dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0'

This commit is contained in:
Xavier 2019-04-09 22:30:05 +02:00
parent 01b5951b73 6b355f47a1
commit 4d7a3b8a33
111 changed files with 2147 additions and 846 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_example/conf/lmConf-1.json
View File

@ -125,7 +125,7 @@
"default" : "accept"
},
"manager.__DNSDOMAIN__" : {
"(?#Configuration)^/(manager\\.html|conf|$)" : "$uid eq \"dwho\"",
"(?#Configuration)^/(manager\\.html|confs|$)" : "$uid eq \"dwho\"",
"(?#Notifications)/notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
"(?#Sessions)/sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
"default" : "$uid eq \"dwho\" or $uid eq \"rtyler\""

7
_example/etc/test-nginx.conf
View File

@ -26,6 +26,10 @@ server {
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will receive /lmauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
# Improve performances
#fastcgi_buffer_size 32k;
#fastcgi_buffers 32 32k;
# OR TO USE uWSGI
#include /etc/nginx/uwsgi_params;
@ -34,6 +38,9 @@ server {
#uwsgi_param CONTENT_LENGTH "";
#uwsgi_param HOST $http_host;
#uwsgi_param X_ORIGINAL_URI $request_uri;
# Improve performances
#uwsgi_buffer_size 32k;
#uwsgi_buffers 32 32k;
}
# Client requests

93
doc/pages/documentation/current/applications.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="applications.html"/>
@ -104,100 +104,103 @@ If none of above methods is available, you can try:
<td class="col0 centeralign"> <a href="applications/cornerstone.html" class="media" title="documentation:2.0:applications:cornerstone"><img src="icons/kmultiple.png" class="media" alt="" width="200" /></a> </td><td class="col1 centeralign"> <a href="applications/cornerstone.html" class="wikilink1" title="documentation:2.0:applications:cornerstone">Cornerstone</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row6 roweven">
<td class="col0 centeralign"> <a href="applications/django.html" class="media" title="documentation:2.0:applications:django"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/django.html" class="wikilink1" title="documentation:2.0:applications:django">Django</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/discourse.html" class="media" title="documentation:2.0:applications:discourse"><img src="icons/kmultiple.png" class="media" title="discourse.jpg" alt="discourse.jpg" /></a> </td><td class="col1 centeralign"> <a href="applications/discourse.html" class="wikilink1" title="documentation:2.0:applications:discourse">Discourse</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"> </td><td class="col6 centeralign"> </td>
</tr>
<tr class="row7 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
<td class="col0 centeralign"> <a href="applications/django.html" class="media" title="documentation:2.0:applications:django"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/django.html" class="wikilink1" title="documentation:2.0:applications:django">Django</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row8 roweven">
<td class="col0 centeralign"> <a href="applications/dokuwiki.html" class="media" title="documentation:2.0:applications:dokuwiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/dokuwiki.html" class="wikilink1" title="documentation:2.0:applications:dokuwiki">Dokuwiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row9 rowodd">
<td class="col0 centeralign"> <a href="applications/drupal.html" class="media" title="documentation:2.0:applications:drupal"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/drupal.html" class="wikilink1" title="documentation:2.0:applications:drupal">Drupal</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/dokuwiki.html" class="media" title="documentation:2.0:applications:dokuwiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/dokuwiki.html" class="wikilink1" title="documentation:2.0:applications:dokuwiki">Dokuwiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row10 roweven">
<td class="col0 centeralign"> <a href="applications/fusiondirectory.html" class="media" title="documentation:2.0:applications:fusiondirectory"><img src="icons/kmultiple.png" class="media" title="fusiondirectory-logo.jpg" alt="fusiondirectory-logo.jpg" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/fusiondirectory.html" class="wikilink1" title="documentation:2.0:applications:fusiondirectory">FusionDirectory</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/drupal.html" class="media" title="documentation:2.0:applications:drupal"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/drupal.html" class="wikilink1" title="documentation:2.0:applications:drupal">Drupal</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row11 rowodd">
<td class="col0 centeralign"> <a href="applications/gitlab.html" class="media" title="documentation:2.0:applications:gitlab"><img src="icons/kmultiple.png" class="mediacenter" alt="" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/gitlab.html" class="wikilink1" title="documentation:2.0:applications:gitlab">Gitlab</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/fusiondirectory.html" class="media" title="documentation:2.0:applications:fusiondirectory"><img src="icons/kmultiple.png" class="media" title="fusiondirectory-logo.jpg" alt="fusiondirectory-logo.jpg" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/fusiondirectory.html" class="wikilink1" title="documentation:2.0:applications:fusiondirectory">FusionDirectory</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row12 roweven">
<td class="col0 centeralign"> <a href="applications/glpi.html" class="media" title="documentation:2.0:applications:glpi"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/glpi.html" class="wikilink1" title="documentation:2.0:applications:glpi">GLPI</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/gitlab.html" class="media" title="documentation:2.0:applications:gitlab"><img src="icons/kmultiple.png" class="mediacenter" alt="" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/gitlab.html" class="wikilink1" title="documentation:2.0:applications:gitlab">Gitlab</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"> </td><td class="col6"> </td>
</tr>
<tr class="row13 rowodd">
<td class="col0 centeralign"> <a href="applications/googleapps.html" class="media" title="documentation:2.0:applications:googleapps"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/googleapps.html" class="wikilink1" title="documentation:2.0:applications:googleapps">Google Apps</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/glpi.html" class="media" title="documentation:2.0:applications:glpi"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/glpi.html" class="wikilink1" title="documentation:2.0:applications:glpi">GLPI</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row14 roweven">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
<td class="col0 centeralign"> <a href="applications/googleapps.html" class="media" title="documentation:2.0:applications:googleapps"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/googleapps.html" class="wikilink1" title="documentation:2.0:applications:googleapps">Google Apps</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row15 rowodd">
<td class="col0 centeralign"> <a href="applications/grr.html" class="media" title="documentation:2.0:applications:grr"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/grr.html" class="wikilink1" title="documentation:2.0:applications:grr">GRR</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row16 roweven">
<td class="col0 centeralign"> <a href="applications/liferay.html" class="media" title="documentation:2.0:applications:liferay"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/liferay.html" class="wikilink1" title="documentation:2.0:applications:liferay">Liferay</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
<td class="col0 centeralign"> <a href="applications/grr.html" class="media" title="documentation:2.0:applications:grr"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/grr.html" class="wikilink1" title="documentation:2.0:applications:grr">GRR</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row17 rowodd">
<td class="col0 centeralign"> <a href="applications/limesurvey.html" class="media" title="documentation:2.0:applications:limesurvey"><img src="icons/kmultiple.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/limesurvey.html" class="wikilink1" title="documentation:2.0:applications:limesurvey">LimeSurvey</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
<td class="col0 centeralign"> <a href="applications/liferay.html" class="media" title="documentation:2.0:applications:liferay"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/liferay.html" class="wikilink1" title="documentation:2.0:applications:liferay">Liferay</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
</tr>
<tr class="row18 roweven">
<td class="col0 centeralign"> <a href="applications/mediawiki.html" class="media" title="documentation:2.0:applications:mediawiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/mediawiki.html" class="wikilink1" title="documentation:2.0:applications:mediawiki">Mediawiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/limesurvey.html" class="media" title="documentation:2.0:applications:limesurvey"><img src="icons/kmultiple.png" class="media" title="LimeSurvey" alt="LimeSurvey" width="120" /></a> </td><td class="col1 centeralign"> <a href="applications/limesurvey.html" class="wikilink1" title="documentation:2.0:applications:limesurvey">LimeSurvey</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"></td>
</tr>
<tr class="row19 rowodd">
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/nextcloud.html" class="wikilink1" title="documentation:2.0:applications:nextcloud">NextCloud</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/mediawiki.html" class="media" title="documentation:2.0:applications:mediawiki"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/mediawiki.html" class="wikilink1" title="documentation:2.0:applications:mediawiki">Mediawiki</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row20 roweven">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
<td class="col0 centeralign"> <a href="applications/nextcloud.html" class="media" title="documentation:2.0:applications:nextcloud"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/nextcloud.html" class="wikilink1" title="documentation:2.0:applications:nextcloud">NextCloud</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row21 rowodd">
<td class="col0 centeralign"> <a href="applications/obm.html" class="media" title="documentation:2.0:applications:obm"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/obm.html" class="wikilink1" title="documentation:2.0:applications:obm">OBM</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row22 roweven">
<td class="col0 centeralign"> <a href="applications/office365.html" class="media" title="documentation:2.0:applications:office365"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/office365.html" class="wikilink1" title="documentation:2.0:applications:office365">Office 365</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row23 rowodd">
<td class="col0 centeralign"> <a href="applications/phpldapadmin.html" class="media" title="documentation:2.0:applications:phpldapadmin"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/phpldapadmin.html" class="wikilink1" title="documentation:2.0:applications:phpldapadmin">phpLDAPAdmin</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row24 roweven">
<td class="col0 centeralign"> <a href="applications/roundcube.html" class="media" title="documentation:2.0:applications:roundcube"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/roundcube.html" class="wikilink1" title="documentation:2.0:applications:roundcube">Roundcube</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row25 rowodd">
<td class="col0 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/salesforce.html" class="wikilink1" title="documentation:2.0:applications:salesforce">SalesForce</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row26 roweven">
<td class="col0 centeralign"> <a href="applications/sap.html" class="media" title="documentation:2.0:applications:sap"><img src="icons/kmultiple.png" class="media" title="SAP" alt="SAP" /></a> </td><td class="col1 centeralign"> <a href="applications/sap.html" class="wikilink1" title="documentation:2.0:applications:sap">SAP</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row27 rowodd">
<td class="col0 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="media" alt="" width="200" /></a> </td><td class="col1 centeralign"> <a href="applications/simplesamlphp.html" class="wikilink1" title="documentation:2.0:applications:simplesamlphp">simpleSAMLphp</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row28 roweven">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row22 roweven">
<td class="col0 centeralign"> <a href="applications/obm.html" class="media" title="documentation:2.0:applications:obm"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/obm.html" class="wikilink1" title="documentation:2.0:applications:obm">OBM</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row23 rowodd">
<td class="col0 centeralign"> <a href="applications/office365.html" class="media" title="documentation:2.0:applications:office365"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/office365.html" class="wikilink1" title="documentation:2.0:applications:office365">Office 365</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row24 roweven">
<td class="col0 centeralign"> <a href="applications/phpldapadmin.html" class="media" title="documentation:2.0:applications:phpldapadmin"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/phpldapadmin.html" class="wikilink1" title="documentation:2.0:applications:phpldapadmin">phpLDAPAdmin</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row25 rowodd">
<td class="col0 centeralign"> <a href="applications/roundcube.html" class="media" title="documentation:2.0:applications:roundcube"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/roundcube.html" class="wikilink1" title="documentation:2.0:applications:roundcube">Roundcube</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row26 roweven">
<td class="col0 centeralign"> <a href="applications/salesforce.html" class="media" title="documentation:2.0:applications:salesforce"><img src="icons/kmultiple.png" class="mediacenter" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/salesforce.html" class="wikilink1" title="documentation:2.0:applications:salesforce">SalesForce</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row27 rowodd">
<td class="col0 centeralign"> <a href="applications/sap.html" class="media" title="documentation:2.0:applications:sap"><img src="icons/kmultiple.png" class="media" title="SAP" alt="SAP" /></a> </td><td class="col1 centeralign"> <a href="applications/sap.html" class="wikilink1" title="documentation:2.0:applications:sap">SAP</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row28 roweven">
<td class="col0 centeralign"> <a href="applications/simplesamlphp.html" class="media" title="documentation:2.0:applications:simplesamlphp"><img src="icons/kmultiple.png" class="media" alt="" width="200" /></a> </td><td class="col1 centeralign"> <a href="applications/simplesamlphp.html" class="wikilink1" title="documentation:2.0:applications:simplesamlphp">simpleSAMLphp</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5 centeralign"></td><td class="col6"> </td>
</tr>
<tr class="row29 rowodd">
<td class="col0 centeralign"> <a href="applications/spring.html" class="media" title="documentation:2.0:applications:spring"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/spring.html" class="wikilink1" title="documentation:2.0:applications:spring">Spring</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
<tr class="row30 roweven">
<td class="col0 centeralign"> <a href="applications/symfony.html" class="media" title="documentation:2.0:applications:symfony"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/symfony.html" class="wikilink1" title="documentation:2.0:applications:symfony">Symfony</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/spring.html" class="media" title="documentation:2.0:applications:spring"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/spring.html" class="wikilink1" title="documentation:2.0:applications:spring">Spring</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row31 rowodd">
<td class="col0 centeralign"> <a href="applications/sympa.html" class="media" title="documentation:2.0:applications:sympa"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/sympa.html" class="wikilink1" title="documentation:2.0:applications:sympa">Sympa</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/symfony.html" class="media" title="documentation:2.0:applications:symfony"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/symfony.html" class="wikilink1" title="documentation:2.0:applications:symfony">Symfony</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row32 roweven">
<td class="col0 centeralign"> <a href="applications/tomcat.html" class="media" title="documentation:2.0:applications:tomcat"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/tomcat.html" class="wikilink1" title="documentation:2.0:applications:tomcat">Tomcat</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/sympa.html" class="media" title="documentation:2.0:applications:sympa"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/sympa.html" class="wikilink1" title="documentation:2.0:applications:sympa">Sympa</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row33 rowodd">
<td class="col0 centeralign"> <a href="applications/wordpress.html" class="media" title="documentation:2.0:applications:wordpress"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/wordpress.html" class="wikilink1" title="documentation:2.0:applications:wordpress">Wordpress</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign"></td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/tomcat.html" class="media" title="documentation:2.0:applications:tomcat"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/tomcat.html" class="wikilink1" title="documentation:2.0:applications:tomcat">Tomcat</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row34 roweven">
<td class="col0 centeralign"> <a href="applications/xwiki.html" class="media" title="documentation:2.0:applications:xwiki"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/xwiki.html" class="wikilink1" title="documentation:2.0:applications:xwiki">XWiki</a> </td><td class="col2 centeralign"></td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/wordpress.html" class="media" title="documentation:2.0:applications:wordpress"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/wordpress.html" class="wikilink1" title="documentation:2.0:applications:wordpress">Wordpress</a> </td><td class="col2"> </td><td class="col3"> </td><td class="col4 centeralign"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row35 rowodd">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
<td class="col0 centeralign"> <a href="applications/xwiki.html" class="media" title="documentation:2.0:applications:xwiki"><img src="icons/kmultiple.png" class="media" alt="" width="100" /></a> </td><td class="col1 centeralign"> <a href="applications/xwiki.html" class="wikilink1" title="documentation:2.0:applications:xwiki">XWiki</a> </td><td class="col2 centeralign"> </td><td class="col3"> </td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row36 roweven">
<td class="col0 centeralign"> <a href="applications/zimbra.html" class="media" title="documentation:2.0:applications:zimbra"><img src="icons/kmultiple.png" class="media" alt="" /></a> </td><td class="col1 centeralign"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra</a> </td><td class="col2"> </td><td class="col3 centeralign"></td><td class="col4"> </td><td class="col5"> </td><td class="col6"> </td>
</tr>
<tr class="row37 rowodd">
<th class="col0 leftalign"> </th><th class="col1 leftalign"> </th><th class="col2 centeralign"> HTTP headers </th><th class="col3 centeralign"> Specific Handler </th><th class="col4 centeralign"> <abbr title="Central Authentication Service">CAS</abbr> </th><th class="col5 leftalign"> <abbr title="Security Assertion Markup Language">SAML</abbr> </th><th class="col6 centeralign"> OpenID Connect </th>
</tr>
</table></div>
<!-- EDIT4 TABLE [1223-5617] -->
<!-- EDIT4 TABLE [1223-5747] -->
</div>
<!-- EDIT3 SECTION "Application list" [1192-] --></div>
</body>

151
doc/pages/documentation/current/applications/discourse.html Normal file
View File

@ -0,0 +1,151 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:applications:discourse</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,discourse"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="discourse.html"/>
<link rel="contents" href="discourse.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:discourse","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#discourse_configuration">Discourse configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#plugin_installation">Plugin installation</a></div></li>
<li class="level2"><div class="li"><a href="#plugin_configuration">Plugin configuration</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="discourse">Discourse</h1>
<div class="level1">
<p>
<a href="discourse.jpg_documentation_2.0_applications_discourse.html" class="media" title="applications:discourse.jpg"><img src="discourse.jpeg" class="mediacenter" title="discourse.jpg" alt="discourse.jpg" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Discourse" [1-61] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="https://www.discourse.org/" class="urlextern" title="https://www.discourse.org/" rel="nofollow">Discourse</a> is a conversation-oriented forum engine
</p>
<p>
Discourse supports <a href="https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045" class="urlextern" title="https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045" rel="nofollow">its own Single-Sign-On scheme</a> but is also compatible with standard protocols such as <abbr title="Security Assertion Markup Language">SAML</abbr> and OpenID Connect, through plugins.
</p>
<p>
This documentation illustrates the OpenID Connect plugin.
</p>
<p>
First, make sure you have set up LemonLDAP::NG &#039;s <a href="../openidconnectservice.html" class="wikilink1" title="documentation:2.0:openidconnectservice">OpenID Connect service</a> and added <a href="../idpopenidconnect.html" class="wikilink1" title="documentation:2.0:idpopenidconnect">a Relaying Party for your Discourse instance</a>
</p>
<p>
Discourse can use the following OpenID Connect attributes to fill the user&#039;s profile:
</p>
<ul>
<li class="level1"><div class="li"> name</div>
</li>
<li class="level1"><div class="li"> email</div>
</li>
<li class="level1"><div class="li"> given_name</div>
</li>
<li class="level1"><div class="li"> family_name</div>
</li>
<li class="level1"><div class="li"> preferred_username</div>
</li>
<li class="level1"><div class="li"> picture</div>
</li>
</ul>
<p>
Make sure you create a username and password for the Relying Party, and that the discourse callback <abbr title="Uniform Resource Locator">URL</abbr> is allowed : <a href="https://discourse.example.com/auth/oidc/callback" class="urlextern" title="https://discourse.example.com/auth/oidc/callback" rel="nofollow">https://discourse.example.com/auth/oidc/callback</a>
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [62-985] -->
<h2 class="sectionedit3" id="discourse_configuration">Discourse configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Discourse configuration" [986-1022] -->
<h3 class="sectionedit4" id="plugin_installation">Plugin installation</h3>
<div class="level3">
<p>
Install the <a href="https://meta.discourse.org/t/openid-connect-authentication-plugin/103632" class="urlextern" title="https://meta.discourse.org/t/openid-connect-authentication-plugin/103632" rel="nofollow">Discourse OpenID Connect Plugin</a> according to these instructions
</p>
</div>
<!-- EDIT4 SECTION "Plugin installation" [1023-1207] -->
<h3 class="sectionedit5" id="plugin_configuration">Plugin configuration</h3>
<div class="level3">
<p>
Browse to your Discourse admin interface, and to the plugin settings
</p>
<ul>
<li class="level1"><div class="li"> openid_connect_enabled: <em>Yes</em></div>
</li>
<li class="level1"><div class="li"> openid_connect_discovery_document: <a href="https://auth.example.com/.well-known/openid-configuration" class="urlextern" title="https://auth.example.com/.well-known/openid-configuration" rel="nofollow">https://auth.example.com/.well-known/openid-configuration</a></div>
</li>
<li class="level1"><div class="li"> openid_connect_client_id: <em>Client ID you chose when configuring the Relying Party</em></div>
</li>
<li class="level1"><div class="li"> openid_connect_client_secret: <em>Client Secret you chose when configuring the Relying Party</em></div>
</li>
<li class="level1"><div class="li"> openid_connect_authorize_scope: <em>openid email profile</em></div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "Plugin configuration" [1208-] --></div>
</body>
</html>

