Commit d8a6bf6e authored by Maxime Besson's avatar Maxime Besson Committed by Clément OUDOT

Fix CAS documentation links

The CAS documentation links were missing or incorrect, this commit
points them back to the correct page and section
parent a7d5dd74
......@@ -43,20 +43,43 @@
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<h1 class="sectionedit1" id="cas_server">CAS server</h1>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#enabling_cas">Enabling CAS</a></div></li>
<li class="level2"><div class="li"><a href="#configuring_the_cas_service">Configuring the CAS Service</a></div></li>
<li class="level2"><div class="li"><a href="#configuring_cas_applications">Configuring CAS Applications</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#options">Options</a></div></li>
<li class="level3"><div class="li"><a href="#exported_attributes">Exported Attributes</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<p>
AS server
</p>
<div class="level1">
</div>
<!-- EDIT1 SECTION "CAS server" [1-26] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<h2 class="sectionedit1" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can be used as a <abbr title="Central Authentication Service">CAS</abbr> server. It can allow one to federate <abbr title="LemonLDAP::NG">LL::NG</abbr> with:
</p>
<ul>
<li class="level1"><div class="li"> Another <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS authentication</a> <abbr title="LemonLDAP::NG">LL::NG</abbr> provider</div>
<li class="level1"><div class="li"> Another <a href="authcas.html" class="wikilink1" title="documentation:2.1:authcas">CAS authentication</a> <abbr title="LemonLDAP::NG">LL::NG</abbr> provider</div>
</li>
<li class="level1"><div class="li"> Any <abbr title="Central Authentication Service">CAS</abbr> consumer</div>
</li>
......@@ -67,36 +90,41 @@
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [27-397] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<!-- EDIT1 SECTION "Presentation" [19-389] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT2 SECTION "Configuration" [390-416] -->
<h3 class="sectionedit3" id="enabling_cas">Enabling CAS</h3>
<div class="level3">
<p>
In the Manager, go in <code>General Parameters</code> » <code>Issuer modules</code> » <code><abbr title="Central Authentication Service">CAS</abbr></code> and configure:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Activation</strong>: set to <code>On</code>.</div>
</li>
<li class="level1"><div class="li"> <strong>Path</strong>: keep <code>^/cas/</code> unless you have change <a href="configlocation.html#portal" class="wikilink1" title="documentation:2.0:configlocation">Apache portal configuration</a> file.</div>
</li>
<li class="level1"><div class="li"> <strong>Use rule</strong>: a rule to allow user to use this module, set to 1 to always allow.</div>
<li class="level1"><div class="li"> <strong>Path</strong>: it is recommended to keep the default value (<code>^/cas/</code>)</div>
</li>
</ul>
<div class="notetip">For example, to allow only users with a strong authentication level:
<pre class="code">$authenticationLevel &gt; 2</pre>
</div>
<!-- EDIT3 SECTION "Enabling CAS" [417-640] -->
<h3 class="sectionedit4" id="configuring_the_cas_service">Configuring the CAS Service</h3>
<div class="level3">
<p>
Then go in <code>Options</code> to define:
Then go in <code><abbr title="Central Authentication Service">CAS</abbr> Service</code> to define:
</p>
<ul>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> login</strong>: the session key used to fill user login (value will be transmitted to <abbr title="Central Authentication Service">CAS</abbr> clients).</div>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> login</strong>: the session key transmitted to <abbr title="Central Authentication Service">CAS</abbr> client as the main identifier (<abbr title="Central Authentication Service">CAS</abbr> Principal)</div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> attributes</strong>: list of attributes that will be transmitted in validate response. Keys are the name of attribute in the <abbr title="Central Authentication Service">CAS</abbr> response, values are the name of session key.</div>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> attributes</strong>: list of attributes that will be transmitted by default in the validate response. Keys are the name of attribute in the <abbr title="Central Authentication Service">CAS</abbr> response, values are the name of session key. </div>
</li>
<li class="level1"><div class="li"> <strong>Access control policy</strong>: define if access control should be done on <abbr title="Central Authentication Service">CAS</abbr> service. Three options:</div>
<ul>
<li class="level2"><div class="li"> <strong>none</strong>: no access control, the server will answer without checking if the user is authorized for the service (this is the default)</div>
<li class="level2"><div class="li"> <strong>none</strong>: no access control. The <abbr title="Central Authentication Service">CAS</abbr> service will accept non-declared <abbr title="Central Authentication Service">CAS</abbr> applications and ignore access control rules. This is the default.</div>
</li>
<li class="level2"><div class="li"> <strong>error</strong>: if user has no access, an error is shown on the portal, the user is not redirected to <abbr title="Central Authentication Service">CAS</abbr> service</div>
</li>
......@@ -104,12 +132,54 @@ Then go in <code>Options</code> to define:
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> session module name and options</strong>: choose a specific module if you do not want to mix <abbr title="Central Authentication Service">CAS</abbr> sessions and normal sessions (see <a href="samlservice.html#saml_sessions_module_name_and_options" class="wikilink1" title="documentation:2.0:samlservice">why</a>).</div>
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> session module name and options</strong>: choose a specific module if you do not want to mix <abbr title="Central Authentication Service">CAS</abbr> sessions and normal sessions (see <a href="samlservice.html#saml_sessions_module_name_and_options" class="wikilink1" title="documentation:2.1:samlservice">why</a>).</div>
</li>
</ul>
<div class="notetip">If <code><abbr title="Central Authentication Service">CAS</abbr> login</code> is not set, it uses <code>General Parameters</code> » <code>Logs</code> » <code>REMOTE_USER</code> data, which is set to <code>uid</code> by default
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [398-] --></div>
<!-- EDIT4 SECTION "Configuring the CAS Service" [641-1923] -->
<h3 class="sectionedit5" id="configuring_cas_applications">Configuring CAS Applications</h3>
<div class="level3">
<p>
If an access control policy other than <code>none</code> is specified, applications that want to authenticate users through the <abbr title="Central Authentication Service">CAS</abbr> protocol have to be declared before LemonLDAP::NG accepts to issue service tickets for them.
</p>
<p>
Go to <code><abbr title="Central Authentication Service">CAS</abbr> Applications</code> and then <code>Add <abbr title="Central Authentication Service">CAS</abbr> Application</code>. Give a technical name (no spaces, no special characters), like “app-example”.
</p>
<p>
You can then access the configuration of this application.
</p>
</div>
<h4 id="options">Options</h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> <strong>Service <abbr title="Uniform Resource Locator">URL</abbr></strong> : the service (user-facing) <abbr title="Uniform Resource Locator">URL</abbr> of the <abbr title="Central Authentication Service">CAS</abbr>-enabled application.</div>
</li>
<li class="level1"><div class="li"> <strong>Rule</strong> : The access control rule to enforce on this application. If left blank, access will be allowed for everyone.</div>
</li>
</ul>
<div class="noteimportant">If the access control policy is set to <code>none</code>, this rule will be ignored
</div>
</div>
<h4 id="exported_attributes">Exported Attributes</h4>
<div class="level4">
<p>
You may add a list of attributes that will be transmitted in the validate response. Keys are the name of attribute in the <abbr title="Central Authentication Service">CAS</abbr> response, values are the name of session key.
</p>
<p>
The attributes defined here will completely replace any attributes you may have declared in the global <code><abbr title="Central Authentication Service">CAS</abbr> Service</code> configuration. In order to re-use the global configuration, simply set this section to an empty list.
</p>
</div>
<!-- EDIT5 SECTION "Configuring CAS Applications" [1924-] --></div>
</body>
</html>
......@@ -1712,7 +1712,7 @@ sub attributes {
casAppMetaDataNodes => {
type => 'casAppMetaDataNodeContainer',
template => 'casAppMetaDataNode',
help => 'idpcas.html',
help => 'idpcas.html#configuring_cas_applications',
},
# OpenID Issuer
......
......@@ -390,7 +390,7 @@ sub tree {
]
},
{ title => 'issuerDBCAS',
help => 'idpcas.html',
help => 'idpcas.html#enabling_cas',
form => 'simpleInputContainer',
nodes => [
'issuerDBCASActivation', 'issuerDBCASPath',
......@@ -950,6 +950,7 @@ sub tree {
'oidcOPMetaDataNodes',
'oidcRPMetaDataNodes',
{ title => 'casServiceMetadata',
help => 'idpcas.html#configuring_the_cas_service',
nodes => [
'casAttr',
'casAccessControlPolicy',
......
This source diff could not be displayed because it is too large. You can view the blob instead.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment