Commit 02fb3d96 authored by Clément OUDOT's avatar Clément OUDOT

LEMONLDAP::NG : brand new WebSSO example installation

parent 7baf8c6b
This diff is collapsed.
......@@ -2,8 +2,6 @@ Lemonldap::NG TODO
------------------
TODO list for Lemonldap::NG development
- Priority: Normal Status: Planning Created: 2007\05\03 12-28-30
Modify example to use nameVirtualHost instead of 127.0.0.x adresses
- Priority: Low Status: In progress Created: 2007\05\03 10-41-36
Modify install to make a running example as debian install
- Priority: Low Status: Done Created: 2007\04\23 21-26-18 Done: 2007\10\24 10-17-47
......
include __DIR__/handler/lmH-apache.conf
#Listen 127.0.0.2:80
<VirtualHost 127.0.0.2:*>
ServerName auth.example.com
# DocumentRoot
DocumentRoot __DIR__/portal
<Directory __DIR__/portal>
Order allow,deny
Allow from all
Options +ExecCGI
</Directory>
# Portal and Manager must be interpreted by Perl
<Files *.pl>
SetHandler perl-script
PerlHandler Apache::Registry
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
</VirtualHost>
#Listen 127.0.0.4:80
<VirtualHost 127.0.0.4:*>
ServerName manager.example.com
# DocumentRoot
DocumentRoot __DIR__/manager
<Directory __DIR__/manager>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
Options +ExecCGI
</Directory>
# Portal and Manager must be interpreted by Perl
<Files *.pl>
SetHandler perl-script
PerlHandler Apache::Registry
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
</VirtualHost>
include __DIR__/handler/lmH-apache2.conf
PerlOptions +GlobalRequest
#Listen 127.0.0.2:80
<VirtualHost 127.0.0.2:*>
ServerName auth.example.com
# DocumentRoot
DocumentRoot __DIR__/portal
<Directory __DIR__/portal>
Order allow,deny
Allow from all
Options +ExecCGI
</Directory>
# Portal and Manager must be interpreted by Perl
<Files *.pl>
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
</VirtualHost>
#Listen 127.0.0.4:80
<VirtualHost 127.0.0.4:*>
ServerName manager.example.com
# DocumentRoot
DocumentRoot __DIR__/manager
<Directory __DIR__/manager>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
Options +ExecCGI
</Directory>
# Portal and Manager must be interpreted by Perl
<Files *.pl>
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
</VirtualHost>
NameVirtualHost *
# Perl environment
PerlRequire __DIR__/handler/MyHandler.pm
<Files ~ "\.(pl)$">
SetHandler perl-script
PerlHandler Apache::Registry
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
# Common error page and security parameters
ErrorDocument 403 http://auth.__DNSDOMAIN__/error.pl
ServerSignature Off
LogLevel warn
# Portal virtual host
<VirtualHost *>
ServerName auth.__DNSDOMAIN__
# DocumentRoot
DocumentRoot __DIR__/portal/
<Directory __DIR__/portal/>
Order allow,deny
Allow from all
Options +ExecCGI
</Directory>
</VirtualHost>
# Manager virtual host
<VirtualHost *>
ServerName manager.__DNSDOMAIN__
# DocumentRoot
DocumentRoot __DIR__/manager/
<Directory __DIR__/manager/>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
Options +ExecCGI
</Directory>
# On-line documentation
Alias /docs/ __DIR__/docs/
<Directory __DIR__/docs/>
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
# Application Test
<VirtualHost *>
ServerName test1.__DNSDOMAIN__
# SSO protection
PerlHeaderParserHandler My::Package
# DocumentRoot
DocumentRoot __DIR__/test/
<Directory __DIR__/test/>
Order deny,allow
Allow from all
Options +ExecCGI
</Directory>
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
<Location /reload>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
PerlHeaderParserHandler My::Package->refresh
</Location>
# Uncomment this to activate status module
#<Location /status>
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/8
# PerlHeaderParserHandler My::Package->status
#</Location>
</VirtualHost>
<VirtualHost *>
ServerName test2.__DNSDOMAIN__
# SSO protection
PerlHeaderParserHandler My::Package
# DocumentRoot
DocumentRoot __DIR__/test/
<Directory __DIR__/test/>
Order deny,allow
Allow from all
Options +ExecCGI
</Directory>
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
<Location /reload>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
PerlHeaderParserHandler My::Package->refresh
</Location>
# Uncomment this to activate status module
#<Location /status>
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/8
# PerlHeaderParserHandler My::Package->status
#</Location>
</VirtualHost>
NameVirtualHost *
# Perl environment
PerlRequire __DIR__/handler/MyHandler.pm
PerlOptions +GlobalRequest
<Files ~ "\.(pl)$">
SetHandler perl-script
PerlHandler ModPerl::Registry
PerlSendHeader On
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
# Common error page and security parameters
ErrorDocument 403 http://auth.__DNSDOMAIN__/error.pl
ServerSignature Off
LogLevel warn
# Portal virtual host
<VirtualHost *>
ServerName auth.__DNSDOMAIN__
# DocumentRoot
DocumentRoot __DIR__/portal/
<Directory __DIR__/portal/>
Order allow,deny
Allow from all
Options +ExecCGI
</Directory>
</VirtualHost>
# Manager virtual host
<VirtualHost *>
ServerName manager.__DNSDOMAIN__
# DocumentRoot
DocumentRoot __DIR__/manager/
<Directory __DIR__/manager/>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
Options +ExecCGI
</Directory>
# On-line documentation
Alias /docs/ __DIR__/docs/
<Directory __DIR__/docs/>
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
# Application Test
<VirtualHost *>
ServerName test1.__DNSDOMAIN__
# SSO protection
PerlHeaderParserHandler My::Package
# DocumentRoot
DocumentRoot __DIR__/test/
<Directory __DIR__/test/>
Order deny,allow
Allow from all
Options +ExecCGI
</Directory>
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
<Location /reload>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
PerlHeaderParserHandler My::Package->refresh
</Location>
# Uncomment this to activate status module
#<Location /status>
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/8
# PerlHeaderParserHandler My::Package->status
#</Location>
</VirtualHost>
<VirtualHost *>
ServerName test2.__DNSDOMAIN__
# SSO protection
PerlHeaderParserHandler My::Package
# DocumentRoot
DocumentRoot __DIR__/test/
<Directory __DIR__/test/>
Order deny,allow
Allow from all
Options +ExecCGI
</Directory>
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
<Location /reload>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
PerlHeaderParserHandler My::Package->refresh
</Location>
# Uncomment this to activate status module
#<Location /status>
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/8
# PerlHeaderParserHandler My::Package->status
#</Location>
</VirtualHost>
127.0.0.1 auth.__DNSDOMAIN__ manager.__DNSDOMAIN__ test1.__DNSDOMAIN__ test2.__DNSDOMAIN__
127.0.0.2 auth.example.com
127.0.0.3 test.example.com
127.0.0.4 manager.example.com
ldapServer
'localhost'
globalStorage
'Apache::Session::File'
ldapBase
'dc=example,dc=com'
cookieName
'lemonldap'
ldapPort
389
whatToTrace
'$uid'
managerDn
''
exportedVars
'$data1 = {&#39;uid&#39; => &#39;uid&#39;,&#39;cn&#39; => &#39;cn&#39;,&#39;mail&#39; => &#39;mail&#39;};'
managerPassword
''
ldapPort
__LDAPPORT__
portal
'http://auth.example.com/'
authentication
'ldap'
locationRules
'$data1 = {&#39;test2.__DNSDOMAIN__&#39; => {&#39;default&#39; => &#39;accept&#39;,&#39;^/logout&#39; => &#39;logout_sso http://auth.__DNSDOMAIN__&#39;},&#39;test1.__DNSDOMAIN__&#39; => {&#39;default&#39; => &#39;accept&#39;,&#39;^/logout&#39; => &#39;logout_sso http://auth.__DNSDOMAIN__&#39;}};'
domain
'example.com'
'__DNSDOMAIN__'
whatToTrace
'$uid'
timeout
7200
groups
'$data1 = {};'
macros
'$data1 = {};'
globalStorage
'Apache::Session::File'
portal
'http://auth.__DNSDOMAIN__/'
globalStorageOptions
'$data1 = {&39;Directory&39; => &39;/tmp&39;};'
ldapServer
'__LDAPHOST__'
exportedHeaders
'$data1 = {&39;test.example.com&39; => {&39;Auth-User&39; => &39;$uid&39;}};'
'$data1 = {&#39;test2.__DNSDOMAIN__&#39; => {&#39;Auth-User&#39; => &#39;$uid&#39;},&#39;test1.__DNSDOMAIN__&#39; => {&#39;Auth-User&#39; => &#39;$uid&#39;}};'
exportedVars
'$data1 = {&39;uid&39; => &39;uid&39;,&39;cn&39; => &39;cn&39;,&39;mail&39; => &39;mail&39;};'
ldapBase
'__LDAPSUFFIX__'
authentication
'ldap'
macros
'$data1 = {};'
locationRules
'$data1 = {&39;test.example.com&39; => {&39;default&39; => &39;accept&39;,&39;^/logout&39; => &39;logout_sso http://www.google.fr/&39;}};'
globalStorageOptions
'$data1 = {&#39;Directory&#39; => &#39;__SESSIONDIR__&#39;};'
managerPassword
''
cfgNum
1
cookieName
'lemonldap'
securedCookie
0
managerDn
''
......@@ -14,8 +14,8 @@ my $name = $cgi->param("name") || "LemonLDAP::NG sample protected application";
my $color = $cgi->param("color") || "#ddd";
# Local parameters
my $manager_url = "http://manager.example.com";
my $portal_url = "http://auth.example.com";
my $manager_url = "http://manager.__DNSDOMAIN__";
my $portal_url = "http://auth.__DNSDOMAIN__";
# CSS
my $css = <<EOT;
......@@ -96,8 +96,7 @@ print "<div id=\"content\">\n";
print "<h1>$name</h1>\n";
print "<div id=\"menu\"><a href=\"$ENV{HTTP_REFERER}\">Go back</a> - ";
print "<a href=\"$portal_url\">Portal</a> - <a href=\"/logout\">Logout</a></div>\n";
print "<div id=\"menu\"><a href=\"$portal_url\">Portal</a> - <a href=\"/logout\">Logout</a></div>\n";
print "<h2>Main informations</h2>\n";
print "<ul>\n";
......
<VirtualHost 127.0.0.3:*>
ServerName test.example.com
PerlRequire __DIR__/handler/MyHandler.pm
# Area protection
PerlHeaderParserHandler My::Package
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
<Location /reload>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
PerlHeaderParserHandler My::Package->refresh
</Location>
# Uncomment this to activate status module
#<Location /status>
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/8
# PerlHeaderParserHandler My::Package->status
#</Location>
# Just to make example running (index.pl display authenticated user)
DocumentRoot __DIR__
<Directory __DIR__>
Order allow,deny
Allow from all
Options +ExecCGI
</Directory>
<Files *.pl>
SetHandler perl-script
PerlHandler Apache::Registry
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
</VirtualHost>
PerlOptions +GlobalRequest
<VirtualHost 127.0.0.3:*>
ServerName test.example.com
PerlRequire __DIR__/handler/MyHandler.pm
# Area protection
PerlHeaderParserHandler My::Package
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
<Location /reload>
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
PerlHeaderParserHandler My::Package->refresh
</Location>
# Uncomment this to activate status module
#<Location /status>
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/8
# PerlHeaderParserHandler My::Package->status
#</Location>
# Just to make example running (index.pl display authenticated user)
DocumentRoot __DIR__
<Directory __DIR__>
Order allow,deny
Allow from all
Options +ExecCGI
</Directory>
<Files *.pl>
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
</VirtualHost>
test.example.com http://test.example.com/reload
test1.__DNSDOMAIN__ http://test1.__DNSDOMAIN__/reload
test2.__DNSDOMAIN__ http://test2.__DNSDOMAIN__/reload
......@@ -3,7 +3,7 @@
# Set here the session storage you use
$sessionStorage = 'Apache::Session::File';
$sessionStorageOptions = {
Directory => '/tmp',
Directory => '__SESSIONDIR__',
};
############
......
Changes
example/AuthLA/error403.pl
example/AuthLA/idps.xml
example/AuthLA/index.pl
example/AuthLA/liberty/assertionConsumer.pl
......@@ -35,13 +34,12 @@ example/AuthLA/tpl/themes/federid/page-bg.png
example/AuthLA/tpl/themes/federid/sso.css
example/AuthLA/tpl/themes/federid/wui.css
example/index.pl
example/index_simple.pl
example/index_skin.pl
example/PortalStatus.pl
example/scripts/purgeCentralCache
example/scripts/purgeCentralCache.cron.d
example/skins/default/default.css
example/skins/default/hatch.gif
example/skins/default/index.tpl
example/skins/default/logo_lemonldap-ng.png
example/skins/default/msg-std.png
example/slavePortal.pl
......
#!/usr/bin/perl
use HTML::Template;
use CGI;
use MIME::Base64;
my $tpl_dir = "/var/lib/lemonldap-ng/web/portal/tpl" ;
my $page = CGI->new() ;
my $url = $page->url(-base => 1);
my $logout_url = "$url?url=".encode_base64($url)."&logout=1";
my $template = HTML::Template->new( filename => "$tpl_dir/menu.tpl");
$template->param( AUTH_ERROR => "Access forbidden by WebSSO rules");
$template->param( LOGOUT_URL => "$logout_url" );
print $page->header();
print $template->output;
......@@ -39,7 +39,7 @@ BEGIN {
sub Apache::Session::File::get_sessions_count {
my $class = shift;
my $args = shift;
$args->{Directory} ||= '/tmp';
$args->{Directory} ||= '__SESSIONDIR__';
unless ( opendir DIR, $args->{Directory} ) {
die "Cannot open directory $args->{Directory}\n";
}
......
......@@ -2,53 +2,47 @@
<!DOCTYPE menu SYSTEM "apps-list.dtd">
<menu>
<category name="Test">
<application id="aaa">
<name>AAA</name>
<uri>http://aaa.example.com</uri>
<display>auto</display>
</application>
<application id="bbb">
<name>BBB</name>
<uri>http://bbb.example.com</uri>
<category name="Example">
<application id="test1">
<name>Application Test 1</name>
<uri>http://test1.__DNSDOMAIN__</uri>
<description>A simple application displaying authenticated user</description>
<logo>wheels.png</logo>
<display>auto</display>
</application>
<application id="test">
<name>LemonLDAP::NG testing page</name>
<uri>http://test.example.com</uri>
<application id="test2">
<name>Application Test 2</name>
<uri>http://test2.__DNSDOMAIN__</uri>
<description>The same simple application displaying authenticated user</description>
<logo>wheels.png</logo>
<display>auto</display>
</application>
</category>
<category name="Technical">
<category name="J2EE">
<application id="probe">
<name>Probe</name>
<uri>http://probe.example.com</uri>
<description>Tomcat stats</description>
<logo>the-probe-logo.gif</logo>
<display>auto</display>
</application>
</category>
<category name="LDAP">
<application id="pla">
<name>phpLDAPAdmin</name>
<uri>http://phpldapadmin.example.com</uri>
<description>LDAP directory data administration</description>
<logo>pla.png</logo>
<display>on</display>
</application>
</category>
<category name="SSO">
<application id="llmanager">
<name>LemonLDAP::NG Manager</name>
<uri>http://manager.example.com</uri>
<description>Configure WebSSO access rules</description>
<display>on</display>
</application>
</category>
<category name="Administration">
<application id="manager">
<name>WebSSO Manager</name>
<uri>http://manager.__DNSDOMAIN__</uri>
<description>Configure LemonLDAP::NG WebSSO</description>
<logo>tools.png</logo>
<display>on</display>
</application>
</category>
<category name="Documentation">
<application id="localdoc">
<name>Local documentation</name>
<uri>http://manager.__DNSDOMAIN__/docs/</uri>
<description>Documentation supplied with LemonLDAP::NG</description>
<logo>docs.png</logo>
<display>on</display>
</application>
<application id="officialwebsite">
<name>Offical Website</name>
<uri>http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation</uri>
<description>Official LemonLDAP::NG Website</description>
<logo>web.png</logo>
<display>on</display>
</application>