhosts handled by node-lemonldap-ng-handler must be explicitly declared in your <code>lemonldap-ng.ini</code> file in <code>[node-handler]</code> section <em>(<strong>NB</strong>: section <code>[handler]</code> isn&#039;t used by node handler)</em>:</div>
</li>
</ul>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>node-handler<span class="br0">&#93;</span></span>
......@@ -96,7 +96,7 @@ Up-to-date documentation is available on GitHub.
<span class="re1">nodeVhosts</span> <span class="sy0">=</span><span class="re2"> test.example.com, test2.example.com</span></pre>
</div>
<!-- EDIT2 SECTION "Examples" [210-730] -->
<!-- EDIT2 SECTION "Examples" [210-731] -->
<h3 class="sectionedit3" id="use_it_as_fastcgi_server_application_protection_only">Use it as FastCGI server (application protection only)</h3>
<div class="level3">
......@@ -142,7 +142,7 @@ handler.<span class="me1">nginxServer</span><span class="br0">&#40;</span><span
# Keep original hostname
fastcgi_param HOST $http_host;
&nbsp;
# Keep original request (LLNG server will received /llauth)
# Keep original request (LLNG server will received /lmauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
......@@ -158,7 +158,7 @@ handler.<span class="me1">nginxServer</span><span class="br0">&#40;</span><span
</dd></dl>
</div>
<!-- EDIT3 SECTION "Use it as FastCGI server (application protection only)" [731-1912] -->
<!-- EDIT3 SECTION "Use it as FastCGI server (application protection only)" [732-1913] -->
<h3 class="sectionedit4" id="use_it_to_protect_an_express_app">Use it to protect an express app</h3>
<div class="level3">
<dl class="file">
......@@ -188,6 +188,6 @@ app.<span class="me1">listen</span><span class="br0">&#40;</span><span class="nu
</dd></dl>
</div>
<!-- EDIT4 SECTION "Use it to protect an express app" [1913-] --></div>
<!-- EDIT4 SECTION "Use it to protect an express app" [1914-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:parameterlist</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,parameterlist"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="parameterlist.html"/>
......
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:platformsoverview</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,platformsoverview"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="platformsoverview.html"/>
<link rel="contents" href="platformsoverview.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:platformsoverview","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#portalmanager_installation">Portal/Manager installation</a></div></li>
<li class="level1"><div class="li"><a href="#application_protection_overview">Application protection overview</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#handler_integration">Handler integration</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#direct_application_mode">Direct Application Mode</a></div></li>
<li class="level3"><div class="li"><a href="#reverseproxy_mode">ReverseProxy Mode</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#external_servers_for_nginx">External servers for Nginx</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#fastcgi">FastCGI</a></div></li>
<li class="level3"><div class="li"><a href="#uwsgi">uWSGI</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="platforms_overview">Platforms overview</h1>
<div class="level1">
<p>
LLNG is able to use different web servers to provide its services. Here is a resume of all possibilities. We recommend:
</p>
<ul>
<li class="level1"><div class="li"> For installations subject to small/medium load: Nginx with our default FastCGI server, or Apache <em>(with mpm_prefork engine)</em></div>
</li>
<li class="level1"><div class="li"> For heavily loaded installation: Nginx. The choice for <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">FastCGI server engine</a> depends on the behavior of your users</div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "Platforms overview" [1-437] -->
<h2 class="sectionedit2" id="portalmanager_installation">Portal/Manager installation</h2>
<div class="level2">
<p>
Since 2.0, both portal and manager are native FastCGI applications. They can be used on any web server that can dial with a FastCGI server. Some examples:
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> </th><th class="col1 centeralign" colspan="2"> Apache </th><th class="col3 centeralign"> Nginx </th><th class="col4 centeralign"> Plack servers family </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <strong>Engines</strong> </td><td class="col1 centeralign" colspan="2"> <a href="https://httpd.apache.org/mod_fcgid/" class="urlextern" title="https://httpd.apache.org/mod_fcgid/" rel="nofollow">mod_fcgid</a> or <a href="http://www.fastcgi.com/" class="urlextern" title="http://www.fastcgi.com/" rel="nofollow">mod_fastcgi</a> </td><td class="col3 centeralign"> <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">FastCGI/uWSGI server</a> </td><td class="col4 centeralign"> Any <a href="https://plackperl.org" class="urlextern" title="https://plackperl.org" rel="nofollow">Plack HTTP server</a> <em>(see <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">our doc</a>)</em> </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>Link with webserver process</strong> </td><td class="col1 centeralign"> External processes managed by webserver <em>(default)</em> </td><td class="col2 centeralign"> External <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">LLNG server</a> </td><td class="col3 centeralign"> External <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">LLNG server</a> </td><td class="col4 centeralign"> <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">Inside</a> </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [635-1181] -->
</div>
<!-- EDIT2 SECTION "Portal/Manager installation" [438-1182] -->
<h2 class="sectionedit4" id="application_protection_overview">Application protection overview</h2>
<div class="level2">
<p>
Applications can be protected:
</p>
<ul>
<li class="level1"><div class="li"> by a LLNG handler</div>
</li>
<li class="level1"><div class="li"> by themselves if they can dial with a supported protocol (<abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID-Connect,…)</div>
</li>
</ul>
<p>
To protect applications with handler, LLNG can be used in two mode:
</p>
<ul>
<li class="level1"><div class="li"> Direct Application Mode : LLNG handler is an embedded application. Handler must be installed on application Web Server</div>
</li>
<li class="level1"><div class="li"> ReverseProxy Mode : applications are hidden behind a ReverseProxy which provides the required LLNG handler</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Application protection overview" [1183-1672] -->
<h3 class="sectionedit5" id="handler_integration">Handler integration</h3>
<div class="level3">
</div>
<h4 id="direct_application_mode">Direct Application Mode</h4>
<div class="level4">
<p>
LLNG handlers can be installed on the following web servers:
</p>
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 leftalign"> </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th><th class="col3 centeralign"> Plack servers family </th><th class="col4 centeralign"> Node.js </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <strong>Addon needed</strong> </td><td class="col1 centeralign"> ModPerl </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td><td class="col4 centeralign"> Express </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>LLNG integration in webserver</strong> </td><td class="col1 centeralign"> <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a> </td><td class="col2 centeralign"> Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a> <em>(auth_request)</em> </td><td class="col3 centeralign"> <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">Inside</a> </td><td class="col4 centeralign"> <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" rel="nofollow">Inside</a> </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [1799-2271] -->
</div>
<h4 id="reverseproxy_mode">ReverseProxy Mode</h4>
<div class="level4">
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 leftalign"> </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <strong>LLNG integration in ReverseProxy webserver</strong> </td><td class="col1 centeralign"> <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a> </td><td class="col2 centeralign"> Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a> </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [2299-2536] -->
</div>
<!-- EDIT5 SECTION "Handler integration" [1673-2538] -->
<h3 class="sectionedit8" id="external_servers_for_nginx">External servers for Nginx</h3>
<div class="level3">
<p>
Natively, Nginx supportes FastCGI and uWSGI protocoles.
</p>
<p>
Therefore, LLNG services can be provided by compatible external servers.
</p>
<div class="notetip">FastCGI or uWSGI server(s) can be installed on separate hosts. Also you can imagine a global cloud-FastCGI/uWSGI-service for all your Nginx servers. See <a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSO as a service (SSOaaS)</a> for more.
</div>
</div>
<h4 id="fastcgi">FastCGI</h4>
<div class="level4">
<p>
By default, LLNG provides a Plack based FastCGI server able to afford all LLNG services using <a href="https://metacpan.org/pod/Plack::Handler::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI" rel="nofollow">FCGI</a> engine <strong>(default)</strong>.
</p>
<p>
However, you can use some other FastCGI server engines:
</p>
<ul>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI" rel="nofollow">AnyEvent::FCGI</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::EV" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::EV" rel="nofollow">FCGI::EV</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Engine" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Engine" rel="nofollow">FCGI::Engine</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager" rel="nofollow">FCGI::Engine::ProcManager</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Async" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Async" rel="nofollow">FCGI::Async</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#nginx-authorization-server" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#nginx-authorization-server" rel="nofollow">LLNG FastCGI server for Node.js</a>(*)</div>
</li>
</ul>
<div class="notewarning">(*) LLNG Node.js handler can be used only as Nginx `auth_request` server, not to serve Portal or Manager
</div>
</div>
<h4 id="uwsgi">uWSGI</h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> uWSGI server <em>(with uwsgi PSGI plugin, see <a href="psgi.html" class="wikilink1" title="documentation:2.0:psgi">Advanced PSGI usage</a>)</em></div>
</li>
</ul>
</div>
<!-- EDIT8 SECTION "External servers for Nginx" [2539-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:psgi</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,psgi"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="psgi.html"/>
......@@ -66,11 +66,11 @@ LLNG is build on <a href="http://plackperl.org/" class="urlextern" title="http:/
</ul>
<p>
uWSGI and <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> may provide the highest performance.
uWSGI or <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js FastCGI server</a> may provide the highest performance.