103
doc/pages/documentation/current/applications/discourse.jpg_documentation_2.0_applications_discourse.html Normal file
View File

@ -0,0 +1,103 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr" class="no-js">
<head>
<meta charset="UTF-8" />
<title>applications:discourse.jpg [LemonLDAP::NG]</title>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="shortcut icon" href="../lib/tpl/bootstrap3/images/favicon.ico" />
<link rel="apple-touch-icon" href="../lib/tpl/bootstrap3/images/apple-touch-icon.png" />
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->/>
<script type="text/javascript">/*<![CDATA[*/
var TPL_CONFIG = {"tableFullWidth":1};
/*!]]>*/</script>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="discourse.html"/>
<link rel="contents" href="discourse.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='';var JSINFO = null;
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
<script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<![endif]-->
</head>
<body class="container">
<!--[if lte IE 7 ]><div id="IE7"><![endif]--><!--[if IE 8 ]><div id="IE8"><![endif]-->
<div id="dokuwiki__detail" class="dokuwiki mode_ tpl_bootstrap3 ">
<h1 class="page-header">
<i class="glyphicon glyphicon-picture"></i> applications:discourse.jpg </h1>
<div class="content">
<a href="discourse.0fea6a13c52b4d4725368f24b045ca84.jpeg" title="View original file"><img width="218" height="64" class="img_detail" alt="discourse.jpg" title="discourse.jpg" src="discourse.6e7dfb78b54a5324836f41bb225c015f.jpeg"/></a>
<div class="img_detail">
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title"><i class="glyphicon glyphicon-info-sign text-info"></i> discourse.jpg</h2>
</div>
<div class="panel-body">
<dl><dt>Date:</dt><dd>2019/02/21 16:43</dd><dt>Filename:</dt><dd>discourse.jpg</dd><dt>Format:</dt><dd>JPEG</dd><dt>Size:</dt><dd>4KB</dd><dt>Width:</dt><dd>218</dd><dt>Height:</dt><dd>64</dd></dl> </div>
</div>
</div>
</div><!-- /.content -->
<p class="back">
<hr/>
<div class="btn-group">
<a href="discourse.html" class="action img_backto" accesskey="b" rel="nofollow" title="Back to documentation:2.0:applications:discourse [B]">Back to documentation:2.0:applications:discourse</a> </div>
</p>
</div>
<!--[if ( lte IE 7 | IE 8 ) ]></div><![endif]-->
</body>
</html>

4
doc/pages/documentation/current/applications/img/icons.png
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=0f10c8fca57376e7bc8695f4a434476e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/icons.png?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1549988821" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aicons.png&amp;1554841473" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/applications/img/loader.gif
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=0f10c8fca57376e7bc8695f4a434476e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/applications/img/loader.gif?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1549988821" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aapplications%3Aimg%3Aloader.gif&amp;1554841473" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

2
doc/pages/documentation/current/applications/roundcube.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications:roundcube</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,roundcube"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="roundcube.html"/>

2
doc/pages/documentation/current/applications/salesforce.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications:salesforce</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,applications,salesforce"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>

15
doc/pages/documentation/current/applications/zimbra.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:applications:zimbra</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,applications,zimbra"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="zimbra.html"/>
@ -82,10 +82,9 @@
Zimbra use a specific <a href="http://wiki.zimbra.com/index.php?title=Preauth" class="urlextern" title="http://wiki.zimbra.com/index.php?title=Preauth" rel="nofollow">preauthentication protocol</a> to provide <abbr title="Single Sign On">SSO</abbr> on its application. This protocol is implemented in an <abbr title="LemonLDAP::NG">LL::NG</abbr> specific Handler.
</p>
<div class="notetip">Zimbra can also be connected to <abbr title="LemonLDAP::NG">LL::NG</abbr> via <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML protocol</a> (see <a href="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" class="urlextern" title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html" rel="nofollow">Zimbra blog</a>).
</div><div class="noteimportant">For now, Zimbra isn&#039;t supported by Nginx handler. You have to use Apache.
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [61-1097] -->
<!-- EDIT2 SECTION "Presentation" [61-999] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
@ -104,7 +103,7 @@ The integration with <abbr title="LemonLDAP::NG">LL::NG</abbr> is the following:
</ul>
</div>
<!-- EDIT3 SECTION "Configuration" [1098-1438] -->
<!-- EDIT3 SECTION "Configuration" [1000-1340] -->
<h3 class="sectionedit4" id="zimbra_preauth_key">Zimbra preauth key</h3>
<div class="level3">
@ -117,7 +116,7 @@ See <a href="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_f
</p>
</div>
<!-- EDIT4 SECTION "Zimbra preauth key" [1439-1637] -->
<!-- EDIT4 SECTION "Zimbra preauth key" [1341-1539] -->
<h3 class="sectionedit5" id="zimbra_application_in_menu">Zimbra application in menu</h3>
<div class="level3">
@ -126,7 +125,7 @@ Choose for example <a href="http://zimbra.example.com/zimbrasso" class="urlexter
</p>
</div>
<!-- EDIT5 SECTION "Zimbra application in menu" [1638-1819] -->
<!-- EDIT5 SECTION "Zimbra application in menu" [1540-1721] -->
<h3 class="sectionedit6" id="zimbra_virtual_host">Zimbra virtual host</h3>
<div class="level3">
@ -135,7 +134,7 @@ You just have to set “Type: ZimbraPreAuth” in virtualhost options and reload
</p>
</div>
<!-- EDIT6 SECTION "Zimbra virtual host" [1820-1959] -->
<!-- EDIT6 SECTION "Zimbra virtual host" [1722-1861] -->
<h3 class="sectionedit7" id="zimbra_handler_parameters">Zimbra Handler parameters</h3>
<div class="level3">
@ -164,6 +163,6 @@ Zimbra parameters are the following:
</div>
</div>
<!-- EDIT7 SECTION "Zimbra Handler parameters" [1960-] --></div>
<!-- EDIT7 SECTION "Zimbra Handler parameters" [1862-] --></div>
</body>
</html>

19
doc/pages/documentation/current/authgpg.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authgpg</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authgpg"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authgpg.html"/>
@ -68,14 +68,25 @@ LLNG can use GPG to authenticate users. It is not useful for day-to-day authenti
</div>
<!-- EDIT3 SECTION "Presentation" [91-329] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
<h3 class="sectionedit4" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose GPG for authentication, users and/or password modules. Then you just have to set GPG database. For example <code>/usr/share/keyrings/debian-keyring.gpg</code>
</p>
<div class="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code>GPG parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module</div>
</li>
<li class="level1"><div class="li"> <strong>GPG database</strong>: database to store users GPG public key</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Configuration" [330-] --></div>
<!-- EDIT4 SECTION "Configuration of LemonLDAP::NG" [330-] --></div>
</body>
</html>

24
doc/pages/documentation/current/authrest.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authrest</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,authrest"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authrest.html"/>
@ -89,7 +89,7 @@ In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modu
</p>
<p>
Then you just have to set REST <abbr title="Uniform Resource Locator">URL</abbr> to provide wanted services:
Then, go in <code>REST parameters</code> and you just have to set REST <abbr title="Uniform Resource Locator">URL</abbr> to provide wanted services:
</p>
<div class="table sectionedit5"><table class="inline table table-bordered table-striped">
<thead>
@ -98,21 +98,25 @@ Then you just have to set REST <abbr title="Uniform Resource Locator">URL</abbr>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> Authentication </td><td class="col1 centeralign"> Authentication <abbr title="Uniform Resource Locator">URL</abbr> </td>
<td class="col0 centeralign"> Authentication level </td><td class="col1 centeralign"> Authentication level for this module </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> User database </td><td class="col1 centeralign"> User data <abbr title="Uniform Resource Locator">URL</abbr> </td>
<td class="col0 centeralign"> Authentication </td><td class="col1 centeralign"> Authentication <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
<tr class="row3 rowodd">
<td class="col0 centeralign"> Password </td><td class="col1 centeralign"> Password confirmation <abbr title="Uniform Resource Locator">URL</abbr> </td>
<td class="col0 centeralign"> User database </td><td class="col1 centeralign"> User data <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
<tr class="row4 roweven">
<td class="col0 centeralign"> Password </td><td class="col1 centeralign"> Password change <abbr title="Uniform Resource Locator">URL</abbr> </td>
<td class="col0 centeralign"> Password confirmation </td><td class="col1 centeralign"> Password confirmation <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
<tr class="row5 rowodd">
<td class="col0 centeralign"> Password change </td><td class="col1 centeralign"> Password change <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
</table></div>
<!-- EDIT5 TABLE [420-612] -->
<!-- EDIT5 TABLE [451-731] --><div class="notetip">You can then choose any other module for users and password.
</div>
<!-- EDIT4 SECTION "Configuration" [192-613] -->
</div>
<!-- EDIT4 SECTION "Configuration" [192-811] -->
<h2 class="sectionedit6" id="rest_dialog">REST Dialog</h2>
<div class="level2">
@ -138,9 +142,9 @@ REST web services have just to respond with a “result” key in a JSON file. A
<td class="col0 centeralign"> Password change <abbr title="Uniform Resource Locator">URL</abbr> </td><td class="col1"> JSON file: <code>{“user”:$user,“password”:$password}</code> </td><td class="col2"> JSON file: <code>{“result”:true/false}</code> </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [827-1348] --><div class="notetip">To have just one call, you can only set REST authentication, set datas in “info” key response and set Null as User Database.
<!-- EDIT7 TABLE [1025-1546] --><div class="notetip">To have just one call, you can only set REST authentication, set datas in “info” key response and set Null as User Database.
</div>
</div>
<!-- EDIT6 SECTION "REST Dialog" [614-] --></div>
<!-- EDIT6 SECTION "REST Dialog" [812-] --></div>
</body>
</html>

8
doc/pages/documentation/current/authsaml.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:authsaml</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authsaml"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authsaml.html"/>
@ -148,11 +148,11 @@ After configuring <abbr title="Security Assertion Markup Language">SAML</abbr> S
</p>
<p>
They are available at the EntityID <abbr title="Uniform Resource Locator">URL</abbr>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata" rel="nofollow">http://auth.example.com/saml/metadata</a>.
They are available at the EntityID <abbr title="Uniform Resource Locator">URL</abbr>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata" rel="nofollow">http://auth.example.com/saml/metadata</a>. You can also use <a href="http://auth.example.com/saml/metadata/sp" class="urlextern" title="http://auth.example.com/saml/metadata/sp" rel="nofollow">http://auth.example.com/saml/metadata/sp</a> to have only SP related metadata.
</p>
</div>
<!-- EDIT7 SECTION "Register LemonLDAP::NG on partner Identity Provider" [1468-1714] -->
<!-- EDIT7 SECTION "Register LemonLDAP::NG on partner Identity Provider" [1468-1806] -->
<h3 class="sectionedit8" id="register_partner_identity_provider_on_lemonldapng">Register partner Identity Provider on LemonLDAP::NG</h3>
<div class="level3">
@ -315,6 +315,6 @@ Used only if you have more than 1 <abbr title="Security Assertion Markup Languag
<div class="notetip">The chosen logo must be in Portal icons directory (<code>portal/static/common/icons/</code>). You can set a custom icon by setting the icon file name directly in the field and copy the logo file in portal icons directory
</div>
</div>
<!-- EDIT8 SECTION "Register partner Identity Provider on LemonLDAP::NG" [1715-] --></div>
<!-- EDIT8 SECTION "Register partner Identity Provider on LemonLDAP::NG" [1807-] --></div>
</body>
</html>

79
doc/pages/documentation/current/authssl.html
View File

@ -59,7 +59,11 @@
<li class="level3"><div class="li"><a href="#apache_portal_ssl_configuration">Apache portal SSL configuration</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#with_nginx">With Nginx</a></div></li>
<li class="level2"><div class="li"><a href="#with_nginx">With Nginx</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#nginx_ssl_virtual_host_example_with_uwsgi">Nginx SSL Virtual Host example with uWSGI</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></div></li>
<li class="level2"><div class="li"><a href="#auto_reloading_ssl_certificates">Auto reloading SSL Certificates</a></div></li>
</ul>
@ -206,14 +210,53 @@ ssl_crl /etc/nginx/ssl/crl/my.crl;</pre>
<p>
You must also export SSL_CLIENT_S_<abbr title="Distinguished Name">DN</abbr>_CN in FastCGI params:
</p>
<pre class="code file nginx">map $ssl_client_s_dn $ssl_client_s_dn_cn {
<pre class="code file nginx"># map directive must be in http context
map $ssl_client_s_dn $ssl_client_s_dn_cn {
default &quot;&quot;;
~/CN=(?&lt;CN&gt;[^/]+) $CN;
}
fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;</pre>
</div>
<!-- EDIT6 SECTION "With Nginx" [2685-3246] -->
<h4 id="nginx_ssl_virtual_host_example_with_uwsgi">Nginx SSL Virtual Host example with uWSGI</h4>
<div class="level4">
<pre class="code file nginx">server {
listen 443;
server_name authssl.example.com;
root /usr/share/lemonldap-ng/portal/htdocs/;
# Use &quot;lm_app&quot; format to get username in nginx.log (see nginx-lmlog.conf)
access_log /var/log/nginx/access.log lm_app;
&nbsp;
ssl_verify_client on;
ssl_verify_depth 3;
&nbsp;
# Full chain CRL is required
# All CRLs must be concatenated in a single .pem format file
ssl_crl /etc/nginx/ssl/crl/crls.pem;
if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
rewrite ^/(.*)$ /index.psgi/$1 break;
}
&nbsp;
location ~ ^(?&lt;sc&gt;/.*\.psgi)(?:$|/) {
# uWSGI Configuration
include /etc/nginx/uwsgi_params;
uwsgi_pass 127.0.0.1:5000;
uwsgi_param LLTYPE psgi;
uwsgi_param SCRIPT_FILENAME $document_root$sc;
uwsgi_param SCRIPT_NAME $sc;
uwsgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
}
&nbsp;
#index index.psgi;
location / {
try_files $uri $uri/ =404;
add_header Strict-Transport-Security max-age=15768000;
}
}</pre>
</div>
<!-- EDIT6 SECTION "With Nginx" [2685-4318] -->
<h3 class="sectionedit7" id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<div class="level3">
@ -233,7 +276,7 @@ Then, go in <code>SSL parameters</code>:
</ul>
</div>
<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [3247-3672] -->
<!-- EDIT7 SECTION "Configuration of LemonLDAP::NG" [4319-4744] -->
<h3 class="sectionedit8" id="auto_reloading_ssl_certificates">Auto reloading SSL Certificates</h3>
<div class="level3">
@ -341,7 +384,7 @@ $('.enteteBouton').click( function (e) {
<div class="notewarning">It is incompatible with authentication combination because of Apache parameter “SSLVerifyClient”, which must have the value “require”. To enable SSL with <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">Combination</a>, use <a href="#ssl_by_ajax" title="documentation:2.0:authssl ↵" class="wikilink1">SSL by Ajax</a>
</div>
</div>
<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [3673-6936] -->
<!-- EDIT8 SECTION "Auto reloading SSL Certificates" [4745-8008] -->
<h2 class="sectionedit9" id="ssl_by_ajax">SSL by Ajax</h2>
<div class="level2">
@ -358,8 +401,32 @@ If you enable this feature, you must configure 2 portal virtual hosts:
<p>
then declare the second <abbr title="Uniform Resource Locator">URL</abbr> in SSL options in the Manager. That&#039;s all ! Then you can chain it in a <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">combination</a>.
</p>
<div class="noteclassic">With <a href="authchoice.html" class="wikilink1" title="documentation:2.0:authchoice">choice</a>, the second <abbr title="Uniform Resource Locator">URL</abbr> should be also declared in module <abbr title="Uniform Resource Locator">URL</abbr> parameter to redirect user to Portal menu.
</div><div class="noteimportant"><strong>Content Security Policy</strong> may prevent to submit Ajax Request.
To avoid security warning,
<p>
Go to : <code>General Parameters &gt; Advanced Parameters &gt; Security &gt; Content security policy</code>
</p>
<p>
and set :
</p>
<p>
<strong>Default value</strong> =&gt; &#039;self&#039; “Ajax request <abbr title="Uniform Resource Locator">URL</abbr>
</p>
<p>
<strong>Form destinations</strong> =&gt; &#039;self&#039; “Ajax request <abbr title="Uniform Resource Locator">URL</abbr>
</p>
<p>
<strong>Ajax destinations</strong> =&gt; &#039;self&#039; “Ajax request <abbr title="Uniform Resource Locator">URL</abbr>
</p>
</div>
<!-- EDIT9 SECTION "SSL by Ajax" [6937-] --></div>
</div>
<!-- EDIT9 SECTION "SSL by Ajax" [8009-] --></div>
</body>
</html>

2
doc/pages/documentation/current/autosignin.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:autosignin</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,autosignin"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="autosignin.html"/>

11
doc/pages/documentation/current/cda.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:cda</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,cda"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="cda.html"/>
@ -104,9 +104,14 @@ To use this feature only locally, edit <code>lemonldap-ng.ini</code> in section
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>all<span class="br0">&#93;</span></span>
<span class="re1">cda</span> <span class="sy0">=</span><span class="re2"> 1</span></pre>
<div class="noteimportant">If your handler is being served by Nginx, you have to uncomment the following lines in your nginx configuration file:
<pre class="code"># If CDA is used, uncomment this
auth_request_set $cookie_value $upstream_http_set_cookie;
add_header Set-Cookie $cookie_value;</pre>
</div>
<!-- EDIT5 SECTION "Configuration" [139-374] -->
</div>
<!-- EDIT5 SECTION "Configuration" [139-662] -->
<h3 class="sectionedit6" id="handlers">Handlers</h3>
<div class="level3">
@ -115,6 +120,6 @@ Choose “<abbr title="Cross Domain Authentication">CDA</abbr>” as type for ea
</p>
</div>
<!-- EDIT6 SECTION "Handlers" [375-] --></div>
<!-- EDIT6 SECTION "Handlers" [663-] --></div>
</body>
</html>

115
doc/pages/documentation/current/checkuser.html Normal file
View File

@ -0,0 +1,115 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:checkuser</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,checkuser"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="checkuser.html"/>
<link rel="contents" href="checkuser.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:checkuser","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="check_user_plugin">Check user plugin</h1>
<div class="level1">
<p>
This plugin allows us to check session attributes, access rights and transmitted headers for a specific user and <abbr title="Uniform Resource Locator">URL</abbr>. This can be useful for IT Ops, dev teams or administrators to debug or check rules. Plugin DISABLED by default.
</p>
</div>
<!-- EDIT1 SECTION "Check user plugin" [1-264] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<p>
Just enable it in the manager (section “plugins”).
</p>
<ul>
<li class="level1"><div class="li"> <strong>Parameters</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Activation</strong>: Enable / Disable this plugin</div>
</li>
<li class="level2"><div class="li"> <strong>Hidden attributes</strong>: Attributes not displayed</div>
</li>
<li class="level2"><div class="li"> <strong>Display persistent session</strong>: Display persistent session attributes</div>
</li>
<li class="level2"><div class="li"> <strong>Display empty value</strong>: Display ALL attributes even empty ones</div>
</li>
</ul>
</li>
</ul>
<div class="noteimportant">Be careful to not display secret attributes.
<p>
checkUser plugin hidden attributes are concatenation of
</p>
<p>
<code>checkUserHiddenAttributes</code> and <code>hiddenAttributes</code>.
</p>
<p>
You just have to append checkUser specific attributes.
</p>
</div><div class="notewarning">This plugin displays ALL user session attributes except the hidden ones.
<p>
You have to restrict access to specific users (administrators, DevOps, power users and so on...)
</p>
<p>
by setting an access rule like other VirtualHosts.
</p>
<p>
By example: <code>$groups =~ /\bsu\b/</code>
</p>
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [265-1147] -->
<h2 class="sectionedit3" id="usage">Usage</h2>
<div class="level2">
<p>
When enabled, <code>/checkuser</code> <abbr title="Uniform Resource Locator">URL</abbr> path is handled by this plugin.
</p>
</div>
<!-- EDIT3 SECTION "Usage" [1148-] --></div>
</body>
</html>

76
doc/pages/documentation/current/configlocation.html
View File

@ -185,7 +185,16 @@ When all modifications are done, click on <code>Save</code> to store configurati
<p>
LemonLDAP::NG provide a script that allows one to edit configuration without graphical interface, this script is called <code>lmConfigEditor</code> and is stored in the LemonLDAP::NG bin/ directory, for example /usr/share/lemonldap-ng/bin:
</p>
<ul>
<li class="level1"><div class="li"> On Debian:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lmConfigEditor</pre>
<ul>
<li class="level1"><div class="li"> On CentOS:</div>
</li>
</ul>
<pre class="code">/usr/libexec/lemonldap-ng/bin/lmConfigEditor</pre>
<div class="notetip">This script must be run as root, it will then use the Apache user and group to access configuration.
</div>
<p>
@ -212,14 +221,23 @@ If a modification is done, the configuration is saved with a new configuration n
</p>
</div>
<!-- EDIT4 SECTION "Configuration text editor" [3237-4465] -->
<!-- EDIT4 SECTION "Configuration text editor" [3237-4556] -->
<h2 class="sectionedit5" id="command_line_interface_cli">Command Line Interface (CLI)</h2>
<div class="level2">
<p>
LemonLDAP::NG provide a script that allows one to edit configuration items in non interactive mode. This script is called <code>lemonldap-ng-cli</code> and is stored in the LemonLDAP::NG bin/ directory, for example /usr/share/lemonldap-ng/bin:
</p>
<ul>
<li class="level1"><div class="li"> On Debian:</div>
</li>
</ul>
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli</pre>
<ul>
<li class="level1"><div class="li"> On CentOS:</div>
</li>
</ul>
<pre class="code">/usr/libexec/lemonldap-ng/bin/lemonldap-ng-cli</pre>
<div class="notetip">This script must be run as root, it will then use the Apache user and group to access configuration.
</div>
<p>
@ -272,7 +290,7 @@ Some examples:
<div class="notetip">See <a href="cli_examples.html" class="wikilink1" title="documentation:2.0:cli_examples">other examples</a>.
</div>
</div>
<!-- EDIT5 SECTION "Command Line Interface (CLI)" [4466-6260] -->
<!-- EDIT5 SECTION "Command Line Interface (CLI)" [4557-6445] -->
<h2 class="sectionedit6" id="apache">Apache</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Apache configuration
@ -294,7 +312,7 @@ See <a href="configapache.html" class="wikilink1" title="documentation:2.0:confi
</p>
</div>
<!-- EDIT6 SECTION "Apache" [6261-6659] -->
<!-- EDIT6 SECTION "Apache" [6446-6844] -->
<h3 class="sectionedit7" id="portal">Portal</h3>
<div class="level3">
@ -373,7 +391,7 @@ In Portal virtual host, you will find several configuration parts:
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT7 SECTION "Portal" [6660-9007] -->
<!-- EDIT7 SECTION "Portal" [6845-9192] -->
<h3 class="sectionedit8" id="manager1">Manager</h3>
<div class="level3">
@ -420,7 +438,7 @@ Configuration interface access is not protected by Apache but by LemonLDAP::NG i
</p>
</div>
<!-- EDIT8 SECTION "Manager" [9008-10551] -->
<!-- EDIT8 SECTION "Manager" [9193-10736] -->
<h3 class="sectionedit9" id="handler">Handler</h3>
<div class="level3">
<ul>
@ -473,7 +491,7 @@ Then, to protect a standard virtual host, the only configuration line to add is:
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler::Apache2</pre>
</div>
<!-- EDIT9 SECTION "Handler" [10552-11941] -->
<!-- EDIT9 SECTION "Handler" [10737-12126] -->
<h2 class="sectionedit10" id="nginx">Nginx</h2>
<div class="level2">
<div class="noteimportant">LemonLDAP::NG does not manage Nginx configuration
@ -496,7 +514,7 @@ See <a href="confignginx.html" class="wikilink1" title="documentation:2.0:config
<div class="notewarning"><a href="fastcgiserver.html" class="wikilink1" title="documentation:2.0:fastcgiserver">LL::NG FastCGI</a> server must be loaded separately.
</div>
</div>
<!-- EDIT10 SECTION "Nginx" [11942-12395] -->
<!-- EDIT10 SECTION "Nginx" [12127-12580] -->
<h3 class="sectionedit11" id="portal1">Portal</h3>
<div class="level3">
@ -507,7 +525,14 @@ In Portal virtual host, you will find several configuration parts:
<li class="level1"><div class="li"> Standard virtual host directives, to serve portal pages:</div>
</li>
</ul>
<pre class="code file nginx">server {
<pre class="code file nginx">## map directive must be in http context
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
# default &quot;&quot;;
# ~/CN=(?&lt;CN&gt;[^/]+) $CN;
# }
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
&nbsp;
server {
listen 80;
server_name auth.example.com;
root /var/lib/lemonldap-ng/portal/;
@ -523,12 +548,6 @@ In Portal virtual host, you will find several configuration parts:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Uncomment this if you use Auth SSL:
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
# default &quot;&quot;;
# ~/CN=(?&lt;CN&gt;[^/]+) $CN;
#}
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
}
&nbsp;
index index.psgi;
@ -536,7 +555,7 @@ In Portal virtual host, you will find several configuration parts:
try_files $uri $uri/ =404;
&nbsp;
# Uncomment this if you use https only
#add_header Strict-Transport-Security &quot;15768000&quot;;
#add_header Strict-Transport-Security max-age=15768000;
}
&nbsp;
location /static/ {
@ -568,7 +587,7 @@ In Portal virtual host, you will find several configuration parts:
}</pre>
</div>
<!-- EDIT11 SECTION "Portal" [12396-14187] -->
<!-- EDIT11 SECTION "Portal" [12581-14383] -->
<h3 class="sectionedit12" id="manager2">Manager</h3>
<div class="level3">
@ -602,7 +621,7 @@ By default, configuration interface access is not protected by Nginx but by Lemo
</p>
</div>
<!-- EDIT12 SECTION "Manager" [14188-14933] -->
<!-- EDIT12 SECTION "Manager" [14384-15129] -->
<h3 class="sectionedit13" id="handler1">Handler</h3>
<div class="level3">
@ -702,7 +721,7 @@ Then, to protect a standard virtual host, you must insert this (or create an inc
# Insert then your configuration (fastcgi_* or proxy_*)</pre>
</div>
<!-- EDIT13 SECTION "Handler" [14934-18015] -->
<!-- EDIT13 SECTION "Handler" [15130-18211] -->
<h2 class="sectionedit14" id="configuration_reload">Configuration reload</h2>
<div class="level2">
<div class="noteclassic">As Handlers keep configuration in cache, when configuration change, it should be updated in Handlers. An Apache restart will work, but LemonLDAP::NG offers the mean to reload them through an HTTP request. Configuration reload will then be effective in less than 10 minutes. If you want to change this timeout, set <code>checkTime = 240</code> in your lemonldap-ng.ini file <em>(values in seconds)</em>
@ -724,6 +743,23 @@ These parameters can be overwritten in LemonLDAP::NG ini file, in the section <c
The <code>reload</code> target is managed in Apache or Nginx configuration, inside a virtual host protected by LemonLDAP::NG Handler (see below examples in Apache-&gt;handler or Nginx-&gt;Handler).
</p>
<div class="noteimportant">You must allow access to declared URLs to your Manager <abbr title="Internet Protocol">IP</abbr>.
</div><div class="noteimportant">If reload <abbr title="Uniform Resource Locator">URL</abbr> is served in HTTPS, to avoid “Error 500 (certificate verify failed)”, Go to :
<p>
<code>General Parameters &gt; Advanced Parameters &gt; Security &gt; SSL options for server requests</code>
</p>
<p>
and set :
</p>
<p>
<strong>verify_hostname =&gt; 0</strong>
</p>
<p>
<strong>SSL_verify_mode =&gt; 0</strong>
</p>
</div><div class="noteimportant">If you want to use reload mechanism on a portal only host, you must install a handler in Portal host to be able to refresh local cache. Include <code>handler-nginx.conf</code> or <code>handler-apache2.conf</code> for example
</div>
<p>
@ -743,7 +779,7 @@ You also need to adjust the protection of the reload vhost, for example:
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT14 SECTION "Configuration reload" [18016-20299] -->
<!-- EDIT14 SECTION "Configuration reload" [18212-20768] -->
<h2 class="sectionedit15" id="local_file">Local file</h2>
<div class="level2">
@ -777,6 +813,6 @@ For example, to override configured skin for portal:
<div class="notetip">You need to know the technical name of configuration parameter to do this. You can refer to <a href="parameterlist.html" class="wikilink1" title="documentation:2.0:parameterlist">parameter list</a> to find it.
</div>
</div>
<!-- EDIT15 SECTION "Local file" [20300-] --></div>
<!-- EDIT15 SECTION "Local file" [20769-] --></div>
</body>
</html>

205
doc/pages/documentation/current/contribute.html Normal file
View File

@ -0,0 +1,205 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:contribute</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,contribute"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="contribute.html"/>
<link rel="contents" href="contribute.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:contribute","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#configure_ssh">Configure SSH</a></div></li>
<li class="level1"><div class="li"><a href="#install_basic_tools">Install basic tools</a></div>
<ul class="toc">
<li class="clear">
<ul class="toc">
<li class="level3"><div class="li"><a href="#debian">Debian</a></div></li>
<li class="level3"><div class="li"><a href="#configure_git">Configure Git</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#import_project">Import Project</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#install_dependencies">Install dependencies</a></div></li>
<li class="level1"><div class="li"><a href="#working_project">Working Project</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<p>
<strong>Do you want to contribute to LemonLdap::NG project ?</strong>
</p>
<h1 class="sectionedit1" id="contribute_to_project">Contribute to Project</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Contribute to Project" [59-95] -->
<h2 class="sectionedit2" id="configure_ssh">Configure SSH</h2>
<div class="level2">
<p>
<em>On Debian developper station :</em>
</p>
<pre class="code">ssh-keygen -o -t rsa -b 4096 -C &quot;your@email&quot;</pre>
<p>
Go to your gitlab account :
<a href="https://gitlab.ow2.org/profile/keys" class="urlextern" title="https://gitlab.ow2.org/profile/keys" rel="nofollow">https://gitlab.ow2.org/profile/keys</a>
</p>
<pre class="code">cat ~/.ssh/id_rsa.pub</pre>
<p>
copy id_rsa.pub content to key section and enter a name into “Title” tans “Add key” button
Test ssh connexion :
</p>
<pre class="code">ssh -T git@gitlab.com</pre>
<p>
accept messages
</p>
</div>
<!-- EDIT2 SECTION "Configure SSH" [96-447] -->
<h2 class="sectionedit3" id="install_basic_tools">Install basic tools</h2>
<div class="level2">
</div>
<h4 id="debian">Debian</h4>
<div class="level4">
<p>
<em>root :</em>
</p>
<pre class="code">apt install aptitude
aptitude install vim make devscripts yui-compressor git git-gui libjs-uglify coffeescript cpanminus
aptitude install libauth-yubikey-webclient-perl libnet-smtp-server-perl
cpanm Authen::U2F Authen::U2F::Tester Crypt::U2F::Server::Simple
npm install -g protractor # end-2-end tests
webdriver-manager update # install/update selenium driver</pre>
</div>
<h4 id="configure_git">Configure Git</h4>
<div class="level4">
<p>
<em>user :</em>
</p>
<pre class="code">git config --global user.name &quot;Name Surname&quot;
git config --global user.email &quot;your@mail&quot;
git config --global core.editor vim
git config --global merge.tool vimdiff
git config --global color.ui true
git config --list</pre>
</div>
<!-- EDIT3 SECTION "Install basic tools" [448-1151] -->
<h3 class="sectionedit4" id="import_project">Import Project</h3>
<div class="level3">
<p>
<em>user :</em>
create directory
in directory :
</p>
<pre class="code">git clone git@gitlab.ow2.org://user///lemonldap-ng.git
cd lemonldap-ng/
git log
git checkout master # go to master branch
git remote add upstream https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git # to connect to remote branch
git fetch upstream # import branch
git checkout v2.0 # to change branch
git fetch upstream</pre>
<p>
<em>on gitlab, create working branch, one per thematic</em>
<em>on linux station :</em>
</p>
<pre class="code">git checkout workingbranch
git log
git status
git merge upstream/v2.0 # merge branch 2.0 in working branch
git commit -am &quot;explanations (#number gitlab ticket)&quot;
git commit --amend file(s) # to modify a commit
git checkout -- file(s) # revert
git push # to send on remote working branch</pre>
<p>
On gitlab, submit merge request when tests are corrects.
</p>
</div>
<!-- EDIT4 SECTION "Import Project" [1152-1997] -->
<h2 class="sectionedit5" id="install_dependencies">Install dependencies</h2>
<div class="level2">
<pre class="code">aptitude install libapache-session-perl libcache-cache-perl libclone-perl libconfig-inifiles-perl libconvert-pem-perl libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl libcrypt-openssl-x509-perl libcrypt-rijndael-perl libdbi-perl libdigest-hmac-perl libemail-sender-perl libgd-securityimage-perl libhtml-template-perl libio-string-perl libjson-perl libmime-tools-perl libmouse-perl libnet-ldap-perl libplack-perl libregexp-assemble-perl libregexp-common-perl libsoap-lite-perl libstring-random-perl libunicode-string-perl liburi-perl libwww-perl libxml-simple-perl libxml-libxslt-perl libcrypt-urandom-perl libconvert-base32-perl
aptitude install apache2 libapache2-mod-fcgid libapache2-mod-perl2 # install Apache
aptitude install nginx nginx-extras # install Nginx
aptitude install perltidy</pre>
</div>
<!-- EDIT5 SECTION "Install dependencies" [1998-2840] -->
<h2 class="sectionedit6" id="working_project">Working Project</h2>
<div class="level2">
<pre class="code">make test # or manager_test, portal_test, ... to launch unit tests
make start_web_server # TESTUSESSL=1 to enable SSL engine (only available for Apache)
make start_web_server TESTWEBSERVER=nginx # to use Nginx web server
make stop_web_server
make reload_web_server # to reload LL:NG conf
make clean # to clean test files
make minify # to minify and compile coffeescript
make json # to build conf and manager tree
make manifest # to update manifest
make tidy # to magnify perl files (perl best pratices)
cd lemonldap-ng-portal &amp;&amp; prove t/XXXX # To launch specific unit test</pre>
</div>
<!-- EDIT6 SECTION "Working Project" [2841-] --></div>
</body>
</html>

4
doc/pages/documentation/current/dos
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=0f10c8fca57376e7bc8695f4a434476e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/dos?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1549988879" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Ados&amp;1554841530" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

4
doc/pages/documentation/current/exploit
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=0f10c8fca57376e7bc8695f4a434476e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/exploit?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1549988879" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Aexploit&amp;1554841530" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

16
doc/pages/documentation/current/external2f.html
View File

@ -48,11 +48,11 @@
<div class="level1">
<p>
This basic plugin can be used to add a second factor authentication device (SMS, OTP,...). It uses external commands to send and validate a second factor. Any language is allowed to call your 2nd factor system.
This basic plugin can be used to add a second factor authentication device (SMS, OTP,...). It uses external commands to send or validate a second factor. Any language is allowed to call your 2nd factor system.
</p>
</div>
<!-- EDIT1 SECTION "External Second Factor" [1-250] -->
<!-- EDIT1 SECTION "External Second Factor" [1-249] -->
<h2 class="sectionedit2" id="commands">Commands</h2>
<div class="level2">
@ -61,7 +61,7 @@ Commands receive arguments on command line and must return a 0 code if succeed,
</p>
</div>
<!-- EDIT2 SECTION "Commands" [251-477] -->
<!-- EDIT2 SECTION "Commands" [250-476] -->
<h3 class="sectionedit3" id="configuration">Configuration</h3>
<div class="level3">
@ -71,18 +71,20 @@ All parameters are configured in “General Parameters » Portal Parameters » E
<ul>
<li class="level1"><div class="li"> <strong>Activation</strong></div>
</li>
<li class="level1"><div class="li"> <strong>Send command</strong>: define your command using <em>$attribute</em> like in rules. Example: <code>/usr/local/bin/sendOtp --uid $uid</code></div>
<li class="level1"><div class="li"> <strong>Code RegEx</strong>: regular expression to create an OTP code. Let this option blank to delegate code Generation / Verification to an external provider</div>
</li>
<li class="level1"><div class="li"> <strong>Validation command</strong>: you must also use <em>$code</em> which is the value entered by user; Example: <code>/usr/local/bin/verify --uid $uid --code $code</code></div>
<li class="level1"><div class="li"> <strong>Send command</strong>: define your command using <em>$attribute</em> like in rules. Example: <code>/usr/local/bin/sendOtp --uid $uid</code> or <code>/usr/local/bin/sendCode --uid $uid --code $code</code> if code is generated by the Portal</div>
</li>
<li class="level1"><div class="li"> <strong>Validation command</strong>: Required ONLY if you delegate code Generation / Verification to an external provider. You must also use <em>$code</em> which is the value entered by user; Example: <code>/usr/local/bin/verify --uid $uid --code $code</code></div>
</li>
<li class="level1"><div class="li"> <strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
</li>
<li class="level1"><div class="li"> Logo (Optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
<li class="level1"><div class="li"> <strong>Logo</strong> (Optional): logo file <em>(in static/&lt;skin&gt; directory)</em></div>
</li>
</ul>
<div class="noteimportant">The command line is split in an array and launched with exec(). So you don&#039;t need to enclose arguments in “” and this feature protects your system against shell injection. However, you can not use any space except to separate arguments.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [478-] --></div>
<!-- EDIT3 SECTION "Configuration" [477-] --></div>
</body>
</html>

63
doc/pages/documentation/current/handlerauthbasic.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:handlerauthbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,handlerauthbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="handlerauthbasic.html"/>
@ -52,8 +52,8 @@
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#portal">Portal</a></div></li>
<li class="level2"><div class="li"><a href="#virtual_host">Virtual host</a></div></li>
<li class="level2"><div class="li"><a href="#nginx">Nginx</a></div></li>
<li class="level2"><div class="li"><a href="#handler_parameters">Handler parameters</a></div></li>
</ul></li>
</ul>
@ -88,7 +88,16 @@ This feature can be useful to allow a third party application to access a virtua
</div>
<!-- EDIT3 SECTION "Configuration" [625-651] -->
<h3 class="sectionedit4" id="virtual_host">Virtual host</h3>
<h3 class="sectionedit4" id="portal">Portal</h3>
<div class="level3">
<p>
<a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST server</a> must be enabled on portal.
</p>
</div>
<!-- EDIT4 SECTION "Portal" [652-726] -->
<h3 class="sectionedit5" id="virtual_host">Virtual host</h3>
<div class="level3">
<p>
@ -106,52 +115,20 @@ If you want to protect only a virtualHost part, keep type on “Main” and set
</ul>
</div>
<!-- EDIT4 SECTION "Virtual host" [652-1042] -->
<h3 class="sectionedit5" id="nginx">Nginx</h3>
<div class="level3">
<p>
Since 1.9.6, LLNG FastCGI server can handle AuthBasic handler. To call it, you just have to add <code>fastcgi_param VHOSTTYPE AuthBasic;</code> in the FastCGI server call and remove <code>error_page 401</code> directive:
</p>
<pre class="file">location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
fastcgi_param VHOSTTYPE AuthBasic;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will receive /lmauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
location / {
...
##################################
# CALLING AUTHENTICATION #
##################################
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
# Remove this for AuthBasic handler
#error_page 401 $lmlocation;
...
}</pre>
</div>
<!-- EDIT5 SECTION "Nginx" [1043-2065] -->
<!-- EDIT5 SECTION "Virtual host" [727-1117] -->
<h3 class="sectionedit6" id="handler_parameters">Handler parameters</h3>
<div class="level3">
<p>
No parameters needed. But you have to allow sessions web services, see <a href="restsessionbackend.html" class="wikilink1" title="documentation:2.0:restsessionbackend">REST sessions backend</a>.
No parameters needed. But you have to allow REST sessions web services, see <a href="restsessionbackend.html" class="wikilink1" title="documentation:2.0:restsessionbackend">REST sessions backend</a> and to enable local cache (enabled by default in lemonldap-ng.ini).
</p>
<div class="notewarning">With AuthBasic handler, you have to disable CSRF token by setting a special rule based on callers <abbr title="Internet Protocol">IP</abbr> address like this :
<p>
requireToken =&gt; $env-&gt;{REMOTE_ADDR} !~ /^127\.0\.[1-3]\.1$/
</p>
</div>
<!-- EDIT6 SECTION "Handler parameters" [2066-] --></div>
</div>
<!-- EDIT6 SECTION "Handler parameters" [1118-] --></div>
</body>
</html>

2
doc/pages/documentation/current/idpcas.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:idpcas</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,idpcas"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="idpcas.html"/>

10
doc/pages/documentation/current/idpsaml.html
View File

@ -132,11 +132,11 @@ After configuring <abbr title="Security Assertion Markup Language">SAML</abbr> S
</p>
<p>
They are available at the EntityID <abbr title="Uniform Resource Locator">URL</abbr>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata" rel="nofollow">http://auth.example.com/saml/metadata</a>.
They are available at the EntityID <abbr title="Uniform Resource Locator">URL</abbr>, by default: <a href="http://auth.example.com/saml/metadata" class="urlextern" title="http://auth.example.com/saml/metadata" rel="nofollow">http://auth.example.com/saml/metadata</a>. You can also use <a href="http://auth.example.com/saml/metadata/idp" class="urlextern" title="http://auth.example.com/saml/metadata/idp" rel="nofollow">http://auth.example.com/saml/metadata/idp</a> to have only IDP related metadata.
</p>
</div>
<!-- EDIT6 SECTION "Register LemonLDAP::NG on partner Service Provider" [848-1092] -->
<!-- EDIT6 SECTION "Register LemonLDAP::NG on partner Service Provider" [848-1186] -->
<h3 class="sectionedit7" id="register_partner_service_provider_on_lemonldapng">Register partner Service Provider on LemonLDAP::NG</h3>
<div class="level3">
@ -185,7 +185,7 @@ For each attribute, you can set:
</li>
<li class="level1"><div class="li"> <strong>Friendly Name</strong>: optional, <abbr title="Security Assertion Markup Language">SAML</abbr> attribute friendly name.</div>
</li>
<li class="level1"><div class="li"> <strong>Mandatory</strong>: if set to “On”, then this attribute will be sent in authentication response. Else it just will be sent trough an attribute response, if explicitly requested in an attribute request.</div>
<li class="level1"><div class="li"> <strong>Mandatory</strong>: if set to “On”, then this attribute is required to build the <abbr title="Security Assertion Markup Language">SAML</abbr> response, an error will displayed if there is no value for it. Optional attribute will be sent only if there is a value associated. Else it just will be sent trough an attribute response, if explicitly requested in an attribute request.</div>
</li>
<li class="level1"><div class="li"> <strong>Format</strong>: optional, <abbr title="Security Assertion Markup Language">SAML</abbr> attribute format.</div>
</li>
@ -276,7 +276,7 @@ For example: <a href="http://auth.example.com/saml/singleSignOn?IDPInitiated=1&a
</div>
</div>
<!-- EDIT7 SECTION "Register partner Service Provider on LemonLDAP::NG" [1093-4707] -->
<!-- EDIT7 SECTION "Register partner Service Provider on LemonLDAP::NG" [1187-4922] -->
<h2 class="sectionedit8" id="known_issues">Known issues</h2>
<div class="level2">
@ -285,6 +285,6 @@ Using both Issuer::<abbr title="Security Assertion Markup Language">SAML</abbr>
</p>
</div>
<!-- EDIT8 SECTION "Known issues" [4708-] --></div>
<!-- EDIT8 SECTION "Known issues" [4923-] --></div>
</body>
</html>

103
doc/pages/documentation/current/impersonation.html Normal file
View File

@ -0,0 +1,103 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:impersonation</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,impersonation"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="impersonation.html"/>
<link rel="contents" href="impersonation.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:impersonation","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="impersonation_plugin">Impersonation plugin</h1>
<div class="level1">
<p>
This plugin allows us to use identity of another user. User have to log in with its real account and can choose to use an another profile. Can be useful for training/learning or development platforms.
</p>
</div>
<!-- EDIT1 SECTION "Impersonation plugin" [1-239] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
<p>
Just enable it in the Manager (section “plugins”) by setting a rule. Impersonation can be allowed or denied for specific users. Furthermore, specific identities like administrators or anonymous users can be forbidden to impersonate.
</p>
<ul>
<li class="level1"><div class="li"> <strong>Parameters</strong>:</div>
<ul>
<li class="level2"><div class="li"> <strong>Use rule</strong>: Allow or deny only specific users to use this plugin</div>
</li>
<li class="level2"><div class="li"> <strong>Identities use rule</strong>: Rule to define which identities can be spoofed. Useful to prevent impersonation with specific identities like CEO, administrators or anonymous/protected users.</div>
</li>
<li class="level2"><div class="li"> <strong>Real attributes prefix</strong>: Prefix use to rename user real profile attributes.</div>
</li>
<li class="level2"><div class="li"> <strong>Hidden attributes</strong>: Attributes not displayed</div>
</li>
<li class="level2"><div class="li"> <strong>Skip empty values</strong>: Do not use empty profile attributes</div>
</li>
<li class="level2"><div class="li"> <strong>Merge spoofed and real <abbr title="Single Sign On">SSO</abbr> groups</strong>: Can be useful for administrators to keep higher privileges</div>
</li>
</ul>
</li>
</ul>
<div class="notewarning">You HAVE TO modify <strong>REMOTE_USER</strong> to log both real AND spoofed uid.
<p>
Set a macro like this : <code> _whatToTrace -&gt; $real__user ? &quot;$real__user/$_user&quot; : $_user </code>
</p>
<p>
and set <code>Genaral Parameters &gt; Logs &gt; REMOTE_USER</code> with <code> _whatToTrace </code>
</p>
</div><div class="noteimportant">Both spoofed and real profile attributes can be used to set access rules, groups or macros.
<p>
By example : <code>$real_uid eq &#039;dwho</code>&#039; or <code>$real_groups =~ /\bsu\b/</code>
</p>
</div><div class="noteimportant">By example, to prevent impersonation with &#039;dwho&#039; set <strong>Identities use rule</strong> like :
<p>
<code> $uid ne &#039;dwho&#039; </code>
</p>
</div>
</div>
<!-- EDIT2 SECTION "Configuration" [240-] --></div>
</body>
</html>

4
doc/pages/documentation/current/mitm
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=0f10c8fca57376e7bc8695f4a434476e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/mitm?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1549988879" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Amitm&amp;1554841530" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

890
doc/pages/documentation/current/parameterlist.html
View File

File diff suppressed because it is too large Load Diff

9
doc/pages/documentation/current/plugincustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:plugincustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,plugincustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="plugincustom.html"/>
@ -110,7 +110,8 @@ See also <code>Lemonldap::NG::Portal::Main::Plugin</code> man page.
Create for example the MyPlugin module:
</p>
<pre class="code">vi /usr/share/perl5/Lemonldap/NG/Portal/MyPlugin.pm</pre>
<pre class="code file perl"><a href="http://perldoc.perl.org/functions/package.html"><span class="kw3">package</span></a> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin</span><span class="sy0">;</span>
<div class="notetip">If you do not want to mix files from the distribution with your own work, put your own code in <code>/usr/local/lib/site_perl/Lemonldap/NG/Portal/MyPlugin.pm</code>
</div><pre class="code file perl"><a href="http://perldoc.perl.org/functions/package.html"><span class="kw3">package</span></a> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin</span><span class="sy0">;</span>
&nbsp;
<span class="kw2">use</span> Mouse<span class="sy0">;</span>
<span class="kw2">use</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">Main</span><span class="sy0">::</span><span class="me2">Constants</span><span class="sy0">;</span>
@ -146,7 +147,7 @@ extends <span class="st_h">'Lemonldap::NG::Portal::Main::Plugin'</span><span cla
<span class="nu0">1</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT4 SECTION "Plugin Perl module" [816-1917] -->
<!-- EDIT4 SECTION "Plugin Perl module" [816-2090] -->
<h3 class="sectionedit5" id="configuration">Configuration</h3>
<div class="level3">
@ -159,6 +160,6 @@ customPlugins <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><sp
<span class="sy0">;</span>customPlugins <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin1</span><span class="sy0">,</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Portal</span><span class="sy0">::</span><span class="me2">MyPlugin2</span><span class="sy0">,</span> <span class="sy0">...</span></pre>
</div>
<!-- EDIT5 SECTION "Configuration" [1918-] --></div>
<!-- EDIT5 SECTION "Configuration" [2091-] --></div>
</body>
</html>

67
doc/pages/documentation/current/portalcustom.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:portalcustom</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,portalcustom"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="portalcustom.html"/>
@ -223,9 +223,13 @@ We include some template files that can be customized:
<ul>
<li class="level1"><div class="li"> customhead.tpl : <abbr title="HyperText Markup Language">HTML</abbr> header markups (like <abbr title="Cascading Style Sheets">CSS</abbr>, js inclusion)</div>
</li>
<li class="level1"><div class="li"> customheader.tpl : <abbr title="HyperText Markup Language">HTML</abbr> code int the header div</div>
<li class="level1"><div class="li"> customheader.tpl : <abbr title="HyperText Markup Language">HTML</abbr> code in the header</div>
</li>
<li class="level1"><div class="li"> customfooter.tpm : <abbr title="HyperText Markup Language">HTML</abbr> code in the footer div</div>
<li class="level1"><div class="li"> customfooter.tpm : <abbr title="HyperText Markup Language">HTML</abbr> code in the footer</div>
</li>
<li class="level1"><div class="li"> customLoginHeader.tpl : <abbr title="HyperText Markup Language">HTML</abbr> code int the login header</div>
</li>
<li class="level1"><div class="li"> customLoginFooter.tpl : <abbr title="HyperText Markup Language">HTML</abbr> code int the login footer</div>
</li>
</ul>
@ -261,17 +265,21 @@ To configure your new skin in Manager, select the custom skin, and enter your sk
<pre class="code">/usr/share/lemonldap-ng/bin/lemonldap-ng-cli -yes 1 set portalSkin &#039;myskin&#039; portalSkinBackground &#039;&#039;</pre>
</div>
<!-- EDIT9 SECTION "Skin customization" [2473-4399] -->
<!-- EDIT9 SECTION "Skin customization" [2473-4508] -->
<h3 class="sectionedit10" id="messages">Messages</h3>
<div class="level3">
<p>
Messages are defined in source code. If they really do not please you, override them! You just need to know the ID of the message (look at Portal/Simple.pm) and then :
Messages are defined in source code. If they really do not please you, override them! You just need to know the ID of the message (look at Portal/Simple.pm).
</p>
<p>
* <strong>add to</strong> <code>lemonldap-ng.ini</code> :
There are two methods to do this:
</p>
<ul>
<li class="level1"><div class="li"> Use <code>lemonldap-ng.ini</code>:</div>
</li>
</ul>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
&nbsp;
# Custom error messages
@ -281,19 +289,34 @@ Messages are defined in source code. If they really do not please you, override
<span class="re1">msg_lastLogins</span> <span class="sy0">=</span><span class="re2"> Your last connections</span></pre>
<p>
* <strong>or declare a translation file in</strong> <code>lemonldap-ng.ini</code> :
You can also define messages in several languages or disable message boxes by using the bareword <code>_hide_</code> :
</p>
<pre class="code file ini"><span class="re1">error_en_0</span> <span class="sy0">=</span><span class="re2"> Big brother is watching you, authenticated user</span>
<span class="re1">error_fr_0</span> <span class="sy0">=</span><span class="re2"> Souriez vous êtes surveillés !</span>
<span class="re1">msg_fr_lastLogins</span> <span class="sy0">=</span><span class="re2"> Dernières connexions</span>
<span class="re1">error_9</span> <span class="sy0">=</span><span class="re2"> _hide_</span></pre>
<ul>
<li class="level1"><div class="li"> Create a lang file in custom skin:</div>
</li>
</ul>
<p>
If you have a custom skin, then you can create a lang file in <code>templates/&lt;your skin</code> similar to the default lang files provided in <code>htdocs/static/languages/</code>.
</p>
<p>
For example <code>htdocs/static/languages/en.json</code>:
</p>
<pre class="code file javascript"><span class="br0">&#123;</span>
<span class="st0">&quot;PE9&quot;</span><span class="sy0">:</span><span class="st0">&quot;Please authenticate!&quot;</span>
<span class="br0">&#125;</span></pre>
<p>
You can also create a file called <code>all.json</code> to override messages in all languages.
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
&nbsp;
# Custom messages
<span class="re1">translations</span> <span class="sy0">=</span><span class="re2"> site/templates/localeTranslations.txt</span></pre>
<div class="notetip">You can also define messages in several languages:<pre class="code file ini"><span class="re1">error_en_0</span> <span class="sy0">=</span><span class="re2"> Big brother is watching you, authenticated user</span>
<span class="re1">error_fr_0</span> <span class="sy0">=</span><span class="re2"> Souriez vous êtes surveillés !</span>
<span class="re1">msg_fr_lastLogins</span> <span class="sy0">=</span><span class="re2"> Dernières connexions</span></pre>
</div>
</div>
<!-- EDIT10 SECTION "Messages" [4400-5210] -->
<!-- EDIT10 SECTION "Messages" [4509-5651] -->
<h3 class="sectionedit11" id="menu_tabs">Menu tabs</h3>
<div class="level3">
@ -309,7 +332,7 @@ This will allow one to display the tab directly with this <abbr title="Uniform R
</p>
</div>
<!-- EDIT11 SECTION "Menu tabs" [5211-5517] -->
<!-- EDIT11 SECTION "Menu tabs" [5652-5958] -->
<h3 class="sectionedit12" id="template_parameters">Template parameters</h3>
<div class="level3">
@ -337,7 +360,7 @@ You can also display environment variables, with the prefix <code>env_</code>:
<pre class="code file html4strict">Your IP is <span class="sc2">&lt;TMPL_VAR <span class="kw3">NAME</span><span class="sy0">=</span><span class="st0">&quot;env_REMOTE_ADDR&quot;</span>&gt;</span></pre>
</div>
<!-- EDIT12 SECTION "Template parameters" [5518-6165] -->
<!-- EDIT12 SECTION "Template parameters" [5959-6606] -->
<h2 class="sectionedit13" id="buttons">Buttons</h2>
<div class="level2">
@ -354,7 +377,7 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT13 SECTION "Buttons" [6166-6682] -->
<!-- EDIT13 SECTION "Buttons" [6607-7123] -->
<h2 class="sectionedit14" id="password_management">Password management</h2>
<div class="level2">
<ul>
@ -367,7 +390,7 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT14 SECTION "Password management" [6683-7133] -->
<!-- EDIT14 SECTION "Password management" [7124-7574] -->
<h2 class="sectionedit15" id="other_parameters">Other parameters</h2>
<div class="level2">
<ul>
@ -375,7 +398,7 @@ This node allows one to enable/disable buttons on the login page:
</li>
<li class="level1"><div class="li"> <strong>New window</strong>: open menu links in new window</div>
</li>
<li class="level1"><div class="li"> <strong>Anti iframe protection</strong>: will kill parent frames to avoid some well known attacks</div>
<li class="level1"><div class="li"> <strong>Anti iframe protection</strong>: Set <code>X-Frame-Options</code> and CSP <code>frame-ancestors</code> headers (see <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#Browser_compatibility" class="urlextern" title="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#Browser_compatibility" rel="nofollow">Browser compatibility</a>)</div>
</li>
<li class="level1"><div class="li"> <strong>Ping interval</strong>: Number of milliseconds between each ping (Ajax request) on the portal menu. Set to 0 to dismiss checks.</div>
</li>
@ -386,6 +409,6 @@ This node allows one to enable/disable buttons on the login page:
</ul>
</div>
<!-- EDIT15 SECTION "Other parameters" [7134-] --></div>
<!-- EDIT15 SECTION "Other parameters" [7575-] --></div>
</body>
</html>

9
doc/pages/documentation/current/renater.html
View File

@ -188,9 +188,10 @@ Go to <a href="https://federation.renater.fr/registry" class="urlextern" title="
<p>
Configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Provider with this <a href="idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">documentation</a>. You don&#039;t need to declare any SP for the moment.
</p>
<div class="noteimportant">If your <abbr title="LemonLDAP::NG">LL::NG</abbr> server will act as SP and IDP inside Renater federation, you need to set the advanced parameter “Override Entity ID for IDP”. Indeed, Renater do not allow to register a SP and an IDP with the same entityID.
</div>
<!-- EDIT8 SECTION "LL::NG configuration" [3791-3952] -->
</div>
<!-- EDIT8 SECTION "LL::NG configuration" [3791-4198] -->
<h3 class="sectionedit9" id="metadata_import1">Metadata import</h3>
<div class="level3">
@ -224,7 +225,7 @@ Adapt IDP options, for example:
<span class="br0">&#125;</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT9 SECTION "Metadata import" [3953-5552] -->
<!-- EDIT9 SECTION "Metadata import" [4199-5798] -->
<h3 class="sectionedit10" id="add_your_idp_into_the_federation">Add your IDP into the federation</h3>
<div class="level3">
@ -233,6 +234,6 @@ Go to <a href="https://federation.renater.fr/registry" class="urlextern" title="
</p>
</div>
<!-- EDIT10 SECTION "Add your IDP into the federation" [5553-] --></div>
<!-- EDIT10 SECTION "Add your IDP into the federation" [5799-] --></div>
</body>
</html>

20
doc/pages/documentation/current/restconfbackend.html
View File

@ -63,17 +63,27 @@
<div class="level1">
<p>
You can share your configuration over the network using REST proxy system.
You can share your configuration over the network using REST proxy system:
</p>
<ul>
<li class="level1"><div class="li"> GET /config/latest: get the last config metadata</div>
</li>
<li class="level1"><div class="li"> GET /config/&lt;cfgNum&gt;: get the metadata for config n° &lt;cfgNum&gt;</div>
</li>
<li class="level1"><div class="li"> GET /config/&lt;latest|cfgNum&gt;/&lt;key&gt;: get conf key value</div>
</li>
<li class="level1"><div class="li"> GET /config/&lt;latest|cfgNum&gt;?full: get the full configuration</div>
</li>
</ul>
<div class="notetip">Note that REST is not a real configuration backend, but just a proxy system to access to your configuration over the network
</div>
</div>
<!-- EDIT1 SECTION "REST configuration backend" [1-261] -->
<!-- EDIT1 SECTION "REST configuration backend" [1-504] -->
<h2 class="sectionedit2" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT2 SECTION "Configuration" [262-288] -->
<!-- EDIT2 SECTION "Configuration" [505-531] -->
<h3 class="sectionedit3" id="first_configure_your_real_backend">First, configure your real backend</h3>
<div class="level3">
<ul>
@ -102,7 +112,7 @@ location /index.psgi/config {
}</pre>
</div>
<!-- EDIT3 SECTION "First, configure your real backend" [289-1069] -->
<!-- EDIT3 SECTION "First, configure your real backend" [532-1312] -->
<h3 class="sectionedit4" id="next_configure_rest_for_your_remote_servers">Next, configure REST for your remote servers</h3>
<div class="level3">
@ -124,6 +134,6 @@ You can also add some other parameters
<span class="re1">proxyOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> timeout <span class="sy0">=</span>&gt; 5 <span class="br0">&#125;</span></span></pre>
</div>
<!-- EDIT4 SECTION "Next, configure REST for your remote servers" [1070-] --></div>
<!-- EDIT4 SECTION "Next, configure REST for your remote servers" [1313-] --></div>
</body>
</html>

4
doc/pages/documentation/current/restservices.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:restservices</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,restservices"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="restservices.html"/>
@ -48,7 +48,7 @@
<div class="level1">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal provide a SOAP server that can be enable to give configuration and/or session. These features can be enabled using the manager.
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal provide a REST server that can be enable to give configuration and/or session. These features can be enabled using the manager.
</p>
</div>

14
doc/pages/documentation/current/restsessionbackend.html
View File

@ -183,6 +183,20 @@ For example, if real sessions are stored in <a href="filesessionbackend.html" cl
<span class="re1">globalStorageOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> 'Directory' <span class="sy0">=</span>&gt; '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' <span class="sy0">=</span>&gt; '/var/lib/lemonldap-ng/sessions/lock/', <span class="br0">&#125;</span></span></pre>
<div class="notetip">Session explorer and “single session” features can&#039;t be used using this backend. Session explorer and portal must be launched with real backend.
</div>
<p>
By default, only few sessions keys are shared by REST (authenticationLevel, groups, ipAddr, _startTime, _utime, _lastSeen, _session_id), you need to define which other keys you want to share in <code>General parameters</code> » <code>Plugins</code> » <code>Portal servers</code> » <code>SOAP/REST exported attributes</code>.
</p>
<p>
You must start with <code>+</code> to keep default keys, else they will not be shared. For example:
</p>
<pre class="code">+ uid cn mail</pre>
<p>
To share only the listed attributes:
</p>
<pre class="code">authenticationLevel groups ipAddr _startTime _utime _lastSeen _session_id uid cn mail</pre>
</div>
<!-- EDIT6 SECTION "Real session backend" [2409-] --></div>
</body>

38
doc/pages/documentation/current/samlservice.html
View File

@ -138,7 +138,7 @@ This documentation explains how configure <abbr title="Security Assertion Markup
</p>
<p>
SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="urlextern" title="http://lasso.entrouvert.org" rel="nofollow">Lasso</a>. You will need a very recent version of Lasso (&gt;= 2.5.0).
SAML2 implementation is based on <a href="http://lasso.entrouvert.org" class="urlextern" title="http://lasso.entrouvert.org" rel="nofollow">Lasso</a>. You will need a very recent version of Lasso (&gt;= 2.6.0).
</p>
</div>
@ -203,10 +203,9 @@ Your EntityID, often use as metadata <abbr title="Uniform Resource Locator">URL<
...
<span class="sc3"><span class="re1">&lt;/EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
</div><div class="notewarning">If you modify <code>/saml/metadata</code> suffix you have to change corresponding Apache rewrite rule.
</div>
</div>
<!-- EDIT6 SECTION "Entry Identifier" [1793-2190] -->
<!-- EDIT6 SECTION "Entry Identifier" [1793-2074] -->
<h3 class="sectionedit7" id="security_parameters">Security parameters</h3>
<div class="level3">
@ -233,8 +232,7 @@ To define keys, you can:
You can import a certificate containing the public key instead the raw public key. However, certificate will not be really validated by other <abbr title="Security Assertion Markup Language">SAML</abbr> components (expiration date, common name, etc.), but will just be a public key wrapper.
</p>
<div class="notetip">You can easily generate a certificate to replace your public key by saving the private key in a file, and use <code>openssl</code> commands to issue a self-signed certificate:
<pre class="code">$ openssl req -new -key private.key -out cert.csr
$ openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</pre>
<pre class="code">$ openssl req -new -key private.key -out cert.pem -x509 -days 3650</pre>
</div><ul>
<li class="level1"><div class="li"> <strong>Use certificate in response</strong>: Certificate will be sent inside <abbr title="Security Assertion Markup Language">SAML</abbr> responses.</div>
@ -245,7 +243,7 @@ $ openssl x509 -req -days 3650 -in cert.csr -signkey private.key -out cert.pem</
<div class="noteimportant">Default value is RSA SHA1 for compatibility purpose but we recommend to use RSA SHA256. This requires to test all partners to check their compatibility.
</div>
</div>
<!-- EDIT7 SECTION "Security parameters" [2191-3653] -->
<!-- EDIT7 SECTION "Security parameters" [2075-3475] -->
<h3 class="sectionedit8" id="nameid_formats">NameID formats</h3>
<div class="level3">
@ -282,7 +280,7 @@ Other NameID formats are automatically managed:
</ul>
</div>
<!-- EDIT8 SECTION "NameID formats" [3654-4412] -->
<!-- EDIT8 SECTION "NameID formats" [3476-4234] -->
<h3 class="sectionedit9" id="authentication_contexts">Authentication contexts</h3>
<div class="level3">
@ -306,7 +304,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT9 SECTION "Authentication contexts" [4413-5136] -->
<!-- EDIT9 SECTION "Authentication contexts" [4235-4958] -->
<h3 class="sectionedit10" id="organization">Organization</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Organization metadata section:
@ -326,7 +324,7 @@ Customizable NameID formats are:
</ul>
</div>
<!-- EDIT10 SECTION "Organization" [5137-5648] -->
<!-- EDIT10 SECTION "Organization" [4959-5470] -->
<h3 class="sectionedit11" id="service_provider">Service Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
@ -409,7 +407,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT11 SECTION "Service Provider" [5649-6703] -->
<!-- EDIT11 SECTION "Service Provider" [5471-6525] -->
<h3 class="sectionedit12" id="identity_provider">Identity Provider</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Service Provider metadata section:
@ -494,7 +492,7 @@ The only authorized binding is SOAP. This should be set as Default.
</p>
</div>
<!-- EDIT12 SECTION "Identity Provider" [6704-7692] -->
<!-- EDIT12 SECTION "Identity Provider" [6526-7514] -->
<h3 class="sectionedit13" id="attribute_authority">Attribute Authority</h3>
<div class="level3">
<div class="noteclassic">This concerns all parameters for the Attribute Authority metadata section
@ -517,7 +515,7 @@ Response Location should be empty, as SOAP responses are directly returned (sync
</p>
</div>
<!-- EDIT13 SECTION "Attribute Authority" [7693-8104] -->
<!-- EDIT13 SECTION "Attribute Authority" [7515-7926] -->
<h3 class="sectionedit14" id="advanced">Advanced</h3>
<div class="level3">
@ -529,6 +527,12 @@ These parameters are not mandatory to run <abbr title="Security Assertion Markup
</li>
<li class="level1"><div class="li"> <strong>UTF8 metadata conversion</strong>: set to On to force partner&#039;s metadata conversion.</div>
</li>
<li class="level1"><div class="li"> <strong>RelayState session timeout</strong>: timeout for RelayState sessions. By default, the RelayState session is deleted when it is read. This timeout allows one to purge sessions of lost RelayState.</div>
</li>
<li class="level1"><div class="li"> <strong>Use specific query_string method</strong>: the CGI query_string method may break invalid <abbr title="Uniform Resource Locator">URL</abbr> encoded signatures (issued for example by ADFS). This option allows one to use a specific method to extract query string, that should be compliant with non standard <abbr title="Uniform Resource Locator">URL</abbr> encoded parameters.</div>
</li>
<li class="level1"><div class="li"> <strong>Override Entity ID when acting as IDP</strong>: By default, <abbr title="Security Assertion Markup Language">SAML</abbr> entityID is the same for SP and IDP roles. Some federations (like <a href="renater.html" class="wikilink1" title="documentation:2.0:renater">Renater</a>) can require a different entityID for IDP. In this case, you can fill here the IDP entityID, for example: <code><a href="https://auth.example.com/saml/metadata/idp" class="urlextern" title="https://auth.example.com/saml/metadata/idp" rel="nofollow">https://auth.example.com/saml/metadata/idp</a></code>.</div>
</li>
</ul>
</div>
@ -544,13 +548,7 @@ By default, the main session module is used to store <abbr title="Security Asser
This is not the case of <a href="memcachedsessionbackend.html" class="wikilink1" title="documentation:2.0:memcachedsessionbackend">Memcached</a> for example. In this case, you can choose a different module to manage <abbr title="Security Assertion Markup Language">SAML</abbr> sessions.
</p>
<div class="notetip">You can also choose a different session module to split <abbr title="Single Sign On">SSO</abbr> sessions and <abbr title="Security Assertion Markup Language">SAML</abbr> sessions.
</div><ul>
<li class="level1"><div class="li"> <strong>RelayState session timeout</strong>: timeout for RelayState sessions. By default, the RelayState session is deleted when it is read. This timeout allows one to purge sessions of lost RelayState.</div>
</li>
<li class="level1"><div class="li"> <strong>Use specific query_string method</strong>: the CGI query_string method may break invalid <abbr title="Uniform Resource Locator">URL</abbr> encoded signatures (issued for example by ADFS). This option allows one to use a specific method to extract query string, that should be compliant with non standard <abbr title="Uniform Resource Locator">URL</abbr> encoded parameters.</div>
</li>
</ul>
</div>
</div>
<h4 id="common_domain_cookie">Common Domain Cookie</h4>
@ -600,6 +598,6 @@ Configuration parameters are:
</ul>
</div>
<!-- EDIT14 SECTION "Advanced" [8105-] --></div>
<!-- EDIT14 SECTION "Advanced" [7927-] --></div>
</body>
</html>

17
doc/pages/documentation/current/security.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:security</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,security"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="security.html"/>
@ -397,16 +397,21 @@ Go in Manager, <code>General parameters</code> » <code>Advanced parameters</cod
</li>
<li class="level1"><div class="li"> <strong>Content Security Policy</strong>: Portal builds dynamically this header. You can modify default values. Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn&#039;t block the redirects whereas Chrome does). Administrators may have to modify formAction value with wildcard likes *.</div>
</li>
<li class="level1"><div class="li"> <strong>Required token for forms</strong>: To prevent CSRF attack, a token is build for each form. To disable it, set this parameter to &#039;Off&#039;.</div>
<li class="level1"><div class="li"> <strong>Required token for forms</strong>: To prevent CSRF attack, a token is build for each form. To disable it, set this parameter to &#039;Off&#039; or set a special rule</div>
</li>
<li class="level1"><div class="li"> <strong>Form timeout</strong>: Form token timeout (default to 120 seconds)</div>
</li>
<li class="level1"><div class="li"> <strong>Use global storage</strong>: Local cache is used by default for one time tokens. To use global storage, set it to &#039;On&#039;</div>
</li>
</ul>
<div class="notewarning">If URLs are protected with AuthBasic handler, you have to disable CSRF token by setting a special rule based on callers <abbr title="Internet Protocol">IP</abbr> address like this :
<p>
requireToken =&gt; $env-&gt;{REMOTE_ADDR} !~ /^127\.0\.[1-3]\.1$/
</p>
</div>
<!-- EDIT18 SECTION "Configure security settings" [7529-9858] -->
</div>
<!-- EDIT18 SECTION "Configure security settings" [7529-10106] -->
<h2 class="sectionedit19" id="fail2ban">Fail2ban</h2>
<div class="level2">
@ -458,7 +463,7 @@ Restart fail2ban
</p>
</div>
<!-- EDIT19 SECTION "Fail2ban" [9859-10913] -->
<!-- EDIT19 SECTION "Fail2ban" [10107-11161] -->
<h2 class="sectionedit20" id="sessions_identifier">Sessions identifier</h2>
<div class="level2">
@ -471,7 +476,7 @@ We recommend to use : <code>Lemonldap::NG::Common::Apache::Session::Generate::SH
</p>
</div>
<!-- EDIT20 SECTION "Sessions identifier" [10914-11176] -->
<!-- EDIT20 SECTION "Sessions identifier" [11162-11424] -->
<h2 class="sectionedit21" id="saml">SAML</h2>
<div class="level2">
@ -480,6 +485,6 @@ See <a href="samlservice.html#security_parameters" class="wikilink1" title="docu
</p>
</div>
<!-- EDIT21 SECTION "SAML" [11177-] --></div>
<!-- EDIT21 SECTION "SAML" [11425-] --></div>
</body>
</html>

15
doc/pages/documentation/current/sessions.html
View File

@ -94,6 +94,21 @@ To configure sessions, go in Manager, <code>General Parameters</code> » <code>S
<div class="noteimportant">Note that since HTTP protocol is not connected, restrictions are not applied to the new session: the oldest are destroyed.
</div>
</div>
<!-- EDIT1 SECTION "Sessions" [1-2284] -->
<h1 class="sectionedit2" id="command-line_tools">Command-line tools</h1>
<div class="level1">
<ul>
<li class="level1"><div class="li"> LLNG Portal provides a simple tool to delete a session: <code>llngDeleteSession</code>. To use it, simply give it the user identifier <em>(wildcard are authorizated)</em>:</div>
</li>
</ul>
<pre class="code shell"># Delete all sessions opened by user &quot;dwho&quot;
$ llngDeleteSession dwho
# Delete all sessions opened by user starting with &quot;dh&quot;
$ llngDeleteSession dh*
# Delete all sessions:
$ llngDeleteSession *</pre>
</div>
<!-- EDIT2 SECTION "Command-line tools" [2285-] --></div>
</body>
</html>

8
doc/pages/documentation/current/soapsessionbackend.html
View File

@ -118,7 +118,7 @@ Then, set <code>Lemonldap::NG::Common::Apache::Session::SOAP</code> in <code>Gen
<!-- EDIT4 TABLE [1163-1324] --><div class="notetip">Use /adminSessions if the Handler need to modify the session, for example if you configured an idle timeout.
</div>
<p>
By default, only few sessions keys are shared by SOAP (ipAddr, _utime, _session_id), you need to define which other keys you want to share in <code>General parameters</code> » <code>Advanced parameters</code> » <code>SOAP</code> » <code>Exported attributes</code>.
By default, only few sessions keys are shared by SOAP (authenticationLevel, groups, ipAddr, _startTime, _utime, _lastSeen, _session_id), you need to define which other keys you want to share in <code>General parameters</code> » <code>Plugins</code> » <code>Portal servers</code> » <code>SOAP/REST exported attributes</code>.
</p>
<p>
@ -132,7 +132,7 @@ To share only the listed attributes:
<pre class="code">_utime _session_id uid cn mail</pre>
</div>
<!-- EDIT3 SECTION "Manager" [852-1889] -->
<!-- EDIT3 SECTION "Manager" [852-1949] -->
<h3 class="sectionedit5" id="apache">Apache</h3>
<div class="level3">
@ -150,7 +150,7 @@ Sessions SOAP end points access must be allowed in Apache portal configuration (
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT5 SECTION "Apache" [1890-2315] -->
<!-- EDIT5 SECTION "Apache" [1950-2375] -->
<h3 class="sectionedit6" id="real_session_backend">Real session backend</h3>
<div class="level3">
@ -167,6 +167,6 @@ For example, if real sessions are stored in <a href="filesessionbackend.html" cl
<div class="notetip">If your sessions explorer is on the same server that the portal, either use the <strong>adminSessions</strong> end point in Manager configuration, or override the <code>globalStorage</code> and <code>globalStorageOptions</code> parameters in section all (and not portal) of <code>lemonldap-ng.ini</code>.
</div>
</div>
<!-- EDIT6 SECTION "Real session backend" [2316-] --></div>
<!-- EDIT6 SECTION "Real session backend" [2376-] --></div>
</body>
</html>

70
doc/pages/documentation/current/start.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:start</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,start"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="start.html"/>
@ -517,49 +517,55 @@
<td class="col0"> <a href="checkstate.html" class="wikilink1" title="documentation:2.0:checkstate">Check state</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Check state plugin (test page) </td>
</tr>
<tr class="row5 rowodd">
<td class="col0"> <a href="plugincustom.html" class="wikilink1" title="documentation:2.0:plugincustom">Custom</a> </td><td class="col1"> Write a custom plugin </td>
<td class="col0"> <a href="checkuser.html" class="wikilink1" title="documentation:2.0:checkuser">Check user </a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Check access rights, transmitted headers and session attibutes for a specific user and <abbr title="Uniform Resource Locator">URL</abbr> </td>
</tr>
<tr class="row6 roweven">
<td class="col0"> <a href="forcereauthn.html" class="wikilink1" title="documentation:2.0:forcereauthn">Force Authentication</a> </td><td class="col1"> Force authentication to access to Portal </td>
<td class="col0"> <a href="plugincustom.html" class="wikilink1" title="documentation:2.0:plugincustom">Custom</a> </td><td class="col1"> Write a custom plugin </td>
</tr>
<tr class="row7 rowodd">
<td class="col0"> <a href="loginhistory.html" class="wikilink1" title="documentation:2.0:loginhistory">Display login history</a> </td><td class="col1"></td>
</tr>
<tr class="row8 roweven">
<td class="col0"> <a href="sessions.html" class="wikilink1" title="documentation:2.0:sessions">Grant Sessions rules</a> </td><td class="col1"></td>
<td class="col0"> <a href="forcereauthn.html" class="wikilink1" title="documentation:2.0:forcereauthn">Force Authentication</a> </td><td class="col1"> Force authentication to access to Portal </td>
</tr>
<tr class="row9 rowodd">
<td class="col0"> <a href="notifications.html" class="wikilink1" title="documentation:2.0:notifications">Notifications system</a> </td><td class="col1"></td>
<td class="col0"> <a href="sessions.html" class="wikilink1" title="documentation:2.0:sessions">Grant Sessions rules</a> </td><td class="col1"></td>
</tr>
<tr class="row10 roweven">
<td class="col0"> <a href="public_pages.html" class="wikilink1" title="documentation:2.0:public_pages">Public pages</a> </td><td class="col1"> Enable public pages system </td>
<td class="col0"> <a href="impersonation.html" class="wikilink1" title="documentation:2.0:impersonation">Impersonation </a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Allow users to use another identity </td>
</tr>
<tr class="row11 rowodd">
<td class="col0"> <a href="resetpassword.html" class="wikilink1" title="documentation:2.0:resetpassword">Reset password by mail</a> </td><td class="col1"></td>
<td class="col0"> <a href="notifications.html" class="wikilink1" title="documentation:2.0:notifications">Notifications system</a> </td><td class="col1"></td>
</tr>
<tr class="row12 roweven">
<td class="col0"> <a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST services</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> REST server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
</tr>
<tr class="row13 rowodd">
<td class="col0"> <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP services</a> <em>(deprecated)</em> </td><td class="col1"> SOAP server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
</tr>
<tr class="row14 roweven">
<td class="col0"> <a href="status.html" class="wikilink1" title="documentation:2.0:status">Portal Status</a> </td><td class="col1"> Experimental portal status page </td>
</tr>
<tr class="row13 rowodd">
<td class="col0"> <a href="public_pages.html" class="wikilink1" title="documentation:2.0:public_pages">Public pages</a> </td><td class="col1"> Enable public pages system </td>
</tr>
<tr class="row14 roweven">
<td class="col0"> <a href="resetpassword.html" class="wikilink1" title="documentation:2.0:resetpassword">Reset password by mail</a> </td><td class="col1"></td>
</tr>
<tr class="row15 rowodd">
<td class="col0"> <a href="stayconnected" class="wikilink2" title="documentation:2.0:stayconnected" rel="nofollow">Stay connected</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Enable persistent connection on same browser </td>
<td class="col0"> <a href="restservices.html" class="wikilink1" title="documentation:2.0:restservices">REST services</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> REST server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
</tr>
<tr class="row16 roweven">
<td class="col0"> <a href="soapservices.html" class="wikilink1" title="documentation:2.0:soapservices">SOAP services</a> <em>(deprecated)</em> </td><td class="col1"> SOAP server for <a href="authproxy.html" class="wikilink1" title="documentation:2.0:authproxy">Proxy</a> </td>
</tr>
<tr class="row17 rowodd">
<td class="col0"> <a href="stayconnected" class="wikilink2" title="documentation:2.0:stayconnected" rel="nofollow">Stay connected</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Enable persistent connection on same browser </td>
</tr>
<tr class="row18 roweven">
<td class="col0"> Upgrade session <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1"> Plugin that explain to user that a more secure authentication is needed instead of rejected it </td>
</tr>
</table></div>
<!-- EDIT13 TABLE [6795-8043] -->
<!-- EDIT13 TABLE [6795-8293] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT9 SECTION "Portal" [2031-8071] -->
<!-- EDIT9 SECTION "Portal" [2031-8321] -->
<h3 class="sectionedit14" id="handlers">Handlers</h3>
<div class="level3">
@ -603,7 +609,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0"> <a href="applications/zimbra.html" class="wikilink1" title="documentation:2.0:applications:zimbra">Zimbra PreAuth</a> </td><td class="col1 centeralign"></td><td class="col2 centeralign"></td><td class="col3 centeralign"></td><td class="col4 leftalign"> </td><td class="col5 leftalign"> </td>
</tr>
</table></div>
<!-- EDIT15 TABLE [8346-9533] -->
<!-- EDIT15 TABLE [8596-9783] -->
<p>
<em>(*): <a href="nodehandler.html" class="wikilink1" title="documentation:2.0:nodehandler">Node.js handler</a> has not yet reached the same level of functionalities.</em>
</p>
@ -613,7 +619,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
</p>
</div>
<!-- EDIT14 SECTION "Handlers" [8072-9658] -->
<!-- EDIT14 SECTION "Handlers" [8322-9908] -->
<h3 class="sectionedit16" id="llng_databases">LLNG databases</h3>
<div class="level3">
@ -662,7 +668,7 @@ Handlers are software control agents to be installed on your web servers <em>(Ng
<td class="col0 centeralign"> <a href="localconfbackend.html" class="wikilink1" title="documentation:2.0:localconfbackend">Local</a> <a href="documentation/new.png" class="media" title="documentation:new.png"><img src="documentation/new.ae92cc06c5d7671f1d904a7fe6e5ed09.png" class="media" alt="" width="35" /></a> </td><td class="col1 leftalign"> </td><td class="col2 leftalign"> Use only lemonldap-ng.ini parameters. </td>
</tr>
</table></div>
<!-- EDIT17 TABLE [9963-11075] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
<!-- EDIT17 TABLE [10213-11325] --><div class="notetip">You can not start with an empty configuration, so read <a href="changeconfbackend.html" class="wikilink1" title="documentation:2.0:changeconfbackend">how to change configuration backend</a> to convert your existing configuration into another one.
</div>
<p>
</div></div>
@ -717,13 +723,13 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
<strong>Can be used to secure another backend</strong> for remote servers. </td>
</tr>
</table></div>
<!-- EDIT18 TABLE [11940-13640] -->
<!-- EDIT18 TABLE [12190-13890] -->
<p>
</div></div>
</p>
</div>
<!-- EDIT16 SECTION "LLNG databases" [9659-13668] -->
<!-- EDIT16 SECTION "LLNG databases" [9909-13918] -->
<h2 class="sectionedit19" id="applications_protection">Applications protection</h2>
<div class="level2">
@ -752,7 +758,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT19 SECTION "Applications protection" [13669-14159] -->
<!-- EDIT19 SECTION "Applications protection" [13919-14409] -->
<h3 class="sectionedit20" id="well_known_compatible_applications">Well known compatible applications</h3>
<div class="level3">
<div class="noteclassic">Here is a list of well known applications that are compatible with <abbr title="LemonLDAP::NG">LL::NG</abbr>. A full list is available on <a href="applications.html" class="wikilink1" title="documentation:2.0:applications">vendor applications page</a>.
@ -856,7 +862,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT20 SECTION "Well known compatible applications" [14160-16498] -->
<!-- EDIT20 SECTION "Well known compatible applications" [14410-16748] -->
<h2 class="sectionedit21" id="advanced_features">Advanced features</h2>
<div class="level2">
@ -915,7 +921,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT21 SECTION "Advanced features" [16499-17718] -->
<!-- EDIT21 SECTION "Advanced features" [16749-17968] -->
<h2 class="sectionedit22" id="mini_howtos">Mini howtos</h2>
<div class="level2">
@ -952,7 +958,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT22 SECTION "Mini howtos" [17719-18613] -->
<!-- EDIT22 SECTION "Mini howtos" [17969-18863] -->
<h2 class="sectionedit23" id="exploitation">Exploitation</h2>
<div class="level2">
@ -987,7 +993,7 @@ Sessions are stored using <a href="http://search.cpan.org/perldoc?Apache::Sessio
</p>
</div>
<!-- EDIT23 SECTION "Exploitation" [18614-19131] -->
<!-- EDIT23 SECTION "Exploitation" [18864-19381] -->
<h2 class="sectionedit24" id="bug_report">Bug report</h2>
<div class="level2">
@ -996,10 +1002,18 @@ See <a href="bugreport.html" class="wikilink1" title="bugreport">How to report a
</p>
</div>
<!-- EDIT24 SECTION "Bug report" [19132-19196] -->
<!-- EDIT24 SECTION "Bug report" [19382-19446] -->
<h2 class="sectionedit25" id="developer_corner">Developer corner</h2>
<div class="level2">
<p>
To contribute, see :
</p>
<ul>
<li class="level1"><div class="li"> <a href="contribute.html" class="wikilink1" title="documentation:2.0:contribute">Contribute to project</a></div>
</li>
</ul>
<p>
To develop an handler, see:
</p>
@ -1055,6 +1069,6 @@ If you don&#039;t want to publish your translation <em>(<code>XX</code> must be
</ul>
</div>
<!-- EDIT25 SECTION "Developer corner" [19197-] --></div>
<!-- EDIT25 SECTION "Developer corner" [19447-] --></div>
</body>
</html>

4
doc/pages/documentation/current/stayconnected
View File

@ -90,7 +90,7 @@
<form action="/start" accept-charset="utf-8" class="search" id="dw__search" method="get" role="search"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form>
<ul class="nav navbar-nav">
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=0f10c8fca57376e7bc8695f4a434476e" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
<li><a href="/documentation/2.0/stayconnected?do=login&amp;sectok=6ceee01450dd1673b3a379523de986d2" class="action login" rel="nofollow" title="Login"><i class="glyphicon glyphicon-log-in"></i> Login</a></li> </ul>
</div>
@ -262,7 +262,7 @@ You&#039;ve followed a link to a topic that doesn&#039;t exist yet. If permissio
</div><!-- /site -->
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1549988879" width="2" height="1" alt="" /></div>
<div class="no"><img src="/lib/exe/indexer.php?id=documentation%3A2.0%3Astayconnected&amp;1554841530" width="2" height="1" alt="" /></div>
<div id="screen__mode" class="no">
<span class="visible-xs"></span>
<span class="visible-sm"></span>

2
doc/pages/documentation/current/upgrade.html
View File

@ -4,7 +4,7 @@
<meta charset="utf-8" />
<title>documentation:2.0:upgrade</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,upgrade"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="upgrade.html"/>

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View File

@ -65,6 +65,7 @@ sub defaultValues {
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
},
'gpgAuthnLevel' => 3,
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
@ -216,6 +217,7 @@ sub defaultValues {
},
'requireToken' => 1,
'rest2fActivation' => 0,
'restAuthnLevel' => 2,
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'samlAuthnContextMapKerberos' => 4,

10
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
View File

@ -42,18 +42,18 @@ our $authParameters = {
dbiParams => [qw(dbiAuthnLevel dbiExportedVars dbiAuthChain dbiAuthUser dbiAuthPassword dbiUserChain dbiUserUser dbiUserPassword dbiAuthTable dbiUserTable dbiAuthLoginCol dbiAuthPasswordCol dbiPasswordMailCol userPivot dbiAuthPasswordHash dbiDynamicHashEnabled dbiDynamicHashValidSchemes dbiDynamicHashValidSaltedSchemes dbiDynamicHashNewPasswordScheme)],
demoParams => [qw(demoExportedVars)],
facebookParams => [qw(facebookAuthnLevel facebookExportedVars facebookAppId facebookAppSecret facebookUserField)],
gpgParams => [qw(gpgDb)],
kerberosParams => [qw(krbKeytab krbByJs krbAuthnLevel krbRemoveDomain)],
gpgParams => [qw(gpgAuthnLevel gpgDb)],
kerberosParams => [qw(krbAuthnLevel krbKeytab krbByJs krbRemoveDomain)],
ldapParams => [qw(ldapAuthnLevel ldapExportedVars ldapServer ldapPort ldapBase managerDn managerPassword ldapTimeout ldapVersion ldapRaw LDAPFilter AuthLDAPFilter mailLDAPFilter ldapSearchDeref ldapGroupBase ldapGroupObjectClass ldapGroupAttributeName ldapGroupAttributeNameUser ldapGroupAttributeNameSearch ldapGroupDecodeSearchedValue ldapGroupRecursive ldapGroupAttributeNameGroup ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc ldapUsePasswordResetAttribute ldapPasswordResetAttribute ldapPasswordResetAttributeValue ldapAllowResetExpiredPassword)],
linkedinParams => [qw(linkedInAuthnLevel linkedInClientID linkedInClientSecret linkedInFields linkedInUserField linkedInScope)],
nullParams => [qw(nullAuthnLevel)],
oidcParams => [qw(oidcAuthnLevel oidcRPCallbackGetParam oidcRPStateTimeout)],
openidParams => [qw(openIdAuthnLevel openIdExportedVars openIdSecret openIdIDPList)],
pamParams => [qw(pamService pamAuthnLevel)],
proxyParams => [qw(proxyAuthService proxySessionService remoteCookieName proxyAuthnLevel proxyUseSoap)],
pamParams => [qw(pamAuthnLevel pamService)],
proxyParams => [qw(proxyAuthnLevel proxyAuthService proxySessionService remoteCookieName proxyUseSoap)],
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
restParams => [qw(restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
slaveParams => [qw(slaveAuthnLevel slaveExportedVars slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent)],
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],

15
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Wrapper.pm
View File

@ -1,14 +1,27 @@
package Lemonldap::NG::Common::Conf::Wrapper;
use strict;
use JSON;
our $VERSION = '2.1.0';
sub TIEHASH {
my ( $class, $conf, $overrides ) = @_;
my %h = %$overrides;
foreach ( keys %h ) {
if ( $h{$_} =~ /^[\[\{]/ ) {
my $tmp = eval { JSON::from_json( $h{$_} ) };
if ($@) {
print STDERR "Wrapper: unable to compile $_ key, skipping\n";
}
else {
$h{$_} = $tmp;
}
}
}
return bless {
_wrapC => $conf,
_wrapO => $overrides,
_wrapO => \%h,
}, $class;
}

2
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
View File

@ -362,7 +362,7 @@ sub headersInit {
my $sub = '';
foreach ( keys %headers ) {
my $val = $class->substitute( $headers{$_} );
$sub .= "('$_' => $val),";
$sub .= "('$_' => $val || ''),";
}
unless ( $class->tsv->{forgeHeaders}->{$vhost} =

4
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
View File

@ -625,7 +625,7 @@ sub isUnprotected {
}
## @rmethod void sendHeaders()
# Launch function compiled by forgeHeadersInit() for the current virtual host
# Launch function compiled by headersInit() for the current virtual host
sub sendHeaders {
my ( $class, $req, $session ) = @_;
my $vhost = $class->resolveAlias($req);
@ -647,7 +647,7 @@ sub sendHeaders {
}
## @rfunction array ref checkHeaders()
# Return computed headers by forgeHeadersInit() for the current virtual host
# Return computed headers by headersInit() for the current virtual host
# [ { key => 'header1', value => 'value1' }, { key => 'header2', value => 'value2' }, ...]
sub checkHeaders {
my ( $class, $req, $session ) = @_;

2
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Main.pm
View File

@ -47,7 +47,7 @@ sub set_user {
sub set_header_in {
my ( $class, $req, %headers ) = @_;
while ( my ( $h, $v ) = each %headers ) {
$req->{env}->{ cgiName($h) } = $v;
$req->{env}->{ cgiName($h) } = $v if ( defined $v );
}
}

8
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -1158,6 +1158,10 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
},
'type' => 'keyTextContainer'
},
'gpgAuthnLevel' => {
'default' => 3,
'type' => 'int'
},
'gpgDb' => {
'default' => '',
'type' => 'text'
@ -2518,6 +2522,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'test' => qr/^\w+$/,
'type' => 'url'
},
'restAuthnLevel' => {
'default' => 2,
'type' => 'int'
},
'restAuthUrl' => {
'type' => 'url'
},

10
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -1570,6 +1570,11 @@ sub attributes {
type => 'bool',
documentation => 'Enable REST config server',
},
restAuthnLevel => {
type => 'int',
default => 2,
documentation => 'REST authentication level',
},
# SOAP server
soapSessionServer => {
@ -2791,6 +2796,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => '',
documentation => 'GPG keys database',
},
gpgAuthnLevel => {
type => 'int',
default => 3,
documentation => 'GPG authentication level',
},
# Radius
radiusAuthnLevel => {

17
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View File

@ -220,8 +220,8 @@ sub tree {
form => 'simpleInputContainer',
help => 'authkerberos.html',
nodes => [
'krbKeytab', 'krbByJs',
'krbAuthnLevel', 'krbRemoveDomain'
'krbAuthnLevel', 'krbKeytab',
'krbByJs', 'krbRemoveDomain'
]
},
{
@ -325,15 +325,15 @@ sub tree {
title => 'gpgParams',
help => 'authgpg.html',
form => 'simpleInputContainer',
nodes => ['gpgDb'],
nodes => [ 'gpgAuthnLevel', 'gpgDb' ],
},
{
title => 'proxyParams',
help => 'authproxy.html',
form => 'simpleInputContainer',
nodes => [
'proxyAuthService', 'proxySessionService',
'remoteCookieName', 'proxyAuthnLevel',
'proxyAuthnLevel', 'proxyAuthService',
'proxySessionService', 'remoteCookieName',
'proxyUseSoap'
]
},
@ -341,7 +341,7 @@ sub tree {
title => 'pamParams',
help => 'authpam.html',
form => 'simpleInputContainer',
nodes => [ 'pamService', 'pamAuthnLevel', ]
nodes => [ 'pamAuthnLevel', 'pamService' ]
},
{
title => 'radiusParams',
@ -357,8 +357,9 @@ sub tree {
help => 'authrest.html',
form => 'simpleInputContainer',
nodes => [
'restAuthUrl', 'restUserDBUrl',
'restPwdConfirmUrl', 'restPwdModifyUrl'
'restAuthnLevel', 'restAuthUrl',
'restUserDBUrl', 'restPwdConfirmUrl',
'restPwdModifyUrl'
]
},
{

2
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Zero.pm
View File

@ -162,7 +162,7 @@ sub zeroConf {
},
"manager.$domain" => {
'default' => '$uid eq "dwho" or $uid eq "rtyler"',
'(?#Configuration)^/(manager\.html|conf|$)' => '$uid eq "dwho"',
'(?#Configuration)^/(manager\.html|confs|$)' => '$uid eq "dwho"',
'(?#Sessions)/sessions' => '$uid eq "dwho" or $uid eq "rtyler"',
'(?#Notifications)/notifications' =>
'$uid eq "dwho" or $uid eq "rtyler"',

14
lemonldap-ng-manager/site/htdocs/static/languages/ar.json
View File

@ -272,6 +272,7 @@
"generalParameters":"المعاييرالعامة",
"globalStorage":"أباتشي :: وحدة الجلسة",
"globalStorageOptions":"أباتشي :: معايير وحدة الجلسة",
"gpgAuthnLevel":"مستوى إثبات الهوية",
"gpgDb":"GPG database",
"gpgParams":"GPG parameters",
"grantSessionRules":"ظروف الافتتاح",
@ -372,7 +373,7 @@
"ldapTimeout":"مهلة",
"ldapUsePasswordResetAttribute":"استخدام سمة إعادة الضبط",
"ldapVersion":"الإصدار",
"linkedInAuthnLevel":"Authentication level",
"linkedInAuthnLevel":"مستوى إثبات الهوية",
"linkedInClientID":"Client ID",
"linkedInClientSecret":"Client secret",
"linkedInFields":"Searched fields",
@ -400,7 +401,7 @@
"mail2fTimeout":"Code timeout",
"mail2fSubject":"Mail subject",
"mail2fBody":"Mail body",
"mail2fAuthnLevel":"Authentication level",
"mail2fAuthnLevel":"مستوى إثبات الهوية",
"mail2fLogo":"Logo",
"mailBody":"محتوى البريد الناجح",
"mailCharset":"charset",
@ -670,13 +671,14 @@
"remotePortal":"يو آر إل البوابة",
"replaceByFile":"استبدال بواسطة ملف",
"requireToken":"يتطلب توكن للإستمارة",
"restAuthnLevel":"مستوى إثبات الهوية",
"restAuthUrl":"يو آر إل إثبات الهوية",
"restConfigServer":"إعدادات الخادم ريست",
"restore":"استعادة",
"restoreConf":"استعادة التكوين",
"rest2f":"REST second factor",
"rest2fActivation":"Activation",
"rest2fAuthnLevel":"Authentication level",
"rest2fAuthnLevel":"مستوى إثبات الهوية",
"rest2fInitArgs":"Init Arguments",
"rest2fInitUrl":"Init URL",
"rest2fLogo":"Logo",
@ -805,7 +807,7 @@
"useSafeJail":"استخدام السجن الآمن",
"utotp2f":"TOTP-or-U2F",
"utotp2fActivation":"Activation",
"utotp2fAuthnLevel":"Authentication level",
"utotp2fAuthnLevel":"مستوى إثبات الهوية",
"value":"القيمة",
"values":"القيم",
"variables":"المتغيرات",
@ -838,7 +840,7 @@
"XMLcontent":"محتوى XML",
"yubikey2f":"Yubikey",
"yubikey2fActivation":"Activation",
"yubikey2fAuthnLevel":"Authentication level",
"yubikey2fAuthnLevel":"مستوى إثبات الهوية",
"yubikey2fClientID":"API client ID",
"yubikey2fNonce":"Nonce",
"yubikey2fPublicIDSize":"OTP public ID part size",
@ -981,4 +983,4 @@
"samlRelayStateTimeout":"تناوب حالة مهلة الجلسة ",
"samlUseQueryStringSpecific":"استخدام أسلوب query_string المعين",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

4
lemonldap-ng-manager/site/htdocs/static/languages/de.json
View File

@ -272,6 +272,7 @@
"generalParameters":"General Parameters",
"globalStorage":"Apache::Session module",
"globalStorageOptions":"Apache::Session module parameters",
"gpgAuthnLevel":"Authentication level",
"gpgDb":"GPG database",
"gpgParams":"GPG parameters",
"grantSessionRules":"Opening conditions",
@ -670,6 +671,7 @@
"remotePortal":"Portal URL",
"replaceByFile":"Replace by file",
"requireToken":"Require token for forms",
"restAuthnLevel":"Authentication level",
"restAuthUrl":"Authentication URL",
"restConfigServer":"REST configuration server",
"restore":"Restore",
@ -981,4 +983,4 @@
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

2
lemonldap-ng-manager/site/htdocs/static/languages/en.json
View File

@ -272,6 +272,7 @@
"generalParameters":"General Parameters",
"globalStorage":"Apache::Session module",
"globalStorageOptions":"Apache::Session module parameters",
"gpgAuthnLevel":"Authentication level",
"gpgDb":"GPG database",
"gpgParams":"GPG parameters",
"grantSessionRules":"Opening conditions",
@ -670,6 +671,7 @@
"remotePortal":"Portal URL",
"replaceByFile":"Replace by file",
"requireToken":"Require token for forms",
"restAuthnLevel":"Authentication level",
"restAuthUrl":"Authentication URL",
"restConfigServer":"REST configuration server",
"restore":"Restore",

2
lemonldap-ng-manager/site/htdocs/static/languages/fr.json
View File

@ -272,6 +272,7 @@
"generalParameters":"Paramètres généraux",
"globalStorage":"Module Apache::Session",
"globalStorageOptions":"Paramètres du module Apache::Session",
"gpgAuthnLevel":"Niveau d'authentication",
"gpgDb":"Base de données GPG",
"gpgParams":"Paramètres GPG",
"grantSessionRules":"Conditions d'ouverture",
@ -670,6 +671,7 @@
"remotePortal":"URL du portail",
"replaceByFile":"Remplacer par le fichier",
"requireToken":"Exige un jeton pour les formulaires",
"restAuthnLevel":"Niveau d'authentication",
"restAuthUrl":"URL d'authentification",
"restConfigServer":"Serveur de configurations REST",
"restore":"Restaurer",

6
lemonldap-ng-manager/site/htdocs/static/languages/it.json
View File

@ -272,6 +272,7 @@
"generalParameters":"Parametri generali",
"globalStorage":"Modulo Apache::Session",
"globalStorageOptions":"Parametri di modulo Apache::Session",
"gpgAuthnLevel":"Livello di autenticazione",
"gpgDb":"GPG database",
"gpgParams":"GPG parameters",
"grantSessionRules":"Condizioni di apertura",
@ -400,7 +401,7 @@
"mail2fTimeout":"Code timeout",
"mail2fSubject":"Mail subject",
"mail2fBody":"Mail body",
"mail2fAuthnLevel":"Authentication level",
"mail2fAuthnLevel":"Livello di autenticazione",
"mail2fLogo":"Logo",
"mailBody":"Successo contenuto di posta",
"mailCharset":"Charset",
@ -670,6 +671,7 @@
"remotePortal":"URL del portale",
"replaceByFile":"Sostituire con il file",
"requireToken":"Richiede il token per i moduli",
"restAuthnLevel":"Livello di autenticazione",
"restAuthUrl":"URL di autenticazione",
"restConfigServer":"Server di configurazione REST",
"restore":"Ristabilire",
@ -981,4 +983,4 @@
"samlRelayStateTimeout":"Timeout di sessione di RelayState",
"samlUseQueryStringSpecific":"Utilizza il metodo specifico query_string",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

6
lemonldap-ng-manager/site/htdocs/static/languages/vi.json
View File

@ -272,6 +272,7 @@
"generalParameters":"Thông số chung",
"globalStorage":"Mô đun Apache :: Session",
"globalStorageOptions":"Tham số mô đun Apache :: Session ",
"gpgAuthnLevel":"Mức xác thực",
"gpgDb":"GPG database",
"gpgParams":"GPG parameters",
"grantSessionRules":"Điều kiện mở",
@ -400,7 +401,7 @@
"mail2fTimeout":"Code timeout",
"mail2fSubject":"Mail subject",
"mail2fBody":"Mail body",
"mail2fAuthnLevel":"Authentication level",
"mail2fAuthnLevel":"Mức xác thực",
"mail2fLogo":"Logo",
"mailBody":"Success mail content",
"mailCharset":"Charset",
@ -670,6 +671,7 @@
"remotePortal":"URL cổng thông tin",
"replaceByFile":"Thay thế bằng tệp",
"requireToken":"Yêu cầu token cho các biểu mẫu",
"restAuthnLevel":"Mức xác thực",
"restAuthUrl":"URL xác thực",
"restConfigServer":"Máy chủ cấu hình REST",
"restore":"Khôi phục",
@ -981,4 +983,4 @@
"samlRelayStateTimeout":"Thời gian hết hạn phiên RelayState ",
"samlUseQueryStringSpecific":"Sử dụng phương pháp query_string cụ thể",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

36
lemonldap-ng-manager/site/htdocs/static/languages/zh.json
View File

@ -192,7 +192,7 @@
"date":"日期",
"dbiAuthChain":"Chain",
"dbiAuthLoginCol":"Login field name",
"dbiAuthnLevel":"Authentication level",
"dbiAuthnLevel":"认证等级",
"dbiAuthPassword":"密码",
"dbiAuthPasswordCol":"Password field name",
"dbiAuthPasswordHash":"Hash scheme",
@ -272,6 +272,7 @@
"generalParameters":"通用参数",
"globalStorage":"Apache::Session 模块",
"globalStorageOptions":"Apache::Session module parameters",
"gpgAuthnLevel":"认证等级",
"gpgDb":"GPG database",
"gpgParams":"GPG parameters",
"grantSessionRules":"Opening conditions",
@ -372,7 +373,7 @@
"ldapTimeout":"Timeout",
"ldapUsePasswordResetAttribute":"Use reset attribute",
"ldapVersion":"版本",
"linkedInAuthnLevel":"Authentication level",
"linkedInAuthnLevel":"认证等级",
"linkedInClientID":"Client ID",
"linkedInClientSecret":"Client secret",
"linkedInFields":"Searched fields",
@ -400,7 +401,7 @@
"mail2fTimeout":"Code timeout",
"mail2fSubject":"Mail subject",
"mail2fBody":"Mail body",
"mail2fAuthnLevel":"Authentication level",
"mail2fAuthnLevel":"认证等级",
"mail2fLogo":"Logo",
"mailBody":"Success mail content",
"mailCharset":"Charset",
@ -474,13 +475,13 @@
"notificationXSLTfile":"Custom XSLT file",
"notifyDeleted":"Display deleted sessions",
"notifyOther":"Display other sessions",
"nullAuthnLevel":"Authentication level",
"nullAuthnLevel":"认证等级",
"nullParams":"Null parameters",
"number":"Number",
"off":"Off",
"oldValue":"Old value",
"on":"On",
"oidcAuthnLevel":"Authentication level",
"oidcAuthnLevel":"认证等级",
"oidcConsents":"OpenID Connect Consents",
"oidcOP":"OpenID Connect Provider",
"oidcOPMetaDataExportedVars":"Exported attributes",
@ -565,7 +566,7 @@
"ok":"OK",
"oldNotifFormat":"Use old XML format",
"openIdAttr":"OpenID login",
"openIdAuthnLevel":"Authentication level",
"openIdAuthnLevel":"认证等级",
"openIdExportedVars":"Exported variables",
"openIdIDPList":"Authorized domains",
"openIdIssuerSecret":"Secret token",
@ -585,7 +586,7 @@
"OpenIDConnect":"OpenID Connect",
"OptionalTitle":"Optional title",
"overPrm":"Overloaded parameters",
"pamAuthnLevel":"Authentication level",
"pamAuthnLevel":"认证等级",
"pamParams":"PAM parameters",
"pamService":"PAM service",
"password":"Password",
@ -636,14 +637,14 @@
"postTargetUrl":"Form target URL (optional)",
"previous":"Previous",
"privateKey":"Private key",
"proxyAuthnLevel":"Authentication level",
"proxyAuthnLevel":"认证等级",
"proxyAuthService":"Internal portal URL",
"proxySessionService":"Session service URL",
"proxyParams":"Proxy parameters",
"proxyUseSoap":"Use SOAP instead of REST",
"publicKey":"Public key",
"purgeNotification":"Delete notification definitely",
"radiusAuthnLevel":"Authentication level",
"radiusAuthnLevel":"认证等级",
"radiusParams":"Radius parameters",
"radiusSecret":"Shared secret",
"radiusServer":"Server hostname",
@ -670,13 +671,14 @@
"remotePortal":"Portal URL",
"replaceByFile":"Replace by file",
"requireToken":"Require token for forms",
"restAuthnLevel":"认证等级",
"restAuthUrl":"Authentication URL",
"restConfigServer":"REST configuration server",
"restore":"Restore",
"restoreConf":"Restore configuration",
"rest2f":"REST second factor",
"rest2fActivation":"Activation",
"rest2fAuthnLevel":"Authentication level",
"rest2fAuthnLevel":"认证等级",
"rest2fInitArgs":"Init Arguments",
"rest2fInitUrl":"Init URL",
"rest2fLogo":"Logo",
@ -720,7 +722,7 @@
"singleUserByIP":"One user by IP address",
"singleSessionUserByIP":"One session by IP address",
"skipRenewConfirmation":"Skip re-auth confirmation",
"slaveAuthnLevel":"Authentication level",
"slaveAuthnLevel":"认证等级",
"slaveExportedVars":"Exported variables",
"slaveMasterIP":"Master's IP address",
"slaveParams":"Slave parameters",
@ -737,7 +739,7 @@
"soapConfigServer":"SOAP configuration server",
"soapSessionServer":"SOAP session server",
"specialRule":"Special rule",
"SSLAuthnLevel":"Authentication level",
"SSLAuthnLevel":"认证等级",
"sslByAjax":"Use Ajax request",
"sslHost":"Ajax SSL URL",
"sslParams":"SSL parameters",
@ -772,7 +774,7 @@
"trustedDomains":"Trusted domains",
"trustedProxies":"Trusted proxies IP",
"twitterAppName":"Application name",
"twitterAuthnLevel":"Authentication level",
"twitterAuthnLevel":"认证等级",
"twitterKey":"API key",
"twitterParams":"Twitter parameters",
"twitterSecret":"API secret",
@ -805,7 +807,7 @@
"useSafeJail":"Use Safe jail",
"utotp2f":"TOTP-or-U2F",
"utotp2fActivation":"Activation",
"utotp2fAuthnLevel":"Authentication level",
"utotp2fAuthnLevel":"认证等级",
"value":"Value",
"values":"Values",
"variables":"Variables",
@ -827,7 +829,7 @@
"warning":"Warning",
"warnings":"Warnings",
"waitingForDatas":"Waiting for datas",
"webIDAuthnLevel":"Authentication level",
"webIDAuthnLevel":"认证等级",
"webIDExportedVars":"Exported variables",
"webidParams":"WebID parameters",
"webIDWhitelist":"WebID whitelist",
@ -838,7 +840,7 @@
"XMLcontent":"XML content",
"yubikey2f":"Yubikey",
"yubikey2fActivation":"Activation",
"yubikey2fAuthnLevel":"Authentication level",
"yubikey2fAuthnLevel":"认证等级",
"yubikey2fClientID":"API client ID",
"yubikey2fNonce":"Nonce",
"yubikey2fPublicIDSize":"OTP public ID part size",
@ -981,4 +983,4 @@
"samlRelayStateTimeout":"RelayState session timeout",
"samlUseQueryStringSpecific":"Use specific query_string method",
"samlOverrideIDPEntityID":"Override Entity ID when acting as IDP"
}
}

2
lemonldap-ng-manager/site/htdocs/static/reverseTree.json
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/struct.json
View File

File diff suppressed because one or more lines are too long

6
lemonldap-ng-portal/MANIFEST
View File

@ -51,6 +51,7 @@ lib/Lemonldap/NG/Portal/Issuer/Get.pm
lib/Lemonldap/NG/Portal/Issuer/OpenID.pm
lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
lib/Lemonldap/NG/Portal/Issuer/SAML.pm
lib/Lemonldap/NG/Portal/Lib/_tokenRule.pm
lib/Lemonldap/NG/Portal/Lib/Captcha.pm
lib/Lemonldap/NG/Portal/Lib/CAS.pm
lib/Lemonldap/NG/Portal/Lib/Choice.pm
@ -428,6 +429,8 @@ t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t
t/30-Auth-and-issuer-SAML-POST-Missing-SLO.t
t/30-Auth-and-issuer-SAML-POST.t
t/30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t
t/30-Auth-and-issuer-SAML-Redirect-MultipleSP-Missing-SLO.t
t/30-Auth-and-issuer-SAML-Redirect-MultipleSP.t
t/30-Auth-and-issuer-SAML-Redirect.t
t/30-Auth-SAML-with-choice.t
t/30-CDC.t
@ -452,6 +455,7 @@ t/34-Auth-Proxy-and-REST-Server.t
t/34-Auth-Proxy-and-SOAP-Server.t
t/35-My-session.t
t/35-REST-config-backend.t
t/35-REST-sessions-with-AuthBasic-handler.t
t/35-REST-sessions-with-REST-server.t
t/35-SOAP-config-backend.t
t/35-SOAP-sessions-with-SOAP-server.t
@ -532,6 +536,7 @@ t/gpghome/private-keys-v1.d/A076B0E7DB141A919271EE8B581CDFA8DA42F333.key
t/gpghome/private-keys-v1.d/B7219440BCCD85200121CFB89F94C8D98C0397B3.key
t/gpghome/pubring.kbx
t/gpghome/trustdb.gpg
t/lib/Lemonldap/NG/Handler/Test.pm
t/lib/Lemonldap/NG/Portal/Auth/LDAPPolicy.pm
t/lmConf-1.json
t/pdata.pm
@ -539,6 +544,7 @@ t/README.md
t/saml-lib.pm
t/sendCode.pl
t/sendOTP.pl
t/separate-handler.pm
t/sessions/lock/.exists
t/sessions/saml/lock/.exists
t/sessions2/6e30af4ffa5689b3e49a104d1b160d316db2b2161a0f45776994eed19dbdc101

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
View File

@ -174,7 +174,8 @@ sub run {
"Append 2F Device : { type => 'TOTP', name => $TOTPName }");
$self->p->updatePersistentSession( $req,
{ _2fDevices => to_json( \@keep ) } );
$self->userLogger->notice('TOTP registration succeed');
$self->userLogger->notice(
"TOTP registration of $TOTPName succeeds for $user");
return [
200,
[ 'Content-Type' => 'application/json', 'Content-Length' => 12, ],

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
View File

@ -29,6 +29,11 @@ sub init {
# Main method
sub run {
my ( $self, $req, $action ) = @_;
my $user = $req->userData->{ $self->conf->{whatToTrace} };
unless ($user) {
return $self->p->sendError( $req,
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 );
}
if ( $action eq 'register' ) {
@ -142,6 +147,8 @@ sub run {
"Append 2F Device : { type => 'U2F', name => $keyName }");
$self->p->updatePersistentSession( $req,
{ _2fDevices => to_json($_2fDevices) } );
$self->userLogger->notice(
"U2F key registration of $keyName succeeds for $user");
return [
200,

8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/Yubikey.pm
View File

@ -31,6 +31,12 @@ sub init {
# Main method
sub run {
my ( $self, $req, $action ) = @_;
my $user = $req->userData->{ $self->conf->{whatToTrace} };
unless ($user) {
return $self->p->sendError( $req,
'No ' . $self->conf->{whatToTrace} . ' found in user data', 500 );
}
if ( $action eq 'register' ) {
my $otp = $req->param('otp');
my $UBKName = $req->param('UBKName');
@ -121,6 +127,8 @@ sub run {
"Append 2F Device : { type => 'UBK', name => $UBKName }");
$self->p->updatePersistentSession( $req,
{ _2fDevices => to_json($_2fDevices) } );
$self->userLogger->notice(
"Yubikey registration of $keyName succeeds for $user");
return $self->p->sendHtml(
$req, 'error',

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm
View File

@ -28,7 +28,7 @@ has wrapUserLogger => (
# INITIALIZATION
sub init {
my ($self) = @_;
my $self = shift;
# Check if expression exists
unless ( $self->conf->{combination} ) {

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Facebook.pm
View File

@ -14,7 +14,7 @@ extends 'Lemonldap::NG::Portal::Main::Auth';
# INITIALIZATION
sub init {
my ($self) = @_;
my $self = shift;
eval { require Net::Facebook::Oauth2; };
if ($@) {
$self->error("Unable to load Net::Facebook::Oauth2: $@");

13
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/GPG.pm
View File

@ -25,11 +25,9 @@ has tmp => (
);
sub init {
my ($self) = @_;
my $self = shift;
$self->db( $self->conf->{gpgDb} );
unless ( $_[0]->{conf}->{requireToken} ) {
$self->error("requireToken isn't set, unable to use GPG");
}
unless ( $self->db ) {
$self->error("gpgDb not set");
return 0;
@ -45,6 +43,10 @@ sub init {
sub extractFormInfo {
my ( $self, $req ) = @_;
unless ( $self->ottRule->( $req, {} ) ) {
$self->error("OTT isn't set, unable to use GPG");
}
# Keep token data for later use
my ( $token, $gpgToken );
if ( $token = $req->param('token') ) {
@ -141,7 +143,8 @@ sub authenticate {
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->sessionInfo->{gpgMail} = $req->data->{gpgMail};
return PE_OK;
$req->sessionInfo->{authenticationLevel} = $self->conf->{gpgAuthnLevel};
PE_OK;
}
sub authLogout {

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
View File

@ -27,7 +27,7 @@ has InitCmd => (
# INITIALIZATION
sub init {
my ($self) = @_;
my $self = shift;
my $file;
unless ( $file = $self->conf->{krbKeytab} ) {
$self->error('Keytab not defined');

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenID.pm
View File

@ -61,7 +61,7 @@ has ua => (
# INITIALIZATION
sub init {
my ($self) = @_;
my $self = shift;
eval { require Net::OpenID::Consumer };
if ($@) {

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
View File

@ -25,7 +25,7 @@ use constant sessionKind => 'OIDC';
# INITIALIZATION
sub init {
my ($self) = @_;
my $self = shift;
return 0 unless ( $self->loadOPs and $self->refreshJWKSdata );
my @tab = ( sort keys %{ $self->oidcOPList } );

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/PAM.pm
View File

@ -71,8 +71,7 @@ sub authenticate {
}
}
$self->userLogger->notice("Good PAM authentication for $req->{user}");
return PE_OK;
PE_OK;
}
sub setAuthSessionInfo {

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Proxy.pm
View File

@ -11,7 +11,7 @@ extends 'Lemonldap::NG::Portal::Auth::_WebForm';
# INITIALIZATION
sub init {
my ($self) = @_;
my $self = shift;
return 0 unless $self->Lemonldap::NG::Portal::Auth::_WebForm::init();
if ( $self->conf->{proxyUseSoap} ) {
extends 'Lemonldap::NG::Portal::Lib::SOAPProxy',

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/REST.pm
View File

@ -53,6 +53,7 @@ sub setAuthSessionInfo {
$self->SUPER::setAuthSessionInfo($req);
$req->sessionInfo->{$_} = $req->data->{restAuthInfo}->{$_}
foreach ( keys %{ $req->data->{restAuthInfo} } );
$req->sessionInfo->{authenticationLevel} = $self->conf->{restAuthnLevel};
return PE_OK;
}

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm
View File

@ -72,7 +72,7 @@ sub authenticate {
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{SSLAuthnLevel};
$req->sessionInfo->{authenticationLevel} = $self->conf->{SSLAuthnLevel};
PE_OK;
}

24
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm
View File

@ -21,7 +21,8 @@ use Lemonldap::NG::Portal::Main::Constants qw(
our $VERSION = '2.1.0';
extends 'Lemonldap::NG::Portal::Main::Auth';
extends 'Lemonldap::NG::Portal::Main::Auth',
'Lemonldap::NG::Portal::Lib::_tokenRule';
has authnLevel => (
is => 'rw',
@ -34,24 +35,11 @@ has authnLevel => (
has captcha => ( is => 'rw' );
has ott => ( is => 'rw' );
has ottRule => ( is => 'rw', default => sub { 1 } );
# INITIALIZATION
sub init {
my ($self) = @_;
my $hd = $self->p->HANDLER;
# Parse OTT activation rule
$self->logger->debug(
"OTT activation rule -> " . $self->conf->{requireToken} );
my $rule =
$hd->buildSub( $hd->substitute( $self->conf->{requireToken} ) );
unless ($rule) {
$self->error( "Bad OTT activation rule -> " . $hd->tsv->{jail}->error );
return 0;
}
$self->{ottRule} = $rule;
my $self = shift;
if ( $self->{conf}->{captcha_login_enabled} ) {
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
@ -111,7 +99,7 @@ sub extractFormInfo {
}
# Security: check for captcha or token
if ( $self->captcha or $self->ottRule->( $req, $req->env ) ) {
if ( $self->captcha or $self->ottRule->( $req, {} ) ) {
my $token;
unless ( $token = $req->param('token') ) {
$self->userLogger->error('Authentication tried without token');
@ -133,7 +121,7 @@ sub extractFormInfo {
}
$self->logger->debug("Captcha code verified");
}
elsif ( $self->ottRule->( $req, $req->env ) ) {
elsif ( $self->ottRule->( $req, {} ) ) {
unless ( $req->data->{tokenVerified}
or $self->ott->getToken($token) )
{
@ -185,7 +173,7 @@ sub setSecurity {
}
# Else get token
elsif ( $self->ottRule->( $req, $req->env ) ) {
elsif ( $self->ottRule->( $req, {} ) ) {
$self->ott->setToken($req);
}
}

26
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/_tokenRule.pm Normal file
View File

@ -0,0 +1,26 @@
package Lemonldap::NG::Portal::Lib::_tokenRule;
use strict;
use Mouse;
our $VERSION = '2.0.3';
has ottRule => (
is => 'rw',
lazy => 1,
default => sub {
my $rule = $_[0]->conf->{requireToken};
my $hd = $_[0]->p->HANDLER;
$rule = $hd->buildSub( $hd->substitute($rule) );
unless ($rule) {
$_[0]->logger->error(
'Unable to compile "requireToken" rule => Forcing token');
$rule = sub { 1 };
}
return $rule;
}
);
sub init { 1 }
1;

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm
View File

@ -110,8 +110,10 @@ sub _redirect {
# Restore urldc if auth doesn't need to dial with browser
$self->restoreRequest( $req, $ir );
delete $req->pdata->{ $self->ipath };
delete $req->pdata->{ $self->ipath . 'Path' };
return $self->run( @_, @path );
}
}
: ()
)
]

23
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
View File

@ -11,7 +11,8 @@ use Lemonldap::NG::Portal::Main::Constants qw(
our $VERSION = '2.1.0';
extends 'Lemonldap::NG::Portal::Main::Plugin';
extends 'Lemonldap::NG::Portal::Main::Plugin',
'Lemonldap::NG::Portal::Lib::_tokenRule';
# INITIALIZATION
@ -61,7 +62,7 @@ sub check {
my $msg = my $auth = '';
# Check token
if ( $self->conf->{requireToken} ) {
if ( $self->ottRule->( $req, {} ) ) {
my $token = $req->param('token');
unless ($token) {
$self->userLogger->warn('checkUser try without token');
@ -109,7 +110,7 @@ sub check {
ALERTE => 'alert-warning',
LOGIN => '',
TOKEN => (
$self->conf->{requireToken}
$self->ottRule->( $req, {} )
? $self->ott->createToken( $req->userData )
: ''
)
@ -215,7 +216,7 @@ sub check {
MACROS => $array_attrs->[1],
GROUPS => $array_attrs->[0],
TOKEN => (
$self->conf->{requireToken}
$self->ottRule->( $req, {} )
? $self->ott->createToken( $req->userData )
: ''
)
@ -269,7 +270,7 @@ sub display {
MACROS => $array_attrs->[1],
GROUPS => $array_attrs->[0],
TOKEN => (
$self->conf->{requireToken}
$self->ottRule->( $req, {} )
? $self->ott->createToken( $req->userData )
: ''
)
@ -281,14 +282,14 @@ sub display {
sub _urlFormat {
my ( $self, $url ) = @_;
$url = 'http://' . $url unless ( $url =~ m#^https?://[^/]*.*# );
my ( $proto, $vhost, $appuri ) = $url =~ m#^(https?://)([^/]*)(.*)#;
my ( $port ) = $vhost =~ m#^.+(:\d+)$#;
$url = 'http://' . $url unless ( $url =~ m#^https?://[^/]*.*#i );
my ( $proto, $vhost, $appuri ) = $url =~ m#^(https?://)([^/]*)(.*)#i;
my ($port) = $vhost =~ m#^.+(:\d+)$#;
$port ||= '';
$vhost =~ s/:\d+$//;
$vhost .= $self->conf->{domain} unless ( $vhost =~ /\./ );
$appuri ||= '/';
return "$proto$vhost$port$appuri";
#$appuri ||= '/';
return lc ("$proto$vhost$port") . "$appuri";
}
sub _userDatas {
@ -347,7 +348,7 @@ sub _authorization {
sub _headers {
my ( $self, $req, $uri ) = @_;
my ( $vhost ) = $uri =~ m#^https?://([^/]*).*#;
my ($vhost) = $uri =~ m#^https?://([^/]*).*#;
$vhost =~ s/:\d+$//;
$req->{env}->{HTTP_HOST} = $vhost;

50
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
View File

@ -31,7 +31,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
our $VERSION = '2.1.0';
extends 'Lemonldap::NG::Portal::Main::Plugin',
'Lemonldap::NG::Portal::Lib::SMTP';
'Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Lib::_tokenRule';
# PROPERTIES
@ -84,7 +84,7 @@ sub resetPwd {
sub _reset {
my ( $self, $req ) = @_;
my ( $mailToken, $newPwd, $confirmPwd, %tplPrms );
my ( $mailToken, %tplPrms );
# PASSWORD CHANGE FORM => changePwd()
if (
@ -109,7 +109,7 @@ sub _reset {
# OTHER FORMS
if ($mailToken) {
$self->logger->debug( "Token given for password reset: " . $mailToken );
$self->logger->debug("Token given for password reset: $mailToken");
# Check if token is valid
my $mailSession = $self->p->getApacheSession($mailToken);
@ -137,7 +137,7 @@ sub _reset {
# Check if token exists
my $token;
if ( $self->conf->{requireToken} or $self->captcha ) {
if ( $self->ottRule->( $req, {} ) or $self->captcha ) {
$token = $req->param('token');
unless ($token) {
$self->setSecurity($req);
@ -166,9 +166,9 @@ sub _reset {
$self->setSecurity($req);
return PE_CAPTCHAERROR;
}
$self->logger->debug("Captcha code verified");
$self->logger->debug('Captcha code verified');
}
elsif ( $self->conf->{requireToken} ) {
elsif ( $self->ottRule->( $req, {} ) ) {
unless ( $self->ott->getToken($token) ) {
$self->setSecurity($req);
$self->userLogger->warn('Reset try with expired/bad token');
@ -190,9 +190,9 @@ sub _reset {
);
if ( my $error = $self->p->process( $req, useMail => $searchByMail ) ) {
if ( $error == PE_USERNOTFOUND or $error == PE_BADCREDENTIALS ) {
$self->userLogger->warn( "Reset asked for an unvalid user ("
$self->userLogger->warn( 'Reset asked for an unvalid user ('
. $req->param('mail')
. ")" );
. ')' );
# To avoid mail enumeration, return OK
# unless portalErrorOnMailNotFound is set
@ -206,9 +206,9 @@ sub _reset {
$self->conf->{mailTimeout} || $self->conf->{timeout};
my $expTimestamp = time() + $mailTimeout;
$req->data->{expMailDate} =
strftime( "%d/%m/%Y", localtime $expTimestamp );
strftime( '%d/%m/%Y', localtime $expTimestamp );
$req->data->{expMailTime} =
strftime( "%H:%M", localtime $expTimestamp );
strftime( '%H:%M', localtime $expTimestamp );
return PE_MAILCONFIRMOK;
}
return $error;
@ -245,7 +245,7 @@ sub _reset {
$infos->{user} = $req->{user};
# Store type
$infos->{_type} = "mail";
$infos->{_type} = 'mail';
# Store pdata
$infos->{_pdata} = $req->pdata;
@ -270,22 +270,22 @@ sub _reset {
$self->logger->debug("Mail expiration timestamp: $expTimestamp");
$req->data->{expMailDate} =
strftime( "%d/%m/%Y", localtime $expTimestamp );
strftime( '%d/%m/%Y', localtime $expTimestamp );
$req->data->{expMailTime} =
strftime( "%H:%M", localtime $expTimestamp );
strftime( '%H:%M', localtime $expTimestamp );
# Mail session start date
my $startTimestamp = $mailSession->data->{mailSessionStartTimestamp};
$self->logger->debug("Mail start timestamp: $startTimestamp");
$req->data->{startMailDate} =
strftime( "%d/%m/%Y", localtime $startTimestamp );
strftime( '%d/%m/%Y', localtime $startTimestamp );
$req->data->{startMailTime} =
strftime( "%H:%M", localtime $startTimestamp );
strftime( '%H:%M', localtime $startTimestamp );
# Ask if user wants an another confirmation email
if ( $req->data->{mailAlreadySent}
and !$req->param('resendconfirmation') )
and not $req->param('resendconfirmation') )
{
$self->userLogger->notice(
'Reset mail already sent to ' . $req->{user} );
@ -405,14 +405,12 @@ sub changePwd {
# Check if user wants to generate the new password
if ( $req->param('reset') ) {
$self->logger->debug(
"Reset password request for " . $req->{sessionInfo}->{_user} );
"Reset password request for $req->{sessionInfo}->{_user}");
# Generate a complex password
my $password =
$self->gen_password( $self->conf->{randomPasswordRegexp} );
$self->logger->debug( "Generated password: " . $password );
$self->logger->debug("Generated password: $password");
$req->data->{newpassword} = $password;
$req->data->{confirmpassword} = $password;
$req->data->{forceReset} = 1;
@ -490,7 +488,7 @@ sub changePwd {
unless $self->send_mail( $req->data->{mailAddress}, $subject, $body,
$html );
PE_MAILOK;
return PE_MAILOK;
}
sub setSecurity {
@ -498,9 +496,10 @@ sub setSecurity {
if ( $self->captcha ) {
$self->captcha->setCaptcha($req);
}
elsif ( $self->conf->{requireToken} ) {
elsif ( $self->ottRule->( $req, {} ) ) {
$self->ott->setToken($req);
}
return 1;
}
sub display {
@ -522,7 +521,7 @@ sub display {
MAILALREADYSENT => $req->data->{mailAlreadySent},
MAIL => (
$self->p->checkXSSAttack( 'mail', $req->{user} )
? ""
? ''
: $req->{user}
),
DISPLAY_FORM => 0,
@ -532,7 +531,8 @@ sub display {
DISPLAY_PASSWORD_FORM => 0,
);
if ( $req->data->{mailToken}
and !$self->p->checkXSSAttack( 'mail_token', $req->data->{mailToken} ) )
and
not $self->p->checkXSSAttack( 'mail_token', $req->data->{mailToken} ) )
{
$tplPrm{MAIL_TOKEN} = $req->data->{mailToken};
}
@ -554,7 +554,7 @@ sub display {
or $req->error == PE_CAPTCHAERROR
or $req->error == PE_CAPTCHAEMPTY
)
and !$req->data->{mailToken}
and not $req->data->{mailToken}
)
{
$self->logger->debug('Display form');

11
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Register.pm
View File

@ -25,7 +25,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
our $VERSION = '2.1.0';
extends 'Lemonldap::NG::Portal::Main::Plugin',
'Lemonldap::NG::Portal::Lib::SMTP';
'Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Lib::_tokenRule';
# PROPERTIES
@ -77,7 +77,7 @@ sub init {
}
# Initialize form token if needed (captcha provides also a token)
elsif ( $self->conf->{requireToken} ) {
else {
$_[0]->ott(
$_[0]->p->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken') )
or return 0;
@ -165,9 +165,10 @@ sub _register {
and
!$self->getRegisterSession( $req->data->{registerInfo}->{mail} ) )
{
# Check if token exists
my $token;
if ( $self->ott or $self->captcha ) {
if ( $self->ottRule->( $req, {} ) or $self->captcha ) {
$token = $req->param('token');
unless ($token) {
$self->setSecurity($req);
@ -199,7 +200,7 @@ sub _register {
}
$self->logger->debug("Captcha code verified");
}
elsif ( $self->ott ) {
elsif ( $self->ottRule->( $req, {} ) ) {
unless ( $self->ott->getToken($token) ) {
$self->setSecurity($req);
$self->userLogger->notice(
@ -530,7 +531,7 @@ sub setSecurity {
if ( $self->captcha ) {
$self->captcha->setCaptcha($req);
}
elsif ( $self->ott ) {
elsif ( $self->ottRule->( $req, {} ) ) {
$self->ott->setToken($req);
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/ar.json
View File

@ -259,4 +259,4 @@
"yourPhone":"رقم هاتفك",
"yourProfile":"ملفك الشخصي",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/de.json
View File

@ -259,4 +259,4 @@
"yourPhone":"Ihre Telefonnummer",
"yourProfile":"Ihr Profil",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/en.json
View File

@ -252,7 +252,7 @@
"yourIdentity":"Your identity",
"yourIdentityIs":"Your identity is",
"yourKeyIsRegistered":"Your key is registered",
"yourKeyIsAlreadyRegistered" : "Your key is ALREADY registered !!!",
"yourKeyIsAlreadyRegistered":"Your key is ALREADY registered !!!",
"yourKeyIsUnregistered":"Your key has been unregistered",
"yourKeyIsVerified":"Your key is verified",
"yourNewTotpKey":"Your new TOTP key, please test it and enter the code",

2
lemonldap-ng-portal/site/htdocs/static/languages/es.json
View File

@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/fr.json
View File

@ -252,7 +252,7 @@
"yourIdentity":"Votre identité",
"yourIdentityIs":"Votre identité est",
"yourKeyIsRegistered":"Votre clef est enregistrée",
"yourKeyIsAlreadyRegistered" : "Votre clef est déjà enregistrée !!!",
"yourKeyIsAlreadyRegistered":"Votre clef est déjà enregistrée !!!",
"yourKeyIsUnregistered":"Votre clef a été supprimée",
"yourKeyIsVerified":"Votre clef est vérifiée",
"yourNewTotpKey":"Votre nouvelle clef TOTP. Testez-la et entrez le code",

2
lemonldap-ng-portal/site/htdocs/static/languages/it.json
View File

@ -259,4 +259,4 @@
"yourPhone":"Numero di telefono",
"yourProfile":"Il tuo profilo",
"yourTotpKey":"La tua chiave TOTP"
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/nl.json
View File

@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/pt.json
View File

@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/ro.json
View File

@ -259,4 +259,4 @@
"yourPhone":"Your phone number",
"yourProfile":"Your profile",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/vi.json
View File

@ -259,4 +259,4 @@
"yourPhone":"Số điện thoại của bạn",
"yourProfile":"Profile của bạn",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/htdocs/static/languages/zh.json
View File

@ -259,4 +259,4 @@
"yourPhone":"您的电话号码",
"yourProfile":"您的档案",
"yourTotpKey":"Your TOTP key"
}
}

2
lemonldap-ng-portal/site/templates/common/mail/ar.json
View File

@ -15,4 +15,4 @@
"requestIssuedFromIP":"الطلب قد أرسل من عنوان الآي بي",
"yourLoginCodeIs":"Your login code is",
"yourLoginIs":"تسجيل الدخول الخاص بك هو"
}
}

2
lemonldap-ng-portal/site/templates/common/mail/it.json
View File

@ -15,4 +15,4 @@
"requestIssuedFromIP":"La richiesta è stata emessa da IP",
"yourLoginCodeIs":"Your login code is",
"yourLoginIs":"Il tuo login é"
}
}

2
lemonldap-ng-portal/site/templates/common/mail/vi.json
View File

@ -15,4 +15,4 @@
"requestIssuedFromIP":"Yêu cầu được gửi đi từ địa chỉ IP",
"yourLoginCodeIs":"Your login code is",
"yourLoginIs":"Đăng nhập của bạn là"
}
}

2
lemonldap-ng-portal/site/templates/common/mail/zh_CN.json
View File

@ -15,4 +15,4 @@
"requestIssuedFromIP":"此请求来自IP地址",
"yourLoginCodeIs":"Your login code is",
"yourLoginIs":"您登陆的账户是"
}
}

7
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t
View File

@ -11,7 +11,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 21;
my $maintests = 22;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -131,6 +131,11 @@ SKIP: {
'Post authentication'
);
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse' );

7
lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t
View File

@ -11,7 +11,7 @@ BEGIN {
require 't/saml-lib.pm';
}
my $maintests = 16;
my $maintests = 17;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -99,6 +99,11 @@ SKIP: {
);
expectOK($res);
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
( $host, $url, $query ) =
expectForm( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse', 'RelayState' );

6
lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t
View File

@ -113,6 +113,12 @@ ok(
);
count(1);
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
count(1);
my ($query) =
expectRedirection( $res, qr#^http://auth.sp.com/\?(ticket=[^&]+)$# );

6
lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-with-choice.t
View File

@ -11,7 +11,7 @@ BEGIN {
}
eval { unlink 't/userdb.db' };
my $maintests = 22;
my $maintests = 23;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@ -132,6 +132,10 @@ SKIP: {
expectRedirection( $res, qr#^http://auth.sp.com/\?(ticket=[^&]+)$# );
my $idpId = expectCookie($res);
# Expect pdata to be cleared
$pdata = expectCookie( $res, 'lemonldappdata' );
ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
# Back to SP
switch ('sp');

109
lemonldap-ng-portal/t/35-REST-sessions-with-AuthBasic-handler.t Normal file
View File

@ -0,0 +1,109 @@
use lib 'inc';
use strict;
use IO::String;
use JSON;
use MIME::Base64;
use Test::More;
our $debug = 'error';
my ( $p, $res, $spId );
$| = 1;
require 't/separate-handler.pm';
require "t/test-lib.pm";
ok( $p = issuer(), 'Issuer portal' );
count(1);
# BEGIN TESTS
ok( $res = handler( req => [ GET => 'http://test2.example.com/' ] ),
'Simple request to handler' );
ok( getHeader( $res, 'WWW-Authenticate' ) eq 'Basic realm="LemonLDAP::NG"',
'Get WWW-Authenticate header' );
count(2);
my $subtest = 0;
foreach my $user (qw(dwho rtyler)) {
ok(
$res = handler(
req => [
GET => 'http://test2.example.com/',
[
'Authorization' => 'Basic '
. encode_base64( "$user:$user", '' )
]
],
sub => sub {
my ($res) = @_;
$subtest++;
subtest 'REST request to Portal' => sub {
plan tests => 3;
ok( $res->[0] eq 'POST', 'Get POST request' );
my ( $url, $query ) = split /\?/, $res->[1];
ok(
$res = $p->_post(
$url, IO::String->new( $res->[3] ),
length => length( $res->[3] ),
query => $query,
),
'Push request to portal'
);
ok( $res->[0] == 200, 'Response is 200' );
return $res;
};
count(1);
return $res;
},
),
'AuthBasic request'
);
count(1);
expectOK($res);
expectAuthenticatedAs( $res, $user );
}
ok( $subtest == 2, 'REST requests were done by handler' );
count(1);
foreach my $user (qw(dwho rtyler)) {
ok(
$res = handler(
req => [
GET => 'http://test2.example.com/',
[
'Authorization' => 'Basic '
. encode_base64( "$user:$user", '' )
]
],
sub => sub {
$subtest++;
fail "Cache didn't work";
return [ 500, [], [] ];
},
),
'New AuthBasic request'
);
ok( $subtest == 2, 'Handler used its local cache' );
count(2);
expectOK($res);
expectAuthenticatedAs( $res, $user );
}
end_handler();
clean_sessions();
done_testing( count() );
sub issuer {
return LLNG::Manager::Test->new( {
ini => {
logLevel => $debug,
templatesDir => 'site/htdocs/static',
domain => 'idp.com',
portal => 'http://auth.idp.com',
authentication => 'Demo',
userDB => 'Same',
restSessionServer => 1,
}
}
);
}

Some files were not shown because too many files have changed in this diff Show More