dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove old documentation

This commit is contained in:
Maxime Besson 2020-05-21 16:27:08 +02:00
parent 2289b7e2fc
commit 2b6c43d980
583 changed files with 4 additions and 55066 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,6 +1,7 @@
.gitignore
.vstags
doc/sources/admin/_build/
doc/pages/documentation/
e2e-tests/conf
lemonldap-ng-common/MYMETA.json
lemonldap-ng-common/MYMETA.yml

6
Makefile
View File

@ -878,8 +878,6 @@ install_doc_site:
@cd doc && for f in `find * -type f ! -name '*.html'`; do \
install -v -m 644 $$f $(RDEFDOCDIR)/$$f; \
done && cd -
# Install symlinks
@cd doc && tar cf - `find * -type l` | tar xvf - -C $(RDEFDOCDIR) && cd -
# Remove js
@cd $(RDEFDOCDIR) && if test "$(USEEXTERNALLIBS)" = "yes"; then \
rm -rvf $(DOCEXTERNALLIBS); \
@ -1129,7 +1127,9 @@ manager_cpan: manager_conf
@mv ${SRCMANAGERDIR}/Lemonldap*.gz .
documentation:
@cd doc/sources/admin/ && make html
@sphinx-build -b html -d /tmp/doctrees \
-Dhtml_theme_path=. -Dhtml_theme=my_theme\
doc/sources/admin/ doc/pages/documentation/current/
test-diff:
@for file in `find lemonldap-ng-*/lib -type f`; do \

0
doc/pages/documentation/current/.exists Normal file
View File

285
doc/pages/documentation/current/AuthChoice_with_Slave_and_Secured_cookie_gt/double_cookies_for_a_single_session
View File

@ -1,285 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>authchoice_with_slave_and_secured_cookie_gt:double_cookies_for_a_single_session [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="authchoice_with_slave_and_secured_cookie_gt,double_cookies_for_a_single_session"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/authchoice_with_slave_and_secured_cookie_gt/double_cookies_for_a_single_session?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=authchoice_with_slave_and_secured_cookie_gt"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/authchoice_with_slave_and_secured_cookie_gt/double_cookies_for_a_single_session"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/authchoice_with_slave_and_secured_cookie_gt/double_cookies_for_a_single_session"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=a3a28b97aa1359a6551738d33203e559"/>
<script type="text/javascript">/*<![CDATA[*/var NS='authchoice_with_slave_and_secured_cookie_gt';var JSINFO = {"id":"authchoice_with_slave_and_secured_cookie_gt:double_cookies_for_a_single_session","namespace":"authchoice_with_slave_and_secured_cookie_gt"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=a3a28b97aa1359a6551738d33203e559&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/authchoice_with_slave_and_secured_cookie_gt/double_cookies_for_a_single_session?do=login&amp;sectok=cb8543bb80ff783430335c289801b508" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/authchoice_with_slave_and_secured_cookie_gt/start" class="wikilink2" title="authchoice_with_slave_and_secured_cookie_gt:start" rel="nofollow">authchoice_with_slave_and_secured_cookie_gt</a></bdi> » <bdi><span class="curid"><a href="/authchoice_with_slave_and_secured_cookie_gt/double_cookies_for_a_single_session" class="wikilink2" title="authchoice_with_slave_and_secured_cookie_gt:double_cookies_for_a_single_session" rel="nofollow">double_cookies_for_a_single_session</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">authchoice_with_slave_and_secured_cookie_gt:double_cookies_for_a_single_session</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on &quot;Create this page&quot;.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="social_networks">Social networks</h3>
<div class="level3">
<p>
<p><a href="https://twitter.com/lemonldapng/" class="btn btn-large btn-info"><i class="glyphicon glyphicon-retweet"></i> Twitter</a></p>
<p><a href="https://www.facebook.com/lemonldapng/" class="btn btn-large btn-primary"><i class="glyphicon glyphicon-thumbs-up"></i> Facebook</a></p>
</p>
<p>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Social networks" [41-433] -->
<h3 class="sectionedit2" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Hosted by" [434-568] -->
<h3 class="sectionedit3" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT3 SECTION "Certifications" [569-928] -->
<h3 class="sectionedit4" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="/_detail/logos/ow2_awards.png?id=default_sidebar" class="media" title="logos:ow2_awards.png"><img src="/_media/logos/ow2_awards.png?w=150&amp;tok=b33854" class="mediacenter" alt="" width="150" /></a>
</p>
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="urlextern" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow">OW2con&#039;14 Community Award</a>
</p>
<p>
<a href="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" class="urlextern" title="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" rel="nofollow">OW2con&#039;18 Community Award</a>
</p>
<p>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT4 SECTION "Awards" [929-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=authchoice_with_slave_and_secured_cookie_gt%3Adouble_cookies_for_a_single_session&amp;1588685826" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

81
doc/pages/documentation/current/activedirectoryminihowto.html
View File

@ -1,81 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:activedirectoryminihowto</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,activedirectoryminihowto"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="activedirectoryminihowto.html"/>
<link rel="contents" href="activedirectoryminihowto.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:activedirectoryminihowto","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="using_lemonldapng_with_active-directory">Using LemonLDAP::NG with Active-Directory</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Using LemonLDAP::NG with Active-Directory" [1-57] -->
<h2 class="sectionedit2" id="authentication_with_loginpassword">Authentication with login/password</h2>
<div class="level2">
<p>
To use Active Directory as LDAP backend, you must change few things in the manager :
</p>
<ul>
<li class="level1"><div class="li"> Use &quot;Active Directory&quot; as authentication, userDB and passwordDBbackends,</div>
</li>
<li class="level1"><div class="li"> Export sAMAccountName in a variable declared in <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables</a></div>
</li>
<li class="level1"><div class="li"> Change the user attribute to store in Apache logs <em>(&quot;General Parameters » Logs » REMOTE_USER&quot;)</em>: use the variable declared above</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Authentication with login/password" [58-494] -->
<h2 class="sectionedit3" id="authentication_with_kerberos">Authentication with Kerberos</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Choose &quot;Apache&quot; as authentication module <em>(&quot;General Parameters » Authentication modules » Authentication module&quot;)</em></div>
</li>
<li class="level1"><div class="li"> <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">Configure the Apache server</a> that host the portal to use the Apache Kerberos authentication module</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Authentication with Kerberos" [495-] --></div>
</body>
</html>

225
doc/pages/documentation/current/applications.html
View File

@ -1,225 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="applications.html"/>
<link rel="contents" href="applications.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:applications","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="applications">Applications</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Applications" [1-28] -->
<h2 class="sectionedit2" id="how_to_integrate">How to integrate</h2>
<div class="level2">
<p>
To integrate a Web application in <abbr title="LemonLDAP::NG">LL::NG</abbr>, you have the following possibilities:
</p>
<ul>
<li class="level1"><div class="li"> Protect the application with the Handler, and push user identity trough HTTP headers. This is how main Access Manager products, like CA SiteMinder, are working. This also how Apache authentication modules are working, so if your application is compatible with Apache authentication (often called &quot;external authentifcation&quot;), then you can use the Handler.</div>
</li>
<li class="level1"><div class="li"> Specific Handler: some applications can require a specific Handler, to manage preauthentication process for example.</div>
</li>
<li class="level1"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr>: your application is a <abbr title="Central Authentication Service">CAS</abbr> client, you can configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as a <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS server</a>.</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr>: your application is a <abbr title="Security Assertion Markup Language">SAML</abbr> Service Provider, you can configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as a <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a>.</div>
</li>
<li class="level1"><div class="li"> OpenID Connect: your application is a OpenID Connect Relying Party, you can configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as a <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID Connect Provider</a>.</div>
</li>
</ul>
<p>
If none of above methods is available, you can try:
</p>
<ul>
<li class="level1"><div class="li"> <a href="applications/authbasic.html" class="wikilink1" title="documentation:2.0:applications:authbasic">HTTP Auth-Basic</a>: replay Auth Basic authentication</div>
</li>
<li class="level1"><div class="li"> <a href="formreplay.html" class="wikilink1" title="documentation:2.0:formreplay">Form replay</a>: replay form based authentication</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "How to integrate" [29-1191] -->
<h2 class="sectionedit3" id="application_list">Application list</h2>
<div class="level2">
<div class="table sectionedit4"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="applications/adfs.html" class="media" title="documentation:2.0:applications:adfs"><img src="icons/kmultiple.png" class="media" alt="" width="200" /></a> </td><td class="col1 centeralign"> <a href="applications/adfs.html" class="wikilink1" title="documentation:2.0:applications:adfs">ADFS</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <a href="applications/alfresco.html" class="media" title="documentation:2.0:applications:alfresco"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/alfresco.html" class="wikilink1" title="documentation:2.0:applications:alfresco">Alfresco</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> <a href="applications/aws.html" class="media" title="documentation:2.0:applications:aws"><img src="icons/kmultiple.png" class="media" title="logo_amazon_web_services.jpg" alt="logo_amazon_web_services.jpg" /></a> </td><td class="col1 centeralign"> <a href="applications/aws.html" class="wikilink1" title="documentation:2.0:applications:aws">Amazon Web Services</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> <a href="applications/awx.html" class="media" title="documentation:2.0:applications:awx"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/awx.html" class="wikilink1" title="documentation:2.0:applications:awx">AWX (Ansible Tower)</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> <a href="applications/bugzilla.html" class="media" title="documentation:2.0:applications:bugzilla"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/bugzilla.html" class="wikilink1" title="documentation:2.0:applications:bugzilla">Bugzilla</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row6 roweven">
<td class="col0 centeralign"> <a href="applications/cornerstone.html" class="media" title="documentation:2.0:applications:cornerstone"><img src="icons/kmultiple.png" class="media" alt="" width="200" /></a> </td><td class="col1 centeralign"> <a href="applications/cornerstone.html" class="wikilink1" title="documentation:2.0:applications:cornerstone">Cornerstone</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row7 rowodd">
<td class="col0 centeralign"> <a href="applications/discourse.html" class="media" title="documentation:2.0:applications:discourse"><img src="icons/kmultiple.png" class="media" title="discourse.jpg" alt="discourse.jpg" /></a> </td><td class="col1 centeralign"> <a href="applications/discourse.html" class="wikilink1" title="documentation:2.0:applications:discourse">Discourse</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6 centeralign"></td>
</tr>
<tr class="row8 roweven">
<td class="col0 centeralign"> <a href="applications/django.html" class="media" title="documentation:2.0:applications:django"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/django.html" class="wikilink1" title="documentation:2.0:applications:django">Django</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row9 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row10 roweven">
<td class="col0 centeralign"> <a href="applications/dokuwiki.html" class="media" title="documentation:2.0:applications:dokuwiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/dokuwiki.html" class="wikilink1" title="documentation:2.0:applications:dokuwiki">Dokuwiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row11 rowodd">
<td class="col0 centeralign"> <a href="applications/drupal.html" class="media" title="documentation:2.0:applications:drupal"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/drupal.html" class="wikilink1" title="documentation:2.0:applications:drupal">Drupal</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row12 roweven">
<td class="col0 centeralign"> <a href="applications/fusiondirectory.html" class="media" title="documentation:2.0:applications:fusiondirectory"><img src="icons/kmultiple.png" class="media" title="fusiondirectory-logo.jpg" alt="fusiondirectory-logo.jpg" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/fusiondirectory.html" class="wikilink1" title="documentation:2.0:applications:fusiondirectory">FusionDirectory</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row13 rowodd">
<td class="col0 centeralign"> <a href="applications/gitlab.html" class="media" title="documentation:2.0:applications:gitlab"><img src="icons/kmultiple.png" class="mediacenter" alt="" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/gitlab.html" class="wikilink1" title="documentation:2.0:applications:gitlab">Gitlab</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6 centeralign"></td>
</tr>
<tr class="row14 roweven">
<td class="col0 centeralign"> <a href="applications/glpi.html" class="media" title="documentation:2.0:applications:glpi"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/glpi.html" class="wikilink1" title="documentation:2.0:applications:glpi">GLPI</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row15 rowodd">
<td class="col0 centeralign"> <a href="applications/googleapps.html" class="media" title="documentation:2.0:applications:googleapps"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/googleapps.html" class="wikilink1" title="documentation:2.0:applications:googleapps">Google Apps</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row16 roweven">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row17 rowodd">
<td class="col0 centeralign"> <a href="applications/grafana.html" class="media" title="documentation:2.0:applications:grafana"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/grafana.html" class="wikilink1" title="documentation:2.0:applications:grafana">Grafana</a> </td><td class="col2 leftalign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
</tr>
<tr class="row18 roweven">
<td class="col0 centeralign"> <a href="applications/grr.html" class="media" title="documentation:2.0:applications:grr"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/grr.html" class="wikilink1" title="documentation:2.0:applications:grr">GRR</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row19 rowodd">
<td class="col0 centeralign"> <a href="applications/guacamole.html" class="media" title="documentation:2.0:applications:guacamole"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/guacamole.html" class="wikilink1" title="documentation:2.0:applications:guacamole">Apache Guacamole</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4 centeralign"></td><td class="col5 leftalign"> </td><td class="col6 centeralign"></td>
</tr>
<tr class="row20 roweven">
<td class="col0 centeralign"> <a href="applications/humhub.html" class="media" title="documentation:2.0:applications:humhub"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/humhub.html" class="wikilink1" title="documentation:2.0:applications:humhub">HumHub</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6 centeralign"></td>
</tr>
<tr class="row21 rowodd">
<td class="col0 centeralign"> <a href="applications/jitsimet" class="media" title="documentation:2.0:applications:jitsimet"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/jitsimeet.html" class="wikilink1" title="documentation:2.0:applications:jitsimeet">Jitsi Meet</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row22 roweven">
<td class="col0 centeralign"> <a href="applications/liferay.html" class="media" title="documentation:2.0:applications:liferay"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/liferay.html" class="wikilink1" title="documentation:2.0:applications:liferay">Liferay</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
</tr>
<tr class="row23 rowodd">
<td class="col0 centeralign"> <a href="applications/limesurvey.html" class="media" title="documentation:2.0:applications:limesurvey"><img src="icons/kmultiple.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/limesurvey.html" class="wikilink1" title="documentation:2.0:applications:limesurvey">LimeSurvey</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
</tr>
<tr class="row24 roweven">
<td class="col0 centeralign"> <a href="applications/mattermost.html" class="media" title="documentation:2.0:applications:mattermost"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/mattermost.html" class="wikilink1" title="documentation:2.0:applications:mattermost">Mattermost</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6 centeralign"></td>
</tr>
<tr class="row25 rowodd">
<td class="col0 centeralign"> <a href="applications/mediawiki.html" class="media" title="documentation:2.0:applications:mediawiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/mediawiki.html" class="wikilink1" title="documentation:2.0:applications:mediawiki">Mediawiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row26 roweven">
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/nextcloud.html" class="wikilink1" title="documentation:2.0:applications:nextcloud">NextCloud</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row27 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row28 roweven">
<td class="col0 centeralign"> <a href="applications/obm.html" class="media" title="documentation:2.0:applications:obm"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/obm.html" class="wikilink1" title="documentation:2.0:applications:obm">OBM</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row29 rowodd">
<td class="col0 centeralign"> <a href="applications/office365.html" class="media" title="documentation:2.0:applications:office365"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/office365.html" class="wikilink1" title="documentation:2.0:applications:office365">Office 365</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row30 roweven">
<td class="col0 centeralign"> <a href="applications/phpldapadmin.html" class="media" title="documentation:2.0:applications:phpldapadmin"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/phpldapadmin.html" class="wikilink1" title="documentation:2.0:applications:phpldapadmin">phpLDAPAdmin</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row31 rowodd">
<td class="col0 centeralign"> <a href="applications/roundcube.html" class="media" title="documentation:2.0:applications:roundcube"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/roundcube.html" class="wikilink1" title="documentation:2.0:applications:roundcube">Roundcube</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row32 roweven">
<td class="col0 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/salesforce.html" class="wikilink1" title="documentation:2.0:applications:salesforce">SalesForce</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row33 rowodd">
<td class="col0 centeralign"> <a href="applications/sap.html" class="media" title="documentation:2.0:applications:sap"><img src="icons/kmultiple.png" class="media" title="SAP" alt="SAP" /></a> </td><td class="col1 centeralign"> <a href="applications/sap.html" class="wikilink1" title="documentation:2.0:applications:sap">SAP</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row34 roweven">
<td class="col0 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="media" alt="" width="200" /></a> </td><td class="col1 centeralign"> <a href="applications/simplesamlphp.html" class="wikilink1" title="documentation:2.0:applications:simplesamlphp">simpleSAMLphp</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row35 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row36 roweven">
<td class="col0 centeralign"> <a href="applications/spring.html" class="media" title="documentation:2.0:applications:spring"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/spring.html" class="wikilink1" title="documentation:2.0:applications:spring">Spring</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row37 rowodd">
<td class="col0 centeralign"> <a href="applications/symfony.html" class="media" title="documentation:2.0:applications:symfony"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/symfony.html" class="wikilink1" title="documentation:2.0:applications:symfony">Symfony</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row38 roweven">
<td class="col0 centeralign"> <a href="applications/sympa.html" class="media" title="documentation:2.0:applications:sympa"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/sympa.html" class="wikilink1" title="documentation:2.0:applications:sympa">Sympa</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row39 rowodd">
<td class="col0 centeralign"> <a href="applications/tomcat.html" class="media" title="documentation:2.0:applications:tomcat"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/tomcat.html" class="wikilink1" title="documentation:2.0:applications:tomcat">Tomcat</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row40 roweven">
<td class="col0 centeralign"> <a href="applications/wordpress.html" class="media" title="documentation:2.0:applications:wordpress"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/wordpress.html" class="wikilink1" title="documentation:2.0:applications:wordpress">Wordpress</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign"></td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row41 rowodd">
<td class="col0 centeralign"> <a href="applications/xwiki.html" class="media" title="documentation:2.0:applications:xwiki"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/xwiki.html" class="wikilink1" title="documentation:2.0:applications:xwiki">XWiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row42 roweven">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row43 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
</table></div>
<!-- EDIT4 TABLE [1223-6519] -->
</div>
<!-- EDIT3 SECTION "Application list" [1192-] --></div>
</body>
</html>

90
doc/pages/documentation/current/applications/adfs.html
View File

@ -1,90 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:adfs</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,adfs"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="adfs.html"/>
<link rel="contents" href="adfs.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:adfs","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="active_directory_federation_services">Active Directory Federation Services</h1>
<div class="level1">
<p>
<img src="microsoft-adfs.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Active Directory Federation Services" [1-100] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Microsoft ADFS (Active Directory Federation Services) is an Identity/Service Provider, compatible with several protocols, including <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0.
</p>
<div class="noteimportant">This documentation does not explains how to setup ADFS, but give only tricks to make it works with <abbr title="LemonLDAP::NG">LL::NG</abbr>
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [101-399] -->
<h2 class="sectionedit3" id="adfs_as_identity_provider">ADFS as Identity Provider</h2>
<div class="level2">
<p>
When ADFS is declared as an Identity Provider in LemonLDAP::NG, you need to take care of the following items:
</p>
<ul>
<li class="level1"><div class="li"> HTTPS is mandatory on <abbr title="LemonLDAP::NG">LL::NG</abbr> portal</div>
</li>
<li class="level1"><div class="li"> You need to use a certificate in <abbr title="LemonLDAP::NG">LL::NG</abbr> <abbr title="Security Assertion Markup Language">SAML</abbr> metadata instead of a raw public key</div>
</li>
<li class="level1"><div class="li"> Activate option <code>Use specific query_string method</code> in <abbr title="Security Assertion Markup Language">SAML</abbr> Service</div>
</li>
<li class="level1"><div class="li"> Use SHA1 instead of SHA256 as signature algorithm on ADFS if using a Lasso version &lt; 2.5.0</div>
</li>
<li class="level1"><div class="li"> Force <abbr title="Security Assertion Markup Language">SAML</abbr> response to be sent by POST and not Artifact (signature verification fails with Artifact)</div>
</li>
<li class="level1"><div class="li"> Enable <code>Allow proxy authentication</code> in IDP options on <abbr title="LemonLDAP::NG">LL::NG</abbr> side</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "ADFS as Identity Provider" [400-] --></div>
</body>
</html>

572
doc/pages/documentation/current/applications/alfresco.html
View File

@ -1,572 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:alfresco</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,alfresco"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="alfresco.html"/>
<link rel="contents" href="alfresco.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:alfresco","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#http_headers">HTTP headers</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#alfresco1">Alfresco</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#headers">Headers</a></div></li>
<li class="level3"><div class="li"><a href="#rules">Rules</a></div></li>
</ul>
</li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#saml2">SAML2</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#alfresco2">Alfresco</a></div></li>
<li class="level2"><div class="li"><a href="#llng1">LL::NG</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#other_resources">Other resources</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="alfresco">Alfresco</h1>
<div class="level1">
<p>
<img src="alfresco_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Alfresco" [1-71] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://www.alfresco.com/" class="urlextern" title="https://www.alfresco.com/" rel="nofollow">Alfresco</a> is an ECM/BPM software.
</p>
<p>
Since 4.0 release, it offers an easy way to configure <abbr title="Single Sign On">SSO</abbr> thanks to authentication subsystems.
</p>
<p>
Authentication against <abbr title="LemonLDAP::NG">LL::NG</abbr> can be done trough:
</p>
<ul>
<li class="level1"><div class="li"> HTTP headers (<abbr title="LemonLDAP::NG">LL::NG</abbr> Handler)</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> 2 (<abbr title="LemonLDAP::NG">LL::NG</abbr> as SAML2 IDP)</div>
</li>
</ul>
<div class="notetip">Alfresco now recommends SAML2 method
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [72-430] -->
<h2 class="sectionedit3" id="http_headers">HTTP headers</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "HTTP headers" [431-456] -->
<h3 class="sectionedit4" id="alfresco1">Alfresco</h3>
<div class="level3">
<div class="notetip">The official documentation can be found here: <a href="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" class="urlextern" title="http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html" rel="nofollow">http://docs.alfresco.com/4.0/tasks/auth-alfrescoexternal-sso.html</a>
</div>
<p>
You need to find the following files in your Alfresco installation:
</p>
<ul>
<li class="level1"><div class="li"> <code>alfresco-global.properties</code> (ex: <code>tomcat/shared/classes/alfresco-global.properties</code>)</div>
</li>
<li class="level1"><div class="li"> <code>share-config-custom.xml</code> (ex: <code>tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml</code>)</div>
</li>
</ul>
<p>
The first will allow one to configure <abbr title="Single Sign On">SSO</abbr> for the alfresco webapp, and the other for the share webapp.
</p>
<p>
Edit first <code>alfresco-global.properties</code> and add the following:
</p>
<pre class="code file java">### SSO ###
authentication.<span class="me1">chain</span><span class="sy0">=</span>external1<span class="sy0">:</span>external
external.<span class="me1">authentication</span>.<span class="me1">enabled</span><span class="sy0">=</span><span class="kw2">true</span>
external.<span class="me1">authentication</span>.<span class="me1">defaultAdministratorUserNames</span><span class="sy0">=</span>
external.<span class="me1">authentication</span>.<span class="me1">proxyUserName</span><span class="sy0">=</span>
external.<span class="me1">authentication</span>.<span class="me1">proxyHeader</span><span class="sy0">=</span>Auth<span class="sy0">-</span>User
external.<span class="me1">authentication</span>.<span class="me1">userIdPattern</span><span class="sy0">=</span></pre>
<p>
Edit then <code>share-config-custom.xml</code> and uncomment the last part. In the <code>&lt;endpoint&gt;</code>, change <code>&lt;connector-id&gt;</code> value to <code>alfrescoHeader</code> and change the <code>&lt;userHeader&gt;</code> value to <code>Auth-User</code>:
</p>
<pre class="code file xml"> <span class="sc3"><span class="re1">&lt;config</span> <span class="re0">evaluator</span>=<span class="st0">&quot;string-compare&quot;</span> <span class="re0">condition</span>=<span class="st0">&quot;Remote&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;remote<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;keystore<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>alfresco/web-extension/alfresco-system.p12<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;type<span class="re2">&gt;</span></span></span>pkcs12<span class="sc3"><span class="re1">&lt;/type<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;password<span class="re2">&gt;</span></span></span>alfresco-system<span class="sc3"><span class="re1">&lt;/password<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/keystore<span class="re2">&gt;</span></span></span>
&nbsp;
<span class="sc3"><span class="re1">&lt;connector<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;id<span class="re2">&gt;</span></span></span>alfrescoCookie<span class="sc3"><span class="re1">&lt;/id<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;name<span class="re2">&gt;</span></span></span>Alfresco Connector<span class="sc3"><span class="re1">&lt;/name<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;description<span class="re2">&gt;</span></span></span>Connects to an Alfresco instance using cookie-based authentication<span class="sc3"><span class="re1">&lt;/description<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;class<span class="re2">&gt;</span></span></span>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector<span class="sc3"><span class="re1">&lt;/class<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/connector<span class="re2">&gt;</span></span></span>
&nbsp;
<span class="sc3"><span class="re1">&lt;connector<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;id<span class="re2">&gt;</span></span></span>alfrescoHeader<span class="sc3"><span class="re1">&lt;/id<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;name<span class="re2">&gt;</span></span></span>Alfresco Connector<span class="sc3"><span class="re1">&lt;/name<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;description<span class="re2">&gt;</span></span></span>Connects to an Alfresco instance using header and cookie-based authentication<span class="sc3"><span class="re1">&lt;/description<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;class<span class="re2">&gt;</span></span></span>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector<span class="sc3"><span class="re1">&lt;/class<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;userHeader<span class="re2">&gt;</span></span></span>Auth-User<span class="sc3"><span class="re1">&lt;/userHeader<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/connector<span class="re2">&gt;</span></span></span>
&nbsp;
<span class="sc3"><span class="re1">&lt;endpoint<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;id<span class="re2">&gt;</span></span></span>alfresco<span class="sc3"><span class="re1">&lt;/id<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;name<span class="re2">&gt;</span></span></span>Alfresco - user access<span class="sc3"><span class="re1">&lt;/name<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;description<span class="re2">&gt;</span></span></span>Access to Alfresco Repository WebScripts that require user authentication<span class="sc3"><span class="re1">&lt;/description<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;connector-id<span class="re2">&gt;</span></span></span>alfrescoHeader<span class="sc3"><span class="re1">&lt;/connector-id<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;endpoint-url<span class="re2">&gt;</span></span></span>http://localhost:8080/alfresco/s<span class="sc3"><span class="re1">&lt;/endpoint-url<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;identity<span class="re2">&gt;</span></span></span>user<span class="sc3"><span class="re1">&lt;/identity<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;external-auth<span class="re2">&gt;</span></span></span>true<span class="sc3"><span class="re1">&lt;/external-auth<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/endpoint<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/remote<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/config<span class="re2">&gt;</span></span></span></pre>
<p>
You need to restart Tomcat to apply changes.
</p>
<div class="notewarning">Now you can log in with a simple HTTP header. You need to restrict access to Alfresco to <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</div>
</div>
<!-- EDIT4 SECTION "Alfresco" [457-3155] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
</div>
<h4 id="headers">Headers</h4>
<div class="level4">
<p>
Just set the <code>Auth-User</code> header with the attribute that carries the user login, for example <code>$uid</code>.
</p>
</div>
<h4 id="rules">Rules</h4>
<div class="level4">
<p>
Set the default rule to what you need.
</p>
<p>
Other rules:
</p>
<ul>
<li class="level1"><div class="li"> Unprotect access to some resources: <code>^/share/res =&gt; unprotect</code></div>
</li>
<li class="level1"><div class="li"> Catch logout: <code>^/share/page/dologout =&gt; logout_app_sso</code></div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "LL::NG" [3156-3495] -->
<h2 class="sectionedit6" id="saml2">SAML2</h2>
<div class="level2">
</div>
<!-- EDIT6 SECTION "SAML2" [3496-3515] -->
<h3 class="sectionedit7" id="alfresco2">Alfresco</h3>
<div class="level3">
<p>
Install <abbr title="Security Assertion Markup Language">SAML</abbr> Alfresco module package:
</p>
<pre class="code">cp alfresco-saml-repo-1.0.1.amp &lt;ALFRESCO_HOME&gt;/amps
cp alfresco-saml-share-1.0.1.amp &lt;ALFRESCO_HOME&gt;/amps_share
./bin/apply_amp.sh</pre>
<p>
Generate <abbr title="Security Assertion Markup Language">SAML</abbr> certificate:
</p>
<pre class="code">keytool -genkeypair -alias my-saml-key -keypass change-me -storepass change-me -keystore my-saml.keystore -storetype JCEKS</pre>
<p>
Export the keystore:
</p>
<pre class="code">mv my-saml.keystore alf_data/keystore
cat &lt;&lt;EOT &gt; alf_data/keystore/my-saml.keystore-metadata.properties
aliases=my-saml-key
keystore.password=change-me
my-saml-key.password=change-me
EOT
cat &lt;&lt;EOT &gt;&gt; tomcat/shared/classes/alfresco-global.properties
saml.keystore.location=\${dir.keystore}/my-saml.keystore
saml.keystore.keyMetaData.location=\${dir.keystore}/my-saml.keystore-metadata.properties
EOT</pre>
<p>
Edit then <code>share-config-custom.xml</code>:
</p>
<pre class="code file xml"> ...
<span class="sc3"><span class="re1">&lt;config</span> <span class="re0">evaluator</span>=<span class="st0">&quot;string-compare&quot;</span> <span class="re0">condition</span>=<span class="st0">&quot;CSRFPolicy&quot;</span> <span class="re0">replace</span>=<span class="st0">&quot;true&quot;</span><span class="re2">&gt;</span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!--</span>
<span class="sc-1"> If using https make a CSRFPolicy with replace=&quot;true&quot; and override the properties section.</span>
<span class="sc-1"> Note, localhost is there to allow local checks to succeed.</span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1"> I.e.</span>
<span class="sc-1"> &lt;properties&gt;</span>
<span class="sc-1"> &lt;token&gt;Alfresco-CSRFToken&lt;/token&gt;</span>
<span class="sc-1"> &lt;referer&gt;https://your-domain.com/.*|http://localhost:8080/.*&lt;/referer&gt;</span>
<span class="sc-1"> &lt;origin&gt;https://your-domain.com|http://localhost:8080&lt;/origin&gt;</span>
<span class="sc-1"> &lt;/properties&gt;</span>
<span class="sc-1"> --&gt;</span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc3"><span class="re1">&lt;filter<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!-- SAML SPECIFIC CONFIG - START --&gt;</span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!--</span>
<span class="sc-1"> Since we have added the CSRF filter with filter-mapping of &quot;/*&quot; we will catch all public GET to avoid them</span>
<span class="sc-1"> having to pass through the remaining rules.</span>
<span class="sc-1"> --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>GET<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>/res/.*<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!-- Incoming posts from IDPs do not require a token --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>POST<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>/page/saml-authnresponse|/page/saml-logoutresponse|/page/saml-logoutrequest<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!-- SAML SPECIFIC CONFIG - STOP --&gt;</span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!-- EVERYTHING BELOW FROM HERE IS COPIED FROM share-security-config.xml --&gt;</span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!--</span>
<span class="sc-1"> Certain webscripts shall not be allowed to be accessed directly form the browser.</span>
<span class="sc-1"> Make sure to throw an error if they are used.</span>
<span class="sc-1"> --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>/proxy/alfresco/remoteadm/.*<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;throwError&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;message&quot;</span><span class="re2">&gt;</span></span>It is not allowed to access this url from your browser<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!--</span>
<span class="sc-1"> Certain Repo webscripts should be allowed to pass without a token since they have no Share knowledge.</span>
<span class="sc-1"> TODO: Refactor the publishing code so that form that is posted to this URL is a Share webscript with the right tokens.</span>
<span class="sc-1"> --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>POST<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>/proxy/alfresco/api/publishing/channels/.+<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertReferer&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;referer&quot;</span><span class="re2">&gt;</span></span>{referer}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertOrigin&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;origin&quot;</span><span class="re2">&gt;</span></span>{origin}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!--</span>
<span class="sc-1"> Certain Surf POST requests from the WebScript console must be allowed to pass without a token since</span>
<span class="sc-1"> the Surf WebScript console code can't be dependent on a Share specific filter.</span>
<span class="sc-1"> --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>POST<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>/page/caches/dependency/clear|/page/index|/page/surfBugStatus|/page/modules/deploy|/page/modules/module|/page/api/javascript/debugger|/page/console<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertReferer&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;referer&quot;</span><span class="re2">&gt;</span></span>{referer}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertOrigin&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;origin&quot;</span><span class="re2">&gt;</span></span>{origin}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!-- Certain Share POST requests does NOT require a token --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>POST<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>/page/dologin(\?.+)?|/page/site/[^/]+/start-workflow|/page/start-workflow|/page/context/[^/]+/start-workflow<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertReferer&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;referer&quot;</span><span class="re2">&gt;</span></span>{referer}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertOrigin&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;origin&quot;</span><span class="re2">&gt;</span></span>{origin}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!-- Assert logout is done from a valid domain, if so clear the token when logging out --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>POST<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>/page/dologout(\?.+)?<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertReferer&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;referer&quot;</span><span class="re2">&gt;</span></span>{referer}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertOrigin&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;origin&quot;</span><span class="re2">&gt;</span></span>{origin}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;clearToken&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;session&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;cookie&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!-- Make sure the first token is generated --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;session<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;attribute</span> <span class="re0">name</span>=<span class="st0">&quot;_alf_USER_ID&quot;</span><span class="re2">&gt;</span></span>.+<span class="sc3"><span class="re1">&lt;/attribute<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;attribute</span> <span class="re0">name</span>=<span class="st0">&quot;{token}&quot;</span><span class="re2">/&gt;</span></span>
<span class="sc-1">&lt;!-- empty attribute element indicates null, meaning the token has not yet been set --&gt;</span>
<span class="sc3"><span class="re1">&lt;/session<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;generateToken&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;session&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;cookie&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!-- Refresh token on new &quot;page&quot; visit when a user is logged in --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>GET<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;path<span class="re2">&gt;</span></span></span>/page/.*<span class="sc3"><span class="re1">&lt;/path<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;session<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;attribute</span> <span class="re0">name</span>=<span class="st0">&quot;_alf_USER_ID&quot;</span><span class="re2">&gt;</span></span>.+<span class="sc3"><span class="re1">&lt;/attribute<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;attribute</span> <span class="re0">name</span>=<span class="st0">&quot;{token}&quot;</span><span class="re2">&gt;</span></span>.+<span class="sc3"><span class="re1">&lt;/attribute<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/session<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;generateToken&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;session&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;cookie&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!--</span>
<span class="sc-1"> Verify multipart requests from logged in users contain the token as a parameter</span>
<span class="sc-1"> and also correct referer &amp; origin header if available</span>
<span class="sc-1"> --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>POST<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;header</span> <span class="re0">name</span>=<span class="st0">&quot;Content-Type&quot;</span><span class="re2">&gt;</span></span>multipart/.+<span class="sc3"><span class="re1">&lt;/header<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;session<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;attribute</span> <span class="re0">name</span>=<span class="st0">&quot;_alf_USER_ID&quot;</span><span class="re2">&gt;</span></span>.+<span class="sc3"><span class="re1">&lt;/attribute<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/session<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertToken&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;session&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;parameter&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertReferer&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;referer&quot;</span><span class="re2">&gt;</span></span>{referer}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertOrigin&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;origin&quot;</span><span class="re2">&gt;</span></span>{origin}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
&nbsp;
&nbsp;
&nbsp;
<span class="sc-1">&lt;!--</span>
<span class="sc-1"> Verify that all remaining state changing requests from logged in users' requests contains a token in the</span>
<span class="sc-1"> header and correct referer &amp; origin headers if available. We &quot;catch&quot; all content types since just setting it to</span>
<span class="sc-1"> &quot;application/json.*&quot; since a webscript that doesn't require a json request body otherwise would be</span>
<span class="sc-1"> successfully executed using i.e.&quot;text/plain&quot;.</span>
<span class="sc-1"> --&gt;</span>
<span class="sc3"><span class="re1">&lt;rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;method<span class="re2">&gt;</span></span></span>POST|PUT|DELETE<span class="sc3"><span class="re1">&lt;/method<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;session<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;attribute</span> <span class="re0">name</span>=<span class="st0">&quot;_alf_USER_ID&quot;</span><span class="re2">&gt;</span></span>.+<span class="sc3"><span class="re1">&lt;/attribute<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/session<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/request<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertToken&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;session&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;header&quot;</span><span class="re2">&gt;</span></span>{token}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertReferer&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;referer&quot;</span><span class="re2">&gt;</span></span>{referer}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;action</span> <span class="re0">name</span>=<span class="st0">&quot;assertOrigin&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;param</span> <span class="re0">name</span>=<span class="st0">&quot;origin&quot;</span><span class="re2">&gt;</span></span>{origin}<span class="sc3"><span class="re1">&lt;/param<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/action<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/rule<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/filter<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/config<span class="re2">&gt;</span></span></span>
...</pre>
<p>
Configure <abbr title="Security Assertion Markup Language">SAML</abbr> service provider using the Alfresco admin console (/alfresco/s/enterprise/admin/admin-saml).
</p>
<p>
Set the following parameters:
</p>
<ul>
<li class="level1"><div class="li"> Enable <abbr title="Security Assertion Markup Language">SAML</abbr> Authentication (<abbr title="Single Sign On">SSO</abbr>): on</div>
</li>
<li class="level1"><div class="li"> Authentication service <abbr title="Uniform Resource Locator">URL</abbr>: <a href="https://auth.example.com/saml/singleSignOn" class="urlextern" title="https://auth.example.com/saml/singleSignOn" rel="nofollow">https://auth.example.com/saml/singleSignOn</a></div>
</li>
<li class="level1"><div class="li"> Single Logout <abbr title="Uniform Resource Locator">URL</abbr>: <a href="https://auth.example.com/saml/singleLogout" class="urlextern" title="https://auth.example.com/saml/singleLogout" rel="nofollow">https://auth.example.com/saml/singleLogout</a></div>
</li>
<li class="level1"><div class="li"> Single logout return <abbr title="Uniform Resource Locator">URL</abbr>: <a href="https://auth.example.com/saml/singleLogoutReturn" class="urlextern" title="https://auth.example.com/saml/singleLogoutReturn" rel="nofollow">https://auth.example.com/saml/singleLogoutReturn</a></div>
</li>
<li class="level1"><div class="li"> Entity identification: <a href="http://alfresco.myecm.org:8080/share" class="urlextern" title="http://alfresco.myecm.org:8080/share" rel="nofollow">http://alfresco.myecm.org:8080/share</a></div>
</li>
<li class="level1"><div class="li"> User ID mapping: Subject/NameID</div>
</li>
</ul>
<p>
To finish with Alfresco configuration, tick the “Enable <abbr title="Security Assertion Markup Language">SAML</abbr> authentication (<abbr title="Single Sign On">SSO</abbr>)” box.
</p>
</div>
<!-- EDIT7 SECTION "Alfresco" [3516-14172] -->
<h3 class="sectionedit8" id="llng1">LL::NG</h3>
<div class="level3">
<p>
Configure <abbr title="Security Assertion Markup Language">SAML</abbr> service and set a certificate as signature public key in metadata.
</p>
<p>
Export Alfresco <abbr title="Security Assertion Markup Language">SAML</abbr> Metadata from admin console and import them in <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</p>
<p>
In the authentication response option, set:
</p>
<ul>
<li class="level1"><div class="li"> Default NameID Format: Unspecified</div>
</li>
<li class="level1"><div class="li"> Force NameID session key: uid</div>
</li>
</ul>
<p>
And you can define these exported attributes:
</p>
<ul>
<li class="level1"><div class="li"> GivenName</div>
</li>
<li class="level1"><div class="li"> Surname</div>
</li>
<li class="level1"><div class="li"> Email</div>
</li>
</ul>
</div>
<!-- EDIT8 SECTION "LL::NG" [14173-14551] -->
<h2 class="sectionedit9" id="other_resources">Other resources</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="https://www.youtube.com/watch?v=5tS0XrC_-rw" class="urlextern" title="https://www.youtube.com/watch?v=5tS0XrC_-rw" rel="nofollow">DevCon 2012: Unlocking the Secrets of Alfresco Authentication, Mehdi Belmekki</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://community.alfresco.com/blogs/alfresco-premier-services/2017/08/03/setting-up-alfresco-saml-authentication-lemonldapng" class="urlextern" title="https://community.alfresco.com/blogs/alfresco-premier-services/2017/08/03/setting-up-alfresco-saml-authentication-lemonldapng" rel="nofollow">Setting up Alfresco SAML authentication with LemonLDAP::NG</a></div>
</li>
</ul>
</div>
<!-- EDIT9 SECTION "Other resources" [14552-] --></div>
</body>
</html>

111
doc/pages/documentation/current/applications/authbasic.html
View File

@ -1,111 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:authbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,authbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authbasic.html"/>
<link rel="contents" href="authbasic.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:authbasic","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="http_basic_authentication">HTTP Basic Authentication</h1>
<div class="level1">
<p>
<a href="http_logo.png_documentation_2.0_applications_authbasic.html" class="media" title="applications:http_logo.png"><img src="http_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "HTTP Basic Authentication" [1-77] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<div class="noteimportant">For now, this feature is only supported by Apache handler.
</div>
<p>
Extract from the <a href="http://en.wikipedia.org/wiki/Basic_access_authentication" class="urlextern" title="http://en.wikipedia.org/wiki/Basic_access_authentication" rel="nofollow">Wikipedia article</a>:
</p>
<p>
<blockquote>
In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials in the form of a user name and password when making a request.
</p>
<p>
Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings &quot;on the fly&quot;.
</blockquote>
</p>
<p>
So HTTP Basic Authentication is managed trough an HTTP header (<code>Authorization</code>), that can be forged by <abbr title="LemonLDAP::NG">LL::NG</abbr>, with this precautions:
</p>
<ul>
<li class="level1"><div class="li"> Data should not contains accents or special characters, as HTTP protocol only allow <abbr title="American Standard Code for Information Interchange">ASCII</abbr> values in header (but depending on the HTTP server, you can use ISO encoded values)</div>
</li>
<li class="level1"><div class="li"> You need to forward the password, which can be the user main password (if <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">password is stored in session</a>, or any user attribute (if you keep secondary passwords in users database).</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [78-1536] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
The Basic Authentication relies on a specific HTTP header, as described above. So you have just to declare this header for the virtual host in Manager.
</p>
<p>
For example, to forward login (<code>$uid</code>) and password (<code>$_password</code> if <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">password is stored in session</a>):
</p>
<pre class="code">Authorization =&gt; &quot;Basic &quot;.encode_base64(&quot;$uid:$_password&quot;, &quot;&quot;)</pre>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> provides a special function named <a href="../extendedfunctions.html#basic" class="wikilink1" title="documentation:2.0:extendedfunctions">basic</a> to build this header.
</p>
<p>
So the above example can also be written like this:
</p>
<pre class="code">Authorization =&gt; basic($uid,$_password)</pre>
<div class="notetip">The <code>basic</code> function will also force conversion from UTF-8 to ISO-8859-1, which should be accepted by most of HTTP servers.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [1537-] --></div>
</body>
</html>

134
doc/pages/documentation/current/applications/aws.html
View File

@ -1,134 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:aws</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,aws"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="aws.html"/>
<link rel="contents" href="aws.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:aws","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="amazon_web_services">Amazon Web Services</h1>
<div class="level1">
<p>
<a href="https://aws.amazon.com" class="urlextern" title="https://aws.amazon.com" rel="nofollow">Amazon Web Services</a> allows one to delegate authentication through SAML2.
</p>
</div>
<!-- EDIT1 SECTION "Amazon Web Services" [1-136] -->
<h2 class="sectionedit2" id="saml">SAML</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> Make sure you have followed the steps <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html" class="urlextern" title="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html" rel="nofollow">here</a>.</div>
</li>
<li class="level1"><div class="li"> Go to <a href="https://your.portal.com/saml/metadata" class="urlextern" title="https://your.portal.com/saml/metadata" rel="nofollow">https://your.portal.com/saml/metadata</a> and save the resulting file locally.</div>
</li>
<li class="level1"><div class="li"> In each AWS account, go to IAM -&gt; Identity providers -&gt; Create Provider.</div>
</li>
<li class="level1"><div class="li"> Select <code><abbr title="Security Assertion Markup Language">SAML</abbr></code> as the provider type</div>
</li>
<li class="level1"><div class="li"> Choose a name (best if kept consistent between accounts), and then choose the metadata file you saved above.</div>
</li>
<li class="level1"><div class="li"> Looking again at the links on the left side of the page, go to Roles -&gt; Create role</div>
</li>
<li class="level1"><div class="li"> Choose <code><abbr title="Security Assertion Markup Language">SAML</abbr> / Saml 2.0 federation</code></div>
</li>
<li class="level1"><div class="li"> Select the provider you just configured, click <code>Allow programmatic and AWSManagement Console access</code> which will fill in the rest of the form for you, then click next.</div>
</li>
<li class="level1"><div class="li"> Set whatever permissions you need to and then click <code>Review</code>.</div>
</li>
<li class="level1"><div class="li"> Choose a name for the role. These will shown to people when they log in, so make them descriptive. We have different accounts for different regions of the world, so I put the region into the role name so people know which account is which.</div>
</li>
</ul>
<div class="noteclassic">If you have only one role, the configuration is simple. If you have multiple
roles for different people, it is a little trickier. As you will see, the <abbr title="Security Assertion Markup Language">SAML</abbr>
attributes are not dynamic, so you have to set them in the session when a user
logs in or use a custom function. In this example, I wanted to avoid managing
custom functions on all the servers, so the <abbr title="Security Assertion Markup Language">SAML</abbr> attributes are set in
the session. We also use LDAP for user information, so I will describe that.
In our LDAP tree, each user has attributes which are used quite heavily for
dynamic groups and authorisation. You will want something
similar, using whatever attribute makes sense to you. For example:<pre class="code file ldif"> <span class="re0">dn</span>:<span class="re1"> uid=user,ou=people,dc=your,dc=com</span>
...
<span class="re0">ou</span>:<span class="re1"> sysadmin</span>
<span class="re0">ou</span>:<span class="re1"> database</span>
<span class="re0">ou</span>:<span class="re1"> root</span></pre>
</div><ul>
<li class="level1"><div class="li"> Assuming you use the web interface to manage lemonldap, go to General Parameters -&gt; Authentication parameters -&gt; LDAP parameters -&gt; Exported variables. Here set the key to the LDAP attribute and the value to something sensible. I keep them the same to make it easy.</div>
</li>
<li class="level1"><div class="li"> Now go to *Variables -&gt; Macros*. Here set up variables which will be computed based on the attributes you exported above. You will need to emit strings in this format <code>arn:aws:iam::account-number:role/role-name1,arn:aws:iam::account-number:saml-provider/provider-name</code>. The parts you need to change are <code>account-number</code>, <code>role-name1</code> and <code>provier-name</code>. The last two will be the provider name and role names you just set up in AWS.</div>
</li>
<li class="level1"><div class="li"> Perl works in here, so something like this is valid: <code>aws_eu_role</code> -&gt; <code>$ou =~ sysadmin ? &quot;arn:aws...&quot; : &quot;arn:...&quot;</code></div>
</li>
<li class="level1"><div class="li"> If it easier, split multiple roles into different macros. Then tie all the variables you define together into one string concatenating them with whatever is in General Parameters -&gt; Advanced Parameters -&gt; Separator. Actually click into this field and move around with the arrow keys to see if there is a space, since spaces can be part of the separator.</div>
</li>
<li class="level1"><div class="li"> Remember macros are defined alphanumerically, so you want one right at the end, like <code>z_aws_roles</code> -&gt; <code>join(&quot;; &quot;, $role_name1, $role_name2, ...)</code></div>
</li>
<li class="level1"><div class="li"> On the left again, click <code><abbr title="Security Assertion Markup Language">SAML</abbr> service providers</code>, then <code>Add <abbr title="Security Assertion Markup Language">SAML</abbr> SP</code>.</div>
</li>
<li class="level1"><div class="li"> Enter a name, click ok, then select it on the left. Select <code>Metadata</code>, then enter `<a href="https://signin.aws.amazon.com/static/saml-metadata.xml" class="urlextern" title="https://signin.aws.amazon.com/static/saml-metadata.xml" rel="nofollow">https://signin.aws.amazon.com/static/saml-metadata.xml</a>` in the <code><abbr title="Uniform Resource Locator">URL</abbr></code> field, then click load.</div>
</li>
<li class="level1"><div class="li"> Click <code>Exported attributes</code> on the left, then <code>Add attribute</code> twice to add two attributes. The first field is the name of a variable set in the user&#039;s session:</div>
<ul>
<li class="level2"><div class="li"> <code>_whatToTrace</code> -&gt; <code><a href="https://aws.amazon.com/SAML/Attributes/RoleSessionName" class="urlextern" title="https://aws.amazon.com/SAML/Attributes/RoleSessionName" rel="nofollow">https://aws.amazon.com/SAML/Attributes/RoleSessionName</a></code> (leave the rest)</div>
</li>
<li class="level2"><div class="li"> <code>z_aws_roles</code> (the macro name you defined above) -&gt; <code><a href="https://aws.amazon.com/SAML/Attributes/Role" class="urlextern" title="https://aws.amazon.com/SAML/Attributes/Role" rel="nofollow">https://aws.amazon.com/SAML/Attributes/Role</a></code> (leave the rest)</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> On the left, select Options -&gt; Security -&gt; Enable use of IDP initiated <abbr title="Uniform Resource Locator">URL</abbr> -&gt; On</div>
</li>
<li class="level1"><div class="li"> Select General Parameters -&gt; Portal -&gt; Menu -&gt; Categories and applications</div>
</li>
<li class="level1"><div class="li"> Select a category or create a new one if you need to. Then click <code>New application</code>. </div>
</li>
<li class="level1"><div class="li"> Enter a name etc. For the <abbr title="Uniform Resource Locator">URL</abbr>, use <code><a href="https://your.portal.com/saml/singleSignOn?IDPInitiated=1&amp;sp=urn:amazon:webservices" class="urlextern" title="https://your.portal.com/saml/singleSignOn?IDPInitiated=1&amp;sp=urn:amazon:webservices" rel="nofollow">https://your.portal.com/saml/singleSignOn?IDPInitiated=1&amp;sp=urn:amazon:webservices</a></code></div>
</li>
<li class="level1"><div class="li"> Display application should be set to <code>Enabled</code></div>
</li>
<li class="level1"><div class="li"> Go to your portal, click on the link, and check that it works!</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "SAML" [137-] --></div>
</body>
</html>

