Commit fcf84e3a authored by Clément OUDOT's avatar Clément OUDOT

Documentation update

git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/branches/lemonldap-ng_version_1_4-bugfixes@3715 1dbb9719-a921-0410-b57f-c3a383c2c641
parent a5b3f2b6
......@@ -77,7 +77,7 @@ You should have configured <acronym title="LemonLDAP::NG">LL::NG</acronym> as a
</p>
<p>
For using SP-initiated mode, you must create your salesforce domain.
For using SP-initiated mode, you must create your salesforce domain. Creation can take up to 1 hour. (if it is superior to 1h, then there is a problem. Problems are generally resolved in up to 72 hours)
</p>
<p>
......@@ -103,12 +103,12 @@ match with the correct values. (adapt the domain if necessary)
</p>
<p>
<p><div class="noteimportant">For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once <acronym title="Security Assertion Markup Language">SAML</acronym> cinematics are working, you can then put your domain, and delete the login form, and you&#039;ll have an automatic redirection to your Identity Provider (no need for the user to click)
<p><div class="noteimportant">For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once <acronym title="Security Assertion Markup Language">SAML</acronym> cinematics are working, you can then put your domain, and delete the login form, and you&#039;ll have an automatic redirection to your Identity Provider (no need for the user to click). Note that you can always access Salesforce by the general login page: <a href="https://login.salesforce.com" class="urlextern" title="https://login.salesforce.com" rel="nofollow">https://login.salesforce.com</a>
</div></p>
</p>
</div>
<!-- SECTION "Create Salesforce domain" [575-1332] -->
<!-- SECTION "Create Salesforce domain" [575-1566] -->
<h3><a name="saml_settings" id="saml_settings">SAML settings</a></h3>
<div class="level3">
......@@ -162,7 +162,7 @@ Go to the <acronym title="Security Assertion Markup Language">SAML</acronym> Sin
</ul>
</div>
<!-- SECTION "SAML settings" [1333-3445] -->
<!-- SECTION "SAML settings" [1567-3679] -->
<h3><a name="configure_federation_id" id="configure_federation_id">Configure Federation ID</a></h3>
<div class="level3">
......@@ -184,4 +184,4 @@ See <a href="../../../documentation/1.4/idpsaml.html" class="wikilink1" title="d
</p>
</div>
<!-- SECTION "Configure Federation ID" [3446-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Configure Federation ID" [3680-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -341,7 +341,7 @@ vi /var/lib/lemonldap-ng/portal/login.pl
&lt;/<span class="kw3">Directory</span>&gt;
&nbsp;
<span class="kw1">ErrorDocument</span> 401 /login.pl
&lt;<span class="kw3">LocationMatch</span> /(index.pl|cas/*|saml/*|openidserver/*)&gt;
&lt;<span class="kw3">LocationMatch</span> ^/(?!login.pl)&gt;
&lt;<span class="kw3">IfModule</span> auth_kerb_module&gt;
<span class="kw1">AuthType</span> Kerberos
KrbMethodNegotiate <span class="kw2">On</span>
......@@ -374,7 +374,7 @@ vi /var/lib/lemonldap-ng/portal/login.pl
</p>
</div>
<!-- SECTION "Use Kerberos with Multiple authentication backend" [4635-7092] -->
<!-- SECTION "Use Kerberos with Multiple authentication backend" [4635-7067] -->
<h3><a name="time_to_test" id="time_to_test">Time to test</a></h3>
<div class="level3">
......@@ -385,4 +385,4 @@ Configure <acronym title="Internet Explorer">IE</acronym> or Firefox to trust <c
</p>
</div>
<!-- SECTION "Time to test" [7093-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Time to test" [7068-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -43,8 +43,13 @@
Google proposes to allow applications to reuse its own authentication process using <a href="http://en.wikipedia.org/wiki/OpenID" class="urlextern" title="http://en.wikipedia.org/wiki/OpenID" rel="nofollow">OpenID</a> protocol (it means, if your are connected to Google, other applications can trust Google and let you in).
</p>
<p>
<p><div class="notewarning">OpenID 2.0 support is closed since 20th April 2015. If you still need to use Google login after this date, use either OpenID Connect authentication module available in version 2.00, or see the Google Migration paragraph at the end of this page.
</div></p>
</p>
</div>
<!-- SECTION "Presentation" [81-344] -->
<!-- SECTION "Presentation" [81-611] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
......@@ -84,8 +89,41 @@ See also <a href="../../documentation/1.4/exportedvars.html" class="wikilink1" t
<p>
<p><div class="noteimportant">A specific persistent session is created with this module, to store attribute values returned by Google. If this session is lost, Google will ask a confirmation for each requested attribute.
</div></p>
</p>
</div>
<!-- SECTION "Configuration" [612-1558] -->
<h2><a name="google_migration" id="google_migration">Google Migration</a></h2>
<div class="level2">
<p>
A Google Migration workaround is available since LemonLDAP::NG 1.4.4. It provides a specific and lightweight OpenID Connect module that will replace the current Google module.
</p>
<p>
<p><div class="noteimportant">This module is not available in version 2.00, you must use instead the OpenID Connect authentication module.
</div></p>
</p>
<p>
To use it, edit lemonldap-ng.ini (this is not available trough Manager) and configure:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">authentication</span> <span class="sy0">=</span><span class="re2"> GoogleMigration</span>
<span class="re1">googleClientId</span> <span class="sy0">=</span><span class="re2"> XXXX</span>
<span class="re1">googleClientSecret</span> <span class="sy0">=</span><span class="re2"> XXXX</span></pre>
<p>
You need to register your LemonLDAP::NG application to Google in order to obtain the Client ID and the Client Secret, see <a href="https://developers.google.com/" class="urlextern" title="https://developers.google.com/" rel="nofollow">https://developers.google.com/</a>
</p>
<p>
You also need to register to Google the redirect <acronym title="Uniform Resource Identifier">URI</acronym>. You have to set your portal <acronym title="Uniform Resource Locator">URL</acronym> with the googlecb=1 GET parameter, for example:
</p>
<pre class="code">http://auth.example.com/?googlecb=1</pre>
</div>
<!-- SECTION "Configuration" [345-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Google Migration" [1559-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
......@@ -279,6 +279,26 @@ apachectl restart</pre>
</div>
<!-- SECTION "Apache virtual host" [3472-3866] -->
<h3><a name="default_virtual_host" id="default_virtual_host">Default virtual host</a></h3>
<div class="level3">
<p>
Apache on RedHat comes with a default virtual host:
</p>
<pre class="code file apache">&lt;<span class="kw3">LocationMatch</span> <span class="st0">&quot;^/+$&quot;</span>&gt;
<span class="kw1">Options</span> -<span class="kw2">Indexes</span>
<span class="kw1">ErrorDocument</span> 403 /.noindex.html
&lt;/<span class="kw3">LocationMatch</span>&gt;</pre>
<p>
This conflicts with LemonLDAP::NG ErrorDocument configuration, so you need to comment this part of the vhost.
If you have an apache fresh install, it can be a good idea to completely disable the welcome vhost.
</p>
</div>
<!-- SECTION "Default virtual host" [3867-4274] -->
<h3><a name="reload_virtual_host" id="reload_virtual_host">Reload virtual host</a></h3>
<div class="level3">
......@@ -295,7 +315,7 @@ To allow the manager to reload the configuration, register the reload virtual ho
</p>
</div>
<!-- SECTION "Reload virtual host" [3867-4168] -->
<!-- SECTION "Reload virtual host" [4275-4576] -->
<h3><a name="upgrade" id="upgrade">Upgrade</a></h3>
<div class="level3">
......@@ -329,7 +349,7 @@ The upgrade process will also have migrate old configuration files into <code>/e
</p>
</div>
<!-- SECTION "Upgrade" [4169-6678] -->
<!-- SECTION "Upgrade" [4577-7086] -->
<h3><a name="dns" id="dns">DNS</a></h3>
<div class="level3">
......@@ -356,7 +376,7 @@ Follow the <a href="../../documentation/1.4/start.html#configuration" class="wik
</p>
</div>
<!-- SECTION "DNS" [6679-6951] -->
<!-- SECTION "DNS" [7087-7359] -->
<h2><a name="file_location" id="file_location">File location</a></h2>
<div class="level2">
<ul>
......@@ -373,7 +393,7 @@ Follow the <a href="../../documentation/1.4/start.html#configuration" class="wik
</ul>
</div>
<!-- SECTION "File location" [6952-7308] -->
<!-- SECTION "File location" [7360-7716] -->
<h2><a name="build_your_packages" id="build_your_packages">Build your packages</a></h2>
<div class="level2">
......@@ -407,4 +427,4 @@ rpmbuild -ta SOURCES/lemonldap-ng-VERSION.tar.gz
</pre>
</div>
<!-- SECTION "Build your packages" [7309-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
<!-- SECTION "Build your packages" [7717-] --></div><!-- closes <div class="dokuwiki export">-->
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment