Commit 5d13d022 authored by Xavier Guimard's avatar Xavier Guimard

Update doc

parent 7c2fbe8d
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications:alfresco</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,alfresco"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="alfresco.html"/>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1529961293" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1531599531" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1529961293" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1531599531" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authfacebook</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authfacebook"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authfacebook.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authtwitter</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authtwitter"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authtwitter.html"/>
......
......@@ -48,11 +48,11 @@
<div class="level1">
<p>
This plugin can be used to check if portal instance is ready. This can be a health check to told keep-alive service to force a fail-over on the backup-node.
This plugin can be used to check if portal instance is ready. This can be a health check to request keep-alive service to force a fail-over on the backup-node.
</p>
</div>
<!-- EDIT1 SECTION "Check state plugin" [1-192] -->
<!-- EDIT1 SECTION "Check state plugin" [1-195] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
......@@ -61,7 +61,7 @@ Just enable it in the manager (section “plugins”). You <em class="u">must</e
</p>
</div>
<!-- EDIT2 SECTION "Configuration" [193-310] -->
<!-- EDIT2 SECTION "Configuration" [196-313] -->
<h2 class="sectionedit3" id="usage">Usage</h2>
<div class="level2">
......@@ -84,12 +84,12 @@ When enabled, <code>/checkstate</code> <abbr title="Uniform Resource Locator">UR
<td class="col0 centeralign"> <code>password</code> </td><td class="col1 centeralign"> optional </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [413-667] -->
<!-- EDIT4 TABLE [416-670] -->
<p>
Example: <code><a href="https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho" class="urlextern" title="https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho" rel="nofollow">https://auth.example.com/checkstate?secret=qwerty&amp;user=dwho&amp;password=dwho</a></code>
</p>
</div>
<!-- EDIT3 SECTION "Usage" [311-] --></div>
<!-- EDIT3 SECTION "Usage" [314-] --></div>
</body>
</html>
......@@ -344,7 +344,7 @@ In Portal virtual host, you will find several configuration parts:
<span class="kw1">DirectoryIndex</span> index.fcgi index.html
&lt;/<span class="kw3">IfModule</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> REST/SOAP end points (inactivated by default):</div>
<li class="level1"><div class="li"> REST/SOAP end points (disabled by default):</div>
</li>
</ul>
<pre class="code file apache"> <span class="co1"># REST/SOAP functions for sessions management (disabled by default)</span>
......@@ -368,7 +368,7 @@ In Portal virtual host, you will find several configuration parts:
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT7 SECTION "Portal" [6660-8760] -->
<!-- EDIT7 SECTION "Portal" [6660-8757] -->
<h3 class="sectionedit8" id="manager1">Manager</h3>
<div class="level3">
......@@ -415,7 +415,7 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
</p>
</div>
<!-- EDIT8 SECTION "Manager" [8761-10304] -->
<!-- EDIT8 SECTION "Manager" [8758-10301] -->
<h3 class="sectionedit9" id="handler">Handler</h3>
<div class="level3">
<ul>
......@@ -468,7 +468,7 @@ Then, to protect a standard virtual host, the only configuration line to add is:
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
</div>
<!-- EDIT9 SECTION "Handler" [10305-11663] -->
<!-- EDIT9 SECTION "Handler" [10302-11660] -->
<h2 class="sectionedit10" id="nginx">Nginx</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Nginx configuration
......@@ -491,7 +491,7 @@ See <a href="confignginx.html" class="wikilink1" title="documentation:2.0:config
<div class="notewarning"><a href="fastcgiserver.html" class="wikilink1" title="documentation:2.0:fastcgiserver">LL::NG FastCGI</a> server must be loaded separately.
