Update doc (#2385)
This commit is contained in:
parent
49905d4759
commit
726b327bda
|
@ -75,6 +75,12 @@ Define here:
|
|||
$env->{urldc} =~ /test1\.example\.com/
|
||||
|
||||
|
||||
.. note::
|
||||
|
||||
Federated authentication need pdata cookie.
|
||||
SameSite cookie value must be set to "Lax" or "None".
|
||||
See :doc:`SSO cookie parameters<ssocookie>`
|
||||
|
||||
.. note::
|
||||
|
||||
Authentication request to an another URL than Portal URL can lead
|
||||
|
@ -100,7 +106,7 @@ Define here:
|
|||
.. tip::
|
||||
|
||||
You can also override some LLNG parameters for each chain. See
|
||||
:doc:`Parameter list<parameterlist>` to have the key names to use
|
||||
:doc:`Parameters list<parameterlist>` to have the key names to use
|
||||
|
||||
.. |image0| image:: /documentation/manager-choice.png
|
||||
:class: align-center
|
||||
|
|
|
@ -56,7 +56,7 @@ Google France Connect
|
|||
|
||||
.. attention::
|
||||
|
||||
OpenID-Connect specification isn't finished for logout
|
||||
OpenID-Connect specification is not finished for logout
|
||||
propagation. So logout initiated by relaying-party will be forward to
|
||||
OpenID-Connect provider but logout initiated by the provider (or another
|
||||
RP) will not be propagated. LLNG will implement this when spec will be
|
||||
|
@ -127,7 +127,9 @@ parameter, for example:
|
|||
.. attention::
|
||||
|
||||
If you use the :doc:`choice backend<authchoice>`, you
|
||||
need to add the choice parameter in redirect URL
|
||||
need to add the choice parameter in redirect URL or
|
||||
set SameSite cookie value to "Lax" or "None".
|
||||
See :doc:`SSO cookie parameters<ssocookie>`
|
||||
|
||||
After registration, the OP must give you a client ID and a client
|
||||
secret, that will be used to configure the OP in LL::NG.
|
||||
|
@ -148,6 +150,8 @@ The OP should publish its metadata in a JSON file (see for example
|
|||
`Google
|
||||
metadata <https://accounts.google.com/.well-known/openid-configuration>`__).
|
||||
Copy the content of this file in the textarea.
|
||||
Portal discovery document can be found here:
|
||||
https://#portal#/.well-known/openid-configuration
|
||||
|
||||
If no metadata is available, you need to write them in the textarea.
|
||||
Mandatory fields are:
|
||||
|
@ -217,7 +221,7 @@ Options
|
|||
- **Client ID**: Client ID given by OP
|
||||
- **Client secret**: Client secret given by OP
|
||||
- **Store ID token**: Allows one to store the ID token (JWT) inside
|
||||
user session. Don't enable it unless you need to replay this token
|
||||
user session. Do not enable it unless you need to replay this token
|
||||
on an application, or if you need the id_token_hint parameter when
|
||||
using logout.
|
||||
|
||||
|
|
|
@ -38,8 +38,8 @@ To edit SSO cookie parameters, go in Manager, ``General Parameters`` >
|
|||
expiration time and use a session cookie.
|
||||
- **Cookie SameSite value**: the value of the SameSite cookie attribute. By
|
||||
default, LemonLDAP::NG will set it to "Lax" in most cases, and "None" if you
|
||||
use SAML. Using "None" requres Secured Cookies, and accessing applications
|
||||
over HTTPS on most web browsers.
|
||||
use federated authentiication like SAML or OIdC. Using "None" requires Secured Cookies,
|
||||
and accessing applications over HTTPS on most web browsers.
|
||||
|
||||
|
||||
.. danger::
|
||||
|
|
Loading…
Reference in New Issue
Block a user