Re-order SAML options
This commit is contained in:
Christophe Maudoux
parent
00000184fc
commit
3ec85e6775
|
|
@ -96,12 +96,10 @@
|
|||
"domain" : "__DNSDOMAIN__",
|
||||
"exportedHeaders" : {
|
||||
"test1.__DNSDOMAIN__" : {
|
||||
"Auth-User" : "$uid",
|
||||
"Auth-Groups" : "$groups"
|
||||
"Auth-User" : "$uid"
|
||||
},
|
||||
"test2.__DNSDOMAIN__" : {
|
||||
"Auth-User" : "$uid",
|
||||
"Auth-Groups" : "$groups"
|
||||
"Auth-User" : "$uid"
|
||||
}
|
||||
},
|
||||
"exportedVars" : {},
|
||||
|
|
@ -122,15 +120,15 @@
|
|||
},
|
||||
"locationRules" : {
|
||||
"auth.__DNSDOMAIN__" : {
|
||||
"(?#checkUser)^/checkuser" : "inGroup(\"timelords\")",
|
||||
"(?#checkUser)^/checkuser" : "$uid eq \"dwho\"",
|
||||
"(?#errors)^/lmerror/" : "accept",
|
||||
"default" : "accept"
|
||||
},
|
||||
"manager.__DNSDOMAIN__" : {
|
||||
"(?#Configuration)^/(.*?\\.(fcgi|psgi)/)?(manager\\.html|confs/|$)" : "inGroup(\"timelords\")",
|
||||
"(?#Notifications)/(.*?\\.(fcgi|psgi)/)?notifications" : "inGroup(\"timelords\") or $uid eq \"rtyler\"",
|
||||
"(?#Sessions)/(.*?\\.(fcgi|psgi)/)?sessions" : "inGroup(\"timelords\") or $uid eq \"rtyler\"",
|
||||
"default" : "inGroup(\"timelords\") or $uid eq \"rtyler\""
|
||||
"(?#Configuration)^/(.*?\\.(fcgi|psgi)/)?(manager\\.html|confs/|$)" : "$uid eq \"dwho\"",
|
||||
"(?#Notifications)/(.*?\\.(fcgi|psgi)/)?notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
||||
"(?#Sessions)/(.*?\\.(fcgi|psgi)/)?sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
||||
"default" : "$uid eq \"dwho\" or $uid eq \"rtyler\""
|
||||
},
|
||||
"test1.__DNSDOMAIN__" : {
|
||||
"^/logout" : "logout_sso",
|
||||
|
|
|
|||
|
|
@ -129,7 +129,7 @@
|
|||
.\" ========================================================================
|
||||
.\"
|
||||
.IX Title "llng-fastcgi-server 8"
|
||||
.TH llng-fastcgi-server 8 "2020-02-12" "perl v5.26.1" "User Contributed Perl Documentation"
|
||||
.TH llng-fastcgi-server 8 "2020-03-02" "perl v5.26.1" "User Contributed Perl Documentation"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.if n .ad l
|
||||
|
|
@ -178,16 +178,10 @@ file to load for custom functions
|
|||
Plack::Handler engine, default to \s-1FCGI\s0 (see below)
|
||||
.IP "\-\-plackOptions:" 4
|
||||
.IX Item "--plackOptions:"
|
||||
other options to pass to Plack. This multi-valued parameter must have
|
||||
\&\*(L"key=value\*(R" values.
|
||||
other options to pass to the Plack handler. This multi-valued parameter must
|
||||
have \*(L"key=value\*(R" values.
|
||||
.Sp
|
||||
Example to use FCGI::ProcManager::Constrained instead of default \s-1FCGI\s0 manager
|
||||
(FCGI::ProcManager):
|
||||
.Sp
|
||||
.Vb 2
|
||||
\& llng\-fastcgi\-server \-u nobody \-g nobody \-s /run/llng.sock \-e FCGI \-n 10 \e
|
||||
\& \-\-plackOptions manager=FCGI::ProcManager::Constrained
|
||||
.Ve
|
||||
See Plack::Handler::FCGI for a list of options for the default \s-1FCGI\s0 engine
|
||||
.SH "ENGINES"
|
||||
.IX Header "ENGINES"
|
||||
By default, llng-fastcgi-server uses \s-1FCGI\s0 (= Plack::Handler::FCGI). Some
|
||||
|
|
@ -195,23 +189,6 @@ other engines can be used:
|
|||
.SS "\s-1FCGI\s0 (default)"
|
||||
.IX Subsection "FCGI (default)"
|
||||
It uses FCGI::ProcManager as manager. Other managers:
|
||||
.IP "FCGI::ProcManager::Constrained" 4
|
||||
.IX Item "FCGI::ProcManager::Constrained"
|
||||
Example to launch it:
|
||||
.Sp
|
||||
.Vb 2
|
||||
\& llng\-fastcgi\-server \-u nobody \-g nobody \-s /run/llng.sock \-e FCGI \-n 10 \e
|
||||
\& \-\-plackOptions manager=FCGI::ProcManager::Constrained
|
||||
.Ve
|
||||
.Sp
|
||||
You can then set environment values (in /etc/default/llng\-fastcgi\-server file
|
||||
for example):
|
||||
.Sp
|
||||
.Vb 3
|
||||
\& PM_MAX_REQUESTS=10000
|
||||
\& PM_SIZECHECK_NUM_REQUESTS=100
|
||||
\& PM_MAX_SIZE=300000
|
||||
.Ve
|
||||
.IP "FCGI::ProcManager::Dynamic" 4
|
||||
.IX Item "FCGI::ProcManager::Dynamic"
|
||||
.Vb 2
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ our $issuerParameters = {
|
|||
issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
|
||||
issuerOptions => [qw(issuersTimeout)],
|
||||
};
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlStorage samlStorageOptions samlRelayStateTimeout samlUseQueryStringSpecific samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlOverrideIDPEntityID)];
|
||||
our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
|
||||
our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAuthorizationCodeExpiration oidcServiceAccessTokenExpiration oidcServiceIDTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims)];
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -1151,10 +1151,11 @@ sub tree {
|
|||
help => 'samlservice.html#advanced',
|
||||
nodes => [
|
||||
'samlMetadataForceUTF8',
|
||||
'samlStorage',
|
||||
'samlStorageOptions',
|
||||
'samlRelayStateTimeout',
|
||||
'samlUseQueryStringSpecific',
|
||||
'samlOverrideIDPEntityID',
|
||||
'samlStorage',
|
||||
'samlStorageOptions',
|
||||
{
|
||||
title => 'samlCommonDomainCookie',
|
||||
form => 'simpleInputContainer',
|
||||
|
|
@ -1175,7 +1176,6 @@ sub tree {
|
|||
'samlDiscoveryProtocolIsPassive'
|
||||
]
|
||||
},
|
||||
'samlOverrideIDPEntityID',
|
||||
]
|
||||
}
|
||||
]
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -61,9 +61,9 @@
|
|||
|
||||
|
||||
<!-- //if:jsminified
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">/common/js/notifications.min.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/notifications.min.js"></script>
|
||||
//else -->
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">/common/js/notifications.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/notifications.js"></script>
|
||||
<!-- //endif -->
|
||||
|
||||
<TMPL_INCLUDE NAME="footer.tpl">
|
||||
|
|
|
|||
Loading…
Reference in New Issue