Commit bf74d0fd authored by Xavier Guimard's avatar Xavier Guimard

Update doc

parent 380c3fec
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,applications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="applications.html"/>
......@@ -75,11 +75,11 @@
<div class="level2">
<p>
Applications listed below are known to be easy to integrate in <abbr title="LemonLDAP::NG">LL::NG</abbr>. As <abbr title="LemonLDAP::NG">LL::NG</abbr> works like classic WebSSO (like Siteminder™), many other applications are easy to integrate.
Applications listed below are known to be easy to integrate in <abbr title="LemonLDAP::NG">LL::NG</abbr>. As <abbr title="LemonLDAP::NG">LL::NG</abbr> works like classic WebSSO (like Siteminder™), <strong>many other applications are easy to integrate</strong>.
</p>
</div>
<!-- EDIT2 SECTION "Known supported applications" [29-248] -->
<!-- EDIT2 SECTION "Known supported applications" [29-252] -->
<h3 class="sectionedit3" id="mail_agenda_groupware">Mail, Agenda, Groupware</h3>
<div class="level3">
<div class="table sectionedit4"><table class="inline table table-bordered table-striped">
......@@ -92,9 +92,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/obm.html" class="media" title="documentation:2.0:applications:obm"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/sympa.html" class="media" title="documentation:2.0:applications:sympa"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col3 centeralign"> <a href="applications/roundcube.html" class="media" title="documentation:2.0:applications:roundcube"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [284-580] -->
<!-- EDIT4 TABLE [288-584] -->
</div>
<!-- EDIT3 SECTION "Mail, Agenda, Groupware" [249-581] -->
<!-- EDIT3 SECTION "Mail, Agenda, Groupware" [253-585] -->
<h3 class="sectionedit5" id="wiki">Wiki</h3>
<div class="level3">
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
......@@ -107,9 +107,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/dokuwiki.html" class="media" title="documentation:2.0:applications:dokuwiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/mediawiki.html" class="media" title="documentation:2.0:applications:mediawiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [598-764] -->
<!-- EDIT6 TABLE [602-768] -->
</div>
<!-- EDIT5 SECTION "Wiki" [582-765] -->
<!-- EDIT5 SECTION "Wiki" [586-769] -->
<h3 class="sectionedit7" id="cms_portal_ecm">CMS, Portal, ECM</h3>
<div class="level3">
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
......@@ -122,9 +122,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/drupal.html" class="media" title="documentation:2.0:applications:drupal"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/liferay.html" class="media" title="documentation:2.0:applications:liferay"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/alfresco.html" class="media" title="documentation:2.0:applications:alfresco"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [794-1029] -->
<!-- EDIT8 TABLE [798-1033] -->
</div>
<!-- EDIT7 SECTION "CMS, Portal, ECM" [766-1030] -->
<!-- EDIT7 SECTION "CMS, Portal, ECM" [770-1034] -->
<h3 class="sectionedit9" id="bugtracker_service_management">Bugtracker, Service Management</h3>
<div class="level3">
<div class="table sectionedit10"><table class="inline table table-bordered table-striped">
......@@ -137,9 +137,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/bugzilla.html" class="media" title="documentation:2.0:applications:bugzilla"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/glpi.html" class="media" title="documentation:2.0:applications:glpi"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [1073-1229] -->
<!-- EDIT10 TABLE [1077-1233] -->
</div>
<!-- EDIT9 SECTION "Bugtracker, Service Management" [1031-1230] -->
<!-- EDIT9 SECTION "Bugtracker, Service Management" [1035-1234] -->
<h3 class="sectionedit11" id="other">Other</h3>
<div class="level3">
<div class="table sectionedit12"><table class="inline table table-bordered table-striped">
......@@ -152,9 +152,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/grr.html" class="media" title="documentation:2.0:applications:grr"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/phpldapadmin.html" class="media" title="documentation:2.0:applications:phpldapadmin"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 centeralign"> <a href="applications/limesurvey.html" class="media" title="documentation:2.0:applications:limesurvey"><img src="icons/kmultiple.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col3 centeralign"> <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="media" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" rel="nofollow"><img src="icons/kmultiple.png" class="media" title="SAP" alt="SAP" /></a> </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [1248-1651] -->
<!-- EDIT12 TABLE [1252-1655] -->
</div>
<!-- EDIT11 SECTION "Other" [1231-1652] -->
<!-- EDIT11 SECTION "Other" [1235-1656] -->
<h2 class="sectionedit13" id="frameworks">Frameworks</h2>
<div class="level2">
<div class="table sectionedit14"><table class="inline table table-bordered table-striped">
......@@ -167,9 +167,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/spring.html" class="media" title="documentation:2.0:applications:spring"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/django.html" class="media" title="documentation:2.0:applications:django"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [1677-1844] -->
<!-- EDIT14 TABLE [1681-1848] -->
</div>
<!-- EDIT13 SECTION "Frameworks" [1653-1845] -->
<!-- EDIT13 SECTION "Frameworks" [1657-1849] -->
<h2 class="sectionedit15" id="connectors">Connectors</h2>
<div class="level2">
<div class="table sectionedit16"><table class="inline table table-bordered table-striped">
......@@ -190,9 +190,9 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<a href="http://fr.lutece.paris.fr" class="urlextern" title="http://fr.lutece.paris.fr" rel="nofollow">Lutece</a> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT16 TABLE [1870-2361] -->
<!-- EDIT16 TABLE [1874-2365] -->
</div>
<!-- EDIT15 SECTION "Connectors" [1846-2362] -->
<!-- EDIT15 SECTION "Connectors" [1850-2366] -->
<h2 class="sectionedit17" id="saml_connectors">SAML connectors</h2>
<div class="level2">
<div class="noteclassic">This requires to configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as an <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a>.
......@@ -212,8 +212,8 @@ Applications listed below are known to be easy to integrate in <abbr title="Lemo
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/adfs.html" class="media" title="documentation:2.0:applications:adfs"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT18 TABLE [2482-3024] -->
<!-- EDIT18 TABLE [2486-3028] -->
</div>
<!-- EDIT17 SECTION "SAML connectors" [2363-] --></div>
<!-- EDIT17 SECTION "SAML connectors" [2367-] --></div>
</body>
</html>
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=d85714290cf235b49a654de9f78398ef" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=761151e5c98aa11e440c41e32546ca38" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1491283164" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1492102688" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=d85714290cf235b49a654de9f78398ef" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=761151e5c98aa11e440c41e32546ca38" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
......@@ -204,7 +204,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1491283164" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1492102688" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authapache</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authapache"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authapache.html"/>
......@@ -87,15 +87,16 @@
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can delegate authentication to Apache, so it is possible to use any <a href="http://httpd.apache.org/docs/current/howto/auth.html" class="urlextern" title="http://httpd.apache.org/docs/current/howto/auth.html" rel="nofollow">Apache authentication module</a>, for example Kerberos, Radius, OTP, etc.
</p>
<div class="notetip">Apache authentication module will set the <code>REMOTE_USER</code> environment variable, which will be used by <abbr title="LemonLDAP::NG">LL::NG</abbr> to get authenticated user.
<div class="noteimportant">To authenticate users using Kerberos, you can now use the new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos authentication module</a> which allow to chain Kerberos in a <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">combination</a>
</div><div class="notetip">Apache authentication module will set the <code>REMOTE_USER</code> environment variable, which will be used by <abbr title="LemonLDAP::NG">LL::NG</abbr> to get authenticated user.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [81-463] -->
<!-- EDIT3 SECTION "Presentation" [81-664] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [464-490] -->
<!-- EDIT4 SECTION "Configuration" [665-691] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
......@@ -110,7 +111,7 @@ You may want to failback to another authentication backend in case of the Apache
<div class="notetip">In this case, the Apache authentication module should not require a valid user and not be authoritative, else Apache server will return an error and not let <abbr title="LemonLDAP::NG">LL::NG</abbr> Portal manage the failback authentication.
</div>
</div>
<!-- EDIT5 SECTION "LL::NG" [491-1029] -->
<!-- EDIT5 SECTION "LL::NG" [692-1230] -->
<h3 class="sectionedit6" id="apache1">Apache</h3>
<div class="level3">
......@@ -129,21 +130,22 @@ The Apache configuration depends on the module you choose, you need to look at t
</ul>
</div>
<!-- EDIT6 SECTION "Apache" [1030-1364] -->
<!-- EDIT6 SECTION "Apache" [1231-1565] -->
<h2 class="sectionedit7" id="tips">Tips</h2>
<div class="level2">
</div>
<!-- EDIT7 SECTION "Tips" [1365-1382] -->
<!-- EDIT7 SECTION "Tips" [1566-1583] -->
<h3 class="sectionedit8" id="kerberos">Kerberos</h3>
<div class="level3">
<p>
The Kerberos configuration is quite complex. You can find some configuration tips <a href="kerberos.html" class="wikilink1" title="documentation:2.0:kerberos">on this page</a>.
</p>
<div class="notetip">Prefer new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos</a> module.
</div>
</div>
<!-- EDIT8 SECTION "Kerberos" [1383-1512] -->
<!-- EDIT8 SECTION "Kerberos" [1584-1776] -->
<h3 class="sectionedit9" id="compatibility_with_identity_provider_modules">Compatibility with Identity Provider modules</h3>
<div class="level3">
......@@ -163,6 +165,6 @@ This will bypass the authentication module for request from APPLICATIONS_<abbr t
</p>
</div>
<!-- EDIT9 SECTION "Compatibility with Identity Provider modules" [1513-] --></div>
<!-- EDIT9 SECTION "Compatibility with Identity Provider modules" [1777-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcas</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authcas"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcas.html"/>
......@@ -43,19 +43,6 @@
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#perl-cas_module_installation">Perl-CAS module installation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="cas">CAS</h1>
<div class="level1">
......@@ -95,31 +82,7 @@ They can then be forwarded to applications trough <a href="writingrulesand_heade
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [71-832] -->
<h2 class="sectionedit4" id="perl-cas_module_installation">Perl-CAS module installation</h2>
<div class="level2">
<p>
Download the latest version:
</p>
<pre class="code">wget https://sourcesup.cru.fr/frs/download.php/2476/AuthCAS-1.4.tar.gz</pre>
<p>
Extract and build the module:
</p>
<pre class="code">tar zxvf AuthCAS-1.4.tar.gz
cd AuthCAS-1.4/
perl Makefile.PL
make
make test</pre>
<p>
Install the module:
</p>
<pre class="code">sudo make install</pre>
</div>
<!-- EDIT4 SECTION "Perl-CAS module installation" [833-1166] -->
<h2 class="sectionedit5" id="configuration">Configuration</h2>
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
......@@ -133,15 +96,21 @@ Then, go in <code><abbr title="Central Authentication Service">CAS</abbr> parame
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong>Server <abbr title="Uniform Resource Locator">URL</abbr></strong>: <abbr title="Central Authentication Service">CAS</abbr> server <abbr title="Uniform Resource Locator">URL</abbr> (must use https://)</div>
</ul>
<p>
Then create the list of <abbr title="Central Authentication Service">CAS</abbr> servers in the manager. For each, set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Server <abbr title="Uniform Resource Locator">URL</abbr></strong> <em>(required)</em>: <abbr title="Central Authentication Service">CAS</abbr> server <abbr title="Uniform Resource Locator">URL</abbr> (must use https://)</div>
</li>
<li class="level1"><div class="li"> <strong>CA file</strong>: CA certificate used to validate <abbr title="Central Authentication Service">CAS</abbr> server certificate</div>
<li class="level1"><div class="li"> <strong>Renew authentication</strong> <em>(default: disabled)</em>: force authentication renewal on <abbr title="Central Authentication Service">CAS</abbr> server</div>
</li>
<li class="level1"><div class="li"> <strong>Renew authentication</strong>: force authentication renewal on <abbr title="Central Authentication Service">CAS</abbr> server</div>
<li class="level1"><div class="li"> <strong>Gateways authentication</strong> <em>(default: disabled)</em>: force transparent authentication on <abbr title="Central Authentication Service">CAS</abbr> server</div>
</li>
<li class="level1"><div class="li"> <strong>Gateways authentication</strong>: force transparent authentication on <abbr title="Central Authentication Service">CAS</abbr> server</div>
<li class="level1"><div class="li"> <strong>Display Name</strong>: Name to display. Required if you have more than 1 <abbr title="Central Authentication Service">CAS</abbr> server declared</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Proxy Granting Ticket">PGT</abbr> file</strong>: temporary file where proxy tickets are stored (by default, <code>/tmp/pgt.txt</code>)</div>
<li class="level1"><div class="li"> <strong>Icon</strong>: Path to <abbr title="Central Authentication Service">CAS</abbr> Server icon, used only if you have more than 1 <abbr title="Central Authentication Service">CAS</abbr> server declared</div>
</li>
<li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
<ul>
......@@ -152,12 +121,9 @@ Then, go in <code><abbr title="Central Authentication Service">CAS</abbr> parame
</ul>
</li>
</ul>
<div class="notetip">If no proxied services defined, <abbr title="Central Authentication Service">CAS</abbr> authentication will not activate the <abbr title="Central Authentication Service">CAS</abbr> proxy mode.
</div><div class="noteimportant">If you activate proxy mode, you must create the <abbr title="Proxy Granting Ticket">PGT</abbr> file on your system, for example:
<pre class="code">touch /tmp/pgt.txt</pre>
<div class="notetip">If no proxied services defined, <abbr title="Central Authentication Service">CAS</abbr> authentication will not activate the <abbr title="Central Authentication Service">CAS</abbr> proxy mode with this <abbr title="Central Authentication Service">CAS</abbr> server.
</div>
</div>
<!-- EDIT5 SECTION "Configuration" [1167-] --></div>
<!-- EDIT4 SECTION "Configuration" [833-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcombination</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authcombination"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcombination.html"/>
......@@ -67,7 +67,7 @@
<li class="level1"><div class="li"><a href="#known_problems">Known problems</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#federation_protocols">Federation protocols</a></div></li>
<li class="level2"><div class="li"><a href="#authapache_authentication">AuthApache authentication</a></div></li>
<li class="level2"><div class="li"><a href="#authapache_authentication">Auth::Apache authentication</a></div></li>
<li class="level2"><div class="li"><a href="#ssl_authentication">SSL authentication</a></div></li>
</ul></li>
</ul>
......@@ -333,13 +333,14 @@ Combination module returns the form corresponding to the first authentication sc
<!-- EDIT15 TABLE [4917-5249] -->
</div>
<!-- EDIT14 SECTION "Federation protocols" [4618-5250] -->
<h3 class="sectionedit16" id="authapache_authentication">AuthApache authentication</h3>
<h3 class="sectionedit16" id="authapache_authentication">Auth::Apache authentication</h3>
<div class="level3">
<p>
When using this module, <abbr title="LemonLDAP::NG">LL::NG</abbr> portal will be called only if Apache does not return “401 Authentication required”, but this is not the Apache behaviour: if the auth module fails, Apache returns 401. So Kerberos can be used only with a “and” boolean expression.
When using this module, <abbr title="LemonLDAP::NG">LL::NG</abbr> portal will be called only if Apache does not return “401 Authentication required”, but this is not the Apache behaviour: if the auth module fails, Apache returns 401. So it can be used only with a “and” boolean expression.
</p>
<div class="notetip">The new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos authentication module</a> solve this for Kerberos: you just have to use it instead of Apache and enable authentication by Ajax in Kerberos parameters.
</div>
<p>
Example: <code>[ Apache and LDAP, LDAP ]</code>
</p>
......@@ -349,7 +350,7 @@ To bypass this, follow the documentation of <a href="authapache.html" class="wik
</p>
</div>
<!-- EDIT16 SECTION "AuthApache authentication" [5251-5667] -->
<!-- EDIT16 SECTION "Auth::Apache authentication" [5251-5862] -->
<h3 class="sectionedit17" id="ssl_authentication">SSL authentication</h3>
<div class="level3">
......@@ -358,6 +359,6 @@ To chain SSL, you have to set “SSLRequire optional” in Apache configuration,
</p>
</div>
<!-- EDIT17 SECTION "SSL authentication" [5668-] --></div>
<!-- EDIT17 SECTION "SSL authentication" [5863-] --></div>
</body>
</html>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authkerberos</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authkerberos"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authkerberos.html"/>
<link rel="contents" href="authkerberos.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authkerberos","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#llng_configuration">LLNG Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#kerberos_configuration">Kerberos configuration</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="kerberos">Kerberos</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [24-81] -->
</div>
<!-- EDIT1 SECTION "Kerberos" [1-82] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://en.wikipedia.org/wiki/Kerberos_(protocol)" class="urlextern" title="https://en.wikipedia.org/wiki/Kerberos_(protocol)" rel="nofollow">Kerberos</a> is a network authentication protocol used to authenticate users based on their desktop session.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [83-268] -->
<h2 class="sectionedit4" id="llng_configuration">LLNG Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Kerberos for authentication. Then go to “Kerberos parameters” and configure the following parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>keytab file</strong> (required): the Kerberos keytab file</div>
</li>
<li class="level1"><div class="li"> <strong> Use Ajax request</strong>: set to “enabled” if you want to use an Ajax request instead of a direct Kerberos attempt. <strong>This is required if you want to chain Kerberos in a <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">combination</a></strong></div>
</li>
<li class="level1"><div class="li"> <strong>Kerberos authentication level</strong>: default to 3</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "LLNG Configuration" [269-799] -->
<h3 class="sectionedit5" id="kerberos_configuration">Kerberos configuration</h3>
<div class="level3">
<p>
The Kerberos configuration is quite complex. You can find some configuration tips <a href="kerberos.html" class="wikilink1" title="documentation:2.0:kerberos">on this page</a>.
</p>
</div>
<!-- EDIT5 SECTION "Kerberos configuration" [800-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authsaml</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authsaml"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authsaml.html"/>
......
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authssl</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authssl"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authssl.html"/>
......@@ -62,7 +62,9 @@
<li class="level2"><div class="li"><a href="#with_nginx">With Nginx</a></div></li>
<li class="level2"><div class="li"><a href="#configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></div></li>
<li class="level2"><div class="li"><a href="#auto_reloading_ssl_certificates">Auto reloading SSL Certificates</a></div></li>
</ul></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#ssl_by_ajax">SSL by Ajax</a></div></li>
</ul>
</div>
</div>
......@@ -101,8 +103,12 @@
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
By default, SSL is required before the portal is displayed (handled by webserver). If you want to display a button to connect to LLNG <em>(compatible with <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a>)</em>, you can activate “SSL by Ajax request” in the manager. See <a href="#ssl_by_ajax" title="documentation:2.0:authssl ↵" class="wikilink1">SSL by Ajax</a> below.
</p>
</div>
<!-- EDIT4 SECTION "Configuration" [402-428] -->
<!-- EDIT4 SECTION "Configuration" [402-713] -->
<h3 class="sectionedit5" id="with_apache">With Apache</h3>
<div class="level3">
......@@ -182,7 +188,7 @@ Here are the main options used by <abbr title="LemonLDAP::NG">LL::NG</abbr>:
</ul>
</div>
<!-- EDIT5 SECTION "With Apache" [429-2399] -->
<!-- EDIT5 SECTION "With Apache" [714-2684] -->
<h3 class="sectionedit6" id="with_nginx">With Nginx</h3>
<div class="level3">
......@@ -207,7 +213,7 @@ You must also export SSL_CLIENT_S_<abbr title="Distinguished Name">DN</abbr>_CN
fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;</pre>
</div>
<!-- EDIT6 SECTION "With Nginx" [2400-2961] -->
<!-- EDIT6 SECTION "With Nginx" [2685-3246] -->
<h3 class="sectionedit7" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
......@@ -227,7 +233,7 @@ Then, go in <code>SSL parameters</code>:
</ul>
</div>
<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [2962-3387] -->
<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [3247-3672] -->
<h3 class="sectionedit8" id="auto_reloading_ssl_certificates">Auto reloading SSL Certificates</h3>
<div class="level3">
......@@ -332,9 +338,28 @@ $('.enteteBouton').click( function (e) {
});
<span class="sc2">&lt;<span class="sy0">/</span><a href="http://december.com/html/4/element/script.html"><span class="kw2">script</span></a>&gt;</span>
<span class="sc2">&lt;<span class="sy0">/</span><a href="http://december.com/html/4/element/body.html"><span class="kw2">body</span></a>&gt;</span></pre>
<div class="notewarning">It is incompatible with authentication combination because of Apache parameter “SSLVerifyClient”, which must have the value “require”
<div class="notewarning">It is incompatible with authentication combination because of Apache parameter “SSLVerifyClient”, which must have the value “require”. To enable SSL with <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a>, use <a href="#ssl_by_ajax" title="documentation:2.0:authssl ↵" class="wikilink1">SSL by Ajax</a>
</div>
</div>
<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [3388-] --></div>
<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [3673-6936] -->
<h2 class="sectionedit9" id="ssl_by_ajax">SSL by Ajax</h2>
<div class="level2">
<p>
If you enable this feature, you must configure 2 portal virtual hosts:
</p>
<ul>
<li class="level1"><div class="li"> the main <em>(which corresponds to portal <abbr title="Uniform Resource Locator">URL</abbr>)</em> with <code>SSLVerifyClient none</code></div>
</li>
<li class="level1"><div class="li"> the second with <code>SSLVerifyClient require</code> and a <code>Header set Allow-Control-Allow-Origin https://portal-main-url</code></div>
</li>
</ul>
<p>
then declare the second <abbr title="Uniform Resource Locator">URL</abbr> in SSL options in the Manager. That&#039;s all ! Then you can chain it in a <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">combination</a>.
</p>
</div>
<!-- EDIT9 SECTION "SSL by Ajax" [6937-] --></div>
</body>
</html>
......@@ -73,9 +73,10 @@ The <a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.
<p>
You need to get an client ID and a secret key from Yubico. See <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/" rel="nofollow">Yubico API</a> page.
</p>
<div class="notetip">To use your Yubikeys as “second factor”, use <a href="u2f.html" class="wikilink1" title="documentation:2.0:u2f">Universal 2nd Factor Authentication (U2F)</a> instead of this module
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [83-511] -->
<!-- EDIT3 SECTION "Presentation" [83-647] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
......@@ -106,6 +107,6 @@ Then, go in <code>Yubikey parameters</code>:
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [512-] --></div>
<!-- EDIT4 SECTION "Configuration" [648-] --></div>
</body>
</html>
......@@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:browseablesessionbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,browseablesessionbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="browseablesessionbackend.html"/>
......@@ -59,6 +59,7 @@
</li>
<li class="level1"><div class="li"><a href="#browseable_ldap">Browseable LDAP</a></div></li>
<li class="level1"><div class="li"><a href="#security">Security</a></div></li>
<li class="level1"><div class="li"><a href="#performances">Performances</a></div></li>
</ul>
</div>
</div>
......@@ -281,6 +282,46 @@ You can also use different user/password for your servers by overriding paramete
</p>
</div>
<!-- EDIT12 SECTION "Security" [5426-] --></div>
<!-- EDIT12 SECTION "Security" [5426-5645] -->
<h2 class="sectionedit13" id="performances">Performances</h2>
<div class="level2">
<p>
Here are some recommended configurations:
</p>
<p>
<strong>Browseable::Postgres</strong>:
</p>
<pre class="code sql"><span class="kw1">CREATE</span> UNLOGGED <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
id <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">64</span><span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
a_session text<span class="sy0">,</span>
_whatToTrace text<span class="sy0">,</span>
_session_kind text<span class="sy0">,</span>
_utime <span class="kw1">BIGINT</span><span class="sy0">,</span>
ipAddr <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">64</span><span class="br0">&#41;</span>
<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> uid1 <span class="kw1">ON</span> sessions <span class="kw1">USING</span> BTREE <span class="br0">&#40;</span>_whatToTrace text_pattern_ops<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> _s1 <span class="kw1">ON</span> sessions <span class="br0">&#40;</span>_session_kind<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> _u1 <span class="kw1">ON</span> sessions <span class="br0">&#40;</span>_utime<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> ip1 <span class="kw1">ON</span> sessions <span class="kw1">USING</span> BTREE <span class="br0">&#40;</span>ipAddr<span class="br0">&#41;</span></pre>
<p>
<strong>Browseable::MySQL</strong>:
</p>
<pre class="code sql"><span class="kw1">CREATE</span> <span class="kw1">TABLE</span> sessions <span class="br0">&#40;</span>
id <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">64</span><span class="br0">&#41;</span> <span class="kw1">NOT</span> <span class="kw1">NULL</span> <span class="kw1">PRIMARY</span> <span class="kw1">KEY</span><span class="sy0">,</span>
a_session text<span class="sy0">,</span>
_whatToTrace <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">64</span><span class="br0">&#41;</span><span class="sy0">,</span>
_session_kind <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">15</span><span class="br0">&#41;</span><span class="sy0">,</span>
_utime <span class="kw1">BIGINT</span>
<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> uid1 <span class="kw1">ON</span> sessions <span class="br0">&#40;</span>_whatToTrace<span class="br0">&#41;</span> <span class="kw1">USING</span> BTREE;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> _s1 <span class="kw1">ON</span> sessions <span class="br0">&#40;</span>_session_kind<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> &l