dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update documentation

Browse Source
This commit is contained in:
Clément OUDOT 2018-11-26 14:15:43 +01:00
parent 9cb56173db
commit 153ef2df00
50 changed files with 2682 additions and 722 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=f2af53b99ba25aa5353674957471d8e4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1531599531" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1543238040" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=f2af53b99ba25aa5353674957471d8e4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1531599531" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1543238040" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

1
doc/pages/documentation/current/authchoice.html
View File

@ -144,6 +144,7 @@ Define here:
</li>
</ul>
<div class="notetip">You can prefix the key name with a digit to order them. The digit will not be shown on portal page. Underscore characters are also replaced by spaces.
</div><div class="notetip">You can also override some LLNG parameters for each chain. See <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">Parameter list</a> to have the key names to use
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [649-] --></div>

31
doc/pages/documentation/current/authcustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcustom.html"/>
@ -63,24 +63,41 @@
<div class="level2">
<p>
This artifact allows one to define its own modules (authentication, user database, password or register DB).
This artifact allows one to define its own modules (authentication, user database, password or register database).
</p>
<div class="notetip">The developer documentation is available in Portal manpages.
<div class="notetip">The developer documentation is available in Portal manpages. See Auth.pod and UserDB.pod
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [117-330] -->
<!-- EDIT3 SECTION "Presentation" [117-365] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
You just have to define class names of your custom modules in “Custom module names”. You can also add your custom parameters in “Additional parameters”. Be careful to use names not already used elsewhere in configuration. This parameters are available in your plugins using <code>$self→conf→{<em>customName</em>}</code>.
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose &#039;Custom module&#039;.
</p>
<p>
See portal manpages to see how to write these plugins.
Then, you just have to define class names of your custom modules in “Custom module names”. Custom parameters can be set in “Additional parameters”. Full path must be specify.
</p>
<p>
You can define your own customAuth module icon. Icon must be in site/htdocs/static/common/modules/icon.png
</p>
<div class="notetip">::Auth::My::Dev.pm means Lemonldap::NG::Portal::Auth::My::Dev.pm
</div><div class="noteclassic">Be careful. Don&#039; t use an already attributed name in configuration.
</div>
<p>
These parameters are available in your plugins using <code>$self→conf→{<em>customName</em>}</code>.
</p>
<p>
Read portal manpages to see how to write these plugins.
</p>
</div>
<!-- EDIT4 SECTION "Configuration" [331-] --></div>
<!-- EDIT4 SECTION "Configuration" [366-] --></div>
</body>
</html>

26
doc/pages/documentation/current/authdbi.html
View File

@ -101,7 +101,7 @@
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use a lot of databases as authentication, users and password backend:
</p>
<ul>
<li class="level1"><div class="li"> MySQL</div>
<li class="level1"><div class="li"> MariaDB/MySQL</div>
</li>
<li class="level1"><div class="li"> PostGreSQL</div>
</li>
@ -116,7 +116,7 @@ Indeed, any <a href="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=modu
</p>
</div>
<!-- EDIT4 SECTION "Drivers" [123-371] -->
<!-- EDIT4 SECTION "Drivers" [123-379] -->
<h3 class="sectionedit5" id="schema">Schema</h3>
<div class="level3">
@ -168,7 +168,7 @@ The password can be in plain text, or encoded with a standard SQL method:
<td class="col0"> 2 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [772-977] -->
<!-- EDIT6 TABLE [780-985] -->
</div>
<h5 id="user_table">User table</h5>
@ -189,7 +189,7 @@ The password can be in plain text, or encoded with a standard SQL method:
<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> Xavier GUIMARD </td><td class="col3"> xguimard@example.com </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [997-1197] -->
<!-- EDIT7 TABLE [1005-1205] -->
</div>
<h4 id="example_2single_table">Example 2: single table</h4>
@ -210,9 +210,9 @@ The password can be in plain text, or encoded with a standard SQL method:
<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td><td class="col3"> Xavier GUIMARD </td><td class="col4"> xguimard@example.com </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [1232-1572] -->
<!-- EDIT8 TABLE [1240-1580] -->
</div>
<!-- EDIT5 SECTION "Schema" [372-1573] -->
<!-- EDIT5 SECTION "Schema" [380-1581] -->
<h3 class="sectionedit9" id="sql">SQL</h3>
<div class="level3">
@ -229,7 +229,7 @@ The password can be in plain text, or encoded with a standard SQL method:
</ul>
</div>
<!-- EDIT9 SECTION "SQL" [1574-1847] -->
<!-- EDIT9 SECTION "SQL" [1582-1855] -->
<h2 class="sectionedit10" id="configuration">Configuration</h2>
<div class="level2">
@ -238,7 +238,7 @@ In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modu
</p>
</div>
<!-- EDIT10 SECTION "Configuration" [1848-2022] -->
<!-- EDIT10 SECTION "Configuration" [1856-2030] -->
<h3 class="sectionedit11" id="authentication_level">Authentication level</h3>
<div class="level3">
@ -254,7 +254,7 @@ The authentication level given to users authenticated with this module.
</div>
</div>
<!-- EDIT11 SECTION "Authentication level" [2023-2387] -->
<!-- EDIT11 SECTION "Authentication level" [2031-2395] -->
<h3 class="sectionedit12" id="exported_variables">Exported variables</h3>
<div class="level3">
@ -263,7 +263,7 @@ List of columns to query to fill user session. See also <a href="exportedvars.ht
</p>
</div>
<!-- EDIT12 SECTION "Exported variables" [2388-2525] -->
<!-- EDIT12 SECTION "Exported variables" [2396-2533] -->
<h3 class="sectionedit13" id="connection">Connection</h3>
<div class="level3">
<div class="notetip">Connection settings can be configured differently for authentication process and user process. This allows one to use different databases for these process. By default, if user process connection settings are empty, authentication process connection settings will be used.
@ -277,7 +277,7 @@ List of columns to query to fill user session. See also <a href="exportedvars.ht
</ul>
</div>
<!-- EDIT13 SECTION "Connection" [2526-3044] -->
<!-- EDIT13 SECTION "Connection" [2534-3052] -->
<h3 class="sectionedit14" id="schema1">Schema</h3>
<div class="level3">
<ul>
@ -296,7 +296,7 @@ List of columns to query to fill user session. See also <a href="exportedvars.ht
</ul>
</div>
<!-- EDIT14 SECTION "Schema" [3045-3488] -->
<!-- EDIT14 SECTION "Schema" [3053-3496] -->
<h3 class="sectionedit15" id="password">Password</h3>
<div class="level3">
<ul>
@ -325,6 +325,6 @@ $$ LANGUAGE SQL STRICT IMMUTABLE;</pre>
</div>
</div>
<!-- EDIT15 SECTION "Password" [3489-] --></div>
<!-- EDIT15 SECTION "Password" [3497-] --></div>
</body>
</html>

11
doc/pages/documentation/current/authldap.html
View File

@ -177,9 +177,10 @@ List of attributes to query to fill user session. See also <a href="exportedvars
<li class="level1"><div class="li"> <strong>Binary attributes</strong>: regular expression matching binary attributes (see <a href="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" class="urlextern" title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" rel="nofollow">Net::LDAP</a> documentation).</div>
</li>
</ul>
<div class="noteimportant">LemonLDAP::NG need anonymous access to LDAP Directory RootDSE in order to check LDAP connection.
</div>
<!-- EDIT7 SECTION "Connection" [1677-2868] -->
</div>
<!-- EDIT7 SECTION "Connection" [1677-2988] -->
<h3 class="sectionedit8" id="filters">Filters</h3>
<div class="level3">
<div class="notetip">In LDAP filters, $user is replaced by user login, and $mail by user email.
@ -203,7 +204,7 @@ And the mail filter is:
</div>
</div>
<!-- EDIT8 SECTION "Filters" [2869-3590] -->
<!-- EDIT8 SECTION "Filters" [2989-3710] -->
<h3 class="sectionedit9" id="groups">Groups</h3>
<div class="level3">
<ul>
@ -224,7 +225,7 @@ And the mail filter is:
</ul>
</div>
<!-- EDIT9 SECTION "Groups" [3591-4425] -->
<!-- EDIT9 SECTION "Groups" [3711-4545] -->
<h3 class="sectionedit10" id="password">Password</h3>
<div class="level3">
<ul>
@ -258,6 +259,6 @@ And the mail filter is:
</p>
</div>
<!-- EDIT10 SECTION "Password" [4426-] --></div>
<!-- EDIT10 SECTION "Password" [4546-] --></div>
</body>
</html>

2
doc/pages/documentation/current/authrest.html
View File

@ -117,7 +117,7 @@ Then you just have to set REST <abbr title="Uniform Resource Locator">URL</abbr>
<div class="level2">
<p>
REST web services just have to respond with a “result” key in a JSON file. Auth/UserDB can add an “info” array that will be stored in session data (without reading “Exported variables”).
REST web services have just to respond with a “result” key in a JSON file. Auth/UserDB can add an “info” array that will be stored in session data (without reading “Exported variables”).
</p>
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>

4
doc/pages/documentation/current/authsaml.html
View File

@ -223,7 +223,7 @@ For example, to preselect this IDP for users coming from 129.168.0.0/16 network
</li>
<li class="level1"><div class="li"> <strong>Allow login from IDP</strong>: allow a user to connect directly from an IDP link. In this case, authentication is not a response to an issued authentication request, and we have less control on conditions.</div>
</li>
<li class="level1"><div class="li"> <strong>Requested authentication context</strong>: this context is declared in authentication request. When receiving the request, the real authentication context will be mapped ton an internal authentication level (see <a href="samlservice.html#authentication_contexts" class="wikilink1" title="documentation:2.0:samlservice">how configure the mapping</a>), that you can check to allow or deny session creation.</div>
<li class="level1"><div class="li"> <strong>Requested authentication context</strong>: this context is declared in authentication request. When receiving the request, the real authentication context will be mapped to an internal authentication level (see <a href="samlservice.html#authentication_contexts" class="wikilink1" title="documentation:2.0:samlservice">how configure the mapping</a>), that you can check to allow or deny session creation.</div>
</li>
<li class="level1"><div class="li"> <strong>Allow <abbr title="Uniform Resource Locator">URL</abbr> as RelayState</strong>: Set to On if the RelayState value sent by IDP is the <abbr title="Uniform Resource Locator">URL</abbr> where the user must be redirected after authentication.</div>
</li>
@ -240,6 +240,8 @@ For example, to preselect this IDP for users coming from 129.168.0.0/16 network
</li>
<li class="level1"><div class="li"> <strong>Store <abbr title="Security Assertion Markup Language">SAML</abbr> Token</strong>: allows one to keep <abbr title="Security Assertion Markup Language">SAML</abbr> token (assertion) inside user session. Don&#039;t enable it unless you need to replay this token on an application.</div>
</li>
<li class="level1"><div class="li"> <strong>Attribute containing user identifier</strong>: set the value of <abbr title="Security Assertion Markup Language">SAML</abbr> attribute (“Name”) that should be used as user main identifier ($user). If empty, the NameID content is used.</div>
</li>
</ul>
</div>

10
doc/pages/documentation/current/autosignin.html
View File

@ -48,16 +48,16 @@
<div class="level1">
<p>
Auto-Signin add-on provides a simple way to bypass authentication based on rules. For example, a TV can be automatically authenticated by its <abbr title="Internet Protocol">IP</abbr> address.
Auto-Signin add-on provides an easy way to bypass authentication process based on rules. For example, a TV can be automatically authenticated by its <abbr title="Internet Protocol">IP</abbr> address.
</p>
</div>
<!-- EDIT1 SECTION "Auto Signin Addon" [1-188] -->
<!-- EDIT1 SECTION "Auto Signin Addon" [1-195] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<p>
This add-on is automatically enabled if a rule is declared. A rule links username to a rule. The only usable variable here is <code>$env</code>. Example:
This add-on is automatically enabled if a rule is declared. A rule links rule to a username. The only usable variable here is <code>$env</code>. Example:
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
@ -69,9 +69,9 @@ This add-on is automatically enabled if a rule is declared. A rule links usernam
<td class="col0"> dwho </td><td class="col1"> $env→{REMOTE_ADDR} == &#039;192.168.42.42&#039; </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [362-437] --><div class="noteimportant">Username must be defined in the user database.
<!-- EDIT3 TABLE [369-444] --><div class="noteimportant">Username must be defined in the user database.
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [189-] --></div>
<!-- EDIT2 SECTION "Configuration" [196-] --></div>
</body>
</html>

33
doc/pages/documentation/current/browseablesessionbackend.html
View File

@ -74,7 +74,7 @@
<div class="level2">
<p>
Browseable session backend (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable" rel="nofollow">Apache::Session::Browseable</a>) works exactly like Apache::Session::* corresponding module but add index that increase <a href="documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">session restrictions</a> performances.
Browseable session backend (<a href="https://metacpan.org/pod/Apache::Session::Browseable" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Browseable" rel="nofollow">Apache::Session::Browseable</a>) works exactly like Apache::Session::* corresponding module but add index that increase <a href="documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">session explorer</a> and <a href="documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">session restrictions</a> performances.
</p>
<p>
@ -104,7 +104,7 @@ The following table list fields to index depending on the feature you want to in
<td class="col0"> Session restrictions </td><td class="col1 centeralign"> _session_kind ipAddr <em>WHATTOTRACE</em> </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [877-1168] -->
<!-- EDIT3 TABLE [871-1162] -->
<p>
See Apache::Session::Browseable::* man page to see how use indexes.
</p>
@ -113,7 +113,7 @@ See Apache::Session::Browseable::* man page to see how use indexes.
</div><div class="noteclassic">Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [43-1691] -->
<!-- EDIT2 SECTION "Presentation" [43-1685] -->
<h2 class="sectionedit4" id="browseable_nosql">Browseable NoSQL</h2>
<div class="level2">
@ -140,15 +140,15 @@ You then just have to add the <code>Index</code> parameter in <code>General par
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1979-2136] -->
<!-- EDIT5 TABLE [1973-2130] -->
</div>
<!-- EDIT4 SECTION "Browseable NoSQL" [1692-2137] -->
<!-- EDIT4 SECTION "Browseable NoSQL" [1686-2131] -->
<h2 class="sectionedit6" id="browseable_sql">Browseable SQL</h2>
<div class="level2">
<div class="noteclassic">This documentation concerns PostgreSQL. Some adaptations are needed with other databases.
</div>
</div>
<!-- EDIT6 SECTION "Browseable SQL" [2138-2269] -->
<!-- EDIT6 SECTION "Browseable SQL" [2132-2263] -->
<h3 class="sectionedit7" id="prepare_database">Prepare database</h3>
<div class="level3">
@ -163,6 +163,7 @@ Database must be prepared exactly like in <a href="sqlsessionbackend.html#prepar
_whatToTrace text<span class="sy0">,</span>
_session_kind text<span class="sy0">,</span>
_utime <span class="kw1">BIGINT</span><span class="sy0">,</span>
<span class="kw1">USER</span> text<span class="sy0">,</span>
ipAddr text
<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> uid1 <span class="kw1">ON</span> sessions <span class="kw1">USING</span> BTREE <span class="br0">&#40;</span>_whatToTrace<span class="br0">&#41;</span>;
@ -177,12 +178,12 @@ Database must be prepared exactly like in <a href="sqlsessionbackend.html#prepar
<div class="notetip">With new Apache::Session::Browseable::<strong>PgHstore</strong> and <strong>PgJSON</strong>, you don&#039;t need to declare indexes in <code>CREATE TABLE</code> since “json” and “hstore” type are browseable. You should anyway add some indexes <em>(see manpage)</em>.
</div>
</div>
<!-- EDIT7 SECTION "Prepare database" [2270-3479] -->
<!-- EDIT7 SECTION "Prepare database" [2264-3488] -->
<h3 class="sectionedit8" id="manager">Manager</h3>
<div class="level3">
<p>
Go in the Manager and set the session module (<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::MySQL" rel="nofollow">Apache::Session::Browseable::MySQL</a> for MySQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
Go in the Manager and set the session module (<a href="https://metacpan.org/pod/Apache::Session::Browseable::MySQL" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Browseable::MySQL" rel="nofollow">Apache::Session::Browseable::MySQL</a> for MySQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<div class="table sectionedit9"><table class="inline table table-bordered table-striped">
<thead>
@ -194,7 +195,7 @@ Go in the Manager and set the session module (<a href="http://search.cpan.org/pe
</tr>
</thead>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:Pg:database=sessions </td>
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="https://metacpan.org/pod/DBI" class="urlextern" title="https://metacpan.org/pod/DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:Pg:database=sessions </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>UserName</strong> </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
@ -206,14 +207,14 @@ Go in the Manager and set the session module (<a href="http://search.cpan.org/pe
<td class="col0 centeralign"> <strong>Index</strong> </td><td class="col1"> Index </td><td class="col2"> _whatToTrace ipAddr _session_kind _utime </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [3808-4159] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<!-- EDIT9 TABLE [3811-4156] --><div class="notetip">Apache::Session::Browseable::MySQL doesn&#039;t use locks so performances are keeped.
<p>
For databases like PostgreSQL, don&#039;t forget to add “Commit” with a value of 1
</p>
</div>
</div>
<!-- EDIT8 SECTION "Manager" [3480-4338] -->
<!-- EDIT8 SECTION "Manager" [3489-4335] -->
<h2 class="sectionedit10" id="browseable_ldap">Browseable LDAP</h2>
<div class="level2">
@ -267,9 +268,9 @@ You need to add the <code>Index</code> field and can also configure the <code>ld
<td class="col0 centeralign"> <strong>ldapAttributeIndex</strong> </td><td class="col1"> Attribute storing index </td><td class="col2"> ou </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [4690-5424] -->
<!-- EDIT11 TABLE [4687-5421] -->
</div>
<!-- EDIT10 SECTION "Browseable LDAP" [4339-5425] -->
<!-- EDIT10 SECTION "Browseable LDAP" [4336-5422] -->
<h2 class="sectionedit12" id="security">Security</h2>
<div class="level2">
@ -282,7 +283,7 @@ You can also use different user/password for your servers by overriding paramete
</p>
</div>
<!-- EDIT12 SECTION "Security" [5426-5645] -->
<!-- EDIT12 SECTION "Security" [5423-5642] -->
<h2 class="sectionedit13" id="performances">Performances</h2>
<div class="level2">
@ -299,6 +300,7 @@ Here are some recommended configurations:
_whatToTrace text<span class="sy0">,</span>
_session_kind text<span class="sy0">,</span>
_utime <span class="kw1">BIGINT</span><span class="sy0">,</span>
<span class="kw1">USER</span> text<span class="sy0">,</span>
ipAddr <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">64</span><span class="br0">&#41;</span>
<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> uid1 <span class="kw1">ON</span> sessions <span class="kw1">USING</span> BTREE <span class="br0">&#40;</span>_whatToTrace text_pattern_ops<span class="br0">&#41;</span>;
@ -314,6 +316,7 @@ Here are some recommended configurations:
a_session text<span class="sy0">,</span>
_whatToTrace <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">64</span><span class="br0">&#41;</span><span class="sy0">,</span>
_session_kind <span class="kw1">VARCHAR</span><span class="br0">&#40;</span><span class="nu0">15</span><span class="br0">&#41;</span><span class="sy0">,</span>
<span class="kw1">USER</span> text<span class="sy0">,</span>
_utime <span class="kw1">BIGINT</span>
<span class="br0">&#41;</span>;
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> uid1 <span class="kw1">ON</span> sessions <span class="br0">&#40;</span>_whatToTrace<span class="br0">&#41;</span> <span class="kw1">USING</span> BTREE;
@ -322,6 +325,6 @@ Here are some recommended configurations:
<span class="kw1">CREATE</span> <span class="kw1">INDEX</span> ip1 <span class="kw1">ON</span> sessions <span class="br0">&#40;</span>ipAddr<span class="br0">&#41;</span> <span class="kw1">USING</span> BTREE;</pre>
</div>
<!-- EDIT13 SECTION "Performances" [5646-] --></div>
<!-- EDIT13 SECTION "Performances" [5643-] --></div>
</body>
</html>

80
doc/pages/documentation/current/bruteforceprotection.html Normal file
View File

@ -0,0 +1,80 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:bruteforceprotection</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,bruteforceprotection"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="bruteforceprotection.html"/>
<link rel="contents" href="bruteforceprotection.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:bruteforceprotection","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<p>
bruteForceProtection plugin prevents brute force attack. Plugin DISABLED by default.
</p>
<p>
After three failed login attempts, user must wait (30 seconds by default) before try to log in again.
</p>
<p>
The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user. If it is disabled, automated tools may submit thousands of password attempts in a matter of seconds.
</p>
<h2 class="sectionedit1" id="configuration">Configuration</h2>
<div class="level2">
<p>
To enable Brute Force Attack protection :
</p>
<p>
Go in Manager, <code>General Parameters</code> » <code>Advanced Parameters</code> » <code>Security</code> » <code>Brute-force attack protection</code> and set to <code>On</code>.
</p>
<p>
To modify waiting time (30 seconds by default) before reAuthentication and MaxAge between current and last stored failed login (300 seconds by default) edit <code>lemonldap-ng.ini</code> in section [portal]:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">bruteForceProtectionTempo</span> <span class="sy0">=</span><span class="re2"> 30</span>
<span class="re1">bruteForceProtectionMaxAge</span> <span class="sy0">=</span><span class="re2"> 300</span></pre>
</div>
<!-- EDIT1 SECTION "Configuration" [414-] --></div>
</body>
</html>

22
doc/pages/documentation/current/cli_examples.html
View File

@ -57,6 +57,7 @@
<li class="level1"><div class="li"><a href="#register_an_saml_service_provider">Register an SAML Service Provider</a></div></li>
<li class="level1"><div class="li"><a href="#configure_openid_connect_identity_provider">Configure OpenID Connect Identity Provider</a></div></li>
<li class="level1"><div class="li"><a href="#register_an_openid_connect_relying_party">Register an OpenID Connect Relying Party</a></div></li>
<li class="level1"><div class="li"><a href="#categories_and_applications_in_menu">Categories and applications in menu</a></div></li>
</ul>
</div>
</div>
@ -339,6 +340,25 @@ In this example we have:
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsIDTokenSignAlg RS512 oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsIDTokenExpiration 3600 oidcRPMetaDataOptions/testrp oidcRPMetaDataOptionsAccessTokenExpiration 3600</pre>
</div>
<!-- EDIT9 SECTION "Register an OpenID Connect Relying Party" [7670-] --></div>
<!-- EDIT9 SECTION "Register an OpenID Connect Relying Party" [7670-9177] -->
<h2 class="sectionedit10" id="categories_and_applications_in_menu">Categories and applications in menu</h2>
<div class="level2">
<p>
Create the category “applications”:
```
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli addKey applicationList/applications type category applicationList/applications catname Applications
```
</p>
<p>
Create the application “sample” inside category “applications”:
```
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli addKey applicationList/icons/kmultiple.png” applicationList/applications/sample/options name “Sample application” applicationList/applications/sample/options uri “<a href="https://sample.example.com/" class="urlextern" title="https://sample.example.com/" rel="nofollow">https://sample.example.com/</a>
```
</p>
</div>
<!-- EDIT10 SECTION "Categories and applications in menu" [9178-] --></div>
</body>
</html>

26
doc/pages/documentation/current/configlocation.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:configlocation</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,configlocation"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="configlocation.html"/>
@ -706,6 +706,10 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
After configuration is saved by Manager, LemonLDAP::NG will try to reload configuration on distant Handlers by sending an HTTP request to the servers. The servers and URLs can be configured in Manager, <code>General Parameters</code> &gt; <code>reload configuration URLs</code>: keys are server names or <abbr title="Internet Protocol">IP</abbr> the requests will be sent to, and values are the requested URLs.
</p>
<p>
You also have a parameter to adjust the timeout used to request reload URLs, it is be default set to 5 seconds.
</p>
<p>
These parameters can be overwritten in LemonLDAP::NG ini file, in the section <code>apply</code>.
</p>
@ -717,8 +721,24 @@ The <code>reload</code> target is managed in Apache or Nginx configuration, insi
<div class="noteimportant">You must allow access to declared URLs to your Manager <abbr title="Internet Protocol">IP</abbr>.
</div><div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
</div>
<p>
Practical use case: configure reload in a <abbr title="LemonLDAP::NG">LL::NG</abbr> cluster. In this case you will have two servers (with <abbr title="Internet Protocol">IP</abbr> 1.1.1.1 and 1.1.1.2), but you can keep only one reload <abbr title="Uniform Resource Locator">URL</abbr> (reload.example.com):
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 addKey \
reloadUrls &#039;1.1.1.1&#039; &#039;http://reload.example.com/reload&#039; \
reloadUrls &#039;1.1.1.2&#039; &#039;http://reload.example.com/reload&#039;</pre>
<p>
You also need to adjust the protection of the reload vhost, for example:
</p>
<pre class="code file apache"> &lt;<span class="kw3">Location</span> /reload&gt;
<span class="kw1">Require</span> ip <span class="nu0">127</span> ::<span class="nu0">1</span> 1.1.1.1 1.1.1.2
<span class="kw1">SetHandler</span> perl-<span class="kw1">script</span>
PerlResponseHandler Lemonldap::NG::Handler::ApacheMP2-&gt;reload
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT14 SECTION "Configuration reload" [17740-19253] -->
<!-- EDIT14 SECTION "Configuration reload" [17740-20023] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">
@ -752,6 +772,6 @@ For example, to override configured skin for portal:
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
</div>
</div>
<!-- EDIT15 SECTION "Local file" [19254-] --></div>
<!-- EDIT15 SECTION "Local file" [20024-] --></div>
</body>
</html>

34
doc/pages/documentation/current/configvhost.html
View File

@ -92,10 +92,10 @@ To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated
<p>
Then you can take any virtual host, and simply add this line to protect it:
</p>
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2</pre>
</div>
<!-- EDIT2 SECTION "Apache configuration" [207-530] -->
<!-- EDIT2 SECTION "Apache configuration" [207-541] -->
<h3 class="sectionedit3" id="hosted_application">Hosted application</h3>
<div class="level3">
@ -105,7 +105,7 @@ Example of a protected virtual host for a local application:
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> localsite.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
&nbsp;
<span class="kw1">DocumentRoot</span> /var/www/localsite
&nbsp;
@ -115,7 +115,7 @@ Example of a protected virtual host for a local application:
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
</div>
<!-- EDIT3 SECTION "Hosted application" [531-938] -->
<!-- EDIT3 SECTION "Hosted application" [542-960] -->
<h3 class="sectionedit4" id="reverse_proxy">Reverse proxy</h3>
<div class="level3">
@ -125,7 +125,7 @@ Example of a protected virtual host with LemonLDAP::NG as reverse proxy:
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> application.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
&nbsp;
<span class="co1"># Reverse-Proxy</span>
<span class="kw1">ProxyPass</span> / http://private-name/
@ -144,7 +144,7 @@ Same with remote server configured with the same host name:
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> application.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
&nbsp;
<span class="co1"># Reverse-Proxy</span>
<span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
@ -160,7 +160,7 @@ To learn more about using Apache as reverse-proxy, see <a href="http://httpd.apa
</div><div class="notetip">Some applications need the <code>REMOTE_USER</code> environment variable to get the connected user, which is not set in reverse-proxy mode. In this case, see <a href="header_remote_user_conversion.html" class="wikilink1" title="documentation:2.0:header_remote_user_conversion">how convert header into environment variable</a>.
</div>
</div>
<!-- EDIT4 SECTION "Reverse proxy" [939-2531] -->
<!-- EDIT4 SECTION "Reverse proxy" [961-2575] -->
<h3 class="sectionedit5" id="add_a_floating_menu">Add a floating menu</h3>
<div class="level3">
@ -168,18 +168,18 @@ To learn more about using Apache as reverse-proxy, see <a href="http://httpd.apa
A little floating menu can be added to application with this simple Apache configuration:
</p>
<pre class="code file apache">PerlModule Lemonldap::NG::Handler::Menu
PerlOutputFilterHandler Lemonldap::NG::Handler::Menu-&gt;run</pre>
PerlOutputFilterHandler Lemonldap::NG::Handler::ApacheMP2::Menu-&gt;run</pre>
<p>
Pages where this menu is displayed can be restricted, for example:
</p>
<pre class="code file apache">&lt;<span class="kw3">Location</span> /var/www/html/index.php&gt;
PerlOutputFilterHandler Lemonldap::NG::Handler::Menu-&gt;run
PerlOutputFilterHandler Lemonldap::NG::Handler::ApacheMP2::Menu-&gt;run
&lt;/<span class="kw3">Location</span>&gt;</pre>
<div class="noteimportant">You need to disable mod_deflate to use the floating menu
</div>
</div>
<!-- EDIT5 SECTION "Add a floating menu" [2532-3048] -->
<!-- EDIT5 SECTION "Add a floating menu" [2576-3114] -->
<h2 class="sectionedit6" id="nginx_configuration">Nginx configuration</h2>
<div class="level2">
@ -253,7 +253,7 @@ Then you can take any virtual host and modify it:
}</pre>
</div>
<!-- EDIT6 SECTION "Nginx configuration" [3049-4935] -->
<!-- EDIT6 SECTION "Nginx configuration" [3115-5001] -->
<h3 class="sectionedit7" id="hosted_application1">Hosted application</h3>
<div class="level3">
@ -312,7 +312,7 @@ server {
}</pre>
</div>
<!-- EDIT7 SECTION "Hosted application" [4936-6564] -->
<!-- EDIT7 SECTION "Hosted application" [5002-6630] -->
<h3 class="sectionedit8" id="reverse_proxy1">Reverse proxy</h3>
<div class="level3">
@ -363,7 +363,7 @@ server {
}</pre>
</div>
<!-- EDIT8 SECTION "Reverse proxy" [6565-7858] -->
<!-- EDIT8 SECTION "Reverse proxy" [6631-7924] -->
<h2 class="sectionedit9" id="lemonldapng_configuration">LemonLDAP::NG configuration</h2>
<div class="level2">
@ -390,7 +390,7 @@ A virtual host contains:
</ul>
</div>
<!-- EDIT9 SECTION "LemonLDAP::NG configuration" [7859-8458] -->
<!-- EDIT9 SECTION "LemonLDAP::NG configuration" [7925-8524] -->
<h3 class="sectionedit10" id="access_rules_and_http_headers">Access rules and HTTP headers</h3>
<div class="level3">
@ -399,7 +399,7 @@ See <strong><a href="writingrulesand_headers.html" class="wikilink1" title="docu
</p>
</div>
<!-- EDIT10 SECTION "Access rules and HTTP headers" [8459-8651] -->
<!-- EDIT10 SECTION "Access rules and HTTP headers" [8525-8717] -->
<h3 class="sectionedit11" id="post_data">POST data</h3>
<div class="level3">
@ -408,7 +408,7 @@ See <strong><a href="formreplay.html" class="wikilink1" title="documentation:2.0
</p>
</div>
<!-- EDIT11 SECTION "POST data" [8652-8786] -->
<!-- EDIT11 SECTION "POST data" [8718-8852] -->
<h3 class="sectionedit12" id="options">Options</h3>
<div class="level3">
@ -435,6 +435,6 @@ Some options are available:
</p>
</div>
<!-- EDIT12 SECTION "Options" [8787-] --></div>
<!-- EDIT12 SECTION "Options" [8853-] --></div>
</body>
</html>

254
doc/pages/documentation/current/dos Normal file
View File

@ -0,0 +1,254 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>documentation:2.0:dos [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="documentation,2.0,dos"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/documentation/2.0/dos?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:2.0"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/2.0/dos"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/2.0/dos"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=68165aeb4a485b8d6b99b5c80ffc4981"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:dos","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=68165aeb4a485b8d6b99b5c80ffc4981&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=f2af53b99ba25aa5353674957471d8e4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/documentation" class="wikilink1" title="documentation">documentation</a></bdi> » <bdi><a href="/documentation/2.0/start" class="wikilink1" title="documentation:2.0:start">2.0</a></bdi> » <bdi><span class="curid"><a href="/documentation/2.0/dos" class="wikilink2" title="documentation:2.0:dos" rel="nofollow">dos</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">documentation:2.0:dos</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on “Create this page”.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Hosted by" [40-174] -->
<h3 class="sectionedit2" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Certifications" [175-534] -->
<h3 class="sectionedit3" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT3 SECTION "Awards" [535-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1543238094" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

254
doc/pages/documentation/current/exploit Normal file
View File

@ -0,0 +1,254 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>documentation:2.0:exploit [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="documentation,2.0,exploit"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/documentation/2.0/exploit?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:2.0"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/2.0/exploit"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/2.0/exploit"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=68165aeb4a485b8d6b99b5c80ffc4981"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:exploit","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=68165aeb4a485b8d6b99b5c80ffc4981&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=f2af53b99ba25aa5353674957471d8e4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/documentation" class="wikilink1" title="documentation">documentation</a></bdi> » <bdi><a href="/documentation/2.0/start" class="wikilink1" title="documentation:2.0:start">2.0</a></bdi> » <bdi><span class="curid"><a href="/documentation/2.0/exploit" class="wikilink2" title="documentation:2.0:exploit" rel="nofollow">exploit</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">documentation:2.0:exploit</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on “Create this page”.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Hosted by" [40-174] -->
<h3 class="sectionedit2" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Certifications" [175-534] -->
<h3 class="sectionedit3" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT3 SECTION "Awards" [535-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1543238094" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

12
doc/pages/documentation/current/external2f.html
View File

@ -48,20 +48,20 @@
<div class="level1">
<p>
This simple plugin can be used to add a second factor for authentication (SMS, OTP,…). It uses external commands to send and validate the second factor. You can use any language to call your 2nd factor system.
This basic plugin can be used to add a second factor authentication device (SMS, OTP,…). It uses external commands to send and validate a second factor. Any language is allowed to call your 2nd factor system.
</p>
</div>
<!-- EDIT1 SECTION "External Second Factor" [1-251] -->
<!-- EDIT1 SECTION "External Second Factor" [1-250] -->
<h2 class="sectionedit2" id="commands">Commands</h2>
<div class="level2">
<p>
Commands received arguments on the command line and must return a 0 code if succeed, another else. <strong>Nothing must be written to STDOUT</strong>, STDERR is reported in logs <em>(but may be lost with FastCGI server)</em>.
Commands receive arguments on command line and must return a 0 code if succeed, another else. <strong>Nothing must be written to STDOUT</strong>, STDERR is reported in logs <em>(but may be lost with FastCGI server)</em>.
</p>
</div>
<!-- EDIT2 SECTION "Commands" [252-483] -->
<!-- EDIT2 SECTION "Commands" [251-477] -->
<h3 class="sectionedit3" id="configuration">Configuration</h3>
<div class="level3">
@ -80,9 +80,9 @@ All parameters are configured in “General Parameters » Portal Parameters » E
<li class="level1"><div class="li"> Logo (Optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
<div class="noteimportant">The command line is split in an array and launch with exec(). So you don&#039;t need to enclose arguments in “” and this protects your system against shell injection. However, you can not use any space except to separate arguments.
<div class="noteimportant">The command line is split in an array and launched with exec(). So you don&#039;t need to enclose arguments in “” and this feature protects your system against shell injection. However, you can not use any space except to separate arguments.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [484-] --></div>
<!-- EDIT3 SECTION "Configuration" [478-] --></div>
</body>
</html>

79
doc/pages/documentation/current/forcereauthn.html Normal file
View File

@ -0,0 +1,79 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:forcereauthn</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,forcereauthn"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="forcereauthn.html"/>
<link rel="contents" href="forcereauthn.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:forcereauthn","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<p>
forceAuthentication plugin forces users to authenticate again to access to Portal. Plugin DISABLED by default.
</p>
<p>
Users can access all protected applications except Portal.
</p>
<p>
Users have to authenticate again to access to Portal if there last login is older than 5 seconds by default.
</p>
<h2 class="sectionedit1" id="configuration">Configuration</h2>
<div class="level2">
<p>
To enabled forceAuthentication plugin :
</p>
<p>
Go in Manager, <code>General Parameters</code> » <code>Advanced Parameters</code> » <code>Security</code> » <code>Force authentication</code> and set to <code>On</code>.
</p>
<p>
To modify last login interval (5 seconds by default) edit <code>lemonldap-ng.ini</code> in section [portal]:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">portalForceAuthnInterval</span> <span class="sy0">=</span><span class="re2"> 5</span></pre>
</div>
<!-- EDIT1 SECTION "Configuration" [283-] --></div>
</body>
</html>

6
doc/pages/documentation/current/header_remote_user_conversion.html
View File

@ -71,7 +71,7 @@ This can be used to protect applications relying on <code>REMOTE_USER</code> env
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> application.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
&nbsp;
<span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
<span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
@ -100,7 +100,7 @@ Of course, you need to <a href="passwordstore.html" class="wikilink1" title="doc
</div>
</div>
<!-- EDIT2 SECTION "Apache" [62-1756] -->
<!-- EDIT2 SECTION "Apache" [62-1767] -->
<h2 class="sectionedit3" id="nginx">Nginx</h2>
<div class="level2">
@ -111,6 +111,6 @@ Nginx doesn&#039;t launch directly PHP pages (or other languages): it dials with
fastcgi_param HTTP_MYVAR $authuser;</pre>
</div>
<!-- EDIT3 SECTION "Nginx" [1757-] --></div>
<!-- EDIT3 SECTION "Nginx" [1768-] --></div>
</body>
</html>

12
doc/pages/documentation/current/loginhistory.html
View File

@ -57,11 +57,15 @@ LemonLDAP::NG allows one to store user logins and login attempts in their persis
</p>
<p>
Users can see their own history in menu, if menu module <code>Login history</code> is enabled. Session history is always visible in session explorer for administrators.
Users can see their own history in menu, if menu module <code>Login history</code> is enabled.
</p>
<p>
Session history is always visible in session explorer for administrators.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [30-311] -->
<!-- EDIT2 SECTION "Presentation" [30-312] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
@ -74,7 +78,7 @@ A login is considered as successful if user get authenticated and is granted a s
</p>
<p>
By default, login time and <abbr title="Internet Protocol">IP</abbr> address are stored in history, and the error message prompted to the user for failed logins. It is possible to store any additional session data. For example to store authentication mode, you can set in <code>Session data to store</code> a new key <code>$_auth</code> with value <code>Authentication mode</code>. The value will be used to display the data.
By default, login time and <abbr title="Internet Protocol">IP</abbr> address are stored in history, and the error message prompted to the user for failed logins. It is possible to store any additional session data. For example to store authentication mode, you can set in <code>Session data to store</code> a new key <code>_auth</code> with value <code>Authentication mode</code>. The value will be used to display the data.
</p>
<p>
@ -86,6 +90,6 @@ You can also display a check box on the authentication form, to allow user to se
</p>
</div>
<!-- EDIT3 SECTION "Configuration" [312-] --></div>
<!-- EDIT3 SECTION "Configuration" [313-] --></div>
</body>
</html>

BIN
doc/pages/documentation/current/logos/1renater.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.4 KiB

6
doc/pages/documentation/current/memcachedsessionbackend.html
View File

@ -70,7 +70,7 @@ Install and launch a <a href="http://memcached.org/" class="urlextern" title="ht
</p>
<p>
In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Memcached" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Memcached" rel="nofollow">Apache::Session::Memcached</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
In the manager: set <a href="https://metacpan.org/pod/Apache::Session::Memcached" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Memcached" rel="nofollow">Apache::Session::Memcached</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
@ -85,9 +85,9 @@ In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Mem
<td class="col0 centeralign"> <strong>Servers</strong> </td><td class="col1"> Memcached servers </td><td class="col2"> 10.0.0.1:20000 10.0.0.2:20000 </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [994-1126] -->
<!-- EDIT3 TABLE [988-1120] -->
<p>
See <a href="http://search.cpan.org/perldoc?Apache::Session::Memcached" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Memcached" rel="nofollow">Apache::Session::Memcached</a> for optional parameters.
See <a href="https://metacpan.org/pod/Apache::Session::Memcached" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Memcached" rel="nofollow">Apache::Session::Memcached</a> for optional parameters.
</p>
</div>

254
doc/pages/documentation/current/mitm Normal file
View File

@ -0,0 +1,254 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>documentation:2.0:mitm [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="documentation,2.0,mitm"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/documentation/2.0/mitm?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:2.0"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/2.0/mitm"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/2.0/mitm"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=68165aeb4a485b8d6b99b5c80ffc4981"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:mitm","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=68165aeb4a485b8d6b99b5c80ffc4981&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=f2af53b99ba25aa5353674957471d8e4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/documentation" class="wikilink1" title="documentation">documentation</a></bdi> » <bdi><a href="/documentation/2.0/start" class="wikilink1" title="documentation:2.0:start">2.0</a></bdi> » <bdi><span class="curid"><a href="/documentation/2.0/mitm" class="wikilink2" title="documentation:2.0:mitm" rel="nofollow">mitm</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">documentation:2.0:mitm</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on “Create this page”.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Hosted by" [40-174] -->
<h3 class="sectionedit2" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Certifications" [175-534] -->
<h3 class="sectionedit3" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT3 SECTION "Awards" [535-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1543238094" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

13
doc/pages/documentation/current/mongodbsessionbackend.html
View File

@ -48,11 +48,12 @@
<div class="level1">
<p>
<a href="http://search.cpan.org/perldoc?Apache::Session::MongoDB" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::MongoDB" rel="nofollow">Apache::Session::MongoDB</a> is a faster shareable session backend
<a href="https://metacpan.org/pod/Apache::Session::MongoDB" class="urlextern" title="https://metacpan.org/pod/Apache::Session::MongoDB" rel="nofollow">Apache::Session::MongoDB</a> is a faster shareable session backend.
</p>
<div class="noteimportant">Use an up-to-date version of Apache::Session::MongoDB, at least 1.8.1.
</div>
<!-- EDIT1 SECTION "MongoDB session backend" [1-162] -->
</div>
<!-- EDIT1 SECTION "MongoDB session backend" [1-252] -->
<h2 class="sectionedit2" id="setup">Setup</h2>
<div class="level2">
@ -101,9 +102,9 @@ In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::Mon
<td class="col0 leftalign"> <strong>password</strong> </td><td class="col1 leftalign"> Password </td><td class="col2 leftalign"> llpassword </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [771-1822] -->
<!-- EDIT3 TABLE [861-1912] -->
</div>
<!-- EDIT2 SECTION "Setup" [163-1823] -->
<!-- EDIT2 SECTION "Setup" [253-1913] -->
<h2 class="sectionedit4" id="security">Security</h2>
<div class="level2">
@ -112,6 +113,6 @@ Restrict network access to the MongoDB server. For remote servers, you can use <
</p>
</div>
<!-- EDIT4 SECTION "Security" [1824-] --></div>
<!-- EDIT4 SECTION "Security" [1914-] --></div>
</body>
</html>

2
doc/pages/documentation/current/monitoring.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:monitoring</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,monitoring"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="monitoring.html"/>

14
doc/pages/documentation/current/nosqlsessionbackend.html
View File

@ -48,21 +48,21 @@
<div class="level1">
<p>
<a href="http://search.cpan.org/perldoc?Apache::Session::Browseable::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Browseable::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> is the faster shareable session backend
<a href="https://metacpan.org/pod/Apache::Session::Browseable::Redis" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Browseable::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> is the faster shareable session backend
</p>
</div>
<!-- EDIT1 SECTION "Redis session backend" [1-182] -->
<!-- EDIT1 SECTION "Redis session backend" [1-176] -->
<h2 class="sectionedit2" id="setup">Setup</h2>
<div class="level2">
<p>
Install and launch a <a href="http://code.google.com/p/redis/" class="urlextern" title="http://code.google.com/p/redis/" rel="nofollow">Redis server</a>. Install
<a href="http://search.cpan.org/perldoc?Apache::Session::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> Perl module.
<a href="https://metacpan.org/pod/Apache::Session::Redis" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> Perl module.
</p>
<p>
In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::browseable::Redis" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::browseable::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
In the manager: set <a href="https://metacpan.org/pod/Apache::Session::browseable::Redis" class="urlextern" title="https://metacpan.org/pod/Apache::Session::browseable::Redis" rel="nofollow">Apache::Session::Browseable::Redis</a> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
@ -77,9 +77,9 @@ In the manager: set <a href="http://search.cpan.org/perldoc?Apache::Session::bro
<td class="col0 centeralign"> <strong>server</strong> </td><td class="col1"> Redis server </td><td class="col2"> 127.0.0.1:6379 </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [661-772] -->
<!-- EDIT3 TABLE [643-754] -->
</div>
<!-- EDIT2 SECTION "Setup" [183-773] -->
<!-- EDIT2 SECTION "Setup" [177-755] -->
<h2 class="sectionedit4" id="security">Security</h2>
<div class="level2">
@ -88,6 +88,6 @@ Restrict network access to the redis server. For remote servers, you can use <a
</p>
</div>
<!-- EDIT4 SECTION "Security" [774-] --></div>
<!-- EDIT4 SECTION "Security" [756-] --></div>
</body>
</html>

758
doc/pages/documentation/current/parameterlist.html
View File

File diff suppressed because it is too large Load Diff

160
doc/pages/documentation/current/plugincustom.html Normal file
View File

@ -0,0 +1,160 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:plugincustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,plugincustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="plugincustom.html"/>
<link rel="contents" href="plugincustom.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:plugincustom","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#example">Example</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#plugin_perl_module">Plugin Perl module</a></div></li>
<li class="level2"><div class="li"><a href="#configuration">Configuration</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="write_a_custom_plugin">Write a custom plugin</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Write a custom plugin" [1-37] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
You can now write a custom portal plugin that will hook in the authentication process:
</p>
<ul>
<li class="level1"><div class="li"> <code>beforeAuth</code>: method called before authentication process</div>
</li>
<li class="level1"><div class="li"> <code>betweenAuthAndData</code>: method called after authentication and before setting “sessionInfo” provisionning</div>
</li>
<li class="level1"><div class="li"> <code>afterData</code>: method called after “sessionInfo” provisionning</div>
</li>
<li class="level1"><div class="li"> <code>endAuth</code>: method called when session is validated (after cookie build)</div>
</li>
<li class="level1"><div class="li"> <code>authCancel</code>: method called when user click on “cancel” during auth process</div>
</li>
<li class="level1"><div class="li"> <code>forAuthUser</code>: method called for already authenticated users</div>
</li>
<li class="level1"><div class="li"> <code>beforeLogout</code>: method called before logout</div>
</li>
</ul>
<p>
The plugin can also define new routes and call actions on them.
</p>
<p>
See also <code>Lemonldap::NG::Portal::Main::Plugin</code> man page.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [38-794] -->
<h2 class="sectionedit3" id="example">Example</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Example" [795-815] -->
<h3 class="sectionedit4" id="plugin_perl_module">Plugin Perl module</h3>
<div class="level3">
<p>
Create for example the MyPlugin module:
</p>
<pre class="code">vi /usr/share/perl5/Lemonldap/NG/Portal/MyPlugin.pm</pre>
<pre class="code file perl"><a href="http://perldoc.perl.org/functions/package.html"><span class="kw3">package</span></a> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin</span><span class="sy0">;</span>
&nbsp;
<span class="kw2">use</span> Mouse<span class="sy0">;</span>
<span class="kw2">use</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">Main</span><span class="sy0">::</span><span class="me2">Constants</span><span class="sy0">;</span>
extends <span class="st_h">'Lemonldap::NG::Portal::Main::Plugin'</span><span class="sy0">;</span>
&nbsp;
<span class="kw2">use</span> constant beforeAuth <span class="sy0">=&gt;</span> <span class="st_h">'verifyIP'</span><span class="sy0">;</span>
&nbsp;
<span class="kw2">sub</span> init <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">addUnauthRoute</span><span class="br0">&#40;</span> mypath <span class="sy0">=&gt;</span> <span class="st_h">'hello'</span><span class="sy0">,</span> <span class="br0">&#91;</span> <span class="st_h">'GET'</span><span class="sy0">,</span> <span class="st_h">'PUT'</span> <span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">addAuthRoute</span><span class="br0">&#40;</span> mypath <span class="sy0">=&gt;</span> <span class="st_h">'welcome'</span><span class="sy0">,</span> <span class="br0">&#91;</span> <span class="st_h">'GET'</span><span class="sy0">,</span> <span class="st_h">'PUT'</span> <span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="nu0">1</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="kw2">sub</span> verifyIP <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$req</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> PE_ERROR <span class="kw1">if</span><span class="br0">&#40;</span><span class="re0">$req</span><span class="sy0">-&gt;</span><span class="me1">address</span> <span class="sy0">!~</span> <span class="co2">/^10/</span><span class="br0">&#41;</span><span class="sy0">;</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> PE_OK<span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="kw2">sub</span> hello <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$req</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="sy0">...</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">p</span><span class="sy0">-&gt;</span><span class="me1">sendJSONresponse</span><span class="br0">&#40;</span><span class="re0">$req</span><span class="sy0">,</span> <span class="br0">&#123;</span> hello <span class="sy0">=&gt;</span> <span class="nu0">1</span> <span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="kw2">sub</span> welcome <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$req</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="sy0">...</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">p</span><span class="sy0">-&gt;</span><span class="me1">sendHtml</span><span class="br0">&#40;</span><span class="re0">$req</span><span class="sy0">,</span> <span class="st_h">'template'</span><span class="sy0">,</span> params <span class="sy0">=&gt;</span> <span class="br0">&#123;</span> WELCOME <span class="sy0">=&gt;</span> <span class="nu0">1</span> <span class="br0">&#125;</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="nu0">1</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT4 SECTION "Plugin Perl module" [816-1767] -->
<h3 class="sectionedit5" id="configuration">Configuration</h3>
<div class="level3">
<p>
Declare the plugin in lemonldap-ng.ini:
</p>
<pre class="code">vi /etc/lemonldap-ng/lemonldap-ng.ini</pre>
<pre class="code file perl"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span>
customPlugins <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin</span>
<span class="sy0">;</span>customPlugins <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin1</span><span class="sy0">,</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin2</span><span class="sy0">,</span> <span class="sy0">...</span></pre>
</div>
<!-- EDIT5 SECTION "Configuration" [1768-] --></div>
</body>
</html>

148
doc/pages/documentation/current/portalcustom.html
View File

@ -49,8 +49,9 @@
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#skin">Skin</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#main_logo">Main Logo</a></div></li>
<li class="level2"><div class="li"><a href="#show_languages_choice">Show languages choice</a></div></li>
<li class="level1"><div class="li"><a href="#skin">Skin</a></div></li>
<li class="level2"><div class="li"><a href="#default_skin">Default skin</a></div></li>
<li class="level2"><div class="li"><a href="#skin_background">Skin background</a></div></li>
<li class="level2"><div class="li"><a href="#skin_rules">Skin rules</a></div></li>
@ -58,8 +59,6 @@
<li class="level2"><div class="li"><a href="#skin_customization">Skin customization</a></div></li>
<li class="level2"><div class="li"><a href="#messages">Messages</a></div></li>
<li class="level2"><div class="li"><a href="#template_parameters">Template parameters</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#buttons">Buttons</a></div></li>
<li class="level1"><div class="li"><a href="#password_management">Password management</a></div></li>
<li class="level1"><div class="li"><a href="#other_parameters">Other parameters</a></div></li>
@ -74,31 +73,56 @@
</div>
</div>
<!-- EDIT1 SECTION "Portal customization" [1-142] -->
<h2 class="sectionedit2" id="skin">Skin</h2>
<h3 class="sectionedit2" id="main_logo">Main Logo</h3>
<div class="level3">
<p>
You can change the default Main Logo in Manager: General Parameters &gt; Portal &gt; Customization &gt; Main Logo.
</p>
<p>
A blank value disables Main Logo display.
</p>
<div class="notetip">- Logo files must be stored in lemonldap-ng-portal/site/htdocs/static/my/path directory
<p>
- Logo file path must be like my/path/logo.png
</p>
<p>
- Main logo is included in Portal templates AND mail body
</p>
</div>
</div>
<!-- EDIT2 SECTION "Main Logo" [143-528] -->
<h3 class="sectionedit3" id="show_languages_choice">Show languages choice</h3>
<div class="level3">
<p>
You can disabled languages choice in Manager: General Parameters &gt; Portal &gt; Customization &gt; Show languages choice.
</p>
<p>
Option enabled by default.
</p>
<div class="notetip">If languages choice is disabled, Portal displays accepted languages by your browser (EN by default).
</div>
</div>
<!-- EDIT3 SECTION "Show languages choice" [529-829] -->
<h2 class="sectionedit4" id="skin">Skin</h2>
<div class="level2">
<p>
LemonLDAP::NG is shipped with 4 skins:
LemonLDAP::NG is shipped with bootstrap skin.
</p>
<ul>
<li class="level1"><div class="li"> pastel</div>
</li>
<li class="level1"><div class="li"> impact</div>
</li>
<li class="level1"><div class="li"> dark</div>
</li>
<li class="level1"><div class="li"> bootstrap</div>
</li>
</ul>
<div class="notetip">It is recommended to use <code>bootstrap</code> skin, as other may be deprecated in the future.
</div>
<p>
But you can make your own, see Skin customization below.
But you can make your own. See Skin customization below.
</p>
</div>
<!-- EDIT2 SECTION "Skin" [143-408] -->
<h3 class="sectionedit3" id="default_skin">Default skin</h3>
<!-- EDIT4 SECTION "Skin" [830-952] -->
<h3 class="sectionedit5" id="default_skin">Default skin</h3>
<div class="level3">
<p>
@ -110,8 +134,8 @@ Select the <code>Custom</code> skin, then set the name of the skin you want to u
</p>
</div>
<!-- EDIT3 SECTION "Default skin" [409-648] -->
<h3 class="sectionedit4" id="skin_background">Skin background</h3>
<!-- EDIT5 SECTION "Default skin" [953-1192] -->
<h3 class="sectionedit6" id="skin_background">Skin background</h3>
<div class="level3">
<p>
@ -123,8 +147,8 @@ Go in <code>General Parameters</code> &gt; <code>Portal</code> &gt; <code>Custom
</p>
</div>
<!-- EDIT4 SECTION "Skin background" [649-950] -->
<h3 class="sectionedit5" id="skin_rules">Skin rules</h3>
<!-- EDIT6 SECTION "Skin background" [1193-1494] -->
<h3 class="sectionedit7" id="skin_rules">Skin rules</h3>
<div class="level3">
<p>
@ -142,8 +166,8 @@ To achieve this, you can create a rule in the Manager: select <code>General Para
</ul>
</div>
<!-- EDIT5 SECTION "Skin rules" [951-1593] -->
<h3 class="sectionedit6" id="skin_files">Skin files</h3>
<!-- EDIT7 SECTION "Skin rules" [1495-2137] -->
<h3 class="sectionedit8" id="skin_files">Skin files</h3>
<div class="level3">
<p>
@ -165,18 +189,21 @@ A skin will often refer to the <code>common</code> skin, which is not a real ski
</p>
</div>
<!-- EDIT6 SECTION "Skin files" [1594-1928] -->
<h3 class="sectionedit7" id="skin_customization">Skin customization</h3>
<!-- EDIT8 SECTION "Skin files" [2138-2472] -->
<h3 class="sectionedit9" id="skin_customization">Skin customization</h3>
<div class="level3">
<div class="noteimportant">If you modify directly the skin files, your modifications will certainly be erased on the next upgrade. The best is to create your own skin, based on an existing skin.
</div>
<p>
Here we explain how to create a new skin, named <code>myskin</code>, from the <code>bootstrap</code> skin.
</p>
<pre class="code">cd /usr/share/lemonldap-ng/portal-skins/
<p>
First copy static content:
</p>
<pre class="code">cd /usr/share/lemonldap-ng/portal/htdocs/static
mkdir myskin
cd myskin/
cp -a ../bootstrap/fonts/ .
cp -a ../bootstrap/js/ .
cp -a ../bootstrap/css/ .
mkdir images</pre>
@ -184,7 +211,10 @@ mkdir images</pre>
<p>
Then create symbolic links on template files, as you might not want to rewrite all <abbr title="HyperText Markup Language">HTML</abbr> code (else, do as you want).
</p>
<pre class="code">ln -s ../bootstrap/*.tpl .</pre>
<pre class="code">cd /usr/share/lemonldap-ng/portal/templates/
mkdir myskin
cd myskin/
ln -s ../bootstrap/*.tpl .</pre>
<p>
We include some template files that can be customized:
@ -205,21 +235,33 @@ To use custom files, delete links and copy them into your skin folder:
cp ../bootstrap/custom* .</pre>
<p>
Create a symlink in main skin directory:
Then you can add your media to <code>myskin/images</code>, you will be able to use them in <abbr title="HyperText Markup Language">HTML</abbr> template with this code:
</p>
<pre class="code">ln -s /usr/share/lemonldap-ng/portal-skins/myskin /var/lib/lemonldap-ng/portal/skins/</pre>
<pre class="code">&lt;img src=&quot;&lt;TMPL_VAR NAME=&quot;STATIC_PREFIX&quot;&gt;myskin/images/logo.png&quot; class=&quot;img-responsive center-block&quot; /&gt;</pre>
<p>
Then you <em>only</em> have to edit JS/<abbr title="Cascading Style Sheets">CSS</abbr> and add your media to <code>myskin/images</code>. Put all custom <abbr title="HyperText Markup Language">HTML</abbr> code in the custom template files.
To change <abbr title="Cascading Style Sheets">CSS</abbr>, two options:
</p>
<ul>
<li class="level1"><div class="li"> Edit myksin/css/skin.css and myskin/css/skin.min.css</div>
</li>
<li class="level1"><div class="li"> Create a new <abbr title="Cascading Style Sheets">CSS</abbr> file, for example myskin/css/myskin.css and load it in customhead.tpl:</div>
</li>
</ul>
<pre class="code">&lt;link href=&quot;&lt;TMPL_VAR NAME=&quot;STATIC_PREFIX&quot;&gt;myskin/css/myskin.css&quot; rel=&quot;stylesheet&quot; type=&quot;text/css&quot; /&gt;</pre>
<p>
Put then all custom <abbr title="HyperText Markup Language">HTML</abbr> code in the custom template files.
</p>
<p>
To configure your new skin in Manager, select the custom skin, and enter your skin name in the configuration field.
To configure your new skin in Manager, select the custom skin, and enter your skin name in the configuration field. For example with lemonldap-ng-cli:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set portalSkin &#039;myskin&#039; portalSkinBackground &#039;&#039;</pre>
</div>
<!-- EDIT7 SECTION "Skin customization" [1929-3319] -->
<h3 class="sectionedit8" id="messages">Messages</h3>
<!-- EDIT9 SECTION "Skin customization" [2473-4399] -->
<h3 class="sectionedit10" id="messages">Messages</h3>
<div class="level3">
<p>
@ -231,16 +273,17 @@ Messages are defined in source code. If they really do not please you, override
<span class="re1">error_0</span> <span class="sy0">=</span><span class="re2"> Big brother is watching you, authenticated user</span>
&nbsp;
# Custom standard messages
<span class="re1">msg_22</span> <span class="sy0">=</span><span class="re2"> Your last connections</span></pre>
<span class="re1">msg_lastLogins</span> <span class="sy0">=</span><span class="re2"> Your last connections</span></pre>
<div class="notetip">You can alse define messages in several languages:
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">error_en_0</span> <span class="sy0">=</span><span class="re2"> Big brother is watching you, authenticated user</span>
<span class="re1">error_fr_0</span> <span class="sy0">=</span><span class="re2"> Souriez vous êtes surveillés !</span></pre>
<span class="re1">error_fr_0</span> <span class="sy0">=</span><span class="re2"> Souriez vous êtes surveillés !</span>
<span class="re1">msg_fr_lastLogins</span> <span class="sy0">=</span><span class="re2"> Dernières connexions</span></pre>
</div>
</div>
<!-- EDIT8 SECTION "Messages" [3320-3911] -->
<h3 class="sectionedit9" id="template_parameters">Template parameters</h3>
<!-- EDIT10 SECTION "Messages" [4400-5041] -->
<h3 class="sectionedit11" id="template_parameters">Template parameters</h3>
<div class="level3">
<p>
@ -256,9 +299,14 @@ Then you will be able to use it in your template like this:
</p>
<pre class="code file html4strict">Hello <span class="sc2">&lt;TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">&quot;myparam&quot;</span>&gt;</span>!</pre>
<p>
All session variables are also available in templates, with the prefix “session_” :
</p>
<pre class="code file html4strict">Hello <span class="sc2">&lt;TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">&quot;session_cn&quot;</span>&gt;</span>!</pre>
</div>
<!-- EDIT9 SECTION "Template parameters" [3912-4282] -->
<h2 class="sectionedit10" id="buttons">Buttons</h2>
<!-- EDIT11 SECTION "Template parameters" [5042-5552] -->
<h2 class="sectionedit12" id="buttons">Buttons</h2>
<div class="level2">
<p>
@ -267,15 +315,15 @@ This node allows one to enable/disable buttons on the login page:
<ul>
<li class="level1"><div class="li"> <strong>Check last logins</strong>: displays a checkbox on login form, allowing user to check his login history right after opening session</div>
</li>
<li class="level1"><div class="li"> <strong>Reset password</strong>: display a link to <a href="resetpassword.html" class="wikilink1" title="documentation:2.0:resetpassword">reset your password page</a> (for password based authentication backends)</div>
<li class="level1"><div class="li"> <strong>Reset password</strong>: display a link to <a href="resetpassword.html" class="wikilink1" title="documentation:2.0:resetpassword">reset your password page</a> (for password based authentication backends). Number of allowed retries can be set (3 times by default)</div>
</li>
<li class="level1"><div class="li"> <strong>Register</strong>: display a link to <a href="register.html" class="wikilink1" title="documentation:2.0:register">register page</a> (for password based authentication backends)</div>
</li>
</ul>
</div>
<!-- EDIT10 SECTION "Buttons" [4283-4740] -->
<h2 class="sectionedit11" id="password_management">Password management</h2>
<!-- EDIT12 SECTION "Buttons" [5553-6069] -->
<h2 class="sectionedit13" id="password_management">Password management</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>Require old password</strong>: used only in the password changing module of the menu, will check the old password before updating it</div>
@ -287,8 +335,8 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT11 SECTION "Password management" [4741-5191] -->
<h2 class="sectionedit12" id="other_parameters">Other parameters</h2>
<!-- EDIT13 SECTION "Password management" [6070-6520] -->
<h2 class="sectionedit14" id="other_parameters">Other parameters</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>User attribute</strong>: which session attribute will be used to display <code>Connected as</code> in the menu</div>
@ -306,6 +354,6 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT12 SECTION "Other parameters" [5192-] --></div>
<!-- EDIT14 SECTION "Other parameters" [6521-] --></div>
</body>
</html>

2
doc/pages/documentation/current/prereq.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:prereq</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,prereq"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="prereq.html"/>

12
doc/pages/documentation/current/psgi.html
View File

@ -103,7 +103,7 @@ uWSGI or <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:n
A <code>llng-server.psgi</code> is provided in example directory. It is designed to replace exactly FastCGI server. You can use it :
</p>
<ul>
<li class="level1"><div class="li"> with a FCGI Plack server, but you just have to change llng-fastcgi-server engine <em>(in /etc/default/llng-fastcgi-server)</em> to have the same result. Available engines:</div>
<li class="level1"><div class="li"> with a FCGI Plack server, but you just have to change llng-fastcgi-server engine <em>(in /etc/default/lemonldap-ng-fastcgi-server)</em> to have the same result. Available engines:</div>
<ul>
<li class="level2"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI" rel="nofollow">FCGI</a> <strong>(default)</strong>. It can use the following managers:</div>
<ul>
@ -141,7 +141,7 @@ There are also some other psgi files in examples directory.
</p>
</div>
<!-- EDIT2 SECTION "FastCGI server replacement" [636-2102] -->
<!-- EDIT2 SECTION "FastCGI server replacement" [636-2110] -->
<h3 class="sectionedit3" id="llng_fastcgi_server">LLNG FastCGI Server</h3>
<div class="level3">
@ -185,7 +185,7 @@ There are also some other psgi files in examples directory.
<td class="col0 leftalign"> </td><td class="col1 centeralign"> plackOptions </td><td class="col2 leftalign"> </td><td class="col3"> Other options to path to Plack. Can bu multi-valued. Values must look like <code>key=value</code> </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [2202-2973] -->
<!-- EDIT4 TABLE [2210-2981] -->
<p>
See <code>llng-fastcgi-server(1)</code> manpage.
</p>
@ -208,7 +208,7 @@ FCGI::Engine::ProcManager
-e FCGI::Engine::ProcManager</pre>
</div>
<!-- EDIT3 SECTION "LLNG FastCGI Server" [2103-3412] -->
<!-- EDIT3 SECTION "LLNG FastCGI Server" [2111-3420] -->
<h3 class="sectionedit5" id="using_uwsgi">Using uWSGI</h3>
<div class="level3">
@ -239,7 +239,7 @@ Then adapt your Nginx configuration to use this uWSGI app.
</p>
</div>
<!-- EDIT5 SECTION "Using uWSGI" [3413-4270] -->
<!-- EDIT5 SECTION "Using uWSGI" [3421-4278] -->
<h2 class="sectionedit6" id="protect_a_psgi_application">Protect a PSGI application</h2>
<div class="level2">
@ -283,6 +283,6 @@ builder <span class="br0">&#123;</span>
</dd></dl>
</div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4271-] --></div>
<!-- EDIT6 SECTION "Protect a PSGI application" [4279-] --></div>
</body>
</html>

238
doc/pages/documentation/current/renater.html Normal file
View File

@ -0,0 +1,238 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:renater</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,renater"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="renater.html"/>
<link rel="contents" href="renater.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:renater","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#register_as_service_provider">Register as Service Provider</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#llng_configuration">LL::NG configuration</a></div></li>
<li class="level2"><div class="li"><a href="#metadata_import">Metadata import</a></div></li>
<li class="level2"><div class="li"><a href="#add_your_sp_into_the_federation">Add your SP into the federation</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#register_as_identity_provider">Register as Identity Provider</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#llng_configuration1">LL::NG configuration</a></div></li>
<li class="level2"><div class="li"><a href="#metadata_import1">Metadata import</a></div></li>
<li class="level2"><div class="li"><a href="#add_your_idp_into_the_federation">Add your IDP into the federation</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="connect_to_renater_federation">Connect to Renater Federation</h1>
<div class="level1">
<p>
<img src="logos/1renater.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Connect to Renater Federation" [1-80] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://www.renater.fr/" class="urlextern" title="https://www.renater.fr/" rel="nofollow">Renater</a> provides an <abbr title="Security Assertion Markup Language">SAML</abbr> federation for higher education in France.
</p>
<p>
It is based on SAMLv2 but add some specific items like a WAYF service and a metadata bundle to list all SP and IDP from the federation.
</p>
<p>
Since <abbr title="LemonLDAP::NG">LL::NG</abbr> 2.0, you can register into Renater federation.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [81-401] -->
<h2 class="sectionedit3" id="register_as_service_provider">Register as Service Provider</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Register as Service Provider" [402-443] -->
<h3 class="sectionedit4" id="llng_configuration">LL::NG configuration</h3>
<div class="level3">
<p>
Configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as <abbr title="Security Assertion Markup Language">SAML</abbr> Service Provider with this <a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">documentation</a>. You don&#039;t need to declare any IDP for the moment.
</p>
<p>
Configure <a href="samlservice.html#discovery_protocol" class="wikilink1" title="documentation:2.0:samlservice">SAML Discovery Protocol</a> to redirect users on WAYF Service. The endpoint <abbr title="Uniform Resource Locator">URL</abbr> is <a href="https://discovery.renater.fr/renater/WAYF" class="urlextern" title="https://discovery.renater.fr/renater/WAYF" rel="nofollow">https://discovery.renater.fr/renater/WAYF</a>.
</p>
</div>
<!-- EDIT4 SECTION "LL::NG configuration" [444-778] -->
<h3 class="sectionedit5" id="metadata_import">Metadata import</h3>
<div class="level3">
<p>
You now need to import IDP metadata in <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration. Use the <code>importMetadata</code> script that should be installed in /usr/share/lemonldap-ng/bin. You need to select the correct metadata bundle proposed by Renater: <a href="https://services.renater.fr/federation/technique/metadata" class="urlextern" title="https://services.renater.fr/federation/technique/metadata" rel="nofollow">https://services.renater.fr/federation/technique/metadata</a>, for example:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/importMetadata -m https://metadata.federation.renater.fr/renater/main/main-idps-renater-metadata.xml -r -i &quot;idp-renater&quot; -s &quot;sp-renater&quot;</pre>
<div class="noteimportant">You need to add this in cron to refresh metadata into <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration.
</div>
<p>
If you need too customize some settings of the script, copy it and edit configuration:
</p>
<pre class="code">cp /usr/share/lemonldap-ng/bin/importMetadata /usr/share/lemonldap-ng/bin/importMetadataCustom
vi /usr/share/lemonldap-ng/bin/importMetadataCustom</pre>
<p>
Set attributes (use the <abbr title="Security Assertion Markup Language">SAML</abbr> Name, not FriendlyName) that are provided by IDPs, for example:
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$exportedAttributes</span> <span class="sy0">=</span> <span class="br0">&#123;</span>
<span class="st_h">'cn'</span> <span class="sy0">=&gt;</span> <span class="st_h">'0;urn:oid:2.5.4.3'</span><span class="sy0">,</span>
<span class="st_h">'eduPersonPrincipalName'</span> <span class="sy0">=&gt;</span> <span class="st_h">'1;urn:oid:1.3.6.1.4.1.5923.1.1.1.6'</span><span class="sy0">,</span>
<span class="st_h">'givenName'</span> <span class="sy0">=&gt;</span> <span class="st_h">'0;urn:oid:2.5.4.42'</span><span class="sy0">,</span>
<span class="st_h">'sn'</span> <span class="sy0">=&gt;</span> <span class="st_h">'0;urn:oid:2.5.4.4'</span><span class="sy0">,</span>
<span class="st_h">'eduPersonAffiliation'</span> <span class="sy0">=&gt;</span> <span class="st_h">'0;urn:oid:1.3.6.1.4.1.5923.1.1.1.1'</span><span class="sy0">,</span>
<span class="st_h">'eduPersonPrimaryAffiliation'</span> <span class="sy0">=&gt;</span> <span class="st_h">'0;urn:oid:1.3.6.1.4.1.5923.1.1.1.5'</span><span class="sy0">,</span>
<span class="st_h">'mail'</span> <span class="sy0">=&gt;</span> <span class="st_h">'0;urn:oid:0.9.2342.19200300.100.1.3'</span><span class="sy0">,</span>
<span class="st_h">'supannListeRouge'</span> <span class="sy0">=&gt;</span> <span class="st_h">'0;urn:oid:1.3.6.1.4.1.7135.1.2.1.1'</span><span class="sy0">,</span>
<span class="st_h">'supannEtuCursusAnnee'</span> <span class="sy0">=&gt;</span> <span class="st_h">'0;rn:oid:1.3.6.1.4.1.5923.1.1.1.10'</span><span class="sy0">,</span>
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
<p>
Adapt IDP options, for example:
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$idpOptions</span> <span class="sy0">=</span> <span class="br0">&#123;</span>
<span class="st_h">'samlIDPMetaDataOptionsAdaptSessionUtime'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsAllowLoginFromIDP'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsAllowProxiedAuthn'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsCheckAudience'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsCheckSLOMessageSignature'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsCheckSSOMessageSignature'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsCheckTime'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsEncryptionMode'</span> <span class="sy0">=&gt;</span> <span class="st_h">'none'</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsForceAuthn'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsForceUTF8'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsIsPassive'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsNameIDFormat'</span> <span class="sy0">=&gt;</span> <span class="st_h">'transient'</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsRelayStateURL'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsSignSLOMessage'</span> <span class="sy0">=&gt;</span> <span class="sy0">-</span><span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsSignSSOMessage'</span> <span class="sy0">=&gt;</span> <span class="sy0">-</span><span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsStoreSAMLToken'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlIDPMetaDataOptionsUserAttribute'</span> <span class="sy0">=&gt;</span> <span class="st_h">'urn:oid:1.3.6.1.4.1.5923.1.1.1.6'</span><span class="sy0">,</span>
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT5 SECTION "Metadata import" [779-3520] -->
<h3 class="sectionedit6" id="add_your_sp_into_the_federation">Add your SP into the federation</h3>
<div class="level3">
<p>
Go to <a href="https://federation.renater.fr/registry" class="urlextern" title="https://federation.renater.fr/registry" rel="nofollow">https://federation.renater.fr/registry</a> and register your SP.
</p>
<div class="noteimportant">Be sure to check all attributes as mandatory to be able to get them in <abbr title="Security Assertion Markup Language">SAML</abbr> assertions.
</div>
</div>
<!-- EDIT6 SECTION "Add your SP into the federation" [3521-3747] -->
<h2 class="sectionedit7" id="register_as_identity_provider">Register as Identity Provider</h2>
<div class="level2">
</div>
<!-- EDIT7 SECTION "Register as Identity Provider" [3748-3790] -->
<h3 class="sectionedit8" id="llng_configuration1">LL::NG configuration</h3>
<div class="level3">
<p>
Configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider with this <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">documentation</a>. You don&#039;t need to declare any SP for the moment.
</p>
</div>
<!-- EDIT8 SECTION "LL::NG configuration" [3791-3952] -->
<h3 class="sectionedit9" id="metadata_import1">Metadata import</h3>
<div class="level3">
<p>
You now need to import SP metadata in <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration. Use the <code>importMetadata</code> script that should be installed in /usr/share/lemonldap-ng/bin. You need to select the correct metadata bundle proposed by Renater: <a href="https://services.renater.fr/federation/technique/metadata" class="urlextern" title="https://services.renater.fr/federation/technique/metadata" rel="nofollow">https://services.renater.fr/federation/technique/metadata</a>, for example:
</p>
<pre class="code">/usr/share/lemonldap-ng/bin/importMetadata -m https://metadata.federation.renater.fr/renater/main/main-sps-renater-metadata.xml -r -i &quot;idp-renater&quot; -s &quot;sp-renater&quot;</pre>
<div class="noteimportant">You need to add this in cron to refresh metadata into <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration.
</div>
<p>
If you need too customize some settings of the script, copy it and edit configuration:
</p>
<pre class="code">cp /usr/share/lemonldap-ng/bin/importMetadata /usr/share/lemonldap-ng/bin/importMetadataCustom
vi /usr/share/lemonldap-ng/bin/importMetadataCustom</pre>
<p>
Adapt IDP options, for example:
</p>
<pre class="code file perl"><span class="kw1">my</span> <span class="re0">$spOptions</span> <span class="sy0">=</span> <span class="br0">&#123;</span>
<span class="st_h">'samlSPMetaDataOptionsCheckSLOMessageSignature'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsCheckSSOMessageSignature'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsEnableIDPInitiatedURL'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsEncryptionMode'</span> <span class="sy0">=&gt;</span> <span class="st_h">'none'</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsForceUTF8'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsNameIDFormat'</span> <span class="sy0">=&gt;</span> <span class="st_h">''</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsNotOnOrAfterTimeout'</span> <span class="sy0">=&gt;</span> <span class="nu0">72000</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsOneTimeUse'</span> <span class="sy0">=&gt;</span> <span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout'</span> <span class="sy0">=&gt;</span> <span class="nu0">72000</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsSignSLOMessage'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span><span class="sy0">,</span>
<span class="st_h">'samlSPMetaDataOptionsSignSSOMessage'</span> <span class="sy0">=&gt;</span> <span class="nu0">1</span>
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT9 SECTION "Metadata import" [3953-5552] -->
<h3 class="sectionedit10" id="add_your_idp_into_the_federation">Add your IDP into the federation</h3>
<div class="level3">
<p>
Go to <a href="https://federation.renater.fr/registry" class="urlextern" title="https://federation.renater.fr/registry" rel="nofollow">https://federation.renater.fr/registry</a> and register your IDP.
</p>
</div>
<!-- EDIT10 SECTION "Add your IDP into the federation" [5553-] --></div>
</body>
</html>

18
doc/pages/documentation/current/rest2f.html
View File

@ -61,16 +61,16 @@
<div class="level1">
<p>
This plugin can be used to add a second factor for authentication (SMS, OTP,…). It uses external web service to send and validate the second factor.
This plugin can be used to append a second factor authentication device like SMS or OTP. It uses an external web service to submit and validate the second factor.
</p>
</div>
<!-- EDIT1 SECTION "REST Second Factor" [1-186] -->
<!-- EDIT1 SECTION "REST Second Factor" [1-198] -->
<h3 class="sectionedit2" id="configuration">Configuration</h3>
<div class="level3">
<p>
All parameters are configured in “General Parameters » Portal Parameters » Second Factors » REST 2nd Factor”.
All parameters are set in “General Parameters » Portal Parameters » Second Factors » REST 2nd Factor”.
</p>
<ul>
<li class="level1"><div class="li"> <strong>Activation</strong></div>
@ -83,14 +83,14 @@ All parameters are configured in “General Parameters » Portal Parameters » S
</li>
<li class="level1"><div class="li"> <strong>Verify arguments</strong>: list of arguments to send <em>(see below)</em></div>
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here a new authentication level. Example: 5</div>
</li>
<li class="level1"><div class="li"> Logo (optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Configuration" [187-901] -->
<!-- EDIT2 SECTION "Configuration" [199-904] -->
<h2 class="sectionedit3" id="arguments">Arguments</h2>
<div class="level2">
@ -100,12 +100,12 @@ Arguments are a list of key/value. Key is the name of JSON entry, value is attri
<div class="noteimportant">For Verify <abbr title="Uniform Resource Locator">URL</abbr>, you should send $code at least
</div>
</div>
<!-- EDIT3 SECTION "Arguments" [902-1096] -->
<!-- EDIT3 SECTION "Arguments" [905-1099] -->
<h2 class="sectionedit4" id="rest_dialog">REST Dialog</h2>
<div class="level2">
<p>
REST web services just have to respond with a “result” key in a JSON file. Auth/UserDB can add a “info” array to will be copied is session data (without reading “Exported variables”).
REST web services have just to reply with a “result” key in a JSON file. Auth/UserDB can add an “info” array. It will be stored in session data (without reading “Exported variables”).
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
@ -120,8 +120,8 @@ REST web services just have to respond with a “result” key in a JSON file. A
<td class="col0 centeralign"> Verify <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,“code”:“$code”,…}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [1307-1536] -->
<!-- EDIT5 TABLE [1310-1539] -->
</div>
<!-- EDIT4 SECTION "REST Dialog" [1097-] --></div>
<!-- EDIT4 SECTION "REST Dialog" [1100-] --></div>
</body>
</html>

20
doc/pages/documentation/current/restconfbackend.html
View File

@ -81,16 +81,28 @@ You can share your configuration over the network using REST proxy system.
</li>
<li class="level1"><div class="li"> Enable REST server in the configuration using the manager (in portal plugins)</div>
</li>
<li class="level1"><div class="li"> Configure Apache to allow remote access: in <code>portal-apache2.conf</code>, remote REST access is disabled by default. Change it:</div>
<li class="level1"><div class="li"> Configure your web server to allow remote access. Remote REST access is disabled by default. Change it as follow:</div>
</li>
</ul>
<pre class="code apache"><span class="co1"># SOAP functions for configuration access (disabled by default)</span>
<p>
* In <code>portal-apache2.conf</code>:
</p>
<pre class="code apache"><span class="co1"># REST functions for configuration access (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.fcgi/config&gt;
<span class="kw1">Require</span> ip 192.168.2.0/<span class="nu0">24</span>
&lt;/<span class="kw3">Location</span>&gt;</pre>
<p>
* In <code>portal-nginx.conf</code>:
</p>
<pre class="code nginx"># REST functions for configuration access (disabled by default)
location /index.psgi/config {
allow 192.168.2.0/24;
}</pre>
</div>
<!-- EDIT3 SECTION "First, configure your real backend" [289-878] -->
<!-- EDIT3 SECTION "First, configure your real backend" [289-1069] -->
<h3 class="sectionedit4" id="next_configure_rest_for_your_remote_servers">Next, configure REST for your remote servers</h3>
<div class="level3">
@ -109,6 +121,6 @@ You can also add some other parameters
<span class="re1">proxyOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> timeout <span class="sy0">=</span>&gt; 5 <span class="br0">&#125;</span></span></pre>
</div>
<!-- EDIT4 SECTION "Next, configure REST for your remote servers" [879-] --></div>
<!-- EDIT4 SECTION "Next, configure REST for your remote servers" [1070-] --></div>
</body>
</html>

4
doc/pages/documentation/current/restserverplugin
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=b080493cd401ddb4d6ec6dbe57503dcd" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/restserverplugin?do=login&amp;sectok=f2af53b99ba25aa5353674957471d8e4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -241,7 +241,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1531599550" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Arestserverplugin&amp;1543238059" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

54
doc/pages/documentation/current/samlservice.html
View File

@ -93,6 +93,7 @@
<ul class="toc">
<li class="level3"><div class="li"><a href="#saml_sessions_module_name_and_options">SAML sessions module name and options</a></div></li>
<li class="level3"><div class="li"><a href="#common_domain_cookie">Common Domain Cookie</a></div></li>
<li class="level3"><div class="li"><a href="#discovery_protocol">Discovery Protocol</a></div></li>
</ul></li>
</ul></li>
</ul>
@ -148,7 +149,8 @@ SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="ur
<p>
You can use official Debian packages or those available here: <a href="http://deb.entrouvert.org/" class="urlextern" title="http://deb.entrouvert.org/" rel="nofollow">http://deb.entrouvert.org/</a>.
</p>
<div class="notetip">We recommend Lasso 2.6 for the SHA256 support, so use the stretch-testing repository of deb.entrouvert.org.
</div>
<p>
You will only need to install liblasso-perl package:
</p>
@ -179,7 +181,7 @@ Then install lasso and lasso-perl packages:
</p>
</div>
<!-- EDIT4 SECTION "Lasso" [717-1502] -->
<!-- EDIT4 SECTION "Lasso" [717-1628] -->
<h2 class="sectionedit5" id="service_configuration">Service configuration</h2>
<div class="level2">
@ -189,7 +191,7 @@ Go in Manager and click on <code><abbr title="Security Assertion Markup Language
<div class="notetip">You can use #PORTAL# in values to replace the portal <abbr title="Uniform Resource Locator">URL</abbr>.
</div>
</div>
<!-- EDIT5 SECTION "Service configuration" [1503-1666] -->
<!-- EDIT5 SECTION "Service configuration" [1629-1792] -->
<h3 class="sectionedit6" id="entry_identifier">Entry Identifier</h3>
<div class="level3">
@ -204,7 +206,7 @@ Your EntityID, often use as metadata <abbr title="Uniform Resource Locator">URL<
</div><div class="notewarning">If you modify <code>/saml/metadata</code> suffix you have to change corresponding Apache rewrite rule.
</div>
</div>
<!-- EDIT6 SECTION "Entry Identifier" [1667-2064] -->
<!-- EDIT6 SECTION "Entry Identifier" [1793-2190] -->
<h3 class="sectionedit7" id="security_parameters">Security parameters</h3>
<div class="level3">
@ -243,7 +245,7 @@ $ openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</
<div class="noteimportant">Default value is RSA SHA1 for compatibility purpose but we recommend to use RSA SHA256. This requires to test all partners to check their compatibility.
</div>
</div>
<!-- EDIT7 SECTION "Security parameters" [2065-3527] -->
<!-- EDIT7 SECTION "Security parameters" [2191-3653] -->
<h3 class="sectionedit8" id="nameid_formats">NameID formats</h3>
<div class="level3">
@ -280,7 +282,7 @@ Other NameID formats are automatically managed:
</ul>
</div>
<!-- EDIT8 SECTION "NameID formats" [3528-4286] -->
<!-- EDIT8 SECTION "NameID formats" [3654-4412] -->
<h3 class="sectionedit9" id="authentication_contexts">Authentication contexts</h3>
<div class="level3">
@ -304,7 +306,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT9 SECTION "Authentication contexts" [4287-5010] -->
<!-- EDIT9 SECTION "Authentication contexts" [4413-5136] -->
<h3 class="sectionedit10" id="organization">Organization</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Organization metadata section:
@ -324,7 +326,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT10 SECTION "Organization" [5011-5522] -->
<!-- EDIT10 SECTION "Organization" [5137-5648] -->
<h3 class="sectionedit11" id="service_provider">Service Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
@ -407,7 +409,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT11 SECTION "Service Provider" [5523-6577] -->
<!-- EDIT11 SECTION "Service Provider" [5649-6703] -->
<h3 class="sectionedit12" id="identity_provider">Identity Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
@ -492,7 +494,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT12 SECTION "Identity Provider" [6578-7566] -->
<!-- EDIT12 SECTION "Identity Provider" [6704-7692] -->
<h3 class="sectionedit13" id="attribute_authority">Attribute Authority</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Attribute Authority metadata section
@ -515,7 +517,7 @@ Response Location should be empty, as SOAP responses are directly returned (sync
</p>
</div>
<!-- EDIT13 SECTION "Attribute Authority" [7567-7978] -->
<!-- EDIT13 SECTION "Attribute Authority" [7693-8104] -->
<h3 class="sectionedit14" id="advanced">Advanced</h3>
<div class="level3">
@ -553,8 +555,7 @@ This is not the case of <a href="memcachedsessionbackend.html" class="wikilink1"
<h4 id="common_domain_cookie">Common Domain Cookie</h4>
<div class="level4">
<div class="noteclassic">Common Domain Cookie is also know as <a href="http://www.switch.ch/aai/support/tools/wayf.html" class="urlextern" title="http://www.switch.ch/aai/support/tools/wayf.html" rel="nofollow">WAYF Service</a>.
</div>
<p>
The common domain is used by <a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML SP</a> to find an Identity Provider for the user, and by <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML IDP</a> to register itself in user&#039;s IDP list.
</p>
@ -574,6 +575,31 @@ Configuration parameters are:
</ul>
</div>
<!-- EDIT14 SECTION "Advanced" [7979-] --></div>
<h4 id="discovery_protocol">Discovery Protocol</h4>
<div class="level4">
<div class="noteclassic">Discovery Protocol is also know as <a href="http://www.switch.ch/aai/support/tools/wayf.html" class="urlextern" title="http://www.switch.ch/aai/support/tools/wayf.html" rel="nofollow">WAYF Service</a>. More information can be found in the specification: <a href="https://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf" class="urlextern" title="https://www.oasis-open.org/committees/download.php/28049/sstc-saml-idp-discovery-cs-01.pdf" rel="nofollow">sstc-saml-idp-discovery-cs-01.pdf</a>.
</div>
<p>
When Discovery Protocol is enabled, the <abbr title="LemonLDAP::NG">LL::NG</abbr> IDP list is no more used. Instead user is redirected on the discovery service and is redirected back to <abbr title="LemonLDAP::NG">LL::NG</abbr> with the choosen IDP.
</p>
<div class="noteimportant">If the choosen IDP is not registered in <abbr title="LemonLDAP::NG">LL::NG</abbr>, user will be redirected to discovery service again.
</div>
<p>
Configuration parameters are:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Activation</strong>: Set to On to enable Discovery Protocol support.</div>
</li>
<li class="level1"><div class="li"> <strong>EndPoint <abbr title="Uniform Resource Locator">URL</abbr></strong>: Discovery service page</div>
</li>
<li class="level1"><div class="li"> <strong>Policy</strong>: Set a value here if you don&#039;t want to use the default policy (<code>urn:oasis:names:tc:<abbr title="Security Assertion Markup Language">SAML</abbr>:profiles:<abbr title="Single Sign On">SSO</abbr>:idp-discovery-protocol:single</code>)</div>
</li>
<li class="level1"><div class="li"> <strong>Is passive</strong>: Enable this option to avoid user interaction on discovery service page</div>
</li>
</ul>
</div>
<!-- EDIT14 SECTION "Advanced" [8105-] --></div>
</body>
</html>

15
doc/pages/documentation/current/secondfactor.html
View File

@ -94,9 +94,10 @@ Since 2.0, LLNG provides some second factor plugins that can be used to complete
<li class="level1"><div class="li"> <a href="external2f.html" class="wikilink1" title="documentation:2.0:external2f">External 2F</a> <em>(to call an external command)</em> </div>
</li>
</ul>
<div class="notetip">If you want to force a 2F registration on first login, you can use “Require 2FA”. You can also use a rule to force 2FA registration only for some users.
</div>
<!-- EDIT1 SECTION "Second Factors" [1-994] -->
</div>
<!-- EDIT1 SECTION "Second Factors" [1-1165] -->
<h2 class="sectionedit2" id="providing_tokens_from_an_external_source">Providing tokens from an external source</h2>
<div class="level2">
@ -106,25 +107,25 @@ If you don&#039;t want to use self-registration features for U2F, TOTP and so on
<pre class="code json">[ {&quot;type&quot; : &quot;TOTP&quot;, &quot;name&quot; : &quot;MyTOTP&quot;, …}, {&lt;other_token&gt;}, …]</pre>
</div>
<!-- EDIT2 SECTION "Providing tokens from an external source" [995-1388] -->
<!-- EDIT2 SECTION "Providing tokens from an external source" [1166-1559] -->
<h3 class="sectionedit3" id="u2f_tokens">U2F Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyU2FKey&quot; , &quot;type&quot; : &quot;U2F&quot; , &quot;_userKey&quot; : &quot;########&quot; , &quot;_keyHandle&quot;:&quot;########&quot; , &quot;epoch&quot;:&quot;1524078936&quot;}</pre>
</div>
<!-- EDIT3 SECTION "U2F Tokens" [1389-1546] -->
<!-- EDIT3 SECTION "U2F Tokens" [1560-1717] -->
<h3 class="sectionedit4" id="totp_tokens">TOTP Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyTOTP&quot; , &quot;type&quot; : &quot;TOTP&quot; , &quot;_secret&quot; : &quot;########&quot; , &quot;epoch&quot; : &quot;1523817955&quot;}</pre>
</div>
<!-- EDIT4 SECTION "TOTP Tokens" [1547-1679] -->
<!-- EDIT4 SECTION "TOTP Tokens" [1718-1850] -->
<h3 class="sectionedit5" id="yubikey_tokens">Yubikey Tokens</h3>
<div class="level3">
<pre class="code json">{&quot;name&quot; : &quot;MyYubikey&quot; , &quot;type&quot; : &quot;UBK&quot; , &quot;_yubikey&quot; : &quot;########&quot; , &quot;epoch&quot; : &quot;1523817715&quot;}</pre>
</div>
<!-- EDIT5 SECTION "Yubikey Tokens" [1680-1818] -->
<!-- EDIT5 SECTION "Yubikey Tokens" [1851-1989] -->
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
<div class="level2">
@ -141,6 +142,6 @@ To enable manager Second Factor Administration Module, set <code>enabledModules<
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT6 SECTION "Developer corner" [1819-] --></div>
<!-- EDIT6 SECTION "Developer corner" [1990-] --></div>
</body>
</html>

43
doc/pages/documentation/current/security.html
View File

@ -161,10 +161,17 @@ LLNG portal now embeds the following features:
</li>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Content_Security_Policy" class="urlextern" title="https://en.wikipedia.org/wiki/Content_Security_Policy" rel="nofollow">Content-Security-Policy</a> header: portal build dynamically this header. You can modify default values in the manager <em>(Général parameters » Advanced parameters » Security » Content-Security-Policy)</em>.</div>
</li>
<li class="level1"><div class="li"> <a href="https://en.wikipedia.org/wiki/Brute-force_attack" class="urlextern" title="https://en.wikipedia.org/wiki/Brute-force_attack" rel="nofollow">Brute-force attack</a> protection: after some failed logins, user must wait before re-try to log into Portal.</div>
</li>
</ul>
<div class="noteimportant">* Brute-force attack protection is DISABLED by default
<p>
* Browser implementations of form Action directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does). Administrators may have to modify form Action value with wildcard likes *.
</p>
</div>
<!-- EDIT6 SECTION "Portal" [2106-2740] -->
</div>
<!-- EDIT6 SECTION "Portal" [2106-3191] -->
<h3 class="sectionedit7" id="split_portal_when_using_soaprest">Split portal when using SOAP/REST</h3>
<div class="level3">
@ -173,12 +180,12 @@ If you use <a href="soapsessionbackend.html" class="wikilink1" title="documentat
</p>
</div>
<!-- EDIT7 SECTION "Split portal when using SOAP/REST" [2741-2931] -->
<!-- EDIT7 SECTION "Split portal when using SOAP/REST" [3192-3382] -->
<h2 class="sectionedit8" id="write_good_rules">Write good rules</h2>
<div class="level2">
</div>
<!-- EDIT8 SECTION "Write good rules" [2932-2961] -->
<!-- EDIT8 SECTION "Write good rules" [3383-3412] -->
<h3 class="sectionedit9" id="order_your_rules">Order your rules</h3>
<div class="level3">
@ -211,7 +218,7 @@ For example, if these rules are used without comments:
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [3375-3485] -->
<!-- EDIT10 TABLE [3826-3936] -->
<p>
Then the second rule will be applied first, so every authenticated user will access to <code>/pub/admin</code> directory.
</p>
@ -232,7 +239,7 @@ Use comment to correct this:
<td class="col0"> ^/pub/ </td><td class="col1"> accept </td><td class="col2"> 2_pub </td>
</tr>
</table></div>
<!-- EDIT11 TABLE [3630-3754] --><div class="notetip"><ul>
<!-- EDIT11 TABLE [4081-4205] --><div class="notetip"><ul>
<li class="level1"><div class="li"> Reload the Manager to see the effective order</div>
</li>
<li class="level1"><div class="li"> Use rule comments to order your rules</div>
@ -241,7 +248,7 @@ Use comment to correct this:
</div>
</div>
<!-- EDIT9 SECTION "Order your rules" [2962-3867] -->
<!-- EDIT9 SECTION "Order your rules" [3413-4318] -->
<h3 class="sectionedit12" id="be_careful_with_url_parameters">Be careful with URL parameters</h3>
<div class="level3">
@ -265,7 +272,7 @@ For example with this rule on the <code>access</code> parameter:
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [4104-4238] -->
<!-- EDIT13 TABLE [4555-4689] -->
<p>
Then a user that try to access to one of the following <em class="u">will be granted</em> !
</p>
@ -295,20 +302,20 @@ You can use the following rules instead:
<td class="col0"> default </td><td class="col1"> accept </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT14 TABLE [4436-4639] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
<!-- EDIT14 TABLE [4887-5090] --><div class="notetip"><strong>(?i)</strong> means case no sensitive.
</div><div class="notewarning">Remember that rules written on GET parameters must be tested.
</div>
</div>
<!-- EDIT12 SECTION "Be careful with URL parameters" [3868-4776] -->
<!-- EDIT12 SECTION "Be careful with URL parameters" [4319-5227] -->
<h3 class="sectionedit15" id="encoded_characters">Encoded characters</h3>
<div class="level3">
<p>
Some characters are encoded in URLs by the browser (such as space,…). To avoid problems, <abbr title="LemonLDAP::NG">LL::NG</abbr> decode them using <a href="http://search.cpan.org/perldoc?Apache2::URI#unescape_url" class="urlextern" title="http://search.cpan.org/perldoc?Apache2::URI#unescape_url" rel="nofollow">http://search.cpan.org/perldoc?Apache2::URI#unescape_url</a>. So write your rules using normal characters.
Some characters are encoded in URLs by the browser (such as space,…). To avoid problems, <abbr title="LemonLDAP::NG">LL::NG</abbr> decode them using <a href="https://metacpan.org/pod/Apache2::URI#unescape_url" class="urlextern" title="https://metacpan.org/pod/Apache2::URI#unescape_url" rel="nofollow">https://metacpan.org/pod/Apache2::URI#unescape_url</a>. So write your rules using normal characters.
</p>
</div>
<!-- EDIT15 SECTION "Encoded characters" [4777-5030] -->
<!-- EDIT15 SECTION "Encoded characters" [5228-5475] -->
<h2 class="sectionedit16" id="secure_reverse-proxies">Secure reverse-proxies</h2>
<div class="level2">
@ -354,7 +361,7 @@ It is recommended to secure the channel between reverse-proxies and application
</ul>
</div>
<!-- EDIT16 SECTION "Secure reverse-proxies" [5031-6699] -->
<!-- EDIT16 SECTION "Secure reverse-proxies" [5476-7144] -->
<h2 class="sectionedit17" id="configure_security_settings">Configure security settings</h2>
<div class="level2">
@ -364,7 +371,7 @@ Go in Manager, <code>General parameters</code> » <code>Advanced parameters</cod
<ul>
<li class="level1"><div class="li"> <strong>Username control</strong>: Regular expression used to check user login syntax.</div>
</li>
<li class="level1"><div class="li"> <strong>Force authentication</strong>: set to &#039;On&#039; to force authentication when user connects to portal, even if he has a valid session</div>
<li class="level1"><div class="li"> <strong>Force authentication</strong>: set to &#039;On&#039; to force authentication when user connects to portal, even if he has a valid session.</div>
</li>
<li class="level1"><div class="li"> <strong>Force authentication interval</strong>: time interval (in seconds) when a authentication renewal cannot be forced, used to prevent to loose the current authentication during the main process. If you experience slow network performances, you can increase this value.</div>
</li>
@ -376,12 +383,14 @@ Go in Manager, <code>General parameters</code> » <code>Advanced parameters</cod
</li>
<li class="level1"><div class="li"> <strong>Check <abbr title="Cross Site Scripting">XSS</abbr> Attacks</strong>: Set to &#039;Off&#039; to disable <abbr title="Cross Site Scripting">XSS</abbr> checks. <abbr title="Cross Site Scripting">XSS</abbr> checks will still be done with warning in logs, but this will not prevent the process to continue.</div>
</li>
<li class="level1"><div class="li"> <strong>Brute-Force Attack protection</strong>: set to &#039;On&#039; to enable it. The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user. If it is disabled, automated tools may submit thousands of password attempts in a matter of seconds, making it easy for an attacker to beat a password-based authentication system.</div>
</li>
<li class="level1"><div class="li"> <strong>LWP::UserAgent SSL options</strong>: insert here options to pass to LWP::UserAgent object (used by <abbr title="Security Assertion Markup Language">SAML</abbr> or OpenID-Connect to query partners). Example: <code>verify_hostname ⇒ 0</code>, <code>SSL_verify_mode ⇒ 0</code></div>
</li>
</ul>
</div>
<!-- EDIT17 SECTION "Configure security settings" [6700-8033] -->
<!-- EDIT17 SECTION "Configure security settings" [7145-8845] -->
<h2 class="sectionedit18" id="fail2ban">Fail2ban</h2>
<div class="level2">
@ -433,7 +442,7 @@ Restart fail2ban
</p>
</div>
<!-- EDIT18 SECTION "Fail2ban" [8034-9088] -->
<!-- EDIT18 SECTION "Fail2ban" [8846-9900] -->
<h2 class="sectionedit19" id="sessions_identifier">Sessions identifier</h2>
<div class="level2">
@ -446,7 +455,7 @@ We recommend to use : <code>Lemonldap::NG::Common::Apache::Session::Generate::SH
</p>
</div>
<!-- EDIT19 SECTION "Sessions identifier" [9089-9351] -->
<!-- EDIT19 SECTION "Sessions identifier" [9901-10163] -->
<h2 class="sectionedit20" id="saml">SAML</h2>
<div class="level2">
@ -455,6 +464,6 @@ See <a href="samlservice.html#security_parameters" class="wikilink1" title="docu
</p>
</div>
<!-- EDIT20 SECTION "SAML" [9352-] --></div>
<!-- EDIT20 SECTION "SAML" [10164-] --></div>
</body>
</html>

38
doc/pages/documentation/current/selfmadeapplication.html
View File

@ -119,28 +119,46 @@ Examples with a <a href="writingrulesand_headers.html#headers" class="wikilink1"
<p>
First create a PSGI module based on Lemonldap::NG::Handler:
</p>
<pre class="code perl"> <a href="http://perldoc.perl.org/functions/package.html"><span class="kw3">package</span></a> My<span class="sy0">::</span><span class="me2">PSGI</span><span class="sy0">;</span>
<pre class="code perl"><a href="http://perldoc.perl.org/functions/package.html"><span class="kw3">package</span></a> My<span class="sy0">::</span><span class="me2">PSGI</span><span class="sy0">;</span>
&nbsp;
<span class="kw2">use</span> base Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Handler</span><span class="sy0">;</span>
<span class="kw2">use</span> base <span class="st0">&quot;Lemonldap::NG::Handler::PSGI&quot;</span><span class="sy0">;</span>
&nbsp;
<span class="kw2">sub</span> init <span class="br0">&#123;</span>
<span class="kw2">sub</span> init <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span><span class="re0">$self</span><span class="sy0">,</span><span class="re0">$args</span><span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">protection</span><span class="br0">&#40;</span><span class="st_h">'manager'</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">SUPER</span><span class="sy0">::</span><span class="me2">init</span><span class="br0">&#40;</span><span class="re0">$args</span><span class="br0">&#41;</span> <span class="kw1">or</span> <a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="nu0">0</span><span class="sy0">;</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">staticPrefix</span><span class="br0">&#40;</span><span class="st0">&quot;/static&quot;</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">templateDir</span><span class="br0">&#40;</span><span class="st0">&quot;/usr/share/lemonldap-ng/portal/templates&quot;</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="co1"># See Lemonldap::NG::Common::PSGI for more</span>
<span class="sy0">...</span>
<span class="co1">#...</span>
<span class="co1"># Return a boolean. If false, then error message has to be stored in</span>
<span class="co1"># $self-&gt;error</span>
<a href="http://perldoc.perl.org/functions/return.html"><span class="kw3">return</span></a> <span class="nu0">1</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw2">sub</span> handler <span class="br0">&#123;</span>
<span class="kw2">sub</span> handler <span class="br0">&#123;</span>
<span class="kw1">my</span> <span class="br0">&#40;</span> <span class="re0">$self</span><span class="sy0">,</span> <span class="re0">$req</span> <span class="br0">&#41;</span> <span class="sy0">=</span> <span class="co5">@_</span><span class="sy0">;</span>
&nbsp;
<span class="co1"># Will be called only if authorisated</span>
<span class="kw1">my</span> <span class="re0">$userId</span> <span class="sy0">=</span> <span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">userId</span><span class="sy0">;</span>
<span class="sy0">...</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">sendJSONresponse</span><span class="br0">&#40;</span><span class="sy0">...</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span></pre>
<span class="kw1">my</span> <span class="re0">$userId</span> <span class="sy0">=</span> <span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">userId</span><span class="br0">&#40;</span><span class="re0">$req</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="co1">#...</span>
&nbsp;
<span class="co1"># Return JSON</span>
<span class="co1"># $self-&gt;sendJSONresponse(...);</span>
&nbsp;
<span class="co1"># or Return HTML</span>
<span class="re0">$self</span><span class="sy0">-&gt;</span><span class="me1">sendHtml</span><span class="br0">&#40;</span><span class="re0">$req</span><span class="sy0">,</span> <span class="st0">&quot;myskin/mytemplate&quot;</span><span class="sy0">,</span> <span class="br0">&#40;</span> params <span class="sy0">=&gt;</span> <span class="br0">&#123;</span> <span class="st_h">'userId'</span> <span class="sy0">=&gt;</span> <span class="re0">$userId</span> <span class="br0">&#125;</span><span class="br0">&#41;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span></pre>
<p>
They create a FCGI script like this:
</p>
<pre class="code perl"><span class="co1">#!/usr/bin/env perl</span>
&nbsp;
<span class="kw2">use</span> My<span class="sy0">::</span><span class="me2">PSGI</span><span class="sy0">;</span>
<span class="kw2">use</span> Plack<span class="sy0">::</span><span class="me2">Handler</span><span class="sy0">::</span><span class="me2">FCGI</span><span class="sy0">;</span>
&nbsp;
Plack<span class="sy0">::</span><span class="me2">Handler</span><span class="sy0">::</span><span class="me2">FCGI</span><span class="sy0">-&gt;</span><span class="me1">new</span><span class="sy0">-&gt;</span><span class="me1">run</span><span class="br0">&#40;</span> My<span class="sy0">::</span><span class="me2">PSGI</span><span class="sy0">-&gt;</span><span class="me1">run</span><span class="br0">&#40;</span><span class="br0">&#41;</span> <span class="br0">&#41;</span><span class="sy0">;</span></pre>
<p>
See our LLNG Nginx/Apache configurations to see how to launch it or read <a href="https://plackperl.org/" class="urlextern" title="https://plackperl.org/" rel="nofollow">PSGI/Plack documentation</a>.

18
doc/pages/documentation/current/soapconfbackend.html
View File

@ -81,16 +81,28 @@ You can share your configuration over the network using SOAP proxy system.
</li>
<li class="level1"><div class="li"> Set SOAP parameter to true in the configuration using the manager: the portal will become a SOAP server</div>
</li>
<li class="level1"><div class="li"> Configure Apache to allow remote access: in <code>portal-apache2.conf</code>, remote SOAP access is disabled by default. Change it:</div>
<li class="level1"><div class="li"> Configure your web server to allow remote access. Remote SOAP access is disabled by default. You must change it as follow :</div>
</li>
</ul>
<p>
* in <code>portal-apache2.conf</code> :
</p>
<pre class="code apache"><span class="co1"># SOAP functions for configuration access (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.fcgi/config&gt;
<span class="kw1">Require</span> ip 192.168.2.0/<span class="nu0">24</span>
&lt;/<span class="kw3">Location</span>&gt;</pre>
<p>
* in <code>portal-nginx.conf</code> :
</p>
<pre class="code nginx"># SOAP functions for configuration access (disabled by default)
location /index.psgi/config {
allow 192.168.2.0/24;
}</pre>
</div>
<!-- EDIT3 SECTION "First, configure your real backend" [289-904] -->
<!-- EDIT3 SECTION "First, configure your real backend" [289-1109] -->
<h3 class="sectionedit4" id="next_configure_soap_for_your_remote_servers">Next, configure SOAP for your remote servers</h3>
<div class="level3">
@ -109,6 +121,6 @@ You can also add some other parameters
<span class="re1">proxyOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> timeout <span class="sy0">=</span>&gt; 5 <span class="br0">&#125;</span></span></pre>
</div>
<!-- EDIT4 SECTION "Next, configure SOAP for your remote servers" [905-] --></div>
<!-- EDIT4 SECTION "Next, configure SOAP for your remote servers" [1110-] --></div>
</body>
</html>

11
doc/pages/documentation/current/soapservices.html
View File

@ -101,6 +101,15 @@ SOAP functions are not accessible by network by default. SOAP functions are prot
</div>
</div>
<!-- EDIT2 SECTION "Portal SOAP services" [173-] --></div>
<!-- EDIT2 SECTION "Portal SOAP services" [173-1700] -->
<h2 class="sectionedit3" id="wsdl">WSDL</h2>
<div class="level2">
<p>
You can enable WSDL server in the manager. It will deliver WSDL file (/portal.wsdl).
</p>
</div>
<!-- EDIT3 SECTION "WSDL" [1701-] --></div>
</body>
</html>

31
doc/pages/documentation/current/sqlsessionbackend.html
View File

@ -77,27 +77,27 @@
SQL session backend can be used with many SQL databases such as:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::MySQL" rel="nofollow">MySQL</a></div>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Apache::Session::MySQL" class="urlextern" title="https://metacpan.org/pod/Apache::Session::MySQL" rel="nofollow">MariaDB / MySQL</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Postgres" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Postgres" rel="nofollow">PostgreSQL</a></div>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Apache::Session::Postgres" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Postgres" rel="nofollow">PostgreSQL</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Oracle" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Oracle" rel="nofollow">Oracle</a></div>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Apache::Session::Oracle" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Oracle" rel="nofollow">Oracle</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Informix" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Informix" rel="nofollow">Informix</a></div>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Apache::Session::Informix" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Informix" rel="nofollow">Informix</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/perldoc?Apache::Session::Sybase" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Sybase" rel="nofollow">Sybase</a></div>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Apache::Session::Sybase" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Sybase" rel="nofollow">Sybase</a></div>
</li>
<li class="level1"><div class="li"> ….</div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "SQL session backend" [1-468] -->
<!-- EDIT1 SECTION "SQL session backend" [1-448] -->
<h2 class="sectionedit2" id="setup">Setup</h2>
<div class="level2">
</div>
<!-- EDIT2 SECTION "Setup" [469-487] -->
<!-- EDIT2 SECTION "Setup" [449-467] -->
<h3 class="sectionedit3" id="prepare_the_database">Prepare the database</h3>
<div class="level3">
@ -126,6 +126,7 @@ Create sessions table:
<span class="br0">&#41;</span>;</pre>
<div class="noteimportant">Change <code>char(32)</code> by <code>varchar(64)</code> if you use the now recommended SHA256 hash algorithm. See <a href="documentation/latest/sessions.html" class="wikilink1" title="documentation:latest:sessions">Sessions</a> for more details
</div><div class="notetip">You can change table name <code>sessions</code> to whatever you want, just adapt the parameter <code>TableName</code> in module options.
</div><div class="noteimportant">For a better UTF-8 support, use <a href="https://metacpan.org/pod/DBD::MariaDB" class="urlextern" title="https://metacpan.org/pod/DBD::MariaDB" rel="nofollow">DBD::MariaDB</a> with Apache::Session*::MySQL instead of DBD::mysql
</div>
</div>
@ -159,12 +160,12 @@ lemonldap-ng=&gt; q</pre>
<div class="noteimportant">Change <code>char(32)</code> by <code>varchar(64)</code> if you use the now recommended SHA256 hash algorithm. See <a href="documentation/latest/sessions.html" class="wikilink1" title="documentation:latest:sessions">Sessions</a> for more details
</div>
</div>
<!-- EDIT3 SECTION "Prepare the database" [488-2237] -->
<!-- EDIT3 SECTION "Prepare the database" [468-2379] -->
<h3 class="sectionedit4" id="manager">Manager</h3>
<div class="level3">
<p>
Go in the Manager and set the session module (for example <a href="http://search.cpan.org/perldoc?Apache::Session::Postgres" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::Postgres" rel="nofollow">Apache::Session::Postgres</a> for PostgreSQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
Go in the Manager and set the session module (for example <a href="https://metacpan.org/pod/Apache::Session::Postgres" class="urlextern" title="https://metacpan.org/pod/Apache::Session::Postgres" rel="nofollow">Apache::Session::Postgres</a> for PostgreSQL) in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
@ -176,7 +177,7 @@ Go in the Manager and set the session module (for example <a href="http://search
</tr>
</thead>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="http://search.cpan.org/perldoc?DBI" class="urlextern" title="http://search.cpan.org/perldoc?DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:Pg:dbname=sessions;host=10.2.3.1 </td>
<td class="col0 centeralign"> <strong>DataSource</strong> </td><td class="col1"> The <a href="https://metacpan.org/pod/DBI" class="urlextern" title="https://metacpan.org/pod/DBI" rel="nofollow">DBI</a> string </td><td class="col2"> dbi:Pg:dbname=sessions;host=10.2.3.1 </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <strong>UserName</strong> </td><td class="col1"> The database username </td><td class="col2"> lemonldapng </td>
@ -191,9 +192,9 @@ Go in the Manager and set the session module (for example <a href="http://search
<td class="col0 centeralign"> <strong>TableName</strong> </td><td class="col1"> <em>(Optional)</em> Name of the table </td><td class="col2"> sessions </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [2566-2975] -->
<!-- EDIT5 TABLE [2702-3105] -->
<p>
You must read the man page corresponding to your database (<a href="http://search.cpan.org/perldoc?Apache::Session::MySQL" class="urlextern" title="http://search.cpan.org/perldoc?Apache::Session::MySQL" rel="nofollow">Apache::Session::MySQL</a>, …) to learn more about parameters. You must also install the database connector (<a href="http://search.cpan.org/perldoc?DBD::Oracle" class="urlextern" title="http://search.cpan.org/perldoc?DBD::Oracle" rel="nofollow">DBD::Oracle</a>, <a href="http://search.cpan.org/perldoc?DBD::Pg" class="urlextern" title="http://search.cpan.org/perldoc?DBD::Pg" rel="nofollow">DBD::Pg</a>,…)
You must read the man page corresponding to your database (<a href="https://metacpan.org/pod/Apache::Session::MySQL" class="urlextern" title="https://metacpan.org/pod/Apache::Session::MySQL" rel="nofollow">Apache::Session::MySQL</a>, …) to learn more about parameters. You must also install the database connector (<a href="https://metacpan.org/pod/DBD::Oracle" class="urlextern" title="https://metacpan.org/pod/DBD::Oracle" rel="nofollow">https://metacpan.org/pod/DBD::Oracle</a>, <a href="https://metacpan.org/pod/DBD::Pg" class="urlextern" title="https://metacpan.org/pod/DBD::Pg" rel="nofollow">DBD::Pg</a>,…)
</p>
<div class="noteimportant">For MySQL, you need to set additional parameters:<ul>
<li class="level1"><div class="li"> LockDataSource</div>
@ -234,9 +235,9 @@ If you may store some non-<abbr title="American Standard Code for Information In
<td class="col0 centeralign"> SQLite </td><td class="col1 centeralign"> sqlite_unicode </td><td class="col2 centeralign"> 1 </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [3795-3958] -->
<!-- EDIT6 TABLE [3895-4058] -->
</div>
<!-- EDIT4 SECTION "Manager" [2238-3959] -->
<!-- EDIT4 SECTION "Manager" [2380-4059] -->
<h2 class="sectionedit7" id="security">Security</h2>
<div class="level2">
@ -249,6 +250,6 @@ You can also use different user/password for your servers by overriding paramete
</p>
</div>
<!-- EDIT7 SECTION "Security" [3960-] --></div>
<!-- EDIT7 SECTION "Security" [4060-] --></div>
</body>
</html>

24
doc/pages/documentation/current/ssocookie.html
View File

@ -74,34 +74,20 @@ To edit <abbr title="Single Sign On">SSO</abbr> cookie parameters, go in Manager
</li>
<li class="level2"><div class="li"> <strong>Double cookie</strong>: two cookies are delivered, one for HTTP and HTTPS connections, the other for HTTPS only</div>
</li>
<li class="level2"><div class="li"> <strong>Double cookie for single session</strong>: as same, two cookies are delivered, but only one session is written in session database</div>
<li class="level2"><div class="li"> <strong>Double cookie for single session</strong>: same as double cookie but only one session is created in session database</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Javascript protection</strong>: set httpOnly flag, to avoid cookie been caught by javascript code</div>
<li class="level1"><div class="li"> <strong>Javascript protection</strong>: set httpOnly flag, to prevent cookie from being caught by javascript code</div>
</li>
<li class="level1"><div class="li"> <strong>Cookie expiration time</strong>: by default, <abbr title="Single Sign On">SSO</abbr> cookie is a session cookie, which mean it will be destroyed when the browser is closed. You can change this behavior and set a cookie duration, for example:</div>
<ul>
<li class="level2"><div class="li"> <strong>+30s</strong>: 30 seconds from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>+10m</strong>: ten minutes from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>+1h</strong>: one hour from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>+3M</strong>: three months from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>+10y</strong>: ten years from session creation</div>
</li>
<li class="level2"><div class="li"> <strong>Thursday, 25-Apr-1999 00:40:33 GMT</strong>: at the indicated time and date (but this is probably a bad idea)</div>
</li>
</ul>
<li class="level1"><div class="li"> <strong>Cookie expiration time</strong>: by default, <abbr title="Single Sign On">SSO</abbr> cookie is a session cookie, which means it will be destroyed when browser is closed. You can change this behavior by setting a cookie expiration time. It must be an integer. <strong>Cookie Expiration Time</strong> value is a number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately.</div>
</li>
</ul>
<div class="notewarning">When you change cookie expiration time, it is written on the user hard disk unlike session cookie
</div><div class="noteimportant">Changing the domain value will not update other configuration parameters, like virtual host names, portal <abbr title="Uniform Resource Locator">URL</abbr>, etc. You have to update them by yourself.
</div>
</div>
<!-- EDIT2 SECTION "SSO cookie" [59-2129] -->
<!-- EDIT2 SECTION "SSO cookie" [59-1928] -->
<h2 class="sectionedit3" id="portal_url">Portal URL</h2>
<div class="level2">
@ -117,6 +103,6 @@ Portal <abbr title="Uniform Resource Locator">URL</abbr> is the address used to
<div class="notewarning">The portal <abbr title="Uniform Resource Locator">URL</abbr> <strong>must</strong> be inside <abbr title="Single Sign On">SSO</abbr> domain. If secured cookie is enabled, the portal <abbr title="Uniform Resource Locator">URL</abbr> <strong>must</strong> be HTTPS.
</div>
</div>
<!-- EDIT3 SECTION "Portal URL" [2130-] --></div>
<!-- EDIT3 SECTION "Portal URL" [1929-] --></div>
</body>
</html>

180
doc/pages/documentation/current/start.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:start</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,start"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="start.html"/>
@ -64,6 +64,8 @@
<ul class="toc">
<li class="level3"><div class="li"><a href="#authentication_users_and_password_databases">Authentication, users and password databases</a></div></li>
<li class="level3"><div class="li"><a href="#identity_provider">Identity provider</a></div></li>
<li class="level3"><div class="li"><a href="#attacks_and_protection">Attacks and Protection</a></div></li>
<li class="level3"><div class="li"><a href="#plugins">Plugins</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#handlers">Handlers</a></div></li>
@ -430,8 +432,132 @@
</p>
</div>
<!-- EDIT9 SECTION "Portal" [2025-5651] -->
<h3 class="sectionedit12" id="handlers">Handlers</h3>
<h4 id="attacks_and_protection">Attacks and Protection</h4>
<div class="level4">
<div class="notetip"><ul>
<li class="level1"><div class="li"> To learn or find out more about security, go to <a href="security.html" class="wikilink1" title="documentation:2.0:security">Security</a> documentation</div>
</li>
</ul>
</div>
<p>
<div class="row"><div class="col-md-1">
<a href="icons/neotux.png_documentation_2.0_start.html" class="media" title="icons:neotux.png"><img src="icons/neotux.png" class="media" alt="" /></a>
</div><div class="col-md-11">
</p>
<div class="table sectionedit12"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Attack </th><th class="col1 centeralign"> LLNG protection </th><th class="col2 centeralign"> System Integrator protection </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> <a href="bruteforceprotection.html" class="wikilink1" title="documentation:2.0:bruteforceprotection">Brute Force</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
<tr class="row2 roweven">
<td class="col0"> <a href="security.html#portal" class="wikilink1" title="documentation:2.0:security">Page Content</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> <a href="security.html#portal" class="wikilink1" title="documentation:2.0:security">CSRF</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <a href="dos" class="wikilink2" title="documentation:2.0:dos" rel="nofollow">Deny of Service</a> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="portalcustom.html#other_parameters" class="wikilink1" title="documentation:2.0:portalcustom">Invisible iFrame</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <a href="mitm" class="wikilink2" title="documentation:2.0:mitm" rel="nofollow">Man-in-the-Middle</a> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <a href="exploit" class="wikilink2" title="documentation:2.0:exploit" rel="nofollow">Software Exploit</a> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <a href="security.html#secure_reverse-proxies" class="wikilink1" title="documentation:2.0:security">SSO by-passing</a> </td><td class="col1 leftalign"> </td><td class="col2 centeralign"></td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <a href="safejail.html" class="wikilink1" title="documentation:2.0:safejail">XSS</a> </td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [5913-6427] -->
<p>
</div></div>
</p>
</div>
<h4 id="plugins">Plugins</h4>
<div class="level4">
<p>
<div class="row"><div class="col-md-1">
<a href="icons/personal.png_documentation_2.0_start.html" class="media" title="icons:personal.png"><img src="icons/personal.png" class="media" alt="" /></a>
</div><div class="col-md-11">
</p>
<div class="table sectionedit13"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Name </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> <a href="autosignin.html" class="wikilink1" title="documentation:2.0:autosignin">Auto Signin</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Auto Signin Addon </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> <a href="bruteforceprotection.html" class="wikilink1" title="documentation:2.0:bruteforceprotection">Brute Force protection</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> User must wait to log in after 3 failed login attempts </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a> </td><td class="col1"> Cross Domain Authentication </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> <a href="checkstate.html" class="wikilink1" title="documentation:2.0:checkstate">Check state</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Check state plugin (test page) </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="plugincustom.html" class="wikilink1" title="documentation:2.0:plugincustom">Custom</a> </td><td class="col1"> Write a custom plugin </td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <a href="forcereauthn.html" class="wikilink1" title="documentation:2.0:forcereauthn">Force Authentication</a> </td><td class="col1"> Force authentication to access to Portal </td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <a href="loginhistory.html" class="wikilink1" title="documentation:2.0:loginhistory">Display login history</a> </td><td class="col1"></td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <a href="sessions.html" class="wikilink1" title="documentation:2.0:sessions">Grant Sessions rules</a> </td><td class="col1"></td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <a href="notifications.html" class="wikilink1" title="documentation:2.0:notifications">Notifications system</a> </td><td class="col1"></td>
</tr>
<tr class="row10 roweven">
<td class="col0"> <a href="public_pages.html" class="wikilink1" title="documentation:2.0:public_pages">Public pages</a> </td><td class="col1"> Enable public pages system </td>
</tr>
<tr class="row11 rowodd">
<td class="col0"> <a href="resetpassword.html" class="wikilink1" title="documentation:2.0:resetpassword">Reset password by mail</a> </td><td class="col1"></td>
</tr>
<tr class="row12 roweven">
<td class="col0"> <a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST services</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> REST server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
</tr>
<tr class="row13 rowodd">
<td class="col0"> <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP services</a> </td><td class="col1"> SOAP server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
</tr>
<tr class="row14 roweven">
<td class="col0"> <a href="status.html" class="wikilink1" title="documentation:2.0:status">Portal Status</a> </td><td class="col1"> Experimental portal status page </td>
</tr>
<tr class="row15 rowodd">
<td class="col0"> <a href="stayconnected" class="wikilink2" title="documentation:2.0:stayconnected" rel="nofollow">Stay connected</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Enable persistent connection on same browser </td>
</tr>
<tr class="row16 roweven">
<td class="col0"> Upgrade session <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Plugin that explain to user that a more secure authentication is needed instead of rejected it </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [6595-7808] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT9 SECTION "Portal" [2025-7836] -->
<h3 class="sectionedit14" id="handlers">Handlers</h3>
<div class="level3">
<p>
@ -443,7 +569,7 @@
<p>
Handlers are software control agents to be installed on your web servers <em>(Nginx, Apache, PSGI like Plack based servers or Node.js)</em>.
</p>
<div class="table sectionedit13"><table class="inline table table-bordered table-striped">
<div class="table sectionedit15"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Handler type </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th><th class="col3 rightalign"> <a href="https://plackperl.org" class="urlextern" title="https://plackperl.org" rel="nofollow">Plack* servers</a></th><th class="col4 centeralign"> Node.js </th><th class="col5 centeralign"> Comment </th><td class="col6"></td>
@ -474,7 +600,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [5926-7104] -->
<!-- EDIT15 TABLE [8111-9289] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionalities.</em>
</p>
@ -484,8 +610,8 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
</p>
</div>
<!-- EDIT12 SECTION "Handlers" [5652-7229] -->
<h3 class="sectionedit14" id="llng_databases">LLNG databases</h3>
<!-- EDIT14 SECTION "Handlers" [7837-9414] -->
<h3 class="sectionedit16" id="llng_databases">LLNG databases</h3>
<div class="level3">
</div>
@ -502,7 +628,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> needs a storage system to store its own configuration (managed by the manager). Choose one in the following list:
</p>
<div class="table sectionedit15"><table class="inline table table-bordered table-striped">
<div class="table sectionedit17"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Backend </th><th class="col1 centeralign"> Shareable </th><th class="col2 centeralign"> Comment </th>
@ -533,7 +659,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0 centeralign"> <a href="localconfbackend.html" class="wikilink1" title="documentation:2.0:localconfbackend">Local</a> <a href="new.png" class="media" title="documentation:2.0:new.png"><img src="new.edf565b3f89a0ad56df9a5e7a31a6de8.png" class="media" alt="" width="35" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> Use only lemonldap-ng.ini parameters. </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [7534-8620] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT17 TABLE [9719-10805] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
@ -555,7 +681,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
<div class="noteimportant">If you plan to use LLNG in a large-scale system, take a look at <a href="performances.html#performance_test" class="wikilink1" title="documentation:2.0:performances">Performance Test</a> to choose the right backend. A <a href="browseablesessionbackend.html#browseable_sql" class="wikilink1" title="documentation:2.0:browseablesessionbackend">Browseable SQL backend</a> is generally a good choice.
</div><div class="table sectionedit16"><table class="inline table table-bordered table-striped">
</div><div class="table sectionedit18"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Backend </th><th class="col1 centeralign"> Shareable </th><th class="col2 centeralign"> <a href="documentation/features.html#session_explorer" class="wikilink1" title="documentation:features">Session explorer</a> </th><th class="col3 centeralign"> <a href="documentation/features.html#session_restrictions" class="wikilink1" title="documentation:features">Session restrictions</a> </th><th class="col4 centeralign"> Session expiration </th><th class="col5 centeralign"> Comment </th>
@ -588,14 +714,14 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT16 TABLE [9485-11165] -->
<!-- EDIT18 TABLE [11670-13350] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT14 SECTION "LLNG databases" [7230-11193] -->
<h2 class="sectionedit17" id="applications_protection">Applications protection</h2>
<!-- EDIT16 SECTION "LLNG databases" [9415-13378] -->
<h2 class="sectionedit19" id="applications_protection">Applications protection</h2>
<div class="level2">
<p>
@ -623,8 +749,8 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT17 SECTION "Applications protection" [11194-11684] -->
<h3 class="sectionedit18" id="well_known_compatible_applications">Well known compatible applications</h3>
<!-- EDIT19 SECTION "Applications protection" [13379-13869] -->
<h3 class="sectionedit20" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
</div>
@ -721,8 +847,8 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT18 SECTION "Well known compatible applications" [11685-13898] -->
<h2 class="sectionedit19" id="advanced_features">Advanced features</h2>
<!-- EDIT20 SECTION "Well known compatible applications" [13870-16083] -->
<h2 class="sectionedit21" id="advanced_features">Advanced features</h2>
<div class="level2">
<p>
@ -778,8 +904,8 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Advanced features" [13899-15081] -->
<h2 class="sectionedit20" id="mini_howtos">Mini howtos</h2>
<!-- EDIT21 SECTION "Advanced features" [16084-17266] -->
<h2 class="sectionedit22" id="mini_howtos">Mini howtos</h2>
<div class="level2">
<p>
@ -804,6 +930,8 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</li>
<li class="level1"><div class="li"> <a href="header_remote_user_conversion.html" class="wikilink1" title="documentation:2.0:header_remote_user_conversion">Convert HTTP header into environment variable</a></div>
</li>
<li class="level1"><div class="li"> <a href="renater.html" class="wikilink1" title="documentation:2.0:renater">Connect to Renater Federation</a></div>
</li>
</ul>
<p>
@ -811,8 +939,8 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Mini howtos" [15082-15855] -->
<h2 class="sectionedit21" id="exploitation">Exploitation</h2>
<!-- EDIT22 SECTION "Mini howtos" [17267-18086] -->
<h2 class="sectionedit23" id="exploitation">Exploitation</h2>
<div class="level2">
<p>
@ -846,8 +974,8 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT21 SECTION "Exploitation" [15856-16370] -->
<h2 class="sectionedit22" id="bug_report">Bug report</h2>
<!-- EDIT23 SECTION "Exploitation" [18087-18601] -->
<h2 class="sectionedit24" id="bug_report">Bug report</h2>
<div class="level2">
<p>
@ -855,8 +983,8 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT22 SECTION "Bug report" [16371-16435] -->
<h2 class="sectionedit23" id="developer_corner">Developer corner</h2>
<!-- EDIT24 SECTION "Bug report" [18602-18666] -->
<h2 class="sectionedit25" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
@ -914,6 +1042,6 @@ If you don&#039;t want to publish your translation <em>(<code>XX</code> must be
</ul>
</div>
<!-- EDIT23 SECTION "Developer corner" [16436-] --></div>
<!-- EDIT25 SECTION "Developer corner" [18667-] --></div>
</body>
</html>

254
doc/pages/documentation/current/stayconnected Normal file
View File

@ -0,0 +1,254 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>documentation:2.0:stayconnected [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="documentation,2.0,stayconnected"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/documentation/2.0/stayconnected?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:2.0"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/2.0/stayconnected"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/2.0/stayconnected"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=68165aeb4a485b8d6b99b5c80ffc4981"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:stayconnected","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=68165aeb4a485b8d6b99b5c80ffc4981&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=f2af53b99ba25aa5353674957471d8e4" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/documentation" class="wikilink1" title="documentation">documentation</a></bdi> » <bdi><a href="/documentation/2.0/start" class="wikilink1" title="documentation:2.0:start">2.0</a></bdi> » <bdi><span class="curid"><a href="/documentation/2.0/stayconnected" class="wikilink2" title="documentation:2.0:stayconnected" rel="nofollow">stayconnected</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">documentation:2.0:stayconnected</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on “Create this page”.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Hosted by" [40-174] -->
<h3 class="sectionedit2" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Certifications" [175-534] -->
<h3 class="sectionedit3" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="media" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
<strong>OW2con&#039;14 Community Award</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT3 SECTION "Awards" [535-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1543238094" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

16
doc/pages/documentation/current/totp2f.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:totp2f</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,totp2f"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="totp2f.html"/>
@ -63,7 +63,7 @@
<div class="level1">
<p>
<a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm" class="urlextern" title="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm" rel="nofollow">Time based One Time Password</a> (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. This is currently what <a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">Google Authenticator</a> or <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a> use.
<a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm" class="urlextern" title="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm" rel="nofollow">Time based One Time Password</a> (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. This is currently use by <a href="https://en.wikipedia.org/wiki/Google_Authenticator" class="urlextern" title="https://en.wikipedia.org/wiki/Google_Authenticator" rel="nofollow">Google Authenticator</a> or <a href="https://freeotp.github.io/" class="urlextern" title="https://freeotp.github.io/" rel="nofollow">FreeOTP</a>.
</p>
<p>
@ -72,7 +72,7 @@ LLNG can propose to users to register this kind of software to increase authenti
<div class="notetip">Note that it&#039;s a second factor, not an authentication module. Users are authenticated both by login form and TOTP.
</div>
</div>
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication" [1-627] -->
<!-- EDIT1 SECTION "TOTP 2nd Factor Authentication" [1-626] -->
<h2 class="sectionedit2" id="prerequisites_and_dependencies">Prerequisites and dependencies</h2>
<div class="level2">
@ -88,7 +88,7 @@ Or from CPAN repository :
<pre class="code">cpanm Convert::Base32</pre>
</div>
<!-- EDIT2 SECTION "Prerequisites and dependencies" [628-912] -->
<!-- EDIT2 SECTION "Prerequisites and dependencies" [627-911] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
@ -118,7 +118,7 @@ In the manager (advanced parameters), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_2fDevices =~ /“type”:\s*“TOTP”/s</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [913-2243] -->
<!-- EDIT3 SECTION "Configuration" [912-2242] -->
<h2 class="sectionedit4" id="enrollment">Enrollment</h2>
<div class="level2">
@ -127,12 +127,12 @@ If you&#039;ve enabled self registration, users can register their keys by using
</p>
</div>
<!-- EDIT4 SECTION "Enrollment" [2244-2371] -->
<!-- EDIT4 SECTION "Enrollment" [2243-2370] -->
<h2 class="sectionedit5" id="assistance">Assistance</h2>
<div class="level2">
<p>
If a user lost its key, you may remove it from manager Second Factor module.<em>
If a user loses its key, you can remove it from manager Second Factor module.<em>
</em>
To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :<em>
</em>
@ -141,7 +141,7 @@ To enable manager Second Factor Administration Module, set <code>enabledModules<
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT5 SECTION "Assistance" [2372-2686] -->
<!-- EDIT5 SECTION "Assistance" [2371-2686] -->
<h2 class="sectionedit6" id="developer_corner">Developer corner</h2>
<div class="level2">

14
doc/pages/documentation/current/u2f.html
View File

@ -78,12 +78,12 @@ LLNG can propose to users to register their keys. When done, 2F registered users
<div class="level2">
<p>
This feature uses <a href="https://metacpan.org/pod/Crypt::U2F::Server::Simple" class="urlextern" title="https://metacpan.org/pod/Crypt::U2F::Server::Simple" rel="nofollow">Crypt::U2F::Server::Simple</a> that is available only via CPAN for now. Before compiling it, you must install Yubico&#039;s C library headers (called libu2f-server-dev on Debian).
This feature uses <a href="https://metacpan.org/pod/Crypt::U2F::Server::Simple" class="urlextern" title="https://metacpan.org/pod/Crypt::U2F::Server::Simple" rel="nofollow">Crypt::U2F::Server::Simple</a> that is only available on CPAN repository for now. Before compiling it, you must install Yubico&#039;s C library headers (called libu2f-server-dev on Debian).
</p>
<div class="noteimportant">An HTTPS portal is required to use U2F
</div>
</div>
<!-- EDIT2 SECTION "Prerequisites and dependencies" [530-881] -->
<!-- EDIT2 SECTION "Prerequisites and dependencies" [530-891] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
@ -101,7 +101,7 @@ In the manager (second factors), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_2fDevices =~ /“type”:\s*“U2F”/s</code>, else U2F will be required even if users are not registered. This is automatically done when “activation” is set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [882-1735] -->
<!-- EDIT3 SECTION "Configuration" [892-1745] -->
<h2 class="sectionedit4" id="browser_compatibility">Browser compatibility</h2>
<div class="level2">
<ul>
@ -122,7 +122,7 @@ In the manager (second factors), you just have to enable it:
</ul>
</div>
<!-- EDIT4 SECTION "Browser compatibility" [1736-2176] -->
<!-- EDIT4 SECTION "Browser compatibility" [1746-2186] -->
<h2 class="sectionedit5" id="enrollment">Enrollment</h2>
<div class="level2">
@ -131,18 +131,18 @@ If you have enabled self registration, users can register their U2F keys using <
</p>
</div>
<!-- EDIT5 SECTION "Enrollment" [2177-2307] -->
<!-- EDIT5 SECTION "Enrollment" [2187-2317] -->
<h2 class="sectionedit6" id="assistance">Assistance</h2>
<div class="level2">
<p>
If a user lost its key, you can delete the 2F device from the manager Second Factor module. To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :
If a user loses its key, you can delete it from the manager Second Factor module. To enable manager Second Factor Administration Module, set <code>enabledModules</code> key in your <code>lemonldap-ng.ini</code> file :
</p>
<pre class="code ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">enabledModules</span> <span class="sy0">=</span><span class="re2"> conf, sessions, notifications, 2ndFA</span></pre>
</div>
<!-- EDIT6 SECTION "Assistance" [2308-2625] -->
<!-- EDIT6 SECTION "Assistance" [2318-2625] -->
<h2 class="sectionedit7" id="developer_corner">Developer corner</h2>
<div class="level2">

