Commit af752e3d authored by Clément OUDOT's avatar Clément OUDOT

Documentation update

git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/branches/lemonldap-ng_version_1_4-bugfixes@3509 1dbb9719-a921-0410-b57f-c3a383c2c641
parent 59d80d99
......@@ -65,7 +65,7 @@
</ul>
</div>
<!-- SECTION "Installation and configuration" [325-926] -->
<!-- SECTION "Installation and configuration" [325-905] -->
<h2><a name="development" id="development">Development</a></h2>
<div class="level2">
......@@ -102,7 +102,7 @@
</ul>
</div>
<!-- SECTION "Development" [927-1851] -->
<!-- SECTION "Development" [906-1830] -->
<h3><a name="translators" id="translators">Translators</a></h3>
<div class="level3">
......@@ -112,7 +112,7 @@ See <a href="translations.html" class="wikilink1" title="translations">translati
</p>
</div>
<!-- SECTION "Translators" [1852-1897] -->
<!-- SECTION "Translators" [1831-1876] -->
<h2><a name="other" id="other">Other</a></h2>
<div class="level2">
......@@ -133,4 +133,4 @@ See <a href="translations.html" class="wikilink1" title="translations">translati
</ul>
</div>
<!-- SECTION "Other" [1898-] --></div><!-- closes <div class="dokuwiki export">-->
<!-- SECTION "Other" [1877-] --></div><!-- closes <div class="dokuwiki export">-->
......@@ -62,9 +62,25 @@ Inside this jail, you can access to:
</li>
<li class="level1"><div class="li"> The <a href="http://perldoc.perl.org/MIME/Base64.html" class="urlextern" title="http://perldoc.perl.org/MIME/Base64.html" rel="nofollow">encode_base64</a> subroutine</div>
</li>
<li class="level1"><div class="li"> All environment variables (trough %ENV)</div>
<li class="level1"><div class="li"> Environment variables, in some cases (through %ENV)</div>
</li>
<li class="level1"><div class="li"> <a href="#functions_list" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">Extended functions</a></div>
<li class="level1"><div class="li"> <a href="#request_informations" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">Informations about current request</a></div>
</li>
<li class="level1"><div class="li"> <a href="#extended_functions_list" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">Extended functions</a>:</div>
<ul>
<li class="level2"><div class="li"> <a href="#date" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">date</a></div>
</li>
<li class="level2"><div class="li"> <a href="#checklogonhours" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">checkLogonHours</a></div>
</li>
<li class="level2"><div class="li"> <a href="#checkdate" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">checkDate</a></div>
</li>
<li class="level2"><div class="li"> <a href="#basic" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">basic</a></div>
</li>
<li class="level2"><div class="li"> <a href="#unicode2iso" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">unicode2iso</a></div>
</li>
<li class="level2"><div class="li"> <a href="#iso2unicode" title="documentation:1.4:extendedfunctions &crarr;" class="wikilink1">iso2unicode</a></div>
</li>
</ul>
</li>
</ul>
......@@ -75,21 +91,57 @@ Inside this jail, you can access to:
</p>
</div>
<!-- SECTION "Presentation" [35-800] -->
<h2><a name="functions_list_available" id="functions_list_available">Functions list available</a></h2>
<!-- SECTION "Presentation" [35-1075] -->
<h2><a name="request_informations" id="request_informations">Request informations</a></h2>
<div class="level2">
<p>
The following data about the current request are available through functions :
</p>
<ul>
<li class="level1"><div class="li"> hostname</div>
</li>
<li class="level1"><div class="li"> remote_ip: the client <acronym title="Internet Protocol">IP</acronym> address</div>
</li>
<li class="level1"><div class="li"> uri: <acronym title="Uniform Resource Locator">URL</acronym> path</div>
</li>
<li class="level1"><div class="li"> uri_with_args: <acronym title="Uniform Resource Locator">URL</acronym> path with query string</div>
</li>
<li class="level1"><div class="li"> unparsed_uri: <acronym title="Uniform Resource Locator">URL</acronym> path, before <acronym title="Uniform Resource Locator">URL</acronym> decoding</div>
</li>
<li class="level1"><div class="li"> args: the query string</div>
</li>
<li class="level1"><div class="li"> method: the request method (GET, POST etc.)</div>
</li>
<li class="level1"><div class="li"> header_in(“Your-Request-Header”): any request header</div>
</li>
</ul>
</div>
<!-- SECTION "Request informations" [1076-1482] -->
<h2><a name="extended_functions_list" id="extended_functions_list">Extended Functions List</a></h2>
<div class="level2">
</div>
<!-- SECTION "Functions list available" [801-838] -->
<h3><a name="checklogonhours" id="checklogonhours">checkLogonHours</a></h3>
<!-- SECTION "Extended Functions List" [1483-1519] -->
<h3><a name="date" id="date">date</a></h3>
<div class="level3">
<p>
This function will check the day and the hour of current request, and compare it to allowed days and hours. It returns 1 if this match, 0 else.
Returns the date, in format YYYYMMDDHHMMSS, local time by default, GMT by calling
</p>
<pre class="code">date(1)</pre>
</div>
<!-- SECTION "date" [1520-1639] -->
<h3><a name="checklogonhours" id="checklogonhours">checkLogonHours</a></h3>
<div class="level3">
<p>
This function will check the day and the hour of current request, and compare it to allowed days and hours. It returns 1 if this match, 0 else.
All e
By default, the allowed days and hours is an hexadecimal value, representing each hour of the week. A day has 24 hours, and a week 7 days, so the value contains 168 bits, converted into 42 hexadecimal characters. Sunday is the first day.
</p>
......@@ -133,7 +185,7 @@ checkLogonHours($ssoLogonHours)
If you use the binary value (Active Directory), use this:
</p>
<pre class="code">
<pre class="code">All e
checkLogonHours($ssoLogonHours, &#039;octetstring&#039;)
</pre>
......@@ -162,7 +214,7 @@ checkLogonHours($ssoLogonHours, &#039;&#039;, &#039;&#039;, &#039;1&#039;)
</pre>
</div>
<!-- SECTION "checkLogonHours" [839-2766] -->
<!-- SECTION "checkLogonHours" [1640-3577] -->
<h3><a name="checkdate" id="checkdate">checkDate</a></h3>
<div class="level3">
......@@ -206,7 +258,7 @@ checkDate($ssoStartDate, $ssoEndDate)
</pre>
</div>
<!-- SECTION "checkDate" [2767-3394] -->
<!-- SECTION "checkDate" [3578-4205] -->
<h3><a name="basic" id="basic">basic</a></h3>
<div class="level3">
......@@ -240,7 +292,7 @@ basic($uid,$_password)
</pre>
</div>
<!-- SECTION "basic" [3395-3857] -->
<!-- SECTION "basic" [4206-4668] -->
<h3><a name="unicode2iso" id="unicode2iso">unicode2iso</a></h3>
<div class="level3">
......@@ -272,7 +324,7 @@ unicode2iso($name)
</pre>
</div>
<!-- SECTION "unicode2iso" [3858-4162] -->
<!-- SECTION "unicode2iso" [4669-4973] -->
<h3><a name="iso2unicode" id="iso2unicode">iso2unicode</a></h3>
<div class="level3">
......@@ -304,4 +356,4 @@ iso2unicode($name)
</pre>
</div>
<!-- SECTION "iso2unicode" [4163-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "iso2unicode" [4974-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -32,7 +32,7 @@
<p>
Form replay allows you to open a session on a protected application by replaying the form POST without asking anything to the user.
Form replay allows you to open a session on a protected application by filling a <acronym title="HyperText Markup Language">HTML</acronym> POST login form and autosubmitting it, without asking anything to the user.
</p>
<p>
......@@ -47,21 +47,21 @@ Please always try to find another solution to protect your application with <acr
</p>
<p>
If you configure form replay with <acronym title="LemonLDAP::NG">LL::NG</acronym>, the Handler will catch configured POST <acronym title="Uniform Resource Locator">URL</acronym> and send a POST query to the target page (which can be different of the caught page). Each field can be filled with static values or data from user&#039;s session.
