2018-04-23 14:58:36 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:cli_examples< / title >
< meta name = "generator" content = "DokuWiki" / >
2019-09-23 22:41:16 +02:00
< meta name = "robots" content = "index,follow" / >
2018-04-23 14:58:36 +02:00
< meta name = "keywords" content = "documentation,2.0,cli_examples" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "cli_examples.html" / >
< link rel = "contents" href = "cli_examples.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : c l i _ e x a m p l e s " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
<!-- //endif -->
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
2019-06-28 16:53:45 +02:00
< li class = "level1" > < div class = "li" > < a href = "#saverestore_configuration" > Save/restore configuration< / a > < / div > < / li >
2018-04-23 14:58:36 +02:00
< li class = "level1" > < div class = "li" > < a href = "#configure_https" > Configure HTTPS< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configure_sessions_backend" > Configure sessions backend< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configure_virtual_host" > Configure virtual host< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configure_ldap_authentication_backend" > Configure LDAP authentication backend< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configure_saml_identity_provider" > Configure SAML Identity Provider< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#register_an_saml_service_provider" > Register an SAML Service Provider< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configure_openid_connect_identity_provider" > Configure OpenID Connect Identity Provider< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#register_an_openid_connect_relying_party" > Register an OpenID Connect Relying Party< / a > < / div > < / li >
2018-11-26 14:15:43 +01:00
< li class = "level1" > < div class = "li" > < a href = "#categories_and_applications_in_menu" > Categories and applications in menu< / a > < / div > < / li >
2019-06-28 16:53:45 +02:00
< li class = "level1" > < div class = "li" > < a href = "#encryption_key" > Encryption key< / a > < / div > < / li >
2018-04-23 14:58:36 +02:00
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "command_line_interface_lemonldap-ng-cli_examples" > Command Line Interface (lemonldap-ng-cli) examples< / h1 >
< div class = "level1" >
< p >
This page shows some examples of < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > Command Line Interface. See < a href = "configlocation.html#command_line_interface_cli" class = "wikilink1" title = "documentation:2.0:configlocation" > how to use the command< / a > .
< / p >
< / div >
<!-- EDIT1 SECTION "Command Line Interface (lemonldap - ng - cli) examples" [1 - 205] -->
2019-06-28 16:53:45 +02:00
< h2 class = "sectionedit2" id = "saverestore_configuration" > Save/restore configuration< / h2 >
< div class = "level2" >
< p >
This part requires LLNG 2.0.5 at least.
< / p >
< p >
Save:
< / p >
< pre class = "code sh" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli save > config.json< / pre >
< p >
Restore:
< / p >
< pre class = "code shell" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli restore config.json
# Or
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli restore - < config.json< / pre >
< / div >
<!-- EDIT2 SECTION "Save/restore configuration" [206 - 543] -->
< h2 class = "sectionedit3" id = "configure_https" > Configure HTTPS< / h2 >
2018-04-23 14:58:36 +02:00
< div class = "level2" >
< p >
2019-02-12 17:32:02 +01:00
When setting HTTPS, you first need to modify Apache/Nginx configuration, then you must configure < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > to change portal < abbr title = "Uniform Resource Locator" > URL< / abbr > , Handler redirections, cookie settings, ...
2018-04-23 14:58:36 +02:00
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
portal https://auth.example.com \
mailUrl https://auth.example.com/resetpwd \
registerUrl https://auth.example.com/register \
https 1 \
securedCookie 1< / pre >
2018-04-23 14:58:36 +02:00
< / div >
2019-06-28 16:53:45 +02:00
<!-- EDIT3 SECTION "Configure HTTPS" [544 - 1014] -->
< h2 class = "sectionedit4" id = "configure_sessions_backend" > Configure sessions backend< / h2 >
2018-04-23 14:58:36 +02:00
< div class = "level2" >
< p >
For production, it is recommended to use < a href = "browseablesessionbackend.html" class = "wikilink1" title = "documentation:2.0:browseablesessionbackend" > Browseable session backend< / a > . Once tables are created with columns corresponding to index, the following commands can be executed to set all the session backends.
< / p >
< p >
In this example we have:
< / p >
< ul >
< li class = "level1" > < div class = "li" > Backend: PostGreSQL< / div >
< / li >
< li class = "level1" > < div class = "li" > DB user: lemonldaplogin< / div >
< / li >
< li class = "level1" > < div class = "li" > DB password: lemonldappw< / div >
< / li >
< li class = "level1" > < div class = "li" > Database: lemonldapdb< / div >
< / li >
< li class = "level1" > < div class = "li" > Host: pg.example.com< / div >
< / li >
< / ul >
< ul >
< li class = "level1" > < div class = "li" > < abbr title = "Single Sign On" > SSO< / abbr > sessions:< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
delKey \
globalStorageOptions Directory \
globalStorageOptions LockDirectory
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
globalStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
globalStorageOptions DataSource ' DBI:Pg:database=lemonldapdb;host=pg.example.com' \
globalStorageOptions UserName ' lemonldaplogin' \
globalStorageOptions Password ' lemonldappw' \
globalStorageOptions Commit 1 \
globalStorageOptions Index ' ipAddr _whatToTrace user' \
globalStorageOptions TableName ' sessions'
< / pre >
2018-04-23 14:58:36 +02:00
< ul >
< li class = "level1" > < div class = "li" > Persistent sessions:< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
delKey \
persistentStorageOptions Directory \
persistentStorageOptions LockDirectory
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
persistentStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
persistentStorageOptions DataSource ' DBI:Pg:database=lemonldapdb;host=pg.example.com' \
persistentStorageOptions UserName ' lemonldaplogin' \
persistentStorageOptions Password ' lemonldappw' \
persistentStorageOptions Commit 1 \
persistentStorageOptions Index ' _session_uid' \
persistentStorageOptions TableName ' psessions' < / pre >
2018-04-23 14:58:36 +02:00
< ul >
< li class = "level1" > < div class = "li" > < abbr title = "Central Authentication Service" > CAS< / abbr > sessions< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
casStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
casStorageOptions DataSource ' DBI:Pg:database=lemonldapdb;host=pg.example.com' \
casStorageOptions UserName ' lemonldaplogin' \
casStorageOptions Password ' lemonldappw' \
casStorageOptions Commit 1 \
casStorageOptions Index ' _cas_id' \
casStorageOptions TableName ' cassessions' < / pre >
2018-04-23 14:58:36 +02:00
< ul >
< li class = "level1" > < div class = "li" > < abbr title = "Security Assertion Markup Language" > SAML< / abbr > sessions< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
samlStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
samlStorageOptions DataSource ' DBI:Pg:database=lemonldapdb;host=pg.example.com' \
samlStorageOptions UserName ' lemonldaplogin' \
samlStorageOptions Password ' lemonldappw' \
samlStorageOptions Commit 1 \
samlStorageOptions Index ' _saml_id ProxyID _nameID _assert_id _art_id _session_id' \
samlStorageOptions TableName ' samlsessions' < / pre >
2018-04-23 14:58:36 +02:00
< ul >
< li class = "level1" > < div class = "li" > OpenID Connect sessions< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
oidcStorage Apache::Session::Browseable::Postgres
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
oidcStorageOptions DataSource ' DBI:Pg:database=lemonldapdb;host=pg.example.com' \
oidcStorageOptions UserName ' lemonldaplogin' \
oidcStorageOptions Password ' lemonldappw' \
oidcStorageOptions Commit 1 \
oidcStorageOptions TableName ' oidcsessions' < / pre >
2018-04-23 14:58:36 +02:00
< / div >
2019-06-28 16:53:45 +02:00
<!-- EDIT4 SECTION "Configure sessions backend" [1015 - 4603] -->
< h2 class = "sectionedit5" id = "configure_virtual_host" > Configure virtual host< / h2 >
2018-04-23 14:58:36 +02:00
< div class = "level2" >
< p >
A virtual host must be defined in Apache/Nginx and access rules and exported headers must be configured in < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > .
< / p >
< p >
In this example we have:
< / p >
< ul >
< li class = "level1" > < div class = "li" > host: test.example.com< / div >
< / li >
< li class = "level1" > < div class = "li" > Access rules:< / div >
< ul >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > default => accept< / div >
2018-04-23 14:58:36 +02:00
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > Logout: ^/logout\.php => logout_sso< / div >
2018-04-23 14:58:36 +02:00
< / li >
< / ul >
< / li >
< li class = "level1" > < div class = "li" > Headers:< / div >
< ul >
< li class = "level2" > < div class = "li" > Auth-User: $uid< / div >
< / li >
< li class = "level2" > < div class = "li" > Auth-Mail: $mail< / div >
< / li >
< / ul >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
' locationRules/test.example.com' ' default' ' accept' \
' locationRules/test.example.com' ' (?#Logout)^/logout\.php' ' logout_sso' \
' exportedHeaders/test.example.com' ' Auth-User' ' $uid' \
' exportedHeaders/test.example.com' ' Auth-Mail' ' $mail' < / pre >
2018-04-23 14:58:36 +02:00
< / div >
2019-06-28 16:53:45 +02:00
<!-- EDIT5 SECTION "Configure virtual host" [4604 - 5304] -->
< h2 class = "sectionedit6" id = "configure_ldap_authentication_backend" > Configure LDAP authentication backend< / h2 >
2018-04-23 14:58:36 +02:00
< div class = "level2" >
< p >
In this example we use:
< / p >
< ul >
< li class = "level1" > < div class = "li" > LDAP server: < a href = "cli_examples.html" class = "urlextern" title = "ldap://ldap.example.com" rel = "nofollow" > ldap://ldap.example.com< / a > < / div >
< / li >
< li class = "level1" > < div class = "li" > LDAP Bind < abbr title = "Distinguished Name" > DN< / abbr > : cn=lemonldapng,ou=dsa,dc=example,dc=com< / div >
< / li >
< li class = "level1" > < div class = "li" > LDAP Bind PW: changeit< / div >
< / li >
< li class = "level1" > < div class = "li" > LDAP search base: ou=users,dc=example,dc=com< / div >
< / li >
< li class = "level1" > < div class = "li" > LDAP attributes:< / div >
< ul >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > uid => uid< / div >
2018-04-23 14:58:36 +02:00
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > cn => cn< / div >
2018-04-23 14:58:36 +02:00
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > mail => mail< / div >
2018-04-23 14:58:36 +02:00
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > sn => sn< / div >
2018-04-23 14:58:36 +02:00
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > givenName => givenName< / div >
2018-04-23 14:58:36 +02:00
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > mobile => mobile< / div >
2018-04-23 14:58:36 +02:00
< / li >
< / ul >
< / li >
< li class = "level1" > < div class = "li" > LDAP group base: ou=groups,dc=example,dc=com< / div >
< / li >
< li class = "level1" > < div class = "li" > Use recursive search for groups< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
authentication LDAP \
userDB LDAP \
passwordDB LDAP \
ldapServer ' ldap://ldap.example.com' \
managerDn ' cn=lemonldapng,ou=dsa,dc=example,dc=com' \
managerPassword ' changeit' \
ldapBase ' ou=users,dc=example,dc=com'
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
ldapExportedVars uid uid \
ldapExportedVars cn cn \
ldapExportedVars sn sn \
ldapExportedVars mobile mobile \
ldapExportedVars mail mail \
ldapExportedVars givenName givenName
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
ldapGroupBase ' ou=groups,dc=example,dc=com' \
ldapGroupObjectClass groupOfNames \
ldapGroupAttributeName member \
ldapGroupAttributeNameGroup dn \
ldapGroupAttributeNameSearch cn \
ldapGroupAttributeNameUser dn \
ldapGroupRecursive 1< / pre >
2018-04-23 14:58:36 +02:00
< / div >
2019-06-28 16:53:45 +02:00
<!-- EDIT6 SECTION "Configure LDAP authentication backend" [5305 - 6778] -->
< h2 class = "sectionedit7" id = "configure_saml_identity_provider" > Configure SAML Identity Provider< / h2 >
2018-04-23 14:58:36 +02:00
< div class = "level2" >
< p >
2019-06-28 16:53:45 +02:00
You can then generate a private key and a self-signed certificate with these commands;
2018-04-23 14:58:36 +02:00
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > openssl req -new -newkey rsa:4096 -keyout saml.key -nodes -out saml.pem -x509 -days 3650< / pre >
2018-04-23 14:58:36 +02:00
< p >
2019-12-21 16:54:57 +01:00
Fix the certificate key format (you can skip this step if you are running > = 2.0.6)
2018-04-23 14:58:36 +02:00
< / p >
2019-12-21 16:54:57 +01:00
< pre class = "code" > sed -e " s/END PRIVATE/END RSA PRIVATE/" \
-e " s/BEGIN PRIVATE/BEGIN RSA PRIVATE/" \
-i saml.key< / pre >
2018-04-23 14:58:36 +02:00
< p >
2019-12-21 16:54:57 +01:00
Import them in configuration and activate the < abbr title = "Security Assertion Markup Language" > SAML< / abbr > issuer
2018-04-23 14:58:36 +02:00
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
2019-12-21 16:54:57 +01:00
samlServicePrivateKeySig " `cat saml.key`" \
samlServicePublicKeySig " `cat saml.pem`" \
2019-06-28 16:53:45 +02:00
issuerDBSAMLActivation 1< / pre >
2018-04-23 14:58:36 +02:00
< p >
You can also define organization name and < abbr title = "Uniform Resource Locator" > URL< / abbr > for < abbr title = "Security Assertion Markup Language" > SAML< / abbr > metadata:
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
samlOrganizationName ' ACME' \
samlOrganizationDisplayName ' ACME Corporation' \
samlOrganizationURL ' http://www.acme.com' < / pre >
2018-04-23 14:58:36 +02:00
< / div >
2019-12-21 16:54:57 +01:00
<!-- EDIT7 SECTION "Configure SAML Identity Provider" [6779 - 7785] -->
2019-06-28 16:53:45 +02:00
< h2 class = "sectionedit8" id = "register_an_saml_service_provider" > Register an SAML Service Provider< / h2 >
2018-04-23 14:58:36 +02:00
< div class = "level2" >
< p >
In this example we have:
< / p >
< ul >
< li class = "level1" > < div class = "li" > SP configuration key: testsp< / div >
< / li >
< li class = "level1" > < div class = "li" > SP metadata file: metadata-testsp.xml< / div >
< / li >
< li class = "level1" > < div class = "li" > SP exported attribute: EmailAdress (filled with mail session key)< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
samlSPMetaDataXML/testsp samlSPMetaDataXML " `cat metadata-testsp.xml`" \
samlSPMetaDataExportedAttributes/testsp mail ' 1;EmailAddress' < / pre >
2018-04-23 14:58:36 +02:00
< / div >
2019-12-21 16:54:57 +01:00
<!-- EDIT8 SECTION "Register an SAML Service Provider" [7786 - 8238] -->
2019-06-28 16:53:45 +02:00
< h2 class = "sectionedit9" id = "configure_openid_connect_identity_provider" > Configure OpenID Connect Identity Provider< / h2 >
2018-04-23 14:58:36 +02:00
< div class = "level2" >
< p >
Activate the OpenID Connect Issuer and set issuer name (equal to portal < abbr title = "Uniform Resource Locator" > URL< / abbr > ):
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
issuerDBOpenIDConnectActivation 1 \
oidcServiceMetaDataIssuer http://auth.example.com< / pre >
2018-04-23 14:58:36 +02:00
< p >
Generate keys:
< / p >
< pre class = "code" > openssl genrsa -out oidc.key 4096
openssl rsa -pubout -in oidc.key -out oidc_pub.key< / pre >
< p >
Import them:
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
oidcServicePrivateKeySig " `cat oidc.key`" \
oidcServicePublicKeySig " `cat oidc_pub.key`" \
oidcServiceKeyIdSig " `genpasswd`" < / pre >
2018-04-23 14:58:36 +02:00
< p >
If needed you can allow implicit and hybrid flows:
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
oidcServiceAllowImplicitFlow 1 \
oidcServiceAllowHybridFlow 1< / pre >
2018-04-23 14:58:36 +02:00
< / div >
2019-12-21 16:54:57 +01:00
<!-- EDIT9 SECTION "Configure OpenID Connect Identity Provider" [8239 - 9122] -->
2019-06-28 16:53:45 +02:00
< h2 class = "sectionedit10" id = "register_an_openid_connect_relying_party" > Register an OpenID Connect Relying Party< / h2 >
2018-04-23 14:58:36 +02:00
< div class = "level2" >
< p >
In this example we have:
< / p >
< ul >
< li class = "level1" > < div class = "li" > RP configuration key: testrp< / div >
< / li >
< li class = "level1" > < div class = "li" > Client ID : testclientid< / div >
< / li >
< li class = "level1" > < div class = "li" > Client secret : testclientsecret< / div >
< / li >
2018-05-17 21:42:46 +02:00
< li class = "level1" > < div class = "li" > Allowed redirection < abbr title = "Uniform Resource Locator" > URL< / abbr > :< / div >
< ul >
< li class = "level2" > < div class = "li" > For login: < a href = "https://testrp.example.com/?callback=1" class = "urlextern" title = "https://testrp.example.com/?callback=1" rel = "nofollow" > https://testrp.example.com/?callback=1< / a > < / div >
< / li >
< li class = "level2" > < div class = "li" > For logout: < a href = "https://testrp.example.com/" class = "urlextern" title = "https://testrp.example.com/" rel = "nofollow" > https://testrp.example.com/< / a > < / div >
< / li >
< / ul >
2018-04-23 14:58:36 +02:00
< / li >
< li class = "level1" > < div class = "li" > Exported attributes:< / div >
< ul >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > email => mail< / div >
2018-04-23 14:58:36 +02:00
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > familiy_name => sn< / div >
2018-04-23 14:58:36 +02:00
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level2" > < div class = "li" > name => cn< / div >
2018-04-23 14:58:36 +02:00
< / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "level1" > < div class = "li" > Exported attributes:< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataExportedVars/testrp email mail \
oidcRPMetaDataExportedVars/testrp family_name sn \
oidcRPMetaDataExportedVars/testrp name cn< / pre >
2018-04-23 14:58:36 +02:00
< ul >
< li class = "level1" > < div class = "li" > Credentials:< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsClientID testclientid \
oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsClientSecret testclientsecret< / pre >
2018-04-23 14:58:36 +02:00
< ul >
< li class = "level1" > < div class = "li" > Redirection:< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsRedirectUris ' https://testrp.example.com/?callback=1' \
oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsPostLogoutRedirectUris ' https://testrp.example.com/' < / pre >
2018-04-23 14:58:36 +02:00
< ul >
< li class = "level1" > < div class = "li" > Signature and token expiration:< / div >
< / li >
< / ul >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsIDTokenSignAlg RS512 \
oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsIDTokenExpiration 3600 \
oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsAccessTokenExpiration 3600< / pre >
2018-04-23 14:58:36 +02:00
< / div >
2019-12-21 16:54:57 +01:00
<!-- EDIT10 SECTION "Register an OpenID Connect Relying Party" [9123 - 10754] -->
2019-06-28 16:53:45 +02:00
< h2 class = "sectionedit11" id = "categories_and_applications_in_menu" > Categories and applications in menu< / h2 >
2018-11-26 14:15:43 +01:00
< div class = "level2" >
< p >
2019-09-23 22:41:16 +02:00
Create the category " applications" :
2018-11-26 14:15:43 +01:00
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
applicationList/applications type category \
applicationList/applications catname Applications< / pre >
2018-11-26 14:15:43 +01:00
< p >
2019-09-23 22:41:16 +02:00
Create the application " sample" inside category " applications" :
2018-11-26 14:15:43 +01:00
< / p >
2019-06-28 16:53:45 +02:00
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
applicationList/applications/sample type application \
applicationList/applications/sample/options description " A sample application" \
applicationList/applications/sample/options display " auto" \
applicationList/icons/kmultiple.png" \
applicationList/applications/sample/options name " Sample application" \
applicationList/applications/sample/options uri " https://sample.example.com/" < / pre >
< / div >
2019-12-21 16:54:57 +01:00
<!-- EDIT11 SECTION "Categories and applications in menu" [10755 - 11636] -->
2019-06-28 16:53:45 +02:00
< h2 class = "sectionedit12" id = "encryption_key" > Encryption key< / h2 >
< div class = "level2" >
< p >
To update the master encryption key:
< / p >
< pre class = "code" > /usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
key ' xxxxxxxxxxxxxxx' < / pre >
2018-11-26 14:15:43 +01:00
< / div >
2019-12-21 16:54:57 +01:00
<!-- EDIT12 SECTION "Encryption key" [11637 - ] --> < / div >
2018-04-23 14:58:36 +02:00
< / body >
< / html >