110
doc/pages/documentation/current/upgrade.html
View File

@ -56,6 +56,7 @@
<li class="level2"><div class="li"><a href="#configuration_refresh">Configuration refresh</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#ldap_connection">LDAP connection</a></div></li>
<li class="level1"><div class="li"><a href="#kerberos_or_ssl_usage">Kerberos or SSL usage</a></div></li>
<li class="level1"><div class="li"><a href="#logs">Logs</a></div></li>
<li class="level1"><div class="li"><a href="#security">Security</a></div></li>
@ -77,20 +78,20 @@
<h1 class="sectionedit1" id="upgrade_from_19_to_20">Upgrade from 1.9 to 2.0</h1>
<div class="level1">
<div class="noteimportant">2.0 is a major release, many things have been changed. You must read this document before upgrade.
<div class="noteimportant">2.0 is a major release, lot of things have been changed. You must read this document before upgrade.
</div>
</div>
<!-- EDIT1 SECTION "Upgrade from 1.9 to 2.0" [1-162] -->
<!-- EDIT1 SECTION "Upgrade from 1.9 to 2.0" [1-164] -->
<h2 class="sectionedit2" id="upgrade_order_from_19">Upgrade order from 1.9.*</h2>
<div class="level2">
<p>
As usual, if you use more than 1 server and don&#039;t want to stop the <abbr title="Single Sign On">SSO</abbr> service AND IF YOU HAVE NO INCOMPATIBILITY MENTIONED IN THIS DOCUMENT, upgrade must be done in the following order:
As usual, if you use more than 1 server and don&#039;t want to stop <abbr title="Single Sign On">SSO</abbr> service AND IF YOU HAVE NO INCOMPATIBILITY MENTIONED IN THIS DOCUMENT, upgrade must be done in the following order:
</p>
<ol>
<li class="level1"><div class="li"> servers that have only handlers;</div>
<li class="level1"><div class="li"> servers with handlers only;</div>
</li>
<li class="level1"><div class="li"> portal servers <em>(all together if your load balancer doesn&#039;t keep state by user or client <abbr title="Internet Protocol">IP</abbr> and if users use the menu)</em>;</div>
<li class="level1"><div class="li"> portal servers <em>(all together if your load balancer is stateless (user or client <abbr title="Internet Protocol">IP</abbr>) and if users use the menu)</em>;</div>
</li>
<li class="level1"><div class="li"> manager server</div>
</li>
@ -98,7 +99,7 @@ As usual, if you use more than 1 server and don&#039;t want to stop the <abbr ti
<div class="noteimportant">You must revalidate your configuration using the manager.
</div>
</div>
<!-- EDIT2 SECTION "Upgrade order from 1.9.*" [163-653] -->
<!-- EDIT2 SECTION "Upgrade order from 1.9.*" [165-639] -->
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">
<div class="noteimportant">French documentation is no more available. Only English version of this documentation is maintained now.
@ -118,33 +119,33 @@ This release of <abbr title="LemonLDAP::NG">LL::NG</abbr> requires these minimal
</ul>
<p>
For <abbr title="Security Assertion Markup Language">SAML</abbr> features, we require Lasso 2.5.
For <abbr title="Security Assertion Markup Language">SAML</abbr> features, we require at least Lasso 2.5 and we recommend Lasso 2.6.
</p>
</div>
<!-- EDIT3 SECTION "Installation" [654-1001] -->
<!-- EDIT3 SECTION "Installation" [640-1025] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> User module in authentication parameters now provides a “Same as authentication” value. You must revalidate it in the manager since all special values must be replaced by this <em>(Multi, Choice, Proxy, Slave, <abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID*,…)</em></div>
</li>
<li class="level1"><div class="li"> <strong>“Multi” doesn&#039;t exist anymore</strong>: it is replaced by the more powerful <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a></div>
<li class="level1"><div class="li"> <strong>“Multi” doesn&#039;t exist anymore</strong>: it is replaced by <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a>, a more powerful module.</div>
</li>
<li class="level1"><div class="li"> Apache and Nginx configurations must updated to use the FastCGI portal</div>
<li class="level1"><div class="li"> Apache and Nginx configurations must be updated to use FastCGI portal</div>
</li>
<li class="level1"><div class="li"> URLs for mail reset and register pages have changed, you must update configuration parameters. For example:</div>
</li>
</ul>
<pre class="code :perl"> mailUrl <span class="sy0">=&gt;</span> <span class="st_h">'http://auth.example.com/resetpwd'</span><span class="sy0">,</span>
registerUrl <span class="sy0">=&gt;</span> <span class="st_h">'http://auth.example.com/register'</span><span class="sy0">,</span></pre>
<div class="noteimportant">Apache mod_perl has a lot of issues since version 2.4 <em>(many segfaults,…)</em>, especially when using mpm-worker. That&#039;s why <abbr title="LemonLDAP::NG">LL::NG</abbr> doesn&#039;t use anymore ModPerl::Registry: all is now handled by FastCGI <em>(portal and manager)</em>.
<div class="noteimportant">Apache mod_perl has got lot of troubleshooting problems since 2.4 version<em>(many segfaults,…)</em>, especially when using mpm-worker. That&#039;s why <abbr title="LemonLDAP::NG">LL::NG</abbr> doesn&#039;t use anymore ModPerl::Registry: all is now handled by FastCGI <em>(portal and manager)</em>.
<p>
<strong>For Handlers, it is now recommended to migrate to Nginx</strong>, but Apache 2 is still supported
</p>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [1002-2023] -->
<!-- EDIT4 SECTION "Configuration" [1026-2072] -->
<h3 class="sectionedit5" id="configuration_refresh">Configuration refresh</h3>
<div class="level3">
@ -154,8 +155,17 @@ Now portal has the same behavior than handlers: it looks to configuration stored
<div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
</div>
</div>
<!-- EDIT5 SECTION "Configuration refresh" [2024-2443] -->
<h2 class="sectionedit6" id="kerberos_or_ssl_usage">Kerberos or SSL usage</h2>
<!-- EDIT5 SECTION "Configuration refresh" [2073-2493] -->
<h2 class="sectionedit6" id="ldap_connection">LDAP connection</h2>
<div class="level2">
<p>
Now LDAP connections are kept open to improve performances. To allow that, <abbr title="LemonLDAP::NG">LL::NG</abbr> requires an anonymous access to LDAP RootDSE entry to check connection.
</p>
</div>
<!-- EDIT6 SECTION "LDAP connection" [2494-2677] -->
<h2 class="sectionedit7" id="kerberos_or_ssl_usage">Kerberos or SSL usage</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> A new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos</a> authentication backend has been added since 2.0. This module solves many Kerberos integration problems <em>(usage in conjunction with other backends, better error display,…)</em>. However, you can retain the old integration manner <em>(using <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">Apache authentication module</a>)</em>.</div>
@ -165,19 +175,19 @@ Now portal has the same behavior than handlers: it looks to configuration stored
</ul>
</div>
<!-- EDIT6 SECTION "Kerberos or SSL usage" [2444-2952] -->
<h2 class="sectionedit7" id="logs">Logs</h2>
<!-- EDIT7 SECTION "Kerberos or SSL usage" [2678-3186] -->
<h2 class="sectionedit8" id="logs">Logs</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>Syslog</strong>: logs are now configured only in <code>lemonldap-ng.ini</code> file. If you use Syslog, you must reconfigure it. See <a href="logs.html" class="wikilink1" title="documentation:2.0:logs">logs</a> for more.</div>
<li class="level1"><div class="li"> <strong>Syslog</strong>: logs are now configured in <code>lemonldap-ng.ini</code> file only. If you use Syslog, you must reconfigure it. See <a href="logs.html" class="wikilink1" title="documentation:2.0:logs">logs</a> for more.</div>
</li>
<li class="level1"><div class="li"> <strong>Apache2</strong>: Portal doesn&#039;t use anymore Apache2 logger. Logs continue to be written to Apache error.log but Apache “LogLevel” parameter has no effet on it: portal is now a FastCGI application and doesn&#039;t use anymore ModPerl. See <a href="logs.html" class="wikilink1" title="documentation:2.0:logs">logs</a> for more.</div>
<li class="level1"><div class="li"> <strong>Apache2</strong>: Portal doesn&#039;t use anymore Apache2 logger. Logs are always written to Apache error.log but Apache “LogLevel” parameter has no more effect on it. Portal is now a FastCGI application and doesn&#039;t use anymore ModPerl. See <a href="logs.html" class="wikilink1" title="documentation:2.0:logs">logs</a> for more.</div>
</li>
</ul>
</div>
<!-- EDIT7 SECTION "Logs" [2953-3365] -->
<h2 class="sectionedit8" id="security">Security</h2>
<!-- EDIT8 SECTION "Logs" [3187-3601] -->
<h2 class="sectionedit9" id="security">Security</h2>
<div class="level2">
<p>
@ -191,19 +201,27 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT8 SECTION "Security" [3366-3933] -->
<h2 class="sectionedit9" id="handlers">Handlers</h2>
<!-- EDIT9 SECTION "Security" [3602-4169] -->
<h2 class="sectionedit10" id="handlers">Handlers</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <strong>Apache only</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Apache handler</strong> is now Lemonldap::NG::Handler::ApacheMP2 and Menu is now Lemonldap::NG::Handler::ApacheMP2::Menu</div>
</li>
<li class="level2"><div class="li"> because of an Apache behaviour change, PerlHeaderParserHandler must no more be used with “reload” URLs <em>(replaced by PerlResponseHandler)</em>. Any “reload url” that are inside a protected vhost must be unprotected in vhost rules <em>(protection has to be done by web server configuration)</em>.</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <a href="cda.html" class="wikilink1" title="documentation:2.0:cda">CDA</a>, <a href="documentation/latest/applications/zimbra.html" class="wikilink1" title="documentation:latest:applications:zimbra">ZimbraPreAuth</a>, <a href="securetoken.html" class="wikilink1" title="documentation:2.0:securetoken">SecureToken</a> and <a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic</a> are now <a href="handlerarch.html" class="wikilink1" title="documentation:2.0:handlerarch">Handler Types</a>. So there is no more special file to load: you just have to choose “VirtualHost type” in the manager/VirtualHosts.</div>
</li>
<li class="level1"><div class="li"> <strong>Apache only</strong>: because of an Apache behaviour change, PerlHeaderParserHandler must no more be used with “reload” URLs <em>(replaced by PerlResponseHandler)</em>. Any “reload url” that are inside a protected vhost must be unprotected in vhost rules <em>(protection has to be done by web server configuration)</em>.</div>
<li class="level1"><div class="li"> <a href="ssocookie.html" class="wikilink1" title="documentation:2.0:ssocookie">SSOCookie</a>: Since Firefox 60 and Chrome 68, “+2d, +5M, 12h and so on…” cookie expiration time notation is no more supported. CookieExpiration value is a number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately.</div>
</li>
</ul>
</div>
<!-- EDIT9 SECTION "Handlers" [3934-4595] -->
<h2 class="sectionedit10" id="rules_and_headers">Rules and headers</h2>
<!-- EDIT10 SECTION "Handlers" [4170-5254] -->
<h2 class="sectionedit11" id="rules_and_headers">Rules and headers</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> hostname() and remote_ip() are no more provided to avoid some name conflicts <em>(replaced by $ENV{})</em></div>
@ -215,8 +233,8 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT10 SECTION "Rules and headers" [4596-4914] -->
<h2 class="sectionedit11" id="supported_servers">Supported servers</h2>
<!-- EDIT11 SECTION "Rules and headers" [5255-5573] -->
<h2 class="sectionedit12" id="supported_servers">Supported servers</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Apache-1.3 files are not provided now. You can build them yourself by looking at Apache-2 configuration files</div>
@ -224,24 +242,24 @@ LLNG portal now embeds the following features:
</ul>
</div>
<!-- EDIT11 SECTION "Supported servers" [4915-5060] -->
<h2 class="sectionedit12" id="ajax_requests">Ajax requests</h2>
<!-- EDIT12 SECTION "Supported servers" [5574-5719] -->
<h2 class="sectionedit13" id="ajax_requests">Ajax requests</h2>
<div class="level2">
<p>
Before 2.0, an Ajax query that was launched after session timeout received a 302 code. Now a 401 HTTP code is given in response. The <code>WWW-Authenticate</code> header contains: <code><abbr title="Single Sign On">SSO</abbr> &lt;portal-<abbr title="Uniform Resource Locator">URL</abbr>&gt;</code>
Before 2.0, an Ajax query launched after session timeout received a 302 code. Now a 401 HTTP code is returned. <code>WWW-Authenticate</code> header contains: <code><abbr title="Single Sign On">SSO</abbr> &lt;portal-<abbr title="Uniform Resource Locator">URL</abbr>&gt;</code>
</p>
</div>
<!-- EDIT12 SECTION "Ajax requests" [5061-5280] -->
<h2 class="sectionedit13" id="soaprest_services">SOAP/REST services</h2>
<!-- EDIT13 SECTION "Ajax requests" [5720-5917] -->
<h2 class="sectionedit14" id="soaprest_services">SOAP/REST services</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> SOAP server activation is now split in 2 parameters (configuration/sessions). You must set them else SOAP service will be disabled</div>
</li>
<li class="level1"><div class="li"> Notifications are now REST/JSON by default. You can force old format in the manager. Note that SOAP proxy has changed: <a href="http://portal/notifications" class="urlextern" title="http://portal/notifications" rel="nofollow">http://portal/notifications</a> now.</div>
</li>
<li class="level1"><div class="li"> If you use “adminSessions” endpoint with “singleSession*” features, you must upgrade all portals in the same time</div>
<li class="level1"><div class="li"> If you use “adminSessions” endpoint with “singleSession*” features, you must upgrade all portals simultaneously</div>
</li>
<li class="level1"><div class="li"> SOAP services can be replaced by new REST services</div>
</li>
@ -249,26 +267,26 @@ Before 2.0, an Ajax query that was launched after session timeout received a 302
<div class="noteimportant"><a href="handlerauthbasic.html" class="wikilink1" title="documentation:2.0:handlerauthbasic">AuthBasic Handler</a> uses now REST services instead of SOAP.
</div>
</div>
<!-- EDIT13 SECTION "SOAP/REST services" [5281-5879] -->
<h2 class="sectionedit14" id="developer_corner">Developer corner</h2>
<!-- EDIT14 SECTION "SOAP/REST services" [5918-6514] -->
<h2 class="sectionedit15" id="developer_corner">Developer corner</h2>
<div class="level2">
</div>
<!-- EDIT14 SECTION "Developer corner" [5880-5909] -->
<h3 class="sectionedit15" id="apis">APIs</h3>
<!-- EDIT15 SECTION "Developer corner" [6515-6544] -->
<h3 class="sectionedit16" id="apis">APIs</h3>
<div class="level3">
<p>
Portal has now many REST features and includes a plugin <abbr title="Application Programming Interface">API</abbr>. See Portal manpages to see how to write auth modules, issuers or other feature.
Portal has now many REST features and includes an <abbr title="Application Programming Interface">API</abbr> plugin. See Portal manpages to learn how to write auth modules, issuers or other features.
</p>
</div>
<!-- EDIT15 SECTION "APIs" [5910-6067] -->
<h3 class="sectionedit16" id="portal_overview">Portal overview</h3>
<!-- EDIT16 SECTION "APIs" [6545-6706] -->
<h3 class="sectionedit17" id="portal_overview">Portal overview</h3>
<div class="level3">
<p>
Portal is no more a big CGI object. it is written for Plack/PSGI. Little resume
Portal is no more a single CGI object. Since 2.0, It is based on Plack/PSGI and Mouse modules. Little resume
</p>
<pre class="file">Portal object
|
@ -281,12 +299,12 @@ Portal is no more a big CGI object. it is written for Plack/PSGI. Little resume
+-&gt; other plugins (notification,...)</pre>
<p>
The request is a separated object based on Lemonldap::NG::Portal::Main::Request which inherits from Lemonldap::NG::Common::PSGI::Request which inherits from Plack::Request. See manpages for more.
Requests are independant objects based on Lemonldap::NG::Portal::Main::Request which inherits from Lemonldap::NG::Common::PSGI::Request which inherits from Plack::Request. See manpages for more.
</p>
</div>
<!-- EDIT16 SECTION "Portal overview" [6068-6515] -->
<h3 class="sectionedit17" id="handler">Handler</h3>
<!-- EDIT17 SECTION "Portal overview" [6707-7182] -->
<h3 class="sectionedit18" id="handler">Handler</h3>
<div class="level3">
<p>
@ -294,10 +312,10 @@ Handler libraries have been totally rewritten. If you&#039;ve made custom handle
</p>
<p>
If you had auto protected CGI, you also need to rewrite them, see <a href="selfmadeapplication.html#perl_auto-protected_cgi" class="wikilink1" title="documentation:2.0:selfmadeapplication">documentation</a>.
If you used self protected CGI, you also need to rewrite them, see <a href="selfmadeapplication.html#perl_auto-protected_cgi" class="wikilink1" title="documentation:2.0:selfmadeapplication">documentation</a>.
</p>
</div>
<!-- EDIT17 SECTION "Handler" [6516-] --></div>
<!-- EDIT18 SECTION "Handler" [7183-] --></div>
</body>
</html>

26
doc/pages/documentation/current/writingrulesand_headers.html
View File

@ -92,6 +92,14 @@ The %ENV table provides:
</li>
</ul>
</li>
<li class="level1"><div class="li"> For portal:</div>
<ul>
<li class="level2"><div class="li"> $ENV{urldc} : Origin <abbr title="Uniform Resource Locator">URL</abbr> before Handler redirection, in cleartext</div>
</li>
<li class="level2"><div class="li"> $ENV{_url} : Origin <abbr title="Uniform Resource Locator">URL</abbr> before Handler redirection, base64 encoded</div>
</li>
</ul>
</li>
</ul>
<p>
@ -99,7 +107,7 @@ See also <a href="extendedfunctions.html" class="wikilink1" title="documentation
</p>
</div>
<!-- EDIT2 SECTION "Available $ENV{} variables" [547-1077] -->
<!-- EDIT2 SECTION "Available $ENV{} variables" [547-1238] -->
<h2 class="sectionedit3" id="rules">Rules</h2>
<div class="level2">
@ -139,7 +147,7 @@ Examples:
<td class="col0 leftalign"> Restrict access to the whole site to users that have the LDAP description field set to “LDAP administrator” (must be set in exported variables) </td><td class="col1 centeralign"> default </td><td class="col2 centeralign"> $description&nbsp;eq&nbsp;"LDAP&nbsp;administrator" </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [1300-2143] -->
<!-- EDIT4 TABLE [1461-2304] -->
<p>
The “<strong>default</strong>” access rule is used if no other access rule match the current <abbr title="Uniform Resource Locator">URL</abbr>.
</p>
@ -170,7 +178,7 @@ Rules can also be used to intercept logout <abbr title="Uniform Resource Locator
<td class="col0"> Logout user from current application and from Lemonldap::NG and redirect it to http://intranet/ <strong><em>(Apache only)</em></strong> </td><td class="col1 centeralign"> ^/index.php\?logout </td><td class="col2 centeralign"> logout_app_sso&nbsp;http://intranet/ </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [2637-3285] --><div class="notewarning"><code>logout_app</code> and <code>logout_app_sso</code> rules are not available on Nginx, only on Apache.
<!-- EDIT5 TABLE [2798-3446] --><div class="notewarning"><code>logout_app</code> and <code>logout_app_sso</code> rules are not available on Nginx, only on Apache.
</div>
<p>
By default, user will be redirected on portal if no <abbr title="Uniform Resource Locator">URL</abbr> defined, or on the specified <abbr title="Uniform Resource Locator">URL</abbr> if any.
@ -178,7 +186,7 @@ By default, user will be redirected on portal if no <abbr title="Uniform Resourc
<div class="noteimportant">Only current application is concerned by logout_app* targets. Be careful with some applications which doesn&#039;t verify Lemonldap::NG headers after having created their own cookies. If so, you can redirect users to a <abbr title="HyperText Markup Language">HTML</abbr> page that explain that it is safe to close browser after disconnect.
</div>
</div>
<!-- EDIT3 SECTION "Rules" [1078-3806] -->
<!-- EDIT3 SECTION "Rules" [1239-3967] -->
<h3 class="sectionedit6" id="rules_on_authentication_level">Rules on authentication level</h3>
<div class="level3">
@ -212,7 +220,7 @@ There are two way to impose users to have a high authentication level:
<div class="notetip">Instead of returning a 403 code, “minimum level” returns user to a form that explain that a higher level is required and propose to user to reauthenticate itself.
</div>
</div>
<!-- EDIT6 SECTION "Rules on authentication level" [3807-4692] -->
<!-- EDIT6 SECTION "Rules on authentication level" [3968-4853] -->
<h2 class="sectionedit7" id="headers">Headers</h2>
<div class="level2">
@ -242,7 +250,7 @@ Examples:
<td class="col0 leftalign"> Give a non ascii data </td><td class="col1 centeralign"> Display-Name </td><td class="col2 centeralign"> encode_base64($givenName."&nbsp;".$surName,"") </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [4876-5212] -->
<!-- EDIT8 TABLE [5037-5373] -->
<p>
As described in <a href="performances.html#handler_performance" class="wikilink1" title="documentation:2.0:performances">performances chapter</a>, you can use macros, local macros,…
</p>
@ -260,7 +268,7 @@ As described in <a href="performances.html#handler_performance" class="wikilink1
</div>
</div>
<!-- EDIT7 SECTION "Headers" [4693-5884] -->
<!-- EDIT7 SECTION "Headers" [4854-6045] -->
<h2 class="sectionedit9" id="available_functions">Available functions</h2>
<div class="level2">
@ -275,7 +283,7 @@ In addition to macros and name, you can use some functions in rules and headers:
</ul>
</div>
<!-- EDIT9 SECTION "Available functions" [5885-6095] -->
<!-- EDIT9 SECTION "Available functions" [6046-6256] -->
<h2 class="sectionedit10" id="wildcards_in_hostnames">Wildcards in hostnames</h2>
<div class="level2">
@ -298,6 +306,6 @@ Even if a wildcard exists, if a virtualhost is explicitly declared, this rule is
</ol>
</div>
<!-- EDIT10 SECTION "Wildcards in hostnames" [6096-] --></div>
<!-- EDIT10 SECTION "Wildcards in hostnames" [6257-] --></div>
</body>
</html>

16
doc/pages/documentation/current/yubikey2f.html
View File

@ -62,24 +62,24 @@
<div class="level1">
<p>
The <a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.yubico.com/yubikey" rel="nofollow">Yubikey</a> is a small material token shipped by <a href="http://www.yubico.com" class="urlextern" title="http://www.yubico.com" rel="nofollow">Yubico</a>. It sends an OTP, which is validated against Yubico server.
A <a href="http://www.yubico.com/yubikey" class="urlextern" title="http://www.yubico.com/yubikey" rel="nofollow">Yubikey</a> is a small material token manufactured by <a href="http://www.yubico.com" class="urlextern" title="http://www.yubico.com" rel="nofollow">Yubico</a>. It sends an OTP, which is validated via Yubico server.
</p>
</div>
<!-- EDIT1 SECTION "Yubikey Second Factor" [1-214] -->
<!-- EDIT1 SECTION "Yubikey Second Factor" [1-213] -->
<h2 class="sectionedit2" id="prerequisites_and_dependencies">Prerequisites and dependencies</h2>
<div class="level2">
<p>
You need <a href="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" class="urlextern" title="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" rel="nofollow">Auth::Yubikey_WebClient</a> package.
You must install <a href="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" class="urlextern" title="http://search.cpan.org/~massyn/Auth-Yubikey_WebClient/" rel="nofollow">Auth::Yubikey_WebClient</a> package.
</p>
<p>
You need to get an client ID and a secret key from Yubico. See <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/" rel="nofollow">Yubico API</a> page.
You have to retrieve a client ID and a secret key from Yubico. See <a href="https://upgrade.yubico.com/getapikey/" class="urlextern" title="https://upgrade.yubico.com/getapikey/" rel="nofollow">Yubico API</a> page.
</p>
</div>
<!-- EDIT2 SECTION "Prerequisites and dependencies" [215-483] -->
<!-- EDIT2 SECTION "Prerequisites and dependencies" [214-494] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
@ -107,7 +107,7 @@ In the manager (second factors), you just have to enable it:
<div class="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule: <code>$_2fDevices =~ /“type”:\s*“UBK”/s</code>, else Yubikey will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [484-1620] -->
<!-- EDIT3 SECTION "Configuration" [495-1631] -->
<h2 class="sectionedit4" id="provisioning">Provisioning</h2>
<div class="level2">
@ -117,7 +117,7 @@ If you don&#039;t want to use self-registration, set public part of user&#039;s
<pre class="code file json">[{&quot;name&quot; : &quot;MyYubikey&quot; , &quot;type&quot; : &quot;UBK&quot; , &quot;_secret&quot; : &quot;########&quot; , &quot;epoch&quot;:&quot;1524078936&quot;}, ...]</pre>
</div>
<!-- EDIT4 SECTION "Provisioning" [1621-1988] -->
<!-- EDIT4 SECTION "Provisioning" [1632-1999] -->
<h2 class="sectionedit5" id="enrollment">Enrollment</h2>
<div class="level2">
@ -126,6 +126,6 @@ If you have enabled self registration, users can register their U2F keys using <
</p>
</div>
<!-- EDIT5 SECTION "Enrollment" [1989-] --></div>
<!-- EDIT5 SECTION "Enrollment" [2000-] --></div>
</body>
</html>