</div>
</div>
<!-- EDIT10 SECTION "Nginx" [11664-12117] -->
<!-- EDIT10 SECTION "Nginx" [11661-12114] -->
<h3 class="sectionedit11" id="portal1">Portal</h3>
<div class="level3">
......@@ -563,7 +563,7 @@ In Portal virtual host, you will find several configuration parts:
}</pre>
</div>
<!-- EDIT11 SECTION "Portal" [12118-13909] -->
<!-- EDIT11 SECTION "Portal" [12115-13906] -->
<h3 class="sectionedit12" id="manager2">Manager</h3>
<div class="level3">
......@@ -597,7 +597,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
</p>
</div>
<!-- EDIT12 SECTION "Manager" [13910-14655] -->
<!-- EDIT12 SECTION "Manager" [13907-14652] -->
<h3 class="sectionedit13" id="handler1">Handler</h3>
<div class="level3">
......@@ -697,7 +697,7 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
</div>
<!-- EDIT13 SECTION "Handler" [14656-17742] -->
<!-- EDIT13 SECTION "Handler" [14653-17739] -->
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
<div class="level2">
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes. If you want to change this timeout, set <code>checkTime = 240</code> in your lemonldap-ng.ini file <em>(values in seconds)</em>
......@@ -718,7 +718,7 @@ The <code>reload</code> target is managed in Apache or Nginx configuration, insi
</div><div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
</div>
</div>
<!-- EDIT14 SECTION "Configuration reload" [17743-19256] -->
<!-- EDIT14 SECTION "Configuration reload" [17740-19253] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">
......@@ -752,6 +752,6 @@ For example, to override configured skin for portal:
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
</div>
</div>
<!-- EDIT15 SECTION "Local file" [19257-] --></div>
<!-- EDIT15 SECTION "Local file" [19254-] --></div>
</body>
</html>
......@@ -84,7 +84,7 @@
<pre class="file">Unable to clear local cache</pre>
<p>
→ Local cache cannot be cleard, check the localStorage and localStorageOptions or file permissions
→ Local cache cannot be cleared, check the localStorage and localStorageOptions or file permissions
</p>
<pre class="file">Status module can not be loaded without localStorage parameter</pre>
......@@ -99,7 +99,7 @@
<pre class="file">User rejected because VirtualHost XXXX has no configuration</pre>
<p>
→ The specified virtual host was not configured in Manager.
→ The specified virtual host is not configured in Manager.
</p>
<pre class="file">mkdir /tmp/MyNamespace/2: Permission denied ...</pre>
......
......@@ -62,19 +62,31 @@ So you can configure it to authenticate users using a federation protocol and si
</p>
<p>
Schemes validated:
Schemes tested:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong></strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a> proxy <strong></strong> OIDC Provider</div>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> / OpenID-Connect:</div>
<ul>
<li class="level2"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong></strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a> proxy <strong></strong> OIDC Provider</div>
</li>
<li class="level2"><div class="li"> OIDC-RP <strong></strong> LLNG as <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID-Connect</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong></strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> OIDC-RP <strong></strong> LLNG as <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID-Connect</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong></strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> / <abbr title="Central Authentication Service">CAS</abbr></div>
<ul>
<li class="level2"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>-SP <strong></strong> LLNG as <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>/<a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS</a> proxy <strong></strong> <abbr title="Central Authentication Service">CAS</abbr> Server</div>
</li>
<li class="level2"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Application <strong></strong> LLNG as <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a>/<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a> proxy <strong></strong> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider</div>
</li>
</ul>
</li>
</ul>
<p>
Note that OpenID-Connect consortium hasn&#039;t already defined single-logout initiated by OpenID-Connect Provider. LLNG will implement it when this standard will be published.
</p>
<div class="noteimportant">Development of federation can be complex. Don&#039;t hesitate to contact us on lemonldap-ng-users@ow2.org
<div class="noteimportant">Federation proxy installation can be complex. Don&#039;t hesitate to contact us on lemonldap-ng-users@ow2.org
</div>
<p>
See the following chapters:
......
......@@ -60,8 +60,11 @@
<li class="level3"><div class="li"><a href="#metadata">Metadata</a></div></li>
<li class="level3"><div class="li"><a href="#exported_attributes">Exported attributes</a></div></li>
<li class="level3"><div class="li"><a href="#options">Options</a></div></li>
</ul></li>
</ul></li>
</ul>
</li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#known_issues">Known issues</a></div></li>
</ul>
</div>
</div>
......@@ -273,6 +276,15 @@ For example: <a href="http://auth.example.com/saml/singleSignOn?IDPInitiated=1&a
</div>
</div>
<!-- EDIT7 SECTION "Register partner Service Provider on LemonLDAP::NG" [1093-] --></div>
<!-- EDIT7 SECTION "Register partner Service Provider on LemonLDAP::NG" [1093-4707] -->
<h2 class="sectionedit8" id="known_issues">Known issues</h2>
<div class="level2">
<p>
Using both Issuer::<abbr title="Security Assertion Markup Language">SAML</abbr> and Auth::<abbr title="Security Assertion Markup Language">SAML</abbr> on the same LLNG may have some side-effects on single-logout.
</p>
</div>
<!-- EDIT8 SECTION "Known issues" [4708-] --></div>
</body>
</html>
......@@ -91,7 +91,7 @@ Each category can be handle by a different logging framework. You can choose bet
</li>
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Syslog</strong>: syslog logging</div>
</li>
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Apache2</strong>: use Apache2 logging, levels are stored in Apache2 logs and the level is controlled by <code>LogLevel</code> Apache parameter</div>
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Apache2</strong>: use Apache2 logging, levels are stored in Apache2 logs and the log level is defined by <code>LogLevel</code> Apache parameter</div>
</li>
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Log4perl</strong>: use <code>Log4perl</code> framework to log <em>(inspired by Java Log4J)</em></div>
</li>
......@@ -100,9 +100,11 @@ Each category can be handle by a different logging framework. You can choose bet
<li class="level1"><div class="li"> <strong>Lemonldap::NG::Common::Logger::Dispatch</strong>: dispatch logs in other backends depending on log level</div>
</li>
</ul>
<div class="noteimportant">Except for Apache2 and Log4Perl, log level is defined by <code>logLevel</code> parameter set in <code>lemonldap-ng.ini</code> file. Logger configurations are defined in lemonldap-ng.ini.
</div>
<p>
Except for Apache2 and Log4Perl, log level is defined by <code>logLevel</code> parameter set in <code>lemonldap-ng.ini</code> file. Logger configurations are defined in lemonldap-ng.ini. Example:
Example:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>all<span class="br0">&#93;</span></span>
<span class="re1">logger</span> <span class="sy0">=</span><span class="re2"> Lemonldap::NG::Common::Logger::Log4perl</span>
......@@ -114,11 +116,11 @@ You can also modify these values in each lemonldap-ng.ini section to have differ
</p>
<p>
LLNG provides also a username that can be used by webservers in their access log. To configure the user identifier in access log, go in Manager, <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>REMOTE_USER</code>.
Therefore, LLNG provides a username that can be used by webservers in their access log. To configure the user identifier to write into access logs, go into Manager, <code>General Parameters</code> &gt; <code>Logging</code> &gt; <code>REMOTE_USER</code>.
</p>
</div>
<!-- EDIT1 SECTION "Logs" [1-1527] -->
<!-- EDIT1 SECTION "Logs" [1-1571] -->
<h2 class="sectionedit2" id="default_loggers">Default loggers</h2>
<div class="level2">
<ul>
......@@ -131,12 +133,12 @@ LLNG provides also a username that can be used by webservers in their access log
</ul>
</div>
<!-- EDIT2 SECTION "Default loggers" [1528-1847] -->
<!-- EDIT2 SECTION "Default loggers" [1572-1891] -->
<h2 class="sectionedit3" id="log_levels">Log levels</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Log levels" [1848-1871] -->
<!-- EDIT3 SECTION "Log levels" [1892-1915] -->
<h3 class="sectionedit4" id="technical_log_levels">Technical log levels</h3>
<div class="level3">
<ul>
......@@ -153,7 +155,7 @@ LLNG provides also a username that can be used by webservers in their access log
</ul>
</div>
<!-- EDIT4 SECTION "Technical log levels" [1872-2281] -->
<!-- EDIT4 SECTION "Technical log levels" [1916-2325] -->
<h3 class="sectionedit5" id="log_levels_for_user_actions">Log levels for user actions</h3>
<div class="level3">
<ul>
......@@ -170,12 +172,12 @@ LLNG provides also a username that can be used by webservers in their access log
</ul>
</div>
<!-- EDIT5 SECTION "Log levels for user actions" [2282-2675] -->
<!-- EDIT5 SECTION "Log levels for user actions" [2326-2719] -->
<h2 class="sectionedit6" id="logger_configuration">Logger configuration</h2>
<div class="level2">
</div>
<!-- EDIT6 SECTION "Logger configuration" [2676-2709] -->
<!-- EDIT6 SECTION "Logger configuration" [2720-2753] -->
<h3 class="sectionedit7" id="std_logger">Std logger</h3>
<div class="level3">
......@@ -184,7 +186,7 @@ Nothing to configure except logLevel.
</p>
</div>
<!-- EDIT7 SECTION "Std logger" [2710-2770] -->
<!-- EDIT7 SECTION "Std logger" [2754-2814] -->
<h3 class="sectionedit8" id="apache2_logger">Apache2 logger</h3>
<div class="level3">
......@@ -197,7 +199,7 @@ See <a href="http://httpd.apache.org/docs/current/mod/core.html#loglevel" class=
</p>
</div>
<!-- EDIT8 SECTION "Apache2 logger" [2771-3006] -->
<!-- EDIT8 SECTION "Apache2 logger" [2815-3050] -->
<h3 class="sectionedit9" id="syslog">Syslog</h3>
<div class="level3">
......@@ -208,7 +210,7 @@ You can choose facility in lemonldap-ng.ini file. Default values:
<span class="re1">userSyslogFacility</span> <span class="sy0">=</span><span class="re2"> auth</span></pre>
</div>
<!-- EDIT9 SECTION "Syslog" [3007-3165] -->
<!-- EDIT9 SECTION "Syslog" [3051-3209] -->
<h3 class="sectionedit10" id="log4perl">Log4perl</h3>
<div class="level3">
......@@ -220,7 +222,7 @@ You can indicate the Log4perl configuration file and the classes to use. Default
<span class="re1">log4perlUserLogger</span> <span class="sy0">=</span><span class="re2"> LLNG.user</span></pre>
</div>
<!-- EDIT10 SECTION "Log4perl" [3166-3392] -->
<!-- EDIT10 SECTION "Log4perl" [3210-3436] -->
<h3 class="sectionedit11" id="sentry">Sentry</h3>
<div class="level3">
......@@ -231,7 +233,7 @@ You just have to give your DSN:
<div class="noteimportant">This experimental logger requires <a href="https://metacpan.org/pod/Sentry::Raven" class="urlextern" title="https://metacpan.org/pod/Sentry::Raven" rel="nofollow">Sentry::Raven</a> Perl module.
</div>
</div>
<!-- EDIT11 SECTION "Sentry" [3393-3614] -->
<!-- EDIT11 SECTION "Sentry" [3437-3658] -->
<h3 class="sectionedit12" id="dispatch">Dispatch</h3>
<div class="level3">
......@@ -249,6 +251,6 @@ Use it to use more than one logger. Example:
<div class="noteimportant">At least <code>logDispatchError</code> <em>(or <code>userLogDispatchError</code> for user logs)</em> must be defined. All sub level will be dispatched on it, until another lever is declared. In the above example, Sentry collects <code>error</code> and <code>warn</code> levels and all user actions, while syslog stores technical <code>notice</code>, <code>info</code> and <code>debug</code> logs.
</div>
</div>
<!-- EDIT12 SECTION "Dispatch" [3615-] --></div>
<!-- EDIT12 SECTION "Dispatch" [3659-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:monitoring</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,monitoring"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="monitoring.html"/>
......@@ -45,19 +45,19 @@
<div class="dokuwiki export container">
<p>
Handler can be monitor using MRTG. See <a href="mrtg.html" class="wikilink1" title="documentation:2.0:mrtg">MRTG monitoring</a>.
Handler can be monitored by using MRTG. See <a href="mrtg.html" class="wikilink1" title="documentation:2.0:mrtg">MRTG monitoring</a>.
</p>
<p>
Portal can also publish its status using REST. To enable it, go to the manager, general parameters, advanced parameters. Then enable portal status.
Portal can also publish its status using REST. To enable it, go to the manager, general parameters, plugins. Then enable “publish portal status” option.
</p>
<p>
Then protect <a href="http://auth.yourdomain/portalStatus" class="urlextern" title="http://auth.yourdomain/portalStatus" rel="nofollow">http://auth.yourdomain/portalStatus</a> in your webserver configuration.
Then protect <a href="http://auth.yourdomain/portalStatus" class="urlextern" title="http://auth.yourdomain/portalStatus" rel="nofollow">http://auth.yourdomain/portalStatus</a> in webserver configuration.
</p>
<p>
This REST <abbr title="Uniform Resource Locator">URL</abbr> just publish a hash containing number of sessions of each type.
This REST <abbr title="Uniform Resource Locator">URL</abbr> just publishes a hash containing number of sessions of each type.
</p>
</div>
</body>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:parameterlist</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,parameterlist"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="parameterlist.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:prereq</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,prereq"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="prereq.html"/>
......@@ -55,6 +55,7 @@
<li class="level2"><div class="li"><a href="#core">Core</a></div></li>
<li class="level2"><div class="li"><a href="#deprecated_features">Deprecated features</a></div></li>
<li class="level2"><div class="li"><a href="#saml2">SAML2</a></div></li>
<li class="level2"><div class="li"><a href="#second_factor">Second factor</a></div></li>
<li class="level2"><div class="li"><a href="#specific_authentication_backends">Specific authentication backends</a></div></li>
<li class="level2"><div class="li"><a href="#smtpreset_password_by_mail">SMTP / Reset password by mail</a></div></li>
<li class="level2"><div class="li"><a href="#unit_tests">Unit tests</a></div></li>
......@@ -63,7 +64,7 @@
<li class="level1"><div class="li"><a href="#other">Other</a></div></li>
<li class="level1"><div class="li"><a href="#install_dependencies_on_your_system">Install dependencies on your system</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#apt-get">APT-GET</a></div></li>
<li class="level2"><div class="li"><a href="#apt">APT</a></div></li>
<li class="level2"><div class="li"><a href="#yum">YUM</a></div></li>
</ul></li>
</ul>
......@@ -103,10 +104,10 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
<!-- EDIT2 SECTION "Web Server" [48-610] -->
<h2 class="sectionedit3" id="perl">Perl</h2>
<div class="level2">
<div class="noteclassic">Here the list of Perl modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules must be installed only if you planned to use the related feature.
<div class="noteclassic">Here the list of Perl modules used in LemonLDAP::NG. Core modules must be installed on the system. Other modules are required only if you plan to use related features.
</div>
</div>
<!-- EDIT3 SECTION "Perl" [611-821] -->
<!-- EDIT3 SECTION "Perl" [611-810] -->
<h3 class="sectionedit4" id="core">Core</h3>
<div class="level3">
<ul>
......@@ -181,7 +182,7 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT4 SECTION "Core" [822-1445] -->
<!-- EDIT4 SECTION "Core" [811-1434] -->
<h3 class="sectionedit5" id="deprecated_features">Deprecated features</h3>
<div class="level3">
<ul>
......@@ -204,7 +205,7 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT5 SECTION "Deprecated features" [1446-1614] -->
<!-- EDIT5 SECTION "Deprecated features" [1435-1603] -->
<h3 class="sectionedit6" id="saml2">SAML2</h3>
<div class="level3">
<ul>
......@@ -217,8 +218,19 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT6 SECTION "SAML2" [1615-1700] -->
<h3 class="sectionedit7" id="specific_authentication_backends">Specific authentication backends</h3>
<!-- EDIT6 SECTION "SAML2" [1604-1689] -->
<h3 class="sectionedit7" id="second_factor">Second factor</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Crypt::U2F::Server::Simple (U2F keys)</div>
</li>
<li class="level1"><div class="li"> Convert::Base32 (TOTP)</div>
</li>
</ul>
</div>
<!-- EDIT7 SECTION "Second factor" [1690-1783] -->
<h3 class="sectionedit8" id="specific_authentication_backends">Specific authentication backends</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Facebook:</div>
......@@ -260,32 +272,38 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT7 SECTION "Specific authentication backends" [1701-1929] -->
<h3 class="sectionedit8" id="smtpreset_password_by_mail">SMTP / Reset password by mail</h3>
<!-- EDIT8 SECTION "Specific authentication backends" [1784-2012] -->
<h3 class="sectionedit9" id="smtpreset_password_by_mail">SMTP / Reset password by mail</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Email::Sender</div>
</li>
<li class="level1"><div class="li"> String::Random</div>
</li>
<li class="level1"><div class="li"> Net::SMTP</div>
</li>
</ul>
</div>
<!-- EDIT8 SECTION "SMTP / Reset password by mail" [1930-2008] -->
<h3 class="sectionedit9" id="unit_tests">Unit tests</h3>
<!-- EDIT9 SECTION "SMTP / Reset password by mail" [2013-2105] -->
<h3 class="sectionedit10" id="unit_tests">Unit tests</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Test::POD</div>
</li>
<li class="level1"><div class="li"> Test::MockObject</div>
</li>
<li class="level1"><div class="li"> Crypt::U2F::Server</div>
</li>
<li class="level1"><div class="li"> Authen::U2F::Tester</div>
</li>
<li class="level1"><div class="li"> YAML</div>
</li>
</ul>
</div>
<!-- EDIT9 SECTION "Unit tests" [2009-2075] -->
<h2 class="sectionedit10" id="other">Other</h2>
<!-- EDIT10 SECTION "Unit tests" [2106-2219] -->
<h2 class="sectionedit11" id="other">Other</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Jquery (javascript framework) is included in tarball and RPMs, but is a dependency on Debian official releases</div>
......@@ -293,13 +311,14 @@ For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-
</ul>
</div>
<!-- EDIT10 SECTION "Other" [2076-2210] -->
<h2 class="sectionedit11" id="install_dependencies_on_your_system">Install dependencies on your system</h2>
<!-- EDIT11 SECTION "Other" [2220-2354] -->
<h2 class="sectionedit12" id="install_dependencies_on_your_system">Install dependencies on your system</h2>
<div class="level2">
<div class="notewarning">You don&#039;t need to install them if you use <abbr title="LemonLDAP::NG">LL::NG</abbr> packages. With <code>apt</code> or <code>yum</code>, dependencies will be automatically installed.
</div>
</div>
<!-- EDIT11 SECTION "Install dependencies on your system" [2211-2260] -->
<h3 class="sectionedit12" id="apt-get">APT-GET</h3>
<!-- EDIT12 SECTION "Install dependencies on your system" [2355-2554] -->
<h3 class="sectionedit13" id="apt">APT</h3>
<div class="level3">
<p>
......@@ -318,10 +337,10 @@ For Nginx:
<pre class="code">apt install nginx nginx-extras</pre>
</div>
<!-- EDIT12 SECTION "APT-GET" [2261-3043] -->
<h3 class="sectionedit13" id="yum">YUM</h3>
<!-- EDIT13 SECTION "APT" [2555-3333] -->
<h3 class="sectionedit14" id="yum">YUM</h3>
<div class="level3">
<div class="notetip">You need <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/" rel="nofollow">EPEL</a> repository. See how you can activate this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
<div class="notetip">You need <a href="http://fedoraproject.org/wiki/EPEL/" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/" rel="nofollow">EPEL</a> repository. See below how to enable this repository: <a href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" class="urlextern" title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse" rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
</div>
<p>
Perl dependencies:
......@@ -340,6 +359,6 @@ For Nginx:
<div class="noteimportant">As you need a recent version of Nginx, the best is to install <a href="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages" class="urlextern" title="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages" rel="nofollow">Nginx official packages</a>.
</div>
</div>
<!-- EDIT13 SECTION "YUM" [3044-] --></div>
<!-- EDIT14 SECTION "YUM" [3334-] --></div>
</body>
</html>
......@@ -229,7 +229,8 @@ You will find in LLNG Nginx configuration files some comments that explain how t
<p>
lemonldap-ng-uwsgi-app installs a uWSGI application: <code>/etc/uwsgi/apps-available/llng-server.yaml</code>. To enable it, link it in <code>apps-enabled</code> and restart your uWSGI daemon:
</p>
<pre class="code shell">cd /etc/uwsgi/apps-enabled
<pre class="code shell">apt-get install uwsgi uwsgi-plugin-psgi
cd /etc/uwsgi/apps-enabled
ln -s ../apps-available/llng-server.yaml
service uwsgi restart</pre>
......@@ -238,7 +239,7 @@ Then adapt your Nginx configuration to use this uWSGI app.
</p>
</div>
<!-- EDIT5 SECTION "Using uWSGI" [3413-4230] -->
<!-- EDIT5 SECTION "Using uWSGI" [3413-4270] -->
<h2 class="sectionedit6" id="protect_a_psgi_application">Protect a PSGI application</h2>
<div class="level2">
......@@ -282,6 +283,6 @@ builder <span class="br0">&#123;</span>
</dd></dl>
</div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4231-] --></div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4271-] --></div>
</body>
</html>
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=ca8b27b06771874f4f7205ded14cfc7c" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1529961311" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1531599550" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:secondfactor</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,secondfactor"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="secondfactor.html"/>
......@@ -66,14 +66,14 @@
<div class="level1">
<p>
Two-Factor Authentication <em>(as known as 2FA)</em> is a kind (subset) of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication" class="urlextern" title="https://en.wikipedia.org/wiki/Multi-factor_authentication" rel="nofollow">multi-factor authentication</a>. It is a method to confirm a user&#039;s claimed identity by using a combination of two different factors :
Two-Factor Authentication <em>(as known as 2FA)</em> is a kind (subset) of <a href="https://en.wikipedia.org/wiki/Multi-factor_authentication" class="urlextern" title="https://en.wikipedia.org/wiki/Multi-factor_authentication" rel="nofollow">multi-factor authentication</a>. It is a method to confirm a user&#039;s claimed identity by using a combination of two different factors between:
</p>
<ol>
<li class="level1"><div class="li"> something they know <em>(login / password, …)</em>,</div>
<li class="level1"><div class="li"> something they know <em>(login / password, …)</em></div>
</li>
<li class="level1"><div class="li"> something they have <em>(U2F Key, smartphone, …) or </em> </div>
<li class="level1"><div class="li"> something they have <em>(U2F Key, smartphone, …) </em> </div>
</li>
<li class="level1"><div class="li"> something they are <em>(biometrics like fingerprints, …)</em>.</div>
<li class="level1"><div class="li"> something they are <em>(biometrics like fingerprints, …)</em></div>
</li>
</ol>
......@@ -83,20 +83,20 @@ Since 2.0, LLNG provides some second factor plugins that can be used to complete
<ul>
<li class="level1"><div class="li"> <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">U2F tokens</a></div>
</li>
<li class="level1"><div class="li"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(to use with <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a>, ||<a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">https://en.wikipedia.org/wiki/Google_Authenticator</a>|Google-Authenticator]],…)</em></div>
<li class="level1"><div class="li"> <a href="totp2f.html" class="wikilink1" title="documentation:2.0:totp2f">TOTP</a> <em>(to use with <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a>, <a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">Google-Authenticator</a>,…)</em></div>
</li>
<li class="level1"><div class="li"> <a href="utotp2f.html" class="wikilink1" title="documentation:2.0:utotp2f">U2F-or-TOTP</a> <em>(enable both U2F and TOTP)</em></div>
</li>
<li class="level1"><div class="li"> <a href="yubikey2f.html" class="wikilink1" title="documentation:2.0:yubikey2f">Yubikey tokens</a> <em> provide by Yubico</em> </div>
</li>
<li class="level1"><div class="li"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST</a> <em>(to call an external command)</em> </div>
<li class="level1"><div class="li"> <a href="rest2f.html" class="wikilink1" title="documentation:2.0:rest2f">REST</a> <em>(Remote REST app)</em> </div>
</li>
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(Remote REST app) </em> </div>
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(to call an external command)</em> </div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "Second Factors" [1-993] -->
<!-- EDIT1 SECTION "Second Factors" [1-994] -->
<h2 class="sectionedit2" id="providing_tokens_from_an_external_source">Providing tokens from an external source</h2>
<div class="level2">
......@@ -106,25 +106,25 @@ If you don&#039;t want to use self-registration features for U2F, TOTP and so on
<pre class="code json">[ {&quot;type&quot; : &quot;TOTP&quot;, &quot;name&quot; : &quot;MyTOTP&quot;, …}, {&lt;other_token&gt;}, …]</pre>