If you configure form replay with <acronym title="LemonLDAP::NG">LL::NG</acronym>, the Handler will detect forms to fill, add a javascript in the html page to fill form fields with dummy datas and submit it, then intercept the POST request and add POST data in the request body.
</p>
<p>
<p><div class="notetip">
To post user&#039;s password, you must enable <a href="../../documentation/1.4/passwordstore.html" class="wikilink1" title="documentation:1.4:passwordstore">password storing</a>. In this case you will be able to use <code>$_password</code> to fill any password POST field.
</div></p>
POST data can be static values or computed from user&#039;s session.
</p>
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> can catch a GET request and transform it internally in a POST request. All this work is transparent for the user, he cannot see what data are posted by <acronym title="LemonLDAP::NG">LL::NG</acronym>.
<p><div class="notetip">
To post user&#039;s password, you must enable <a href="../../documentation/1.4/passwordstore.html" class="wikilink1" title="documentation:1.4:passwordstore">password storing</a>. In this case you will be able to use <code>$_password</code> to fill any password POST field.
</div></p>
</p>
</div>
<!-- SECTION "Presentation" [28-1147] -->
<!-- SECTION "Presentation" [28-1068] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
......@@ -70,22 +70,37 @@ To post user&#039;s password, you must enable <a href="../../documentation/1.4/p
You should grab some informations:
</p>
<ul>
<li class="level1"><div class="li"> <acronym title="Uniform Resource Identifier">URI</acronym> of the page which contains the form</div>
<li class="level1"><div class="li"> <acronym title="Uniform Resource Identifier">URI</acronym> of the html page which contains the form</div>
</li>
<li class="level1"><div class="li"> <acronym title="Uniform Resource Identifier">URI</acronym> of the page which receive POST data (optional if it is the same as the page holding the form)</div>
<li class="level1"><div class="li"> <acronym title="Uniform Resource Identifier">URI</acronym> the html form is sent to</div>
</li>
<li class="level1"><div class="li"> All fields name and values</div>
<li class="level1"><div class="li"> Does the html page load jQuery ? If not, grab a jQuery <acronym title="Uniform Resource Locator">URL</acronym> reachable by user (any version over jQuery 1.0 is suitable)</div>
</li>
<li class="level1"><div class="li"> are there several html forms in the page ? If so, get a jQuery selector for the form you want to post</div>
</li>
<li class="level1"><div class="li"> is user required to click on a button, for example in order to perform some script ? If so, get a jQuery selector for that button</div>
</li>
<li class="level1"><div class="li"> names and values of the fields you want to control</div>
</li>
</ul>
<p>
If you don&#039;t know jQuery selector, just be aware that they are similar to css selectors: for example, button#foo points to the html button whose id is “foo”, and .bar points to all html elements of css class “bar”.
</p>
<p>
For example:
</p>
<ul>
<li class="level1"><div class="li"> Form page <acronym title="Uniform Resource Identifier">URI</acronym>: /login.php</div>
</li>
<li class="level1"><div class="li"> POST data <acronym title="Uniform Resource Identifier">URI</acronym>: /process.php</div>
<li class="level1"><div class="li"> Target <acronym title="Uniform Resource Identifier">URI</acronym>: /process.php (if you let this parameter empty, target <acronym title="Uniform Resource Identifier">URI</acronym> is supposed to be the same as form page <acronym title="Uniform Resource Identifier">URI</acronym>)</div>
</li>
<li class="level1"><div class="li"> jQuery <acronym title="Uniform Resource Locator">URL</acronym>: http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js (if you let this parameter empty, jQuery is supposed to be already loaded; you can also set “default” to point to jQuery <acronym title="Uniform Resource Locator">URL</acronym> of <acronym title="LemonLDAP::NG">LL::NG</acronym> portal)</div>
</li>
<li class="level1"><div class="li"> jQuery form selector: #loginForm (if you let this parameter empty, browser will fill and submit any html form)</div>
</li>
<li class="level1"><div class="li"> jQuery button selector: button.validate (if you let this parameter empty, the form will be submitted but no button will be clicked; if you set it to “none”, no button will be clicked and the form will be filled but not submitted)</div>
</li>
<li class="level1"><div class="li"> Fields:</div>
<ul>
......@@ -103,7 +118,7 @@ For example:
<p>
Then go in Manager, <code>Virtual Hosts</code> » <em>virtualhost</em> » <code>Form replay</code> and click on <code>Add POST <acronym title="Uniform Resource Locator">URL</acronym></code>.
Then go in Manager, “Virtual Hosts” » <em>virtualhost</em> » “Form replay” and click on “New form”.
</p>
<p>
......@@ -114,10 +129,16 @@ Then go in Manager, <code>Virtual Hosts</code> » <em>virtualhost</em> » <code>
Fill values here:
</p>
<ul>
<li class="level1"><div class="li"> <strong>POST <acronym title="Uniform Resource Locator">URL</acronym></strong>: /login.php</div>
<li class="level1"><div class="li"> <strong>Form <acronym title="Uniform Resource Locator">URL</acronym></strong>: /login.php</div>
</li>
<li class="level1"><div class="li"> <strong>Target <acronym title="Uniform Resource Locator">URL</acronym></strong>: /process.php</div>
</li>
<li class="level1"><div class="li"> <strong>jQuery <acronym title="Uniform Resource Locator">URL</acronym></strong>: http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js</div>
</li>
<li class="level1"><div class="li"> <strong>jQuery form selector</strong>: #loginForm</div>
</li>
<li class="level1"><div class="li"> <strong>jQuery button selector</strong>: button.validate</div>
</li>
</ul>
<p>
......@@ -135,25 +156,4 @@ Then click on <code>New POST data</code> and add all data with their values, for
</p>
</div>
<!-- SECTION "Configuration" [1148-2099] -->
<h2><a name="form_replay_with_apache_mod_proxy" id="form_replay_with_apache_mod_proxy">Form replay with Apache mod_proxy</a></h2>
<div class="level2">
<p>
Due to a conflict between <acronym title="LemonLDAP::NG">LL::NG</acronym> form replay and Apache mod_proxy (see <a href="http://jira.ow2.org/browse/LEMONLDAP-176" class="urlextern" title="http://jira.ow2.org/browse/LEMONLDAP-176" rel="nofollow">issue</a>), you cannot use form replay on proxied applications, unless you use <acronym title="LemonLDAP::NG">LL::NG</acronym> <a href="../../documentation/1.4/internalproxy.html" class="wikilink1" title="documentation:1.4:internalproxy">internal proxy</a>:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span>&gt;
<span class="kw1">ServerName</span> test2.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
PerlModule Lemonldap::NG::Handler::Proxy
<span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
PerlHandler Lemonldap::NG::Handler::Proxy
PerlSetVar LmProxyPass http://APPLICATION/
PerlSetVar LmLocationToReplace http://APPLICATION/,http://test2.example.com
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
</div>
<!-- SECTION "Form replay with Apache mod_proxy" [2100-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Configuration" [1069-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -198,9 +198,28 @@ For each attribute, you can set:
</li>
<li class="level1"><div class="li"> <strong>Force NameID session key</strong>: if empty, the NameID mapping defined in <a href="../../documentation/1.4/samlservice.html" class="wikilink1" title="documentation:1.4:samlservice">SAML service</a> configuration will be used. You can force here another session key that will be used as NameID content.</div>
</li>
<li class="level1"><div class="li"> <strong>One Time Use</strong>: set the OneTimeUse flag in authentication response.</div>
<li class="level1"><div class="li"> <strong>One Time Use</strong>: set the OneTimeUse flag in authentication response (<code>&lt;Condtions&gt;</code>).</div>
</li>
<li class="level1"><div class="li"> <strong>sessionNotOnOrAfter duration</strong>: Time in seconds, added to authentication time, to define sessionNotOnOrAfter value in <acronym title="Security Assertion Markup Language">SAML</acronym> response (<code>&lt;AuthnStatement&gt;</code>):</div>
</li>
</ul>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;saml:AuthnStatement</span> <span class="re0">AuthnInstant</span>=<span class="st0">&quot;2014-07-21T11:47:08Z&quot;</span></span>
<span class="sc3"> <span class="re0">SessionIndex</span>=<span class="st0">&quot;loVvqZX+Vja2dtgt/N+AymTmckGyITyVt+UJ6vUFSFkE78S8zg+aomXX7oZ9qX1UxOEHf6Q4DUstewSJh1uK1Q==&quot;</span></span>
<span class="sc3"> <span class="re0">SessionNotOnOrAfter</span>=<span class="st0">&quot;2014-07-21T15:47:08Z&quot;</span><span class="re2">&gt;</span></span></pre>
<ul>
<li class="level1"><div class="li"> <strong>notOnOrAfter duration</strong>: Time in seconds, added to authentication time, to define notOnOrAfter value in <acronym title="Security Assertion Markup Language">SAML</acronym> response (<code>&lt;Condtions&gt;</code> and <code>&lt;SubjectConfirmationData&gt;</code>):</div>
</li>
</ul>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;saml:SubjectConfirmationData</span> <span class="re0">NotOnOrAfter</span>=<span class="st0">&quot;2014-07-21T12:47:08Z&quot;</span></span>
<span class="sc3"> <span class="re0">Recipient</span>=<span class="st0">&quot;http://simplesamlphp.example.com/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp&quot;</span></span>
<span class="sc3"> <span class="re0">InResponseTo</span>=<span class="st0">&quot;_3cfa896ab05730ac81f413e1e13cc42aa529eceea1&quot;</span><span class="re2">/&gt;</span></span></pre>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;saml:Conditions</span> <span class="re0">NotBefore</span>=<span class="st0">&quot;2014-07-21T11:46:08Z&quot;</span></span>
<span class="sc3"> <span class="re0">NotOnOrAfter</span>=<span class="st0">&quot;2014-07-21T12:48:08Z&quot;</span><span class="re2">&gt;</span></span></pre>
<p>
<p><div class="noteimportant">There is a time tolerance of 60 seconds in <code>&lt;Conditions&gt;</code>
</div></p>
</p>
</div>
......
......@@ -32,7 +32,7 @@
</div>
<!-- SECTION "Packages and archives" [25-59] -->
<h3><a name="stable_version_133" id="stable_version_133">Stable version (1.3.3)</a></h3>
<h3><a name="stable_version_140" id="stable_version_140">Stable version (1.4.0)</a></h3>
<div class="level3">
</div>
......@@ -40,7 +40,7 @@
<h4><a name="tarball" id="tarball">Tarball</a></h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19757" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19757" rel="nofollow">Tarball</a></div>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19998" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19998" rel="nofollow">Tarball</a></div>
</li>
</ul>
......@@ -71,9 +71,9 @@ You can:
<h5><a name="rhelcentos_5" id="rhelcentos_5">RHEL/CentOS 5</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19758" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19758" rel="nofollow">RPM bundle</a></div>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19999" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19999" rel="nofollow">RPM bundle</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19759" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19759" rel="nofollow">Source RPM</a></div>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=20000" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=20000" rel="nofollow">Source RPM</a></div>
</li>
</ul>
......@@ -82,9 +82,9 @@ You can:
<h5><a name="rhelcentos_6" id="rhelcentos_6">RHEL/CentOS 6</a></h5>
<div class="level5">
<ul>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19760" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19760" rel="nofollow">RPM bundle</a></div>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=20001" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=20001" rel="nofollow">RPM bundle</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19761" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19761" rel="nofollow">Source RPM</a></div>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=20002" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=20002" rel="nofollow">Source RPM</a></div>
</li>
</ul>
......@@ -113,12 +113,12 @@ You can:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19762" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=19762" rel="nofollow">DEB bundle</a></div>
<li class="level1"><div class="li"> <a href="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=20003" class="urlextern" title="http://forge.ow2.org/project/download.php?group_id=274&amp;file_id=20003" rel="nofollow">DEB bundle</a></div>
</li>
</ul>
</div>
<!-- SECTION "Stable version (1.3.3)" [60-1226] -->
<!-- SECTION "Stable version (1.4.0)" [60-1226] -->
<h3><a name="older_versions" id="older_versions">Older versions</a></h3>
<div class="level3">
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment