Add doc for confluence

doc/sources/admin/applications.rst

@@ -10,6 +10,7 @@ Applications
    applications/awx
    applications/bugzilla
    applications/bigbluebutton
+   applications/confluence
    applications/cornerstone
    applications/discourse
    applications/django
@@ -94,6 +95,7 @@ Application                                                       Configuration
 .. image:: applications/logo-awx.png                              :doc:`AWX (Ansible Tower)<applications/awx>`                                           ✔
 .. image:: applications/bigbluebutton-logo.png                    :doc:`BigBlueButton<applications/bigbluebutton>`                                            ✔
 .. image:: applications/bugzilla_logo.png                         :doc:`Bugzilla<applications/bugzilla>`               ✔
+.. image:: applications/confluence.png                            :doc:`Confluence<applications/confluence>`                                             ✔    ✔
 .. image:: applications/csod_logo.png                             :doc:`Cornerstone<applications/cornerstone>`                                           ✔
 .. image:: applications/discourse.jpg                             :doc:`Discourse<applications/discourse>`                                               ✔    ✔
 .. image:: applications/django_logo.png                           :doc:`Django<applications/django>`                   ✔

doc/sources/admin/applications/confluence.rst

@@ -0,0 +1,65 @@
+Confluence
+==========
+
+Presentation
+------------
+
+Confluence is a web-based corporate wiki developed by Atlassian.
+
+It is compatible with SAML and OpenID Connect. This tutorial will focus on SAML.
+
+Configuration
+-------------
+
+You must first configure LemonLDAP::NG as a :doc:`SAML Identity Provider<../idpsaml>`.
+
+Configure SAML in Confluence
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In the SSO configuration page, choose SAML as the authentication method. And set the following parameters.
+
+Don't forget to replace ``auth.example.com`` with your actual domain.
+
+* Single sign on issuer: ``https://auth.example.com/saml/metadata``
+* Identity provider single sign on URL: ``https://auth.example.com/saml/singleSignOn``
+* X.509 certificate: You can find this certificate in the manager: SAML2 Service » Security » Signature » Public key
+* Username mapping attribute: ``${uid}``
+
+.. danger:: Make sure the certificate you copy into Confluence starts with BEGIN CERTIFICATE and not with BEGIN PRIVATE KEY
+
+Write down the *Assertion Consumer Service URL* and the *Audience URL*, that Confluence is showing you, you will need it to configure LemonLDAP::NG
+
+Configure LemonLDAP::NG
+~~~~~~~~~~~~~~~~~~~~~~~
+
+In the LemonLDAP::NG Manager, create a new *SAML Service Provider*
+
+In *Metadata*, copy the following XML document, and don't forget to change ``AUDIENCE_URL`` and ``CONSUMER_SERVICE_URL`` the URLs with the values given by Confluence.
+
+::
+
+	<?xml version="1.0"?>
+	<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+		entityID="AUDIENCE_URL">
+	  <md:SPSSODescriptor
+		AuthnRequestsSigned="false"
+		WantAssertionsSigned="false"
+		protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+		  <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+		  <md:AssertionConsumerService
+			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+			Location="CONSUMER_SERVICE_URL"
+			index="1"/>
+	  </md:SPSSODescriptor>
+	</md:EntityDescriptor>
+
+In *Exported Attributes*, add a new attribute:
+
+* Variable name: the session variable containing user logins
+* Attribute name: ``uid``
+* Mandatory: ``On``
+
+Finally, in *Options* » *Signature*, set
+
+* Check SSO message signature: Off
+* Check SLO message signature: Off