352
doc/pages/documentation/current/applications/awx.html
View File

@ -1,352 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:awx</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,awx"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="awx.html"/>
<link rel="contents" href="awx.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:awx","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#awx_saml_key_certificate">AWX SAML Key &amp; Certificate</a></div></li>
<li class="level2"><div class="li"><a href="#llng_saml_certificate">LLNG SAML Certificate</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#generate_certificate_from_key">Generate Certificate from Key</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#awx">AWX</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#saml_service_provider_entity_id">SAML Service Provider Entity ID</a></div></li>
<li class="level3"><div class="li"><a href="#saml_service_provider_public_certificate">SAML Service Provider Public Certificate</a></div></li>
<li class="level3"><div class="li"><a href="#saml_service_provider_private_key">SAML Service Provider Private Key</a></div></li>
<li class="level3"><div class="li"><a href="#saml_service_provider_organization_info">SAML Service Provider Organization Info</a></div></li>
<li class="level3"><div class="li"><a href="#saml_service_provider_technical_contact">SAML Service Provider Technical Contact</a></div></li>
<li class="level3"><div class="li"><a href="#saml_service_provider_support_contact">SAML Service Provider Support Contact</a></div></li>
<li class="level3"><div class="li"><a href="#saml_enabled_identity_providers">SAML Enabled Identity Providers</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#lemonldapng">LemonLDAP:NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="awx_ansible_tower">AWX (Ansible Tower)</h1>
<div class="level1">
<p>
<img src="logo-awx.png" class="mediacenter" alt="" />
<img src="logo-ansibletower.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "AWX (Ansible Tower)" [1-127] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://github.com/ansible/awx" class="urlextern" title="https://github.com/ansible/awx" rel="nofollow">AWX</a> is the upstream version for Ansible Tower.
</p>
<p>
This documentation explains how to interconnect LemonLDAP::NG and AWX using <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0 protocol.
</p>
<p>
You can find the Official AWX documentation about this topic here : <a href="https://docs.ansible.com/ansible-tower/latest/html/administration/ent_auth.html#saml-authentication-settings" class="urlextern" title="https://docs.ansible.com/ansible-tower/latest/html/administration/ent_auth.html#saml-authentication-settings" rel="nofollow">https://docs.ansible.com/ansible-tower/latest/html/administration/ent_auth.html#saml-authentication-settings</a> Please read it before the LLNG doc.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [128-546] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
This page assumes you already have configured the <abbr title="Security Assertion Markup Language">SAML</abbr> Service in LemonLDAP::NG, if not please follow : <a href="../documentation/latest/samlservice.html" class="wikilink1" title="documentation:latest:samlservice">SAML service configuration</a>
</p>
</div>
<!-- EDIT3 SECTION "Configuration" [547-742] -->
<h3 class="sectionedit4" id="awx_saml_key_certificate">AWX SAML Key &amp; Certificate</h3>
<div class="level3">
<p>
You&#039;ll need a private key and the corresponding certificate to setup saml in AWX, you can do it with your pki or with openssl on your machine :
</p>
<pre class="code">openssl req -x509 -newkey rsa:4096 -keyout saml-awx.key -out saml-awx.crt -days 3650 -nodes</pre>
</div>
<!-- EDIT4 SECTION "AWX SAML Key & Certificate" [743-1033] -->
<h3 class="sectionedit5" id="llng_saml_certificate">LLNG SAML Certificate</h3>
<div class="level3">
<p>
AWX need a certificate for the IDP signature, a public key won&#039;t work. You can either just generate a certificate from the private key and put it in AWX conf, or you can do it globally.
</p>
</div>
<h4 id="generate_certificate_from_key">Generate Certificate from Key</h4>
<div class="level4">
<p>
You can find your private key in : SAML2 Service -&gt; Security Parameters -&gt; Signature -&gt; Private Key
</p>
<p>
Copy it somewhere secure as lemonldap.key, and then generate the certificate with this command :
</p>
<pre class="code">openssl req -new -x509 -days 3650 -key lemonldap.key &gt; lemonldap.crt</pre>
<p>
After that, if you want, you can replace your <abbr title="Security Assertion Markup Language">SAML</abbr> public key with this certificate in LLNG configuration, this is not mandatory.
</p>
</div>
<!-- EDIT5 SECTION "LLNG SAML Certificate" [1034-1707] -->
<h3 class="sectionedit6" id="awx">AWX</h3>
<div class="level3">
<p>
You&#039;ll need an administrator account, then go to Settings -&gt; Authentication -&gt; <abbr title="Security Assertion Markup Language">SAML</abbr>
</p>
<p>
<img src="saml-awx.png" class="mediacenter" alt="" />
</p>
<p>
There is a few settings :
</p>
</div>
<h4 id="saml_service_provider_entity_id">SAML Service Provider Entity ID</h4>
<div class="level4">
<p>
This is the entityID for awx, lets put the fqdn :
</p>
<pre class="code">awx.example.com</pre>
</div>
<h4 id="saml_service_provider_public_certificate">SAML Service Provider Public Certificate</h4>
<div class="level4">
<p>
Put the content of <code>saml-awx.crt</code> :
</p>
<pre class="code">-----BEGIN CERTIFICATE-----
cert
-----END CERTIFICATE-----</pre>
</div>
<h4 id="saml_service_provider_private_key">SAML Service Provider Private Key</h4>
<div class="level4">
<p>
Put the content of <code>saml-awx.key</code> :
</p>
<pre class="code">-----BEGIN RSA PRIVATE KEY-----
key
-----END RSA PRIVATE KEY-----</pre>
<p>
It will be replaced with
</p>
<pre class="code">$encrypted$</pre>
<p>
after you save the settings.
</p>
</div>
<h4 id="saml_service_provider_organization_info">SAML Service Provider Organization Info</h4>
<div class="level4">
<p>
Organization Info for The SP, this is purely &quot;for looks&quot;
</p>
<pre class="code">{
&quot;en-US&quot;: {
&quot;displayname&quot;: &quot;AWX ACME&quot;,
&quot;url&quot;: &quot;https://awx.example.com&quot;,
&quot;name&quot;: &quot;awxacme&quot;
}
}</pre>
</div>
<h4 id="saml_service_provider_technical_contact">SAML Service Provider Technical Contact</h4>
<div class="level4">
<p>
Technical Contact for the SP
</p>
<pre class="code">{
&quot;emailAddress&quot;: &quot;support@example.com&quot;,
&quot;givenName&quot;: &quot;Support ACME&quot;
}</pre>
</div>
<h4 id="saml_service_provider_support_contact">SAML Service Provider Support Contact</h4>
<div class="level4">
<p>
Support Contact for the SP
</p>
<pre class="code">{
&quot;emailAddress&quot;: &quot;support@example.com&quot;,
&quot;givenName&quot;: &quot;Support ACME&quot;
}</pre>
</div>
<h4 id="saml_enabled_identity_providers">SAML Enabled Identity Providers</h4>
<div class="level4">
<p>
This is the configuration of the IdP :
</p>
<pre class="code">{
&quot;lemonldap&quot;: {
&quot;attr_last_name&quot;: &quot;sn&quot;,
&quot;x509cert&quot;: &quot;SOXGp.....&quot;,
&quot;attr_username&quot;: &quot;uid&quot;,
&quot;entity_id&quot;: &quot;https://auth.example.com/saml/metadata&quot;,
&quot;attr_first_name&quot;: &quot;givenName&quot;,
&quot;attr_email&quot;: &quot;mail&quot;,
&quot;attr_user_permanent_id&quot;: &quot;uid&quot;,
&quot;url&quot;: &quot;https://auth.example.com/saml/singleSignOn&quot;
}
}</pre>
<ul>
<li class="level1"><div class="li"> &quot;attr_last_name&quot;: &quot;sn&quot; <abbr title="Security Assertion Markup Language">SAML</abbr> Attribute for the user last name</div>
</li>
<li class="level1"><div class="li"> &quot;x509cert&quot;: &quot;SOXGp.....&quot; the content of <code>lemonldap.crt</code> generated in the &quot;LLNG <abbr title="Security Assertion Markup Language">SAML</abbr> Certificate&quot; section</div>
</li>
<li class="level1"><div class="li"> &quot;attr_username&quot;: &quot;uid&quot; <abbr title="Security Assertion Markup Language">SAML</abbr> Attribute for the user username</div>
</li>
<li class="level1"><div class="li"> &quot;entity_id&quot;: &quot;<a href="https://auth.example.com/saml/metadata" class="urlextern" title="https://auth.example.com/saml/metadata" rel="nofollow">https://auth.example.com/saml/metadata</a>&quot; entityID of the IdP</div>
</li>
<li class="level1"><div class="li"> &quot;attr_first_name&quot;: &quot;givenName&quot; <abbr title="Security Assertion Markup Language">SAML</abbr> Attribute for the user first name</div>
</li>
<li class="level1"><div class="li"> &quot;attr_email&quot;: &quot;mail&quot; <abbr title="Security Assertion Markup Language">SAML</abbr> Attribute user for the user email</div>
</li>
<li class="level1"><div class="li"> &quot;attr_user_permanent_id&quot;: &quot;uid&quot; <abbr title="Security Assertion Markup Language">SAML</abbr> Attribute for the user unique id inside AWX</div>
</li>
<li class="level1"><div class="li"> &quot;url&quot;: &quot;<a href="https://auth.example.com/saml/singleSignOn" class="urlextern" title="https://auth.example.com/saml/singleSignOn" rel="nofollow">https://auth.example.com/saml/singleSignOn</a>&quot; <abbr title="Security Assertion Markup Language">SAML</abbr> <abbr title="Single Sign On">SSO</abbr> Url</div>
</li>
</ul>
<p>
Save your configuration.
</p>
</div>
<!-- EDIT6 SECTION "AWX" [1708-3983] -->
<h3 class="sectionedit7" id="lemonldapng">LemonLDAP:NG</h3>
<div class="level3">
<p>
We now have to define a service provider in LL:NG.
</p>
<p>
Go to &quot;<abbr title="Security Assertion Markup Language">SAML</abbr> service providers&quot;, click on &quot;Add <abbr title="Security Assertion Markup Language">SAML</abbr> SP&quot; and name it as you want (example : &#039;AWX&#039;)
</p>
<p>
In the new subtree &#039;AWX&#039;, open &#039;Metadata&#039; and paste the content of the AWX Metadatas, wich can be found at the
</p>
<pre class="code">SAML Service Provider Metadata URL</pre>
<p>
in AWX : <a href="https://awx.example.com/sso/metadata/saml/" class="urlextern" title="https://awx.example.com/sso/metadata/saml/" rel="nofollow">https://awx.example.com/sso/metadata/saml/</a>
</p>
<p>
<img src="awx-metadata.png" class="mediacenter" alt="" />
</p>
<p>
Now go in &quot;Exported attributes&quot; and add, the &#039;uid&#039;, &#039;sn&#039;, &#039;givenName&#039;, &#039;mail&#039;.
</p>
<p>
All four attributes are mandatory for AWX. Make sure they match the names of the attributes available in your LemonLDAP sessions.
</p>
<p>
<img src="awx-attr.png" class="mediacenter" alt="" />
</p>
<p>
Don&#039;t forget to save your configuration.
</p>
<p>
You are now good to go, and you can add the application in <a href="../portalmenu.html" class="wikilink1" title="documentation:2.0:portalmenu">your menu</a> and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">your virtual hosts</a>.
</p>
<p>
You should now have a <abbr title="Security Assertion Markup Language">SAML</abbr> button on the login page :
</p>
<p>
<img src="awx-saml-login.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT7 SECTION "LemonLDAP:NG" [3984-] --></div>
</body>
</html>

207
doc/pages/documentation/current/applications/bugzilla.html
View File

@ -1,207 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:bugzilla</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,bugzilla"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="bugzilla.html"/>
<link rel="contents" href="bugzilla.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:bugzilla","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#bugzilla_administration">Bugzilla administration</a></div></li>
<li class="level2"><div class="li"><a href="#bugzilla_virtual_host">Bugzilla virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#bugzilla_virtual_host_in_manager">Bugzilla virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="bugzilla">Bugzilla</h1>
<div class="level1">
<p>
<a href="bugzilla_logo.png_documentation_2.0_applications_bugzilla.html" class="media" title="applications:bugzilla_logo.png"><img src="bugzilla_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Bugzilla" [1-64] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.bugzilla.org" class="urlextern" title="http://www.bugzilla.org" rel="nofollow">Bugzilla</a> is server software designed to help you manage software development.
</p>
<p>
Bugzilla can authenticate a user with HTTP headers, and auto-create its account with a few information:
</p>
<ul>
<li class="level1"><div class="li"> User ID</div>
</li>
<li class="level1"><div class="li"> Email</div>
</li>
<li class="level1"><div class="li"> Real name</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [65-338] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [339-365] -->
<h3 class="sectionedit4" id="bugzilla_administration">Bugzilla administration</h3>
<div class="level3">
<p>
In Bugzilla administration interface, go in <code>Parameters</code> » <code>User authentication</code>
</p>
<p>
Then set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>auth_env_id</strong>: HTTP_AUTH_USER</div>
</li>
<li class="level1"><div class="li"> <strong>auth_env_email</strong>: HTTP_AUTH_MAIL</div>
</li>
<li class="level1"><div class="li"> <strong>auth_env_realname</strong>: HTTP_AUTH_CN</div>
</li>
<li class="level1"><div class="li"> <strong>user_info_class</strong>: Env or Env,CGI</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Bugzilla administration" [366-653] -->
<h3 class="sectionedit5" id="bugzilla_virtual_host">Bugzilla virtual host</h3>
<div class="level3">
<p>
Configure Bugzilla virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> bugzilla.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name bugzilla.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "Bugzilla virtual host" [654-1913] -->
<h3 class="sectionedit6" id="bugzilla_virtual_host_in_manager">Bugzilla virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Bugzilla.
</p>
<p>
Configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>.
</p>
<p>
Configure the following <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">headers</a>.
</p>
<ul>
<li class="level1"><div class="li"> <strong>Auth-User</strong>: $uid</div>
</li>
<li class="level1"><div class="li"> <strong>Auth-Mail</strong>: $mail</div>
</li>
<li class="level1"><div class="li"> <strong>Auth-Cn</strong>: $cn</div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Bugzilla virtual host in Manager" [1914-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/bugzilla_logo.png_documentation_2.0_applications_bugzilla.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:bugzilla_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="bugzilla.html"/>
<link rel="contents" href="bugzilla.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:bugzilla_logo.png </h1>
<div class="content">
<a href="bugzilla_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="61" height="80" class="img_detail" alt="bugzilla_logo.png" title="bugzilla_logo.png" src="bugzilla_logo.f274c243263eb23ca6744a85c48196e8.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> bugzilla_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>bugzilla_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>6KB</dd><dt>Width:</dt><dd>61</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="bugzilla.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:bugzilla [B]">Back to documentation:2.0:applications:bugzilla</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

176
doc/pages/documentation/current/applications/cornerstone.html
View File

@ -1,176 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:cornerstone</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,cornerstone"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="cornerstone.html"/>
<link rel="contents" href="cornerstone.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:cornerstone","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#new_service_provider">New Service Provider</a></div></li>
<li class="level2"><div class="li"><a href="#csod_control_panel">CSOD control panel</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#certificate">Certificate</a></div></li>
<li class="level3"><div class="li"><a href="#saml_assertion">SAML assertion</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="cornerstone_on_demand">Cornerstone On Demand</h1>
<div class="level1">
<p>
<a href="csod_logo.png_documentation_2.0_applications_cornerstone.html" class="media" title="applications:csod_logo.png"><img src="csod_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Cornerstone On Demand" [1-73] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.cornerstoneondemand.com/" class="urlextern" title="http://www.cornerstoneondemand.com/" rel="nofollow">CornerStone On Demand (CSOD)</a> allows one to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It works by default with IDP intiated mechanism, but can works with the standard SP initiated cinematic.
</p>
<p>
To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
</p>
<ul>
<li class="level1"><div class="li"> An enterprise account</div>
</li>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configured as <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a></div>
</li>
<li class="level1"><div class="li"> Registered users on CSOD with the same email than those used by <abbr title="LemonLDAP::NG">LL::NG</abbr> (email will be the NameID exchanged between CSOD and <abbr title="LemonLDAP::NG">LL::NG</abbr>)</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [74-578] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [579-605] -->
<h3 class="sectionedit4" id="new_service_provider">New Service Provider</h3>
<div class="level3">
<p>
You should have configured <abbr title="LemonLDAP::NG">LL::NG</abbr> as an <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a>,
</p>
<p>
Now we will add CSOD as a new <abbr title="Security Assertion Markup Language">SAML</abbr> Service Provider:
</p>
<ol>
<li class="level1"><div class="li"> In Manager, click on <abbr title="Security Assertion Markup Language">SAML</abbr> service providers and the button <code>New service provider</code>.</div>
</li>
<li class="level1"><div class="li"> Set csod as Service Provider name.</div>
</li>
<li class="level1"><div class="li"> Set <code>Email</code> in <code>Options</code> » <code>Authentication Response</code> » <code>Default NameID format</code></div>
</li>
<li class="level1"><div class="li"> Select <code>Metadata</code>, and unprotect the field to paste the following value:</div>
</li>
</ol>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;md:EntityDescriptor</span> <span class="re0">entityID</span>=<span class="st0">&quot;mycompanyid.csod.com&quot;</span> <span class="re0">xmlns</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;</span> <span class="re0">xmlns:ds</span>=<span class="st0">&quot;http://www.w3.org/2000/09/xmldsig#&quot;</span> <span class="re0">xmlns:md</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;SPSSODescriptor</span> <span class="re0">protocolSupportEnumeration</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:protocol&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;KeyDescriptor</span> <span class="re0">use</span>=<span class="st0">&quot;signing&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;ds:KeyInfo</span> <span class="re0">xmlns:ds</span>=<span class="st0">&quot;http://www.w3.org/2000/09/xmldsig#&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;ds:X509Data<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;ds:X509Certificate<span class="re2">&gt;</span></span></span>
Base64 encoded CSOD certificate
<span class="sc3"><span class="re1">&lt;/ds:X509Certificate<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/ds:X509Data<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/ds:KeyInfo<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/KeyDescriptor<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;AssertionConsumerService</span> <span class="re0">Binding</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&quot;</span> <span class="re0">Location</span>=<span class="st0">&quot;https://mycompanyid.csod.com/samldefault.aspx&quot;</span> <span class="re0">index</span>=<span class="st0">&quot;1&quot;</span> <span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;NameIDFormat<span class="re2">&gt;</span></span></span>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress<span class="sc3"><span class="re1">&lt;/NameIDFormat<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/SPSSODescriptor<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/md:EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
<div class="noteimportant">Change <strong>mycompanyid</strong> (in <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) into your CSOD company ID and put the certificate value inside the ds:X509Certificate markup
</div>
</div>
<!-- EDIT4 SECTION "New Service Provider" [606-2120] -->
<h3 class="sectionedit5" id="csod_control_panel">CSOD control panel</h3>
<div class="level3">
<p>
CSOD needs two things to configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as an IDP:
</p>
<ul>
<li class="level1"><div class="li"> Certificate</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> assertion</div>
</li>
</ul>
</div>
<h4 id="certificate">Certificate</h4>
<div class="level4">
<p>
See <a href="../samlservice.html#security_parameters" class="wikilink1" title="documentation:2.0:samlservice">SAML security parameters</a> to know how generate a certificate from you <abbr title="Security Assertion Markup Language">SAML</abbr> private key.
</p>
</div>
<h4 id="saml_assertion">SAML assertion</h4>
<div class="level4">
<p>
You need to use the IDP initiated feature of <abbr title="LemonLDAP::NG">LL::NG</abbr>. Just call this <abbr title="Uniform Resource Locator">URL</abbr>:
</p>
<pre class="code">https://auth.example.com/saml/singleSignOn?IDPInitiated=1&amp;sp=mycompanyid.csod.com</pre>
</div>
<!-- EDIT5 SECTION "CSOD control panel" [2121-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/csod_logo.png_documentation_2.0_applications_cornerstone.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:csod_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="cornerstone.html"/>
<link rel="contents" href="cornerstone.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:csod_logo.png </h1>
<div class="content">
<a href="csod_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="293" height="108" class="img_detail" alt="csod_logo.png" title="csod_logo.png" src="csod_logo.98601d1d0f9c2c830e0058d139a1d95e.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> csod_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>csod_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>32KB</dd><dt>Width:</dt><dd>293</dd><dt>Height:</dt><dd>108</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="cornerstone.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:cornerstone [B]">Back to documentation:2.0:applications:cornerstone</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

151
doc/pages/documentation/current/applications/discourse.html
View File

@ -1,151 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:discourse</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,discourse"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="discourse.html"/>
<link rel="contents" href="discourse.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:discourse","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#discourse_configuration">Discourse configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#plugin_installation">Plugin installation</a></div></li>
<li class="level2"><div class="li"><a href="#plugin_configuration">Plugin configuration</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="discourse">Discourse</h1>
<div class="level1">
<p>
<a href="discourse.jpg_documentation_2.0_applications_discourse.html" class="media" title="applications:discourse.jpg"><img src="discourse.jpeg" class="mediacenter" title="discourse.jpg" alt="discourse.jpg" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Discourse" [1-61] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://www.discourse.org/" class="urlextern" title="https://www.discourse.org/" rel="nofollow">Discourse</a> is a conversation-oriented forum engine
</p>
<p>
Discourse supports <a href="https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045" class="urlextern" title="https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045" rel="nofollow">its own Single-Sign-On scheme</a> but is also compatible with standard protocols such as <abbr title="Security Assertion Markup Language">SAML</abbr> and OpenID Connect, through plugins.
</p>
<p>
This documentation illustrates the OpenID Connect plugin.
</p>
<p>
First, make sure you have set up LemonLDAP::NG &#039;s <a href="../openidconnectservice.html" class="wikilink1" title="documentation:2.0:openidconnectservice">OpenID Connect service</a> and added <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">a Relaying Party for your Discourse instance</a>
</p>
<p>
Discourse can use the following OpenID Connect attributes to fill the user&#039;s profile:
</p>
<ul>
<li class="level1"><div class="li"> name</div>
</li>
<li class="level1"><div class="li"> email</div>
</li>
<li class="level1"><div class="li"> given_name</div>
</li>
<li class="level1"><div class="li"> family_name</div>
</li>
<li class="level1"><div class="li"> preferred_username</div>
</li>
<li class="level1"><div class="li"> picture</div>
</li>
</ul>
<p>
Make sure you create a username and password for the Relying Party, and that the discourse callback <abbr title="Uniform Resource Locator">URL</abbr> is allowed : <a href="https://discourse.example.com/auth/oidc/callback" class="urlextern" title="https://discourse.example.com/auth/oidc/callback" rel="nofollow">https://discourse.example.com/auth/oidc/callback</a>
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [62-985] -->
<h2 class="sectionedit3" id="discourse_configuration">Discourse configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Discourse configuration" [986-1022] -->
<h3 class="sectionedit4" id="plugin_installation">Plugin installation</h3>
<div class="level3">
<p>
Install the <a href="https://meta.discourse.org/t/openid-connect-authentication-plugin/103632" class="urlextern" title="https://meta.discourse.org/t/openid-connect-authentication-plugin/103632" rel="nofollow">Discourse OpenID Connect Plugin</a> according to these instructions
</p>
</div>
<!-- EDIT4 SECTION "Plugin installation" [1023-1207] -->
<h3 class="sectionedit5" id="plugin_configuration">Plugin configuration</h3>
<div class="level3">
<p>
Browse to your Discourse admin interface, and to the plugin settings
</p>
<ul>
<li class="level1"><div class="li"> openid_connect_enabled: <em>Yes</em></div>
</li>
<li class="level1"><div class="li"> openid_connect_discovery_document: <a href="https://auth.example.com/.well-known/openid-configuration" class="urlextern" title="https://auth.example.com/.well-known/openid-configuration" rel="nofollow">https://auth.example.com/.well-known/openid-configuration</a></div>
</li>
<li class="level1"><div class="li"> openid_connect_client_id: <em>Client ID you chose when configuring the Relying Party</em></div>
</li>
<li class="level1"><div class="li"> openid_connect_client_secret: <em>Client Secret you chose when configuring the Relying Party</em></div>
</li>
<li class="level1"><div class="li"> openid_connect_authorize_scope: <em>openid email profile</em></div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "Plugin configuration" [1208-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/discourse.jpg_documentation_2.0_applications_discourse.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:discourse.jpg [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="discourse.html"/>
<link rel="contents" href="discourse.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:discourse.jpg </h1>
<div class="content">
<a href="discourse.0fea6a13c52b4d4725368f24b045ca84.jpeg" title="View original file"><img width="218" height="64" class="img_detail" alt="discourse.jpg" title="discourse.jpg" src="discourse.6e7dfb78b54a5324836f41bb225c015f.jpeg"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> discourse.jpg</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2019/02/21 16:43</dd><dt>Filename:</dt><dd>discourse.jpg</dd><dt>Format:</dt><dd>JPEG</dd><dt>Size:</dt><dd>4KB</dd><dt>Width:</dt><dd>218</dd><dt>Height:</dt><dd>64</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="discourse.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:discourse [B]">Back to documentation:2.0:applications:discourse</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

75
doc/pages/documentation/current/applications/django.html
View File

@ -1,75 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:django</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,django"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="django.html"/>
<link rel="contents" href="django.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:django","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="django">Django</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Django" [1-22] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://www.djangoproject.com/" class="urlextern" title="https://www.djangoproject.com/" rel="nofollow">Django</a> is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [23-191] -->
<h2 class="sectionedit3" id="connector">Connector</h2>
<div class="level2">
<p>
The Django connector is available on GitHub: <a href="https://github.com/rclsilver/django-lemonldap" class="urlextern" title="https://github.com/rclsilver/django-lemonldap" rel="nofollow">https://github.com/rclsilver/django-lemonldap</a>
</p>
<p>
See the README to know how install and configure it.
</p>
</div>
<!-- EDIT3 SECTION "Connector" [192-] --></div>
</body>
</html>

209
doc/pages/documentation/current/applications/dokuwiki.html
View File

@ -1,209 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:dokuwiki</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,dokuwiki"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="dokuwiki.html"/>
<link rel="contents" href="dokuwiki.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:dokuwiki","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#http_headers">HTTP headers</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#plugin_installation">Plugin installation</a></div></li>
<li class="level2"><div class="li"><a href="#dokuwiki_configuration">Dokuwiki configuration</a></div></li>
<li class="level2"><div class="li"><a href="#dokuwiki_virtual_host">Dokuwiki virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#dokuwiki_virtual_host_in_manager">Dokuwiki virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="dokuwiki">Dokuwiki</h1>
<div class="level1">
<p>
<a href="dokuwiki_logo.png_documentation_2.0_applications_dokuwiki.html" class="media" title="applications:dokuwiki_logo.png"><img src="dokuwiki_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Dokuwiki" [1-64] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.dokuwiki.org/" class="urlextern" title="http://www.dokuwiki.org/" rel="nofollow">DokuWiki</a> is a standards compliant, simple to use Wiki, mainly aimed at creating documentation of any kind. It is targeted at developer teams, workgroups and small companies. It has a simple but powerful syntax which makes sure the data files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no database is required.
</p>
<div class="notetip">LemonLDAP::NG wiki uses Dokuwiki!
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [65-559] -->
<h2 class="sectionedit3" id="http_headers">HTTP headers</h2>
<div class="level2">
<p>
You need to install a Dokuwiki plugin, available on <a href="https://www.dokuwiki.org/plugins" class="urlextern" title="https://www.dokuwiki.org/plugins" rel="nofollow">Dokuwiki plugins registry</a>: <a href="https://www.dokuwiki.org/plugin:authlemonldap" class="urlextern" title="https://www.dokuwiki.org/plugin:authlemonldap" rel="nofollow">https://www.dokuwiki.org/plugin:authlemonldap</a>
</p>
</div>
<!-- EDIT3 SECTION "HTTP headers" [560-748] -->
<h3 class="sectionedit4" id="plugin_installation">Plugin installation</h3>
<div class="level3">
<p>
Install the plugin using the <a href="https://www.dokuwiki.org/plugin:plugin" class="urlextern" title="https://www.dokuwiki.org/plugin:plugin" rel="nofollow">Plugin Manager</a>.
</p>
</div>
<!-- EDIT4 SECTION "Plugin installation" [749-868] -->
<h3 class="sectionedit5" id="dokuwiki_configuration">Dokuwiki configuration</h3>
<div class="level3">
<p>
As administrator, go in Dokuwiki parameters and set:
</p>
<ul>
<li class="level1"><div class="li"> Authentication backend: authlemonldap</div>
</li>
<li class="level1"><div class="li"> Manager: set which users and/or groups will be admin</div>
</li>
</ul>
<p>
<a href="screenshot_dokuwiki_configuration.png_documentation_2.0_applications_dokuwiki.html" class="media" title="applications:screenshot_dokuwiki_configuration.png"><img src="screenshot_dokuwiki_configuration.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT5 SECTION "Dokuwiki configuration" [869-1114] -->
<h3 class="sectionedit6" id="dokuwiki_virtual_host">Dokuwiki virtual host</h3>
<div class="level3">
<p>
Configure Dokuwiki virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> dokuwiki.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name dokuwiki.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT6 SECTION "Dokuwiki virtual host" [1115-2376] -->
<h3 class="sectionedit7" id="dokuwiki_virtual_host_in_manager">Dokuwiki virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Dokuwiki.
</p>
<p>
Configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>.
</p>
<p>
Configure the <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">headers</a>:
</p>
<ul>
<li class="level1"><div class="li"> Auth-User $uid</div>
</li>
<li class="level1"><div class="li"> Auth-Cn: $cn</div>
</li>
<li class="level1"><div class="li"> Auth-Mail: $mail</div>
</li>
<li class="level1"><div class="li"> Auth-Groups: encode_base64($groups,&quot;&quot;)</div>
</li>
</ul>
<div class="noteimportant">To allow execution of encode_base64() method, you must deactivate the <a href="../safejail.html" class="wikilink1" title="documentation:2.0:safejail">Safe jail</a>.
</div>
</div>
<!-- EDIT7 SECTION "Dokuwiki virtual host in Manager" [2377-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/dokuwiki_logo.png_documentation_2.0_applications_dokuwiki.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:dokuwiki_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="dokuwiki.html"/>
<link rel="contents" href="dokuwiki.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:dokuwiki_logo.png </h1>
<div class="content">
<a href="dokuwiki_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="80" height="80" class="img_detail" alt="dokuwiki_logo.png" title="dokuwiki_logo.png" src="dokuwiki_logo.6fc278ad7805b3a76d4a755c7e77efee.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> dokuwiki_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>dokuwiki_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>14KB</dd><dt>Width:</dt><dd>80</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="dokuwiki.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:dokuwiki [B]">Back to documentation:2.0:applications:dokuwiki</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

229
doc/pages/documentation/current/applications/drupal.html
View File

@ -1,229 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:drupal</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,drupal"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="drupal.html"/>
<link rel="contents" href="drupal.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:drupal","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#installation">Installation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#drupal_module_activation">Drupal module activation</a></div></li>
<li class="level2"><div class="li"><a href="#drupal_virtual_host">Drupal virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#drupal_virtual_host_in_manager">Drupal virtual host in Manager</a></div></li>
<li class="level2"><div class="li"><a href="#protect_only_the_administration_pages">Protect only the administration pages</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="drupal">Drupal</h1>
<div class="level1">
<p>
<a href="drupal_logo.png_documentation_2.0_applications_drupal.html" class="media" title="applications:drupal_logo.png"><img src="drupal_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Drupal" [1-60] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://drupal.org" class="urlextern" title="http://drupal.org" rel="nofollow">Drupal</a> is a <abbr title="Content Management System">CMS</abbr> written in PHP. It can works with external modules to extends its functionalities. One of this module can be used to delegate authentication server to the web server: <a href="http://drupal.org/project/Webserver_auth" class="urlextern" title="http://drupal.org/project/Webserver_auth" rel="nofollow">Webserver Auth</a>.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [61-353] -->
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">
<p>
Install <a href="http://drupal.org/project/Webserver_auth" class="urlextern" title="http://drupal.org/project/Webserver_auth" rel="nofollow">Webserver Auth</a> module, by downloading it, and unarchive it in the drupal modules/ directory.
</p>
</div>
<!-- EDIT3 SECTION "Installation" [354-526] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [527-553] -->
<h3 class="sectionedit5" id="drupal_module_activation">Drupal module activation</h3>
<div class="level3">
<p>
Go on Drupal administration interface and enable the Webserver Auth module.
</p>
</div>
<!-- EDIT5 SECTION "Drupal module activation" [554-666] -->
<h3 class="sectionedit6" id="drupal_virtual_host">Drupal virtual host</h3>
<div class="level3">
<p>
Configure Drupal virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<div class="noteimportant">If you are protecting Drupal with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../header_remote_user_conversion.html" class="wikilink1" title="documentation:2.0:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div><ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> drupal.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name drupal.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT6 SECTION "Drupal virtual host" [667-2092] -->
<h3 class="sectionedit7" id="drupal_virtual_host_in_manager">Drupal virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Drupal.
</p>
<p>
Just configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>.
</p>
<p>
If using <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, configure the <code>Auth-User</code> <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">header</a>, else no headers are needed.
</p>
</div>
<!-- EDIT7 SECTION "Drupal virtual host in Manager" [2093-2446] -->
<h3 class="sectionedit8" id="protect_only_the_administration_pages">Protect only the administration pages</h3>
<div class="level3">
<p>
With the above solution, all the Drupal site will be protected, so no anonymous access will be allowed.
</p>
<div class="noteimportant">You cannot use the <code>unprotect</code> rule because Drupal navigation is based on query strings (?q=admin, ?q=user, etc.), and unprotect rule only works on <abbr title="Uniform Resource Locator">URL</abbr> patterns.
</div>
<p>
You can create a special virtual host and use <a href="http://httpd.apache.org/docs/current/mod/mod_rewrite.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_rewrite.html" rel="nofollow">Apache rewrite module</a> to switch between open and protected hosts:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> drupal.example.com
&nbsp;
<span class="co1"># DocumentRoot</span>
<span class="kw1">DocumentRoot</span> /var/www/html/drupal/
<span class="kw1">DirectoryIndex</span> index.php
&nbsp;
<span class="co1"># Redirect admin pages</span>
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteCond</span> %{QUERY_STRING} q=(admin|<span class="kw1">user</span>)
<span class="kw1">RewriteRule</span> ^/(.*)$ http://admindrupal.example.com/$1 [R]
&nbsp;
<span class="kw1">LogLevel</span> warn
<span class="kw1">ErrorLog</span> /var/log/httpd/drupal-error.log
<span class="kw1">CustomLog</span> /var/log/httpd/drupal-access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;
&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> admindrupal.example.com
&nbsp;
<span class="co1"># SSO protection</span>
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
<span class="co1"># DocumentRoot</span>
<span class="kw1">DocumentRoot</span> /var/www/html/drupal/
<span class="kw1">DirectoryIndex</span> index.php
&nbsp;
<span class="kw1">LogLevel</span> warn
<span class="kw1">ErrorLog</span> /var/log/httpd/admindrupal-error.log
<span class="kw1">CustomLog</span> /var/log/httpd/admindrupal-access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
</div>
<!-- EDIT8 SECTION "Protect only the administration pages" [2447-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/drupal_logo.png_documentation_2.0_applications_drupal.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:drupal_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="drupal.html"/>
<link rel="contents" href="drupal.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:drupal_logo.png </h1>
<div class="content">
<a href="drupal_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="70" height="80" class="img_detail" alt="drupal_logo.png" title="drupal_logo.png" src="drupal_logo.0d0fb793c9f8bb9348d27771468adf1c.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> drupal_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>drupal_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>6KB</dd><dt>Width:</dt><dd>70</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="drupal.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:drupal [B]">Back to documentation:2.0:applications:drupal</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

115
doc/pages/documentation/current/applications/fusiondirectory.html
View File

@ -1,115 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:fusiondirectory</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,fusiondirectory"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="fusiondirectory.html"/>
<link rel="contents" href="fusiondirectory.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:fusiondirectory","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#fusiondirectory1">FusionDirectory</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="fusiondirectory">FusionDirectory</h1>
<div class="level1">
<p>
<img src="fusiondirectory-logo.jpeg" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "FusionDirectory" [1-85] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://www.fusiondirectory.org/" class="urlextern" title="https://www.fusiondirectory.org/" rel="nofollow">FusionDirectory</a> provides a solution to daily management of data stored in an LDAP directory.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [86-242] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [243-269] -->
<h3 class="sectionedit4" id="fusiondirectory1">FusionDirectory</h3>
<div class="level3">
<p>
Go in Configuration and in Login and Session panel. Set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>HTTP Header authentication</strong>: Activate</div>
</li>
<li class="level1"><div class="li"> <strong>Header name</strong>: Auth-User</div>
</li>
</ul>
<p>
See also <a href="https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session" class="urlextern" title="https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session" rel="nofollow">https://documentation.fusiondirectory.org/en/documentation/admin_installation/core_configuration#login-and-session</a>
</p>
</div>
<!-- EDIT4 SECTION "FusionDirectory" [270-555] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
<p>
Just set the <code>Auth-User</code> header with the attribute that carries the user login, for example <code>$uid</code>.
</p>
</div>
<!-- EDIT5 SECTION "LL::NG" [556-] --></div>
</body>
</html>

266
doc/pages/documentation/current/applications/gitlab.html
View File

@ -1,266 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:gitlab</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,gitlab"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="gitlab.html"/>
<link rel="contents" href="gitlab.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:gitlab","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#saml">SAML</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#gitlab_configuration">Gitlab configuration</a></div></li>
<li class="level2"><div class="li"><a href="#llng_configuration">LL::NG configuration</a></div></li>
<li class="level2"><div class="li"><a href="#manage_groups">Manage groups</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#openid_connect">OpenID Connect</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#gitlab_configuration1">Gitlab configuration</a></div></li>
<li class="level2"><div class="li"><a href="#llng_configuration1">LL::NG configuration</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="gitlab">Gitlab</h1>
<div class="level1">
<p>
<img src="gitlab_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Gitlab" [1-67] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
See <a href="https://about.gitlab.com/" class="urlextern" title="https://about.gitlab.com/" rel="nofollow">Gitlab</a> page for product presentation.
</p>
<p>
Gitlab allows one to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users, see <a href="https://docs.gitlab.com/ee/integration/saml.html" class="urlextern" title="https://docs.gitlab.com/ee/integration/saml.html" rel="nofollow">official documentation</a>
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [68-300] -->
<h2 class="sectionedit3" id="saml">SAML</h2>
<div class="level2">
<p>
For this example, we use these sample values:
</p>
<ul>
<li class="level1"><div class="li"> Gitlab <abbr title="Uniform Resource Locator">URL</abbr> : <a href="https://gitlab.example.com" class="urlextern" title="https://gitlab.example.com" rel="nofollow">https://gitlab.example.com</a></div>
</li>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> portal <abbr title="Uniform Resource Locator">URL</abbr> : <a href="https://auth.example.com" class="urlextern" title="https://auth.example.com" rel="nofollow">https://auth.example.com</a></div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "SAML" [301-457] -->
<h3 class="sectionedit4" id="gitlab_configuration">Gitlab configuration</h3>
<div class="level3">
<p>
Find the gitlab.rb file and add these settings:
</p>
<pre class="code">vi /etc/gitlab/gitlab.rb</pre>
<pre class="code file ruby">gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_enabled'</span><span class="br0">&#93;</span> = <span class="kw2">true</span>
gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_allow_single_sign_on'</span><span class="br0">&#93;</span> = <span class="br0">&#91;</span><span class="st0">'saml'</span><span class="br0">&#93;</span>
gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_auto_link_saml_user'</span><span class="br0">&#93;</span> = <span class="kw2">true</span>
gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_block_auto_created_users'</span><span class="br0">&#93;</span> = <span class="kw2">false</span>
&nbsp;
gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_providers'</span><span class="br0">&#93;</span> = <span class="br0">&#91;</span>
<span class="br0">&#123;</span>
name: <span class="st0">'saml'</span>,
args: <span class="br0">&#123;</span>
assertion_consumer_service_url: <span class="st0">'https://gitlab.example.com/users/auth/saml/callback'</span>,
idp_cert_fingerprint: <span class="st0">'99:BE:7B:68:3F:XX:7D:EF:6B:C3:XX:C0:0E:XX:D4:EA:02:XX:83:2A'</span>,
idp_sso_target_url: <span class="st0">'https://auth.example.com/saml/singleSignOn'</span>,
issuer: <span class="st0">'https://gitlab.example.com'</span>,
name_identifier_format: <span class="st0">'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'</span>
<span class="br0">&#125;</span>,
label: <span class="st0">'Login with LL::NG'</span> <span class="co1"># optional label for SAML login button</span>
<span class="br0">&#125;</span>
<span class="br0">&#93;</span></pre>
<div class="notetip">To get the fingerprint of IDP certificate, copy <abbr title="Security Assertion Markup Language">SAML</abbr> certificate from <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration in a file and use openssl:
<pre class="code">openssl x509 -in CERT.pem -noout -fingerprint</pre>
</div>
<p>
You can force <abbr title="Security Assertion Markup Language">SAML</abbr> by default with this option:
</p>
<pre class="code file ruby">gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_auto_sign_in_with_provider'</span><span class="br0">&#93;</span> = <span class="st0">'saml'</span></pre>
<p>
In this case, users won&#039;t be able to log directly on gitlab. Set it once you are sure the <abbr title="Security Assertion Markup Language">SAML</abbr> configuration is valid.
</p>
<p>
To apply changes:
</p>
<pre class="code">gitlab-ctl reconfigure</pre>
</div>
<!-- EDIT4 SECTION "Gitlab configuration" [458-1850] -->
<h3 class="sectionedit5" id="llng_configuration">LL::NG configuration</h3>
<div class="level3">
<p>
We suppose <abbr title="LemonLDAP::NG">LL::NG</abbr> is configured as <abbr title="Security Assertion Markup Language">SAML</abbr> IDP, and that you converted the public key into a certificate for <abbr title="Security Assertion Markup Language">SAML</abbr> signature. You must enable the option to send certificates in response. If you don&#039;t want to, you need to copy the certificate value into Gitlab configuration, in `idp_cert` parameter.
</p>
<p>
You can get Gitlab <abbr title="Security Assertion Markup Language">SAML</abbr> metadata on <a href="https://gitlab.example.com/users/auth/saml/metadata" class="urlextern" title="https://gitlab.example.com/users/auth/saml/metadata" rel="nofollow">https://gitlab.example.com/users/auth/saml/metadata</a>
</p>
<p>
Register them in <abbr title="LemonLDAP::NG">LL::NG</abbr> and send these <abbr title="Security Assertion Markup Language">SAML</abbr> attributes:
</p>
<ul>
<li class="level1"><div class="li"> mail =&gt; email</div>
</li>
<li class="level1"><div class="li"> uid =&gt; uid</div>
</li>
<li class="level1"><div class="li"> cn =&gt; name</div>
</li>
</ul>
<div class="noteimportant">The value from <abbr title="LemonLDAP::NG">LL::NG</abbr> mail session attribute must be the email of the user in Gitlab database, in order to associate accounts.
</div>
</div>
<!-- EDIT5 SECTION "LL::NG configuration" [1851-2525] -->
<h3 class="sectionedit6" id="manage_groups">Manage groups</h3>
<div class="level3">
<p>
You can pass groups to Gitlab. For this, declare groups attribute in gitlab.rb:
</p>
<pre class="code file ruby">...
<span class="me1">gitlab_rails</span><span class="br0">&#91;</span><span class="st0">'omniauth_providers'</span><span class="br0">&#93;</span> = <span class="br0">&#91;</span>
<span class="br0">&#123;</span>
name: <span class="st0">'saml'</span>,
groups_attribute: <span class="st0">'groups'</span>,
...</pre>
<p>
And in <abbr title="LemonLDAP::NG">LL::NG</abbr>, export the groups attribute:
</p>
<ul>
<li class="level1"><div class="li"> groups =&gt; groups</div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Manage groups" [2526-2818] -->
<h2 class="sectionedit7" id="openid_connect">OpenID Connect</h2>
<div class="level2">
<p>
<strong>Alternatively</strong> to <abbr title="Security Assertion Markup Language">SAML</abbr>, you can choose to configure Gitlab to use OpenID Connect.
</p>
</div>
<!-- EDIT7 SECTION "OpenID Connect" [2819-2932] -->
<h3 class="sectionedit8" id="gitlab_configuration1">Gitlab configuration</h3>
<div class="level3">
<p>
In <code>/etc/gitlab/gitlab.rb</code>
</p>
<pre class="code file ruby">...
<span class="me1">gitlab_rails</span><span class="br0">&#91;</span><span class="st0">'omniauth_allow_single_sign_on'</span><span class="br0">&#93;</span> = <span class="br0">&#91;</span><span class="st0">'openid_connect'</span><span class="br0">&#93;</span>
gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_block_auto_created_users'</span><span class="br0">&#93;</span> = <span class="kw2">false</span>
&nbsp;
gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_providers'</span><span class="br0">&#93;</span> = <span class="br0">&#91;</span>
<span class="br0">&#123;</span> <span class="st0">'name'</span> <span class="sy0">=&gt;</span> <span class="st0">'openid_connect'</span>,
<span class="st0">'label'</span> <span class="sy0">=&gt;</span> <span class="st0">'LemonLDAP::NG'</span>,
<span class="st0">'args'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
<span class="st0">'name'</span> <span class="sy0">=&gt;</span> <span class="st0">'openid_connect'</span>,
<span class="st0">'issuer'</span> <span class="sy0">=&gt;</span> <span class="st0">'https://auth.example.com'</span>,
<span class="st0">'scope'</span> <span class="sy0">=&gt;</span> <span class="br0">&#91;</span><span class="st0">'openid'</span>, <span class="st0">'profile'</span>, <span class="st0">'email'</span><span class="br0">&#93;</span>,
<span class="st0">'response_type'</span> <span class="sy0">=&gt;</span> <span class="st0">'code'</span>,
<span class="st0">'client_auth_method'</span> <span class="sy0">=&gt;</span> <span class="st0">'client_secret_post'</span>,
<span class="st0">'discovery'</span> <span class="sy0">=&gt;</span> <span class="kw2">true</span>,
<span class="st0">'uid_field'</span> <span class="sy0">=&gt;</span> <span class="st0">'sub'</span>,
<span class="st0">'client_options'</span> <span class="sy0">=&gt;</span> <span class="br0">&#123;</span>
<span class="st0">'redirect_uri'</span> <span class="sy0">=&gt;</span> <span class="st0">'http://gitlab.example.com/users/auth/openid_connect/callback'</span>,
<span class="st0">'identifier'</span> <span class="sy0">=&gt;</span> <span class="st0">'LEMONLDAP_CLIENT_ID'</span>,
<span class="st0">'secret'</span> <span class="sy0">=&gt;</span> <span class="st0">'LEMONLDAP_CLIENT_SECRET'</span>,
<span class="br0">&#125;</span>
<span class="br0">&#125;</span>
<span class="br0">&#125;</span>
<span class="br0">&#93;</span>;
&nbsp;
...</pre>
</div>
<!-- EDIT8 SECTION "Gitlab configuration" [2933-3771] -->
<h3 class="sectionedit9" id="llng_configuration1">LL::NG configuration</h3>
<div class="level3">
<p>
Add an OpenID Connect RP to LemonLDAP::NG
</p>
<ul>
<li class="level1"><div class="li"> Chose a client ID and a client secret, and write the same values in the <code>gitlab.rb</code> file above</div>
</li>
<li class="level1"><div class="li"> You need to chose an asymetrical signature algorithm for the ID Token (RS256 or above)</div>
</li>
<li class="level1"><div class="li"> You also need to set a key identifier on your LemonLDAP::NG server in <code>OpenID Connect service</code> » <code>Security</code> » <code>Signing key ID</code> (use something like <code>default</code> as the value). </div>
</li>
<li class="level1"><div class="li"> Make sure the attribute containing the user email in the LemonLDAP::NG session is mapped to the <code>email</code> claim.</div>
</li>
</ul>
<div class="noteclassic">You need to set a key identifier, or you will get a <em>JSON::JWK::Set::KidNotFound</em> error on Gitlab
</div>
</div>
<!-- EDIT9 SECTION "LL::NG configuration" [3772-] --></div>
</body>
</html>

87
doc/pages/documentation/current/applications/glpi.html
View File

@ -1,87 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:glpi</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,glpi"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="glpi.html"/>
<link rel="contents" href="glpi.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:glpi","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="glpi">GLPI</h1>
<div class="level1">
<p>
<img src="glpi_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "GLPI" [1-63] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.glpi-project.org" class="urlextern" title="http://www.glpi-project.org" rel="nofollow">GLPI</a> is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [64-531] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
For GLPI &gt;= 0.71, it is a simple configuration in GLPI: Setup → Authentication. In “External authentications” click “Others” and in “Field holding the login in the _SERVER array” select “REMOTE_USER”
</p>
<p>
For older version, check <a href="http://wiki.glpi-project.org/doku.php?id=en:authautoad" class="urlextern" title="http://wiki.glpi-project.org/doku.php?id=en:authautoad" rel="nofollow">http://wiki.glpi-project.org/doku.php?id=en:authautoad</a>
</p>
<p>
If you use Nginx, you need to add this in configuration:
</p>
<pre class="code file nginx">proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</pre>
</div>
<!-- EDIT3 SECTION "Configuration" [532-] --></div>
</body>
</html>

234
doc/pages/documentation/current/applications/googleapps.html
View File

@ -1,234 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:googleapps</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,googleapps"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="googleapps.html"/>
<link rel="contents" href="googleapps.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:googleapps","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#google_apps_control_panel">Google Apps control panel</a></div></li>
<li class="level2"><div class="li"><a href="#certificate">Certificate</a></div></li>
<li class="level2"><div class="li"><a href="#new_service_provider">New Service Provider</a></div></li>
<li class="level2"><div class="li"><a href="#application_menu">Application menu</a></div></li>
<li class="level2"><div class="li"><a href="#logout">Logout</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="google_apps">Google Apps</h1>
<div class="level1">
<p>
<a href="googleapps_logo.png_documentation_2.0_applications_googleapps.html" class="media" title="applications:googleapps_logo.png"><img src="googleapps_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Google Apps" [1-69] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.google.com/apps/" class="urlextern" title="http://www.google.com/apps/" rel="nofollow">Google Apps</a> can use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users, behaving as an <abbr title="Security Assertion Markup Language">SAML</abbr> service provider, as explained <a href="http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html" class="urlextern" title="http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html" rel="nofollow">here</a>.
</p>
<p>
To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
</p>
<ul>
<li class="level1"><div class="li"> An <a href="http://www.google.com/apps/intl/en/business/index.html" class="urlextern" title="http://www.google.com/apps/intl/en/business/index.html" rel="nofollow">enterprise Google Apps account</a></div>
</li>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configured as <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a></div>
</li>
<li class="level1"><div class="li"> Registered users on Google Apps with the same email than those used by <abbr title="LemonLDAP::NG">LL::NG</abbr> (email will be the NameID exchanged between Google Apps and <abbr title="LemonLDAP::NG">LL::NG</abbr>)</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [70-660] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [661-687] -->
<h3 class="sectionedit4" id="google_apps_control_panel">Google Apps control panel</h3>
<div class="level3">
<div class="noteclassic">This part is based on <a href="http://simplesamlphp.org/docs/1.6/simplesamlphp-googleapps" class="urlextern" title="http://simplesamlphp.org/docs/1.6/simplesamlphp-googleapps" rel="nofollow">SimpleSAMLPHP documentation</a>.
</div>
<p>
As administrator, go in Google Apps control panel and click on Advanced tools:
</p>
<p>
<a href="../documentation/googleapps-menu.png_documentation_2.0_applications_googleapps.html" class="media" title="documentation:googleapps-menu.png"><img src="../documentation/googleapps-menu.png" class="mediacenter" alt="" /></a>
</p>
<p>
Then select <code>Set up single sign-on (<abbr title="Single Sign On">SSO</abbr>)</code>:
</p>
<p>
<a href="../documentation/googleapps-sso.png_documentation_2.0_applications_googleapps.html" class="media" title="documentation:googleapps-sso.png"><img src="../documentation/googleapps-sso.png" class="mediacenter" alt="" /></a>
</p>
<p>
Now configure all <abbr title="Security Assertion Markup Language">SAML</abbr> parameters:
</p>
<p>
<a href="../documentation/googleapps-ssoconfig.png_documentation_2.0_applications_googleapps.html" class="media" title="documentation:googleapps-ssoconfig.png"><img src="../documentation/googleapps-ssoconfig.png" class="mediacenter" alt="" /></a>
</p>
<ul>
<li class="level1"><div class="li"> <strong>Enable Single Sign-On</strong>: check the box. Uncheck it to disable <abbr title="Security Assertion Markup Language">SAML</abbr> authentication (for example, if your Identity Provider is down).</div>
</li>
<li class="level1"><div class="li"> <strong>Sign-in page <abbr title="Uniform Resource Locator">URL</abbr></strong>: <abbr title="Single Sign On">SSO</abbr> access point (HTTP-Redirect binding). Example: <a href="http://auth.example.com/saml/singleSignOn" class="urlextern" title="http://auth.example.com/saml/singleSignOn" rel="nofollow">http://auth.example.com/saml/singleSignOn</a></div>
</li>
<li class="level1"><div class="li"> <strong>Sign-out page <abbr title="Uniform Resource Locator">URL</abbr></strong>: this in not the SLO access point (Google Apps does not support SLO), but the main logout page. Example: <a href="http://auth.example.com/?logout=1" class="urlextern" title="http://auth.example.com/?logout=1" rel="nofollow">http://auth.example.com/?logout=1</a></div>
</li>
<li class="level1"><div class="li"> <strong>Change password <abbr title="Uniform Resource Locator">URL</abbr></strong>: where users can change their password. Example: <a href="http://auth.example.com" class="urlextern" title="http://auth.example.com" rel="nofollow">http://auth.example.com</a></div>
</li>
</ul>
<div class="noteimportant">You must check the option <code>Use a specific domain transmitter</code> to force Google Apps to send the full entityId.
</div>
</div>
<!-- EDIT4 SECTION "Google Apps control panel" [688-1806] -->
<h3 class="sectionedit5" id="certificate">Certificate</h3>
<div class="level3">
<p>
For the certificate, you can build it from the signing private key registered in Manager. Select the key, and export it (button <code>Download</code>). This will download the public and the private key.
</p>
<p>
Keep the private key in a file, for example lemonldap-ng-priv.key, then use openssl to generate an auto-signed certificate:
</p>
<pre class="code">openssl req -new -key lemonldap-ng-priv.key -out cert.csr
openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out cert.pem</pre>
<p>
You can now the upload the certificate (<code>cert.pem</code>) on Google Apps.
</p>
<div class="notetip">You can also use the certificate instead of public key in <abbr title="Security Assertion Markup Language">SAML</abbr> metadata, see <a href="../samlservice.html#security_parameters" class="wikilink1" title="documentation:2.0:samlservice">SAML service configuration</a>
</div>
</div>
<!-- EDIT5 SECTION "Certificate" [1807-2542] -->
<h3 class="sectionedit6" id="new_service_provider">New Service Provider</h3>
<div class="level3">
<p>
You should have configured <abbr title="LemonLDAP::NG">LL::NG</abbr> as an <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a>,
</p>
<p>
Now we will add Google Apps as a new <abbr title="Security Assertion Markup Language">SAML</abbr> Service Provider:
</p>
<ol>
<li class="level1"><div class="li"> In Manager, click on <abbr title="Security Assertion Markup Language">SAML</abbr> service providers and the button <code>New service provider</code>.</div>
</li>
<li class="level1"><div class="li"> Set GoogleApps as Service Provider name.</div>
</li>
<li class="level1"><div class="li"> Set <code>Email</code> in <code>Options</code> » <code>Authentication Response</code> » <code>Default NameID format</code></div>
</li>
<li class="level1"><div class="li"> Disable all signature flags in <code>Options</code> » <code>Signature</code>, except <code>Sign <abbr title="Single Sign On">SSO</abbr> message</code> which should be to <code>On</code></div>
</li>
<li class="level1"><div class="li"> Select <code>Metadata</code>, and unprotect the field to paste the following value:</div>
</li>
</ol>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;md:EntityDescriptor</span> <span class="re0">entityID</span>=<span class="st0">&quot;google.com&quot;</span> <span class="re0">xmlns</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;</span> <span class="re0">xmlns:ds</span>=<span class="st0">&quot;http://www.w3.org/2000/09/xmldsig#&quot;</span> <span class="re0">xmlns:md</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;SPSSODescriptor</span> <span class="re0">protocolSupportEnumeration</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:protocol&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;AssertionConsumerService</span> <span class="re0">Binding</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&quot;</span> <span class="re0">Location</span>=<span class="st0">&quot;https://www.google.com/a/mydomain.org/acs&quot;</span> <span class="re0">index</span>=<span class="st0">&quot;1&quot;</span> <span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;NameIDFormat<span class="re2">&gt;</span></span></span>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress<span class="sc3"><span class="re1">&lt;/NameIDFormat<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/SPSSODescriptor<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/md:EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
<div class="noteimportant">Change <strong>mydomain.org</strong> (in <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) into your Google Apps domain. Also adapt your entityID to match the Assertion issuer: google.com/a/mydomain.org
</div>
</div>
<!-- EDIT6 SECTION "New Service Provider" [2543-3938] -->
<h3 class="sectionedit7" id="application_menu">Application menu</h3>
<div class="level3">
<p>
You can add a link in <a href="../portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:2.0:portalmenu">application menu</a> to display Google Apps to users.
</p>
<p>
You need to adapt some parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Address</strong>: set one of Google Apps <abbr title="Uniform Resource Locator">URL</abbr> (all Google Apps product a distinct <abbr title="Uniform Resource Locator">URL</abbr>), for example <a href="http://www.google.com/calendar/hosted/mydomain.org/render" class="urlextern" title="http://www.google.com/calendar/hosted/mydomain.org/render" rel="nofollow">http://www.google.com/calendar/hosted/mydomain.org/render</a></div>
</li>
<li class="level1"><div class="li"> <strong>Display</strong>: As Google Apps is not a protected application, set to <code>On</code> to always display it</div>
</li>
</ul>
<div class="noteimportant">Change <strong>mydomain.org</strong> into your Google Apps domain
</div>
</div>
<!-- EDIT7 SECTION "Application menu" [3939-4452] -->
<h3 class="sectionedit8" id="logout">Logout</h3>
<div class="level3">
<p>
Google Apps does not support Single Logout (SLO).
</p>
<p>
Google Apps has a configuration parameter to redirect user on a specific <abbr title="Uniform Resource Locator">URL</abbr> after Google Apps logout (see <a href="#google_apps_control_panel" title="documentation:2.0:applications:googleapps ↵" class="wikilink1">Google Apps control panel</a>).
</p>
<p>
To manage the other way (<abbr title="LemonLDAP::NG">LL::NG</abbr> → Google Apps), you can add a dedicated <a href="../logoutforward.html" class="wikilink1" title="documentation:2.0:logoutforward">logout forward rule</a>:
</p>
<pre class="code">GoogleApps =&gt; http://www.google.com/calendar/hosted/mydomain.org/logout</pre>
<div class="noteimportant">Change <strong>mydomain.org</strong> into your Google Apps domain
</div>
</div>
<!-- EDIT8 SECTION "Logout" [4453-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/googleapps_logo.png_documentation_2.0_applications_googleapps.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:googleapps_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="googleapps.html"/>
<link rel="contents" href="googleapps.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:googleapps_logo.png </h1>
<div class="content">
<a href="googleapps_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="81" height="80" class="img_detail" alt="googleapps_logo.png" title="googleapps_logo.png" src="googleapps_logo.e7d814bf754051d6354bb729a827fea1.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> googleapps_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>googleapps_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>12KB</dd><dt>Width:</dt><dd>81</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="googleapps.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:googleapps [B]">Back to documentation:2.0:applications:googleapps</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

170
doc/pages/documentation/current/applications/grafana.html
View File

@ -1,170 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:grafana</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,grafana"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="grafana.html"/>
<link rel="contents" href="grafana.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:grafana","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#pre-requisites">Pre-requisites</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#grafana_configuration">Grafana configuration</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL:NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="grafana">Grafana</h1>
<div class="level1">
<p>
<img src="grafana_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Grafana" [1-69] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://grafana.com/" class="urlextern" title="https://grafana.com/" rel="nofollow">Grafana</a> is an Open Source dashboard for monitoring databases such as Prometheus, Graphite or Elasticsearch
</p>
<p>
Grafana offers social login through a generic OAuth 2 connector. Thankfully, it is close enough to OpenID Connect to work well with LemonLDAP::NG
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [70-376] -->
<h2 class="sectionedit3" id="pre-requisites">Pre-requisites</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Pre-requisites" [377-404] -->
<h3 class="sectionedit4" id="grafana_configuration">Grafana configuration</h3>
<div class="level3">
<p>
You should start by following the generic OAuth2 documentation provided by Grafana:
<a href="https://grafana.com/docs/grafana/latest/auth/generic-oauth/" class="urlextern" title="https://grafana.com/docs/grafana/latest/auth/generic-oauth/" rel="nofollow">https://grafana.com/docs/grafana/latest/auth/generic-oauth/</a>
</p>
<p>
Your configuration file will have to look something like this:
</p>
<pre class="code">[auth.generic_oauth]
enabled = true
client_id = CHOOSE_A_CLIENT_ID
client_secret = CHOOSE_A_CLIENT_SECRET
scopes = openid email profile
auth_url = https://auth.example.com/oauth2/authorize
token_url = https://auth.example.com/oauth2/token
api_url = https://auth.example.com/oauth2/userinfo
allow_sign_up = true
name = LemonLDAP::NG
send_client_credentials_via_post = false
email_attribute_name = email</pre>
</div>
<!-- EDIT4 SECTION "Grafana configuration" [405-1067] -->
<h3 class="sectionedit5" id="llng">LL:NG</h3>
<div class="level3">
<p>
Make sure you have already <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">enabled OpenID Connect</a> on your LemonLDAP::NG server
</p>
<p>
Then, add a Relaying Party with the following configuration
</p>
<ul>
<li class="level1"><div class="li"> Options » Authentification » Client ID : same as <code>client_id</code> above</div>
</li>
<li class="level1"><div class="li"> Options » Allowed redirection address : same as <code>client_secret </code> above</div>
</li>
</ul>
<p>
If you want to transmit user attributes to Grafana, you also need to configure
</p>
<ul>
<li class="level1"><div class="li"> Extra Claims » </div>
<ul>
<li class="level2"><div class="li"> add a key named <code>profile</code></div>
</li>
<li class="level2"><div class="li"> set a value of <code>name username display_name upn</code></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Exported Attributes (not all of them are mandatory)</div>
<ul>
<li class="level2"><div class="li"> replace the existing keys with the following 5 new keys: </div>
<ul>
<li class="level3"><div class="li"> <code>name</code></div>
</li>
<li class="level3"><div class="li"> <code>username</code></div>
</li>
<li class="level3"><div class="li"> <code>display_name</code></div>
</li>
<li class="level3"><div class="li"> <code>upn</code></div>
</li>
<li class="level3"><div class="li"> <code>email</code> </div>
</li>
</ul>
</li>
<li class="level2"><div class="li"> map them to your corresponding LemonLDAP::NG session attribute</div>
</li>
</ul>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "LL:NG" [1068-] --></div>
</body>
</html>

141
doc/pages/documentation/current/applications/grr.html
View File

@ -1,141 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:grr</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,grr"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="grr.html"/>
<link rel="contents" href="grr.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:grr","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#http_header">HTTP header</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level2"><div class="li"><a href="#grr_virtual_host_in_llng">GRR virtual host in LL::NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="grr">GRR</h1>
<div class="level1">
<p>
<img src="grr_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "GRR" [1-61] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://grr.devome.com/fr/" class="urlextern" title="http://grr.devome.com/fr/" rel="nofollow">GRR</a> is a room booking software.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [62-150] -->
<h2 class="sectionedit3" id="http_header">HTTP header</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "HTTP header" [151-175] -->
<h3 class="sectionedit4" id="configuration">Configuration</h3>
<div class="level3">
<p>
GRR has a <abbr title="Single Sign On">SSO</abbr> configuration page in its administration panel.
</p>
<p>
Do not use Lemonldap mode, which is for a very old Lemonldap version, but HTTP authentication.
</p>
<p>
Set the default profile of connected users and which headers contains surname, firstname and mail.
</p>
<p>
<img src="screenshot_grr_configuration.png" class="mediacenter" alt="" />
</p>
<p>
GRR will check the username in REMOTE_USER, so use <a href="../header_remote_user_conversion.html" class="wikilink1" title="documentation:2.0:header_remote_user_conversion">remote header conversion</a> if you are in proxy mode.
</p>
</div>
<!-- EDIT4 SECTION "Configuration" [176-660] -->
<h3 class="sectionedit5" id="grr_virtual_host_in_llng">GRR virtual host in LL::NG</h3>
<div class="level3">
<p>
Access rules:
</p>
<ul>
<li class="level1"><div class="li"> ^/index.php =&gt; accept</div>
</li>
<li class="level1"><div class="li"> default =&gt; unprotect</div>
</li>
</ul>
<p>
Headers:
</p>
<ul>
<li class="level1"><div class="li"> Auth-User $uid</div>
</li>
<li class="level1"><div class="li"> Auth-Sn: $sn</div>
</li>
<li class="level1"><div class="li"> Auth-GivenName: $givenName</div>
</li>
<li class="level1"><div class="li"> Auth-Mail: $mail</div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "GRR virtual host in LL::NG" [661-] --></div>
</body>
</html>

152
doc/pages/documentation/current/applications/guacamole.html
View File

@ -1,152 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:guacamole</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,guacamole"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="guacamole.html"/>
<link rel="contents" href="guacamole.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:guacamole","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#pre-requisites">Pre-requisites</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#guacamole1">Guacamole</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL:NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="guacamole">Guacamole</h1>
<div class="level1">
<p>
<img src="guacamole.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Guacamole" [1-68] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://guacamole.apache.org/" class="urlextern" title="https://guacamole.apache.org/" rel="nofollow">Apache Guacamole</a> is a web-based remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
</p>
<p>
As of version 0.9.14, Guacamole can use <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID Connect</a> , <a href="../idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a> or <a href="../writingrulesand_headers.html" class="wikilink1" title="documentation:2.0:writingrulesand_headers">HTTP Headers</a> as authentication sources through plug-ins.
</p>
<p>
This document explains how to implement OpenID Connect
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [69-493] -->
<h2 class="sectionedit3" id="pre-requisites">Pre-requisites</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Pre-requisites" [494-521] -->
<h3 class="sectionedit4" id="guacamole1">Guacamole</h3>
<div class="level3">
<p>
Refer to <a href="http://guacamole.apache.org/doc/gug/" class="urlextern" title="http://guacamole.apache.org/doc/gug/" rel="nofollow">the official Guacamole documentation</a> to install Guacamole, either manually or through Docker images
</p>
<p>
You need to be able to enable extensions. If you are using docker, you need to <a href="http://guacamole.apache.org/doc/gug/guacamole-docker.html#guacamole-docker-guacamole-home" class="urlextern" title="http://guacamole.apache.org/doc/gug/guacamole-docker.html#guacamole-docker-guacamole-home" rel="nofollow"> follow these instructions in order to provide your own extensions directory and Guacamole configuration file</a>
</p>
<p>
Your Guacamole configuration directory will look something like this.
</p>
<pre class="code">├── extensions
│   └── 00-guacamole-auth-openid-1.0.0.jar
└── guacamole.properties</pre>
<div class="notewarning">Make sure to rename the JAR in a way that <a href="https://lists.apache.org/thread.html/b781a5c4e4d14f7ce297200ba6886d888df4333f83836220ac8b69f1@%3Cuser.guacamole.apache.org%3E" class="urlextern" title="https://lists.apache.org/thread.html/b781a5c4e4d14f7ce297200ba6886d888df4333f83836220ac8b69f1@%3Cuser.guacamole.apache.org%3E" rel="nofollow">ensures that it will be loaded first</a>
</div>
<p>
And <code>guacamole.properties</code> should contain at least
</p>
<pre class="code">openid-authorization-endpoint: http://auth.example.com/oauth2/authorize
openid-jwks-endpoint: http://auth.example.com/oauth2/jwks
openid-issuer: http://auth.example.com
openid-client-id: guacamole
openid-redirect-uri: http://guacamole.example.com/guacamole/
openid-username-claim-type: sub</pre>
<div class="notetip">Remplace the <code>redirect uri</code> with your Guacamole server&#039;s <abbr title="Uniform Resource Locator">URL</abbr>
</div>
</div>
<!-- EDIT4 SECTION "Guacamole" [522-1843] -->
<h3 class="sectionedit5" id="llng">LL:NG</h3>
<div class="level3">
<p>
Make sure you have already <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">enabled OpenID Connect</a> on your LemonLDAP::NG server
</p>
<p>
You also need to allow the <code>Implicit Flow</code> under <code>OpenID Connect Service</code> » <code>Security</code>
</p>
<p>
Then, add a Relaying Party with the following configuration
</p>
<ul>
<li class="level1"><div class="li"> Options » Authentification » Client ID : same as <code>openid-client-id</code> in <code>guacamole.properties</code></div>
</li>
<li class="level1"><div class="li"> Options » Allowed redirection address : same as <code>openid-redirect-uri</code> in <code>guacamole.properties</code></div>
</li>
<li class="level1"><div class="li"> Options » ID Token Signature Algorithm : <code>RS512</code></div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "LL:NG" [1844-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/http_logo.png_documentation_2.0_applications_authbasic.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:http_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authbasic.html"/>
<link rel="contents" href="authbasic.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:http_logo.png </h1>
<div class="content">
<a href="http_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="107" height="80" class="img_detail" alt="http_logo.png" title="http_logo.png" src="http_logo.481fb3a7e569a7f2445a77db41e6f4c4.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> http_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>http_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>15KB</dd><dt>Width:</dt><dd>107</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="authbasic.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:authbasic [B]">Back to documentation:2.0:applications:authbasic</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

299
doc/pages/documentation/current/applications/humhub.html
View File

@ -1,299 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:humhub</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,humhub"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="humhub.html"/>
<link rel="contents" href="humhub.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:humhub","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
<li class="level1"><div class="li"><a href="#openid_connect">OpenID Connect</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#configuring_humhub">Configuring HumHub</a></div></li>
<li class="level2"><div class="li"><a href="#configuring_lemonldap">Configuring LemonLDAP</a></div></li>
<li class="level2"><div class="li"><a href="#migrate_former_local_or_ldap_humhub_account_to_connect_through_sso">Migrate former local or ldap Humhub account to connect through SSO</a></div></li>
<li class="level2"><div class="li"><a href="#troubleshooting">Troubleshooting</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="humhub">HumHub</h1>
<div class="level1">
<p>
<img src="humhub_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "HumHub" [1-67] -->
<h2 class="sectionedit2" id="presentation">Présentation</h2>
<div class="level2">
<p>
<a href="https://humhub.org/" class="urlextern" title="https://humhub.org/" rel="nofollow">HumHub</a> is a free and open-source social network written on top of the <a href="https://www.yiiframework.com/" class="urlextern" title="https://www.yiiframework.com/" rel="nofollow">Yii2 PHP framework</a> that provides an easy to use toolkit for creating and launching your own social network.
</p>
<p>
Unauthenticated users may connect using a login form against HumHub local database or a LDAP directory, or choose which authentication service they want to use.
</p>
<p>
Administrator can configure one or several OAuth, OAuth2 or OIDC authentication services to be displayed as buttons on the login page.
</p>
<p>
With <a href="#openid_connect" title="documentation:2.0:applications:humhub ↵" class="wikilink1"> OpenID Connect </a> authentication service, users successfully authenticated by LemonLDAP::NG will be registered in HumHub upon their first login.
</p>
<div class="notewarning">HumHub retrieves a user from his username and the authentication service he came through. As a result, a former local or LDAP user will be rejected when trying to authenticate using another authentication service. See <a href="#migrate_former_local_or_ldap_humhub_account_to_connect_through_sso" title="documentation:2.0:applications:humhub ↵" class="wikilink1"> Migrate former local or ldap Humhub account to connect through SSO</a>
</div>
</div>
<!-- EDIT2 SECTION "Présentation" [68-1186] -->
<h2 class="sectionedit3" id="openid_connect">OpenID Connect</h2>
<div class="level2">
<div class="noteclassic">This set-up works with option enablePrettyUrl activated in Humhub. If not activated, rewrite <abbr title="Uniform Resource Locator">URL</abbr> in Humhub HTTP server and allowed redirect <abbr title="Uniform Resource Locator">URL</abbr> in LemonLDAP needs to be adapted to work with the non pretty <abbr title="Uniform Resource Locator">URL</abbr> format.
</div>
</div>
<!-- EDIT3 SECTION "OpenID Connect" [1187-1450] -->
<h3 class="sectionedit4" id="configuring_humhub">Configuring HumHub</h3>
<div class="level3">
<p>
First disable LDAP (Administration &gt; Users section) and delete (or <a href="#migrate_former_local_or_ldap_humhub_account_to_connect_through_sso" title="documentation:2.0:applications:humhub ↵" class="wikilink1"> migrate</a>) any local users whose username or email are conflicting with the username or email of your OIDC users.
</p>
<p>
Then install and configure the <a href="https://github.com/Worteks/humhub-auth-oidc" class="urlextern" title="https://github.com/Worteks/humhub-auth-oidc" rel="nofollow"> OIDC connector for humhub </a> extension using composer :
</p>
<ul>
<li class="level1"><div class="li"> Install composer.</div>
</li>
</ul>
<ul>
<li class="level1"><div class="li"> Consider using prestissimo, to speed up composer update command (4x faster):</div>
</li>
</ul>
<pre class="code">composer global require hirak/prestissimo</pre>
<ul>
<li class="level1"><div class="li"> Go to {humhub_home} folder</div>
</li>
</ul>
<ul>
<li class="level1"><div class="li"> Check if composer.json file is present. If not, download it for your current version:</div>
</li>
</ul>
<pre class="code">wget https://raw.githubusercontent.com/humhub/humhub/v1.3.15/composer.json</pre>
<ul>
<li class="level1"><div class="li"> Install the connector as a dependency: </div>
</li>
</ul>
<pre class="code">composer require --no-update --update-no-dev worteks/humhub-auth-oidc
composer update worteks/humhub-auth-oidc --no-dev --prefer-dist -vvv</pre>
<div class="noteclassic">If you just need to update the connector, change its version in composer.json and run the above composer update command.
</div><ul>
<li class="level1"><div class="li"> Edit {humhub_home}/protected/config/common.php with the client configuration :</div>
</li>
</ul>
<pre class="code">&#039;components&#039; =&gt; [
&#039;authClientCollection&#039; =&gt; [
&#039;clients&#039; =&gt; [
// ...
&#039;lemonldapng&#039; =&gt; [
&#039;class&#039; =&gt; &#039;worteks\humhub\authclient\OIDC&#039;,
&#039;domain&#039; =&gt; &#039;https://auth.example.com&#039;,
&#039;clientId&#039; =&gt; &#039;myClientId&#039;, // Client ID for this RP in LemonLDAP
&#039;clientSecret&#039; =&gt; &#039;myClientSecret&#039;, // Client secret for this RP in LemonLDAP
&#039;defaultTitle&#039; =&gt; &#039;auth.example.com&#039;, // Text displayed in login button
&#039;cssIcon&#039; =&gt; &#039;fa fa-lemon-o&#039;, // Icon displayed in login button
],
],
// ...
]</pre>
<ul>
<li class="level1"><div class="li"> Edit {humhub_home}/protected/config/web.php to disconnect users from LemonLDAP::NG after they logged out of Humhub:</div>
</li>
</ul>
<pre class="code">return [
// ...
&#039;modules&#039; =&gt; [
&#039;user&#039; =&gt; [
&#039;logoutUrl&#039; =&gt; &#039;https://auth.domain.com/?logout=1&#039;,
],
]
];</pre>
<p>
User can now log in through <abbr title="Single Sign On">SSO</abbr> using a button on humhub logging page. If you want to remove this intermediate login page, so user are automatically logged in through <abbr title="Single Sign On">SSO</abbr> when they first access Humhub, you can set up a redirection in the http server in front of the application :
</p>
<ul>
<li class="level1"><div class="li"> Example in apache</div>
</li>
</ul>
<pre class="code">RewriteEngine On
RewriteCond %{QUERY_STRING} !nosso [NC]
RewriteRule &quot;^/user/auth/login$&quot; &quot;/user/auth/external?authclient=lemonldapng&quot; [L,R=301]</pre>
<ul>
<li class="level1"><div class="li"> Example in nginx</div>
</li>
</ul>
<pre class="code">if ($query_string !~ &quot;nosso&quot;){
rewrite ^/user/auth/login$ /user/auth/external?authclient=lemonldapng permanent;
}</pre>
<p>
If the authentication was successful but the user could not be registered in Humhub (which often happen if there is a conflict between source, username or email), Humhub will redirect to the login page to display the error, which trigger a redirection to the portal, ultimately triggering a loop error while registration error is not displayed.
</p>
<p>
To change this behavior and display the registration error, AuthController.onAuthSuccess method needs to be adapted so redirect to <abbr title="Single Sign On">SSO</abbr> will be bypassed when a registration error occured. This works for version 1.3.15 :
</p>
<ul>
<li class="level1"><div class="li"> Go to {humhub_home} folder</div>
</li>
<li class="level1"><div class="li"> Execute</div>
</li>
</ul>
<pre class="code">sed -i &quot;s|return \$this-&gt;redirect(\[&#039;/user/auth/login&#039;\]);|return \$this-&gt;redirect([&#039;/user/auth/login&#039;,&#039;nosso&#039;=&gt;&#039;showerror&#039;]);|&quot; protected/humhub/modules/user/controllers/AuthController.php</pre>
</div>
<!-- EDIT4 SECTION "Configuring HumHub" [1451-4994] -->
<h3 class="sectionedit5" id="configuring_lemonldap">Configuring LemonLDAP</h3>
<div class="level3">
<p>
If not done yet, configure LemonLDAP::NG as an <a href="../openidconnectservice.html" class="wikilink1" title="documentation:2.0:openidconnectservice"> OpenID Connect service</a>.
</p>
<p>
Then, configure LemonLDAP::NG to recognize your HumHub instance as a valid <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect"> new OpenID Connect Relying Party </a> using the following parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Client ID</strong>: the same you set in HumHub configuration</div>
</li>
<li class="level2"><div class="li"> <strong>Client Secret</strong>: the same you set in HumHub configuration</div>
</li>
<li class="level2"><div class="li"> Add the following <strong>exported attributes</strong></div>
<ul>
<li class="level4"><div class="li"> <strong>given_name</strong>: user&#039;s givenName attribute</div>
</li>
<li class="level4"><div class="li"> <strong>family_name</strong>: user&#039;s sn attribute</div>
</li>
<li class="level4"><div class="li"> <strong>email</strong>: user&#039;s mail attribute</div>
</li>
</ul>
</li>
<li class="level2"><div class="li"> <strong>Redirect URIs</strong> containing your Yii2 auth client ID.</div>
</li>
</ul>
<p>
Configuration sample using CLI:
</p>
<pre class="code"> $ /usr/libexec/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataExportedVars/humhub given_name givenName \
oidcRPMetaDataExportedVars/humhub family_name sn \
oidcRPMetaDataExportedVars/humhub email mail \
oidcRPMetaDataOptions/humhub oidcRPMetaDataOptionsClientID myClientId \
oidcRPMetaDataOptions/humhub oidcRPMetaDataOptionsClientSecret myClientSecret \
oidcRPMetaDataOptions/humhub oidcRPMetaDataOptionsRedirectUris &#039;https://humhub.example.com/user/auth/external?authclient=lemonldapng&#039; \
oidcRPMetaDataOptions/humhub oidcRPMetaDataOptionsPostLogoutRedirectUris &#039;https://humhub.example.com&#039; \
oidcRPMetaDataOptions/humhub oidcRPMetaDataOptionsIDTokenSignAlg RS512 \
oidcRPMetaDataOptions/humhub oidcRPMetaDataOptionsIDTokenExpiration 3600 \
oidcRPMetaDataOptions/humhub oidcRPMetaDataOptionsAccessTokenExpiration 3600 \
oidcRPMetaDataOptions/humhub oidcRPMetaDataOptionsBypassConsent 1 &amp;&amp; \</pre>
</div>
<!-- EDIT5 SECTION "Configuring LemonLDAP" [4995-6736] -->
<h3 class="sectionedit6" id="migrate_former_local_or_ldap_humhub_account_to_connect_through_sso">Migrate former local or ldap Humhub account to connect through SSO</h3>
<div class="level3">
<p>
You need to manually update Humhub database to swith authentication mode to LemonLDAP::NG.
</p>
<p>
Table &quot;user&quot;:
</p>
<ul>
<li class="level1"><div class="li"> Columns &quot;username&quot; and &quot;email&quot; should match exactly OIDC sub and email attributes ;</div>
</li>
<li class="level1"><div class="li"> If former ldap user, change column &quot;auth_mode&quot; to &quot;local&quot;.</div>
</li>
</ul>
<p>
Table &quot;user_auth&quot;:
</p>
<ul>
<li class="level1"><div class="li"> Add an entry with user_id, username and &quot;lemonldapng&quot; as source (or the name you chose in your connector configuration) :</div>
</li>
</ul>
<pre class="code">+---------+-------------+-------------+
| user_id | source | source_id |
+---------+-------------+-------------+
| 4 | lemonldapng | jdoe |</pre>
</div>
<!-- EDIT6 SECTION "Migrate former local or ldap Humhub account to connect through SSO" [6737-7396] -->
<h3 class="sectionedit7" id="troubleshooting">Troubleshooting</h3>
<div class="level3">
<p>
If LemonLDAP login page freezes because of a browser security blockage, adapt security&#039;s CSP Form Action to allow HumHub host :
</p>
<pre class="code"> $ /usr/libexec/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 \
set \
cspFormAction &quot;&#039;self&#039; https://*.example.com&quot;</pre>
</div>
<!-- EDIT7 SECTION "Troubleshooting" [7397-] --></div>
</body>
</html>

285
doc/pages/documentation/current/applications/img/icons.png
View File

@ -1,285 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>documentation:2.0:applications:img:icons.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="documentation,2.0,applications,img,icons.png"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/documentation/2.0/applications/img/icons.png?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:2.0:applications:img"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/2.0/applications/img/icons.png"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/2.0/applications/img/icons.png"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=a3a28b97aa1359a6551738d33203e559"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications:img';var JSINFO = {"id":"documentation:2.0:applications:img:icons.png","namespace":"documentation:2.0:applications:img"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=a3a28b97aa1359a6551738d33203e559&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=cb8543bb80ff783430335c289801b508" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/documentation" class="wikilink1" title="documentation">documentation</a></bdi> » <bdi><a href="/documentation/2.0/start" class="wikilink1" title="documentation:2.0:start">2.0</a></bdi> » <bdi><a href="/documentation/2.0/applications" class="wikilink1" title="documentation:2.0:applications">applications</a></bdi> » <bdi><a href="/documentation/2.0/applications/img/start" class="wikilink2" title="documentation:2.0:applications:img:start" rel="nofollow">img</a></bdi> » <bdi><span class="curid"><a href="/documentation/2.0/applications/img/icons.png" class="wikilink2" title="documentation:2.0:applications:img:icons.png" rel="nofollow">icons.png</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">documentation:2.0:applications:img:icons.png</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on &quot;Create this page&quot;.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="social_networks">Social networks</h3>
<div class="level3">
<p>
<p><a href="https://twitter.com/lemonldapng/" class="btn btn-large btn-info"><i class="glyphicon glyphicon-retweet"></i> Twitter</a></p>
<p><a href="https://www.facebook.com/lemonldapng/" class="btn btn-large btn-primary"><i class="glyphicon glyphicon-thumbs-up"></i> Facebook</a></p>
</p>
<p>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Social networks" [41-433] -->
<h3 class="sectionedit2" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Hosted by" [434-568] -->
<h3 class="sectionedit3" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT3 SECTION "Certifications" [569-928] -->
<h3 class="sectionedit4" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="/_detail/logos/ow2_awards.png?id=default_sidebar" class="media" title="logos:ow2_awards.png"><img src="/_media/logos/ow2_awards.png?w=150&amp;tok=b33854" class="mediacenter" alt="" width="150" /></a>
</p>
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="urlextern" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow">OW2con&#039;14 Community Award</a>
</p>
<p>
<a href="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" class="urlextern" title="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" rel="nofollow">OW2con&#039;18 Community Award</a>
</p>
<p>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT4 SECTION "Awards" [929-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1588685800" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

285
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -1,285 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>documentation:2.0:applications:img:loader.gif [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="documentation,2.0,applications,img,loader.gif"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/documentation/2.0/applications/img/loader.gif?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:2.0:applications:img"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/2.0/applications/img/loader.gif"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/2.0/applications/img/loader.gif"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=a3a28b97aa1359a6551738d33203e559"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications:img';var JSINFO = {"id":"documentation:2.0:applications:img:loader.gif","namespace":"documentation:2.0:applications:img"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=a3a28b97aa1359a6551738d33203e559&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=cb8543bb80ff783430335c289801b508" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/documentation" class="wikilink1" title="documentation">documentation</a></bdi> » <bdi><a href="/documentation/2.0/start" class="wikilink1" title="documentation:2.0:start">2.0</a></bdi> » <bdi><a href="/documentation/2.0/applications" class="wikilink1" title="documentation:2.0:applications">applications</a></bdi> » <bdi><a href="/documentation/2.0/applications/img/start" class="wikilink2" title="documentation:2.0:applications:img:start" rel="nofollow">img</a></bdi> » <bdi><span class="curid"><a href="/documentation/2.0/applications/img/loader.gif" class="wikilink2" title="documentation:2.0:applications:img:loader.gif" rel="nofollow">loader.gif</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">documentation:2.0:applications:img:loader.gif</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on &quot;Create this page&quot;.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="social_networks">Social networks</h3>
<div class="level3">
<p>
<p><a href="https://twitter.com/lemonldapng/" class="btn btn-large btn-info"><i class="glyphicon glyphicon-retweet"></i> Twitter</a></p>
<p><a href="https://www.facebook.com/lemonldapng/" class="btn btn-large btn-primary"><i class="glyphicon glyphicon-thumbs-up"></i> Facebook</a></p>
</p>
<p>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Social networks" [41-433] -->
<h3 class="sectionedit2" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Hosted by" [434-568] -->
<h3 class="sectionedit3" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT3 SECTION "Certifications" [569-928] -->
<h3 class="sectionedit4" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="/_detail/logos/ow2_awards.png?id=default_sidebar" class="media" title="logos:ow2_awards.png"><img src="/_media/logos/ow2_awards.png?w=150&amp;tok=b33854" class="mediacenter" alt="" width="150" /></a>
</p>
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="urlextern" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow">OW2con&#039;14 Community Award</a>
</p>
<p>
<a href="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" class="urlextern" title="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" rel="nofollow">OW2con&#039;18 Community Award</a>
</p>
<p>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT4 SECTION "Awards" [929-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1588685800" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

193
doc/pages/documentation/current/applications/jitsimeet.html
View File

@ -1,193 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:jitsimeet</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,jitsimeet"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="jitsimeet.html"/>
<link rel="contents" href="jitsimeet.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:jitsimeet","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#pre-requisites">Pre-requisites</a></div></li>
<li class="level2"><div class="li"><a href="#jitsi_meet_configuration">Jitsi Meet configuration</a></div></li>
<li class="level2"><div class="li"><a href="#jitsi_meet_nginx_configuration">Jitsi Meet Nginx configuration</a></div></li>
<li class="level2"><div class="li"><a href="#jitsi_meet_virtual_host_in_manager">Jitsi Meet Virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="jitsi_meet">Jitsi Meet</h1>
<div class="level1">
<p>
<a href="logo-jitsimeet.png_documentation_2.0_applications_jitsimeet.html" class="media" title="applications:logo-jitsimeet.png"><img src="logo-jitsimeet.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Jitsi Meet" [1-67] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://github.com/jitsi/jitsi-meet" class="urlextern" title="https://github.com/jitsi/jitsi-meet" rel="nofollow">Jitsi Meet</a> is a WEBRTC-based video conferencing application, powering the <a href="http://meet.jit.si" class="urlextern" title="http://meet.jit.si" rel="nofollow">meet.jit.si</a> online service.
</p>
<p>
Users may install their own instance of Jitsi Meet for private use, in which case, they may use authentication to control the creation of conference rooms.
</p>
<p>
The official documentation provides instructions on <a href="https://github.com/jitsi/jicofo/blob/master/doc/shibboleth.md" class="urlextern" title="https://github.com/jitsi/jicofo/blob/master/doc/shibboleth.md" rel="nofollow">how to configure Jitsi Meet to use Shibboleth</a>, but with a little adaptation, it can work just as fine with LemonLDAP::NG.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [68-657] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [658-684] -->
<h3 class="sectionedit4" id="pre-requisites">Pre-requisites</h3>
<div class="level3">
<p>
In this guide, it is assumed that you have followed the <a href="https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md" class="urlextern" title="https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md" rel="nofollow">Jitsi Meet quick start</a> and that <strong>you have installed Nginx on your Jitsi Meet server first</strong>
</p>
<p>
If you have not done that, the Jitsi Meet installer will not generate a Nginx configuration file for you. This is not a problem is you are already using your own reverse proxy.
</p>
</div>
<!-- EDIT4 SECTION "Pre-requisites" [685-1112] -->
<h3 class="sectionedit5" id="jitsi_meet_configuration">Jitsi Meet configuration</h3>
<div class="level3">
<p>
As with the Shibboleth guide, you need to configure <code>/etc/jitsi/jicofo/sip-communicator.properties</code>
</p>
<pre class="code">org.jitsi.jicofo.auth.URL=shibboleth:default
org.jitsi.jicofo.auth.LOGOUT_URL=/logout/</pre>
<p>
This defines the login servlet as <code>/login/</code> and the logout <abbr title="Uniform Resource Locator">URL</abbr> as <code>/logout/</code>
</p>
</div>
<!-- EDIT5 SECTION "Jitsi Meet configuration" [1113-1437] -->
<h3 class="sectionedit6" id="jitsi_meet_nginx_configuration">Jitsi Meet Nginx configuration</h3>
<div class="level3">
<p>
In the Nginx configuration that the Jitsi Meet quickstart generated, you must add the following blocks, just like you would in a typical handler configuration file:
</p>
<pre class="code">
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
fastcgi_param HOST $http_host;
fastcgi_param X_ORIGINAL_URI $request_uri;
}
# Protect only the /login/ URL
# You may want to change this is your goal is to make the whole Jitsi Meet instance private
location /login/ {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
auth_request_set $mail $upstream_http_mail;
proxy_set_header mail $mail;
auth_request_set $displayname $upstream_http_displayName;
proxy_set_header displayName $displayname;
auth_request_set $lmcookie $upstream_http_cookie;
proxy_set_header Cookie: $lmcookie;
proxy_pass http://127.0.0.1:8888/login;
}</pre>
</div>
<!-- EDIT6 SECTION "Jitsi Meet Nginx configuration" [1438-2622] -->
<h3 class="sectionedit7" id="jitsi_meet_virtual_host_in_manager">Jitsi Meet Virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Jitsi Meet.
</p>
<p>
Configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>.
</p>
<ul>
<li class="level1"><div class="li"> Don&#039;t forget to configure the /logout/ <abbr title="Uniform Resource Locator">URL</abbr></div>
</li>
</ul>
<p>
Configure the following <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">headers</a>.
</p>
<ul>
<li class="level1"><div class="li"> <strong>mail</strong>: $mail</div>
</li>
<li class="level1"><div class="li"> <strong>displayName</strong>: $cn</div>
</li>
</ul>
<div class="notewarning">Jitsi meet expects to find a <code>mail</code> HTTP header, it will ignore REMOTE_USER and only use the mail value to identify the user.
</div>
</div>
<!-- EDIT7 SECTION "Jitsi Meet Virtual host in Manager" [2623-] --></div>
</body>
</html>

285
doc/pages/documentation/current/applications/jitsimet
View File

@ -1,285 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>documentation:2.0:applications:jitsimet [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="/lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="/lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/3.3.4/flatly/bootstrap.min.css" />
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,follow"/>
<meta name="keywords" content="documentation,2.0,applications,jitsimet"/>
<link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="LemonLDAP::NG"/>
<link rel="start" href="/"/>
<link rel="contents" href="/documentation/2.0/applications/jitsimet?do=index" title="Sitemap"/>
<link rel="alternate" type="application/rss+xml" title="Recent changes" href="/feed.php"/>
<link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&amp;ns=documentation:2.0:applications"/>
<link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/documentation/2.0/applications/jitsimet"/>
<link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/documentation/2.0/applications/jitsimet"/>
<link rel="stylesheet" type="text/css" href="/lib/exe/css.php?t=bootstrap3&amp;tseed=a3a28b97aa1359a6551738d33203e559"/>
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:jitsimet","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="/lib/exe/js.php?tseed=a3a28b97aa1359a6551738d33203e559&amp;template=bootstrap3"></script>
<script type="text/javascript" src="/lib/tpl/bootstrap3/assets/bootstrap/js/bootstrap.min.js"></script>
<style type="text/css">
body { padding-top: 20px; }
</style>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script type="text/javascript" src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script type="text/javascript" src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body class="flatly page-on-panel">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__site" class="container">
<div id="dokuwiki__top" class="site dokuwiki mode_show tpl_bootstrap3 notFound hasSidebar">
<!-- header -->
<div id="dokuwiki__header">
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/start" accesskey="h" title="[H]" class="navbar-brand"><img src="/_media/wiki/logo.png" alt="LemonLDAP::NG" class="pull-left" id="dw__logo" width="20" height="20" /> <span id="dw__title" >LemonLDAP::NG</span></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav" id="dw__navbar">
<!-- <li>
<a href="/start" ><i class="glyphicon glyphicon-home"></i> Home</a></li> -->
<li>
<a href="/download" ><i class="glyphicon glyphicon-download"></i> Download</a></li>
<li>
<a href="/documentation" ><i class="glyphicon glyphicon-book"></i> Documentation</a></li>
<li>
<a href="/screenshots" ><i class="glyphicon glyphicon-picture"></i> Screenshots</a></li>
<li class="dropdown ">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-question-sign"></span> Contact <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/contact" ><i class="glyphicon glyphicon-envelope"></i> Mails, IRC and more</a></li>
<li><a href="/team" ><i class="glyphicon glyphicon-user"></i> The team</a></li>
<li><a href="/professionalservices" ><i class="glyphicon glyphicon-briefcase"></i> Professional Services</a></li>
<li><a href="/references" ><i class="glyphicon glyphicon-sunglasses"></i> References</a></li>
<li><a href="/sponsors" ><i class="glyphicon glyphicon-piggy-bank"></i> Sponsors</a></li>
</ul>
</li>
</ul>
<div class="navbar-right">
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/jitsimet?do=login&amp;sectok=cb8543bb80ff783430335c289801b508" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
</div>
</div>
</nav>
</div>
<!-- /header -->
<div id="dw__breadcrumbs">
<hr/>
<div class="breadcrumb"><span class="bchead">You are here: </span><span class="home"><bdi><a href="/start" class="wikilink1" title="start">start</a></bdi></span> » <bdi><a href="/documentation" class="wikilink1" title="documentation">documentation</a></bdi> » <bdi><a href="/documentation/2.0/start" class="wikilink1" title="documentation:2.0:start">2.0</a></bdi> » <bdi><a href="/documentation/2.0/applications" class="wikilink1" title="documentation:2.0:applications">applications</a></bdi> » <bdi><span class="curid"><a href="/documentation/2.0/applications/jitsimet" class="wikilink2" title="documentation:2.0:applications:jitsimet" rel="nofollow">jitsimet</a></span></bdi></div>
<hr/>
</div>
<p class="pageId text-right">
<span class="label label-default">documentation:2.0:applications:jitsimet</span>
</p>
<div id="dw__msgarea">
</div>
<main class="main row" role="main">
<!-- ********** CONTENT ********** -->
<article id="dokuwiki__content" class="col-sm-9 col-md-10 " >
<div class="panel panel-default" >
<div class="page group panel-body">
<div class="pull-right hidden-print" data-spy="affix" data-offset-top="150" style="z-index:1024; top:10px; right:10px;">
</div>
<!-- wikipage start -->
<h1 class="sectionedit1" id="this_topic_does_not_exist_yet">This topic does not exist yet</h1>
<div class="level1">
<p>
You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissions allow, you may create it by clicking on &quot;Create this page&quot;.
</p>
</div>
<!-- wikipage stop -->
</div>
</div>
</article>
<!-- ********** ASIDE ********** -->
<aside id="dokuwiki__aside" class="dw__sidebar col-sm-3 col-md-2 hidden-print">
<div class="content">
<div class="toogle hidden-lg hidden-md hidden-sm" data-toggle="collapse" data-target="#dokuwiki__aside .collapse">
<i class="glyphicon glyphicon-th-list"></i> Sidebar </div>
<div class="collapse in">
<p>
<div class="text-center">
</p>
<h3 class="sectionedit1" id="social_networks">Social networks</h3>
<div class="level3">
<p>
<p><a href="https://twitter.com/lemonldapng/" class="btn btn-large btn-info"><i class="glyphicon glyphicon-retweet"></i> Twitter</a></p>
<p><a href="https://www.facebook.com/lemonldapng/" class="btn btn-large btn-primary"><i class="glyphicon glyphicon-thumbs-up"></i> Facebook</a></p>
</p>
<p>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT1 SECTION "Social networks" [41-433] -->
<h3 class="sectionedit2" id="hosted_by">Hosted by</h3>
<div class="level3">
<p>
<a href="http://www.ow2.org" class="media" title="http://www.ow2.org" rel="nofollow"><img src="/_media/logos/ow2.png?w=150&amp;tok=b7af43" class="mediacenter" alt="" width="150" /></a>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT2 SECTION "Hosted by" [434-568] -->
<h3 class="sectionedit3" id="certifications">Certifications</h3>
<div class="level3">
<p>
<a href="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" class="media" title="https://partenaires.franceconnect.gouv.fr/references#LogicielslibresFranceConnectables" rel="nofollow"><img src="/_media/applications/franceconnect_logo.png" class="mediacenter" alt="" /></a>
<strong>France Connect</strong>
</p>
<p>
<a href="https://fusioniam.org" class="media" title="https://fusioniam.org" rel="nofollow"><img src="/_media/logos/fusioniam_logo_icon_dragon_circle.png" class="mediacenter" alt="" /></a>
<strong>FusionIAM projet member</strong>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
</div>
<!-- EDIT3 SECTION "Certifications" [569-928] -->
<h3 class="sectionedit4" id="awards">Awards</h3>
<div class="level3">
<p>
<a href="/_detail/logos/ow2_awards.png?id=default_sidebar" class="media" title="logos:ow2_awards.png"><img src="/_media/logos/ow2_awards.png?w=150&amp;tok=b33854" class="mediacenter" alt="" width="150" /></a>
</p>
<p>
<a href="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" class="urlextern" title="https://www.ow2con.org/view/2014/Awards_Results?year=2014&amp;event=OW2con14" rel="nofollow">OW2con&#039;14 Community Award</a>
</p>
<p>
<a href="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" class="urlextern" title="https://www.ow2con.org/view/2018/Awards_Results?year=2018&amp;event=OW2con18" rel="nofollow">OW2con&#039;18 Community Award</a>
</p>
<p>
</div>
</p>
<hr />
<p>
<div class="text-center">
</p>
<p>
<script type="text/javascript" src="http://www.openhub.net/p/12421/widgets/project_users.js?style=blue"></script>
</div>
</p>
<script type='text/javascript'>
var ab_h = '321e562442494652658acbc3fd84ec80';
var ab_s = '6ca5df30810665e075f684a87e742175';
</script>
<script type='text/javascript' src='http://cdn1.adbard.net/js/ab1.js'></script>
</div>
<!-- EDIT4 SECTION "Awards" [929-] --> </div>
</div>
</aside>
</main>
<footer id="dokuwiki__footer" class="small hidden-print">
<a href="javascript:void(0)" class="back-to-top hidden-print btn btn-default btn-sm" title="skip to content>" id="back-to-top"><i class="glyphicon glyphicon-chevron-up"></i></a>
<div class="text-center">
<p id="dw__license">
<div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="license" class="urlextern">CC Attribution-Noncommercial-Share Alike 3.0 Unported</a></bdi></div> </p>
</div>
</footer>
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Ajitsimet&amp;1588685818" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>
<span class="visible-md"></span>
<span class="visible-lg"></span>
</div>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

262
doc/pages/documentation/current/applications/liferay.html
View File

@ -1,262 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:liferay</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,liferay"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="liferay.html"/>
<link rel="contents" href="liferay.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:liferay","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#liferay_administration">Liferay administration</a></div></li>
<li class="level2"><div class="li"><a href="#liferay_virtual_host">Liferay virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#liferay_virtual_host_in_manager">Liferay virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="liferay">Liferay</h1>
<div class="level1">
<p>
<a href="liferay_logo.png_documentation_2.0_applications_liferay.html" class="media" title="applications:liferay_logo.png"><img src="liferay_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Liferay" [1-62] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.liferay.com/" class="urlextern" title="http://www.liferay.com/" rel="nofollow">Liferay</a> is an enterprise portal.
</p>
<p>
Liferay can use <abbr title="LemonLDAP::NG">LL::NG</abbr> as an <abbr title="Single Sign On">SSO</abbr> provider but you have to manage how users are created:
</p>
<ul>
<li class="level1"><div class="li"> By hand in Liferay administration screens</div>
</li>
<li class="level1"><div class="li"> Imported from an LDAP directory</div>
</li>
</ul>
<p>
Of course, integration will be full if you use the LDAP directory as users backend for <abbr title="LemonLDAP::NG">LL::NG</abbr> and Liferay.
</p>
<div class="noteimportant">If the user is not created, or can not be created via LDAP import, the connection to Liferay will be refused. With LDAP, login, mail, first name and last name are required attributes. If one is missing, the user is not created.
</div>
<p>
This documentation just explains how to set up the <abbr title="Single Sign On">SSO</abbr> part. Please refer to Liferay documentation to enable LDAP provisionning.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [63-811] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [812-838] -->
<h3 class="sectionedit4" id="liferay_administration">Liferay administration</h3>
<div class="level3">
<p>
Access to Liferay (first time):
</p>
<p>
<a href="../documentation/liferay_1.png_documentation_2.0_applications_liferay.html" class="media" title="documentation:liferay_1.png"><img src="../documentation/liferay_1.94a72585e62a429cc5c188c3d9a9c85c.png" class="mediacenter" alt="" width="600" /></a>
</p>
<p>
Login as administrator:
</p>
<p>
<a href="../documentation/liferay_2.png_documentation_2.0_applications_liferay.html" class="media" title="documentation:liferay_2.png"><img src="../documentation/liferay_2.b944cb61ce083c0d7aff1c6bb39760a8.png" class="mediacenter" alt="" width="600" /></a>
</p>
<p>
Go to <code>My Account</code>:
</p>
<p>
<a href="../documentation/liferay_3.png_documentation_2.0_applications_liferay.html" class="media" title="documentation:liferay_3.png"><img src="../documentation/liferay_3.106daffc84135665df6492b59ba36161.png" class="mediacenter" alt="" width="600" /></a>
</p>
<p>
Go to <code>Portal</code> » <code>Settings</code>:
</p>
<p>
<a href="../documentation/liferay_4.png_documentation_2.0_applications_liferay.html" class="media" title="documentation:liferay_4.png"><img src="../documentation/liferay_4.9717b5c8fd0a478a12196d8d5e1594bf.png" class="mediacenter" alt="" width="600" /></a>
</p>
<p>
Go to <code>Configuration</code> » <code>Authentication</code>:
</p>
<p>
<a href="../documentation/liferay_5.png_documentation_2.0_applications_liferay.html" class="media" title="documentation:liferay_5.png"><img src="../documentation/liferay_5.5ef2170a751fda36715b5b189c9ca156.png" class="mediacenter" alt="" width="600" /></a>
</p>
<p>
In <code>General</code>, fill at least the following information:
</p>
<ul>
<li class="level1"><div class="li"> <strong>How do users authenticate?</strong>: by login</div>
</li>
</ul>
<div class="notetip">We advice to deactivate other options, cause users will use <abbr title="LemonLDAP::NG">LL::NG</abbr> portal to modify or reset their password.
</div>
<p>
<a href="../documentation/liferay_6.png_documentation_2.0_applications_liferay.html" class="media" title="documentation:liferay_6.png"><img src="../documentation/liferay_6.b1ca978c06cd86fd0c88798e4edf1f67.png" class="mediacenter" alt="" width="600" /></a>
</p>
<div class="noteimportant">You need to activate LDAP authentication, else <abbr title="Single Sign On">SSO</abbr> authentication will not work. Do this in the control panel or in the configuration file:
<pre class="file">ldap.auth.enabled=true</pre>
</div>
<p>
Then use the <code>SiteMinder</code> tab to configure <abbr title="Single Sign On">SSO</abbr>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Enabled</strong>: Yes</div>
</li>
<li class="level1"><div class="li"> <strong>Import from LDAP</strong>: Yes (see <a href="#presentation" title="documentation:2.0:applications:liferay ↵" class="wikilink1">presentation</a>)</div>
</li>
<li class="level1"><div class="li"> <strong>User Header</strong>: Auth-User (case sensitive)</div>
</li>
</ul>
<p>
<a href="../documentation/liferay_7.png_documentation_2.0_applications_liferay.html" class="media" title="documentation:liferay_7.png"><img src="../documentation/liferay_7.89d02254915d5717ce4e8d315559763f.png" class="mediacenter" alt="" width="600" /></a>
</p>
<div class="noteimportant">Do not forget to save your changes!
</div>
</div>
<!-- EDIT4 SECTION "Liferay administration" [839-2004] -->
<h3 class="sectionedit5" id="liferay_virtual_host">Liferay virtual host</h3>
<div class="level3">
<p>
Configure Liferay virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> liferay.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name liferay.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "Liferay virtual host" [2005-3261] -->
<h3 class="sectionedit6" id="liferay_virtual_host_in_manager">Liferay virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Liferay.
</p>
<p>
Just configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>. You can add a rule for logout:
</p>
<pre class="code"> ^/c/portal/logout =&gt; logout_sso</pre>
<p>
Configure the <code>Auth-User</code> <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">header</a>.
</p>
</div>
<!-- EDIT6 SECTION "Liferay virtual host in Manager" [3262-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/liferay_logo.png_documentation_2.0_applications_liferay.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:liferay_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="liferay.html"/>
<link rel="contents" href="liferay.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:liferay_logo.png </h1>
<div class="content">
<a href="liferay_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="160" height="80" class="img_detail" alt="liferay_logo.png" title="liferay_logo.png" src="liferay_logo.7d29538169646fbbb91133a78a0c2ff8.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> liferay_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>liferay_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>7KB</dd><dt>Width:</dt><dd>160</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="liferay.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:liferay [B]">Back to documentation:2.0:applications:liferay</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

212
doc/pages/documentation/current/applications/limesurvey.html
View File

@ -1,212 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:limesurvey</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,limesurvey"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="limesurvey.html"/>
<link rel="contents" href="limesurvey.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:limesurvey","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#http_headers">HTTP Headers</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#limesurvey_configuration">LimeSurvey configuration</a></div></li>
<li class="level2"><div class="li"><a href="#limesurvey_virtual_host">LimeSurvey virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#limesurvey_virtual_host_in_manager">LimeSurvey virtual host in Manager</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#headers">Headers</a></div></li>
<li class="level3"><div class="li"><a href="#rules">Rules</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="limesurvey">LimeSurvey</h1>
<div class="level1">
<p>
<a href="limesurvey_logo.png_documentation_2.0_applications_limesurvey.html" class="media" title="applications:limesurvey_logo.png"><img src="limesurvey_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "LimeSurvey" [1-70] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.limesurvey.org" class="urlextern" title="http://www.limesurvey.org" rel="nofollow">LimeSurvey</a> is a web survey software written in PHP.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [71-180] -->
<h2 class="sectionedit3" id="http_headers">HTTP Headers</h2>
<div class="level2">
<p>
LimeSurvey has a webserver authentication mode that allows one to integrate it directly into LemonLDAP::NG.
</p>
<p>
To have a stronger integration, we will configure LimeSurvey to autocreate unknown users and use HTTP headers to fill name and mail.
</p>
<div class="noteclassic">We suppose that LimeSurvey is installed in /var/www/html/limesurvey
</div>
</div>
<!-- EDIT3 SECTION "HTTP Headers" [181-531] -->
<h3 class="sectionedit4" id="limesurvey_configuration">LimeSurvey configuration</h3>
<div class="level3">
<p>
In Administration panel, go in Configuration &gt; Parameters &gt; Extensions manager. Select the WebServer module and configure it.
</p>
<p>
<img src="screenshot_limesurvey_configuration.png" class="mediacenter" title="
" alt="
" />
</p>
<p>
This is enough for the authentication part.
</p>
<div class="notetip">If you are blocked, you can deactivate the plugin with this request in database:
<pre class="code">update lime_plugins SET active=0 where name=&quot;Authwebserver&quot;;</pre>
</div>
<p>
To configure account autocreation, you need to edit application/config/config.php:
The configuration is done in config.php:
</p>
<pre class="code">vi /var/www/html/limesurvey/application/config/config.php</pre>
<pre class="code file php"> <span class="st_h">'config'</span><span class="sy0">=&gt;</span><a href="http://www.php.net/array"><span class="kw3">array</span></a><span class="br0">&#40;</span>
<span class="co1">// debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this</span>
<span class="co1">// then please check your error-logs - either in your hosting provider admin panel or in some /logs directory</span>
<span class="co1">// on your webspace.</span>
<span class="co1">// LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates</span>
<span class="st_h">'debug'</span><span class="sy0">=&gt;</span><span class="nu0">0</span><span class="sy0">,</span>
<span class="st_h">'debugsql'</span><span class="sy0">=&gt;</span><span class="nu0">0</span><span class="sy0">,</span> <span class="co1">// Set this to 1 to enanble sql logging, only active when debug = 2</span>
<span class="co1">// Update default LimeSurvey config here</span>
<span class="st_h">'auth_webserver_autocreate_user'</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="st_h">'auth_webserver_autocreate_profile'</span> <span class="sy0">=&gt;</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">&#40;</span><span class="st_h">'full_name'</span> <span class="sy0">=&gt;</span> <span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st_h">'HTTP_AUTH_CN'</span><span class="br0">&#93;</span><span class="sy0">,</span><span class="st_h">'email'</span> <span class="sy0">=&gt;</span> <span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st_h">'HTTP_AUTH_MAIL'</span><span class="br0">&#93;</span><span class="sy0">,</span><span class="st_h">'lang'</span><span class="sy0">=&gt;</span><span class="st_h">'en'</span><span class="br0">&#41;</span><span class="sy0">,</span>
<span class="st_h">'auth_webserver_autocreate_permissions'</span> <span class="sy0">=&gt;</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">&#40;</span><span class="st_h">'surveys'</span> <span class="sy0">=&gt;</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a><span class="br0">&#40;</span><span class="st_h">'create'</span><span class="sy0">=&gt;</span><span class="kw4">true</span><span class="sy0">,</span><span class="st_h">'read'</span><span class="sy0">=&gt;</span><span class="kw4">false</span><span class="sy0">,</span><span class="st_h">'update'</span><span class="sy0">=&gt;</span><span class="kw4">false</span><span class="sy0">,</span><span class="st_h">'delete'</span><span class="sy0">=&gt;</span><span class="kw4">false</span><span class="br0">&#41;</span><span class="br0">&#41;</span><span class="sy0">,</span>
<span class="br0">&#41;</span></pre>
<p>
See also <a href="https://manual.limesurvey.org/Optional_settings#Authentication_delegation_with_automatic_user_import" class="urlextern" title="https://manual.limesurvey.org/Optional_settings#Authentication_delegation_with_automatic_user_import" rel="nofollow">https://manual.limesurvey.org/Optional_settings#Authentication_delegation_with_automatic_user_import</a>
</p>
</div>
<!-- EDIT4 SECTION "LimeSurvey configuration" [532-2298] -->
<h3 class="sectionedit5" id="limesurvey_virtual_host">LimeSurvey virtual host</h3>
<div class="level3">
<p>
Configure LimeSurvey virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
</div>
<!-- EDIT5 SECTION "LimeSurvey virtual host" [2299-2422] -->
<h3 class="sectionedit6" id="limesurvey_virtual_host_in_manager">LimeSurvey virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for LimeSurvey.
</p>
</div>
<h4 id="headers">Headers</h4>
<div class="level4">
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Header name </th><th class="col1 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> Auth-User </td><td class="col1 centeralign"> user login </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> Auth-Cn </td><td class="col1 centeralign"> user full name </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> Auth-Mail </td><td class="col1 centeralign"> user email </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [2595-2723] -->
</div>
<h4 id="rules">Rules</h4>
<div class="level4">
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Rule name </th><th class="col1 centeralign"> Expression </th><th class="col2 centeralign"> Description </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> Logout </td><td class="col1 centeralign"> /sa/logout$ </td><td class="col2 centeralign"> Logout rule (for example logout_app_sso) </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> Admin </td><td class="col1 centeralign"> ^/(index\.php/)?admin </td><td class="col2 centeralign"> Allow only admin and superadmin users </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> Default </td><td class="col1 centeralign"> default </td><td class="col2 centeralign"> Allow only users with a LimeSurvey role </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [2740-3024] --><div class="notetip">You can set the default access to:<ul>
<li class="level1"><div class="li"> <strong>accept</strong>: all authenticated users will access surveys</div>
</li>
<li class="level1"><div class="li"> <strong>unprotect</strong>: no authentication will be asked to access surveys </div>
</li>
</ul>
</div>
</div>
<!-- EDIT6 SECTION "LimeSurvey virtual host in Manager" [2423-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/limesurvey_logo.png_documentation_2.0_applications_limesurvey.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:limesurvey_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="limesurvey.html"/>
<link rel="contents" href="limesurvey.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:limesurvey_logo.png </h1>
<div class="content">
<a href="limesurvey_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="208" height="155" class="img_detail" alt="limesurvey_logo.png" title="limesurvey_logo.png" src="limesurvey_logo.7289f5fab790c74ee63749c18e6c6735.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> limesurvey_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>limesurvey_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>32KB</dd><dt>Width:</dt><dd>208</dd><dt>Height:</dt><dd>155</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="limesurvey.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:limesurvey [B]">Back to documentation:2.0:applications:limesurvey</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

103
doc/pages/documentation/current/applications/logo-jitsimeet.png_documentation_2.0_applications_jitsimeet.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:logo-jitsimeet.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="jitsimeet.html"/>
<link rel="contents" href="jitsimeet.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:logo-jitsimeet.png </h1>
<div class="content">
<a href="logo-jitsimeet.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="215" height="70" class="img_detail" alt="logo-jitsimeet.png" title="logo-jitsimeet.png" src="logo-jitsimeet.c57b9842beb20cba1e840f922bc0767f.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> logo-jitsimeet.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2019/06/03 16:28</dd><dt>Filename:</dt><dd>logo-jitsimeet.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>9KB</dd><dt>Width:</dt><dd>215</dd><dt>Height:</dt><dd>70</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="jitsimeet.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:jitsimeet [B]">Back to documentation:2.0:applications:jitsimeet</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

207
doc/pages/documentation/current/applications/mattermost.html
View File

@ -1,207 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:mattermost</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,mattermost"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="mattermost.html"/>
<link rel="contents" href="mattermost.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:mattermost","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuring_mattermost_team_edition">Configuring Mattermost Team Edition</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#configuring_your_web_server">Configuring your web server</a></div></li>
<li class="level2"><div class="li"><a href="#configuring_lemonldap">Configuring LemonLDAP</a></div></li>
<li class="level2"><div class="li"><a href="#troubleshooting">Troubleshooting</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="mattermost_team_edition">Mattermost Team Edition</h1>
<div class="level1">
<p>
<img src="mattermost_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Mattermost Team Edition" [1-88] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Mattermost is a team-based instant messaging application.
</p>
<p>
See <a href="https://mattermost.com/" class="urlextern" title="https://mattermost.com/" rel="nofollow">the official Mattermost website</a> for a complete presentation.
</p>
<p>
Mattermost follows an Open Core development model. The freely available <a href="https://docs.mattermost.com/developer/manifesto.html" class="urlextern" title="https://docs.mattermost.com/developer/manifesto.html" rel="nofollow">Team edition</a> contains all the basic chat features, but lack the integration capabilities found in the <a href="https://mattermost.com/pricing/" class="urlextern" title="https://mattermost.com/pricing/" rel="nofollow">Enterprise edition</a>.
</p>
<p>
The Enterprise edition provides <a href="https://docs.mattermost.com/deployment/sso-saml.html" class="urlextern" title="https://docs.mattermost.com/deployment/sso-saml.html" rel="nofollow">SAML integration</a> out of the box, and you can configure it just like <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">any other SAML service in LemonLDAP::NG</a>
</p>
<p>
The Team edition, however, only provides <abbr title="Single Sign On">SSO</abbr> integration with Gitlab.
</p>
<p>
However, it is possible to configure LemonLDAP::NG to behave exactly like a Gitlab Oauth2 server, allowing Mattermost Team Edition to be integrated with LemonLDAP::NG without having to use a <a href="gitlab.html" class="wikilink1" title="documentation:2.0:applications:gitlab">Gitlab</a> server.
</p>
<div class="notewarning">The following configuration requires your user database to expose a unique numeric identifier for every user.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [89-1191] -->
<h2 class="sectionedit3" id="configuring_mattermost_team_edition">Configuring Mattermost Team Edition</h2>
<div class="level2">
<p>
Configuring Mattermost through the <em>System Console</em> will not allow you to set the correct URLs. You need to edit the Mattermost configuration file, and avoid changing Gitlab integration settings in the <em>System Console</em>
</p>
<p>
Set the following settings in <code>/opt/mattermost/config/config.json</code>
</p>
<pre class="code"> &quot;GitLabSettings&quot;: {
&quot;Enable&quot;: true,
&quot;Secret&quot;: &quot;CHOOSE_A_CLIENT_SECRET&quot;,
&quot;Id&quot;: &quot;CHOOSE_A_CLIENT_ID&quot;,
&quot;Scope&quot;: &quot;&quot;,
&quot;AuthEndpoint&quot;: &quot;https://auth.example.com/oauth2/gitlab_authorize&quot;,
&quot;TokenEndpoint&quot;: &quot;https://auth.example.com/oauth2/token&quot;,
&quot;UserApiEndpoint&quot;: &quot;https://auth.example.com/oauth2/userinfo&quot;
},</pre>
</div>
<!-- EDIT3 SECTION "Configuring Mattermost Team Edition" [1192-1919] -->
<h3 class="sectionedit4" id="configuring_your_web_server">Configuring your web server</h3>
<div class="level3">
<p>
Mattermost does not use OpenID Connect to communicate with Gitlab, but uses plain OAuth2 instead. Because of that, LemonLDAP::NG will not receive the <code>scope=</code> parameter and will display an error on the portal when trying to authenticate.
</p>
<p>
In order to fix this, we can add a fake OAuth2 authorize <abbr title="Uniform Resource Locator">URL</abbr> on the LemonLDAP::NG server that will automatically add this <code>scope=</code> parametrer, before sending the request to the correct OIDC <abbr title="Uniform Resource Locator">URL</abbr>
</p>
<p>
Here is an example configuration for Nginx, add it in your Portal virtualhost before any other rewrite rule:
</p>
<pre class="code"> rewrite ^/oauth2/gitlab_(authorize.*)$ https://auth.example.com/oauth2/$1?scope=openid%20gitlab ;</pre>
<p>
And if you are using Apache
</p>
<pre class="code">RewriteRule &quot;^/oauth2/gitlab_authorize(.*)$&quot; &quot;https://auth.example.com/oauth2/authorize?$1scope=openid gitlab&quot; [QSA,NE]</pre>
</div>
<!-- EDIT4 SECTION "Configuring your web server" [1920-2789] -->
<h3 class="sectionedit5" id="configuring_lemonldap">Configuring LemonLDAP</h3>
<div class="level3">
<p>
We now have to configure LemonLDAP::NG to recognize Mattermost as a valid OAuth2 relaying party and send it the information it needs to recognize a user.
</p>
<p>
Add a <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect"> new OpenID Connect relaying party </a> with the following parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Client ID</strong>: the same you set in Mattermost configuration</div>
</li>
<li class="level2"><div class="li"> <strong>Client Secret</strong>: the same you set in Mattermost configuration</div>
</li>
<li class="level2"><div class="li"> Add a new scope in &quot;Extra claims&quot;</div>
<ul>
<li class="level4"><div class="li"> <strong>Key</strong>: <code>gitlab</code></div>
</li>
<li class="level4"><div class="li"> <strong>Value</strong>: <code>id username name email</code></div>
</li>
</ul>
</li>
<li class="level2"><div class="li"> Add the following exported attributes</div>
<ul>
<li class="level4"><div class="li"> <code>username</code>: set it to the session attribute containing the user login</div>
</li>
<li class="level4"><div class="li"> <code>name</code>: session attribute containing the user&#039;s full name</div>
</li>
<li class="level4"><div class="li"> <code>email</code>: session attribute containing the user&#039;s email</div>
</li>
<li class="level4"><div class="li"> <code>id</code>: session attribute containing the user&#039;s numeric ID</div>
</li>
</ul>
</li>
</ul>
<div class="notewarning">Mattermost absolutely needs to receive a numerical value in the <code>id</code> claim. If you are using a LDAP server, you could use the <code>uidNumber</code> LDAP attribute. If you use something else, you will have to find a trick to assign a unique numeric ID to each Mattermost user.
<p>
The <code>id</code> attribute has to be different for each user, since this is the field Mattermost will use internally to map Gitlab identities to Mattermost accouts.
</p>
</div>
</div>
<!-- EDIT5 SECTION "Configuring LemonLDAP" [2790-4119] -->
<h3 class="sectionedit6" id="troubleshooting">Troubleshooting</h3>
<div class="level3">
<p>
If you see a HTTP code 500 when going back to mattermost, with a panic() in <code>(*GitLabUser).IsValid(...)</code> , it probably means that you are not exporting the correct attributes, but it can also mean that <code>id</code> is exported as a JSON string.
</p>
<p>
If this case, it can help to create a macro, for example <code>uidNumber_n</code>, with a value of <code>$uidNumber + 0</code> to force conversion to a numeric value. You must then export it as the <code>id</code> field in the Relaying Party configuration.
</p>
</div>
<!-- EDIT6 SECTION "Troubleshooting" [4120-] --></div>
</body>
</html>

263
doc/pages/documentation/current/applications/mediawiki.html
View File

@ -1,263 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:mediawiki</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,mediawiki"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="mediawiki.html"/>
<link rel="contents" href="mediawiki.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:mediawiki","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#installation">Installation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#mediwiki_local_configuration">MediWiki local configuration</a></div></li>
<li class="level2"><div class="li"><a href="#mediawiki_virtual_host">MediaWiki virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#mediawiki_virtual_host_in_manager">MediaWiki virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="mediawiki">MediaWiki</h1>
<div class="level1">
<p>
<a href="mediawiki_logo.png_documentation_2.0_applications_mediawiki.html" class="media" title="applications:mediawiki_logo.png"><img src="mediawiki_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "MediaWiki" [1-66] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.mediawiki.org" class="urlextern" title="http://www.mediawiki.org" rel="nofollow">MediaWiki</a> is a wiki software, used by the well known <a href="http://www.wikipedia.org" class="urlextern" title="http://www.wikipedia.org" rel="nofollow">Wikipedia</a>.
</p>
<p>
Several extensions allows one to configure <abbr title="Single Sign On">SSO</abbr> on MediaWiki:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" rel="nofollow">Automatic REMOTE_USER</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://www.mediawiki.org/wiki/Extension:Siteminder_Authentication" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:Siteminder_Authentication" rel="nofollow">Siteminder Authentication</a></div>
</li>
</ul>
<p>
We will explain how to use <a href="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" rel="nofollow">Automatic REMOTE_USER</a> extension.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [67-594] -->
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">
<p>
The extension is presented here: <a href="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" class="urlextern" title="http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER" rel="nofollow">http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER</a>
</p>
<p>
You can download the code here: <a href="https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser" class="urlextern" title="https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser" rel="nofollow">https://www.mediawiki.org/wiki/Special:ExtensionDistributor/Auth_remoteuser</a>
</p>
<p>
You have to install <code> Auth_remoteuser</code> in the <code>extensions/</code> directory of your MediaWiki installation:
</p>
<pre class="code">cp -a Auth_remoteuser/ extensions/</pre>
</div>
<!-- EDIT3 SECTION "Installation" [595-989] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [990-1016] -->
<h3 class="sectionedit5" id="mediwiki_local_configuration">MediWiki local configuration</h3>
<div class="level3">
<p>
Then edit MediaWiki local settings
</p>
<pre class="code">vi LocalSettings.php</pre>
<pre class="code file php"><span class="kw1">require_once</span> <span class="st0">&quot;<span class="es4">$IP</span>/extensions/Auth_remoteuser/Auth_remoteuser.php&quot;</span><span class="sy0">;</span>
<span class="re0">$wgAuth</span> <span class="sy0">=</span> <span class="kw2">new</span> Auth_remoteuser<span class="br0">&#40;</span><span class="br0">&#41;</span><span class="sy0">;</span></pre>
<p>
Add then extension configuration, for example:
</p>
<pre class="code file php"><span class="re0">$wgAuthRemoteuserAuthz</span> <span class="sy0">=</span> <span class="kw4">true</span><span class="sy0">;</span> <span class="coMULTI">/* Your own authorization test */</span>
<span class="re0">$wgAuthRemoteuserName</span> <span class="sy0">=</span> <span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st0">&quot;HTTP_AUTH_CN&quot;</span><span class="br0">&#93;</span><span class="sy0">;</span> <span class="coMULTI">/* User's name */</span>
<span class="re0">$wgAuthRemoteuserMail</span> <span class="sy0">=</span> <span class="re0">$_SERVER</span><span class="br0">&#91;</span><span class="st0">&quot;HTTP_AUTH_MAIL&quot;</span><span class="br0">&#93;</span><span class="sy0">;</span> <span class="coMULTI">/* User's Mail */</span>
<span class="re0">$wgAuthRemoteuserNotify</span> <span class="sy0">=</span> <span class="kw4">false</span><span class="sy0">;</span> <span class="coMULTI">/* Do not send mail notifications */</span>
<span class="co1">//$wgAuthRemoteuserDomain = &quot;NETBIOSDOMAIN&quot;; /* Remove NETBIOSDOMAIN\ from the beginning or @NETBIOSDOMAIN at the end of a IWA username */</span>
<span class="coMULTI">/* User's mail domain to append to the user name to make their email address */</span>
<span class="co1">//$wgAuthRemoteuserMailDomain = &quot;example.com&quot;;</span>
&nbsp;
<span class="co1">// see http://www.mediawiki.org/wiki/Manual:Hooks/SpecialPage_initList</span>
<span class="co1">// and http://www.mediawiki.org/w/Manual:Special_pages</span>
<span class="co1">// and http://lists.wikimedia.org/pipermail/mediawiki-l/2009-June/031231.html</span>
<span class="co1">// disable login and logout functions for all users</span>
<span class="kw2">function</span> LessSpecialPages<span class="br0">&#40;</span><span class="sy0">&amp;</span><span class="re0">$list</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
<a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$list</span><span class="br0">&#91;</span><span class="st_h">'Userlogout'</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
<a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$list</span><span class="br0">&#91;</span><span class="st_h">'Userlogin'</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
<span class="kw1">return</span> <span class="kw4">true</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="re0">$wgHooks</span><span class="br0">&#91;</span><span class="st_h">'SpecialPage_initList'</span><span class="br0">&#93;</span><span class="br0">&#91;</span><span class="br0">&#93;</span><span class="sy0">=</span><span class="st_h">'LessSpecialPages'</span><span class="sy0">;</span>
&nbsp;
<span class="co1">// http://www.mediawiki.org/wiki/Extension:Windows_NTLM_LDAP_Auto_Auth</span>
<span class="co1">// remove login and logout buttons for all users</span>
<span class="kw2">function</span> StripLogin<span class="br0">&#40;</span><span class="sy0">&amp;</span><span class="re0">$personal_urls</span><span class="sy0">,</span> <span class="sy0">&amp;</span><span class="re0">$wgTitle</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
<a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$personal_urls</span><span class="br0">&#91;</span><span class="st0">&quot;login&quot;</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
<a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$personal_urls</span><span class="br0">&#91;</span><span class="st0">&quot;logout&quot;</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
<a href="http://www.php.net/unset"><span class="kw3">unset</span></a><span class="br0">&#40;</span> <span class="re0">$personal_urls</span><span class="br0">&#91;</span><span class="st_h">'anonlogin'</span><span class="br0">&#93;</span> <span class="br0">&#41;</span><span class="sy0">;</span>
<span class="kw1">return</span> <span class="kw4">true</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="re0">$wgHooks</span><span class="br0">&#91;</span><span class="st_h">'PersonalUrls'</span><span class="br0">&#93;</span><span class="br0">&#91;</span><span class="br0">&#93;</span> <span class="sy0">=</span> <span class="st_h">'StripLogin'</span><span class="sy0">;</span></pre>
<div class="notewarning">In last version of Auth_remoteuser and Mediawiki, empty passwords are not authorized, so you may need to patch the extension code if you get the error:
&quot;Unexpected REMOTE_USER authentication failure. Login Error was:EmptyPass&quot;.
</div>
<p>
If necessary, use the code below to patch the extension:
</p>
<pre class="code">sed -i &quot;s/&#039;wpPassword&#039; =&gt; &#039;&#039;/&#039;wpPassword&#039; =&gt; &#039;none&#039;/&quot; extensions/Auth_remoteuser/Auth_remoteuser.body.php</pre>
<div class="notewarning">In last version of Auth_remoteuser and Mediawiki, auto-provisioning requires REMOTE_USER to match the normalized mediawiki username (for example: john_doe -&gt; john doe), so you may need to patch the extension code if you get the error:
&quot;Unexpected REMOTE_USER authentication failure. Login Error was:WrongPluginPass&quot;
</div>
<p>
You can use the code below for normalizing logins containing &quot;_&quot; in the extension:
</p>
<pre class="code">sed -i &#039;/$usertest = $this-&gt;getRemoteUsername();/a\ $usertest = str_replace( &quot;_&quot;,&quot; &quot;, $usertest );&#039; extensions/Auth_remoteuser/Auth_remoteuser.body.php</pre>
</div>
<!-- EDIT5 SECTION "MediWiki local configuration" [1017-3670] -->
<h3 class="sectionedit6" id="mediawiki_virtual_host">MediaWiki virtual host</h3>
<div class="level3">
<p>
Configure MediaWiki virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<div class="noteimportant">If you are protecting MediaWiki with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../header_remote_user_conversion.html" class="wikilink1" title="documentation:2.0:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div><ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> mediawiki.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name mediawiki.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT6 SECTION "MediaWiki virtual host" [3671-5110] -->
<h3 class="sectionedit7" id="mediawiki_virtual_host_in_manager">MediaWiki virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for MediaWiki.
</p>
<p>
Just configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>. You can also add a rule for logout:
</p>
<pre class="code">Userlogout =&gt; logout_sso</pre>
<p>
You can create these two headers to fill user name and mail (see extension configuration):
</p>
<pre class="code">Auth-Cn =&gt; $cn
Auth-Mail =&gt; $mail</pre>
<p>
If using <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, configure also the <code>Auth-User</code> <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">header</a>,
</p>
</div>
<!-- EDIT7 SECTION "MediaWiki virtual host in Manager" [5111-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/mediawiki_logo.png_documentation_2.0_applications_mediawiki.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:mediawiki_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="mediawiki.html"/>
<link rel="contents" href="mediawiki.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:mediawiki_logo.png </h1>
<div class="content">
<a href="mediawiki_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="80" height="80" class="img_detail" alt="mediawiki_logo.png" title="mediawiki_logo.png" src="mediawiki_logo.1e04dd2f14d5abb0fedfeeff2a2e79f7.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> mediawiki_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>mediawiki_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>12KB</dd><dt>Width:</dt><dd>80</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="mediawiki.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:mediawiki [B]">Back to documentation:2.0:applications:mediawiki</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

103
doc/pages/documentation/current/applications/my_domain_salesforce-resize-web.png_documentation_2.0_applications_salesforce.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:my_domain_salesforce-resize-web.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>
<link rel="contents" href="salesforce.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:my_domain_salesforce-resize-web.png </h1>
<div class="content">
<a href="my_domain_salesforce-resize-web.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="800" height="413" class="img_detail" alt="my_domain_salesforce-resize-web.png" title="my_domain_salesforce-resize-web.png" src="my_domain_salesforce-resize-web.6d9d167b858214e467e92cfb5e26c5d7.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> my_domain_salesforce-resize-web.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>my_domain_salesforce-resize-web.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>88KB</dd><dt>Width:</dt><dd>800</dd><dt>Height:</dt><dd>413</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="salesforce.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:salesforce [B]">Back to documentation:2.0:applications:salesforce</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

225
doc/pages/documentation/current/applications/nextcloud.html
View File

@ -1,225 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:nextcloud</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,nextcloud"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="nextcloud.html"/>
<link rel="contents" href="nextcloud.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:nextcloud","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#pre-requisites">Pre-requisites</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#nextcloud1">NextCloud</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL:NG</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#nextcloud_saml_20_configuration">NextCloud, SAML 2.0 configuration</a></div></li>
<li class="level1"><div class="li"><a href="#llng_saml_20_service_provider_configuration">LL:NG, SAML 2.0 Service Provider configuration</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="nextcloud">NextCloud</h1>
<div class="level1">
<p>
<img src="nextcloud-logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "NextCloud" [1-73] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://nextcloud.com/" class="urlextern" title="https://nextcloud.com/" rel="nofollow">NextCloud</a> is a fork of Owncloud, suite of client-server software for creating file hosting services and using them.
</p>
<p>
This documentation explains how to interconnect LemonLDAP::NG and NextCloud using <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0 protocol.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [74-345] -->
<h2 class="sectionedit3" id="pre-requisites">Pre-requisites</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Pre-requisites" [346-373] -->
<h3 class="sectionedit4" id="nextcloud1">NextCloud</h3>
<div class="level3">
<p>
You need to <a href="https://docs.nextcloud.com/server/10/admin_manual/installation/index.html" class="urlextern" title="https://docs.nextcloud.com/server/10/admin_manual/installation/index.html" rel="nofollow">install the software</a>.
</p>
<div class="notetip">If your NextCloud is behind a proxy (thus having a private <abbr title="Internet Protocol">IP</abbr>), metadata generated by NextCloud won&#039;t work.
<p>
Consider changing the configuration of NextCloud to force the domain, in <strong>$nextcloudrootwww/config/config.php</strong>, add the following:
</p>
<pre class="code php"><span class="st_h">'overwritehost'</span> <span class="sy0">=&gt;</span> <span class="st_h">'nextcloud.example.com'</span><span class="sy0">,</span></pre>
</div>
<p>
You also need to enable the &quot;<abbr title="Security Assertion Markup Language">SAML</abbr> authentication&quot; plugin in your NextCloud.
</p>
<pre class="code"> + Apps -&gt; Not enabled -&gt; SAML authentication</pre>
</div>
<!-- EDIT4 SECTION "NextCloud" [374-966] -->
<h3 class="sectionedit5" id="llng">LL:NG</h3>
<div class="level3">
<p>
You need to enable <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0 issuer module in LL:NG:
</p>
<pre class="code">&quot;General Parameters -&gt; Issuer modules -&gt; SAML -&gt; Activation&quot;</pre>
<p>
<img src="nextcloud_saml_activation.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT5 SECTION "LL:NG" [967-1168] -->
<h2 class="sectionedit6" id="nextcloud_saml_20_configuration">NextCloud, SAML 2.0 configuration</h2>
<div class="level2">
<p>
Configuration of <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0 in NextCloud is pretty straightforward.
</p>
<pre class="code">Administration -&gt; SAML authentication</pre>
<p>
You will find the following fields:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Attribute to map the UID to</strong>: Identity attribute provided by your LL:NG that will be used as UID in NextCloud.</div>
</li>
<li class="level1"><div class="li"> <strong>Identity Provider Data</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Identifier of the IdP entity</strong>: <abbr title="Security Assertion Markup Language">SAML</abbr> Metadata <abbr title="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<li class="level2"><div class="li"> <strong><abbr title="Uniform Resource Locator">URL</abbr> Target of the IdP where the SP will send the Authentication Request Message</strong>: SingleSignOn <abbr title="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<li class="level2"><div class="li"> <strong><abbr title="Uniform Resource Locator">URL</abbr> Location of the IdP where the SP will send the SLO Request</strong>: SingleLogOut <abbr title="Uniform Resource Locator">URL</abbr> of your LL:NG</div>
</li>
<li class="level2"><div class="li"> <strong>Public X.509 certificate of the IdP</strong>: Certificate of your LL:NG (see below for instructions)</div>
</li>
</ul>
</li>
</ul>
<p>
We need a few steps to generate our LL:NG certificate (unless you already have one).
You first need to create a pair of SSH Keys in LL:NG:
</p>
<pre class="code">SAML 2 Service -&gt; Security Parameters -&gt; Signature</pre>
<p>
and click &quot;New keys&quot;
<img src="nextcloud_certificate_keys.png" class="mediacenter" alt="" />
</p>
<p>
Take the private key in a private.key file, and run the following:
</p>
<pre class="code">openssl req -new -key private.key -out cert.csr
openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</pre>
<p>
Copy/Paste the content of your new cert.pem in the &quot;Public X.509 certificate of the IdP&quot; field of your NextCloud.
</p>
<p>
Your fields should look like this:
<img src="nextcloud_saml_configuration.png" class="mediacenter" alt="" />
</p>
<p>
You can now download your metadata xml file.
</p>
</div>
<!-- EDIT6 SECTION "NextCloud, SAML 2.0 configuration" [1169-2671] -->
<h2 class="sectionedit7" id="llng_saml_20_service_provider_configuration">LL:NG, SAML 2.0 Service Provider configuration</h2>
<div class="level2">
<p>
We now have to define a service provider (e.g our nextcloud) in LL:NG.
</p>
<p>
Go to &quot;<abbr title="Security Assertion Markup Language">SAML</abbr> service providers&quot;, click on &quot;Add <abbr title="Security Assertion Markup Language">SAML</abbr> SP&quot; and name it as you want (example : &#039;NextCloud&#039;)
</p>
<p>
In the new subtree &#039;NextCloud&#039;, open &#039;Metadata&#039; and paste the content of your previously downloaded file (or upload the file)
</p>
<p>
<img src="nextcloud_service_metadata.png" class="mediacenter" alt="" />
</p>
<p>
Now go in &quot;Exported attributes&quot; and add, at least, the &#039;uid&#039;
</p>
<p>
<img src="nextcloud_service_exportedattributes.png" class="mediacenter" alt="" />
</p>
<p>
Don&#039;t forget to save your configuration.
</p>
<p>
You are now good to go, and you can add the application in <a href="../portalmenu.html" class="wikilink1" title="documentation:2.0:portalmenu">your menu</a> and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">your virtual hosts</a>.
</p>
</div>
<!-- EDIT7 SECTION "LL:NG, SAML 2.0 Service Provider configuration" [2672-] --></div>
</body>
</html>

63
doc/pages/documentation/current/applications/nginx.html
View File

@ -1,63 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:nginx</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,nginx"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="nginx.html"/>
<link rel="contents" href="nginx.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:nginx","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="nginx">Nginx</h1>
<div class="level1">
<div class="noteimportant">Nginx is fully supported by LemonLDAP::NG since version 1.9.
</div>
</div>
<!-- EDIT1 SECTION "Nginx" [1-106] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Nginx is a very fast web server. It can be used to host the portal or the manager through its FastCGI support and can be used to protect applications using the auth_request module (dialing with a FastCGI authorization server). See <a href="../documentation/1.9/start.html#installation" class="wikilink1" title="documentation:1.9:start">installation pages</a> to know how install and use it.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [107-] --></div>
</body>
</html>

403
doc/pages/documentation/current/applications/obm.html
View File

@ -1,403 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:obm</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,obm"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="obm.html"/>
<link rel="contents" href="obm.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:obm","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#obm1">OBM</a></div></li>
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#attributes_and_macros">Attributes and macros</a></div></li>
<li class="level3"><div class="li"><a href="#virtual_host">Virtual host</a></div></li>
<li class="level3"><div class="li"><a href="#other">Other</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="obm">OBM</h1>
<div class="level1">
<p>
<a href="obm_logo.png_documentation_2.0_applications_obm.html" class="media" title="applications:obm_logo.png"><img src="obm_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "OBM" [1-54] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://obm.org" class="urlextern" title="http://obm.org" rel="nofollow">OBM</a> is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, LDAP, Windows Domain, smartphone and PDA synchronization…
</p>
<p>
OBM is shipped with a <abbr title="LemonLDAP::NG">LL::NG</abbr> plugin with these features:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="Single Sign On">SSO</abbr> on OBM web interface</div>
</li>
<li class="level1"><div class="li"> Logout</div>
</li>
<li class="level1"><div class="li"> User provisioning (account auto creation at first connection)</div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [55-488] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [489-515] -->
<h3 class="sectionedit4" id="obm1">OBM</h3>
<div class="level3">
<p>
To enable <abbr title="LemonLDAP::NG">LL::NG</abbr> authentication plugin, go in <code>/etc/obm/obm_conf.inc</code>:
</p>
<pre class="code file php"><span class="re0">$auth_kind</span> <span class="sy0">=</span> <span class="st_h">'LemonLDAP'</span><span class="sy0">;</span>
&nbsp;
<span class="re0">$lemonldap_config</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">&#40;</span>
<span class="st0">&quot;auto_update&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="st0">&quot;auto_update_force_user&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="st0">&quot;auto_update_force_group&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">false</span><span class="sy0">,</span>
<span class="st0">&quot;url_logout&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;https://OBMURL/logout&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;server_ip_address&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;localhost&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;server_ip_check&quot;</span> <span class="sy0">=&gt;</span> <span class="kw4">false</span><span class="sy0">,</span>
<span class="st0">&quot;debug_level&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;NONE&quot;</span><span class="sy0">,</span>
<span class="co1">// &quot;debug_header_name&quot; =&gt; &quot;HTTP_OBM_UID&quot;,</span>
<span class="co1">// &quot;group_header_name&quot; =&gt; &quot;HTTP_OBM_GROUPS&quot;,</span>
<span class="st0">&quot;headers_map&quot;</span> <span class="sy0">=&gt;</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">&#40;</span>
<span class="co1">//&quot;userobm_gid&quot; =&gt; &quot;HTTP_OBM_GID&quot;,</span>
<span class="co1">//&quot;userobm_domain_id&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_login&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_UID&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_password&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_USERPASSWORD&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_password_type&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_perms&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_PERMS&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_kind&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_lastname&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_SN&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_firstname&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_GIVENNAME&quot;</span><span class="sy0">,</span>
<span class="co1">// &quot;userobm_title&quot; =&gt; &quot;HTTP_OBM_TITLE&quot;,</span>
<span class="st0">&quot;userobm_email&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_MAIL&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_datebegin&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_DATEBEGIN&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_account_dateexp&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_delegation_target&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_delegation&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_description&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_DESCRIPTION&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_archive&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_hidden&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_status&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_local&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_photo_id&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_phone&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_TELEPHONENUMBER&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobom_phone2&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mobile&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_fax&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_FACSIMILETELEPHONENUMBER&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_fax2&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_company&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_O&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_direction&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_service&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_OU&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_address1&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALADDRESS&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_address2&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_address3&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_zipcode&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALCODE&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_town&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_L&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_zipcode&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_POSTALCODE&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userobm_town&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_L&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_expresspostal&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_host_id&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_web_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_web_list&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_web_all&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mail_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mail_ext_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mail_server_id&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_mail_server_hostname&quot; =&gt; ,</span>
<span class="st0">&quot;userobm_mail_quota&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_MAILQUOTA&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_nomade_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_nomade_enable&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_nomade_local_copy&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_email_nomade&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_vacation_enable&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_vacation_datebegin&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_vacation_dateend&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_vacation_message&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_samba_perms&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_samba_home&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_samba_home_drive&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_samba_logon_script&quot; =&gt; ,</span>
<span class="co1">// ---- Unused values ? ----</span>
<span class="st0">&quot;userobm_ext_id&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;HTTP_OBM_SERIALNUMBER&quot;</span><span class="sy0">,</span>
<span class="co1">//&quot;userobm_system&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_nomade_datebegin&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_nomade_dateend&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_location&quot; =&gt; ,</span>
<span class="co1">//&quot;userobm_education&quot; =&gt; ,</span>
<span class="br0">&#41;</span><span class="sy0">,</span>
<span class="br0">&#41;</span><span class="sy0">;</span></pre>
<p>
Parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>url_logout</strong>: <abbr title="Uniform Resource Locator">URL</abbr> used by OBM to logout, will be caught by <abbr title="LemonLDAP::NG">LL::NG</abbr></div>
</li>
<li class="level1"><div class="li"> <strong>headers_map</strong>: map OBM internal field to <abbr title="LemonLDAP::NG">LL::NG</abbr> header</div>
</li>
</ul>
<p>
Edit also OBM configuration to enable <abbr title="LemonLDAP::NG">LL::NG</abbr> Handler:
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> obm.example.com
&nbsp;
<span class="co1"># SSO protection</span>
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
<span class="kw1">DocumentRoot</span> /usr/share/obm/php
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name obm.example.com;
root /usr/share/obm/php;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location ~ \.php$ {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT4 SECTION "OBM" [516-7008] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
</div>
<h4 id="attributes_and_macros">Attributes and macros</h4>
<div class="level4">
<p>
You will need to collect all attributes needed to create a user in OBM, this includes:
</p>
<ul>
<li class="level1"><div class="li"> First name</div>
</li>
<li class="level1"><div class="li"> Last name</div>
</li>
<li class="level1"><div class="li"> Login</div>
</li>
<li class="level1"><div class="li"> Mail</div>
</li>
<li class="level1"><div class="li"> ...</div>
</li>
</ul>
<p>
To add these attributes, go in Manager, <code>Variables</code> » <code>Exported Variables</code>.
</p>
<div class="noteimportant">If you plan to forward user&#039;s password to OBM, then you have to <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">keep the password in session</a>.
</div>
<p>
You may also create these macros to manage OBM administrator account (<code>Variables</code> » <code>Macros</code>):
</p>
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0">field </th><th class="col1">value </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> uidR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? &quot;admin0\@global.virt&quot; : $uid </td>
</tr>
<tr class="row2 roweven">
<td class="col0 leftalign"> mailR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? &quot;&quot; : ($mail =~ /^([^@]+)/)[0] . &quot;\@example.com&quot; </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [7522-7701] -->
</div>
<h4 id="virtual_host">Virtual host</h4>
<div class="level4">
<p>
Create OBM virtual host (for example obm.example.com) in <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration: <code>Virtual Hosts</code> » <code>New virtual host</code>.
</p>
<p>
Then edit rules and headers.
</p>
</div>
<h5 id="rules">Rules</h5>
<div class="level5">
<p>
Define at least:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Default rule</strong>: who can access to the application</div>
</li>
<li class="level1"><div class="li"> <strong>Logout rule</strong>: catch OBM logout</div>
</li>
<li class="level1"><div class="li"> <strong>Exceptions</strong>: allow anonymous access for specific URLs (connectors, etc.)</div>
</li>
</ul>
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0">field </th><th class="col1">value </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0">^/logout</td><td class="col1">logout_sso</td>
</tr>
<tr class="row2 roweven">
<td class="col0">^/obm-sync</td><td class="col1">unprotect</td>
</tr>
<tr class="row3 rowodd">
<td class="col0">^/minig</td><td class="col1">unprotect</td>
</tr>
<tr class="row4 roweven">
<td class="col0">^/Microsoft-Server-ActiveSync</td><td class="col1">unprotect</td>
</tr>
<tr class="row5 rowodd">
<td class="col0">^/caldav</td><td class="col1">unprotect</td>
</tr>
<tr class="row6 roweven">
<td class="col0">default</td><td class="col1">accept (or whatever you want)</td>
</tr>
</table></div>
<!-- EDIT7 TABLE [8083-8306] -->
</div>
<h5 id="headers">Headers</h5>
<div class="level5">
<p>
Define headers used in OBM mapping, for example:
</p>
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0">field </th><th class="col1">valeur </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0">OBM_GIVENNAME</td><td class="col1">$givenName</td>
</tr>
<tr class="row2 roweven">
<td class="col0">OBM_GROUPS</td><td class="col1">$groups</td>
</tr>
<tr class="row3 rowodd">
<td class="col0">OBM_UID</td><td class="col1">$uidR</td>
</tr>
<tr class="row4 roweven">
<td class="col0">OBM_MAIL</td><td class="col1">$mailR</td>
</tr>
<tr class="row5 rowodd">
<td class="col0">OBM_USERPASSWORD</td><td class="col1">$_password</td>
</tr>
</table></div>
<!-- EDIT8 TABLE [8372-8500] -->
</div>
<h4 id="other">Other</h4>
<div class="level4">
<p>
Do not forget to add OBM in <a href="../portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:2.0:portalmenu">applications menu</a>.
</p>
</div>
<!-- EDIT5 SECTION "LL::NG" [7009-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/obm_logo.png_documentation_2.0_applications_obm.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:obm_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="obm.html"/>
<link rel="contents" href="obm.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:obm_logo.png </h1>
<div class="content">
<a href="obm_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="145" height="80" class="img_detail" alt="obm_logo.png" title="obm_logo.png" src="obm_logo.a692fa6793fe87c4f20291b6b961fd8e.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> obm_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>obm_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>13KB</dd><dt>Width:</dt><dd>145</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="obm.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:obm [B]">Back to documentation:2.0:applications:obm</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