</p>
</div>
<!-- EDIT1 SECTION "Advanced PSGI usage" [1-629] -->
<!-- EDIT1 SECTION "Advanced PSGI usage" [1-635] -->
<h2 class="sectionedit2" id="fastcgi_server_replacement">FastCGI server replacement</h2>
<div class="level2">
......@@ -78,9 +78,21 @@ uWSGI and <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:
A <code>llng-server.psgi</code> is provided in example directory. It is designed to replace exactly FastCGI server. You can use it :
</p>
<ul>
<li class="level1"><div class="li"> with a FCGI Plack server, but you just have to change llng-fastcgi-server engine <em>(in /etc/default/llng-fastcgi-server)</em> to have the same result</div>
<li class="level1"><div class="li"> with a FCGI Plack server, but you just have to change llng-fastcgi-server engine <em>(in /etc/default/llng-fastcgi-server)</em> to have the same result. Available engines:</div>
<ul>
<li class="level2"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI" rel="nofollow">FCGI</a> <strong>(default)</strong></div>
</li>
<li class="level2"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI" rel="nofollow">AnyEvent::FCGI</a></div>
</li>
<li class="level2"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::EV" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::EV" rel="nofollow">FCGI::EV</a></div>
</li>
<li class="level2"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Engine" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Engine" rel="nofollow">FCGI::Engine</a></div>
</li>
<li class="level1"><div class="li"> with a HTTP Plack server, not yet tested</div>
<li class="level2"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager" rel="nofollow">FCGI::Engine::ProcManager</a></div>
</li>
<li class="level2"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Async" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Async" rel="nofollow">FCGI::Async</a></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> with uWSGI <em><strong>(see below)</strong></em></div>
</li>
......@@ -100,7 +112,7 @@ See also <a href="highperfnginxhandler.html" class="wikilink1" title="documentat
</p>
</div>
<!-- EDIT2 SECTION "FastCGI server replacement" [630-1417] -->
<!-- EDIT2 SECTION "FastCGI server replacement" [636-1878] -->
<h3 class="sectionedit3" id="using_uwsgi">Using uWSGI</h3>
<div class="level3">
......@@ -114,6 +126,6 @@ You will find in LLNG Nginx configuration files some comments that explain how t
</p>
</div>
<!-- EDIT3 SECTION "Using uWSGI" [1418-] --></div>
<!-- EDIT3 SECTION "Using uWSGI" [1879-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:redirections</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,redirections"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="redirections.html"/>
......@@ -43,15 +43,37 @@
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<h1 class="sectionedit1" id="handler_redirections">Handler Redirections</h1>
<ul class="toc">
<li class="level1"><div class="li"><a href="#handler_redirections">Handler Redirections</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#protocol_and_port">Protocol and port</a></div></li>
<li class="level2"><div class="li"><a href="#forbidden_and_server_error">Forbidden and Server error</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#portal_redirections">Portal Redirections</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="redirections">Redirections</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Redirections" [1-28] -->
<h2 class="sectionedit2" id="handler_redirections">Handler Redirections</h2>
<div class="level2">
<div class="noteclassic">When a user access a Handler without a cookie, he is redirected on portal, and the target <abbr title="Uniform Resource Locator">URL</abbr> is encoded in redirection <abbr title="Uniform Resource Locator">URL</abbr> (to redirect user after authentication process).
</div>
</div>
<!-- EDIT1 SECTION "Handler Redirections" [1-223] -->
<h2 class="sectionedit2" id="protocol_and_port">Protocol and port</h2>
<div class="level2">
<!-- EDIT2 SECTION "Handler Redirections" [29-249] -->
<h3 class="sectionedit3" id="protocol_and_port">Protocol and port</h3>
<div class="level3">
<p>
To encode the redirection <abbr title="Uniform Resource Locator">URL</abbr>, the handler will use some Apache environment variables and also configuration settings:
......@@ -69,9 +91,9 @@ These parameters can be configured in Manager, in <code>General Parameters</code
<div class="notetip">These settings can be overridden per virtual host, see <a href="configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">virtual host management</a>.
</div>
</div>
<!-- EDIT2 SECTION "Protocol and port" [224-732] -->
<h2 class="sectionedit3" id="forbidden_and_server_error">Forbidden and Server error</h2>
<div class="level2">
<!-- EDIT3 SECTION "Protocol and port" [250-756] -->
<h3 class="sectionedit4" id="forbidden_and_server_error">Forbidden and Server error</h3>
<div class="level3">
<p>
Handler use the default Apache error code for the following cases:
......@@ -116,18 +138,20 @@ These paramet