From 9b901066e06019385efd726ae3e79db809343dcc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Sponsored by
diff --git a/doc/pages/documentation/1.4/applications.html b/doc/pages/documentation/1.4/applications.html
index 1628d29b0..b2b044a76 100644
--- a/doc/pages/documentation/1.4/applications.html
+++ b/doc/pages/documentation/1.4/applications.html
@@ -158,10 +158,10 @@ Applications listed bellow are known to be easy to integrate in
+
+CornerStone On Demand (CSOD) allows to use SAML to authenticate users. It works by default with IDP intiated mechanism, but can works with the standard SP initiated cinematic.
+
+To work with LL::NG it requires:
+
+
+You should have configured LL::NG as an SAML Identity Provider,
+
+Now we will add CSOD as a new SAML Service Provider:
+
+
+
+CSOD needs two things to configure LL::NG as an IDP:
+* Certificate
+* SAML assertion
+
+
+For the certificate, you can build it from the signing private key registered in Manager. Select the key, and export it (button
+After choosing the file name (for example lemonldapn-ng-priv.key), download the key on your disk.
+
+Then use openssl to generate an auto-signed certificate:
+
+
+
+You need to use the IDP initiated feature of LL::NG. Just call this URL:
+
+
+
+
+Note that you need to have the OmegaT tool to generate the doc.
+
+Alphabetical Index
A
applications
authad
authapache
authbasic
authbrowserid
authcas
authchoice
authdbi
authdemo
authfacebook
authgoogle
authldap
authmulti
authnull
authopenid
authproxy
authradius
authremote
authsaml
authslave
authssl
authtwitter
authwebid
authyubikeyB
C
D
E
F
G
H
I
J
L
M
N
O
P
passwordstore
performances
phpldapadmin
playground
portal
portalcustom
portalmenu
prereq
presentation
pressQ
R
S
samlservice
screenshots
securetoken
security
selfmadeapplication
sessions
soapconfbackend
soapminihowto
soapservices
soapsessionbackend
spring
sqlconfbackend
sqlsessionbackend
ssocookie
start
status
sympa
syntaxT
U
V
W
Z
\ No newline at end of file
+Alphabetical Index
A
applications
authad
authapache
authbasic
authbrowserid
authcas
authchoice
authdbi
authdemo
authfacebook
authgoogle
authldap
authmulti
authnull
authopenid
authproxy
authradius
authremote
authsaml
authslave
authssl
authtwitter
authwebid
authyubikeyB
C
D
E
F
G
H
I
J
L
M
N
O
P
passwordstore
performances
phpldapadmin
playground
portal
portalcustom
portalmenu
prereq
presentation
pressQ
R
S
samlservice
screenshots
securetoken
security
selfmadeapplication
sessions
soapconfbackend
soapminihowto
soapservices
soapsessionbackend
spring
sqlconfbackend
sqlsessionbackend
ssocookie
start
status
sympa
syntaxT
U
V
W
Z
\ No newline at end of file
diff --git a/doc/pages/contact.html b/doc/pages/contact.html
index 30f5e65d9..c71bc9a5c 100644
--- a/doc/pages/contact.html
+++ b/doc/pages/contact.html
@@ -73,7 +73,6 @@ No IRC client? Reporting a bug
\ No newline at end of file
diff --git a/doc/pages/default_sidebar.html b/doc/pages/default_sidebar.html
index 8961218c3..406028948 100644
--- a/doc/pages/default_sidebar.html
+++ b/doc/pages/default_sidebar.html
@@ -21,10 +21,6 @@
-
-
-
Google Apps Zimbra SAP
+ Google Apps Zimbra SAP Cornerstone
-
diff --git a/doc/pages/documentation/1.4/applications/cornerstone.html b/doc/pages/documentation/1.4/applications/cornerstone.html
new file mode 100644
index 000000000..eaa02c7d4
--- /dev/null
+++ b/doc/pages/documentation/1.4/applications/cornerstone.html
@@ -0,0 +1,158 @@
+
+
+
+
+
+
+
+
Cornerstone On Demand
+
+
+Presentation
+
+
+
+Configuration
+New Service Provider
+
+
+New service provider
.Email
in Options
» Authentication Response
» Default NameID format
Metadata
, and unprotect the field to paste the following value:<md:EntityDescriptor entityID="mycompanyid.csod.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
+ <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+Base64 encoded CSOD certificate
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mycompanyid.csod.com/samldefault.aspx" index="1" />
+ <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
+ </SPSSODescriptor>
+</md:EntityDescriptor>
+
+AssertionConsumerService
markup, parameter Location
) into your CSOD company ID and put the certificate value inside the ds:X509Certificate markup
+CSOD control panel
+Certificate
+Download this file
):
+
+openssl req -new -key lemonldap-ng-priv.key -out cert.csr
+openssl x509 -req -days 3650 -in cert.csr -signkey lemonldap-ng-priv.key -out cert.pem
+
+
+SAML assertion
+
+https://auth.example.com/saml/singleSignOn?IDPInitiated=1&sp=mycompanyid.csod.com
+
+
+
diff --git a/doc/pages/documentation/1.4/installtarball.html b/doc/pages/documentation/1.4/installtarball.html
index 931cc228e..d818cb215 100644
--- a/doc/pages/documentation/1.4/installtarball.html
+++ b/doc/pages/documentation/1.4/installtarball.html
@@ -105,6 +105,23 @@ make test
sudo make install
+
-
Google Apps Zimbra SAP
+ Google Apps Zimbra SAP Cornerstone
-
+
+make fr-doc
+make install_fr_doc_site
+
+
+
You can modify location of default storage configuration file in configure target:
@@ -219,7 +236,7 @@ See also
-
+
-Lemonldap::NG is designed to be very performant. In particular, it use Apache2 threads capabilities so to optimize performances, prefer using mpm-worker.
+LemonLDAP::NG is designed to be very performant. In particular, it use Apache2 threads capabilities so to optimize performances, prefer using mpm-worker.
+
+On linux, by default, there is no DNS cache and LemonLDAP::NG portal request DNS at every connexions on LDAP or DB. Under heavy loads, that can generated hundred of DNS queries and many errors on LDAP connexions (timed out) from IO::Socket.
+
+To bypass this, you can:
+* Use IP in configuration to avoid DNS resolution
+* Install a DNS cache like nscd, netmask or bind
+Link Apache configuration
Install cron jobs
DNS
\ No newline at end of file
+
\ No newline at end of file
diff --git a/doc/pages/documentation/1.4/performances.html b/doc/pages/documentation/1.4/performances.html
index b63b9ced0..e5677558c 100644
--- a/doc/pages/documentation/1.4/performances.html
+++ b/doc/pages/documentation/1.4/performances.html
@@ -27,11 +27,27 @@
Global performance
+Handler performance
Macros and groups
Local macros
Portal performances
General performances
Configuration access
useLocalConf
to 1 in lemonldap-ng.ini (section [Portal])
Starting performances
Apache::Session performances
LDAP performances
-For Apache2, you can use both mpm-worker and mpm-prefork. Mpm-worker works faster and LemonLDAP::NG use the thread system for best performance. If you have to use mpm-prefork (for example if you use PHP), LemonLDAP::NG will work anyway. +For Apache2, you can use all workers mpm-worker, mpm-prefork and mpm-event. Mpm-worker works faster and LemonLDAP::NG use the thread system for best performance. If you have to use mpm-prefork (for example if you use PHP), LemonLDAP::NG will work anyway.
-You can use LemonLDAP::NG in an heterogeneous world: the authentication portal and the manager can work in any version of Apache even if mod_perl is not compiled, with ModPerl::Registry or not,… or behind any web server able to launch CGIs. Only the handler need mod_perl 2. +You can use LemonLDAP::NG in an heterogeneous world: the authentication portal and the manager can work in any version of Apache even if mod_perl is not compiled, with ModPerl::Registry or not,… or behind any web server able to launch CGIs. Only the handler needs mod_perl 2.
- +-apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl libstring-random-perl libemail-date-format-perl libmime-lite-perl libcrypt-openssl-rsa-perl libdigest-hmac-perl libclone-perl libauthen-sasl-perl +apt-get install apache2 libapache2-mod-perl2 libapache-session-perl libnet-ldap-perl libcache-cache-perl libdbi-perl perl-modules libwww-perl libcache-cache-perl libxml-simple-perl libsoap-lite-perl libhtml-template-perl libregexp-assemble-perl libjs-jquery libxml-libxml-perl libcrypt-rijndael-perl libio-string-perl libxml-libxslt-perl libconfig-inifiles-perl libjson-perl libstring-random-perl libemail-date-format-perl libmime-lite-perl libcrypt-openssl-rsa-perl libdigest-hmac-perl libclone-perl libauthen-sasl-perl libnet-cidr-lite-perl libcrypt-openssl-x509-perl libauthcas-perl libtest-pod-perl libtest-mockobject-perl libauthen-captcha-perl libnet-openid-consumer-perl libnet-openid-server-perl libunicode-string-perl libconvert-pem-perl
Event | Location | Speaker | Language | Links | +
---|---|---|---|---|
JRES 2013 | Montpellier | Xavier Montagutelli | ![]() | Presentation | +
OW2 Con | Issy Les Moulineaux | David COUTADEUR | ![]() | SlideShare + Dailymotion |
+