Commit 63aa9da1 authored by Clément OUDOT's avatar Clément OUDOT

Doc update

parent bec0831f
......@@ -459,12 +459,24 @@
<td>Portail<br />
<br />
<span class="wikilink"><a href=
"/xwiki/bin/view/NG/DocAppLiferay">Proc&eacute;dure SSO</a></span>
(en)<br />
<span class="wikilink"><a href="5-Appli-Liferay.html">Proc&eacute;dure
SSO</a></span> (en)<br />
<span class="wikiexternallink"><a href="http://www.liferay.com/">Site
web officiel</a></span></td>
</tr>
<tr class="table-even">
<td><strong class="strong">Zimbra</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/zimbra_logo.png" alt=
"zimbra_logo.png" /></td>
<td>Groupware<br />
<br />
<span class="wikilink"><a href="5-Appli-Zimbra.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.zimbra.com/">Official website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnecteurs">Connecteurs</span></h4>
......
......@@ -447,11 +447,24 @@
<td>Portal<br />
<br />
<span class="wikilink"><a href="/xwiki/bin/view/NG/DocAppLiferay">SSO
<span class="wikilink"><a href="5-Appli-Liferay.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.liferay.com/">Official website</a></span></td>
</tr>
<tr class="table-even">
<td><strong class="strong">Zimbra</strong><br />
<img src="/xwiki/bin/download/NG/Documentation/zimbra_logo.png" alt=
"zimbra_logo.png" /></td>
<td>Groupware<br />
<br />
<span class="wikilink"><a href="5-Appli-Zimbra.html">SSO
procedure</a></span> (en)<br />
<span class="wikiexternallink"><a href=
"http://www.zimbra.com/">Official website</a></span></td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HConnectors">Connectors</span></h4>
......
......@@ -172,6 +172,8 @@
<li>Config::IniFiles</li>
<li>JSON</li>
<li>Digest::HMAC</li>
</ul>
<h4 class="heading-1-1-1"><span id="HSpecificfunctionalities">Specific
......@@ -242,23 +244,29 @@
<div class="code">
<pre>
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl libstring-random-perl libemail-date-format-perl libmime-lite-perl libcrypt-openssl-rsa-perl
# apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl libstring-random-perl libemail-date-format-perl libmime-lite-perl libcrypt-openssl-rsa-perl libdigest-hmac-perl
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HYUM">YUM</span></h4><br />
<br />
Some Perl dependencies are hosted in <span class=
"wikiexternallink"><a href="https://rpmrepo.org/">RPMForge</a></span>
repository, you can activate this repository: <span class=
"wikiexternallink"><a href=
"https://rpmrepo.org/RPMforge/Using">https://rpmrepo.org/RPMforge/Using</a></span><br />
Choose a repository which hosted Perl dependencies:
<br />
<ul class="star">
<li><span class="wikiexternallink"><a href=
"http://fedoraproject.org/wiki/EPEL/">EPEL</a></span> repository, you
can activate this repository: <span class="wikiexternallink"><a href=
"http://fedoraproject.org/wiki/EPEL/FAQ#howtouse">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a></span></li>
<li><span class="wikiexternallink"><a href=
"https://rpmrepo.org/">RPMForge</a></span> repository, you can activate
this repository: <span class="wikiexternallink"><a href=
"https://rpmrepo.org/RPMforge/Using">https://rpmrepo.org/RPMforge/Using</a></span></li>
</ul>
<div class="code">
<pre>
# yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-<span class="java-object">String</span> perl-XML-LibXSLT perl-SOAP-Lite perl-Config-IniFiles perl-JSON
# yum install httpd mod_perl perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-<span class="java-object">String</span> perl-XML-LibXSLT perl-SOAP-Lite perl-Config-IniFiles perl-JSON perl-Digest-HMAC
</pre>
</div>
......
......@@ -964,6 +964,26 @@ level1Key =&gt; { level2Key =&gt; 'value' },
<td>X</td>
</tr>
<tr class="table-odd">
<td>Multi values separator</td>
<td>multiValuesSeparator</td>
<td>1.0</td>
<td>No</td>
<td>X</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>X</td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HSMTP28resetpasswordbymail29">SMTP
......@@ -1805,6 +1825,16 @@ level1Key =&gt; { level2Key =&gt; 'value' },
<td>Yes</td>
</tr>
<tr class="table-even">
<td>Remote cookie name</td>
<td>remoteCookieName</td>
<td>0.9.4</td>
<td>No</td>
</tr>
</table>
<h4 class="heading-1-1-1"><span id="HProxy">Proxy</span></h4><br />
......
