Commit 916855a7 authored by Xavier Guimard's avatar Xavier Guimard

Update doc

parent b3a0d73d
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:applications</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,applications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="applications.html"/>
......@@ -212,13 +212,13 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/googleapps.html" class="media" title="documentation:1.9:applications:googleapps"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/cornerstone.html" class="media" title="documentation:1.9:applications:cornerstone"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:1.9:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col3 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:1.9:applications:simplesamlphp"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td>
</tr>
<tr class="row2 roweven">
<th class="col0 centeralign"> NextCloud </th><th class="col1 centeralign"> ADFS </th><th class="col2 leftalign"> </th><th class="col3 leftalign"> </th>
<th class="col0 centeralign"> NextCloud </th><th class="col1 centeralign"> ADFS </th><th class="col2 centeralign"> Office365 </th><th class="col3 leftalign"> </th>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:1.9:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/adfs.html" class="media" title="documentation:1.9:applications:adfs"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:1.9:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/adfs.html" class="media" title="documentation:1.9:applications:adfs"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/office365.html" class="media" title="documentation:1.9:applications:office365"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col3 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT18 TABLE [2605-3147] -->
<!-- EDIT18 TABLE [2605-3225] -->
</div>
<!-- EDIT17 SECTION "SAML connectors" [2486-] --></div>
</body>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:applications:authbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,applications,authbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authbasic.html"/>
......@@ -72,7 +72,7 @@ Before transmission, the username and password are encoded as a sequence of base
</p>
<p>
So HTTP Basic Autentication is managed trough an HTTP header (<code>Authorization</code>), that can be forged by <abbr title="LemonLDAP::NG">LL::NG</abbr>, with this precautions:
So HTTP Basic Authentication is managed trough an HTTP header (<code>Authorization</code>), that can be forged by <abbr title="LemonLDAP::NG">LL::NG</abbr>, with this precautions:
</p>
<ul>
<li class="level1"><div class="li"> Data should not contains accents or special characters, as HTTP protocol only allow <abbr title="American Standard Code for Information Interchange">ASCII</abbr> values in header (but depending on the HTTP server, you can use ISO encoded values)</div>
......@@ -82,7 +82,7 @@ So HTTP Basic Autentication is managed trough an HTTP header (<code>Authorizatio
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [78-1535] -->
<!-- EDIT2 SECTION "Presentation" [78-1536] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
......@@ -107,6 +107,6 @@ So the above example can also be written like this:
<div class="notetip">The <code>basic</code> function will also force conversion from UTF-8 to ISO-8859-1, which should be accepted by most of HTTP servers.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [1536-] --></div>
<!-- EDIT3 SECTION "Configuration" [1537-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:applications:cornerstone</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,applications,cornerstone"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="cornerstone.html"/>
......@@ -77,7 +77,7 @@
<div class="level2">
<p>
<a href="http://www.cornerstoneondemand.com/" class="urlextern" title="http://www.cornerstoneondemand.com/" rel="nofollow">CornerStone On Demand (CSOD)</a> allows to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It works by default with IDP intiated mechanism, but can works with the standard SP initiated cinematic.
<a href="http://www.cornerstoneondemand.com/" class="urlextern" title="http://www.cornerstoneondemand.com/" rel="nofollow">CornerStone On Demand (CSOD)</a> allows one to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It works by default with IDP intiated mechanism, but can works with the standard SP initiated cinematic.
</p>
<p>
......@@ -93,12 +93,12 @@ To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [74-574] -->
<!-- EDIT2 SECTION "Presentation" [74-578] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [575-601] -->
<!-- EDIT3 SECTION "Configuration" [579-605] -->
<h3 class="sectionedit4" id="new_service_provider">New Service Provider</h3>
<div class="level3">
......@@ -137,7 +137,7 @@ Base64 encoded CSOD certificate
<div class="noteimportant">Change <strong>mycompanyid</strong> (in <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) into your CSOD company ID and put the certificate value inside the ds:X509Certificate markup
</div>
</div>
<!-- EDIT4 SECTION "New Service Provider" [602-2116] -->
<!-- EDIT4 SECTION "New Service Provider" [606-2120] -->
<h3 class="sectionedit5" id="csod_control_panel">CSOD control panel</h3>
<div class="level3">
......@@ -171,6 +171,6 @@ You need to use the IDP initiated feature of <abbr title="LemonLDAP::NG">LL::NG<
<pre class="code">https://auth.example.com/saml/singleSignOn?IDPInitiated=1&amp;sp=mycompanyid.csod.com</pre>
</div>
<!-- EDIT5 SECTION "CSOD control panel" [2117-] --></div>
<!-- EDIT5 SECTION "CSOD control panel" [2121-] --></div>
</body>
</html>
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/1.9/applications/img/icons.png?do=login&amp;sectok=f9c73fb642ebac249096bc0d65ba7f25" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/1.9/applications/img/icons.png?do=login&amp;sectok=41fe157ad5c09cd8f928d305c92977ef" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A1.9%3Aapplications%3Aimg%3Aicons.png&amp;1509050469" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A1.9%3Aapplications%3Aimg%3Aicons.png&amp;1511187224" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/1.9/applications/img/loader.gif?do=login&amp;sectok=f9c73fb642ebac249096bc0d65ba7f25" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/1.9/applications/img/loader.gif?do=login&amp;sectok=41fe157ad5c09cd8f928d305c92977ef" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A1.9%3Aapplications%3Aimg%3Aloader.gif&amp;1509050469" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A1.9%3Aapplications%3Aimg%3Aloader.gif&amp;1511187224" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:applications:limesurvey</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,applications,limesurvey"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="limesurvey.html"/>
......@@ -78,7 +78,7 @@
<div class="level2">
<p>
<a href="http://www.limesurvey.org" class="urlextern" title="http://www.limesurvey.org" rel="nofollow">LimeSurvey</a> is a web survey software written in PHP. LimeSurvey has a webserver authentication mode that allows to integrate it directly into LemonLDAP::NG.
<a href="http://www.limesurvey.org" class="urlextern" title="http://www.limesurvey.org" rel="nofollow">LimeSurvey</a> is a web survey software written in PHP. LimeSurvey has a webserver authentication mode that allows one to integrate it directly into LemonLDAP::NG.
</p>
<p>
......@@ -94,13 +94,13 @@ To have a stronger integration, we will configure LimeSurvey to autocreate unkno
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [71-557] -->
<!-- EDIT2 SECTION "Presentation" [71-561] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<div class="noteclassic">We suppose that LimeSurvey is installed in /var/www/html/limesurvey
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [558-666] -->
<!-- EDIT3 SECTION "Configuration" [562-670] -->
<h3 class="sectionedit4" id="limesurvey_configuration">LimeSurvey configuration</h3>
<div class="level3">
......@@ -131,7 +131,7 @@ The configuration is done in config.php:
<div class="notetip">We directly use HTTP headers to fill default user profile.
</div>
</div>
<!-- EDIT4 SECTION "LimeSurvey configuration" [667-1672] -->
<!-- EDIT4 SECTION "LimeSurvey configuration" [671-1676] -->
<h3 class="sectionedit5" id="limesurvey_virtual_host">LimeSurvey virtual host</h3>
<div class="level3">
......@@ -194,7 +194,7 @@ Configure LimeSurvey virtual host like other <a href="../configvhost.html" class
}</pre>
</div>
<!-- EDIT5 SECTION "LimeSurvey virtual host" [1673-3192] -->
<!-- EDIT5 SECTION "LimeSurvey virtual host" [1677-3196] -->
<h3 class="sectionedit6" id="limesurvey_virtual_host_in_manager">LimeSurvey virtual host in Manager</h3>
<div class="level3">
......@@ -228,7 +228,7 @@ Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" cl
<td class="col0 centeralign"> Auth-SuperAdmin </td><td class="col1 centeralign"> 1 if user is superadmin </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [3365-3583] --><div class="notetip">You can manage roles with the <a href="../rbac.html" class="wikilink1" title="documentation:1.9:rbac">RBAC model</a> or by using groups.
<!-- EDIT7 TABLE [3369-3587] --><div class="notetip">You can manage roles with the <a href="../rbac.html" class="wikilink1" title="documentation:1.9:rbac">RBAC model</a> or by using groups.
</div>
</div>
......@@ -250,7 +250,7 @@ Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" cl
<td class="col0 centeralign"> Default </td><td class="col1 centeralign"> default </td><td class="col2 centeralign"> Allow only users with a LimeSurvey role </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [3690-3975] --><div class="notetip">You can set the default access to:<ul>
<!-- EDIT8 TABLE [3694-3979] --><div class="notetip">You can set the default access to:<ul>
<li class="level1"><div class="li"> <strong>accept</strong>: all authenticated users will access surveys</div>
</li>
<li class="level1"><div class="li"> <strong>unprotect</strong>: no authentication will be asked to access surveys </div>
......@@ -259,6 +259,6 @@ Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" cl
</div>
</div>
<!-- EDIT6 SECTION "LimeSurvey virtual host in Manager" [3193-] --></div>
<!-- EDIT6 SECTION "LimeSurvey virtual host in Manager" [3197-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:applications:mediawiki</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,applications,mediawiki"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="mediawiki.html"/>
......@@ -79,7 +79,7 @@
</p>
<p>
Several extensions allows to configure <abbr title="Single Sign On">SSO</abbr> on MediaWiki:
Several extensions allows one to configure <abbr title="Single Sign On">SSO</abbr> on MediaWiki:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" rel="nofollow">Automatic REMOTE_USER</a></div>
......@@ -93,7 +93,7 @@ We will explain how to use <a href="http://www.mediawiki.org/wiki/Extension:Auto
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [67-590] -->
<!-- EDIT2 SECTION "Presentation" [67-594] -->
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">
......@@ -111,12 +111,12 @@ You have to install <code> Auth_remoteuser</code> in the <code>extensions/</code
<pre class="code">cp -a Auth_remoteuser/ extensions/</pre>
</div>
<!-- EDIT3 SECTION "Installation" [591-985] -->
<!-- EDIT3 SECTION "Installation" [595-989] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [986-1012] -->
<!-- EDIT4 SECTION "Configuration" [990-1016] -->
<h3 class="sectionedit5" id="mediwiki_local_configuration">MediWiki local configuration</h3>
<div class="level3">
......@@ -174,7 +174,7 @@ You can use the code below for normalizing logins containing “_” in the exte
<pre class="code">sed -i &#039;/$usertest = $this-&gt;getRemoteUsername();/a\ $usertest = str_replace( &quot;_&quot;,&quot; &quot;, $usertest );&#039; extensions/Auth_remoteuser/Auth_remoteuser.body.php</pre>
</div>
<!-- EDIT5 SECTION "MediWiki local configuration" [1013-3666] -->
<!-- EDIT5 SECTION "MediWiki local configuration" [1017-3670] -->
<h3 class="sectionedit6" id="mediawiki_virtual_host">MediaWiki virtual host</h3>
<div class="level3">
......@@ -234,7 +234,7 @@ Configure MediaWiki virtual host like other <a href="../configvhost.html" class=
}</pre>
</div>
<!-- EDIT6 SECTION "MediaWiki virtual host" [3667-5106] -->
<!-- EDIT6 SECTION "MediaWiki virtual host" [3671-5110] -->
<h3 class="sectionedit7" id="mediawiki_virtual_host_in_manager">MediaWiki virtual host in Manager</h3>
<div class="level3">
......@@ -258,6 +258,6 @@ If using <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, configure a
</p>
</div>
<!-- EDIT7 SECTION "MediaWiki virtual host in Manager" [5107-] --></div>
<!-- EDIT7 SECTION "MediaWiki virtual host in Manager" [5111-] --></div>
</body>
</html>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:applications:office365</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,applications,office365"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="office365.html"/>
<link rel="contents" href="office365.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9:applications';var JSINFO = {"id":"documentation:1.9:applications:office365","namespace":"documentation:1.9:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#office_3651">Office 365</a></div></li>
<li class="level2"><div class="li"><a href="#lemonldapng">LemonLDAP::NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="office_365">Office 365</h1>
<div class="level1">
<p>
<img src="logo_office_365.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Office 365" [1-74] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://en.wikipedia.org/wiki/Office_365" class="urlextern" title="https://en.wikipedia.org/wiki/Office_365" rel="nofollow">Office 365</a> provides online access to Microsoft products like Office, Outlook or Yammer. Authentication is done on <a href="https://login.microsoftonline.com/" class="urlextern" title="https://login.microsoftonline.com/" rel="nofollow">https://login.microsoftonline.com/</a> and can be forwarded to an <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [75-346] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [347-373] -->
<h3 class="sectionedit4" id="office_3651">Office 365</h3>
<div class="level3">
<p>
You first need to install AzureAD PowerShell to be able to run administrative commands.
</p>
<p>
Then run this script:
</p>
<pre class="code bash"><span class="re1">$dom</span> = <span class="st0">&quot;mycompany.com&quot;</span>
<span class="re1">$brand</span> = <span class="st0">&quot;My Company&quot;</span>
<span class="re1">$url</span> = <span class="st0">&quot;https://auth.example.com/saml/singleSignOn&quot;</span>
<span class="re1">$uri</span> = <span class="st0">&quot;https://auth.example.com/saml/metadata&quot;</span>
<span class="re1">$logouturl</span> = <span class="st0">&quot;https://auth.example.com/?logout=1&quot;</span>
<span class="re1">$cert</span> = <span class="st0">&quot;xxxxxxxxxxxxxxxxxxx&quot;</span>
&nbsp;
Set-MsolDomainAuthentication –DomainName <span class="re1">$dom</span> <span class="re5">-FederationBrandName</span> <span class="re1">$brand</span> <span class="re5">-Authentication</span> Federated <span class="re5">-PassiveLogOnUri</span> <span class="re1">$url</span> <span class="re5">-SigningCertificate</span> <span class="re1">$cert</span> <span class="re5">-IssuerUri</span> <span class="re1">$uri</span> <span class="re5">-LogOffUri</span> <span class="re1">$logouturl</span> <span class="re5">-PreferredAuthenticationProtocol</span> SAMLP</pre>
<p>
Where parameters are:
</p>
<ul>
<li class="level1"><div class="li"> dom: Your Office 365 domain</div>
</li>
<li class="level1"><div class="li"> brand: Simple label</div>
</li>
<li class="level1"><div class="li"> url: The <abbr title="Security Assertion Markup Language">SAML</abbr> <abbr title="Single Sign On">SSO</abbr> endpoint</div>
</li>
<li class="level1"><div class="li"> uri: The <abbr title="Security Assertion Markup Language">SAML</abbr> metadata endpoint</div>
</li>
<li class="level1"><div class="li"> logouturl: Logout <abbr title="Uniform Resource Locator">URL</abbr></div>
</li>
<li class="level1"><div class="li"> cert: The <abbr title="Security Assertion Markup Language">SAML</abbr> certificate containing the signature public key</div>
</li>
</ul>
<p>
If you have several Office365 domains, you can&#039;t use the same URLs for each domains. To be able to have a single <abbr title="Security Assertion Markup Language">SAML</abbr> IDP for several domains, you must add the &#039;domain&#039; GET parameters at the end of <abbr title="Single Sign On">SSO</abbr> endpoint and metadata URLs, for example:
</p>
<ul>
<li class="level1"><div class="li"> domain &#039;mycompany.com&#039;:</div>
<ul>
<li class="level2"><div class="li"> url: <a href="https://auth.example.com/saml/singleSignOn?domain=mycompany" class="urlextern" title="https://auth.example.com/saml/singleSignOn?domain=mycompany" rel="nofollow">https://auth.example.com/saml/singleSignOn?domain=mycompany</a></div>
</li>
<li class="level2"><div class="li"> uri: <a href="https://auth.example.com/saml/metadata?domain=mycompany" class="urlextern" title="https://auth.example.com/saml/metadata?domain=mycompany" rel="nofollow">https://auth.example.com/saml/metadata?domain=mycompany</a></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> domain &#039;myfirm.com&#039;:</div>
<ul>
<li class="level2"><div class="li"> url: <a href="https://auth.example.com/saml/singleSignOn?domain=myfirm" class="urlextern" title="https://auth.example.com/saml/singleSignOn?domain=myfirm" rel="nofollow">https://auth.example.com/saml/singleSignOn?domain=myfirm</a></div>
</li>
<li class="level2"><div class="li"> uri: <a href="https://auth.example.com/saml/metadata?domain=myfirm" class="urlextern" title="https://auth.example.com/saml/metadata?domain=myfirm" rel="nofollow">https://auth.example.com/saml/metadata?domain=myfirm</a></div>
</li>
</ul>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Office 365" [374-1788] -->
<h3 class="sectionedit5" id="lemonldapng">LemonLDAP::NG</h3>
<div class="level3">
<p>
Create a new <abbr title="Security Assertion Markup Language">SAML</abbr> Service Provider and import Microsoft metadata from <a href="https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml" class="urlextern" title="https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml" rel="nofollow">https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml</a>
</p>
<p>
Set the NameID value to persistent, or any immutable value for the user.
</p>
<p>
Create a <abbr title="Security Assertion Markup Language">SAML</abbr> attribute named IDPEmail which contains the user principal name (UPN).
</p>
</div>
<!-- EDIT5 SECTION "LemonLDAP::NG" [1789-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:applications:salesforce</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,applications,salesforce"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>
......@@ -78,7 +78,7 @@
</p>
<p>
It allows to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It can deal with both SP and IdP initiated modes.
It allows one to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It can deal with both SP and IdP initiated modes.
</p>
<p>
......@@ -94,7 +94,7 @@ To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [69-468] -->
<!-- EDIT2 SECTION "Presentation" [69-472] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
......@@ -103,7 +103,7 @@ You should have configured <abbr title="LemonLDAP::NG">LL::NG</abbr> as a <a hre
</p>
</div>
<!-- EDIT3 SECTION "Configuration" [469-574] -->
<!-- EDIT3 SECTION "Configuration" [473-578] -->
<h3 class="sectionedit4" id="create_salesforce_domain">Create Salesforce domain</h3>
<div class="level3">
......@@ -139,7 +139,7 @@ match with the correct values. (adapt the domain if necessary)
<div class="noteimportant">For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once <abbr title="Security Assertion Markup Language">SAML</abbr> cinematics are working, you can then put your domain, and delete the login form, and you&#039;ll have an automatic redirection to your Identity Provider (no need for the user to click). Note that you can always access Salesforce by the general login page: <a href="https://login.salesforce.com" class="urlextern" title="https://login.salesforce.com" rel="nofollow">https://login.salesforce.com</a>
</div>
</div>
<!-- EDIT4 SECTION "Create Salesforce domain" [575-1566] -->
<!-- EDIT4 SECTION "Create Salesforce domain" [579-1570] -->
<h3 class="sectionedit5" id="saml_settings">SAML settings</h3>
<div class="level3">
......@@ -161,7 +161,7 @@ Go to the <abbr title="Security Assertion Markup Language">SAML</abbr> Single Si
</li>
<li class="level1"><div class="li"> Issuer: this is the LemonLDAP::NG (our IdP) Entity Id, which is by default #PORTAL#/saml/metadata</div>
</li>
<li class="level1"><div class="li"> Identity Provider Certificate: whereas it is mentionned that this is the authentication certificate, you must give your LemonLDAP::NG (IdP) signing certificate. If you don&#039;t have one, create it with the signing key pair already generated (you could do this with openssl). SSL authentication (https) does not seem to be checked anyway.</div>
<li class="level1"><div class="li"> Identity Provider Certificate: whereas it is mentioned that this is the authentication certificate, you must give your LemonLDAP::NG (IdP) signing certificate. If you don&#039;t have one, create it with the signing key pair already generated (you could do this with openssl). SSL authentication (https) does not seem to be checked anyway.</div>
</li>
<li class="level1"><div class="li"> Signing Certificate: choose a certificate for SP signature. (create one if none is present)</div>
</li>
......@@ -192,7 +192,7 @@ Go to the <abbr title="Security Assertion Markup Language">SAML</abbr> Single Si
</ul>
</div>
<!-- EDIT5 SECTION "SAML settings" [1567-3679] -->
<!-- EDIT5 SECTION "SAML settings" [1571-3682] -->
<h3 class="sectionedit6" id="configure_federation_id">Configure Federation ID</h3>
<div class="level3">
......@@ -213,6 +213,6 @@ See <a href="../idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml
</p>
</div>
<!-- EDIT6 SECTION "Configure Federation ID" [3680-] --></div>
<!-- EDIT6 SECTION "Configure Federation ID" [3683-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:applications:zimbra</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,applications,zimbra"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="zimbra.html"/>
......@@ -85,13 +85,13 @@
</p>
<p>
Zimbra use a specific <a href="http://wiki.zimbra.com/index.php?title=Preauth" class="urlextern" title="http://wiki.zimbra.com/index.php?title=Preauth" rel="nofollow">preauthentication protocol</a> to provide <abbr title="Single Sign On">SSO</abbr> on its application. This protocol is implementated in an <abbr title="LemonLDAP::NG">LL::NG</abbr> specific Handler.
Zimbra use a specific <a href="http://wiki.zimbra.com/index.php?title=Preauth" class="urlextern" title="http://wiki.zimbra.com/index.php?title=Preauth" rel="nofollow">preauthentication protocol</a> to provide <abbr title="Single Sign On">SSO</abbr> on its application. This protocol is implemented in an <abbr title="LemonLDAP::NG">LL::NG</abbr> specific Handler.
</p>
<div class="notetip">Zimbra can also be connected to <abbr title="LemonLDAP::NG">LL::NG</abbr> via <a href="../idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml">SAML protocol</a> (see <a href="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" class="urlextern" title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" rel="nofollow">Zimbra blog</a>).
</div><div class="noteimportant">For now, Zimbra isn&#039;t supported by Nginx handler. You have to use Apache.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [61-1099] -->
<!-- EDIT2 SECTION "Presentation" [61-1097] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
......@@ -110,7 +110,7 @@ The integration with <abbr title="LemonLDAP::NG">LL::NG</abbr> is the following:
</ul>
</div>
<!-- EDIT3 SECTION "Configuration" [1100-1440] -->
<!-- EDIT3 SECTION "Configuration" [1098-1438] -->
<h3 class="sectionedit4" id="zimbra_preauth_key">Zimbra preauth key</h3>
<div class="level3">
......@@ -123,7 +123,7 @@ See <a href="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_f
</p>
</div>
<!-- EDIT4 SECTION "Zimbra preauth key" [1441-1639] -->
<!-- EDIT4 SECTION "Zimbra preauth key" [1439-1637] -->
<h3 class="sectionedit5" id="zimbra_application_in_menu">Zimbra application in menu</h3>
<div class="level3">
......@@ -132,7 +132,7 @@ Choose for example <a href="http://zimbra.example.com/zimbrasso" class="urlexter
</p>
</div>
<!-- EDIT5 SECTION "Zimbra application in menu" [1640-1821] -->
<!-- EDIT5 SECTION "Zimbra application in menu" [1638-1819] -->
<h3 class="sectionedit6" id="zimbra_virtual_host">Zimbra virtual host</h3>
<div class="level3">
......@@ -161,7 +161,7 @@ You will configure Zimbra virtual host like other <a href="../configvhost.html"
<div class="noteclassic">Zimbra Handler cannot be used in Nginx for the moment.
</div>
</div>
<!-- EDIT6 SECTION "Zimbra virtual host" [1822-2382] -->
<!-- EDIT6 SECTION "Zimbra virtual host" [1820-2380] -->
<h3 class="sectionedit7" id="zimbra_virtual_host_in_manager">Zimbra virtual host in Manager</h3>
<div class="level3">
......@@ -174,7 +174,7 @@ Just configure the <a href="../writingrulesand_headers.html#rules" class="wikili
</p>
</div>
<!-- EDIT7 SECTION "Zimbra virtual host in Manager" [2383-2599] -->
<!-- EDIT7 SECTION "Zimbra virtual host in Manager" [2381-2597] -->
<h3 class="sectionedit8" id="zimbra_handler_parameters">Zimbra Handler parameters</h3>
<div class="level3">
......@@ -203,6 +203,6 @@ Zimbra parameters are the following:
</div>
</div>
<!-- EDIT8 SECTION "Zimbra Handler parameters" [2600-] --></div>
<!-- EDIT8 SECTION "Zimbra Handler parameters" [2598-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:authcas</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,authcas"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcas.html"/>
......@@ -78,7 +78,7 @@
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can delegate authentication to a <abbr title="Central Authentication Service">CAS</abbr> server. This requires <a href="http://sourcesup.cru.fr/projects/perlcas/" class="urlextern" title="http://sourcesup.cru.fr/projects/perlcas/" rel="nofollow">Perl CAS module</a>.
</p>
<div class="notetip"><abbr title="LemonLDAP::NG">LL::NG</abbr> can also act as <a href="idpcas.html" class="wikilink1" title="documentation:1.9:idpcas">CAS server</a>, that allows to interconnect two <abbr title="LemonLDAP::NG">LL::NG</abbr> systems.
<div class="notetip"><abbr title="LemonLDAP::NG">LL::NG</abbr> can also act as <a href="idpcas.html" class="wikilink1" title="documentation:1.9:idpcas">CAS server</a>, that allows one to interconnect two <abbr title="LemonLDAP::NG">LL::NG</abbr> systems.
</div>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can also request proxy tickets for its protected services. Proxy tickets will be collected at authentication phase and stored in user session under the form:
......@@ -94,7 +94,7 @@ They can then be forwarded to applications trough <a href="writingrulesand_heade
<div class="notetip"><abbr title="Central Authentication Service">CAS</abbr> authentication will automatically add a <a href="logoutforward.html" class="wikilink1" title="documentation:1.9:logoutforward">logout forward rule</a> on <abbr title="Central Authentication Service">CAS</abbr> server logout <abbr title="Uniform Resource Locator">URL</abbr> in order to close <abbr title="Central Authentication Service">CAS</abbr> session on <abbr title="LemonLDAP::NG">LL::NG</abbr> logout.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [71-828] -->
<!-- EDIT3 SECTION "Presentation" [71-832] -->
<h2 class="sectionedit4" id="perl-cas_module_installation">Perl-CAS module installation</h2>
<div class="level2">
......@@ -118,7 +118,7 @@ Install the module:
<pre class="code">sudo make install</pre>
</div>
<!-- EDIT4 SECTION "Perl-CAS module installation" [829-1162] -->
<!-- EDIT4 SECTION "Perl-CAS module installation" [833-1166] -->
<h2 class="sectionedit5" id="configuration">Configuration</h2>
<div class="level2">
......@@ -158,6 +158,6 @@ Then, go in <code><abbr title="Central Authentication Service">CAS</abbr> parame
</div>
</div>
<!-- EDIT5 SECTION "Configuration" [1163-] --></div>
<!-- EDIT5 SECTION "Configuration" [1167-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:1.9:authchoice</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,1.9,authchoice"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authchoice.html"/>
......@@ -83,7 +83,7 @@ The choice will concern three backends:
</ul>