165
doc/pages/documentation/current/applications/office365.html
View File

@ -1,165 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:office365</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,office365"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="office365.html"/>
<link rel="contents" href="office365.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:office365","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#office_3651">Office 365</a></div></li>
<li class="level2"><div class="li"><a href="#lemonldapng">LemonLDAP::NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="office_365">Office 365</h1>
<div class="level1">
<p>
<img src="logo_office_365.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Office 365" [1-74] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://en.wikipedia.org/wiki/Office_365" class="urlextern" title="https://en.wikipedia.org/wiki/Office_365" rel="nofollow">Office 365</a> provides online access to Microsoft products like Office, Outlook or Yammer. Authentication is done on <a href="https://login.microsoftonline.com/" class="urlextern" title="https://login.microsoftonline.com/" rel="nofollow">https://login.microsoftonline.com/</a> and can be forwarded to an <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [75-346] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [347-373] -->
<h3 class="sectionedit4" id="office_3651">Office 365</h3>
<div class="level3">
<p>
You first need to install AzureAD PowerShell to be able to run administrative commands.
</p>
<p>
Then run this script:
</p>
<pre class="code bash"><span class="re1">$dom</span> = <span class="st0">&quot;mycompany.com&quot;</span>
<span class="re1">$brand</span> = <span class="st0">&quot;My Company&quot;</span>
<span class="re1">$url</span> = <span class="st0">&quot;https://auth.example.com/saml/singleSignOn&quot;</span>
<span class="re1">$uri</span> = <span class="st0">&quot;https://auth.example.com/saml/metadata&quot;</span>
<span class="re1">$logouturl</span> = <span class="st0">&quot;https://auth.example.com/?logout=1&quot;</span>
<span class="re1">$cert</span> = <span class="st0">&quot;xxxxxxxxxxxxxxxxxxx&quot;</span>
&nbsp;
Set-MsolDomainAuthentication DomainName <span class="re1">$dom</span> <span class="re5">-FederationBrandName</span> <span class="re1">$brand</span> <span class="re5">-Authentication</span> Federated <span class="re5">-PassiveLogOnUri</span> <span class="re1">$url</span> <span class="re5">-SigningCertificate</span> <span class="re1">$cert</span> <span class="re5">-IssuerUri</span> <span class="re1">$uri</span> <span class="re5">-LogOffUri</span> <span class="re1">$logouturl</span> <span class="re5">-PreferredAuthenticationProtocol</span> SAMLP</pre>
<p>
Where parameters are:
</p>
<ul>
<li class="level1"><div class="li"> dom: Your Office 365 domain</div>
</li>
<li class="level1"><div class="li"> brand: Simple label</div>
</li>
<li class="level1"><div class="li"> url: The <abbr title="Security Assertion Markup Language">SAML</abbr> <abbr title="Single Sign On">SSO</abbr> endpoint</div>
</li>
<li class="level1"><div class="li"> uri: The <abbr title="Security Assertion Markup Language">SAML</abbr> metadata endpoint</div>
</li>
<li class="level1"><div class="li"> logouturl: Logout <abbr title="Uniform Resource Locator">URL</abbr></div>
</li>
<li class="level1"><div class="li"> cert: The <abbr title="Security Assertion Markup Language">SAML</abbr> certificate containing the signature public key</div>
</li>
</ul>
<p>
If you have several Office365 domains, you can&#039;t use the same URLs for each domains. To be able to have a single <abbr title="Security Assertion Markup Language">SAML</abbr> IDP for several domains, you must add the &#039;domain&#039; GET parameters at the end of <abbr title="Single Sign On">SSO</abbr> endpoint and metadata URLs, for example:
</p>
<ul>
<li class="level1"><div class="li"> domain &#039;mycompany.com&#039;:</div>
<ul>
<li class="level2"><div class="li"> url: <a href="https://auth.example.com/saml/singleSignOn?domain=mycompany" class="urlextern" title="https://auth.example.com/saml/singleSignOn?domain=mycompany" rel="nofollow">https://auth.example.com/saml/singleSignOn?domain=mycompany</a></div>
</li>
<li class="level2"><div class="li"> uri: <a href="https://auth.example.com/saml/metadata?domain=mycompany" class="urlextern" title="https://auth.example.com/saml/metadata?domain=mycompany" rel="nofollow">https://auth.example.com/saml/metadata?domain=mycompany</a></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> domain &#039;myfirm.com&#039;:</div>
<ul>
<li class="level2"><div class="li"> url: <a href="https://auth.example.com/saml/singleSignOn?domain=myfirm" class="urlextern" title="https://auth.example.com/saml/singleSignOn?domain=myfirm" rel="nofollow">https://auth.example.com/saml/singleSignOn?domain=myfirm</a></div>
</li>
<li class="level2"><div class="li"> uri: <a href="https://auth.example.com/saml/metadata?domain=myfirm" class="urlextern" title="https://auth.example.com/saml/metadata?domain=myfirm" rel="nofollow">https://auth.example.com/saml/metadata?domain=myfirm</a></div>
</li>
</ul>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Office 365" [374-1788] -->
<h3 class="sectionedit5" id="lemonldapng">LemonLDAP::NG</h3>
<div class="level3">
<p>
Create a new <abbr title="Security Assertion Markup Language">SAML</abbr> Service Provider and import Microsoft metadata from <a href="https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml" class="urlextern" title="https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml" rel="nofollow">https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml</a>
</p>
<p>
Set the NameID value to persistent, or any immutable value for the user.
</p>
<p>
Create a <abbr title="Security Assertion Markup Language">SAML</abbr> attribute named IDPEmail which contains the user principal name (UPN).
</p>
</div>
<!-- EDIT5 SECTION "LemonLDAP::NG" [1789-] --></div>
</body>
</html>

181
doc/pages/documentation/current/applications/phpldapadmin.html
View File

@ -1,181 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:phpldapadmin</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,phpldapadmin"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="phpldapadmin.html"/>
<link rel="contents" href="phpldapadmin.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:phpldapadmin","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#phpldapadmin_local_configuration">phpLDAPadmin local configuration</a></div></li>
<li class="level2"><div class="li"><a href="#phpldapadmin_virtual_host">phpLDAPadmin virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#phpldapadmin_virtual_host_in_manager">phpLDAPadmin virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="phpldapadmin">phpLDAPadmin</h1>
<div class="level1">
<p>
<a href="phpldapadmin_logo.png_documentation_2.0_applications_phpldapadmin.html" class="media" title="applications:phpldapadmin_logo.png"><img src="phpldapadmin_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "phpLDAPadmin" [1-72] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://phpldapadmin.sourceforge.net" class="urlextern" title="http://phpldapadmin.sourceforge.net" rel="nofollow">phpLDAPadmin</a> is an LDAP administration tool written in PHP.
</p>
<p>
phpLDAPadmin will connect to the directory with a static <abbr title="Distinguished Name">DN</abbr> and password, and so will not request authentication anymore. The access to phpLDAPadmin will be protected by LemonLDAP::NG with specific access rules.
</p>
<div class="notewarning">phpLDAPadmin will have no idea of the user connected to the WebSSO. So a simple user can have admin rights on the LDAP directory if your access rules are too lazy.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [73-598] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [599-625] -->
<h3 class="sectionedit4" id="phpldapadmin_local_configuration">phpLDAPadmin local configuration</h3>
<div class="level3">
<p>
Just set the authentication type to <code>config</code> and indicate <abbr title="Distinguished Name">DN</abbr> and password inside the file <code>config.php</code>:
</p>
<pre class="code file php"><span class="re0">$ldapservers</span><span class="sy0">-&gt;</span><span class="me1">SetValue</span><span class="br0">&#40;</span><span class="re0">$i</span><span class="sy0">,</span><span class="st_h">'server'</span><span class="sy0">,</span><span class="st_h">'auth_type'</span><span class="sy0">,</span><span class="st_h">'config'</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="re0">$ldapservers</span><span class="sy0">-&gt;</span><span class="me1">SetValue</span><span class="br0">&#40;</span><span class="re0">$i</span><span class="sy0">,</span><span class="st_h">'login'</span><span class="sy0">,</span><span class="st_h">'dn'</span><span class="sy0">,</span><span class="st_h">'cn=Manager,dc=example,dc=com'</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="re0">$ldapservers</span><span class="sy0">-&gt;</span><span class="me1">SetValue</span><span class="br0">&#40;</span><span class="re0">$i</span><span class="sy0">,</span><span class="st_h">'login'</span><span class="sy0">,</span><span class="st_h">'pass'</span><span class="sy0">,</span><span class="st_h">'secret'</span><span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT4 SECTION "phpLDAPadmin local configuration" [626-980] -->
<h3 class="sectionedit5" id="phpldapadmin_virtual_host">phpLDAPadmin virtual host</h3>
<div class="level3">
<p>
Configure phpLDAPadmin virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> phpldapadmin.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name phpldapadmin.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "phpLDAPadmin virtual host" [981-2256] -->
<h3 class="sectionedit6" id="phpldapadmin_virtual_host_in_manager">phpLDAPadmin virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for phpLDAPadmin.
</p>
<p>
Just configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>.
</p>
<p>
No <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">headers</a> are required.
</p>
</div>
<!-- EDIT6 SECTION "phpLDAPadmin virtual host in Manager" [2257-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/phpldapadmin_logo.png_documentation_2.0_applications_phpldapadmin.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:phpldapadmin_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="phpldapadmin.html"/>
<link rel="contents" href="phpldapadmin.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:phpldapadmin_logo.png </h1>
<div class="content">
<a href="phpldapadmin_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="136" height="80" class="img_detail" alt="phpldapadmin_logo.png" title="phpldapadmin_logo.png" src="phpldapadmin_logo.898ec3d9e834a0ad659f5ebbf0e0eaf2.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> phpldapadmin_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>phpldapadmin_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>12KB</dd><dt>Width:</dt><dd>136</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="phpldapadmin.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:phpldapadmin [B]">Back to documentation:2.0:applications:phpldapadmin</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

118
doc/pages/documentation/current/applications/roundcube.html
View File

@ -1,118 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:roundcube</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,roundcube"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="roundcube.html"/>
<link rel="contents" href="roundcube.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:roundcube","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#lemonldapng">LemonLDAP::NG</a></div></li>
<li class="level2"><div class="li"><a href="#roundcube1">RoundCube</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="roundcube">RoundCube</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "RoundCube" [1-25] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.roundcube.net" class="urlextern" title="http://www.roundcube.net" rel="nofollow">RoundCube</a> webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [26-346] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [347-373] -->
<h3 class="sectionedit4" id="lemonldapng">LemonLDAP::NG</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> Add a new virtual host webmail.domain.tld</div>
</li>
<li class="level1"><div class="li"> Add a new rule:</div>
</li>
</ul>
<pre class="code">&quot;^/\?_task\=logout&quot; -&gt; &quot;logout_app https://auth.domain.tld&quot;</pre>
<ul>
<li class="level1"><div class="li"> in HTTP headers, you need Auth-User ($mail) and Auth-Pw ($_password).</div>
</li>
</ul>
<div class="noteclassic">To be able to forward password to RoundCube, see <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">how to store password in session</a>
</div><ul>
<li class="level1"><div class="li"> Configure <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">Apache or Nginx virtual host</a></div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "LemonLDAP::NG" [374-790] -->
<h3 class="sectionedit5" id="roundcube1">RoundCube</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> install http_authentication plugin</div>
</li>
<li class="level1"><div class="li"> Patch it to replace <code>PHP_AUTH_*</code> by <code>HTTP_AUTH_*</code></div>
</li>
<li class="level1"><div class="li"> enable http_authentication plugin in main.inc.php :</div>
</li>
</ul>
<pre class="code file php"><span class="re0">$rcmail_config</span><span class="br0">&#91;</span><span class="st_h">'plugins'</span><span class="br0">&#93;</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a><span class="br0">&#40;</span><span class="st_h">'http_authentication'</span><span class="br0">&#41;</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT5 SECTION "RoundCube" [791-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/salesforce-logo.jpg_documentation_2.0_applications_salesforce.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:salesforce-logo.jpg [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>
<link rel="contents" href="salesforce.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:salesforce-logo.jpg </h1>
<div class="content">
<a href="salesforce-logo.0fea6a13c52b4d4725368f24b045ca84.jpeg" title="View original file"><img width="150" height="95" class="img_detail" alt="salesforce-logo.jpg" title="salesforce-logo.jpg" src="salesforce-logo.2217574689cb70fa0fedc777d452e6ff.jpeg"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> salesforce-logo.jpg</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2014/12/22 18:05</dd><dt>Filename:</dt><dd>salesforce-logo.jpg</dd><dt>Format:</dt><dd>JPEG</dd><dt>Size:</dt><dd>15KB</dd><dt>Width:</dt><dd>150</dd><dt>Height:</dt><dd>95</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="salesforce.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:salesforce [B]">Back to documentation:2.0:applications:salesforce</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

218
doc/pages/documentation/current/applications/salesforce.html
View File

@ -1,218 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:salesforce</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,salesforce"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>
<link rel="contents" href="salesforce.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:salesforce","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#create_salesforce_domain">Create Salesforce domain</a></div></li>
<li class="level2"><div class="li"><a href="#saml_settings">SAML settings</a></div></li>
<li class="level2"><div class="li"><a href="#configure_federation_id">Configure Federation ID</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="salesforce">SalesForce</h1>
<div class="level1">
<p>
<a href="salesforce-logo.jpg_documentation_2.0_applications_salesforce.html" class="media" title="applications:salesforce-logo.jpg"><img src="salesforce-logo.jpeg" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "SalesForce" [1-68] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Salesforce Inc. is a cloud computing company. It is best known for their CRM products and social networking applications.
</p>
<p>
It allows one to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It can deal with both SP and IdP initiated modes.
</p>
<p>
This page presents the SP initiated mode.
</p>
<p>
To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configured as <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a></div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [69-456] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
You should have configured <abbr title="LemonLDAP::NG">LL::NG</abbr> as a <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a>.
</p>
</div>
<!-- EDIT3 SECTION "Configuration" [457-562] -->
<h3 class="sectionedit4" id="create_salesforce_domain">Create Salesforce domain</h3>
<div class="level3">
<p>
<a href="my_domain_salesforce-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:my_domain_salesforce-resize-web.png"><img src="my_domain_salesforce-resize-web.png" class="mediacenter" alt="" /></a>
</p>
<p>
For using SP-initiated mode, you must create your salesforce domain. Creation can take up to 1 hour. (if it is superior to 1h, then there is a problem. Problems are generally resolved in up to 72 hours)
</p>
<p>
Then you must <strong>deploy</strong> this domain in order to go on with the configuration.
</p>
<p>
Finally, just ensure that at least:
</p>
<ul>
<li class="level1"><div class="li"> Login policy</div>
</li>
<li class="level1"><div class="li"> Redirect policy</div>
</li>
<li class="level1"><div class="li"> domain name</div>
</li>
<li class="level1"><div class="li"> authentication service</div>
</li>
</ul>
<p>
match with the correct values. (adapt the domain if necessary)
</p>
<div class="noteimportant">For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once <abbr title="Security Assertion Markup Language">SAML</abbr> cinematics are working, you can then put your domain, and delete the login form, and you&#039;ll have an automatic redirection to your Identity Provider (no need for the user to click). Note that you can always access Salesforce by the general login page: <a href="https://login.salesforce.com" class="urlextern" title="https://login.salesforce.com" rel="nofollow">https://login.salesforce.com</a>
</div>
</div>
<!-- EDIT4 SECTION "Create Salesforce domain" [563-1554] -->
<h3 class="sectionedit5" id="saml_settings">SAML settings</h3>
<div class="level3">
<p>
Salesforce is not able to read metadata, you must fill the information into a form.
</p>
<p>
<a href="saml_sso_settings-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:saml_sso_settings-resize-web.png"><img src="saml_sso_settings-resize-web.png" class="mediacenter" alt="" /></a>
</p>
<p>
Go to the <abbr title="Security Assertion Markup Language">SAML</abbr> Single Sign On settings, and fill these information:
</p>
<ul>
<li class="level1"><div class="li"> Name: should be filled automatically with your organization or domain</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Version: check that version 2.0 is used</div>
</li>
<li class="level1"><div class="li"> Issuer: this is the LemonLDAP::NG (our IdP) Entity Id, which is by default #PORTAL#/saml/metadata</div>
</li>
<li class="level1"><div class="li"> Identity Provider Certificate: whereas it is mentioned that this is the authentication certificate, you must give your LemonLDAP::NG (IdP) signing certificate. If you don&#039;t have one, create it with the signing key pair already generated (you could do this with openssl). SSL authentication (https) does not seem to be checked anyway.</div>
</li>
<li class="level1"><div class="li"> Signing Certificate: choose a certificate for SP signature. (create one if none is present)</div>
</li>
<li class="level1"><div class="li"> Assertion decryption Certificate: choose a certificate only if you want to cipher your assertion. (default is not to cipher)</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Type: choose Federation ID. This means that the user Name ID will be mapped to the Federation ID field. (see next section)</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Location: choose if the user Name ID is held in the subject or in some attribute</div>
</li>
<li class="level1"><div class="li"> Identity Provider Login <abbr title="Uniform Resource Locator">URL</abbr>: the user/password <abbr title="Security Assertion Markup Language">SAML</abbr> portal location on the IdP</div>
</li>
<li class="level1"><div class="li"> Identity Provider Logout <abbr title="Uniform Resource Locator">URL</abbr>: the logout location on the IdP</div>
</li>
<li class="level1"><div class="li"> Custom Error <abbr title="Uniform Resource Locator">URL</abbr>: you can redirect the user to a special page when an error is happening</div>
</li>
<li class="level1"><div class="li"> SP Initiated Binding: chose any of the supported binding (every one listed there is currently supported on LemonLDAP::NG) HTTP POST is a good choice</div>
</li>
<li class="level1"><div class="li"> Salesforce Login <abbr title="Uniform Resource Locator">URL</abbr>: generated automatically. This is the entry point of our login cinematic.</div>
</li>
<li class="level1"><div class="li"> OAuth 2.0 Token Endpoint: not used here</div>
</li>
<li class="level1"><div class="li"> <abbr title="Application Programming Interface">API</abbr> Name: filled automatically</div>
</li>
<li class="level1"><div class="li"> User Provisioning Enabled: should create automatically the user in Salesforce (not functionnal right now)</div>
</li>
<li class="level1"><div class="li"> EntityId: Salesforce (the SP) Entity ID. Fill this field accordingly. It should be the same value as the organization domain url, displayed on the previous section</div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "SAML settings" [1555-3666] -->
<h3 class="sectionedit6" id="configure_federation_id">Configure Federation ID</h3>
<div class="level3">
<p>
Finally, configure for each user his Federation ID value. It will be the link between the <abbr title="Security Assertion Markup Language">SAML</abbr> assertion coming from LemonLDAP::NG (the IdP) and a given user in Salesforce. Here, the mail has been chosen as the user Name ID.
</p>
<p>
<a href="user_federation_id-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:user_federation_id-resize-web.png"><img src="user_federation_id-resize-web.png" class="mediacenter" alt="" /></a>
</p>
<p>
Once this is completed, click to export the Salesforce metadata and import them into LemonLDAP::NG, into the declaration of the Salesforce Service Provider.
</p>
<p>
See <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">Register partner Service Provider on LemonLDAP::NG</a> configuration chapter.
</p>
</div>
<!-- EDIT6 SECTION "Configure Federation ID" [3667-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/saml_sso_settings-resize-web.png_documentation_2.0_applications_salesforce.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:saml_sso_settings-resize-web.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>
<link rel="contents" href="salesforce.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:saml_sso_settings-resize-web.png </h1>
<div class="content">
<a href="saml_sso_settings-resize-web.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="800" height="415" class="img_detail" alt="saml_sso_settings-resize-web.png" title="saml_sso_settings-resize-web.png" src="saml_sso_settings-resize-web.0038566eafdf98a5d2ac17b75df795bf.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> saml_sso_settings-resize-web.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>saml_sso_settings-resize-web.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>106KB</dd><dt>Width:</dt><dd>800</dd><dt>Height:</dt><dd>415</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="salesforce.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:salesforce [B]">Back to documentation:2.0:applications:salesforce</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

75
doc/pages/documentation/current/applications/sap.html
View File

@ -1,75 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:sap</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,sap"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="sap.html"/>
<link rel="contents" href="sap.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:sap","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="sap">SAP</h1>
<div class="level1">
<p>
<a href="saplogo.gif_documentation_2.0_applications_sap.html" class="media" title="applications:saplogo.gif"><img src="saplogo.gif" class="mediacenter" title="SAP" alt="SAP" /></a>
</p>
</div>
<!-- EDIT1 SECTION "SAP" [1-56] -->
<h2 class="sectionedit2" id="http_header">HTTP header</h2>
<div class="level2">
<p>
Read the following documentation: <a href="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" class="urlextern" title="http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm" rel="nofollow">http://help.sap.com/saphelp_nw70/helpdata/en/d0/a3d940c2653126e10000000a1550b0/frameset.htm</a>
</p>
</div>
<!-- EDIT2 SECTION "HTTP header" [57-208] -->
<h2 class="sectionedit3" id="saml">SAML</h2>
<div class="level2">
<p>
Read the following documentation: <a href="https://help.sap.com/saphelp_nw70/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm" class="urlextern" title="https://help.sap.com/saphelp_nw70/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm" rel="nofollow">https://help.sap.com/saphelp_nw70/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm</a>
</p>
</div>
<!-- EDIT3 SECTION "SAML" [209-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/saplogo.gif_documentation_2.0_applications_sap.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:saplogo.gif [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="sap.html"/>
<link rel="contents" href="sap.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:saplogo.gif </h1>
<div class="content">
<a href="saplogo.0fea6a13c52b4d4725368f24b045ca84.gif" title="View original file"><img width="73" height="36" class="img_detail" alt="saplogo.gif" title="saplogo.gif" src="saplogo.951291dc5d49a61fed6af1b6c94c5cf5.gif"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> saplogo.gif</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>saplogo.gif</dd><dt>Format:</dt><dd>GIF</dd><dt>Size:</dt><dd>538B</dd><dt>Width:</dt><dd>73</dd><dt>Height:</dt><dd>36</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="sap.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:sap [B]">Back to documentation:2.0:applications:sap</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

103
doc/pages/documentation/current/applications/screenshot_dokuwiki_configuration.png_documentation_2.0_applications_dokuwiki.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:screenshot_dokuwiki_configuration.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="dokuwiki.html"/>
<link rel="contents" href="dokuwiki.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:screenshot_dokuwiki_configuration.png </h1>
<div class="content">
<a href="screenshot_dokuwiki_configuration.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="898" height="317" class="img_detail" alt="screenshot_dokuwiki_configuration.png" title="screenshot_dokuwiki_configuration.png" src="screenshot_dokuwiki_configuration.5c3b7e8bd8174c47fa38d992a5bf5a62.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> screenshot_dokuwiki_configuration.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2017/11/23 14:30</dd><dt>Filename:</dt><dd>screenshot_dokuwiki_configuration.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>35KB</dd><dt>Width:</dt><dd>898</dd><dt>Height:</dt><dd>317</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="dokuwiki.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:dokuwiki [B]">Back to documentation:2.0:applications:dokuwiki</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

282
doc/pages/documentation/current/applications/simplesamlphp.html
View File

@ -1,282 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:simplesamlphp</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,simplesamlphp"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="simplesamlphp.html"/>
<link rel="contents" href="simplesamlphp.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:simplesamlphp","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#pre-requisites">Pre-requisites</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#simplesamlphp1">simpleSAMLphp</a></div></li>
<li class="level2"><div class="li"><a href="#lemonldapng">LemonLDAP::NG</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#simplesamlphp_as_service_provider">simpleSAMLphp as Service Provider</a></div></li>
<li class="level1"><div class="li"><a href="#simplesamlphp_as_identity_provider">simpleSAMLphp as Identity Provider</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="simplesamlphp">simpleSAMLphp</h1>
<div class="level1">
<p>
<img src="simplesamlphp_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "simpleSAMLphp" [1-81] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://simplesamlphp.org/" class="urlextern" title="https://simplesamlphp.org/" rel="nofollow">simpleSAMLphp</a> is an identity/service provider written in PHP. It supports a lot of protocols like <abbr title="Central Authentication Service">CAS</abbr>, OpenID and <abbr title="Security Assertion Markup Language">SAML</abbr>.
</p>
<p>
This documentation explains how to interconnect LemonLDAP::NG and simpleSAMLphp using <abbr title="Security Assertion Markup Language">SAML</abbr> 2.0 protocol.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [82-365] -->
<h2 class="sectionedit3" id="pre-requisites">Pre-requisites</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Pre-requisites" [366-393] -->
<h3 class="sectionedit4" id="simplesamlphp1">simpleSAMLphp</h3>
<div class="level3">
<p>
You need to <a href="https://simplesamlphp.org/docs/stable/simplesamlphp-install" class="urlextern" title="https://simplesamlphp.org/docs/stable/simplesamlphp-install" rel="nofollow">install the software</a>. If using Debian, just do:
</p>
<pre class="code">apt-get install simplesamlphp</pre>
<p>
We suppose that configuration is done in <code>/etc/simplesamlphp</code> and that simpleSAMLphp is accessible at <a href="http://localhost/simplesamlphp" class="urlextern" title="http://localhost/simplesamlphp" rel="nofollow">http://localhost/simplesamlphp</a>.
</p>
<p>
To be able to sign <abbr title="Security Assertion Markup Language">SAML</abbr> messages, you need to create a certificate. First set where certificates are stored:
</p>
<pre class="code">vi /etc/simplesamlphp/config.php</pre>
<pre class="code file php"> <span class="st_h">'certdir'</span> <span class="sy0">=&gt;</span> <span class="st_h">'/etc/simplesamlphp/certs/'</span><span class="sy0">,</span></pre>
<p>
Create directory and generate the certificate
</p>
<pre class="code">mkdir /etc/simplesamlphp/certs/
cd /etc/simplesamlphp/certs/
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem</pre>
<p>
Then associate this certificate to the default SP:
</p>
<pre class="code">vi /etc/simplesamlphp/authsources.php</pre>
<pre class="code file php"> <span class="st_h">'default-sp'</span> <span class="sy0">=&gt;</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a><span class="br0">&#40;</span>
<span class="st_h">'saml:SP'</span><span class="sy0">,</span>
<span class="st_h">'privatekey'</span> <span class="sy0">=&gt;</span> <span class="st_h">'saml.pem'</span><span class="sy0">,</span>
<span class="st_h">'certificate'</span> <span class="sy0">=&gt;</span> <span class="st_h">'saml.crt'</span><span class="sy0">,</span></pre>
</div>
<!-- EDIT4 SECTION "simpleSAMLphp" [394-1396] -->
<h3 class="sectionedit5" id="lemonldapng">LemonLDAP::NG</h3>
<div class="level3">
<p>
You need to configure <a href="../samlservice.html" class="wikilink1" title="documentation:2.0:samlservice">SAML Service</a>. Be sure to convert public key in a certificate, as described in the <a href="../samlservice.html#security_parameters" class="wikilink1" title="documentation:2.0:samlservice">security chapter</a> as simpleSAMLphp can&#039;t use the public key.
</p>
</div>
<!-- EDIT5 SECTION "LemonLDAP::NG" [1397-1648] -->
<h2 class="sectionedit6" id="simplesamlphp_as_service_provider">simpleSAMLphp as Service Provider</h2>
<div class="level2">
<p>
We suppose you configured LemonLDAP::NG as <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a> and want to use simpleSAMLphp as Service Provider.
</p>
<p>
In <abbr title="LemonLDAP::NG">LL::NG</abbr> Manager, create an new SP and load simpleSAMLphp metadata trough <abbr title="Uniform Resource Locator">URL</abbr> (by default: <a href="http://localhost/simplesamlphp/module.php/saml/sp/metadata.php/default-sp" class="urlextern" title="http://localhost/simplesamlphp/module.php/saml/sp/metadata.php/default-sp" rel="nofollow">http://localhost/simplesamlphp/module.php/saml/sp/metadata.php/default-sp</a>):
</p>
<p>
<img src="simplesamlphp_sp_metadata.png" class="mediacenter" alt="" />
</p>
<p>
Then set some attributes that will be sent to simpleSAMLphp:
</p>
<p>
<img src="simplesamlphp_sp_attributes.png" class="mediacenter" alt="" />
</p>
<div class="notetip">Set <code>Mandatory</code> to <code>On</code> to force attributes in authentication response.
</div>
<p>
You can also force all signatures:
</p>
<p>
<img src="simplesamlphp_sp_signature.png" class="mediacenter" alt="" />
</p>
<p>
On simpleSAMLphp side, use the metadata converter (by default: <a href="http://localhost/simplesamlphp/admin/metadata-converter.php" class="urlextern" title="http://localhost/simplesamlphp/admin/metadata-converter.php" rel="nofollow">http://localhost/simplesamlphp/admin/metadata-converter.php</a>) to convert <abbr title="LemonLDAP::NG">LL::NG</abbr> metadata (by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata" rel="nofollow">http://auth.example.com/saml/metadata</a>) into internal PHP representation. Copy the <code>saml20-idp-remote</code> content:
</p>
<pre class="code">vi /etc/simplesamlphp/metadata/saml20-idp-remote.php</pre>
<pre class="code file php"><span class="kw2">&lt;?php</span>
<span class="re0">$metadata</span><span class="br0">&#91;</span><span class="st_h">'http://auth.example.com/saml/metadata'</span><span class="br0">&#93;</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a> <span class="br0">&#40;</span>
<span class="st_h">'entityid'</span> <span class="sy0">=&gt;</span> <span class="st_h">'http://auth.example.com/saml/metadata'</span><span class="sy0">,</span>
<span class="sy0">...</span>
<span class="co1">// Add this option to force SLO requests signature</span>
<span class="st_h">'sign.logout'</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="br0">&#41;</span><span class="sy0">;</span>
<span class="sy1">?&gt;</span></pre>
<div class="notetip">Don&#039;t forget PHP start and end tag to have a valid PHP file.
</div>
<p>
All is ready, you can now test the authentication (by default: <a href="http://localhost/simplesamlphp/module.php/core/authenticate.php" class="urlextern" title="http://localhost/simplesamlphp/module.php/core/authenticate.php" rel="nofollow">http://localhost/simplesamlphp/module.php/core/authenticate.php</a>). You should see something like that:
</p>
<p>
<img src="simplesamlphp_sp_authentication.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT6 SECTION "simpleSAMLphp as Service Provider" [1649-3258] -->
<h2 class="sectionedit7" id="simplesamlphp_as_identity_provider">simpleSAMLphp as Identity Provider</h2>
<div class="level2">
<p>
We suppose you configured LemonLDAP::NG as <a href="../authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML Service Provider</a> and want to use simpleSAMLphp as Identity Provider.
</p>
<p>
First, you need to activate IDP feature in simpleSAMLphp:
</p>
<pre class="code">vi /etc/simplesamlphp/config.php</pre>
<pre class="code file php"> <span class="st_h">'enable.saml20-idp'</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span></pre>
<p>
And create a default IDP configuration:
</p>
<pre class="code">vi /etc/simplesamlphp/metadata/saml20-idp-hosted.php</pre>
<pre class="code file php"><span class="kw2">&lt;?php</span>
<span class="re0">$metadata</span><span class="br0">&#91;</span><span class="st_h">'__DYNAMIC:1__'</span><span class="br0">&#93;</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a><span class="br0">&#40;</span>
<span class="coMULTI">/*
* The hostname for this IdP. This makes it possible to run multiple
* IdPs from the same configuration. '__DEFAULT__' means that this one
* should be used by default.
*/</span>
<span class="st_h">'host'</span> <span class="sy0">=&gt;</span> <span class="st_h">'__DEFAULT__'</span><span class="sy0">,</span>
&nbsp;
<span class="coMULTI">/*
* The private key and certificate to use when signing responses.
* These are stored in the cert-directory.
*/</span>
<span class="st_h">'privatekey'</span> <span class="sy0">=&gt;</span> <span class="st_h">'saml.pem'</span><span class="sy0">,</span>
<span class="st_h">'certificate'</span> <span class="sy0">=&gt;</span> <span class="st_h">'saml.crt'</span><span class="sy0">,</span>
&nbsp;
<span class="coMULTI">/*
* The authentication source which should be used to authenticate the
* user. This must match one of the entries in config/authsources.php.
*/</span>
<span class="st_h">'auth'</span> <span class="sy0">=&gt;</span> <span class="st_h">'admin'</span><span class="sy0">,</span>
<span class="co1">// Sign SLO messages</span>
<span class="st_h">'sign.logout'</span> <span class="sy0">=&gt;</span> <span class="kw4">true</span><span class="sy0">,</span>
<span class="br0">&#41;</span><span class="sy0">;</span>
<span class="sy1">?&gt;</span></pre>
<div class="noteimportant">You need to configure your own certificates and authentication scheme
</div>
<p>
Now in <abbr title="LemonLDAP::NG">LL::NG</abbr> Manager, create a new IDP and import metadata with <abbr title="Uniform Resource Locator">URL</abbr> (by default: <a href="http://localhost/simplesamlphp/saml2/idp/metadata.php" class="urlextern" title="http://localhost/simplesamlphp/saml2/idp/metadata.php" rel="nofollow">http://localhost/simplesamlphp/saml2/idp/metadata.php</a>):
</p>
<p>
<img src="simplesamlphp_idp_metadata.png" class="mediacenter" alt="" />
</p>
<p>
List attributes you want to collect:
</p>
<p>
<img src="simplesamlphp_idp_attributes.png" class="mediacenter" alt="" />
</p>
<div class="notetip">You can keep <code>Mandatory</code> to <code>Off</code> to not fail if attribute is not sent by IDP
</div>
<p>
And activate all signatures:
</p>
<p>
<img src="simplesamlphp_idp_signature.png" class="mediacenter" alt="" />
</p>
<p>
To finish, you need to declare <abbr title="LemonLDAP::NG">LL::NG</abbr> SP in simpleSAMLphp. Use the metadata converter (by default: <a href="http://localhost/simplesamlphp/admin/metadata-converter.php" class="urlextern" title="http://localhost/simplesamlphp/admin/metadata-converter.php" rel="nofollow">http://localhost/simplesamlphp/admin/metadata-converter.php</a>) to convert <abbr title="LemonLDAP::NG">LL::NG</abbr> metadata (by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata" rel="nofollow">http://auth.example.com/saml/metadata</a>) into internal PHP representation. Copy the <code>saml20-sp-remote</code> content:
</p>
<pre class="code">vi /etc/simplesamlphp/metadata/saml20-sp-remote.php</pre>
<pre class="code file php"><span class="kw2">&lt;?php</span>
<span class="re0">$metadata</span><span class="br0">&#91;</span><span class="st_h">'http://auth.example.com/saml/metadata'</span><span class="br0">&#93;</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a> <span class="br0">&#40;</span>
<span class="st_h">'entityid'</span> <span class="sy0">=&gt;</span> <span class="st_h">'http://auth.example.com/saml/metadata'</span><span class="sy0">,</span>
<span class="sy0">...</span>
<span class="br0">&#41;</span><span class="sy0">;</span>
<span class="sy1">?&gt;</span></pre>
<div class="notetip">Don&#039;t forget PHP start and end tag to have a valid PHP file.
</div>
<p>
All is ready, you can now test the authentication from <abbr title="LemonLDAP::NG">LL::NG</abbr> portal.
</p>
</div>
<!-- EDIT7 SECTION "simpleSAMLphp as Identity Provider" [3259-] --></div>
</body>
</html>

100
doc/pages/documentation/current/applications/spring.html
View File

@ -1,100 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:spring</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,spring"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="spring.html"/>
<link rel="contents" href="spring.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:spring","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="spring_security_acegi">Spring Security (ACEGI)</h1>
<div class="level1">
<p>
<a href="spring_logo.png_documentation_2.0_applications_spring.html" class="media" title="applications:spring_logo.png"><img src="spring_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Spring Security (ACEGI)" [1-77] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://static.springsource.org/spring-security/site/" class="urlextern" title="http://static.springsource.org/spring-security/site/" rel="nofollow">Spring Security</a> is the new ACEGI name. This is a well known security framework for J2EE applications.
</p>
<p>
Spring Security provides a default <code>pre-authentication</code> mechanism that can be used to connect your J2EE application to <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [78-394] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
You can find all suitable information here: <a href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html" class="urlextern" title="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html" rel="nofollow">http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html</a>
</p>
<p>
To summarize, to get the user connected trough the <code>Auth-User</code> HTTP Header, use this Sping Security configuration:
</p>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;bean</span> <span class="re0">id</span>=<span class="st0">&quot;LemonLDAPNGFilter&quot;</span> <span class="re0">class</span>=</span>
<span class="sc3"><span class="st0">&quot;org.springframework.security.web.authentication.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;security:custom-filter</span> <span class="re0">position</span>=<span class="st0">&quot;PRE_AUTH_FILTER&quot;</span> <span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;property</span> <span class="re0">name</span>=<span class="st0">&quot;principalRequestHeader&quot;</span> <span class="re0">value</span>=<span class="st0">&quot;Auth-User&quot;</span><span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;property</span> <span class="re0">name</span>=<span class="st0">&quot;authenticationManager&quot;</span> <span class="re0">ref</span>=<span class="st0">&quot;authenticationManager&quot;</span> <span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;/bean<span class="re2">&gt;</span></span></span>
&nbsp;
<span class="sc3"><span class="re1">&lt;bean</span> <span class="re0">id</span>=<span class="st0">&quot;preauthAuthProvider&quot;</span> <span class="re0">class</span>=<span class="st0">&quot;org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;security:custom-authentication-provider</span> <span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;property</span> <span class="re0">name</span>=<span class="st0">&quot;preAuthenticatedUserDetailsService&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;bean</span> <span class="re0">id</span>=<span class="st0">&quot;userDetailsServiceWrapper&quot;</span> <span class="re0">class</span>=<span class="st0">&quot;org.springframework.security.userdetails.UserDetailsByNameServiceWrapper&quot;</span><span class="re2">&gt;</span></span>
<span class="sc3"><span class="re1">&lt;property</span> <span class="re0">name</span>=<span class="st0">&quot;userDetailsService&quot;</span> <span class="re0">ref</span>=<span class="st0">&quot;userDetailsService&quot;</span><span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;/bean<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/property<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/bean<span class="re2">&gt;</span></span></span>
&nbsp;
<span class="sc3"><span class="re1">&lt;security:authentication-manager</span> <span class="re0">alias</span>=<span class="st0">&quot;authenticationManager&quot;</span> <span class="re2">/&gt;</span></span></pre>
</div>
<!-- EDIT3 SECTION "Configuration" [395-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/spring_logo.png_documentation_2.0_applications_spring.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:spring_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="spring.html"/>
<link rel="contents" href="spring.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:spring_logo.png </h1>
<div class="content">
<a href="spring_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="166" height="80" class="img_detail" alt="spring_logo.png" title="spring_logo.png" src="spring_logo.4cb135dd7669739d6cfa8ccb592d88ef.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> spring_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>spring_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>4KB</dd><dt>Width:</dt><dd>166</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="spring.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:spring [B]">Back to documentation:2.0:applications:spring</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

266
doc/pages/documentation/current/applications/symfony.html
View File

@ -1,266 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:symfony</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,symfony"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="symfony.html"/>
<link rel="contents" href="symfony.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:symfony","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#references">References</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="php_symfony">PHP (Symfony)</h1>
<div class="level1">
<p>
<a href="symfony_logo.png_documentation_2.0_applications_symfony.html" class="media" title="applications:symfony_logo.png"><img src="symfony_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "PHP (Symfony)" [1-69] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://symfony.com/" class="urlextern" title="https://symfony.com/" rel="nofollow">Symfony</a> is the well-known PHP framework. It is intended to ease the development of PHP applications.
</p>
<p>
Symfony provides many methods conventions to authenticate users (basic, ldap,...) and to load external user sources (ldap, database). The method presented here relies on the &quot;remote_user&quot; method. (in security firewall)
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [70-443] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
Follow these step to protect your application using the &quot;REMOTE_USER&quot; HTTP header.
</p>
<p>
1. Adapt the app/config/security.yml configuration file as below:
</p>
<pre class="code file json">security:
&nbsp;
encoders:
AppBundle\Security\User\HeaderUser: plaintext
&nbsp;
providers:
header:
id: AppBundle\Security\User\HeaderUserProvider
&nbsp;
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
&nbsp;
main:
pattern: ^/
remote_user:
user: HTTP_REMOTE_USER
provider: header</pre>
<ul>
<li class="level1"><div class="li"> encoders : define a password hashing scheme (useless in our case, but the parameter is mandatory)</div>
</li>
<li class="level1"><div class="li"> providers : define the user providers (even virtual)</div>
</li>
<li class="level1"><div class="li"> remote_user : define the authentication method to &quot;assume the user is already authenticated and get an http variable to know his username&quot;</div>
</li>
<li class="level1"><div class="li"> user : define the HTTP header containing the username</div>
</li>
<li class="level1"><div class="li"> provider : references the previously defined provider owning the user data (in our scenario, a virtual)</div>
</li>
</ul>
<p>
2. Define a &quot;header user&quot; class
</p>
<p>
Create the file src/AppBundle/Security/User/HeaderUser.php :
</p>
<pre class="code file php"><span class="kw2">&lt;?php</span>
&nbsp;
<span class="co1">// src/Security/User/HeaderUser.php</span>
<span class="kw2">namespace</span> AppBundle\Security\User<span class="sy0">;</span>
&nbsp;
<span class="kw2">use</span> Symfony\Component\Security\Core\User\UserInterface<span class="sy0">;</span>
<span class="kw2">use</span> Symfony\Component\Security\Core\User\EquatableInterface<span class="sy0">;</span>
&nbsp;
<span class="kw2">class</span> HeaderUser implements UserInterface<span class="sy0">,</span> EquatableInterface
<span class="br0">&#123;</span>
<span class="kw2">private</span> <span class="re0">$username</span><span class="sy0">;</span>
<span class="kw2">private</span> <span class="re0">$password</span><span class="sy0">;</span>
<span class="kw2">private</span> <span class="re0">$salt</span><span class="sy0">;</span>
<span class="kw2">private</span> <span class="re0">$roles</span><span class="sy0">;</span>
&nbsp;
<span class="kw2">public</span> <span class="kw2">function</span> __construct<span class="br0">&#40;</span><span class="re0">$username</span><span class="sy0">,</span> <span class="re0">$password</span><span class="sy0">,</span> <span class="re0">$salt</span><span class="sy0">,</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a> <span class="re0">$roles</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">username</span> <span class="sy0">=</span> <span class="re0">$username</span><span class="sy0">;</span>
<span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">password</span> <span class="sy0">=</span> <span class="re0">$password</span><span class="sy0">;</span>
<span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">salt</span> <span class="sy0">=</span> <span class="re0">$salt</span><span class="sy0">;</span>
<span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">roles</span> <span class="sy0">=</span> <span class="re0">$roles</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw2">public</span> <span class="kw2">function</span> getRoles<span class="br0">&#40;</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="kw1">return</span> <span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">roles</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw2">public</span> <span class="kw2">function</span> getPassword<span class="br0">&#40;</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="kw1">return</span> <span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">password</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw2">public</span> <span class="kw2">function</span> getSalt<span class="br0">&#40;</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="kw1">return</span> <span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">salt</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="kw2">public</span> <span class="kw2">function</span> getUsername<span class="br0">&#40;</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="kw1">return</span> <span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">username</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw2">public</span> <span class="kw2">function</span> eraseCredentials<span class="br0">&#40;</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw2">public</span> <span class="kw2">function</span> isEqualTo<span class="br0">&#40;</span>UserInterface <span class="re0">$user</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="kw1">if</span> <span class="br0">&#40;</span><span class="sy0">!</span><span class="re0">$user</span> instanceof HeaderUser<span class="br0">&#41;</span> <span class="br0">&#123;</span>
<span class="kw1">return</span> <span class="kw4">false</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw1">if</span> <span class="br0">&#40;</span><span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">username</span> <span class="sy0">!==</span> <span class="re0">$user</span><span class="sy0">-&gt;</span><span class="me1">getUsername</span><span class="br0">&#40;</span><span class="br0">&#41;</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
<span class="kw1">return</span> <span class="kw4">false</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="co1">//if ($this-&gt;password !== $user-&gt;getPassword()) {</span>
<span class="co1">// return false;</span>
<span class="co1">//}</span>
&nbsp;
<span class="kw1">return</span> <span class="kw4">true</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="br0">&#125;</span>
<span class="sy1">?&gt;</span></pre>
<p>
3. Define a &quot;header user provider&quot; class relying on the previous class
</p>
<p>
Create the file src/AppBundle/Security/User/HeaderUserProvider.php :
</p>
<pre class="code file php"><span class="kw2">&lt;?php</span>
&nbsp;
<span class="co1">// src/Security/User/HeaderUserProvider.php</span>
<span class="kw2">namespace</span> AppBundle\Security\User<span class="sy0">;</span>
&nbsp;
<span class="kw2">use</span> AppBundle\Security\User\HeaderUser<span class="sy0">;</span>
<span class="kw2">use</span> Symfony\Component\Security\Core\User\UserProviderInterface<span class="sy0">;</span>
<span class="kw2">use</span> Symfony\Component\Security\Core\User\UserInterface<span class="sy0">;</span>
<span class="kw2">use</span> Symfony\Component\Security\Core\Exception\UsernameNotFoundException<span class="sy0">;</span>
<span class="kw2">use</span> Symfony\Component\Security\Core\Exception\UnsupportedUserException<span class="sy0">;</span>
&nbsp;
<span class="kw2">class</span> HeaderUserProvider implements UserProviderInterface
<span class="br0">&#123;</span>
<span class="kw2">public</span> <span class="kw2">function</span> loadUserByUsername<span class="br0">&#40;</span><span class="re0">$username</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
&nbsp;
<span class="kw1">if</span> <span class="br0">&#40;</span><span class="re0">$username</span><span class="br0">&#41;</span> <span class="br0">&#123;</span>
&nbsp;
<span class="re0">$password</span> <span class="sy0">=</span> <span class="st0">&quot;dummy&quot;</span><span class="sy0">;</span>
<span class="re0">$salt</span> <span class="sy0">=</span> <span class="st0">&quot;&quot;</span><span class="sy0">;</span>
<span class="re0">$roles</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">array</span></a><span class="br0">&#40;</span><span class="st_h">'ROLE_USER'</span><span class="br0">&#41;</span><span class="sy0">;</span>
&nbsp;
<span class="kw1">return</span> <span class="kw2">new</span> HeaderUser<span class="br0">&#40;</span><span class="re0">$username</span><span class="sy0">,</span> <span class="re0">$password</span><span class="sy0">,</span> <span class="re0">$salt</span><span class="sy0">,</span> <span class="re0">$roles</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw1">throw</span> <span class="kw2">new</span> UsernameNotFoundException<span class="br0">&#40;</span>
<a href="http://www.php.net/sprintf"><span class="kw3">sprintf</span></a><span class="br0">&#40;</span><span class="st_h">'Username &quot;%s&quot; does not exist.'</span><span class="sy0">,</span> <span class="re0">$username</span><span class="br0">&#41;</span>
<span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw2">public</span> <span class="kw2">function</span> refreshUser<span class="br0">&#40;</span>UserInterface <span class="re0">$user</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="kw1">if</span> <span class="br0">&#40;</span><span class="sy0">!</span><span class="re0">$user</span> instanceof HeaderUser<span class="br0">&#41;</span> <span class="br0">&#123;</span>
<span class="kw1">throw</span> <span class="kw2">new</span> UnsupportedUserException<span class="br0">&#40;</span>
<a href="http://www.php.net/sprintf"><span class="kw3">sprintf</span></a><span class="br0">&#40;</span><span class="st_h">'Instances of &quot;%s&quot; are not supported.'</span><span class="sy0">,</span> <a href="http://www.php.net/get_class"><span class="kw3">get_class</span></a><span class="br0">&#40;</span><span class="re0">$user</span><span class="br0">&#41;</span><span class="br0">&#41;</span>
<span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw1">return</span> <span class="re0">$this</span><span class="sy0">-&gt;</span><span class="me1">loadUserByUsername</span><span class="br0">&#40;</span><span class="re0">$user</span><span class="sy0">-&gt;</span><span class="me1">getUsername</span><span class="br0">&#40;</span><span class="br0">&#41;</span><span class="br0">&#41;</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="kw2">public</span> <span class="kw2">function</span> supportsClass<span class="br0">&#40;</span><span class="re0">$class</span><span class="br0">&#41;</span>
<span class="br0">&#123;</span>
<span class="kw1">return</span> HeaderUser<span class="sy0">::</span><span class="kw2">class</span> <span class="sy0">===</span> <span class="re0">$class</span><span class="sy0">;</span>
<span class="br0">&#125;</span>
<span class="br0">&#125;</span>
&nbsp;
<span class="sy1">?&gt;</span></pre>
</div>
<!-- EDIT3 SECTION "Configuration" [444-4373] -->
<h2 class="sectionedit4" id="references">References</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> <a href="http://symfony.com/doc/current/security/pre_authenticated.html#remote-user-based-authentication" class="urlextern" title="http://symfony.com/doc/current/security/pre_authenticated.html#remote-user-based-authentication" rel="nofollow">http://symfony.com/doc/current/security/pre_authenticated.html#remote-user-based-authentication</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://symfony.com/doc/current/security/custom_provider.html" class="urlextern" title="https://symfony.com/doc/current/security/custom_provider.html" rel="nofollow">https://symfony.com/doc/current/security/custom_provider.html</a></div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "References" [4374-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/symfony_logo.png_documentation_2.0_applications_symfony.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:symfony_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="symfony.html"/>
<link rel="contents" href="symfony.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:symfony_logo.png </h1>
<div class="content">
<a href="symfony_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="300" height="77" class="img_detail" alt="symfony_logo.png" title="symfony_logo.png" src="symfony_logo.94212cff216d8b290c2355a72fd7995e.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> symfony_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2018/03/02 11:11</dd><dt>Filename:</dt><dd>symfony_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>4KB</dd><dt>Width:</dt><dd>300</dd><dt>Height:</dt><dd>77</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="symfony.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:symfony [B]">Back to documentation:2.0:applications:symfony</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

205
doc/pages/documentation/current/applications/sympa.html
View File

@ -1,205 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:sympa</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,sympa"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="sympa.html"/>
<link rel="contents" href="sympa.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:sympa","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#sympa_configuration">Sympa configuration</a></div></li>
<li class="level2"><div class="li"><a href="#sympa_virtual_host">Sympa virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#sympa_virtual_host_in_manager">Sympa virtual host in Manager</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="sympa">Sympa</h1>
<div class="level1">
<p>
<a href="sympa_logo.png_documentation_2.0_applications_sympa.html" class="media" title="applications:sympa_logo.png"><img src="sympa_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Sympa" [1-58] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.sympa.org" class="urlextern" title="http://www.sympa.org" rel="nofollow">Sympa</a> is a mailing list manager.
</p>
<p>
To configure <abbr title="Single Sign On">SSO</abbr> with Sympa, use <strong>Magic authentication</strong>: a special <abbr title="Single Sign On">SSO</abbr> <abbr title="Uniform Resource Locator">URL</abbr> is protected by <abbr title="LemonLDAP::NG">LL::NG</abbr>, Sympa will display a button for users who wants to use this feature.
</p>
<div class="notetip">Since version 1.9 of LLNG, old Auto-Login feature has been removed since it works only with Sympa-5 which has been deprecated
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [59-460] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [461-487] -->
<h3 class="sectionedit4" id="sympa_configuration">Sympa configuration</h3>
<div class="level3">
<p>
Edit the file &quot;auth.conf&quot;, for example:
</p>
<pre class="code">vi /etc/sympa/auth.conf</pre>
<p>
And fill it:
</p>
<pre class="file">generic_sso
service_name Centralized auth service
service_id lemonldapng
email_http_header HTTP_MAIL
netid_http_header HTTP_AUTH_USER
internal_email_by_netid 1
logout_url http://sympa.example.com/wws/logout</pre>
<div class="notetip">You can also disable internal Sympa authentication to keep only LemonLDAP::NG by removing user_table paragraph
<p>
Note that if you use FastCGI, you must restart Apache to enable changes.
</p>
</div>
<p>
You can also use &lt;portal&gt;?logout=1 as logout_url to remove LemonLDAP::NG session when &quot;disconnect&quot; is chosen.
</p>
</div>
<!-- EDIT4 SECTION "Sympa configuration" [488-1292] -->
<h3 class="sectionedit5" id="sympa_virtual_host">Sympa virtual host</h3>
<div class="level3">
<p>
Configure Sympa virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a> but protect only magic authentication <abbr title="Uniform Resource Locator">URL</abbr>.
</p>
<div class="notetip">The location <abbr title="Uniform Resource Locator">URL</abbr> end is based on the <code>service_id</code> defined in Sympa apache configuration.
</div><ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> sympa.example.com
&nbsp;
&lt;<span class="kw3">Location</span> /wws/sso_login/lemonldapng&gt;
PerlHeaderParserHandler Lemonldap::NG::Handler
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name sympa.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location /wws/sso_login/lemonldapng {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT5 SECTION "Sympa virtual host" [1293-2795] -->
<h3 class="sectionedit6" id="sympa_virtual_host_in_manager">Sympa virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Sympa.
</p>
<p>
Configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a> and define the following <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">headers</a>:
</p>
<ul>
<li class="level1"><div class="li"> Auth-User</div>
</li>
<li class="level1"><div class="li"> Mail</div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Sympa virtual host in Manager" [2796-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/sympa_logo.png_documentation_2.0_applications_sympa.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:sympa_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="sympa.html"/>
<link rel="contents" href="sympa.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:sympa_logo.png </h1>
<div class="content">
<a href="sympa_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="180" height="80" class="img_detail" alt="sympa_logo.png" title="sympa_logo.png" src="sympa_logo.8f3ab0739845ad0bda8348f032f87a11.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> sympa_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>sympa_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>7KB</dd><dt>Width:</dt><dd>180</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="sympa.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:sympa [B]">Back to documentation:2.0:applications:sympa</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

177
doc/pages/documentation/current/applications/tomcat.html
View File

@ -1,177 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:tomcat</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,tomcat"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="tomcat.html"/>
<link rel="contents" href="tomcat.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:tomcat","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#installation">Installation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#compilation">Compilation</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="apache_tomcat">Apache Tomcat</h1>
<div class="level1">
<p>
<a href="tomcat_logo.png_documentation_2.0_applications_tomcat.html" class="media" title="applications:tomcat_logo.png"><img src="tomcat_logo.png" class="mediacenter" alt="" /></a>
</p>
<div class="noteimportant">The Tomcat Valve is only available for tomcat 5.5 or greater.
</div>
</div>
<!-- EDIT1 SECTION "Apache Tomcat" [1-154] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://tomcat.apache.org/" class="urlextern" title="http://tomcat.apache.org/" rel="nofollow">Apache Tomcat</a> is an open source software implementation of the Java Servlet and JavaServer Pages technologies.
</p>
<p>
As J2EE servlet container, Tomcat provides standard security feature, like authentication: the application deployed in Tomcat can delegate its authentication to Tomcat.
</p>
<p>
By default, Tomcat provides a file called <code>users.xml</code> to manage authentication:
</p>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;?xml</span> <span class="re0">version</span>=<span class="st0">'1.0'</span> <span class="re0">encoding</span>=<span class="st0">'utf-8'</span><span class="re2">?&gt;</span></span>
<span class="sc3"><span class="re1">&lt;tomcat-users<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;role</span> <span class="re0">rolename</span>=<span class="st0">&quot;tomcat&quot;</span><span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;role</span> <span class="re0">rolename</span>=<span class="st0">&quot;role1&quot;</span><span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;user</span> <span class="re0">username</span>=<span class="st0">&quot;tomcat&quot;</span> <span class="re0">password</span>=<span class="st0">&quot;tomcat&quot;</span> <span class="re0">roles</span>=<span class="st0">&quot;tomcat&quot;</span><span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;user</span> <span class="re0">username</span>=<span class="st0">&quot;role1&quot;</span> <span class="re0">password</span>=<span class="st0">&quot;tomcat&quot;</span> <span class="re0">roles</span>=<span class="st0">&quot;role1&quot;</span><span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;user</span> <span class="re0">username</span>=<span class="st0">&quot;both&quot;</span> <span class="re0">password</span>=<span class="st0">&quot;tomcat&quot;</span> <span class="re0">roles</span>=<span class="st0">&quot;tomcat,role1&quot;</span><span class="re2">/&gt;</span></span>
<span class="sc3"><span class="re1">&lt;/tomcat-users<span class="re2">&gt;</span></span></span>
&nbsp;</pre>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> provides a valve, available on <a href="../download.html#contributions" class="wikilink1" title="download">download page</a>. This valve will check an HTTP header to set the authenticated user on the J2EE container.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [155-1077] -->
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">
<p>
Copy <code>ValveLemonLDAPNG.jar</code> in <code>&lt;TOMCAT_HOME&gt;/server/lib</code>:
</p>
<pre class="code">cp ValveLemonLDAPNG.jar server/lib/</pre>
<div class="notetip">If needed, you can <a href="#compilation" title="documentation:2.0:applications:tomcat ↵" class="wikilink1">recompile the valve from the sources</a>.
</div>
</div>
<!-- EDIT3 SECTION "Installation" [1078-1310] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
Add on your <code>server.xml</code> file a new valve entry like this (in host section):
</p>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;Valve</span> <span class="re0">className</span>=<span class="st0">&quot;org.lemonLDAPNG.SSOValve&quot;</span> <span class="re0">userKey</span>=<span class="st0">&quot;AUTH-USER&quot;</span> <span class="re0">roleKey</span>=<span class="st0">&quot;AUTH-ROLE&quot;</span> <span class="re0">roleSeparator</span>=<span class="st0">&quot;,&quot;</span> <span class="re0">allows</span>=<span class="st0">&quot;127.0.0.1&quot;</span><span class="re2">/&gt;</span></span></pre>
<p>
Configure attributes:
</p>
<ul>
<li class="level1"><div class="li"> <strong>userKey</strong>: key in the HTTP header containing user login.</div>
</li>
<li class="level1"><div class="li"> <strong>roleKey</strong>: key in the HTTP header containing roles. If <abbr title="LemonLDAP::NG">LL::NG</abbr> send some roles split by some commas, configure <strong>roleSeparator</strong>.</div>
</li>
<li class="level1"><div class="li"> <strong>roleSeparator</strong> (optional): role values separator.</div>
</li>
<li class="level1"><div class="li"> <strong>allows</strong> (optional): Define allowed remote <abbr title="Internet Protocol">IP</abbr> (use &quot;,&quot; separator for multiple <abbr title="Internet Protocol">IP</abbr>). Just set the <abbr title="LemonLDAP::NG">LL::NG</abbr> Handler <abbr title="Internet Protocol">IP</abbr> on this attribute in order to add more security. If this attribute is missed all hosts are allowed.</div>
</li>
<li class="level1"><div class="li"> <strong>passThrough</strong> (optional): Allow anonymous access or not. When it takes &quot;false&quot;, HTTP headers have to be sent by <abbr title="LemonLDAP::NG">LL::NG</abbr> to make authentication. So, if the user is not recognized or HTTP headers not present, a 403 error is sent.</div>
</li>
</ul>
<div class="notetip">For debugging, this valve can print some helpful information in debug level. See <a href="http://tomcat.apache.org/tomcat-5.5-doc/logging.html" class="urlextern" title="http://tomcat.apache.org/tomcat-5.5-doc/logging.html" rel="nofollow">how configure logging in Tomcat</a> .
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [1311-2481] -->
<h2 class="sectionedit5" id="compilation">Compilation</h2>
<div class="level2">
<p>
The sources are available on <a href="../download.html#contributions" class="wikilink1" title="download">download page</a>.
</p>
<p>
Required :
</p>
<ul>
<li class="level1"><div class="li"> ant</div>
</li>
<li class="level1"><div class="li"> jre &gt; 1.4</div>
</li>
<li class="level1"><div class="li"> tomcat &gt;= 5.5</div>
</li>
</ul>
<p>
Configure your tomcat home in <code>build.properties</code> files.
</p>
<div class="noteimportant">Be careful for Windows user, path must contains &quot;/&quot;. Example:
<pre class="code">c:/my hardisk/tomcat/</pre>
</div>
<p>
Next run ant command:
</p>
<pre class="code">ant</pre>
<p>
<code>ValveLemonLDAPNG.jar</code> is created under <code>/dist</code> directory.
</p>
</div>
<!-- EDIT5 SECTION "Compilation" [2482-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/tomcat_logo.png_documentation_2.0_applications_tomcat.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:tomcat_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="tomcat.html"/>
<link rel="contents" href="tomcat.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:tomcat_logo.png </h1>
<div class="content">
<a href="tomcat_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="113" height="80" class="img_detail" alt="tomcat_logo.png" title="tomcat_logo.png" src="tomcat_logo.b1d9476f855a81421af525714e5bbefb.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> tomcat_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>tomcat_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>9KB</dd><dt>Width:</dt><dd>113</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="tomcat.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:tomcat [B]">Back to documentation:2.0:applications:tomcat</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

103
doc/pages/documentation/current/applications/user_federation_id-resize-web.png_documentation_2.0_applications_salesforce.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:user_federation_id-resize-web.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>
<link rel="contents" href="salesforce.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:user_federation_id-resize-web.png </h1>
<div class="content">
<a href="user_federation_id-resize-web.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="800" height="410" class="img_detail" alt="user_federation_id-resize-web.png" title="user_federation_id-resize-web.png" src="user_federation_id-resize-web.f4e31dc61a4d060652130eb2274367ec.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> user_federation_id-resize-web.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>user_federation_id-resize-web.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>67KB</dd><dt>Width:</dt><dd>800</dd><dt>Height:</dt><dd>410</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="salesforce.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:salesforce [B]">Back to documentation:2.0:applications:salesforce</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

159
doc/pages/documentation/current/applications/wekan.html
View File

@ -1,159 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:wekan</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,wekan"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="wekan.html"/>
<link rel="contents" href="wekan.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:wekan","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuring_wekan">Configuring Wekan</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#configuring_lemonldap">Configuring LemonLDAP</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#singlemail_macro">_singleMail Macro</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="wekan">Wekan</h1>
<div class="level1">
<p>
<img src="wekan-logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Wekan" [1-65] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Wekan is an open-source Kanban, similar to trello.
</p>
<p>
See <a href="https://wekan.github.io/" class="urlextern" title="https://wekan.github.io/" rel="nofollow">the official Wekan website</a> for a complete presentation.
</p>
<p>
It feature an oauth2 login feature that work with LemonLDAP::NG
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [66-298] -->
<h2 class="sectionedit3" id="configuring_wekan">Configuring Wekan</h2>
<div class="level2">
<p>
Wekan is mostly configured with environement variables, you need to set theses :
</p>
<ul>
<li class="level1"><div class="li"> <strong>OAUTH2_ENABLED</strong>: <code>TRUE</code></div>
</li>
<li class="level2"><div class="li"> <strong>OAUTH2_CLIENT_ID</strong>: <code>ClientID</code></div>
</li>
<li class="level2"><div class="li"> <strong>OAUTH2_SECRET</strong>: <code>Secret</code></div>
</li>
<li class="level2"><div class="li"> <strong>OAUTH2_SERVER_<abbr title="Uniform Resource Locator">URL</abbr></strong>: <code><a href="https://auth.example.com/" class="urlextern" title="https://auth.example.com/" rel="nofollow">https://auth.example.com/</a></code></div>
</li>
<li class="level2"><div class="li"> <strong>OAUTH2_AUTH_ENDPOINT</strong>: <code>oauth2/authorize</code></div>
</li>
<li class="level2"><div class="li"> <strong>OAUTH2_USERINFO_ENDPOINT</strong>: <code>oauth2/userinfo</code></div>
</li>
<li class="level2"><div class="li"> <strong>OAUTH2_TOKEN_ENDPOINT</strong>: <code>oauth2/token</code></div>
</li>
<li class="level2"><div class="li"> <strong>OAUTH2_ID_MAP</strong>: <code>sub</code></div>
</li>
</ul>
<div class="notewarning">Be careful to the / in server_url and endpoints, the complete <abbr title="Uniform Resource Locator">URL</abbr> need to be valid, ie auth.example.com/ for url &amp; oauth2/xxx for endpoints, OR, auth.example.com &amp; /oauth2/xxx for endpoints.
</div>
</div>
<!-- EDIT3 SECTION "Configuring Wekan" [299-990] -->
<h3 class="sectionedit4" id="configuring_lemonldap">Configuring LemonLDAP</h3>
<div class="level3">
<p>
We now have to configure LemonLDAP::NG to recognize Wekan as a valid OAuth2 relaying party and send it the information it needs to recognize a user.
</p>
<p>
Add a <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect"> new OpenID Connect relaying party </a> with the following parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Client ID</strong>: the same you set in Wekan configuration (same as OAUTH2_CLIENT_ID)</div>
</li>
<li class="level2"><div class="li"> <strong>Client Secret</strong>: the same you set in Wekan configuration (same as OAUTH2_SECRET)</div>
</li>
<li class="level2"><div class="li"> Add the following exported attributes</div>
<ul>
<li class="level4"><div class="li"> <code>name</code>: session attribute containing the user&#039;s full name</div>
</li>
<li class="level4"><div class="li"> <code>email</code>: session attribute containing the user&#039;s email or _singleMail</div>
</li>
</ul>
</li>
</ul>
</div>
<h4 id="singlemail_macro">_singleMail Macro</h4>
<div class="level4">
<div class="notewarning">OIDC login fails when an user as a multi-valued email attribute, this need to be fixed on wekan&#039;s side, we can bypass that by telling lemonldap to only send one email
</div>
<p>
Create a new macro, name it (_singleMail is an example), the macro should contain <code>(split(/; /,$mail))[1]</code>
</p>
</div>
<!-- EDIT4 SECTION "Configuring LemonLDAP" [991-] --></div>
</body>
</html>

154
doc/pages/documentation/current/applications/wordpress.html
View File

@ -1,154 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:wordpress</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,wordpress"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="wordpress.html"/>
<link rel="contents" href="wordpress.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:wordpress","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#cas">CAS</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#plugin_installation">Plugin installation</a></div></li>
<li class="level2"><div class="li"><a href="#plugin_configuration">Plugin configuration</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#general_settings">General settings</a></div></li>
<li class="level3"><div class="li"><a href="#user_roles_settings">User Roles Settings</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="wordpress">Wordpress</h1>
<div class="level1">
<p>
<img src="wordpress_logo.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Wordpress" [1-73] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://wordpress.org/" class="urlextern" title="https://wordpress.org/" rel="nofollow">Wordpress</a> is a famous tool to create websites.
</p>
<p>
A lot of authentication plugins are available. We propose here to use <abbr title="Central Authentication Service">CAS</abbr> protocol and <a href="https://wordpress.org/plugins/wp-cassify/" class="urlextern" title="https://wordpress.org/plugins/wp-cassify/" rel="nofollow">WP Cassify</a> plugin.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [74-327] -->
<h2 class="sectionedit3" id="cas">CAS</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "CAS" [328-344] -->
<h3 class="sectionedit4" id="plugin_installation">Plugin installation</h3>
<div class="level3">
<p>
Go in Wordpress admin and install <a href="https://wordpress.org/plugins/wp-cassify/" class="urlextern" title="https://wordpress.org/plugins/wp-cassify/" rel="nofollow">WP Cassify</a> plugin.
</p>
</div>
<!-- EDIT4 SECTION "Plugin installation" [345-475] -->
<h3 class="sectionedit5" id="plugin_configuration">Plugin configuration</h3>
<div class="level3">
<p>
The full documentation is available on <a href="https://wpcassify.wordpress.com/" class="urlextern" title="https://wpcassify.wordpress.com/" rel="nofollow">https://wpcassify.wordpress.com/</a>
</p>
</div>
<h4 id="general_settings">General settings</h4>
<div class="level4">
<p>
Configure <abbr title="Central Authentication Service">CAS</abbr> server and <abbr title="Central Authentication Service">CAS</abbr> version:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Server base url : <a href="https://auth.example.com/cas/" class="urlextern" title="https://auth.example.com/cas/" rel="nofollow">https://auth.example.com/cas/</a></div>
</li>
<li class="level1"><div class="li"> <abbr title="Central Authentication Service">CAS</abbr> Version protocol: 2</div>
</li>
</ul>
<p>
Other options are correct by default.
</p>
</div>
<h4 id="user_roles_settings">User Roles Settings</h4>
<div class="level4">
<p>
You can assign WP Roles depending on values sent by <abbr title="Central Authentication Service">CAS</abbr>.
</p>
<p>
The rules syntax is quite special, you can use it or you can just define macros on <abbr title="LemonLDAP::NG">LL::NG</abbr> side and send them trough <abbr title="Central Authentication Service">CAS</abbr> to keep simple rules on WP side.
</p>
<p>
For example create a macro <code>role_wordpress_admin</code> which contains <code>1</code> if the user is admin on WP, and send it in <abbr title="Central Authentication Service">CAS</abbr> attributes.
</p>
<p>
Then create this rule on WP side:
</p>
<pre class="code">administrator|(CAS{role_wordpress_admin} -EQ &quot;1&quot;)</pre>
</div>
<!-- EDIT5 SECTION "Plugin configuration" [476-] --></div>
</body>
</html>

185
doc/pages/documentation/current/applications/xwiki.html
View File

@ -1,185 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:xwiki</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,xwiki"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="xwiki.html"/>
<link rel="contents" href="xwiki.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:xwiki","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#xwiki_virtual_host">Xwiki virtual host</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#apache">Apache</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#xwiki_virtual_host_in_manager">Xwiki virtual host in Manager</a></div></li>
<li class="level2"><div class="li"><a href="#xwiki_configuration">Xwiki Configuration</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="x-wiki">X-Wiki</h1>
<div class="level1">
<p>
<a href="xwiki.png_documentation_2.0_applications_xwiki.html" class="media" title="applications:xwiki.png"><img src="xwiki.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "X-Wiki" [1-54] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
XWiki is a free wiki software platform written in Java with a design emphasis on extensibility. XWiki is an enterprise wiki. It includes <abbr title="What You See Is What You Get">WYSIWYG</abbr> editing, OpenDocument based document import/export, semantic annotations and tagging, and advanced permissions management.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [55-350] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
The integration with <abbr title="LemonLDAP::NG">LL::NG</abbr> is the following:
</p>
<ul>
<li class="level1"><div class="li"> LemonLDAP::NG is configured as a reverse-proxy for xwiki</div>
</li>
<li class="level1"><div class="li"> Xwiki is configured to accept HTTP Headers</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Configuration" [351-532] -->
<h3 class="sectionedit4" id="xwiki_virtual_host">Xwiki virtual host</h3>
<div class="level3">
</div>
<h4 id="apache">Apache</h4>
<div class="level4">
<p>
You will configure Xwiki virtual host like other <a href="../configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<p>
This is an example, with https and speaking to xwiki via AJP.
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> wiki.acme.fr
<span class="kw1">Redirect</span> / https://wiki.acme.fr/
&lt;/<span class="kw3">VirtualHost</span>&gt;
&nbsp;
&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">443</span>&gt;
<span class="kw1">ServerName</span> wiki.acme.fr
&nbsp;
<span class="kw1">SSLEngine</span> <span class="kw2">On</span>
<span class="kw1">SSLCertificateFile</span> /etc/pki/tls/certs/wildcard.acme.fr.crt
<span class="kw1">SSLCertificateKeyFile</span> /etc/pki/tls/certs/wildcard.acme.fr.key
<span class="kw1">SSLCertificateChainFile</span> /etc/pki/tls/certs/CLASS_2_ACME_CA.crt
<span class="kw1">SSLOptions</span> +StdEnvVars
<span class="kw1">SSLProtocol</span> <span class="kw2">all</span> -SSLv3 -TLSv1 -TLSv1.1
<span class="kw1">SSLCipherSuite</span> ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<span class="kw1">SSLHonorCipherOrder</span> <span class="kw2">on</span>
SSLCompression <span class="kw2">off</span>
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
&nbsp;
<span class="kw1">RewriteEngine</span> <span class="kw2">on</span>
<span class="kw1">RewriteRule</span> ^/$ /xwiki/ [R]
&nbsp;
<span class="kw1">ProxyPreserveHost</span> <span class="kw2">On</span>
<span class="kw1">ProxyRequests</span> <span class="kw2">On</span>
&nbsp;
<span class="kw1">ProxyPass</span> / ajp://192.168.11.130:<span class="nu0">8009</span>/
<span class="kw1">ProxyPassReverse</span> / ajp://192.168.11.130:<span class="nu0">8009</span>/
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/httpd/wiki_error.log
<span class="kw1">CustomLog</span> /var/log/httpd/wiki_access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
</div>
<!-- EDIT4 SECTION "Xwiki virtual host" [533-2331] -->
<h3 class="sectionedit5" id="xwiki_virtual_host_in_manager">Xwiki virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Xwiki.
</p>
<p>
Configure the <a href="../writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>.
</p>
<p>
Configure the <a href="../writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">headers</a>:
</p>
<ul>
<li class="level1"><div class="li"> remote_user: $uid</div>
</li>
<li class="level1"><div class="li"> remote_groups: encode_base64($groups,&#039;&#039;)</div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "Xwiki virtual host in Manager" [2332-2670] -->
<h3 class="sectionedit6" id="xwiki_configuration">Xwiki Configuration</h3>
<div class="level3">
<pre class="code">xwiki.authentication.authclass=org.xwiki.contrib.authentication.XWikiTrustedAuthenticator
xwiki.authentication.trusted.adapterHint=headers
xwiki.authentication.trusted.auth_field=remote_user
xwiki.authentication.trusted.group_field=remote_groups
xwiki.authentication.trusted.logout_url=https://auth.acme.fr/#logout</pre>
</div>
<!-- EDIT6 SECTION "Xwiki Configuration" [2671-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/xwiki.png_documentation_2.0_applications_xwiki.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:xwiki.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="xwiki.html"/>
<link rel="contents" href="xwiki.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:xwiki.png </h1>
<div class="content">
<a href="xwiki.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="300" height="108" class="img_detail" alt="xwiki.png" title="xwiki.png" src="xwiki.165c9f846ccb2c775dff26d98fe36749.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> xwiki.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2019/01/21 14:46</dd><dt>Filename:</dt><dd>xwiki.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>11KB</dd><dt>Width:</dt><dd>300</dd><dt>Height:</dt><dd>108</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="xwiki.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:xwiki [B]">Back to documentation:2.0:applications:xwiki</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

229
doc/pages/documentation/current/applications/zimbra.html
View File

@ -1,229 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:zimbra</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,zimbra"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="zimbra.html"/>
<link rel="contents" href="zimbra.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:zimbra","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#zimbra_preauth_key">Zimbra preauth key</a></div></li>
<li class="level2"><div class="li"><a href="#zimbra_application_in_menu">Zimbra application in menu</a></div></li>
<li class="level2"><div class="li"><a href="#zimbra_virtual_host">Zimbra virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#zimbra_handler_parameters">Zimbra Handler parameters</a></div></li>
<li class="level2"><div class="li"><a href="#multi-domain_issues">Multi-domain issues</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="zimbra">Zimbra</h1>
<div class="level1">
<p>
<a href="zimbra_logo.png_documentation_2.0_applications_zimbra.html" class="media" title="applications:zimbra_logo.png"><img src="zimbra_logo.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Zimbra" [1-60] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://www.zimbra.com/" class="urlextern" title="http://www.zimbra.com/" rel="nofollow">Zimbra</a> is open source server software for email and collaboration - email, group calendar, contacts, instant messaging, file storage and web document management. The Zimbra email and calendar server is available for Linux, Mac <abbr title="Operating System">OS</abbr> X and virtualization platforms. Zimbra syncs to smartphones (iPhone, BlackBerry) and desktop clients like Outlook and Thunderbird. Zimbra also features archiving and discovery for compliance. Zimbra can be deployed on-premises or as a hosted email solution.
</p>
<p>
Zimbra use a specific <a href="http://wiki.zimbra.com/index.php?title=Preauth" class="urlextern" title="http://wiki.zimbra.com/index.php?title=Preauth" rel="nofollow">preauthentication protocol</a> to provide <abbr title="Single Sign On">SSO</abbr> on its application. This protocol is implemented in an <abbr title="LemonLDAP::NG">LL::NG</abbr> specific Handler.
</p>
<div class="notetip">Zimbra can also be connected to <abbr title="LemonLDAP::NG">LL::NG</abbr> via <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML protocol</a> (see <a href="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" class="urlextern" title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" rel="nofollow">Zimbra blog</a>).
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [61-999] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
The integration with <abbr title="LemonLDAP::NG">LL::NG</abbr> is the following:
</p>
<ul>
<li class="level1"><div class="li"> A special <abbr title="Uniform Resource Locator">URL</abbr> is declared in application menu (like <a href="http://zimbra.example.com/zimbrasso" class="urlextern" title="http://zimbra.example.com/zimbrasso" rel="nofollow">http://zimbra.example.com/zimbrasso</a>)</div>
</li>
<li class="level1"><div class="li"> A Zimbra Handler is called</div>
</li>
<li class="level1"><div class="li"> Handler build the preauth request and redirect user on Zimbra preauth <abbr title="Uniform Resource Locator">URL</abbr></div>
</li>
<li class="level1"><div class="li"> Then Zimbra do the <abbr title="Single Sign On">SSO</abbr> by setting a cookie in user&#039;s browser</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Configuration" [1000-1340] -->
<h3 class="sectionedit4" id="zimbra_preauth_key">Zimbra preauth key</h3>
<div class="level3">
<p>
You need to get a preauth key from Zimbra server.
</p>
<p>
See <a href="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth" class="urlextern" title="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth" rel="nofollow">how to do this</a> on Zimbra wiki.
</p>
</div>
<!-- EDIT4 SECTION "Zimbra preauth key" [1341-1539] -->
<h3 class="sectionedit5" id="zimbra_application_in_menu">Zimbra application in menu</h3>
<div class="level3">
<p>
Choose for example <a href="http://zimbra.example.com/zimbrasso" class="urlextern" title="http://zimbra.example.com/zimbrasso" rel="nofollow">http://zimbra.example.com/zimbrasso</a> as <abbr title="Single Sign On">SSO</abbr> <abbr title="Uniform Resource Locator">URL</abbr> and <a href="../portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:2.0:portalmenu">set it in application menu</a>.
</p>
</div>
<!-- EDIT5 SECTION "Zimbra application in menu" [1540-1721] -->
<h3 class="sectionedit6" id="zimbra_virtual_host">Zimbra virtual host</h3>
<div class="level3">
<p>
You just have to set &quot;Type: ZimbraPreAuth&quot; in virtualhost options and reload configuration in this handler.
</p>
</div>
<!-- EDIT6 SECTION "Zimbra virtual host" [1722-1861] -->
<h3 class="sectionedit7" id="zimbra_handler_parameters">Zimbra Handler parameters</h3>
<div class="level3">
<p>
Zimbra parameters are the following:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Preauthentication key</strong>: the one you grab from zmprov command</div>
</li>
<li class="level1"><div class="li"> <strong>Account session key</strong>: session field used as Zimbra user account (by default: uid)</div>
</li>
<li class="level1"><div class="li"> <strong>Account type</strong>: for Zimbra this can be name, id or foreignKey (by default: id)</div>
</li>
<li class="level1"><div class="li"> <strong>Preauthentication <abbr title="Uniform Resource Locator">URL</abbr></strong>: Zimbra preauthentication <abbr title="Uniform Resource Locator">URL</abbr>, either with full <abbr title="Uniform Resource Locator">URL</abbr> (ex: <a href="http://zimbra.lan/service/preauth" class="urlextern" title="http://zimbra.lan/service/preauth" rel="nofollow">http://zimbra.lan/service/preauth</a>), either only with path (ex: /service/preauth) (by default: /service/preauth)</div>
</li>
<li class="level1"><div class="li"> <strong>Local <abbr title="Single Sign On">SSO</abbr> <abbr title="Uniform Resource Locator">URL</abbr> pattern</strong>: regular expression to match the <abbr title="Single Sign On">SSO</abbr> <abbr title="Uniform Resource Locator">URL</abbr> (by default: ^/zimbrasso$)</div>
</li>
</ul>
<div class="noteimportant">Due to Handler <abbr title="Application Programming Interface">API</abbr> change in 1.9, you need to set these attributes in <code>lemonldap-ng.ini</code> and not in Manager, for example:
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>handler<span class="br0">&#93;</span></span>
<span class="re1">zimbraPreAuthKey</span> <span class="sy0">=</span><span class="re2"> XXXX</span>
<span class="re1">zimbraAccountKey</span> <span class="sy0">=</span><span class="re2"> uid</span>
<span class="re1">zimbraBy</span> <span class="sy0">=</span><span class="re2">id</span>
<span class="re1">zimbraUrl</span> <span class="sy0">=</span><span class="re2"> /service/preauth</span>
<span class="re1">zimbraSsoUrl</span> <span class="sy0">=</span><span class="re2"> ^/zimbrasso$</span></pre>
</div>
</div>
<!-- EDIT7 SECTION "Zimbra Handler parameters" [1862-2771] -->
<h3 class="sectionedit8" id="multi-domain_issues">Multi-domain issues</h3>
<div class="level3">
<p>
Some organizations have multiple zimbra domains:
</p>
<ol>
<li class="level1"><div class="li"> foo@domain1.com</div>
</li>
<li class="level1"><div class="li"> bar@domain2.com</div>
</li>
</ol>
<p>
However, the zimbra preauth key is:
</p>
<ul>
<li class="level1"><div class="li"> generated for one zimbra domain only</div>
</li>
<li class="level1"><div class="li"> declared globally for every LemonLDAP::NG virtual hosts.</div>
</li>
</ul>
<p>
Thus, if domain1 has been registered on LemonLDAP::NG, user bar won&#039;t be able to connect to zimbra because preauth key is different. If you accept to have the same preauth key for all zimbra domains, you can set the same preauth key using this procedure:
</p>
<p>
We are going to use the first key (the domain1 one) for every domain.
On Zimbra machine, generate the keys:
</p>
<pre class="code"> zmprov generateDomainPreAuthKey domain1.com
preAuthKey: 4e2816f16c44fab20ecdee39fb850c3b0bb54d03f1d8e073aaea376a4f407f0c
zmprov generateDomainPreAuthKey domain2.com
preAuthKey: 6b7ead4bd425836e8cf0079cd6c1a05acc127acd07c8ee4b61023e19250e929c</pre>
<p>
Then, connect to your zimbra LDAP server with your favourite tool (Apache Directory Studio can do the job).
Take care to connect with the super admin and password account.
</p>
<ul>
<li class="level1"><div class="li"> Expand the branch &quot;dc=com&quot;, then click the &quot;dc=domain1&quot; branch</div>
</li>
<li class="level1"><div class="li"> Get the value of zimbraPreAuthKey</div>
</li>
<li class="level1"><div class="li"> Expand the branch &quot;dc=com&quot;, then click the &quot;dc=domain2&quot; branch</div>
</li>
<li class="level1"><div class="li"> Replace the value of zimbraPreAuthKey you have previously copied</div>
</li>
<li class="level1"><div class="li"> Wait for all Zimbra servers to update, or restart the zcs server</div>
</li>
</ul>
<p>
That&#039;s it, all zimbra servers will be able to decipher the hmac because they share the same key!
</p>
</div>
<!-- EDIT8 SECTION "Multi-domain issues" [2772-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/zimbra_logo.png_documentation_2.0_applications_zimbra.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:zimbra_logo.png [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="zimbra.html"/>
<link rel="contents" href="zimbra.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:zimbra_logo.png </h1>
<div class="content">
<a href="zimbra_logo.0fea6a13c52b4d4725368f24b045ca84.png" title="View original file"><img width="167" height="80" class="img_detail" alt="zimbra_logo.png" title="zimbra_logo.png" src="zimbra_logo.d6b642faee87d22c2dea1e7db91badac.png"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> zimbra_logo.png</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2016/07/19 12:15</dd><dt>Filename:</dt><dd>zimbra_logo.png</dd><dt>Format:</dt><dd>PNG</dd><dt>Size:</dt><dd>14KB</dd><dt>Width:</dt><dd>167</dd><dt>Height:</dt><dd>80</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="zimbra.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:zimbra [B]">Back to documentation:2.0:applications:zimbra</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

131
doc/pages/documentation/current/authad.html
View File

@ -1,131 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authad</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authad"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authad.html"/>
<link rel="contents" href="authad.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authad","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#ad_password_policy">AD password policy</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="active_directory">Active Directory</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [33-102] -->
</div>
<!-- EDIT1 SECTION "Active Directory" [1-103] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
The Active Directory module is based on the <a href="authldap.html" class="wikilink1" title="documentation:2.0:authldap">LDAP module</a>, with these features:
</p>
<ul>
<li class="level1"><div class="li"> Specific default values for filters to match AD schema</div>
</li>
<li class="level1"><div class="li"> Compatible password modification</div>
</li>
<li class="level1"><div class="li"> Reset password on next logon workflow</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Presentation" [104-359] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
The configuration is the same as the <a href="authldap.html" class="wikilink1" title="documentation:2.0:authldap">LDAP module</a>.
</p>
</div>
<!-- EDIT4 SECTION "Configuration" [360-451] -->
<h2 class="sectionedit5" id="ad_password_policy">AD password policy</h2>
<div class="level2">
<p>
AD password policy does not follow the LDAP <abbr title="Request for Comments">RFC</abbr>, but Microsoft has implemented its own policy.
LemonLDAP::NG implements partially the policy:
</p>
<ul>
<li class="level1"><div class="li"> when pwdLastSet = 0 in the user entry, it means that password has been reset, and a form is presented to the user for him to change his password.</div>
</li>
<li class="level1"><div class="li"> when computed virtual attribute &#039;msDS-User-Account-Control-Computed&#039; as 6th flag set to 8, the password is considered expired (support from Windows Server 2003). It is too late for the user to do anything. He must contact his administrator.</div>
</li>
<li class="level1"><div class="li"> a warning before password expiration is possible in AD, but only in GPO (Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration). However it as no reality in LDAP referential. A &quot;password warning time before password expiration&quot; variable can be specified in LemonLDAP::NG to do so.</div>
</li>
</ul>
<div class="noteimportant">Note: since AD 2012, each user can have a specific password expiration policy. Then, the &quot;maximum password age&quot; can have different values. This is currently unsupported in LemonLDAP::NG because every policy must be computed with their precedence to know which maximum password age to apply.
</div>
<p>
To configure warning before password expiration, you must set two variables in Active Directory parameters in Manager:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Password max age</strong> : number of seconds after the last password change, before it expires. It must match AD policy</div>
</li>
<li class="level1"><div class="li"> <strong>Password expire warning</strong> : number of seconds between password expiration and the date from which user is warned his password will expire.</div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "AD password policy" [452-] --></div>
</body>
</html>

170
doc/pages/documentation/current/authapache.html
View File

@ -1,170 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authapache</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authapache"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authapache.html"/>
<link rel="contents" href="authapache.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authapache","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div></li>
<li class="level2"><div class="li"><a href="#apache1">Apache</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#tips">Tips</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#kerberos">Kerberos</a></div></li>
<li class="level2"><div class="li"><a href="#compatibility_with_identity_provider_modules">Compatibility with Identity Provider modules</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="apache">Apache</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [22-79] -->
</div>
<!-- EDIT1 SECTION "Apache" [1-80] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can delegate authentication to Apache, so it is possible to use any <a href="http://httpd.apache.org/docs/current/howto/auth.html" class="urlextern" title="http://httpd.apache.org/docs/current/howto/auth.html" rel="nofollow">Apache authentication module</a>, for example Kerberos, Radius, OTP, etc.
</p>
<div class="noteimportant">To authenticate users using Kerberos, you can now use the new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos authentication module</a> which allow one to chain Kerberos in a <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">combination</a>
</div><div class="notetip">Apache authentication module will set the <code>REMOTE_USER</code> environment variable, which will be used by <abbr title="LemonLDAP::NG">LL::NG</abbr> to get authenticated user.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [81-668] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [669-695] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
<p>
In General Parameters &gt; Authentication modules, choose <code>Apache</code> as authentication backend.
</p>
<p>
You may want to failback to another authentication backend in case of the Apache authentication fails. Use then the <a href="authmulti.html" class="wikilink1" title="documentation:2.0:authmulti">Multiple authentication module</a>, for example:
</p>
<pre class="code">Apache;LDAP</pre>
<div class="notetip">In this case, the Apache authentication module should not require a valid user and not be authoritative, else Apache server will return an error and not let <abbr title="LemonLDAP::NG">LL::NG</abbr> Portal manage the failback authentication.
</div>
</div>
<!-- EDIT5 SECTION "LL::NG" [696-1234] -->
<h3 class="sectionedit6" id="apache1">Apache</h3>
<div class="level3">
<p>
The Apache configuration depends on the module you choose, you need to look at the module documentation, for example:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://modauthkerb.sourceforge.net/" class="urlextern" title="http://modauthkerb.sourceforge.net/" rel="nofollow">Kerberos</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/~speeves/Apache2-AuthenNTLM-0.02/AuthenNTLM.pm" class="urlextern" title="http://search.cpan.org/~speeves/Apache2-AuthenNTLM-0.02/AuthenNTLM.pm" rel="nofollow">NTLM</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://freeradius.org/mod_auth_radius/" class="urlextern" title="http://freeradius.org/mod_auth_radius/" rel="nofollow">Radius</a></div>
</li>
<li class="level1"><div class="li"> ...</div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Apache" [1235-1569] -->
<h2 class="sectionedit7" id="tips">Tips</h2>
<div class="level2">
</div>
<!-- EDIT7 SECTION "Tips" [1570-1587] -->
<h3 class="sectionedit8" id="kerberos">Kerberos</h3>
<div class="level3">
<p>
The Kerberos configuration is quite complex. You can find some configuration tips <a href="kerberos.html" class="wikilink1" title="documentation:2.0:kerberos">on this page</a>.
</p>
<div class="notetip">Prefer new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos</a> module.
</div>
</div>
<!-- EDIT8 SECTION "Kerberos" [1588-1780] -->
<h3 class="sectionedit9" id="compatibility_with_identity_provider_modules">Compatibility with Identity Provider modules</h3>
<div class="level3">
<p>
When using IDP modules (like <abbr title="Central Authentication Service">CAS</abbr> or <abbr title="Security Assertion Markup Language">SAML</abbr>), the activation of Apache authentication can alter the operation. This is because the client often need to request directly the IDP, and the Apache authentication will block the request.
</p>
<p>
In this case, you can add in the Apache authentication module:
</p>
<pre class="code file apache"> <span class="kw1">Satisfy</span> any
<span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
<span class="kw1">allow</span> from APPLICATIONS_IP</pre>
<p>
This will bypass the authentication module for request from APPLICATIONS_<abbr title="Internet Protocol">IP</abbr>.
</p>
</div>
<!-- EDIT9 SECTION "Compatibility with Identity Provider modules" [1781-] --></div>
</body>
</html>

141
doc/pages/documentation/current/authcas.html
View File

@ -1,141 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authcas</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authcas"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcas.html"/>
<link rel="contents" href="authcas.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authcas","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="cas">CAS</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [19-69] -->
</div>
<!-- EDIT1 SECTION "CAS" [1-70] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can delegate authentication to a <abbr title="Central Authentication Service">CAS</abbr> server. This requires <a href="http://sourcesup.cru.fr/projects/perlcas/" class="urlextern" title="http://sourcesup.cru.fr/projects/perlcas/" rel="nofollow">Perl CAS module</a>.
</p>
<div class="notetip"><abbr title="LemonLDAP::NG">LL::NG</abbr> can also act as <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS server</a>, that allows one to interconnect two <abbr title="LemonLDAP::NG">LL::NG</abbr> systems.
</div>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can also request proxy tickets for its protected services. Proxy tickets will be collected at authentication phase and stored in user session under the form:
</p>
<p>
<code>_casPT</code><strong>serviceID</strong> = <strong>Proxy ticket value</strong>
</p>
<p>
They can then be forwarded to applications trough <a href="writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">HTTP headers</a>.
</p>
<div class="notetip"><abbr title="Central Authentication Service">CAS</abbr> authentication will automatically add a <a href="logoutforward.html" class="wikilink1" title="documentation:2.0:logoutforward">logout forward rule</a> on <abbr title="Central Authentication Service">CAS</abbr> server logout <abbr title="Uniform Resource Locator">URL</abbr> in order to close <abbr title="Central Authentication Service">CAS</abbr> session on <abbr title="LemonLDAP::NG">LL::NG</abbr> logout.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [71-832] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose <abbr title="Central Authentication Service">CAS</abbr> for authentication.
</p>
<div class="notetip">You can then choose any other module for users and password.
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
<p>
Then, go in <code><abbr title="Central Authentication Service">CAS</abbr> parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
</ul>
<p>
Then create the list of <abbr title="Central Authentication Service">CAS</abbr> servers in the manager. For each, set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Server <abbr title="Uniform Resource Locator">URL</abbr></strong> <em>(required)</em>: <abbr title="Central Authentication Service">CAS</abbr> server <abbr title="Uniform Resource Locator">URL</abbr> (must use https://)</div>
</li>
<li class="level1"><div class="li"> <strong>Renew authentication</strong> <em>(default: disabled)</em>: force authentication renewal on <abbr title="Central Authentication Service">CAS</abbr> server</div>
</li>
<li class="level1"><div class="li"> <strong>Gateways authentication</strong> <em>(default: disabled)</em>: force transparent authentication on <abbr title="Central Authentication Service">CAS</abbr> server</div>
</li>
<li class="level1"><div class="li"> <strong>Display Name</strong>: Name to display. Required if you have more than 1 <abbr title="Central Authentication Service">CAS</abbr> server declared</div>
</li>
<li class="level1"><div class="li"> <strong>Icon</strong>: Path to <abbr title="Central Authentication Service">CAS</abbr> Server icon. Used only if you have more than 1 <abbr title="Central Authentication Service">CAS</abbr> server declared</div>
</li>
<li class="level1"><div class="li"> <strong>Order</strong>: Number to sort <abbr title="Central Authentication Service">CAS</abbr> Servers display</div>
</li>
<li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
<ul>
<li class="level2"><div class="li"> <strong>Key</strong>: Service ID</div>
</li>
<li class="level2"><div class="li"> <strong>Value</strong> Service <abbr title="Uniform Resource Locator">URL</abbr> (<abbr title="Central Authentication Service">CAS</abbr> service identifier)</div>
</li>
</ul>
</li>
</ul>
<div class="notetip">If no proxied services defined, <abbr title="Central Authentication Service">CAS</abbr> authentication will not activate the <abbr title="Central Authentication Service">CAS</abbr> proxy mode with this <abbr title="Central Authentication Service">CAS</abbr> server.
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [833-] --></div>
</body>
</html>

158
doc/pages/documentation/current/authchoice.html
View File

@ -1,158 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authchoice</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authchoice"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authchoice.html"/>
<link rel="contents" href="authchoice.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authchoice","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="backend_choice_by_users">Backend choice by users</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [40-109] -->
</div>
<!-- EDIT1 SECTION "Backend choice by users" [1-110] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
By default, only the configured authentication backend is available for users.
</p>
<p>
Contrary to <a href="authmulti.html" class="wikilink1" title="documentation:2.0:authmulti">multiple backend stacking</a>, backend choice will present all available authentication methods to users, who will choose the one they want.
</p>
<p>
The choice will concern three backends:
</p>
<ul>
<li class="level1"><div class="li"> Authentication</div>
</li>
<li class="level1"><div class="li"> Users</div>
</li>
<li class="level1"><div class="li"> Password</div>
</li>
</ul>
<p>
The chosen backends will be registered in session:
</p>
<ul>
<li class="level1"><div class="li"> <code>$_auth</code></div>
</li>
<li class="level1"><div class="li"> <code>$_userDB</code></div>
</li>
<li class="level1"><div class="li"> <code>$_passwordDB</code></div>
</li>
</ul>
<p>
Authentication choice will also be registered in session:
</p>
<ul>
<li class="level1"><div class="li"> <code>$_authChoice</code></div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Presentation" [111-648] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Choice for authentication.
</p>
<div class="noteimportant">When <code>Choice</code> is selected for authentication, values for Users and Password modules are also forced to <code>Choice</code>.
</div>
<p>
Then, go in <code>Choice Parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong><abbr title="Uniform Resource Locator">URL</abbr> parameter</strong>: parameter name used to set choice value (default: <code>lmAuth</code>)</div>
</li>
<li class="level1"><div class="li"> <strong>AuthBasic handler parameter</strong>: authentication module used by AuthBasic handler</div>
</li>
<li class="level1"><div class="li"> <strong>Allowed modules</strong>: click on <code>New chain</code> to add a choice.</div>
</li>
</ul>
<p>
<img src="documentation/manager-choice.png" class="mediacenter" alt="" />
</p>
<p>
Define here:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Name</strong>: Text displayed on choice tab.</div>
</li>
<li class="level1"><div class="li"> <strong>Authentication module</strong></div>
</li>
<li class="level1"><div class="li"> <strong>Users module</strong></div>
</li>
<li class="level1"><div class="li"> <strong>Password module</strong></div>
</li>
<li class="level1"><div class="li"> <strong><abbr title="Uniform Resource Locator">URL</abbr></strong>: optional, can be used to redirect on another <abbr title="Uniform Resource Locator">URL</abbr> (for example <a href="https://authssl.example.com" class="urlextern" title="https://authssl.example.com" rel="nofollow">https://authssl.example.com</a>). This is mandatory if you want to use an Apache authentication module, which is run by Apache before showing the LemonLDAP::NG portal page.</div>
</li>
<li class="level1"><div class="li"> <strong>Condition</strong>: optional, can be used to evaluate an expression to display the tab. For example, to display a tab only if redirected by Handler from application <code>test1.example.com</code>, you can set this condition:</div>
</li>
</ul>
<pre class="code perl"><span class="re0">$env</span><span class="sy0">-&gt;</span><span class="br0">&#123;</span>urldc<span class="br0">&#125;</span> <span class="sy0">=~</span> <span class="sy0">/</span>test1\<span class="sy0">.</span>example\<span class="sy0">.</span>com<span class="sy0">/</span></pre>
<div class="noteclassic">Authentication request to an another <abbr title="Uniform Resource Locator">URL</abbr> than Portal <abbr title="Uniform Resource Locator">URL</abbr> can lead to a persistent loop between Portal and a redirection <abbr title="Uniform Resource Locator">URL</abbr> (pdata is not removed because domains mismatch). To avoid this, you have to set pdata cookie domain by editing <code>lemonldap-ng.ini</code> in section [portal]:<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">pdataDomain</span> <span class="sy0">=</span><span class="re2"> example.com</span></pre>
</div><div class="notetip">You can prefix the key name with a digit to order them. The digit will not be shown on portal page. Underscore characters are also replaced by spaces.
</div><div class="notetip">You can also override some LLNG parameters for each chain. See <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">Parameter list</a> to have the key names to use
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [649-] --></div>
</body>
</html>

404
doc/pages/documentation/current/authcombination.html
View File

@ -1,404 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authcombination</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authcombination"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcombination.html"/>
<link rel="contents" href="authcombination.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authcombination","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#modules_declaration">Modules declaration</a></div></li>
<li class="level2"><div class="li"><a href="#rule_chain">Rule chain</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#boolean_expression">Boolean expression</a></div></li>
<li class="level3"><div class="li"><a href="#tests">Tests</a></div></li>
<li class="level3"><div class="li"><a href="#let_s_be_crazy">Let&#039;s be crazy</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#combine_second_factor">Combine second factor</a></div></li>
<li class="level2"><div class="li"><a href="#display_multiple_forms">Display multiple forms</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#known_problems">Known problems</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#federation_protocols">Federation protocols</a></div></li>
<li class="level2"><div class="li"><a href="#authapache_authentication">Auth::Apache authentication</a></div></li>
<li class="level2"><div class="li"><a href="#ssl_authentication">SSL authentication</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#migrating_from_multi">Migrating from Multi</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="combination_of_authentication_schemes">Combination of authentication schemes</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [54-118] -->
</div>
<!-- EDIT1 SECTION "Combination of authentication schemes" [1-119] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
This backend allows one to chain authentication method, for example to failback to LDAP authentication if Remote authentication failed…
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [120-284] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
You have to use <code>Combination</code> as authentication module (users module must be set to &quot;Same&quot;). Then go in <code>Combination parameters</code> to :
</p>
<ul>
<li class="level1"><div class="li"> declare the modules that will be used</div>
</li>
<li class="level1"><div class="li"> set the rule chain</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Configuration" [285-515] -->
<h3 class="sectionedit5" id="modules_declaration">Modules declaration</h3>
<div class="level3">
<p>
Each module that will be used in combination rule must be declared. You must set:
</p>
<ul>
<li class="level1"><div class="li"> the name used in the rule (a uniq string)</div>
</li>
<li class="level1"><div class="li"> the type (LDAP, <abbr title="Database Interface">DBI</abbr>,...)</div>
</li>
<li class="level1"><div class="li"> the scope:</div>
<ul>
<li class="level2"><div class="li"> authentication and user DB</div>
</li>
<li class="level2"><div class="li"> authentication only</div>
</li>
<li class="level2"><div class="li"> user DB only</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> overloaded parameters: you can redefine any LLNG string parameters. For example, if you use 2 different LDAP, the first can use normal configuration and for the second, overwritten parameter can redefine ldapServer,...</div>
</li>
</ul>
<div class="noteclassic">To overload parameters, you must select a module, add a parameter and set its value.
</div>
<p>
For example:
</p>
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Name </th><th class="col1"> Type </th><th class="col2"> Scope </th><th class="col3"> Parameters </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> DB1 </td><td class="col1"> <abbr title="Database Interface">DBI</abbr> </td><td class="col2"> Auth only </td><td class="col3"> </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> DB2 </td><td class="col1"> <abbr title="Database Interface">DBI</abbr> </td><td class="col2"> User DB only </td><td class="col3"> dbiAuthChain =&gt; &quot;mysql:...&quot; </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [1133-1256] -->
<p>
Usually, you can&#039;t declare two modules of the same type if they don&#039;t have the same parameters. For example, usually you can&#039;t declare a MySQL <abbr title="Database Interface">DBI</abbr> and a PostgreSQL <abbr title="Database Interface">DBI</abbr>, because there is no extra field for PostgreSQL parameters. Now with Combination, you can declare some overloaded parameters.
</p>
<p>
For example, if <abbr title="Database Interface">DBI</abbr> is configured to use PostgreSQL but DB2 is a MySQL DB, you can override the &quot;dbiChain&quot; parameter.
</p>
<p>
You can also override a complex key like ldapExportedVars, by setting a JSON value:
</p>
<pre class="code javascript"><span class="br0">&#123;</span><span class="st0">&quot;cn&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;cn&quot;</span><span class="sy0">,</span> <span class="st0">&quot;uid&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;sAMAccounName&quot;</span><span class="sy0">,</span> <span class="st0">&quot;mail&quot;</span> <span class="sy0">=&gt;</span> <span class="st0">&quot;mail&quot;</span><span class="br0">&#125;</span></pre>
<div class="noteimportant">If your JSON is corrupted, LLNG will use it as string and just report a warning in logs.
</div>
</div>
<!-- EDIT5 SECTION "Modules declaration" [516-1953] -->
<h3 class="sectionedit7" id="rule_chain">Rule chain</h3>
<div class="level3">
<p>
Combination allows:
</p>
<ul>
<li class="level1"><div class="li"> to chain schemes (example: <code>[LDAP] and [<abbr title="Database Interface">DBI</abbr>]</code>)</div>
</li>
<li class="level1"><div class="li"> to test different schemes (example: <code>[LDAP] or [<abbr title="Database Interface">DBI</abbr>]</code>)</div>
</li>
<li class="level1"><div class="li"> to mix schemes (example: <code>[Kerberos,LDAP] or [LDAP,LDAP]</code>)</div>
</li>
<li class="level1"><div class="li"> to choose authentication scheme depending on some request values</div>
</li>
</ul>
<p>
Each scheme must be enclose in <code>[]</code>. A comma separates auth and user DB modules. If only one value is set, the same is used for both.
</p>
</div>
<h4 id="boolean_expression">Boolean expression</h4>
<div class="level4">
<p>
Remember that schemes in rules are the names declared above.
</p>
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Example </th><th class="col1"> Explanation </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> <code>[myLDAP] or [myDBI]</code> </td><td class="col1"> If myLDAP fails, use myDBI </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> <code>[mySSL, myLDAP] or [myLDAP, myLDAP]</code> </td><td class="col1"> Try mySSL for auth and myLDAP for userDB. If fails, switch to myLDAP for both </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 leftalign"> <code>[myLDAP] or [myDBI1] or [myDBI2]</code> </td><td class="col1"> Try myLDAP, then if it fails, myDBI1, then if it fails myDBI2 </td>
</tr>
<tr class="row4 roweven">
<td class="col0 leftalign"> <code>[mySSL and myLDAP, myLDAP ]</code> </td><td class="col1"> Use mySSL and myLDAP to authentify, myLDAP to get user </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [2472-2903] --><div class="noteimportant">Note that &quot;or&quot; can&#039;t be used inside a scheme.
If you think to &quot;[mySSL or myLDAP, myLDAP]&quot;, you must write <code>[mySSL, myLDAP] or [myLDAP, myLDAP]</code>
</div><div class="table sectionedit9"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Example </th><th class="col1"> Explanation </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 leftalign"> <code>[myDBI1] and [myDBI2] or [myLDAP]</code> </td><td class="col1"> Try myDBI1 and myDBI2, if it fails, try myLDAP </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> <code>[myDBI1] and [myDBI2] or [myLDAP] and [myDBI2]</code> </td><td class="col1"> Try myDBI1 and myDBI2, if it fails, try myLDAP and myDBI2 </td>
</tr>
</table></div>
<!-- EDIT9 TABLE [3076-3320] --><div class="noteimportant">You can&#039;t use brackets in a boolean expression and &quot;and&quot; has precedence on &quot;or&quot;.
<p>
If you think to &quot;( [myLDAP] or [myDBI1] ) and [myDBI2]&quot;, you must write <code>[myLDAP] and [myDBI2] or [myDBI1] and [myDBI2]</code>
</p>
</div>
</div>
<h4 id="tests">Tests</h4>
<div class="level4">
<p>
Test can use only the <code>$env</code> variable. It contains the FastCGI environment variables.
</p>
<div class="table sectionedit10"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Example </th><th class="col1"> Explanation </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> <code>if($env-&gt;{REMOTE_ADDR} =~ /^10\./) then [myLDAP] else [mySSL, myLDAP]</code> </td><td class="col1"> If user doesn&#039;t come from 10.0.0.0/8 network, use SSL as authentication module </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> <code>if($env-&gt;{REMOTE_ADDR} =~ /^10\./) then [myLDAP] else if($env-&gt;{REMOTE_ADDR} =~ /^192/) then [myDBI1] else [myDBI2]</code> </td><td class="col1"> Chain tests </td>
</tr>
</table></div>
<!-- EDIT10 TABLE [3656-3978] --><div class="noteimportant">Note that brackets can&#039;t be used except to enclose test.
<p>
If you wants to write <code>if(...) then if...</code>, you must write <code>if(not ...) then ... else if(...)...</code>
</p>
</div>
</div>
<h4 id="let_s_be_crazy">Let&#039;s be crazy</h4>
<div class="level4">
<p>
The following rule is valid:
</p>
<p>
<code>if($env-&gt;{REMOTE_ADDR} =~ /^192\./) then [mySSL, myLDAP] or [myLDAP] else [myLDAP and myDBI, myLDAP]</code>
</p>
</div>
<!-- EDIT7 SECTION "Rule chain" [1954-4325] -->
<h3 class="sectionedit11" id="combine_second_factor">Combine second factor</h3>
<div class="level3">
<p>
Imagine you want to authenticate users either by SSL or LDAP+U2F, you can&#039;t directly write this rule: this is done in 2 steps:
</p>
<ul>
<li class="level1"><div class="li"> use this combination rule: <code>[SSL,LDAP] or [LDAP]</code></div>
</li>
<li class="level1"><div class="li"> enable U2F with this rule: <code>$_auth eq &quot;LDAP&quot;</code> or <code>$_authenticationLevel &lt; 4</code> <em>(and adapt U2F authentication level)</em></div>
</li>
</ul>
<p>
Now if you want to authenticate users either by LDAP or LDAP+U2F <em>(to have 2 different authentication level)</em>, 2 possibilities:
</p>
<ul>
<li class="level1"><div class="li"> configure 2 portals and overwrite U2F activation in the second</div>
</li>
<li class="level1"><div class="li"> Modify login template to propose the choice <em>(add a &quot;submit&quot; button that points to the second portal)</em></div>
</li>
</ul>
</div>
<!-- EDIT11 SECTION "Combine second factor" [4326-4975] -->
<h3 class="sectionedit12" id="display_multiple_forms">Display multiple forms</h3>
<div class="level3">
<p>
Combination module returns the form corresponding to the first authentication scheme available for the current request. You can force it to display the forms chosen using <code>combinationForms</code> in lemonldap-ng.ini. Example:
</p>
<pre class="code :ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">combinationForms</span> <span class="sy0">=</span><span class="re2"> standardform, openidform</span></pre>
</div>
<!-- EDIT12 SECTION "Display multiple forms" [4976-5304] -->
<h2 class="sectionedit13" id="known_problems">Known problems</h2>
<div class="level2">
</div>
<!-- EDIT13 SECTION "Known problems" [5305-5332] -->
<h3 class="sectionedit14" id="federation_protocols">Federation protocols</h3>
<div class="level3">
<p>
<a href="authsaml.html" class="wikilink1" title="documentation:2.0:authsaml">SAML</a>, <a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID-Connect</a>, <a href="authcas.html" class="wikilink1" title="documentation:2.0:authcas">CAS</a> or <a href="authopenid.html" class="wikilink1" title="documentation:2.0:authopenid">old OpenID</a> can&#039;t be chained with a &quot;and&quot; for authentication part. So &quot;[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP]&quot; isn&#039;t valid. This is because their authentication kinematic don&#039;t use the same steps.
</p>
<div class="table sectionedit15"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Bad expression </th><th class="col1 centeralign"> Solution </th><th class="col2 centeralign"> Explanation </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> <em><code>[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP]</code></em> </td><td class="col1"> <code>[<abbr title="Security Assertion Markup Language">SAML</abbr>, <abbr title="Security Assertion Markup Language">SAML</abbr> and LDAP]</code> </td><td class="col2"> Authentication is done by <abbr title="Security Assertion Markup Language">SAML</abbr> only but user must match an LDAP entry </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> <em><code>[<abbr title="Security Assertion Markup Language">SAML</abbr>] and [LDAP] or [LDAP]</code></em> </td><td class="col1"> <code>[<abbr title="Security Assertion Markup Language">SAML</abbr>, <abbr title="Security Assertion Markup Language">SAML</abbr> and LDAP] or [LDAP]</code> </td><td class="col2"> Authentication is done by <abbr title="Security Assertion Markup Language">SAML</abbr> or LDAP but user must match an LDAP entry </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [5632-5964] -->
</div>
<!-- EDIT14 SECTION "Federation protocols" [5333-5965] -->
<h3 class="sectionedit16" id="authapache_authentication">Auth::Apache authentication</h3>
<div class="level3">
<p>
When using this module, <abbr title="LemonLDAP::NG">LL::NG</abbr> portal will be called only if Apache does not return &quot;401 Authentication required&quot;, but this is not the Apache behaviour: if the auth module fails, Apache returns 401. So it can be used only with a &quot;and&quot; boolean expression.
</p>
<div class="notetip">The new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos authentication module</a> solve this for Kerberos: you just have to use it instead of Apache and enable authentication by Ajax in Kerberos parameters.
</div>
<p>
Example: <code>[ Apache and LDAP, LDAP ]</code>
</p>
<p>
To bypass this, follow the documentation of <a href="authapache.html" class="wikilink1" title="documentation:2.0:authapache">AuthApache module</a>
</p>
</div>
<!-- EDIT16 SECTION "Auth::Apache authentication" [5966-6577] -->
<h3 class="sectionedit17" id="ssl_authentication">SSL authentication</h3>
<div class="level3">
<p>
To chain SSL, you have to set &quot;SSLRequire optional&quot; in Apache configuration, else users will be authenticated by SSL only.
</p>
</div>
<!-- EDIT17 SECTION "SSL authentication" [6578-6731] -->
<h2 class="sectionedit18" id="migrating_from_multi">Migrating from Multi</h2>
<div class="level2">
<p>
Old <a href="documentation/1.9/authmulti.html" class="wikilink1" title="documentation:1.9:authmulti">Multiple backends stack</a> implemented only `if` and `or` keywords. Examples:
</p>
<div class="table sectionedit19"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Multi expressions </th><th class="col1 centeralign"> Combination </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <code>LDAP;<abbr title="Database Interface">DBI</abbr></code> </td><td class="col1 centeralign"> <code>[myLDAP] or [myDBI]</code> </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <code><abbr title="Database Interface">DBI</abbr> $ENV{REMOTE_ADDR}=~/^192/;LDAP $ENV{REMOTE_ADDR}!~/^192/</code> </td><td class="col1 centeralign"> <code>if $env-&gt;{REMOTE_ADDR} then [myDBI] else [myLDAP]</code> </td>
</tr>
</table></div>
<!-- EDIT19 TABLE [6878-7093] -->
</div>
<!-- EDIT18 SECTION "Migrating from Multi" [6732-] --></div>
</body>
</html>

103
doc/pages/documentation/current/authcustom.html
View File

@ -1,103 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authcustom.html"/>
<link rel="contents" href="authcustom.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authcustom","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="custom_authentication_modules">Custom authentication modules</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [46-115] -->
</div>
<!-- EDIT1 SECTION "Custom authentication modules" [1-116] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
This artifact allows one to define its own modules (authentication, user database, password or register database).
</p>
<div class="notetip">The developer documentation is available in Portal manpages. See Auth.pod and UserDB.pod
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [117-365] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose &#039;Custom module&#039;.
</p>
<p>
Then, you just have to define class names of your custom modules in &quot;Custom module names&quot;. Custom parameters can be set in &quot;Additional parameters&quot;. Full path must be specify.
</p>
<p>
You can define your own customAuth module icon. Icon must be in site/htdocs/static/common/modules/icon.png
</p>
<div class="notetip">::Auth::My::Dev.pm means Lemonldap::NG::Portal::Auth::My::Dev
</div><div class="noteimportant">Be careful. Don&#039; t use an already attributed name in configuration.
</div>
<p>
These parameters are available in your plugins using <code>$self-&gt;conf-&gt;{customAddParams}-&gt;{<em>customName</em>}</code>.
</p>
<p>
Read portal manpages to see how to write these plugins.
</p>
</div>
<!-- EDIT4 SECTION "Configuration" [366-] --></div>
</body>
</html>

330
doc/pages/documentation/current/authdbi.html
View File

@ -1,330 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authdbi</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authdbi"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authdbi.html"/>
<link rel="contents" href="authdbi.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authdbi","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#drivers">Drivers</a></div></li>
<li class="level2"><div class="li"><a href="#schema">Schema</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#example_1two_tables">Example 1: two tables</a></div></li>
<li class="level3"><div class="li"><a href="#example_2single_table">Example 2: single table</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#sql">SQL</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#authentication_level">Authentication level</a></div></li>
<li class="level2"><div class="li"><a href="#exported_variables">Exported variables</a></div></li>
<li class="level2"><div class="li"><a href="#connection">Connection</a></div></li>
<li class="level2"><div class="li"><a href="#schema1">Schema</a></div></li>
<li class="level2"><div class="li"><a href="#password">Password</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="databases">Databases</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [26-95] -->
</div>
<!-- EDIT1 SECTION "Databases" [1-96] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Presentation" [97-122] -->
<h3 class="sectionedit4" id="drivers">Drivers</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use a lot of databases as authentication, users and password backend:
</p>
<ul>
<li class="level1"><div class="li"> MariaDB/MySQL</div>
</li>
<li class="level1"><div class="li"> PostGreSQL</div>
</li>
<li class="level1"><div class="li"> Oracle</div>
</li>
<li class="level1"><div class="li"> ...</div>
</li>
</ul>
<p>
Indeed, any <a href="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=module" class="urlextern" title="http://search.cpan.org/search?query=DBD%3A%3A&amp;mode=module" rel="nofollow">Perl DBD driver</a> can be used.
</p>
</div>
<!-- EDIT4 SECTION "Drivers" [123-379] -->
<h3 class="sectionedit5" id="schema">Schema</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use two tables:
</p>
<ul>
<li class="level1"><div class="li"> Authentication table: where login and password are stored</div>
</li>
<li class="level1"><div class="li"> User table: where user data are stored (mail, name, etc.)</div>
</li>
</ul>
<div class="notetip">Authentication table and user table can be the same.
</div>
<p>
The password can be in plain text, or encoded with a standard SQL method:
</p>
<ul>
<li class="level1"><div class="li"> SHA</div>
</li>
<li class="level1"><div class="li"> SHA1</div>
</li>
<li class="level1"><div class="li"> MD5</div>
</li>
</ul>
</div>
<h4 id="example_1two_tables">Example 1: two tables</h4>
<div class="level4">
</div>
<h5 id="authentication_table">Authentication table</h5>
<div class="level5">
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> login </th><th class="col2"> password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [780-985] -->
</div>
<h5 id="user_table">User table</h5>
<div class="level5">
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> user </th><th class="col2"> name </th><th class="col3"> mail </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> Clément OUDOT </td><td class="col3"> coudot@example.com </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> tchemineau </td><td class="col2"> Thomas CHEMINEAU </td><td class="col3"> tchemineau@example.com </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> Xavier GUIMARD </td><td class="col3"> xguimard@example.com </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [1005-1205] -->
</div>
<h4 id="example_2single_table">Example 2: single table</h4>
<div class="level4">
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> id </th><th class="col1"> user </th><th class="col2"> password </th><th class="col3"> name </th><th class="col4"> mail </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> 0 </td><td class="col1"> coudot </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td><td class="col3"> Clément OUDOT </td><td class="col4"> coudot@example.com </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> 1 </td><td class="col1"> tchemineau </td><td class="col2"> 1f777a6581e478499f4284e54fe2d4a4e513dfff </td><td class="col3"> Thomas CHEMINEAU </td><td class="col4"> tchemineau@example.com </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> 2 </td><td class="col1"> xguimard </td><td class="col2"> a15a18c8bb17e6f67886a9af1898c018b9f5a072 </td><td class="col3"> Xavier GUIMARD </td><td class="col4"> xguimard@example.com </td>
</tr>
</table></div>
<!-- EDIT8 TABLE [1240-1580] -->
</div>
<!-- EDIT5 SECTION "Schema" [380-1581] -->
<h3 class="sectionedit9" id="sql">SQL</h3>
<div class="level3">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> will operate some SQL queries:
</p>
<ul>
<li class="level1"><div class="li"> Authentication: select row in authentication table matching user and password</div>
</li>
<li class="level1"><div class="li"> Search user: select row in user table matching user</div>
</li>
<li class="level1"><div class="li"> Change password: update password column in authentication table matching user</div>
</li>
</ul>
</div>
<!-- EDIT9 SECTION "SQL" [1582-1855] -->
<h2 class="sectionedit10" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Database (<abbr title="Database Interface">DBI</abbr>) for authentication, users and/or password modules.
</p>
</div>
<!-- EDIT10 SECTION "Configuration" [1856-2030] -->
<h3 class="sectionedit11" id="authentication_level">Authentication level</h3>
<div class="level3">
<p>
The authentication level given to users authenticated with this module.
</p>
<div class="noteimportant">As <abbr title="Database Interface">DBI</abbr> is a login/password based module, the authentication level can be:<ul>
<li class="level1"><div class="li"> increased (+1) if portal is protected by SSL (HTTPS)</div>
</li>
<li class="level1"><div class="li"> decreased (-1) if the portal autocompletion is allowed (see <a href="portalcustom.html" class="wikilink1" title="documentation:2.0:portalcustom">portal customization</a>)</div>
</li>
</ul>
</div>
</div>
<!-- EDIT11 SECTION "Authentication level" [2031-2395] -->
<h3 class="sectionedit12" id="exported_variables">Exported variables</h3>
<div class="level3">
<p>
List of columns to query to fill user session. See also <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables configuration</a>.
</p>
</div>
<!-- EDIT12 SECTION "Exported variables" [2396-2533] -->
<h3 class="sectionedit13" id="connection">Connection</h3>
<div class="level3">
<div class="notetip">Connection settings can be configured differently for authentication process and user process. This allows one to use different databases for these process. By default, if user process connection settings are empty, authentication process connection settings will be used.
</div><ul>
<li class="level1"><div class="li"> <strong>Chain</strong>: <abbr title="Database Interface">DBI</abbr> chain, including database driver name and database name (for example: dbi:mysql:database=lemonldapng;host=localhost).</div>
</li>
<li class="level1"><div class="li"> <strong>User</strong>: Connection user</div>
</li>
<li class="level1"><div class="li"> <strong>Password</strong>: Connection password</div>
</li>
</ul>
</div>
<!-- EDIT13 SECTION "Connection" [2534-3052] -->
<h3 class="sectionedit14" id="schema1">Schema</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Authentication table</strong>: authentication table name</div>
</li>
<li class="level1"><div class="li"> <strong>User table</strong>: user table name</div>
</li>
<li class="level1"><div class="li"> <strong>Login field name</strong>: name of authentication table column hosting login</div>
</li>
<li class="level1"><div class="li"> <strong>Password field name</strong>: name of authentication table column hosting password</div>
</li>
<li class="level1"><div class="li"> <strong>Mail field name</strong>: name of authentication table column hosting mail (for password reset)</div>
</li>
<li class="level1"><div class="li"> <strong>Login field name in user table</strong>: name of user table column hosting login</div>
</li>
</ul>
</div>
<!-- EDIT14 SECTION "Schema" [3053-3496] -->
<h3 class="sectionedit15" id="password">Password</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Hash schema</strong>: SQL method for hashing password. Can be left blank for plain text passwords.</div>
</li>
<li class="level1"><div class="li"> <strong>Dynamic hash activation</strong>: Activate dynamic hashing. With dynamic hashing, the hash scheme is recovered from the user password in the database during authentication.</div>
</li>
<li class="level1"><div class="li"> <strong>Supported non-salted schemes</strong>: List of whitespace separated hash schemes. Every hash scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. These hashes MUST NOT be salted (no random data used in conjunction with the password).</div>
</li>
<li class="level1"><div class="li"> <strong>Supported salted schemes</strong>: List of whitespace separated salted hash schemes, of the form &quot;<strong>s</strong>scheme&quot;, where scheme MUST match a non-salted hash function in the database. LemonLDAP::NG relies on this hashing function for computing user password hashes. Salted and non-salted scheme lists are not necessarily equivalent. (for example: non-salted=&quot;sha256&quot; and salted=&quot;ssha ssha512&quot; is valid)</div>
</li>
<li class="level1"><div class="li"> <strong>Dynamic hash scheme for new passwords</strong>: LemonLDAP::NG is able to store new passwords in the database (while modifying or reinitializing the password). You can choose a salted or non salted dynamic hashed password. The value must be an element of &quot;Supported non-salted schemes&quot; or &quot;Supported salted schemes&quot;.</div>
</li>
</ul>
<div class="noteimportant">The SQL function MUST have hexadecimal values as input AND output
</div><div class="notetip">Here is an example for creating a postgreSQL SHA256 function.
1. Install postgresql-contrib.
2. Activate extension: <pre class="code">CREATE EXTENSION pgcrypto;</pre>
<p>
3. Create the hash function:
</p>
<pre class="code">CREATE OR REPLACE FUNCTION sha256(varchar) returns text AS $$
SELECT encode(digest(decode($1, &#039;hex&#039;), &#039;sha256&#039;), &#039;hex&#039;)
$$ LANGUAGE SQL STRICT IMMUTABLE;</pre>
</div>
</div>
<!-- EDIT15 SECTION "Password" [3497-] --></div>
</body>
</html>

111
doc/pages/documentation/current/authdemo.html
View File

@ -1,111 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authdemo</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authdemo"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authdemo.html"/>
<link rel="contents" href="authdemo.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authdemo","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="demonstration">Demonstration</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [30-99] -->
</div>
<!-- EDIT1 SECTION "Demonstration" [1-100] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
This mode allow one to test LemonLDAP::NG without any third-party software.
</p>
<div class="notewarning">This mode must not be used for other purpose than test and demonstration!
</div>
<p>
Demonstration backend has hard coded user accounts:
</p>
<div class="table sectionedit4"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Login </th><th class="col1 centeralign"> Password </th><th class="col2 centeralign"> Mail </th><th class="col3 centeralign"> Role </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> rtyler </td><td class="col1 centeralign"> rtyler </td><td class="col2 centeralign"> rtyler@badwolf.org </td><td class="col3 centeralign"> user </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> msmith </td><td class="col1 centeralign"> msmith </td><td class="col2 centeralign"> msmith@badwolf.org </td><td class="col3 centeralign"> user </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> dwho </td><td class="col1 centeralign"> dwho </td><td class="col2 centeralign"> dwho@badwolf.org </td><td class="col3 centeralign"> administrator </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [353-566] --><div class="noteclassic">As you may have guessed, these accounts are famous characters from the TV show <a href="http://en.wikipedia.org/wiki/Doctor_Who" class="urlextern" title="http://en.wikipedia.org/wiki/Doctor_Who" rel="nofollow">Doctor Who</a>.
</div>
<p>
The AuthDemo and UserDBDemo will allow you to log in and get the standard attributes (uid, cn and mail). The PasswordDBDemo will allow you to change the password with some basic checks, but as the data are hard coded, the password will never be really changed.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [101-978] -->
<h2 class="sectionedit5" id="configuration">Configuration</h2>
<div class="level2">
<p>
Select Demonstration for authentication, user and password backend.
</p>
<p>
You can also modify list of exported variables. Only uid, cn and mail attributes are available. See also <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables configuration</a>.
</p>
</div>
<!-- EDIT5 SECTION "Configuration" [979-] --></div>
</body>
</html>

133
doc/pages/documentation/current/authfacebook.html
View File

@ -1,133 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authfacebook</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authfacebook"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authfacebook.html"/>
<link rel="contents" href="authfacebook.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authfacebook","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="facebook">Facebook</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [25-88] -->
</div>
<!-- EDIT1 SECTION "Facebook" [1-89] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://facebook.com" class="urlextern" title="http://facebook.com" rel="nofollow">Facebook</a> is a famous social network service. Facebook uses <a href="http://en.wikipedia.org/wiki/OAuth2" class="urlextern" title="http://en.wikipedia.org/wiki/OAuth2" rel="nofollow">OAuth2</a> protocol to allow applications to reuse its own authentication process (it means, if your are connected to Facebook, other applications can trust Facebook and let you in).
</p>
<p>
You need <a href="https://metacpan.org/release/Net-Facebook-Oauth2" class="urlextern" title="https://metacpan.org/release/Net-Facebook-Oauth2" rel="nofollow">Net::Facebook::Oauth2</a> package.
</p>
<p>
You need to register a new application on Facebook to get an application ID and a secret. See <a href="https://developers.facebook.com/apps" class="urlextern" title="https://developers.facebook.com/apps" rel="nofollow">https://developers.facebook.com/apps</a> on how to do that.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [90-667] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Facebook for authentication module. You can also use Facebook as user database.
</p>
<p>
Then, go in <code>Facebook parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong>Facebook application ID</strong>: the application ID you get</div>
</li>
<li class="level1"><div class="li"> <strong>Facebook application secret</strong>: the corresponding secret</div>
</li>
<li class="level1"><div class="li"> <strong>User field</strong>: Facebook field that will be used as default user identifier</div>
</li>
</ul>
<p>
If you use Facebook as user database, declare values in exported variables:
</p>
<ul>
<li class="level1"><div class="li"> use any key name you want. If you want to refuse access when a data is missing, just add a &quot;!&quot; before the key name</div>
</li>
<li class="level1"><div class="li"> in the value field, set the field name. You can show them using <a href="https://developers.facebook.com/tools/explorer" class="urlextern" title="https://developers.facebook.com/tools/explorer" rel="nofollow">Facebook Graph API explorer</a> and have a list of supported fields in the <a href="https://developers.facebook.com/docs/graph-api/reference/user/" class="urlextern" title="https://developers.facebook.com/docs/graph-api/reference/user/" rel="nofollow">Graph API User reference</a>. For example:</div>
<ul>
<li class="level2"><div class="li"> cn =&gt; name</div>
</li>
<li class="level2"><div class="li"> mail =&gt; email</div>
</li>
<li class="level2"><div class="li"> sn =&gt; last_name</div>
</li>
</ul>
</li>
</ul>
<div class="noteimportant">Do not query user field in exported variables, as it is already registered by the authentication module in <code>$_user</code>.
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div><div class="notetip">You can use the same Facebook access token in your applications. It is stored in session datas under the name <code>$_facebookToken</code>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [668-] --></div>
</body>
</html>

112
doc/pages/documentation/current/authgithub.html
View File

@ -1,112 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authgithub</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authgithub"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authgithub.html"/>
<link rel="contents" href="authgithub.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authgithub","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="github">GitHub</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 leftalign"> </td><td class="col2 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [23-82] -->
</div>
<!-- EDIT1 SECTION "GitHub" [1-83] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://github.com/" class="urlextern" title="https://github.com/" rel="nofollow">GitHub</a> uses <a href="http://en.wikipedia.org/wiki/OAuth2" class="urlextern" title="http://en.wikipedia.org/wiki/OAuth2" rel="nofollow">OAuth2</a> protocol to allow applications to reuse its own authentication process (see <a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/" class="urlextern" title="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/" rel="nofollow">https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/</a>).
</p>
<p>
You need to register a new application on LinkedIn to get an application ID and a secret: <a href="https://github.com/settings/apps/new" class="urlextern" title="https://github.com/settings/apps/new" rel="nofollow">https://github.com/settings/apps/new</a>.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [84-486] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose GitHub for authentication module.
</p>
<p>
Then, go in <code>GitHub parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong>Client ID</strong>: the application ID you get</div>
</li>
<li class="level1"><div class="li"> <strong>Client secret</strong>: the corresponding secret</div>
</li>
<li class="level1"><div class="li"> <strong>Field containing user identifier</strong>: Field that will be used as main user identifier in <abbr title="LemonLDAP::NG">LL::NG</abbr>, usually <code>login</code> </div>
</li>
<li class="level1"><div class="li"> <strong>Scope</strong>: OAuth 2.0 scopes, see <a href="https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/" class="urlextern" title="https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/" rel="nofollow">https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/</a></div>
</li>
</ul>
<div class="notetip">Collected fields are stored in session in <code>github_</code> keys
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in:
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [487-] --></div>
</body>
</html>

92
doc/pages/documentation/current/authgpg.html
View File

@ -1,92 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authgpg</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authgpg"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authgpg.html"/>
<link rel="contents" href="authgpg.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authgpg","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="databases">Databases</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 leftalign"> </td><td class="col2 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [26-89] -->
</div>
<!-- EDIT1 SECTION "Databases" [1-90] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
LLNG can use GPG to authenticate users. It is not useful for day-to-day authentication but can be used for example if user has lost his password. The login form will ask user to sign a challenge and post result.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [91-329] -->
<h3 class="sectionedit4" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose GPG for authentication, users and/or password modules. Then you just have to set GPG database. For example <code>/usr/share/keyrings/debian-keyring.gpg</code>
</p>
<div class="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code>GPG parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module</div>
</li>
<li class="level1"><div class="li"> <strong>GPG database</strong>: database to store users GPG public key</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Configuration of LemonLDAP::NG" [330-] --></div>
</body>
</html>

154
doc/pages/documentation/current/authkerberos.html
View File

@ -1,154 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authkerberos</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authkerberos"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authkerberos.html"/>
<link rel="contents" href="authkerberos.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authkerberos","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#llng_configuration">LLNG Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#kerberos_configuration">Kerberos configuration</a></div></li>
<li class="level2"><div class="li"><a href="#web_server_kerberos_module">Web Server Kerberos module</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="kerberos">Kerberos</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [24-81] -->
</div>
<!-- EDIT1 SECTION "Kerberos" [1-82] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://en.wikipedia.org/wiki/Kerberos_(protocol)" class="urlextern" title="https://en.wikipedia.org/wiki/Kerberos_(protocol)" rel="nofollow">Kerberos</a> is a network authentication protocol used to authenticate users based on their desktop session.
</p>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> uses GSSAPI module to validate Kerberos ticket against a local keytab.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [83-347] -->
<h2 class="sectionedit4" id="llng_configuration">LLNG Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Kerberos for authentication. Then go to &quot;Kerberos parameters&quot; and configure the following parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>keytab file</strong> (required): the Kerberos keytab file</div>
</li>
<li class="level1"><div class="li"> <strong>Use Ajax request</strong>: set to &quot;enabled&quot; if you want to use an Ajax request instead of a direct Kerberos attempt. <strong>This is required if you want to chain Kerberos in a <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">combination</a></strong></div>
</li>
<li class="level1"><div class="li"> <strong>Kerberos authentication level</strong>: default to 3</div>
</li>
<li class="level1"><div class="li"> <strong>Use Web Server Kerberos module</strong>: set to &quot;enabled&quot; to use the Web Server module (for example Apache mod_auth_kerb) instead of Perl Kerberos code to validate Kerberos ticket</div>
</li>
<li class="level1"><div class="li"> <strong>Remove domain in username</strong>: set to &quot;enabled&quot; to strip username value and remove the &#039;@domain&#039;.</div>
</li>
</ul>
<div class="noteimportant"><ul>
<li class="level1"><div class="li"> Due to a perl GSSAPI issue, you may need to copy the keytab in /etc/krb5.keytab which is the default location hardcoded in the library</div>
</li>
<li class="level1"><div class="li"> As Kerberos ticket is passed inside Authorization header, you may need to set CGIPassAuth on in Apache <em>(with old Apache, use <code>RewriteCond %{HTTP:Authorization}</code> followed by <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]</code>)</em></div>
</li>
</ul>
</div>
</div>
<!-- EDIT4 SECTION "LLNG Configuration" [348-1572] -->
<h3 class="sectionedit5" id="kerberos_configuration">Kerberos configuration</h3>
<div class="level3">
<p>
The Kerberos configuration is quite complex. You can find some configuration tips <a href="kerberos.html" class="wikilink1" title="documentation:2.0:kerberos">on this page</a>.
</p>
</div>
<!-- EDIT5 SECTION "Kerberos configuration" [1573-1716] -->
<h3 class="sectionedit6" id="web_server_kerberos_module">Web Server Kerberos module</h3>
<div class="level3">
<p>
If you want to let Web Server Kerberos module validates the Kerberos ticket, set the according option to &quot;enabled&quot; and configure the portal virtual host to launch the module if &quot;kerberos&quot; GET parameter is in the request.
</p>
<p>
Example with Apache and mod_auth_kerb:
</p>
<pre class="code file apache"> &lt;If <span class="st0">&quot;%{QUERY_STRING} =~ /kerberos=/&quot;</span>&gt;
&lt;<span class="kw3">IfModule</span> auth_kerb_module&gt;
<span class="kw1">AuthType</span> Kerberos
KrbMethodNegotiate <span class="kw2">On</span>
KrbMethodK5Passwd <span class="kw2">Off</span>
KrbAuthRealms EXAMPLE.COM
Krb5KeyTab /etc/lemonldap-ng/auth.keytab
KrbVerifyKDC <span class="kw2">On</span>
KrbServiceName Any
<span class="kw1">require</span> valid-<span class="kw1">user</span>
&lt;/<span class="kw3">IfModule</span>&gt;
&lt;/If&gt;</pre>
</div>
<!-- EDIT6 SECTION "Web Server Kerberos module" [1717-] --></div>
</body>
</html>

272
doc/pages/documentation/current/authldap.html
View File

@ -1,272 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authldap</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authldap"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authldap.html"/>
<link rel="contents" href="authldap.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authldap","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#authentication_level">Authentication level</a></div></li>
<li class="level2"><div class="li"><a href="#exported_variables">Exported variables</a></div></li>
<li class="level2"><div class="li"><a href="#connection">Connection</a></div></li>
<li class="level2"><div class="li"><a href="#filters">Filters</a></div></li>
<li class="level2"><div class="li"><a href="#groups">Groups</a></div></li>
<li class="level2"><div class="li"><a href="#password">Password</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="ldap">LDAP</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [21-90] -->
</div>
<!-- EDIT1 SECTION "LDAP" [1-91] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use an LDAP directory to:
</p>
<ul>
<li class="level1"><div class="li"> authenticate user</div>
</li>
<li class="level1"><div class="li"> get user attributes</div>
</li>
<li class="level1"><div class="li"> get groups where user is registered</div>
</li>
<li class="level1"><div class="li"> change password (with server side password policy management)</div>
</li>
</ul>
<p>
This works with every LDAP v2 or v3 server, including <a href="authad.html" class="wikilink1" title="documentation:2.0:authad">Active Directory</a>.
</p>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> is compatible with <a href="https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt" class="urlextern" title="https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt" rel="nofollow">LDAP password policy</a>:
</p>
<ul>
<li class="level1"><div class="li"> LDAP server can check password strength, and <abbr title="LemonLDAP::NG">LL::NG</abbr> portal will display correct errors (password too short, password in history, etc.)</div>
</li>
<li class="level1"><div class="li"> LDAP sever can block brute-force attacks, and <abbr title="LemonLDAP::NG">LL::NG</abbr> will display that account is locked</div>
</li>
<li class="level1"><div class="li"> LDAP server can force password change on first connection, and <abbr title="LemonLDAP::NG">LL::NG</abbr> portal will display a password change form before opening <abbr title="Single Sign On">SSO</abbr> session</div>
</li>
</ul>
</div>
<!-- EDIT3 SECTION "Presentation" [92-903] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose LDAP for authentication, users and/or password modules.
</p>
<div class="notetip">For <a href="authad.html" class="wikilink1" title="documentation:2.0:authad">Active Directory</a>, choose <code>Active Directory</code> instead of <code>LDAP</code>.
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [904-1169] -->
<h3 class="sectionedit5" id="authentication_level">Authentication level</h3>
<div class="level3">
<p>
The authentication level given to users authenticated with this module.
</p>
<div class="noteimportant">As LDAP is a login/password based module, the authentication level can be:<ul>
<li class="level1"><div class="li"> increased (+1) if portal is protected by SSL (HTTPS)</div>
</li>
<li class="level1"><div class="li"> decreased (-1) if the portal autocompletion is allowed (see <a href="portalcustom.html" class="wikilink1" title="documentation:2.0:portalcustom">portal customization</a>)</div>
</li>
</ul>
</div>
</div>
<!-- EDIT5 SECTION "Authentication level" [1170-1535] -->
<h3 class="sectionedit6" id="exported_variables">Exported variables</h3>
<div class="level3">
<p>
List of attributes to query to fill user session. See also <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables configuration</a>.
</p>
</div>
<!-- EDIT6 SECTION "Exported variables" [1536-1676] -->
<h3 class="sectionedit7" id="connection">Connection</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Server host</strong>: LDAP server hostname or <abbr title="Uniform Resource Identifier">URI</abbr> (by default: localhost). Accept some specificities:</div>
<ul>
<li class="level2"><div class="li"> More than one server can be set here separated by spaces or commas. They will be tested in the specified order.</div>
</li>
<li class="level2"><div class="li"> To use TLS, set <code>ldap+tls://server</code> and to use LDAPS, set <code>ldaps://server</code> instead of server name.</div>
</li>
<li class="level2"><div class="li"> If you use TLS, you can set any of the <a href="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" class="urlextern" title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" rel="nofollow">Net::LDAP</a> start_tls() sub like <code>ldap+tls://server/verify=none&amp;capath=/etc/ssl</code>. You can also use cafile and capath parameters.</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Server port</strong>: TCP port used by LDAP server. Can be overridden by an LDAP <abbr title="Uniform Resource Identifier">URI</abbr> in server host.</div>
</li>
<li class="level1"><div class="li"> <strong>Users search base</strong>: Base of search in the LDAP directory.</div>
</li>
<li class="level1"><div class="li"> <strong>Account</strong>: <abbr title="Distinguished Name">DN</abbr> used to connect to LDAP server. By default, anonymous bind is used.</div>
</li>
<li class="level1"><div class="li"> <strong>Password</strong>: password to used to connect to LDAP server. By default, anonymous bind is used.</div>
</li>
<li class="level1"><div class="li"> <strong>Timeout</strong>: server idle timeout.</div>
</li>
<li class="level1"><div class="li"> <strong>Version</strong>: LDAP protocol version.</div>
</li>
<li class="level1"><div class="li"> <strong>Binary attributes</strong>: regular expression matching binary attributes (see <a href="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" class="urlextern" title="http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP.pod" rel="nofollow">Net::LDAP</a> documentation).</div>
</li>
</ul>
<div class="noteimportant">LemonLDAP::NG need anonymous access to LDAP Directory RootDSE in order to check LDAP connection.
</div>
</div>
<!-- EDIT7 SECTION "Connection" [1677-2988] -->
<h3 class="sectionedit8" id="filters">Filters</h3>
<div class="level3">
<div class="notetip">In LDAP filters, $user is replaced by user login, and $mail by user email.
</div><ul>
<li class="level1"><div class="li"> <strong>Default filter</strong>: default LDAP filter for searches, should not be modified.</div>
</li>
<li class="level1"><div class="li"> <strong>Authentication filter</strong>: Filter to find user from its login (default: <code>(&amp;(uid=$user)(objectClass=inetOrgPerson))</code>)</div>
</li>
<li class="level1"><div class="li"> <strong>Mail filter</strong>: Filter to find user from its mail (default: <code>(&amp;(mail=$mail)(objectClass=inetOrgPerson))</code>)</div>
</li>
<li class="level1"><div class="li"> <strong>Alias dereference</strong>: How to manage LDAP aliases. (default: <code>find</code>)</div>
</li>
</ul>
<div class="notetip">For Active Directory, the default authentication filter is:
<pre class="code">(&amp;(sAMAccountName=$user)(objectClass=person))</pre>
<p>
And the mail filter is:
</p>
<pre class="code">(&amp;(mail=$mail)(objectClass=person))</pre>
</div>
</div>
<!-- EDIT8 SECTION "Filters" [2989-3710] -->
<h3 class="sectionedit9" id="groups">Groups</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Search base</strong>: <abbr title="Distinguished Name">DN</abbr> of groups branch. If no value, disable group searching.</div>
</li>
<li class="level1"><div class="li"> <strong>Object class</strong>: objectClass of the groups (default: groupOfNames).</div>
</li>
<li class="level1"><div class="li"> <strong>Target attribute</strong>: name of the attribute in the groups storing the link to the user (default: member).</div>
</li>
<li class="level1"><div class="li"> <strong>User source attribute</strong>: name of the attribute in users entries used in the link (default: dn).</div>
</li>
<li class="level1"><div class="li"> <strong>Searched attributes</strong>: name(s) of the attribute storing the name of the group, spaces separated (default: cn).</div>
</li>
<li class="level1"><div class="li"> <strong>Decode searched value</strong>: with Active Directory, member <abbr title="Distinguished Name">DN</abbr> value is sometimes bad decoded and groups are not found, activate this option to force value decoding.</div>
</li>
<li class="level1"><div class="li"> <strong>Recursive</strong>: activate recursive group functionality (default: 0). If enabled, if the user group is a member of another group (group of groups), all parents groups will be stored as user&#039;s groups.</div>
</li>
<li class="level1"><div class="li"> <strong>Group source attribute</strong>: name of the attribute in groups entries used in the link, for recursive group search (default: dn).</div>
</li>
</ul>
<div class="noteclassic">The groups that the user belongs to are available as <code>$groups</code> and <code>%hGroups</code>, as documented <a href="exportedvars.html#extend_variables_using_macros_and_groups" class="wikilink1" title="documentation:2.0:exportedvars">here</a>
</div><div class="noteimportant">If your LDAP countains over a thousand groups, you should avoid using group processing, check out <a href="performances.html#ldap_performances" class="wikilink1" title="documentation:2.0:performances">the performance page</a> for alternatives
</div>
</div>
<!-- EDIT9 SECTION "Groups" [3711-5086] -->
<h3 class="sectionedit10" id="password">Password</h3>
<div class="level3">
<ul>
<li class="level1"><div class="li"> <strong>Password policy control</strong>: enable to use LDAP password policy. This requires at least Net::LDAP 0.38. (see ppolicy workflow below)</div>
</li>
<li class="level1"><div class="li"> <strong>Password modify extended operation</strong>: enable to use the LDAP extended operation <code>password modify</code> instead of standard modify operation.</div>
</li>
<li class="level1"><div class="li"> <strong>Change as user</strong>: enable to perform password modification with credentials of connected user. This requires to request user old password (see <a href="portalcustom.html" class="wikilink1" title="documentation:2.0:portalcustom">portal customization</a>).</div>
</li>
<li class="level1"><div class="li"> <strong>LDAP password encoding</strong>: can allow one to manage old LDAP servers using specific encoding for passwords (default: utf-8).</div>
</li>
<li class="level1"><div class="li"> <strong>Use reset attribute</strong>: enable to use the password reset attribute. This attribute is set by LemonLDAP::NG when <a href="resetpassword.html" class="wikilink1" title="documentation:2.0:resetpassword">password was reset by mail</a> and the user choose to generate the password (default: enabled).</div>
</li>
<li class="level1"><div class="li"> <strong>Reset attribute</strong>: name of password reset attribute (default: pwdReset).</div>
</li>
<li class="level1"><div class="li"> <strong>Reset value</strong>: value to set in reset attribute to activate password reset (default: TRUE).</div>
</li>
<li class="level1"><div class="li"> <strong>Allow a user to reset his expired password</strong>: if activated, the user will be prompted to change password if his password is expired (default: 0)</div>
</li>
<li class="level1"><div class="li"> <strong>IBM Tivoli DS support</strong>: enable this option if you use ITDS. <abbr title="LemonLDAP::NG">LL::NG</abbr> will then scan error message to return a more precise error to the user.</div>
</li>
</ul>
<p>
<div class="row"><div class="col-md-6">
<strong>Password expiration warning workflow</strong>
<a href="documentation/lemonldap-ng-password-expiration-warning.png_documentation_2.0_authldap.html" class="media" title="documentation:lemonldap-ng-password-expiration-warning.png"><img src="documentation/lemonldap-ng-password-expiration-warning.png" class="media" alt="" /></a>
</div>
<div class="col-md-6">
<strong>Password expiration workflow</strong>
<a href="documentation/lemonldap-ng-password-expired.png_documentation_2.0_authldap.html" class="media" title="documentation:lemonldap-ng-password-expired.png"><img src="documentation/lemonldap-ng-password-expired.png" class="media" alt="" /></a>
</div></div>
</p>
</div>
<!-- EDIT10 SECTION "Password" [5087-] --></div>
</body>
</html>

114
doc/pages/documentation/current/authlinkedin.html
View File

@ -1,114 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authlinkedin</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authlinkedin"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authlinkedin.html"/>
<link rel="contents" href="authlinkedin.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authlinkedin","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="linkedin">LinkedIn</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 leftalign"> </td><td class="col2 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [25-84] -->
</div>
<!-- EDIT1 SECTION "LinkedIn" [1-85] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://www.linkedin.com/" class="urlextern" title="https://www.linkedin.com/" rel="nofollow">LinkedIn</a> is a professional social network. It uses <a href="http://en.wikipedia.org/wiki/OAuth2" class="urlextern" title="http://en.wikipedia.org/wiki/OAuth2" rel="nofollow">OAuth2</a> protocol to allow applications to reuse its own authentication process (see <a href="https://developer.linkedin.com/docs/oauth2" class="urlextern" title="https://developer.linkedin.com/docs/oauth2" rel="nofollow">https://developer.linkedin.com/docs/oauth2</a>).
</p>
<p>
You need to register a new application on LinkedIn to get an application ID and a secret. See <a href="https://www.linkedin.com/developer/apps/" class="urlextern" title="https://www.linkedin.com/developer/apps/" rel="nofollow">https://www.linkedin.com/developer/apps/</a> on how to do that.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [86-526] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose LinkedIn for authentication module.
</p>
<p>
Then, go in <code>LinkedIn parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong>Client ID</strong>: the application ID you get</div>
</li>
<li class="level1"><div class="li"> <strong>Client secret</strong>: the corresponding secret</div>
</li>
<li class="level1"><div class="li"> <strong>Searched fields</strong> (deprecated): Fields requested on People endpoint in v1, no more used in v2 <abbr title="Application Programming Interface">API</abbr></div>
</li>
<li class="level1"><div class="li"> <strong>Field containing user identifier</strong>: Field that will be used as main user identifier in <abbr title="LemonLDAP::NG">LL::NG</abbr>, usually <code>id</code> (LinkedIn numeric identifer) or <code>emailAddress</code>.</div>
</li>
<li class="level1"><div class="li"> <strong>Scope</strong>: OAuth 2.0 scopes, use <code>r_liteprofile</code> to get first name and last name, and <code>r_emailaddress</code> to get email.</div>
</li>
</ul>
<div class="notetip">Collected fields are stored in session in <code>linkedIn_</code> keys
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [527-] --></div>
</body>
</html>

54
doc/pages/documentation/current/authmulti.html
View File

@ -1,54 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authmulti</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authmulti"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authmulti.html"/>
<link rel="contents" href="authmulti.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authmulti","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="multiple_backends_stack">Multiple backends stack</h1>
<div class="level1">
<div class="noteimportant">This module has been removed and replaced by the more powerful <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination of auth schemes</a>.
</div>
</div>
</div>
</body>
</html>

101
doc/pages/documentation/current/authnull.html
View File

@ -1,101 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authnull</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authnull"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authnull.html"/>
<link rel="contents" href="authnull.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authnull","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="null">Null</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [21-90] -->
</div>
<!-- EDIT1 SECTION "Null" [1-91] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> Null backend is a transparent backend:
</p>
<ul>
<li class="level1"><div class="li"> Authentication: will create session without prompting any credentials (but will register client <abbr title="Internet Protocol">IP</abbr> and creation date)</div>
</li>
<li class="level1"><div class="li"> Users: will not collect any data (but you can still register environment variables in session)</div>
</li>
<li class="level1"><div class="li"> Password: will not change any password</div>
</li>
</ul>
<p>
You can use Null backend to bypass some authentication process steps.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [92-499] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Null for authentication, users or password module.
</p>
<p>
Then, go in <code>Null parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Configuration" [500-] --></div>
</body>
</html>

158
doc/pages/documentation/current/authopenid.html
View File

@ -1,158 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authopenid</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authopenid"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authopenid.html"/>
<link rel="contents" href="authopenid.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authopenid","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="openid">OpenID</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [22-85] --><div class="notewarning">OpenID protocol is deprecated. You should now use <a href="authopenidconnect.html" class="wikilink1" title="documentation:2.0:authopenidconnect">OpenID Connect</a>.
</div>
</div>
<!-- EDIT1 SECTION "OpenID" [1-196] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can delegate authentication to an OpenID server. This requires <a href="http://search.cpan.org/~mart/Net-OpenID-Consumer/" class="urlextern" title="http://search.cpan.org/~mart/Net-OpenID-Consumer/" rel="nofollow">Perl OpenID consumer module</a> with at least version 1.0.
</p>
<div class="notetip"><abbr title="LemonLDAP::NG">LL::NG</abbr> can also act as <a href="idpopenid.html" class="wikilink1" title="documentation:2.0:idpopenid">OpenID server</a>, that allows one to interconnect two <abbr title="LemonLDAP::NG">LL::NG</abbr> systems.
</div>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> will then display a form with an OpenID input, wher users will type their OpenID login.
</p>
<div class="notetip">OpenID authentication can proposed as an alternate authentication scheme using the <a href="authchoice.html" class="wikilink1" title="documentation:2.0:authchoice">authentication choice</a> method.
</div>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use a white list or a black list to filter allowed OpenID domains.
</p>
<p>
If OpenID is used as users database, attributes will be requested to the server with SREG extension.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [197-947] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose OpenID for authentication and/or users.
</p>
<p>
Then, go in <code>OpenID parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong>Secret token</strong>: used to check integrity of OpenID response.</div>
</li>
<li class="level1"><div class="li"> <strong>Authorizated domain</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>List type</strong>: choose white list to define allowed domains or black list to define forbidden domains</div>
</li>
<li class="level2"><div class="li"> <strong>List</strong>: domains list (comma separated values)</div>
</li>
</ul>
</li>
</ul>
<p>
To configure requested attributes, edit <strong>Exported variables</strong> and define attributes:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Key</strong>: internal session key, can be prefixed by <code>!</code> to make the attribute required</div>
</li>
<li class="level1"><div class="li"> <strong>Value</strong>: SREG attribute name:</div>
<ul>
<li class="level2"><div class="li"> fullname</div>
</li>
<li class="level2"><div class="li"> nickname</div>
</li>
<li class="level2"><div class="li"> language</div>
</li>
<li class="level2"><div class="li"> postcode</div>
</li>
<li class="level2"><div class="li"> timezone</div>
</li>
<li class="level2"><div class="li"> country</div>
</li>
<li class="level2"><div class="li"> gender</div>
</li>
<li class="level2"><div class="li"> email</div>
</li>
<li class="level2"><div class="li"> dob</div>
</li>
</ul>
</li>
</ul>
<p>
See also <a href="exportedvars.html" class="wikilink1" title="documentation:2.0:exportedvars">exported variables configuration</a>.
</p>
<div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [948-] --></div>
</body>
</html>

445
doc/pages/documentation/current/authopenidconnect.html
View File

@ -1,445 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authopenidconnect</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authopenidconnect"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authopenidconnect.html"/>
<link rel="contents" href="authopenidconnect.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authopenidconnect","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#openid_connect_service">OpenID Connect Service</a></div></li>
<li class="level2"><div class="li"><a href="#authentication_and_userdb">Authentication and UserDB</a></div></li>
<li class="level2"><div class="li"><a href="#register_llng_to_an_openid_connect_provider">Register LL::NG to an OpenID Connect Provider</a></div></li>
<li class="level2"><div class="li"><a href="#declare_the_openid_connect_provider_in_llng">Declare the OpenID Connect Provider in LL::NG</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#metadata">Metadata</a></div></li>
<li class="level3"><div class="li"><a href="#jwks_data">JWKS data</a></div></li>
<li class="level3"><div class="li"><a href="#exported_attributes">Exported attributes</a></div></li>
<li class="level3"><div class="li"><a href="#options">Options</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="openid_connect">OpenID Connect</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [31-94] -->
</div>
<!-- EDIT1 SECTION "OpenID Connect" [1-95] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<div class="noteclassic">OpenID Connect is a protocol based on REST, OAuth 2.0 and JOSE stacks. It is described here: <a href="http://openid.net/connect/" class="urlextern" title="http://openid.net/connect/" rel="nofollow">http://openid.net/connect/</a>.
</div>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can act as an OpenID Connect Relying Party (RP) towards multiple OpenID Connect Providers (OP). It will get the user identity trough an ID Token, and grab user attributes trough UserInfo endpoint.
</p>
<p>
As an RP, <abbr title="LemonLDAP::NG">LL::NG</abbr> supports a lot of OpenID Connect features:
</p>
<ul>
<li class="level1"><div class="li"> Authorization Code flow</div>
</li>
<li class="level1"><div class="li"> Automatic download of JWKS</div>
</li>
<li class="level1"><div class="li"> JWT signature verification</div>
</li>
<li class="level1"><div class="li"> Access Token Hash verification</div>
</li>
<li class="level1"><div class="li"> ID Token validation</div>
</li>
<li class="level1"><div class="li"> Get UserInfo as JSON or as JWT</div>
</li>
<li class="level1"><div class="li"> Logout on EndSession end point</div>
</li>
</ul>
<p>
You can use this authentication module to link your <abbr title="LemonLDAP::NG">LL::NG</abbr> server to any OpenID Connect Provider. Here are some examples, witch their specific documentation:
</p>
<div class="table sectionedit4"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Google </th><th class="col1 centeralign"> France Connect </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <a href="authopenidconnect_google.html" class="media" title="documentation:2.0:authopenidconnect_google"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="authopenidconnect_franceconnect.html" class="media" title="documentation:2.0:authopenidconnect_franceconnect"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td>
</tr>
</table></div>
<!-- EDIT4 TABLE [905-1106] --><div class="noteimportant">OpenID-Connect specification isn&#039;t finished for logout propagation. So logout initiated by relaying-party will be forward to OpenID-Connect provider but logout initiated by the provider (or another RP) will not be propagated. LLNG will implement this when <abbr title="specification">spec</abbr> will be published.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [96-1410] -->
<h2 class="sectionedit5" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT5 SECTION "Configuration" [1411-1437] -->
<h3 class="sectionedit6" id="openid_connect_service">OpenID Connect Service</h3>
<div class="level3">
<p>
See <a href="openidconnectservice.html" class="wikilink1" title="documentation:2.0:openidconnectservice">OpenIDConnect service</a> configuration chapter.
</p>
</div>
<!-- EDIT6 SECTION "OpenID Connect Service" [1438-1546] -->
<h3 class="sectionedit7" id="authentication_and_userdb">Authentication and UserDB</h3>
<div class="level3">
<p>
In <code>General Parameters</code> &gt; <code>Authentication modules</code>, set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication module</strong>: OpenID Connect</div>
</li>
<li class="level1"><div class="li"> <strong>Users module</strong>: OpenID Connect</div>
</li>
</ul>
<div class="notetip">As passwords will not be managed by <abbr title="LemonLDAP::NG">LL::NG</abbr>, you can disable <a href="portalmenu.html#menu_modules" class="wikilink1" title="documentation:2.0:portalmenu">menu password module</a>.
</div><div class="noteimportant">Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does).
Administrators may have to modify formAction value with wildcard likes *.
<p>
In Manager, go in :
</p>
<p>
<code>General Parameters</code> &gt; <code>Advanced Parameters</code> &gt; <code>Security</code> &gt; <code>Content Security Policy</code> &gt; <code>Form destination</code>
</p>
</div>
<p>
Then in <code>General Parameters</code> &gt; <code>Authentication modules</code> &gt; <code>OpenID Connect parameters</code>, you can set:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: level of authentication to associate to this module</div>
</li>
<li class="level1"><div class="li"> <strong>Callback GET parameter</strong>: name of GET parameter used to intercept callback (default: openidconnectcallback)</div>
</li>
<li class="level1"><div class="li"> <strong>State session timeout</strong>: duration of a state session (used to keep state information between authentication request and authentication response) in seconds (default: 600)</div>
</li>
</ul>
</div>
<!-- EDIT7 SECTION "Authentication and UserDB" [1547-2707] -->
<h3 class="sectionedit8" id="register_llng_to_an_openid_connect_provider">Register LL::NG to an OpenID Connect Provider</h3>
<div class="level3">
<p>
To register <abbr title="LemonLDAP::NG">LL::NG</abbr>, you will need to give some information like application name or logo. One of mandatory information is the redirect <abbr title="Uniform Resource Locator">URL</abbr> (one or many).
</p>
<p>
To know this information, just take the portal <abbr title="Uniform Resource Locator">URL</abbr> and the Callback GET parameter, for example:
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://auth.example.com/?openidcallback=1" class="urlextern" title="http://auth.example.com/?openidcallback=1" rel="nofollow">http://auth.example.com/?openidcallback=1</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://auth.example.com/index.pl?openidcallback=1" class="urlextern" title="http://auth.example.com/index.pl?openidcallback=1" rel="nofollow">http://auth.example.com/index.pl?openidcallback=1</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://auth.example.com/?lmAuth=oidc&amp;openidcallback=1" class="urlextern" title="http://auth.example.com/?lmAuth=oidc&amp;openidcallback=1" rel="nofollow">http://auth.example.com/?lmAuth=oidc&amp;openidcallback=1</a></div>
</li>
</ul>
<div class="noteimportant">If you use the <a href="authchoice.html" class="wikilink1" title="documentation:2.0:authchoice">choice backend</a>, you need to add the choice parameter in redirect <abbr title="Uniform Resource Locator">URL</abbr>
</div>
<p>
After registration, the OP must give you a client ID and a client secret, that will be used to configure the OP in <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</p>
</div>
<!-- EDIT8 SECTION "Register LL::NG to an OpenID Connect Provider" [2708-3422] -->
<h3 class="sectionedit9" id="declare_the_openid_connect_provider_in_llng">Declare the OpenID Connect Provider in LL::NG</h3>
<div class="level3">
<p>
In the Manager, select node <code>OpenID Connect Providers</code> and click on <code>Add OpenID Connect Provider</code>. Give a technical name (no spaces, no special characters), like &quot;sample-op&quot;;
</p>
<p>
You can then access to the configuration of this OP.
</p>
</div>
<h4 id="metadata">Metadata</h4>
<div class="level4">
<p>
The OP should publish its metadata in a JSON file (see for example <a href="https://accounts.google.com/.well-known/openid-configuration" class="urlextern" title="https://accounts.google.com/.well-known/openid-configuration" rel="nofollow">Google metadata</a>). Copy the content of this file in the textarea.
</p>
<p>
If no metadata is available, you need to write them in the textarea. Mandatory fields are:
</p>
<ul>
<li class="level1"><div class="li"> issuer</div>
</li>
<li class="level1"><div class="li"> authorization_endpoint</div>
</li>
<li class="level1"><div class="li"> token_endpoint</div>
</li>
<li class="level1"><div class="li"> userinfo_endpoint</div>
</li>
</ul>
<p>
You can also define:
</p>
<ul>
<li class="level1"><div class="li"> jwks_uri</div>
</li>
<li class="level1"><div class="li"> endsession_endpoint</div>
</li>
</ul>
<p>
Example template:
</p>
<pre class="code file javascript"><span class="br0">&#123;</span>
<span class="st0">&quot;issuer&quot;</span><span class="sy0">:</span> <span class="st0">&quot;https://auth.example.com/&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;authorization_endpoint&quot;</span><span class="sy0">:</span> <span class="st0">&quot;https://auth.example.com/oauth2/authorize&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;token_endpoint&quot;</span><span class="sy0">:</span> <span class="st0">&quot;https://auth.example.com/oauth2/token&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userinfo_endpoint&quot;</span><span class="sy0">:</span> <span class="st0">&quot;https://auth.example.com/oauth2/userinfo&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;end_session_endpoint&quot;</span><span class="sy0">:</span><span class="st0">&quot;https://auth.example.com/oauth2/logout&quot;</span>
<span class="br0">&#125;</span></pre>
</div>
<h4 id="jwks_data">JWKS data</h4>
<div class="level4">
<p>
JWKS is a JSON file containing public keys. <abbr title="LemonLDAP::NG">LL::NG</abbr> can grab them automatically if jwks_uri is defined in metadata. Else you can paste the content of the JSON file in the textarea.
</p>
<div class="notetip">If the OpenID Connect provider only uses symmetric encryption, JWKS data is not useful.
</div>
</div>
<h4 id="exported_attributes">Exported attributes</h4>
<div class="level4">
<p>
Define here the mapping between the <abbr title="LemonLDAP::NG">LL::NG</abbr> session content and the fields provided in UserInfo response. The fields are defined in <a href="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims" class="urlextern" title="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims" rel="nofollow">OpenID Connect standard</a>, and depends on the scope requested by <abbr title="LemonLDAP::NG">LL::NG</abbr> (see options in next chapter).
</p>
</div>
<!-- EDIT10 PLUGIN_INCLUDE_START_NOREDIRECT "documentation:2.0:openidconnectclaims" [0-] --><div class="plugin_include_content plugin_include__documentation:2.0:openidconnectclaims" id="plugin_include__documentation__2.0__openidconnectclaims">
<div class="level1">
<div class="table sectionedit12"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> Claim name </th><th class="col1"> Associated scope </th><th class="col2"> Type </th><th class="col3"> Example of corresponding LDAP attribute </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0"> sub </td><td class="col1"> openid </td><td class="col2"> string </td><td class="col3"> uid </td>
</tr>
<tr class="row2 roweven">
<td class="col0"> name </td><td class="col1"> profile </td><td class="col2"> string </td><td class="col3"> cn </td>
</tr>
<tr class="row3 rowodd">
<td class="col0"> given_name </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> givenName </td>
</tr>
<tr class="row4 roweven">
<td class="col0"> family_name </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> sn </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> middle_name </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> </td>
</tr>
<tr class="row6 roweven">
<td class="col0"> nickname </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> </td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> preferred_username </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> displayName </td>
</tr>
<tr class="row8 roweven">
<td class="col0"> profile </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> labeledURI </td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> picture </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> </td>
</tr>
<tr class="row10 roweven">
<td class="col0"> website </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> </td>
</tr>
<tr class="row11 rowodd">
<td class="col0"> email </td><td class="col1"> email </td><td class="col2">string </td><td class="col3"> mail </td>
</tr>
<tr class="row12 roweven">
<td class="col0"> email_verified </td><td class="col1"> email </td><td class="col2">boolean </td><td class="col3"> </td>
</tr>
<tr class="row13 rowodd">
<td class="col0"> gender </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> </td>
</tr>
<tr class="row14 roweven">
<td class="col0"> birthdate </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> </td>
</tr>
<tr class="row15 rowodd">
<td class="col0"> zoneinfo </td><td class="col1"> profile </td><td class="col2"> string </td><td class="col3"> </td>
</tr>
<tr class="row16 roweven">
<td class="col0"> locale </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> preferredLanguage </td>
</tr>
<tr class="row17 rowodd">
<td class="col0"> phone_number </td><td class="col1"> phone </td><td class="col2">string </td><td class="col3"> telephoneNumber </td>
</tr>
<tr class="row18 roweven">
<td class="col0"> phone_number_verified </td><td class="col1"> phone </td><td class="col2">boolean </td><td class="col3"> </td>
</tr>
<tr class="row19 rowodd">
<td class="col0"> updated_at </td><td class="col1"> profile </td><td class="col2">string </td><td class="col3"> </td>
</tr>
<tr class="row20 roweven">
<td class="col0"> formatted </td><td class="col1"> address </td><td class="col2">string </td><td class="col3"> registeredAddress </td>
</tr>
<tr class="row21 rowodd">
<td class="col0"> street_address </td><td class="col1"> address </td><td class="col2"> string </td><td class="col3"> street </td>
</tr>
<tr class="row22 roweven">
<td class="col0"> locality </td><td class="col1"> address </td><td class="col2"> string </td><td class="col3"> l </td>
</tr>
<tr class="row23 rowodd">
<td class="col0"> region </td><td class="col1"> address </td><td class="col2"> string </td><td class="col3"> st </td>
</tr>
<tr class="row24 roweven">
<td class="col0"> postal_code </td><td class="col1"> address </td><td class="col2"> string </td><td class="col3"> postalCode </td>
</tr>
<tr class="row25 rowodd">
<td class="col0"> country </td><td class="col1"> address </td><td class="col2"> string </td><td class="col3"> co </td>
</tr>
</table></div>
<!-- EDIT12 TABLE [38-1104] -->
</div>
<!-- EDIT11 PLUGIN_INCLUDE_END "documentation:2.0:openidconnectclaims" [0-] --></div>
<div class="level4">
<p>
So you can define for example:
</p>
<ul>
<li class="level1"><div class="li"> cn =&gt; name</div>
</li>
<li class="level1"><div class="li"> sn =&gt; family_name</div>
</li>
<li class="level1"><div class="li"> mail =&gt; email</div>
</li>
<li class="level1"><div class="li"> uid =&gt; sub</div>
</li>
</ul>
</div>
<h4 id="options">Options</h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> <strong>Configuration</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Configuration endpoint</strong>: <abbr title="Uniform Resource Locator">URL</abbr> of OP configuration endpoint</div>
</li>
<li class="level2"><div class="li"> <strong>JWKS data timeout</strong>: After this time, <abbr title="LemonLDAP::NG">LL::NG</abbr> will do a request to get a fresh version of JWKS data. Set to 0 to disable it.</div>
</li>
<li class="level2"><div class="li"> <strong>Client ID</strong>: Client ID given by OP</div>
</li>
<li class="level2"><div class="li"> <strong>Client secret</strong>: Client secret given by OP</div>
</li>
<li class="level2"><div class="li"> <strong>Store ID token</strong>: Allows one to store the ID token (JWT) inside user session. Don&#039;t enable it unless you need to replay this token on an application, or if you need the id_token_hint parameter when using logout.</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Protocol</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Scope</strong>: Value of scope parameter (example: openid profile). The <code>openid</code> scope is mandatory.</div>
</li>
<li class="level2"><div class="li"> <strong>Display</strong>: Value of display parameter (example: page)</div>
</li>
<li class="level2"><div class="li"> <strong>Prompt</strong>: Value of prompt parameter (example: consent)</div>
</li>
<li class="level2"><div class="li"> <strong>Max age</strong>: Value of max_age parameter (example: 3600)</div>
</li>
<li class="level2"><div class="li"> <strong>UI locales</strong>: Value of ui_locales parameter (example: en-<abbr title="Gigabyte">GB</abbr> en fr-FR fr)</div>
</li>
<li class="level2"><div class="li"> <strong>ACR values</strong>: Value acr_values parameters (example: loa-1)</div>
</li>
<li class="level2"><div class="li"> <strong>Token endpoint authentication method</strong>: Choice between <code>client_secret_post</code> and <code>client_secret_basic</code></div>
</li>
<li class="level2"><div class="li"> <strong>Check JWT signature</strong>: Set to 0 to disable JWT signature checking</div>
</li>
<li class="level2"><div class="li"> <strong>ID Token max age</strong>: If defined, <abbr title="LemonLDAP::NG">LL::NG</abbr> will check the date of ID token and refuse it if it is too old</div>
</li>
<li class="level2"><div class="li"> <strong>Use Nonce</strong>: If enabled, a nonce will be sent, and verified from the ID Token</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Display</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Display name</strong>: Name of the application</div>
</li>
<li class="level2"><div class="li"> <strong>Logo</strong>: Logo of the application</div>
</li>
<li class="level2"><div class="li"> <strong>Order</strong>: Number to sort buttons</div>
</li>
</ul>
</li>
</ul>
</div>
<!-- EDIT9 SECTION "Declare the OpenID Connect Provider in LL::NG" [3423-] --></div>
</body>
</html>

141
doc/pages/documentation/current/authopenidconnect_franceconnect.html
View File

@ -1,141 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authopenidconnect_franceconnect</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authopenidconnect_franceconnect"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authopenidconnect_franceconnect.html"/>
<link rel="contents" href="authopenidconnect_franceconnect.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authopenidconnect_franceconnect","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#register_on_france_connect">Register on France Connect</a></div></li>
<li class="level1"><div class="li"><a href="#declare_france_connect_in_your_llng_server">Declare France Connect in your LL::NG server</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="france_connect">France Connect</h1>
<div class="level1">
<p>
<img src="icons/kmultiple.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "France Connect" [1-82] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://doc.integ01.dev-franceconnect.fr/" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/" rel="nofollow">France Connect</a> is an authentication platform made by French government.
</p>
<div class="noteimportant">It is for the moment only in BETA stage. This documentation will explain how to configure <abbr title="LemonLDAP::NG">LL::NG</abbr> with the developer reserved space.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [83-383] -->
<h2 class="sectionedit3" id="register_on_france_connect">Register on France Connect</h2>
<div class="level2">
<p>
Once <a href="openidconnectservice.html" class="wikilink1" title="documentation:2.0:openidconnectservice">OpenID Connect service</a> is configured, you need to register to France Connect.
</p>
<p>
Use the following form: <a href="https://doc.integ01.dev-franceconnect.fr/inscription" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/inscription" rel="nofollow">https://doc.integ01.dev-franceconnect.fr/inscription</a>.
</p>
<p>
You need to provide the callback URLs, for example <a href="https://auth.domain.com/?openidcallback=1" class="urlextern" title="https://auth.domain.com/?openidcallback=1" rel="nofollow">https://auth.domain.com/?openidcallback=1</a>.
</p>
<p>
You will then get a <code>client_id</code> and a <code>client_secret</code>.
</p>
</div>
<!-- EDIT3 SECTION "Register on France Connect" [384-770] -->
<h2 class="sectionedit4" id="declare_france_connect_in_your_llng_server">Declare France Connect in your LL::NG server</h2>
<div class="level2">
<p>
Go in Manager and create a new OpenID Connect provider. You can call it <code>france-connect</code> for example.
</p>
<p>
Click on <code>Metadata</code> and set manually the metadata of the service, using <a href="https://doc.integ01.dev-franceconnect.fr/fournisseur-service" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/fournisseur-service" rel="nofollow">France Connect endpoints</a>. For example:
</p>
<pre class="code file javascript"><span class="br0">&#123;</span>
<span class="st0">&quot;issuer&quot;</span><span class="sy0">:</span> <span class="st0">&quot;https://fcp.integ01.dev-franceconnect.fr&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;authorization_endpoint&quot;</span><span class="sy0">:</span> <span class="st0">&quot;https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;token_endpoint&quot;</span><span class="sy0">:</span> <span class="st0">&quot;https://fcp.integ01.dev-franceconnect.fr/api/v1/token&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;userinfo_endpoint&quot;</span><span class="sy0">:</span> <span class="st0">&quot;https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo&quot;</span><span class="sy0">,</span>
<span class="st0">&quot;end_session_endpoint&quot;</span><span class="sy0">:</span><span class="st0">&quot;https://fcp.integ01.dev-franceconnect.fr/api/v1/logout&quot;</span>
<span class="br0">&#125;</span></pre>
<p>
You can skip JWKS data, they are not provided by France Connect. The security relies on the symmetric key <code>client_secret</code>.
</p>
<p>
Go in <code>Exported attributes</code> to choose which attributes from &quot;identité pivot&quot; you want to collect. See <a href="https://doc.integ01.dev-franceconnect.fr/identite-pivot" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/identite-pivot" rel="nofollow">https://doc.integ01.dev-franceconnect.fr/identite-pivot</a>
</p>
<p>
Now go in <code>Options</code>:
</p>
<ul>
<li class="level1"><div class="li"> In <code>Configuration</code>, register the <code>client_id</code> and <code>client_secret</code> given by France Connect</div>
</li>
<li class="level1"><div class="li"> In <code>Protocol</code>, adapt the <code>scope</code> to the exported attributes you want. See <a href="https://doc.integ01.dev-franceconnect.fr/fs-scopes" class="urlextern" title="https://doc.integ01.dev-franceconnect.fr/fs-scopes" rel="nofollow">https://doc.integ01.dev-franceconnect.fr/fs-scopes</a></div>
</li>
<li class="level1"><div class="li"> In <code>Display</code>, you can set the name and the logo</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Declare France Connect in your LL::NG server" [771-] --></div>
</body>
</html>

148
doc/pages/documentation/current/authopenidconnect_google.html
View File

@ -1,148 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authopenidconnect_google</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authopenidconnect_google"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authopenidconnect_google.html"/>
<link rel="contents" href="authopenidconnect_google.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authopenidconnect_google","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#register_on_google">Register on Google</a></div></li>
<li class="level1"><div class="li"><a href="#declare_google_in_your_llng_server">Declare Google in your LL::NG server</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="google">Google</h1>
<div class="level1">
<p>
<img src="icons/kmultiple.png" class="mediacenter" alt="" />
</p>
</div>
<!-- EDIT1 SECTION "Google" [1-67] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Do you we have to present <a href="http://www.google.com" class="urlextern" title="http://www.google.com" rel="nofollow">Google</a>? The good news is that Google is a standard OpenID Provider, and so you can easily delegate the authentication of <abbr title="LemonLDAP::NG">LL::NG</abbr> to Google: <a href="https://developers.google.com/identity/protocols/OpenIDConnect" class="urlextern" title="https://developers.google.com/identity/protocols/OpenIDConnect" rel="nofollow">https://developers.google.com/identity/protocols/OpenIDConnect</a>
</p>
<div class="noteimportant">Google does not support logout trough OpenID Connect. If you close your session on <abbr title="LemonLDAP::NG">LL::NG</abbr> side, your Google session will still be open.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [68-507] -->
<h2 class="sectionedit3" id="register_on_google">Register on Google</h2>
<div class="level2">
<p>
You need a Google developer account to access to <a href="https://console.developers.google.com/" class="urlextern" title="https://console.developers.google.com/" rel="nofollow">https://console.developers.google.com/</a>
</p>
<p>
Here you can go in <abbr title="Application Programming Interface">API</abbr> Manager and get new credentials (<code>client_id</code> and <code>client_secret</code>).
</p>
<p>
You need to provide the callback URLs, for example <a href="https://auth.domain.com/?openidcallback=1" class="urlextern" title="https://auth.domain.com/?openidcallback=1" rel="nofollow">https://auth.domain.com/?openidcallback=1</a>.
</p>
</div>
<!-- EDIT3 SECTION "Register on Google" [508-818] -->
<h2 class="sectionedit4" id="declare_google_in_your_llng_server">Declare Google in your LL::NG server</h2>
<div class="level2">
<p>
Go in Manager and create a new OpenID Connect provider. You can call it <code>google</code> for example.
</p>
<p>
Click on <code>Metadata</code>, and use the OpenID Connect configuration <abbr title="Uniform Resource Locator">URL</abbr> to load them: <a href="https://accounts.google.com/.well-known/openid-configuration" class="urlextern" title="https://accounts.google.com/.well-known/openid-configuration" rel="nofollow">https://accounts.google.com/.well-known/openid-configuration</a>.
</p>
<p>
You can also load the JWKS data from the <abbr title="Uniform Resource Locator">URL</abbr> <a href="https://www.googleapis.com/oauth2/v3/certs" class="urlextern" title="https://www.googleapis.com/oauth2/v3/certs" rel="nofollow">https://www.googleapis.com/oauth2/v3/certs</a>. But as Google rotate their keys, we will also configure a refresh interval on JKWS data.
</p>
<p>
Go in <code>Exported attributes</code> to choose which attributes you want to collect. Google supports these claims:
</p>
<ul>
<li class="level1"><div class="li"> email</div>
</li>
<li class="level1"><div class="li"> email_verified</div>
</li>
<li class="level1"><div class="li"> family_name</div>
</li>
<li class="level1"><div class="li"> given_name</div>
</li>
<li class="level1"><div class="li"> locale</div>
</li>
<li class="level1"><div class="li"> name</div>
</li>
<li class="level1"><div class="li"> picture</div>
</li>
<li class="level1"><div class="li"> sub</div>
</li>
</ul>
<p>
Now go in <code>Options</code>:
</p>
<ul>
<li class="level1"><div class="li"> In <code>Configuration</code>, register the <code>client_id</code> and <code>client_secret</code> given by Google. Set also the configuration <abbr title="Uniform Resource Identifier">URI</abbr> with <a href="https://accounts.google.com/.well-known/openid-configuration" class="urlextern" title="https://accounts.google.com/.well-known/openid-configuration" rel="nofollow">https://accounts.google.com/.well-known/openid-configuration</a>, and JWKS refresh, for example every day: 86400.</div>
</li>
<li class="level1"><div class="li"> In <code>Protocol</code>, adapt the <code>scope</code> to the exported attributes you want. You can for example use <code>openid profile email</code>.</div>
</li>
<li class="level1"><div class="li"> In <code>Display</code>, you can set the name and the logo</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Declare Google in your LL::NG server" [819-] --></div>
</body>
</html>

132
doc/pages/documentation/current/authpam.html
View File

@ -1,132 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authpam</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authpam"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authpam.html"/>
<link rel="contents" href="authpam.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authpam","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#install_authenpam">Install Authen::PAM</a></div></li>
<li class="level2"><div class="li"><a href="#configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="pam">PAM</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [20-77] -->
</div>
<!-- EDIT1 SECTION "PAM" [1-78] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> can use <a href="https://en.wikipedia.org/wiki/Pluggable_authentication_module" class="urlextern" title="https://en.wikipedia.org/wiki/Pluggable_authentication_module" rel="nofollow">Pluggable authentication module</a> as a simple authentication backend.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [79-254] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [255-281] -->
<h3 class="sectionedit5" id="install_authenpam">Install Authen::PAM</h3>
<div class="level3">
<p>
You have to install the corresponding Perl module.
</p>
<p>
For CentOS/RHEL:
</p>
<pre class="code shell">yum install perl-Authen-PAM</pre>
<p>
In Debian/Ubuntu, install the library through apt-get command
</p>
<pre class="code shell">apt-get install libauthen-pam-perl</pre>
</div>
<!-- EDIT5 SECTION "Install Authen::PAM" [282-550] -->
<h3 class="sectionedit6" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose PAM for authentication.
</p>
<div class="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code>PAM parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for PAM module</div>
</li>
<li class="level1"><div class="li"> <strong>PAM service</strong>: the PAM service to use <em>(default: login)</em></div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Configuration of LemonLDAP::NG" [551-] --></div>
</body>
</html>

143
doc/pages/documentation/current/authproxy.html
View File

@ -1,143 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authproxy</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authproxy"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authproxy.html"/>
<link rel="contents" href="authproxy.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authproxy","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#external_portal">External portal</a></div></li>
<li class="level2"><div class="li"><a href="#internal_portal">Internal portal</a></div></li>
<li class="level2"><div class="li"><a href="#soap_compatibility_with_19_server">SOAP compatibility with 1.9 server</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="proxy">Proxy</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [22-85] -->
</div>
<!-- EDIT1 SECTION "Proxy" [1-86] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> is able to transfer (trough REST or SOAP) authentication credentials to another <abbr title="LemonLDAP::NG">LL::NG</abbr> portal, like a proxy.
</p>
<p>
The difference with <a href="authremote.html" class="wikilink1" title="documentation:2.0:authremote">remote authentication</a> is that the client will never be redirect to the main <abbr title="LemonLDAP::NG">LL::NG</abbr> portal. This configuration is usable if you want to expose your internal <abbr title="Single Sign On">SSO</abbr> portal to another network (DMZ).
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [87-458] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [459-485] -->
<h3 class="sectionedit5" id="external_portal">External portal</h3>
<div class="level3">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Proxy for authentication and users.
</p>
<p>
Then, go in <code>Proxy parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Internal portal <abbr title="Uniform Resource Locator">URL</abbr></strong>: <abbr title="Uniform Resource Locator">URL</abbr> of internal portal</div>
</li>
<li class="level1"><div class="li"> <strong>Session service <abbr title="Uniform Resource Locator">URL</abbr></strong> (optional): Session service <abbr title="Uniform Resource Locator">URL</abbr> (default: same as previous for SOAP, same with &quot;/session/my&quot; for REST)</div>
</li>
<li class="level1"><div class="li"> <strong>Cookie name</strong> (optional): name of the cookie of internal portal, if different from external portal</div>
</li>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: level given to this authentication</div>
</li>
<li class="level1"><div class="li"> <strong>Use SOAP instead of REST</strong>: use a deprecated SOAP server instead of a REST one (you must set it if internal portal version is &lt; 2.0). In this case, &quot;Portal <abbr title="Uniform Resource Locator">URL</abbr>&quot; parameter must contains SOAP endpoint (generally <a href="http://auth.example.com/index.pl/sessions" class="urlextern" title="http://auth.example.com/index.pl/sessions" rel="nofollow">http://auth.example.com/index.pl/sessions</a> for 1.9 and earlier, <a href="http://auth.example.com/sessions" class="urlextern" title="http://auth.example.com/sessions" rel="nofollow">http://auth.example.com/sessions</a> for 2.0)</div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "External portal" [486-1339] -->
<h3 class="sectionedit6" id="internal_portal">Internal portal</h3>
<div class="level3">
<p>
The portal must be configured to accept REST or SOAP authentication requests if you&#039;ve choose to use SOAP. See: <a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST server plugin</a> or <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP session backend</a> <em>(deprecated)</em>.
</p>
</div>
<!-- EDIT6 SECTION "Internal portal" [1340-1598] -->
<h3 class="sectionedit7" id="soap_compatibility_with_19_server">SOAP compatibility with 1.9 server</h3>
<div class="level3">
<p>
If you Proxy is a 2.0.x and your server is a 1.9.x, you should add this in your lemonldap-ng.ini:
</p>
<pre class="code ini"><span class="re1">soapProxyUrn</span> <span class="sy0">=</span><span class="re2"> urn:Lemonldap/NG/Common/CGI/SOAPService</span></pre>
<div class="noteimportant">This needs LLNG version 2.0.8 at least
</div>
</div>
<!-- EDIT7 SECTION "SOAP compatibility with 1.9 server" [1599-] --></div>
</body>
</html>

138
doc/pages/documentation/current/authradius.html
View File

@ -1,138 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authradius</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authradius"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authradius.html"/>
<link rel="contents" href="authradius.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authradius","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#install_authenradius">Install Authen::Radius</a></div></li>
<li class="level2"><div class="li"><a href="#configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="radius">Radius</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [22-79] -->
</div>
<!-- EDIT1 SECTION "Radius" [1-80] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> uses <a href="http://search.cpan.org/~manowar/RadiusPerl-0.12/Radius.pm" class="urlextern" title="http://search.cpan.org/~manowar/RadiusPerl-0.12/Radius.pm" rel="nofollow">Perl Authen::Radius </a> as a simple authentication backend.
</p>
<p>
Currently, the module is simply handling a Radius Authentication request and has been tested only against a FreeRadius server.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [81-367] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [368-394] -->
<h3 class="sectionedit5" id="install_authenradius">Install Authen::Radius</h3>
<div class="level3">
<p>
You have to install the corresponding Perl module.
</p>
<p>
For CentOS/RHEL:
</p>
<pre class="code shell">yum install perl-Authen-Radius</pre>
<p>
In Debian/Ubuntu, install the library through apt-get command
</p>
<pre class="code shell">apt-get install libauthen-radius-perl</pre>
</div>
<!-- EDIT5 SECTION "Install Authen::Radius" [395-672] -->
<h3 class="sectionedit6" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose Radius for authentication.
</p>
<div class="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code>Radius parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for Radius module</div>
</li>
<li class="level1"><div class="li"> <strong>Shared secret</strong>: this is the passphrase to use to connect to the Radius server</div>
</li>
<li class="level1"><div class="li"> <strong>Server hostname</strong>: this is the hostname or <abbr title="Internet Protocol">IP</abbr> address of the Radius server</div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Configuration of LemonLDAP::NG" [673-] --></div>
</body>
</html>

205
doc/pages/documentation/current/authremote.html
View File

@ -1,205 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authremote</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authremote"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authremote.html"/>
<link rel="contents" href="authremote.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authremote","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#main_llng_structure">Main LL::NG structure</a></div></li>
<li class="level2"><div class="li"><a href="#secondary_llng_structure">Secondary LL::NG structure</a></div></li>
<li class="level2"><div class="li"><a href="#exampleinteroperability_between_2_organizations">Example: interoperability between 2 organizations</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="remote">Remote</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2"> </td>
</tr>
</table></div>
<!-- EDIT2 TABLE [23-86] --><div class="notewarning">This module is a <abbr title="LemonLDAP::NG">LL::NG</abbr> specific identity federation protocol. You may rather use standards protocols like <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML</a>, <a href="idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">OpenID Connect</a> or <a href="idpcas.html" class="wikilink1" title="documentation:2.0:idpcas">CAS</a>.
</div>
</div>
<!-- EDIT1 SECTION "Remote" [1-289] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<ul>
<li class="level1"><div class="li"> The main portal is configured to use <abbr title="Cross Domain Authentication">CDA</abbr>. The secondary portal is declared in the Manager of the main <abbr title="LemonLDAP::NG">LL::NG</abbr> structure (else user will be rejected).</div>
</li>
<li class="level1"><div class="li"> The portal of the secondary <abbr title="LemonLDAP::NG">LL::NG</abbr> structure is configured to delegate authentication to a remote portal. A request to the main session database is done (trough <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP session backend</a>) to be sure that the session exists.</div>
</li>
<li class="level1"><div class="li"> If <code>exportedAttr</code> is set, only those attributes are copied in the session database of the secondary <abbr title="LemonLDAP::NG">LL::NG</abbr> structure. Else, all data are copied in the session database.</div>
</li>
</ul>
<p>
<a href="documentation/remote-principle.png_documentation_2.0_authremote.html" class="media" title="documentation:remote-principle.png"><img src="documentation/remote-principle.png" class="mediacenter" alt="" /></a>
</p>
<ol>
<li class="level1"><div class="li"> User tries to access to an application in the secondary <abbr title="LemonLDAP::NG">LL::NG</abbr> structure without having a session in this area</div>
</li>
<li class="level1"><div class="li"> Redirection to the portal of the secondary area (transparent)</div>
</li>
<li class="level1"><div class="li"> Redirection to the portal of the main area and normal authentication (if not done before)</div>
</li>
<li class="level1"><div class="li"> Redirection to the portal of the secondary area (transparent)</div>
</li>
<li class="level1"><div class="li"> Secondary portal check if remote session is available. It can be done via direct access to the session database or using SOAP access. Then it creates the session (with attribute filter)</div>
</li>
<li class="level1"><div class="li"> User can now access to the protected application</div>
</li>
</ol>
<div class="noteclassic">Note that if the user is already authenticated on the first portal, all redirections are transparent.
</div>
</div>
<!-- EDIT3 SECTION "Presentation" [290-1635] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [1636-1662] -->
<h3 class="sectionedit5" id="main_llng_structure">Main LL::NG structure</h3>
<div class="level3">
<p>
Go in Manager, and:
</p>
<ul>
<li class="level1"><div class="li"> activate <abbr title="Cross Domain Authentication">CDA</abbr> in <code>General Parameters</code> » <code>Cookies</code> » <code>Multiple domains</code></div>
</li>
<li class="level1"><div class="li"> declare secondary portal in <code>General Parameters</code> » <code>Advanced Parameters</code> » <code>Security</code> » <code>Trusted domains</code></div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "Main LL::NG structure" [1663-1919] -->
<h3 class="sectionedit6" id="secondary_llng_structure">Secondary LL::NG structure</h3>
<div class="level3">
<p>
Configure the portal to use the remote <abbr title="LemonLDAP::NG">LL::NG</abbr> structure.
</p>
<p>
In Manager, go in <code>General Parameters</code> » <code>Authentication modules</code> and choose Remote for authentication and users.
</p>
<p>
Then, go in <code>Remote parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Portal <abbr title="Uniform Resource Locator">URL</abbr></strong>: remote portal <abbr title="Uniform Resource Locator">URL</abbr></div>
</li>
<li class="level1"><div class="li"> <strong>Cookie name</strong> (optional): name of the cookie of primary portal, if different from secondary portal</div>
</li>
<li class="level1"><div class="li"> <strong>Sessions module</strong>: set <code>Lemonldap::NG::Common::Apache::Session::SOAP</code> for <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP session backend</a>.</div>
</li>
<li class="level1"><div class="li"> <strong>Sessions module options</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>proxy</strong>: SOAP sessions end point (see <a href="soapsessionbackend.html" class="wikilink1" title="documentation:2.0:soapsessionbackend">SOAP session backend</a> documentation)</div>
</li>
</ul>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "Secondary LL::NG structure" [1920-2580] -->
<h3 class="sectionedit7" id="exampleinteroperability_between_2_organizations">Example: interoperability between 2 organizations</h3>
<div class="level3">
<p>
Using this, we can do a very simple interoperability system between 2 organizations using two <abbr title="LemonLDAP::NG">LL::NG</abbr> structures:
</p>
<ul>
<li class="level1"><div class="li"> each area has 2 portals:</div>
<ul>
<li class="level2"><div class="li"> One standard portal</div>
</li>
<li class="level2"><div class="li"> One remote portal that delegates authentication to the second organization (just another file on the same server)</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> The normal portal has a link included in the authentication form pointing to the remote portal for the users of the other organization</div>
</li>
</ul>
<p>
So on each main portal, internal users can access normally, and users issued from the other organization have just to click on the link:
</p>
<p>
<a href="documentation/remote-interoperability.png_documentation_2.0_authremote.html" class="media" title="documentation:remote-interoperability.png"><img src="documentation/remote-interoperability.png" class="mediacenter" alt="" /></a>
</p>
<ol>
<li class="level1"><div class="li"> One user tries to access to the portal</div>
</li>
<li class="level1"><div class="li"> External user clicks to be redirected to the remote type portal</div>
</li>
<li class="level1"><div class="li"> After redirection, normal authentication in the remote portal</div>
</li>
<li class="level1"><div class="li"> Redirection to the remote type portal</div>
</li>
<li class="level1"><div class="li"> Validation of the session: external user has now a local session</div>
</li>
</ol>
</div>
<!-- EDIT7 SECTION "Example: interoperability between 2 organizations" [2581-] --></div>
</body>
</html>

158
doc/pages/documentation/current/authrest.html
View File

@ -1,158 +0,0 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:authrest</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authrest"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authrest.html"/>
<link rel="contents" href="authrest.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authrest","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div></li>
<li class="level1"><div class="li"><a href="#rest_dialog">REST Dialog</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="rest">REST</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentication </th><th class="col1 centeralign"> Users </th><th class="col2 centeralign"> Password </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1 centeralign"></td><td class="col2 centeralign"></td>
</tr>
</table></div>
<!-- EDIT2 TABLE [21-90] -->
</div>
<!-- EDIT1 SECTION "REST" [1-91] -->
<h2 class="sectionedit3" id="presentation">Presentation</h2>
<div class="level2">
<p>
This backend can be used to delegate authentication to some webservices.
</p>
</div>
<!-- EDIT3 SECTION "Presentation" [92-191] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose REST for authentication, users and/or password modules.
</p>
<p>
Then, go in <code>REST parameters</code> and you just have to set REST <abbr title="Uniform Resource Locator">URL</abbr> to provide wanted services:
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Module </th><th class="col1 centeralign"> Parameter </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> Authentication level </td><td class="col1 centeralign"> Authentication level for this module </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> Authentication </td><td class="col1 centeralign"> Authentication <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> User database </td><td class="col1 centeralign"> User data <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> Password confirmation </td><td class="col1 centeralign"> Password confirmation <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> Password change </td><td class="col1 centeralign"> Password change <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [451-731] --><div class="notetip">You can then choose any other module for users and password.
</div>
</div>
<!-- EDIT4 SECTION "Configuration" [192-811] -->
<h2 class="sectionedit6" id="rest_dialog">REST Dialog</h2>
<div class="level2">
<p>
LemonLDAP::NG will call the endpoints you declared at various steps during the login process.
</p>
<p>
The request performed by LemonLDAP::NG is a POST on the <abbr title="Uniform Resource Locator">URL</abbr> you specified, the content of the POST is a JSON document (<code>Content-Type: application/json</code>).
</p>
<p>
REST web services must respond with a success HTTP code (200), and the response must be a JSON document containing a <code>result</code> key. Auth/UserDB endpoints can add an <code>info</code> array that will be stored in session data (without reading &quot;Exported variables&quot;).
</p>
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> <abbr title="Uniform Resource Locator">URL</abbr> </th><th class="col1 centeralign"> Query </th><th class="col2 centeralign"> Response </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> Authentication <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> <code>{&quot;user&quot;:$user,&quot;password&quot;:$password}</code> </td><td class="col2"> <code>{&quot;result&quot;:true/false,&quot;info&quot;:{...}}</code> </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> User data <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> <code>{&quot;user&quot;:$user}</code> </td><td class="col2"> <code>{&quot;result&quot;:true/false,&quot;info&quot;:{&quot;uid&quot;:&quot;dwho&quot;,...}}</code> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> Password confirmation <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> <code>{&quot;user&quot;:$user,&quot;password&quot;:$password}</code> </td><td class="col2"> <code>{&quot;result&quot;:true/false}</code> </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> Password change <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> <code>{&quot;user&quot;:$user,&quot;password&quot;:$password}</code> </td><td class="col2"> <code>{&quot;result&quot;:true/false}</code> </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [1348-1781] --><div class="notetip">To have only one REST call during the login process, you can set REST only as an Authentication backend, configure Null as your User Database, and make sure the REST authentication <abbr title="Uniform Resource Locator">URL</abbr> send all your user attributes in the <code>info</code> response key
</div>
</div>
<!-- EDIT6 SECTION "REST Dialog" [812-] --></div>
</body>
</html>

Some files were not shown because too many files have changed in this diff Show More