......@@ -95,10 +95,12 @@
<li>Sessions explorer</li>
<li>Control on session uniqueness</li>
<li>Session purge</li>
</ul>Indeed, Memcached does not provide any mean to get all sessions
(without knowning each ID of each session). This is mandatory to display
all sessions in Session Explorer, and to find a corresponding session when
testing session uniqueness.
all sessions in Session Explorer, to purge sessions and to find a
corresponding session when testing session uniqueness.
<p class="paragraph"></p>To disable sessions explorer, you can forbid
access in apache configuration:
......@@ -128,6 +130,11 @@ notifyOther = 0
</pre>
</div>
<p class="paragraph"></p>For sessions purge, a solution can be to patch
Apache::Session::Memcached, with this patch: <span class=
"wikiexternallink"><a href=
"https://rt.cpan.org/Ticket/Display.html?id=56429">https://rt.cpan.org/Ticket/Display.html?id=56429</a></span>.
<h3 class="heading-1-1"><span id=
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3>
......@@ -139,7 +146,12 @@ notifyOther = 0
options:
<ul class="star">
<li>Servers: list of Memcached servers, separated by spaces</li>
<li><strong class="strong">Servers</strong>: list of Memcached servers,
separated by spaces</li>
<li><strong class="strong">Expiration</strong>: time in seconds after
which session will be deleted from cache (<strong class="strong">require
a patch</strong>)</li>
</ul>Example:
<p class="paragraph"></p>
......
......@@ -74,7 +74,7 @@
"HConfiguration">Configuration</span></h3>
<p class="paragraph"></p>Please see <span class="nobr"><a href=
"https://dev.indepnet.net/glpi/wiki/GLPI-SSO">https://dev.indepnet.net/glpi/wiki/GLPI-SSO</a></span>
"https://forge.indepnet.net/projects/glpi/wiki/GLPI-SSO">https://forge.indepnet.net/projects/glpi/wiki/GLPI-SSO</a></span>
</div>
<p class="footer"><a href="index.html">Index</a></p>
......
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
<title>Lemonldap::NG documentation: 5-Appli-Liferay.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HLiferay">Liferay</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HPresentation">Presentation</a></li>
<li>
<a href="#HIntegrationwithLemonLDAP3A3ANG">Integration with
LemonLDAP::NG</a>
<ul>
<li><a href="#HLiferayconfiguration">Liferay configuration</a></li>
<li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG
configuration</a></li>
</ul>
</li>
</ul>Thanks to Sebastien BAHLOUL for this documentation.
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>Liferay is an entreprise portal.
<p class="paragraph"></p>Liferay can use LemonLDAP::NG as an SSO provider
but you have to manage how users are created:
<ul class="star">
<li>By hand in Liferay administration screens</li>
<li>Imported from an LDAP directory</li>
</ul>Of course, intergation will be full if you use the LDAP directory as
user backend for LemonLDAP::NG and Liferay.
<p class="paragraph"></p><strong class="strong">Warning</strong>: if the
user is not created, or can not be created via LDAP import, the connection
to Liferay will be refused. With LDAP, login, mail, first name and last
name are required attributes. If one is missing, the user is not created.
<p class="paragraph"></p>This documentation just explains how to set up
the SSO part. Please refer to Liferay documentation to enable LDAP
provisionning.
<h3 class="heading-1-1"><span id=
"HIntegrationwithLemonLDAP3A3ANG">Integration with
LemonLDAP::NG</span></h3>
<h4 class="heading-1-1-1"><span id="HLiferayconfiguration">Liferay
configuration</span></h4>
<p class="paragraph"></p>Access to Liferay (first time):
<p class="paragraph"></p><img src="liferay_1.png" height="300px" alt=
"liferay_1.png" />
<p class="paragraph"></p>Login as administrator:
<p class="paragraph"></p><img src=
"/xwiki/bin/download/NG/DocAppLiferay/liferay_2.png" height="300px" alt=
"liferay_2.png" />
<p class="paragraph"></p>Go to <strong class="strong">My Account</strong>:
<p class="paragraph"></p><img src=
"/xwiki/bin/download/NG/DocAppLiferay/liferay_3.png" height="300px" alt=
"liferay_3.png" />
<p class="paragraph"></p>Go to <strong class="strong">Portal &gt;
Settings</strong>:
<p class="paragraph"></p><img src=
"/xwiki/bin/download/NG/DocAppLiferay/liferay_4.png" height="300px" alt=
"liferay_4.png" />
<p class="paragraph"></p>Go to <strong class="strong">Configuration &gt;
Authentication</strong>:
<p class="paragraph"></p><img src=
"/xwiki/bin/download/NG/DocAppLiferay/liferay_5.png" height="300px" alt=
"liferay_5.png" />
<p class="paragraph"></p>In "General", fill at least the following
information:
<ul class="star">
<li>How do users authenticate? <strong class="strong">by
login</strong></li>
</ul>We advice to deactivate other options, cause users will use
LemonLDAP::NG portal to modify or reset their password.
<p class="paragraph"></p><img src="liferay_6.png" height="300px" alt=
"liferay_6.png" />
<p class="paragraph"></p>Then use the SiteMinder tab to configure SSO:
<ul class="star">
<li>Enabled: Yes</li>
<li>Import from LDAP: Yes (cf. presentation)</li>
<li>User Header: Auth-User (case sensitive)</li>
</ul><img src="liferay_7.png" height="300px" alt="liferay_7.png" />
<p class="paragraph"></p>Do not forget to save your changes!
<h4 class="heading-1-1-1"><span id=
"HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h4>
<p class="paragraph"></p>Just add a virtualhost inside Manager:
<ul class="star">
<li>Virtualhost: liferay.example.com
<ul class="star">
<li>HTTP Headers:
<ul class="star">
<li>Auth-User =&gt; $uid</li>
</ul>
</li>
<li>Rules:
<ul class="star">
<li>default =&gt; accept</li>
<li>^/c/portal/logout =&gt; logout_app_sso</li>
</ul>
</li>
</ul>
</li>
</ul>And configure this virtualhost in Apache:
<div class="code">
<pre>
&lt;VirtualHost *&gt;
ServerName liferay.example.com
ServerSignature Off<br /><br /> PerlHeaderParserHandler My::Package<br /><br /> &lt;Proxy *&gt;
Order deny,allow
Allow from all
&lt;/Proxy&gt;<br /><br /> ProxyPreserveHost On
ProxyPass / <span class="nobr"><a href=
"http://liferayIP:8080/">http://liferayIP:8080/</a></span>
ProxyPassReverse / <span class="nobr"><a href=
"http://liferayIP:8080/">http://liferayIP:8080/</a></span><br /><br /> LogLevel warn
ErrorLog /<span class=
"java-keyword">var</span>/log/httpd/liferay-error.log
CustomLog /<span class=
"java-keyword">var</span>/log/httpd/liferay-access.log combined
&lt;/VirtualHost&gt;
</pre>
</div>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
<title>Lemonldap::NG documentation: 5-Appli-Zimbra.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HZimbra">Zimbra</span></h2>
<p class="paragraph"></p>
<ul>
<li><a href="#HPresentation">Presentation</a></li>
<li>
<a href="#HIntegrationwithLemonLDAP3A3ANG">Integration with
LemonLDAP::NG</a>
<ul>
<li><a href="#HZimbrapreauthkey">Zimbra preauth key</a></li>
<li><a href="#HAddZimbraapplicationinmenu">Add Zimbra application in
menu</a></li>
<li><a href="#HConfigureZimbravirtualhostinApache">Configure Zimbra
virtual host in Apache</a></li>
</ul>
</li>
</ul><strong class="strong">Warning</strong>: feature in developpement.
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
<p class="paragraph"></p>Zimbra is open source server software for email
and collaboration - email, group calendar, contacts, instant messaging,
file storage and web document management. The Zimbra email and calendar
server is available for Linux, Mac OS X and virtualization platforms.
Zimbra syncs to smartphones (iPhone, BlackBerry) and desktop clients like
Outlook and Thunderbird. Zimbra also features archiving and discovery for
compliance. Zimbra can be deployed on-premises or as a hosted email
solution.
<p class="paragraph"></p>Zimbra use a specific preauthentication protocol
to provide SSO on its application, as described here: <span class=
"wikiexternallink"><a href=
"http://wiki.zimbra.com/index.php?title=Preauth">http://wiki.zimbra.com/index.php?title=Preauth</a></span>.
<h3 class="heading-1-1"><span id=
"HIntegrationwithLemonLDAP3A3ANG">Integration with
LemonLDAP::NG</span></h3>
<p class="paragraph"></p>The integration with LemonLDAP::NG is the
following:
<ul class="star">
<li>A special URL is declared in application menu (like <span class=
"nobr"><a href=
"http://zimbra.example.com/zimbrasso">http://zimbra.example.com/zimbrasso</a></span>)</li>
<li>A Zimbra Handler is called</li>
<li>Handler build the preauth request and redirect user on Zimbra
preauth URL</li>
<li>Then Zimbra do the SSO by setting a cookie in user's browser</li>
</ul>
<h4 class="heading-1-1-1"><span id="HZimbrapreauthkey">Zimbra preauth
key</span></h4>
<p class="paragraph"></p>You need to get a preauth key from Zimbra server.
<p class="paragraph"></p>See <span class="wikiexternallink"><a href=
"http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth">
http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth</a></span>
<h4 class="heading-1-1-1"><span id="HAddZimbraapplicationinmenu">Add
Zimbra application in menu</span></h4>
<p class="paragraph"></p>Choose for example <span class=
"wikiexternallink"><a href=
"http://zimbra.example.com/zimbrasso">http://zimbra.example.com/zimbrasso</a></span>
as SSO URL and set in in application menu.
<h4 class="heading-1-1-1"><span id=
"HConfigureZimbravirtualhostinApache">Configure Zimbra virtual host in
Apache</span></h4>
<p class="paragraph"></p>You will configure Zimbra vhost like other
protected vhost. Then Zimbra SSO URL will be protected by a second Handler
that will build Zimbra preauth URL:
<p class="paragraph"></p>
<div class="code">
<pre>
&lt;VirtualHost *&gt;
ServerName zimbra.example.com<br /><br /> # Default Handler
PerlRequire <b class="bold">HANDLERDIR</b>/MyHandler.pm
PerlHeaderParserHandler My::Zimbra<br /><br /> # Load Zimbra Handler
PerlRequire <b class=
"bold">HANDLERDIR</b>/MyHandlerZimbra.pm<br /><br /> # Zimbra SSO URL
&lt;Location /zimbrasso&gt;<br /><br /> PerlSetVar ZimbraPreAuthKey XXXX
PerlSetVar ZimbraAccountKey uid
PerlSetVar ZimbraBy id
PerlSetVar ZimbraUrl /service/preauth<br /><br /> PerlHeaderParserHandler My::Zimbra<br /><br /> &lt;/Location&gt;<br /><br />&lt;/VirtualHost&gt;
</pre>
</div>
<p class="paragraph"></p>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>
......@@ -77,7 +77,12 @@
<li><a href="#HNextversions28plannedwhenready29">Next versions
(planned&hellip; when ready)</a></li>
</ul><strong class="strong">Icons legend:</strong><br />
</ul><strong class="strong"><span class="wikiexternallink"><a href=
"http://jira.ow2.org/browse/LEMONLDAP?selectedTab=com.atlassian.jira.plugin.system.project%3Aroadmap-panel">See
also JIRA Roadmap</a></span></strong>
<p class="paragraph"></p><strong class="strong">Icons
legend:</strong><br />
<img src="ok.png" alt="ok.png" /> Task finished<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Work in
progress<br />
......
......@@ -106,8 +106,10 @@
<li><a href="5-Appli-GLPI.html">5 Appli GLPI</a></li>
<li><a href="5-Appli-GRR.html">5 Appli GRR</a></li>
<li><a href="5-Appli-HTTP-Basic-Authentication.html">5 Appli HTTP Basic Authentication</a></li>
<li><a href="5-Appli-Liferay.html">5 Appli Liferay</a></li>
<li><a href="5-Appli-Sympa.html">5 Appli Sympa</a></li>
<li><a href="5-Appli-Tomcat-Valve.html">5 Appli Tomcat Valve</a></li>
<li><a href="5-Appli-Zimbra.html">5 Appli Zimbra</a></li>
<li><a href="5-Appli-phpLDAPadmin.html">5 Appli phpLDAPadmin</a></li>
<li><a href="5-Appli-self-made.html">5 Appli self made</a></li>
<li><a href="6-Accounting.html">6 Accounting</a></li>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment