Fr translation until openidconnectservice
This commit is contained in:
Xavier Guimard
parent
9569ad4b5f
commit
9da03d48d0
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
|
@ -13594,6 +13594,14 @@ SSLCertificateFile ...</seg>
|
|||
<seg><a0>LL::NG</a0> peut agir comme un serveur OpenID 2.0, ce qui permet de fédérer <a1>LL::NG</a1> avec :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><a0>LL::NG</a0> can act as an OpenID Connect Provider (OP).</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201027Z" changeid="xavier">
|
||||
<seg><a0>LL::NG</a0> peut agir comme fournisseur OpenID-Connect (OP).</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><a0>LL::NG</a0> can act as an OpenID Connect Relying Party (RP) towards multiple OpenID Connect Providers (OP).</seg>
|
||||
|
|
@ -13834,6 +13842,14 @@ SSLCertificateFile ...</seg>
|
|||
<seg><a0>LL::NG</a0> est compatible avec <a1>la politique de mots-de-passe LDAP</a1> :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><a0>LL::NG</a0> is compatible with the <a1>CAS protocol</a1> versions 1.0, 2.0 and part of 3.0 (attributes exchange).</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200417Z" changeid="xavier">
|
||||
<seg><a0>LL::NG</a0> est compatible avec le <a1>protocole CAS</a1> versions 1.0, 2.0 et en partie 3.0 (echange d'attributs).</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><a0>LL::NG</a0> is compatible with the <a1>CAS</a1> protocol <a2>versions 1.0 and 2.0</a2>.</seg>
|
||||
|
|
@ -13898,6 +13914,14 @@ SSLCertificateFile ...</seg>
|
|||
<seg><a0>LL::NG</a0> fournit une valve, disponible sur <a1>page de téléchargement</a1>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><a0>LL::NG</a0> publish its OpenID Connect metadata to ease the configuration of client.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202003Z" changeid="xavier">
|
||||
<seg><a0>LL::NG</a0> publie ses métadonnées OpenID-Connect pour faciliter la configuration du client.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><a0>LL::NG</a0> rely on a session mechanism with the session ID as a shared secret between the user (in <a1>SSO cookie</a1>) and the <a2>session database</a2>.</seg>
|
||||
|
|
@ -17080,6 +17104,14 @@ SSLCertificateFile ...</seg>
|
|||
<seg><c0>manager</c0> pour le manager</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><c0>prompt</c0>, <c1>display</c1>, <c2>ui_locales</c2>, <c3>max_age</c3> parameters</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201343Z" changeid="xavier">
|
||||
<seg>paramètres <c0>prompt</c0>, <c1>display</c1>, <c2>ui_locales</c2> et <c3>max_age</c3></seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><c0>skip</c0>: all is open!</seg>
|
||||
|
|
@ -17612,6 +17644,14 @@ Display<s14>-</s14>Name <s15>-></s15> <s16>$dis
|
|||
<seg><s0><a1>Menu des applications</a1></s0> : affiche les applications autorisées dans les catégories</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0><a1>CAS</a1> attributes</s0>: list of attributes that will be transmitted in validate response.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200730Z" changeid="xavier">
|
||||
<seg><s0>Attributs <a1>CAS</a1></s0> : liste des attributs qui seront transmis dans les réponses validées.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0><a1>CAS</a1> login</s0>: the session key used to fill user login (value will be transmitted to <a2>CAS</a2> clients).</seg>
|
||||
|
|
@ -18214,6 +18254,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Politique de contrôle d'accès</s0> : definit si le contrôle d'accès doit être fait sur le service <a1>CAS</a1>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Access token expiration</s0>: Expiration time of Access Tokens</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T203259Z" changeid="xavier">
|
||||
<seg><s0>Expiration des jetons d'accès</s0>: Délai d'expiration des jetons d'accès</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Account session key</s0>: session field used as Zimbra user account (by default: uid)</seg>
|
||||
|
|
@ -18510,6 +18558,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Table d'authentification</s0> : nom de la table d'authentification</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Authentication</s0>:</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202800Z" changeid="xavier">
|
||||
<seg><s0>Authentification</s0>:</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Authentication</s0>: how authenticate users</seg>
|
||||
|
|
@ -18766,6 +18822,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Vérifier l'historique</s0> : affiche une case à cocher sur le formulaire d'authentification permettant à l'utilisateur d'examiner son historique de connexion après l'ouverture de la session</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Client ID</s0>: Client ID for this RP</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202921Z" changeid="xavier">
|
||||
<seg><s0>Identifiant</s0> : identifiant client de ce RP</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Client ID</s0>: Client ID given by OP</seg>
|
||||
|
|
@ -18774,6 +18838,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Identifiant client</s0> : identifiant client donné par l'OP</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Client secret</s0>: Client secret for this RP (can be use for symmetric signature)</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202954Z" changeid="xavier">
|
||||
<seg><s0>Mot-de-passe</s0> : secret partagé avec ce RP (peut être utilisé pour la signature symétrique)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Client secret</s0>: Client secret given by OP</seg>
|
||||
|
|
@ -19014,6 +19086,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Afficher les sessions effacées</s0> : affiche les sessions effacées lors de la phase d'authentification.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Display name</s0>: Name of the RP application</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T203018Z" changeid="xavier">
|
||||
<seg><s0>Affichage</s0> : Nom de l'application RP</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Display name</s0>: Name of the application</seg>
|
||||
|
|
@ -19180,6 +19260,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg>Les <s0>bases de données externes</s0>: non gérées par LemonLDAP::NG, par exemple la base des utilisateurs</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Extra claims</s0>: Associate attributes to extra claims if the RP request them, for example <c1>birth</c1> ⇒ <c2>birthplace birthcountry</c2></seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T203459Z" changeid="xavier">
|
||||
<seg><s0>Déclaration (scopes/claims)</s0> : attributs associés à des "claims" supplémentaires si le RP les demande, par exemple <c1>birth</c1> ⇒ <c2>birthplace birthcountry</c2></seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Extract form info</s0>: get login/password, certificate, environment variable (depending on authentication module)</seg>
|
||||
|
|
@ -19420,6 +19508,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>How do users authenticate?</s0>: by login</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>ID Token expiration</s0>: Expiration time of ID Tokens</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T203222Z" changeid="xavier">
|
||||
<seg><s0>Expiration des jetons d'identité</s0>: Délai d'expiration des jetons d'identité</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>ID Token max age</s0>: If defined, <a1>LL::NG</a1> will check the date of ID token and refuse it if it is too old</seg>
|
||||
|
|
@ -19428,6 +19524,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Durée de vie max des jetons</s0> : si défini, <a1>LL::NG</a1> examinera la date du jeton d'identification et refusera les jetons trop anciens</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>ID Token signature algorithm</s0>: Select one of <c1>none</c1>, <c2>HS256</c2>, <c3>HS384</c3>, <c4>HS512</c4>, <c5>RS256</c5>, <c6>RS384</c6>, <c7>RS512</c7></seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T203147Z" changeid="xavier">
|
||||
<seg><s0>Algorithme de signature des jetons d'identité</s0> : Choisir entre <c1>none</c1>, <c2>HS256</c2>, <c3>HS384</c3>, <c4>HS512</c4>, <c5>RS256</c5>, <c6>RS384</c6>, <c7>RS512</c7></seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>IDP resolution cookie name</s0>: by default, it's the <a1>LL::NG</a1> cookie name suffixed by <c2>idp</c2>, for example: <c3>lemonldapidp</c3>.</seg>
|
||||
|
|
@ -19684,6 +19788,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Historique de connexion</s0> : affiche les derniers succès et échecs de connexion</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Logo</s0>: Logo of the RP application</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T203027Z" changeid="xavier">
|
||||
<seg><s0>Logo</s0>: Logo l'application RP</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Logo</s0>: Logo of the application</seg>
|
||||
|
|
@ -20198,6 +20310,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Chemin</s0> : laisser <c1>^/cas/</c1> sauf si le fichier de <a2>configuration Apache du portail</a2> a été modifiée.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Path</s0>: keep <c1>^/oauth2/</c1> unless you need to use another path (in this case, you need to adapt Apache configuration)</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201802Z" changeid="xavier">
|
||||
<seg><s0>Path</s0> : conserver <c1>^/oauth2/</c1> sauf s'il faut un autre chemin (dans ce cas, adapter la configuration Apache)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Path</s0>: keep <c1>^/openidserver/</c1> unless you have change <a2>Apache portal configuration</a2> file.</seg>
|
||||
|
|
@ -20366,6 +20486,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>Redirect</s0>: redirect user on protected application or on Portal (applications menu)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Redirection addresses</s0>: Space separated list of redirect addresses allowed for this RP</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T203349Z" changeid="xavier">
|
||||
<seg><s0>Adresses de redirection</s0> : liste d'adresses de redirection autorisées pour ce RP, séparées par des espaces</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>Regexp for password generation</s0>: Regular expression used to generate the password (default: [A-Z]{3}[a-z]{5}.\d{2})</seg>
|
||||
|
|
@ -21114,6 +21242,14 @@ reload.example.com<s3>=</s3><s4>http://reload.example.com/relo
|
|||
<seg><s0>User Header</s0>: Auth-User (case sensitive)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>User attribute</s0>: session field that with be used as main identifier (<c1>sub</c1>)</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T203109Z" changeid="xavier">
|
||||
<seg><s0>Attribut utilisateur</s0> : attribut de session à utiliser comme identifiant principal (<c1>sub</c1>)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg><s0>User attribute</s0>: which session attribute will be used to display <c1>Connected as</c1> in the menu</seg>
|
||||
|
|
@ -25578,6 +25714,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Liste de contrôle d'accès</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Access Token Hash generation</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201520Z" changeid="xavier">
|
||||
<seg>Génération de hash de jeton d'accès</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Access Token Hash verification</seg>
|
||||
|
|
@ -26338,6 +26482,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Un exemple est disponible dans l'arborescence des sources : lemonldap-ng-portal/example/index.fcgi</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>An example of its content:</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202100Z" changeid="xavier">
|
||||
<seg>Un exemple de son contenu :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>And a protected virtual host with LemonLDAP::NG as reverse proxy:</seg>
|
||||
|
|
@ -26466,6 +26618,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Le <a0>module SetEnvIf</a0> d'Apache peut transformer l'en-tête <a1>HTTP</a1> Auth-User en variable d'environnement <c2>REMOTE_USER</c2> :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Apache <a0>SetEnvIf module</a0> will let you transform the Auth-User HTTP header in <c1>REMOTE_USER</c1> environment variable:</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200126Z" changeid="xavier">
|
||||
<seg>Le <a0>module SetEnvIf</a0> d'Apache peut transformer l'en-tête HTTP Auth-User en variable d'environnement <c1>REMOTE_USER</c1> :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Apache Kerberos module</seg>
|
||||
|
|
@ -26778,6 +26938,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Comme administrateur, aller dans le panneau de contrôle Google Apps et cliquer sur les outils avancés click (Advanced tools) :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>As an OP, <a0>LL::NG</a0> supports a lot of OpenID Connect features:</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201223Z" changeid="xavier">
|
||||
<seg>Comme OP, <a0>LL::NG</a0> supporte de nombreuses fonctionnalités OpenID-Connect :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>As an RP, <a0>LL::NG</a0> supports a lot of OpenID Connect features:</seg>
|
||||
|
|
@ -27074,6 +27242,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Le choix d'authentication est également enregistré dans la session :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Authentication context Class References (ACR)</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201451Z" changeid="xavier">
|
||||
<seg>Références de classe de contexte d'authentification (ACR)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Authentication contexts</seg>
|
||||
|
|
@ -27266,6 +27442,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Débit de code d'autorisation</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Authorization Code, Implicit and Hybrid flows</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201305Z" changeid="xavier">
|
||||
<seg>Flux de codes d'authorisation, implicites et hybrides</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Authorization is controlled only by Handlers.</seg>
|
||||
|
|
@ -28810,6 +28994,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Configuration de l'hôte virtuel Apache</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Configuration of LL::NG in Relying Party</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201836Z" changeid="xavier">
|
||||
<seg>Configuration de LL::NG en "Relying Party" (client)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Configuration of LemonLDAP::NG</seg>
|
||||
|
|
@ -28818,6 +29010,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Configuration de LemonLDAP::NG</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Configuration of Relying Party in LL::NG</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202158Z" changeid="xavier">
|
||||
<seg>Configuration du client (Relying Party) dans LL::NG</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Configuration overview</seg>
|
||||
|
|
@ -30618,6 +30818,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Menu dynamique des applications</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Dynamic registration</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201505Z" changeid="xavier">
|
||||
<seg>Enregistrement dynamique</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>E</seg>
|
||||
|
|
@ -30642,6 +30850,14 @@ multi <s13>=></s13> <s14>{</s14></seg>
|
|||
<seg>Chaque module d'authentification de <a0>LL::NG</a0> dispose d'un niveau d'authentification qui peut être associé à un <a1>contexte d'authentification SAML</a1>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Each Relying Party has its own configuration way.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201933Z" changeid="xavier">
|
||||
<seg>Chaque client (Relying Party) a sa propre forme de configuration.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Each SREG attribute will be associated to a user session key.</seg>
|
||||
|
|
@ -31438,6 +31654,14 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
|
|||
<seg>L'utilisateur externe clique pour être redirigé vers le second portail</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Extra claims definition</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201407Z" changeid="xavier">
|
||||
<seg>Définitions réclamées supplémentaires</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Extract</seg>
|
||||
|
|
@ -32710,6 +32934,14 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
|
|||
<seg>Donner un nom technique (sans espaces ni caratères speciaux), tel “sample-op” ;</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Give a technical name (no spaces, no special characters), like “sample-rp”;</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202328Z" changeid="xavier">
|
||||
<seg>Donner un nom technique (sans espaces ni caratères speciaux), tel “sample-rp” ;</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Give display name</seg>
|
||||
|
|
@ -32758,6 +32990,14 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
|
|||
<seg>Dans le manager, aller dans <c0>Paramètres généraux</c0> > <c1>Modules fournisseurs</c1> » <c2><a3>SAML</a3> et configurer :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Go in <c0>General Parameters</c0> » <c1>Issuer modules</c1> » <c2>OpenID Connect</c2> and configure:</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201718Z" changeid="xavier">
|
||||
<seg>Aller dans <c0>Paramètres généraux</c0> > <c1>Modules fournisseurs</c1> » <c2>OpenID-Connect</c2> et configurer :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Go in <c0>General parameters</c0> > <c1>Portal</c1> > <c2>Captcha</c2>:</seg>
|
||||
|
|
@ -32774,6 +33014,14 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
|
|||
<seg>Allez dans le Manager et cliquez sur le nœud <c0>Service <a1>SAML</a1> 2</c0>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Go in Manager and click on <c0>OpenID Connect Relying Parties</c0>, then click on <c1>Add OpenID Relying Party</c1>.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202317Z" changeid="xavier">
|
||||
<seg>Aller dans le Manager et choisir <c0>Clients OpenID-Connect</c0>, cliquer ensuite sur <c1>Ajouter un client OpenID</c1>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Go in Manager and create a new OpenID Connect provider.</seg>
|
||||
|
|
@ -33686,6 +33934,14 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
|
|||
<seg>I</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>ID Token signature (HS256/HS384/HS512/RS256/RS384/RS512)</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201535Z" changeid="xavier">
|
||||
<seg>Signature du jeton identifiant (HS256/HS384/HS512/RS256/RS384/RS512)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>ID Token validation</seg>
|
||||
|
|
@ -36158,6 +36414,14 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
|
|||
<seg>Il simplifie la construction d'une aire protégée avec peu d'impact sur les applications.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>It will answer to OpenID Connect requests to give user identity (trough ID Token) and information (trough User Info end point).</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201204Z" changeid="xavier">
|
||||
<seg>Il répond aux requêtes OpenID-Connect pour délivrer l'identité de l'utilisateur (via un jeton identifiant) et des informations (via le point d'accès "User Info").</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>It will be prompted if you generate keys, else you can set it in the <c0>Private key password</c0>.</seg>
|
||||
|
|
@ -36462,6 +36726,14 @@ Le nouveau rôle est-il un super-utilisateur ?</seg>
|
|||
<seg>Etapes clefs :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Keys are the name of attribute in the <a2>CAS</a2> response, values are the name of session key.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200820Z" changeid="xavier">
|
||||
<seg>Les clefs sont les noms des attributs de la réponse <a2>CAS</a2>, et les valeurs les noms des clefs de session.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Kinematics</seg>
|
||||
|
|
@ -39442,6 +39714,14 @@ lemonldap-ng=> q</seg>
|
|||
<seg>Bien sûr, il faut <a0>stocker le mot-de-passe dans la session</a0> pour renseigner <a1>PHP</a1>_AUTH_PW.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Of course, you need to <a0>store password in session</a0> to fill PHP_AUTH_PW.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200303Z" changeid="xavier">
|
||||
<seg>Bien sûr, il faut <a0>stocker le mot-de-passe dans la session</a0> pour renseigner PHP_AUTH_PW.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Official repository</seg>
|
||||
|
|
@ -39714,6 +39994,14 @@ lemonldap-ng=> q</seg>
|
|||
<seg>Le support OpenID-2.0 esl clos depuis le 20 avril 2015.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>OpenID Connect Provider</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200959Z" changeid="xavier">
|
||||
<seg>Fournisseur OpenID-Connect</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>OpenID Connect Service</seg>
|
||||
|
|
@ -39762,6 +40050,14 @@ lemonldap-ng=> q</seg>
|
|||
<seg>Fournisseur d'identité OpenID</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>OpenID protocol is deprecated, you should now use <a0>OpenID Connect</a0></seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200925Z" changeid="xavier">
|
||||
<seg>Le protocole OpenID est obsolète, il faut maintenant utiliser <a0>OpenID-Connect</a0>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>OpenID protocol is deprecated.</seg>
|
||||
|
|
@ -40746,6 +41042,14 @@ PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
|
|||
<seg>Le portail ne stocke aucune donnée en dehors de la base de données des sessions, ainsi on peut avoir plusieurs serveurs utilisant le même nom d'hôte <a0>HTTP</a0></seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Portal does not store any data outside the session database, so you can have many portal servers using the same HTTP host name</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200315Z" changeid="xavier">
|
||||
<seg>Le portail ne stocke aucune donnée en dehors de la base de données des sessions, ainsi on peut avoir plusieurs serveurs utilisant le même nom d'hôte HTTP</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Portal gets the session key</seg>
|
||||
|
|
@ -41146,6 +41450,14 @@ PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
|
|||
<seg>Les tickets de proxy seront collectés lors de la phase d'authentification et stockés dans la session utilisateur sous la forme :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Publication of JSON metadata and JWKS data (Discovery)</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201325Z" changeid="xavier">
|
||||
<seg>Publication de métadonnée JSON et JWKS (Discovery)</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Put LemonLDAP::NG tarball in %_topdir/SOURCES</seg>
|
||||
|
|
@ -41722,6 +42034,14 @@ PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
|
|||
<seg>Rapporter un bogue</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Request and Request <a0>URI</a0></seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201618Z" changeid="xavier">
|
||||
<seg>Requête et <a0>URI</a0> de requête</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Request informations</seg>
|
||||
|
|
@ -41954,6 +42274,14 @@ PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
|
|||
<seg>Proxy inverse</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Rewrite rules must have been activated in <a0>Apache portal configuration</a0> or in <a1>Nginx portal configuration</a1>.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200541Z" changeid="xavier">
|
||||
<seg>Le module Rewrite d'Apache doit être activé dans la <a0>configuration Apache du portail</a0> ou dans la <a1>configuration du portail Nginx</a1>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Roadmap</seg>
|
||||
|
|
@ -42758,6 +43086,14 @@ PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
|
|||
<seg>Voir la <a0>documentation de protection du manager</a0> pour savoir comment utiliser les modules d'Apache ou <a1>LL::NG</a1> pour gérer l'accès au manager.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>See <a0>OpenID Connect service</a0> configuration chapter.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201640Z" changeid="xavier">
|
||||
<seg>Voir le chapître de configuration du <a0>service OpenID-Connect</a0>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>See <a0>OpenIDConnect service</a0> configuration chapter.</seg>
|
||||
|
|
@ -43254,6 +43590,14 @@ PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
|
|||
<seg>Durée de vie des sessions pour la tâche planifiée</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Session management</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201627Z" changeid="xavier">
|
||||
<seg>Gestion de session</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Session opening</seg>
|
||||
|
|
@ -43974,6 +44318,14 @@ PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
|
|||
<seg>Parfois, des applications <a0>PHP</a0> examinent également les variables d'environnement <a1>PHP</a1>_AUTH_USER et <a2>PHP</a2>_AUHT_PW.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Sometimes, PHP applications also check the PHP_AUTH_USER and PHP_AUHT_PW environment variables.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T200242Z" changeid="xavier">
|
||||
<seg>Parfois, des applications PHP examinent également les variables d'environnement PHP_AUTH_USER et PHP_AUHT_PW.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Source</seg>
|
||||
|
|
@ -45360,6 +45712,14 @@ DataSource -> dbi:mysql:sessions;host=...</seg>
|
|||
<seg>Les messages sont stockés avec les niveaux :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>The metadata can be found at the standard “Well Known” <a0>URL</a0>: <a1>http://auth.example.com/.well-known/openid-configuration</a1></seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202043Z" changeid="xavier">
|
||||
<seg>La métadonnée se trouve dans l'<a0>URL</a0> standard “Well Known” : <a1>http://auth.example.com/.well-known/openid-configuration</a1></seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>The module can be found <a0>here</a0>.</seg>
|
||||
|
|
@ -45648,6 +46008,14 @@ DataSource -> dbi:mysql:sessions;host=...</seg>
|
|||
<seg>Les sources sont disponibles sur la <a0>page de téléchargement</a0>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>The specific <c0>sub</c0> attribute is not defined here, but in User attribute parameter (see below).</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202632Z" changeid="xavier">
|
||||
<seg>L'attribut spécifique <c0>sub</c0> n'est pas défini ici, mais dans le paramètre d'attribut "User" (voir ci-dessous).</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>The statistics are collected trough a daemon launched by the Handler.</seg>
|
||||
|
|
@ -46090,6 +46458,14 @@ failregex = Lemonldap\:\:NG \: .* was not found in LDAP directory \(<HOST>
|
|||
<seg>On les obtient dans l'en-tête Auth-Roles :</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Then you just have to define the mapping of this new attributes, for example:</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202751Z" changeid="xavier">
|
||||
<seg>Il faut ensuite définir la correspondance de ces nouveaux attributs, par exemple:</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>Then you must <s0>deploy</s0> this domain in order to go on with the configuration.</seg>
|
||||
|
|
@ -49022,6 +49398,14 @@ Is this ok [y/N]: y</seg>
|
|||
<seg>User : peut répondre aux surveillances</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>UserInfo end point, as JSON or as JWT</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T201558Z" changeid="xavier">
|
||||
<seg>Point d'accès UserInfo, en JSON ou JWT</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>UserName</seg>
|
||||
|
|
@ -50194,6 +50578,14 @@ Index -> ipAddr uid</seg>
|
|||
<seg>Il est également possible de copier-coller les métadatas : cliquer simplement sur le bouton éditer.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>You can also define extra claims and link them to attributes (see below).</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202721Z" changeid="xavier">
|
||||
<seg>On peut également définir des "claims" supplémentaires et les lier aux attributs (voir ci-dessous).</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>You can also define:</seg>
|
||||
|
|
@ -50746,6 +51138,14 @@ Index -> ipAddr uid</seg>
|
|||
<seg>On peut gérer les rôles avec le <a0>modèle RBAC</a0> ou en utilisant les groupes.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>You can map here the attribute names from the <a0>LL::NG</a0> session to an <a1>OpenID Connect claim</a1>.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202511Z" changeid="xavier">
|
||||
<seg>On peut faire correspondre les noms d'attributs de session <a0>LL::NG</a0> à des <a1>"claim" OpenID-Connect</a1>.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>You can modify location of default storage configuration file in configure target:</seg>
|
||||
|
|
@ -50914,6 +51314,14 @@ Index -> ipAddr uid</seg>
|
|||
<seg>On peut ensuite accéder à la configuration de cet OP.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>You can then access to the configuration of this RP.</seg>
|
||||
</tuv>
|
||||
<tuv lang="FR-FR" changedate="20160301T202341Z" changeid="xavier">
|
||||
<seg>On peut ensuite accéder à la configuration de ce RP.</seg>
|
||||
</tuv>
|
||||
</tu>
|
||||
<tu>
|
||||
<tuv lang="EN-US">
|
||||
<seg>You can then add the Manager as <a0>an application in the menu</a0>.</seg>
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
01/03/16 18:38
|
||||
01/03/16 21:35
|
||||
Données du projet
|
||||
|
||||
Segments Mots Caractères (sans espaces) Caractères (avec espaces)
|
||||
Total : 23173 115229 791002 867515
|
||||
Restants : 6690 32202 266940 282987
|
||||
Restants : 6584 31116 261070 276161
|
||||
Segments uniques : 7238 48529 312961 348468
|
||||
Segments uniques restants : 2261 13592 101823 109341
|
||||
Segments uniques restants : 2210 13066 98994 106049
|
||||
|
||||
|
||||
Statistiques par fichiers :
|
||||
|
|
@ -84,11 +84,11 @@ pages/documentation/1.9/fileconfbackend.html 18
|
|||
pages/documentation/1.9/filesessionbackend.html 32 2 16 0 168 6 138 0 1087 83 814 0 1183 83 908 0
|
||||
pages/documentation/1.9/formreplay.html 74 11 45 10 587 30 518 27 3199 383 2668 352 3679 386 3116 355
|
||||
pages/documentation/1.9/handlerauthbasic.html 33 10 17 5 212 35 183 22 1357 383 1072 226 1519 394 1232 237
|
||||
pages/documentation/1.9/header_remote_user_conversion.html 37 17 19 10 220 89 179 71 1574 792 1170 571 1730 856 1317 627
|
||||
pages/documentation/1.9/highavailability.html 23 3 14 3 128 37 110 37 956 276 810 276 1029 298 882 298
|
||||
pages/documentation/1.9/idpcas.html 63 16 28 8 416 107 325 79 2590 889 1719 573 2903 945 2003 629
|
||||
pages/documentation/1.9/idpopenid.html 89 24 41 4 536 98 358 22 3503 974 2033 215 3836 997 2316 224
|
||||
pages/documentation/1.9/idpopenidconnect.html 215 155 114 112 707 574 525 507 4884 4105 3521 3453 5343 4499 3931 3847
|
||||
pages/documentation/1.9/header_remote_user_conversion.html 37 14 19 7 220 51 179 33 1574 555 1170 334 1730 584 1317 355
|
||||
pages/documentation/1.9/highavailability.html 23 2 14 2 128 14 110 14 956 172 810 172 1029 172 882 172
|
||||
pages/documentation/1.9/idpcas.html 63 12 28 4 416 46 325 18 2590 575 1719 259 2903 575 2003 259
|
||||
pages/documentation/1.9/idpopenid.html 89 22 41 3 536 73 358 12 3503 830 2033 160 3836 830 2316 160
|
||||
pages/documentation/1.9/idpopenidconnect.html 215 113 114 70 707 180 525 113 4884 1986 3521 1334 5343 2039 3931 1387
|
||||
pages/documentation/1.9/idpsaml.html 128 43 39 18 783 299 442 216 5292 2466 2620 1470 5814 2611 2965 1615
|
||||
pages/documentation/1.9/installdeb.html 93 12 74 10 481 71 441 65 3189 544 2861 496 3501 582 3165 534
|
||||
pages/documentation/1.9/installrpm.html 105 21 47 12 572 132 294 98 3755 915 2018 631 4142 979 2234 688
|
||||
|
|
@ -111,7 +111,7 @@ pages/documentation/1.9/mysqlminihowto.html 30
|
|||
pages/documentation/1.9/nosqlsessionbackend.html 33 3 7 1 150 12 60 6 1082 123 382 40 1151 126 426 43
|
||||
pages/documentation/1.9/notifications.html 143 34 103 28 1278 251 1163 233 7733 1625 6768 1396 8716 1819 7713 1590
|
||||
pages/documentation/1.9/openidconnectclaims.html 76 36 1 1 87 38 3 3 648 341 19 19 656 343 21 21
|
||||
pages/documentation/1.9/openidconnectservice.html 81 57 51 48 495 451 421 417 3054 2710 2387 2346 3414 3059 2730 2688
|
||||
pages/documentation/1.9/openidconnectservice.html 81 56 51 48 495 449 421 417 3054 2693 2387 2346 3414 3041 2730 2688
|
||||
pages/documentation/1.9/parameterlist.html 690 53 386 44 1098 196 881 169 8827 1337 6713 999 9406 1459 7194 1121
|
||||
pages/documentation/1.9/passwordstore.html 27 5 14 3 166 31 144 25 940 201 748 138 1070 219 877 156
|
||||
pages/documentation/1.9/performances.html 152 46 95 28 1350 397 1022 372 8303 2526 6159 2283 9338 2841 6972 2581
|
||||
|
|
@ -212,11 +212,11 @@ pages/documentation/current/fileconfbackend.html 18
|
|||
pages/documentation/current/filesessionbackend.html 32 2 0 0 168 6 0 0 1087 83 0 0 1183 83 0 0
|
||||
pages/documentation/current/formreplay.html 74 11 0 0 587 30 0 0 3199 383 0 0 3679 386 0 0
|
||||
pages/documentation/current/handlerauthbasic.html 33 10 0 0 212 35 0 0 1357 383 0 0 1519 394 0 0
|
||||
pages/documentation/current/header_remote_user_conversion.html 37 17 0 0 220 89 0 0 1574 792 0 0 1730 856 0 0
|
||||
pages/documentation/current/highavailability.html 23 3 0 0 128 37 0 0 956 276 0 0 1029 298 0 0
|
||||
pages/documentation/current/idpcas.html 63 16 0 0 416 107 0 0 2590 889 0 0 2903 945 0 0
|
||||
pages/documentation/current/idpopenid.html 89 24 0 0 536 98 0 0 3503 974 0 0 3836 997 0 0
|
||||
pages/documentation/current/idpopenidconnect.html 215 155 0 0 707 574 0 0 4884 4105 0 0 5343 4499 0 0
|
||||
pages/documentation/current/header_remote_user_conversion.html 37 14 0 0 220 51 0 0 1574 555 0 0 1730 584 0 0
|
||||
pages/documentation/current/highavailability.html 23 2 0 0 128 14 0 0 956 172 0 0 1029 172 0 0
|
||||
pages/documentation/current/idpcas.html 63 12 0 0 416 46 0 0 2590 575 0 0 2903 575 0 0
|
||||
pages/documentation/current/idpopenid.html 89 22 0 0 536 73 0 0 3503 830 0 0 3836 830 0 0
|
||||
pages/documentation/current/idpopenidconnect.html 215 113 0 0 707 180 0 0 4884 1986 0 0 5343 2039 0 0
|
||||
pages/documentation/current/idpsaml.html 128 43 0 0 783 299 0 0 5292 2466 0 0 5814 2611 0 0
|
||||
pages/documentation/current/installdeb.html 93 12 0 0 481 71 0 0 3189 544 0 0 3501 582 0 0
|
||||
pages/documentation/current/installrpm.html 105 21 0 0 572 132 0 0 3755 915 0 0 4142 979 0 0
|
||||
|
|
@ -239,7 +239,7 @@ pages/documentation/current/mysqlminihowto.html 30
|
|||
pages/documentation/current/nosqlsessionbackend.html 33 3 0 0 150 12 0 0 1082 123 0 0 1151 126 0 0
|
||||
pages/documentation/current/notifications.html 143 34 0 0 1278 251 0 0 7733 1625 0 0 8716 1819 0 0
|
||||
pages/documentation/current/openidconnectclaims.html 76 36 0 0 87 38 0 0 648 341 0 0 656 343 0 0
|
||||
pages/documentation/current/openidconnectservice.html 81 57 0 0 495 451 0 0 3054 2710 0 0 3414 3059 0 0
|
||||
pages/documentation/current/openidconnectservice.html 81 56 0 0 495 449 0 0 3054 2693 0 0 3414 3041 0 0
|
||||
pages/documentation/current/parameterlist.html 690 53 0 0 1098 196 0 0 8827 1337 0 0 9406 1459 0 0
|
||||
pages/documentation/current/passwordstore.html 27 5 0 0 166 31 0 0 940 201 0 0 1070 219 0 0
|
||||
pages/documentation/current/performances.html 152 46 0 0 1350 397 0 0 8303 2526 0 0 9338 2841 0 0
|
||||
|
|
|
|||
|
|
@ -28,9 +28,7 @@ Lorsque <abbr title="LemonLDAP::NG">LL::NG</abbr> est utilisé en mode reverse-p
|
|||
</p>
|
||||
|
||||
<p>
|
||||
|
||||
Apache <a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_setenvif.html" rel="nofollow">SetEnvIf module</a> will let you transform the Auth-User HTTP header in <code>REMOTE_USER</code> environment variable:
|
||||
|
||||
Le <a href="http://httpd.apache.org/docs/current/mod/mod_setenvif.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_setenvif.html" rel="nofollow">module SetEnvIf</a> d'Apache peut transformer l'en-tête HTTP Auth-User en variable d'environnement <code>REMOTE_USER</code> :
|
||||
</p>
|
||||
<pre class="code file apache"><span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">"(.*)"</span> REMOTE_USER=$1</pre>
|
||||
|
||||
|
|
@ -66,16 +64,13 @@ Ceci permet de protéger des applications nécessitant la variable d'environneme
|
|||
|
||||
<p>
|
||||
</p><p></p><div class="notetip">
|
||||
Sometimes, PHP applications also check the PHP_AUTH_USER and PHP_AUHT_PW environment variables. On peut les renseigner par la même voie :
|
||||
Parfois, des applications PHP examinent également les variables d'environnement PHP_AUTH_USER et PHP_AUHT_PW. On peut les renseigner par la même voie :
|
||||
</p>
|
||||
<pre class="code file apache"><span class="kw1">SetEnvIfNoCase</span> Auth-<span class="kw1">User</span> <span class="st0">"(.*)"</span> PHP_AUTH_USER=$1
|
||||
<span class="kw1">SetEnvIfNoCase</span> Auth-Password <span class="st0">"(.*)"</span> PHP_AUTH_PW=$1</pre>
|
||||
|
||||
<p>
|
||||
|
||||
Of course, you need to <a href="../../documentation/1.9/passwordstore.html" class="wikilink1" title="documentation:1.9:passwordstore">store password in session</a> to fill PHP_AUTH_PW.
|
||||
|
||||
|
||||
Bien sûr, il faut <a href="../../documentation/1.9/passwordstore.html" class="wikilink1" title="documentation:1.9:passwordstore">stocker le mot-de-passe dans la session</a> pour renseigner PHP_AUTH_PW.
|
||||
|
||||
</p></div></p>
|
||||
</p>
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
LemonLDAP::NG est hautement scalable, donc facile à insérer derière un répartisseur de charge :
|
||||
</p>
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> Portal does not store any data outside the session database, so you can have many portal servers using the same HTTP host name</div>
|
||||
<li class="level1"><div class="li"> Le portail ne stocke aucune donnée en dehors de la base de données des sessions, ainsi on peut avoir plusieurs serveurs utilisant le même nom d'hôte HTTP</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Tous les agents téléchargent intégralement la configuration, donc plusieurs serveurs peuvent servir le même hôte virtuel</div>
|
||||
</li>
|
||||
|
|
|
|||
|
|
@ -39,8 +39,7 @@
|
|||
</ul>
|
||||
|
||||
<p>
|
||||
<abbr title="LemonLDAP::NG">LL::NG</abbr> is compatible with the <a href="https://jasig.github.io/cas/development/protocol/CAS-Protocol-Specification.html" class="urlextern" title="https://jasig.github.io/cas/development/protocol/CAS-Protocol-Specification.html" rel="nofollow">CAS protocol</a> versions 1.0, 2.0 and part of 3.0 (attributes exchange).
|
||||
|
||||
<abbr title="LemonLDAP::NG">LL::NG</abbr> est compatible avec le <a href="https://jasig.github.io/cas/development/protocol/CAS-Protocol-Specification.html" class="urlextern" title="https://jasig.github.io/cas/development/protocol/CAS-Protocol-Specification.html" rel="nofollow">protocole CAS</a> versions 1.0, 2.0 et en partie 3.0 (echange d'attributs).
|
||||
</p>
|
||||
|
||||
</div><!-- EDIT2 SECTION "Presentation" [27-406] -->
|
||||
|
|
@ -73,10 +72,7 @@ Par exemple, pour n'autoriser que les utilisateurs authentifiés fortement :
|
|||
|
||||
<p>
|
||||
</p><p></p><div class="noteimportant">
|
||||
|
||||
Rewrite rules must have been activated in <a href="../../documentation/1.9/configlocation.html#portal" class="wikilink1" title="documentation:1.9:configlocation">Apache portal configuration</a> or in <a href="../../documentation/1.9/configlocation.html#portal1" class="wikilink1" title="documentation:1.9:configlocation">Nginx portal configuration</a>.
|
||||
|
||||
|
||||
Le module Rewrite d'Apache doit être activé dans la <a href="../../documentation/1.9/configlocation.html#portal" class="wikilink1" title="documentation:1.9:configlocation">configuration Apache du portail</a> ou dans la <a href="../../documentation/1.9/configlocation.html#portal1" class="wikilink1" title="documentation:1.9:configlocation">configuration du portail Nginx</a>.
|
||||
|
||||
</div></p>
|
||||
</p>
|
||||
|
|
@ -87,7 +83,7 @@ Aller ensuite dans <code>Options</code> pour définir :
|
|||
<ul>
|
||||
<li class="level1"><div class="li"> <strong>Identifiant <abbr title="Central Authentication Service">CAS</abbr></strong> : la clef de session à utiliser pour compléter le login (valeur transmise au clients <abbr title="Central Authentication Service">CAS</abbr>).</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong><abbr title="Central Authentication Service">CAS</abbr> attributes</strong>: list of attributes that will be transmitted in validate response. Keys are the name of attribute in the <abbr title="Central Authentication Service">CAS</abbr> response, values are the name of session key.</div>
|
||||
<li class="level1"><div class="li"> <strong>Attributs <abbr title="Central Authentication Service">CAS</abbr></strong> : liste des attributs qui seront transmis dans les réponses validées. Les clefs sont les noms des attributs de la réponse <abbr title="Central Authentication Service">CAS</abbr>, et les valeurs les noms des clefs de session.</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Politique de contrôle d'accès</strong> : definit si le contrôle d'accès doit être fait sur le service <abbr title="Central Authentication Service">CAS</abbr>. Trois options :</div>
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<div class="level1">
|
||||
|
||||
<p>
|
||||
</p><p></p><div class="notewarning">OpenID protocol is deprecated, you should now use <a href="../../documentation/1.9/idpopenidconnect.html" class="wikilink1" title="documentation:1.9:idpopenidconnect">OpenID Connect</a>
|
||||
</p><p></p><div class="notewarning">Le protocole OpenID est obsolète, il faut maintenant utiliser <a href="../../documentation/1.9/idpopenidconnect.html" class="wikilink1" title="documentation:1.9:idpopenidconnect">OpenID-Connect</a>.
|
||||
</div></p>
|
||||
</p>
|
||||
|
||||
|
|
@ -92,10 +92,7 @@ Par exemple, pour n'autoriser que les utilisateurs authentifiés fortement :
|
|||
|
||||
<p>
|
||||
</p><p></p><div class="noteimportant">
|
||||
|
||||
Rewrite rules must have been activated in <a href="../../documentation/1.9/configlocation.html#portal" class="wikilink1" title="documentation:1.9:configlocation">Apache portal configuration</a> or in <a href="../../documentation/1.9/configlocation.html#portal1" class="wikilink1" title="documentation:1.9:configlocation">Nginx portal configuration</a>.
|
||||
|
||||
|
||||
Le module Rewrite d'Apache doit être activé dans la <a href="../../documentation/1.9/configlocation.html#portal" class="wikilink1" title="documentation:1.9:configlocation">configuration Apache du portail</a> ou dans la <a href="../../documentation/1.9/configlocation.html#portal1" class="wikilink1" title="documentation:1.9:configlocation">configuration du portail Nginx</a>.
|
||||
|
||||
</div></p>
|
||||
</p>
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
<div class="dokuwiki export">
|
||||
|
||||
|
||||
<h1 class="sectionedit1" id="openid_connect_provider">OpenID Connect Provider</h1>
|
||||
<h1 class="sectionedit1" id="openid_connect_provider">Fournisseur OpenID-Connect</h1>
|
||||
<div class="level1">
|
||||
|
||||
</div><!-- EDIT1 SECTION "OpenID Connect Provider" [1-39] -->
|
||||
|
|
@ -34,39 +34,36 @@
|
|||
</p>
|
||||
|
||||
<p>
|
||||
<abbr title="LemonLDAP::NG">LL::NG</abbr> can act as an OpenID Connect Provider (OP). It will answer to OpenID Connect requests to give user identity (trough ID Token) and information (trough User Info end point).
|
||||
|
||||
<abbr title="LemonLDAP::NG">LL::NG</abbr> peut agir comme fournisseur OpenID-Connect (OP). Il répond aux requêtes OpenID-Connect pour délivrer l'identité de l'utilisateur (via un jeton identifiant) et des informations (via le point d'accès "User Info").
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
||||
As an OP, <abbr title="LemonLDAP::NG">LL::NG</abbr> supports a lot of OpenID Connect features:
|
||||
|
||||
Comme OP, <abbr title="LemonLDAP::NG">LL::NG</abbr> supporte de nombreuses fonctionnalités OpenID-Connect :
|
||||
</p>
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> Authorization Code, Implicit and Hybrid flows</div>
|
||||
<li class="level1"><div class="li"> Flux de codes d'authorisation, implicites et hybrides</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Publication of JSON metadata and JWKS data (Discovery)</div>
|
||||
<li class="level1"><div class="li"> Publication de métadonnée JSON et JWKS (Discovery)</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <code>prompt</code>, <code>display</code>, <code>ui_locales</code>, <code>max_age</code> parameters</div>
|
||||
<li class="level1"><div class="li"> paramètres <code>prompt</code>, <code>display</code>, <code>ui_locales</code> et <code>max_age</code></div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Extra claims definition</div>
|
||||
<li class="level1"><div class="li"> Définitions réclamées supplémentaires</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Authentication context Class References (ACR)</div>
|
||||
<li class="level1"><div class="li"> Références de classe de contexte d'authentification (ACR)</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Nonce</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Dynamic registration</div>
|
||||
<li class="level1"><div class="li"> Enregistrement dynamique</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Access Token Hash generation</div>
|
||||
<li class="level1"><div class="li"> Génération de hash de jeton d'accès</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> ID Token signature (HS256/HS384/HS512/RS256/RS384/RS512)</div>
|
||||
<li class="level1"><div class="li"> Signature du jeton identifiant (HS256/HS384/HS512/RS256/RS384/RS512)</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> UserInfo end point, as JSON or as JWT</div>
|
||||
<li class="level1"><div class="li"> Point d'accès UserInfo, en JSON ou JWT</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Request and Request <abbr title="Uniform Resource Identifier">URI</abbr></div>
|
||||
<li class="level1"><div class="li"> Requête et <abbr title="Uniform Resource Identifier">URI</abbr> de requête</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> Session management</div>
|
||||
<li class="level1"><div class="li"> Gestion de session</div>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
|
@ -81,9 +78,7 @@ As an OP, <abbr title="LemonLDAP::NG">LL::NG</abbr> supports a lot of OpenID Con
|
|||
<div class="level3">
|
||||
|
||||
<p>
|
||||
|
||||
See <a href="../../documentation/1.9/openidconnectservice.html" class="wikilink1" title="documentation:1.9:openidconnectservice">OpenID Connect service</a> configuration chapter.
|
||||
|
||||
Voir le chapître de configuration du <a href="../../documentation/1.9/openidconnectservice.html" class="wikilink1" title="documentation:1.9:openidconnectservice">service OpenID-Connect</a>.
|
||||
</p>
|
||||
|
||||
</div><!-- EDIT4 SECTION "OpenID Connect Service" [950-1059] -->
|
||||
|
|
@ -92,14 +87,12 @@ See <a href="../../documentation/1.9/openidconnectservice.html" class="wikilink1
|
|||
<div class="level3">
|
||||
|
||||
<p>
|
||||
|
||||
Go in <code>General Parameters</code> » <code>Issuer modules</code> » <code>OpenID Connect</code> and configure:
|
||||
|
||||
Aller dans <code>Paramètres généraux</code> > <code>Modules fournisseurs</code> » <code>OpenID-Connect</code> et configurer :
|
||||
</p>
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> <strong>Activation</strong> : mettre à <code>Activé</code>.</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Path</strong>: keep <code>^/oauth2/</code> unless you need to use another path (in this case, you need to adapt Apache configuration)</div>
|
||||
<li class="level1"><div class="li"> <strong>Path</strong> : conserver <code>^/oauth2/</code> sauf s'il faut un autre chemin (dans ce cas, adapter la configuration Apache)</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Règle d'utilisation</strong> : une règle pour autoriser l'usage de ce module, mettre 1 pour toujours l'autoriser.</div>
|
||||
</li>
|
||||
|
|
@ -118,24 +111,19 @@ Par exemple, pour n'autoriser que les utilisateurs authentifiés fortement :
|
|||
|
||||
</div><!-- EDIT5 SECTION "IssuerDB" [1060-1545] -->
|
||||
|
||||
<h3 class="sectionedit6" id="configuration_of_llng_in_relying_party">Configuration of LL::NG in Relying Party</h3>
|
||||
<h3 class="sectionedit6" id="configuration_of_llng_in_relying_party">Configuration de LL::NG en "Relying Party" (client)</h3>
|
||||
<div class="level3">
|
||||
|
||||
<p>
|
||||
|
||||
Each Relying Party has its own configuration way. <abbr title="LemonLDAP::NG">LL::NG</abbr> publish its OpenID Connect metadata to ease the configuration of client.
|
||||
|
||||
Chaque client (Relying Party) a sa propre forme de configuration. <abbr title="LemonLDAP::NG">LL::NG</abbr> publie ses métadonnées OpenID-Connect pour faciliter la configuration du client.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
||||
The metadata can be found at the standard “Well Known” <abbr title="Uniform Resource Locator">URL</abbr>: <a href="http://auth.example.com/.well-known/openid-configuration" class="urlextern" title="http://auth.example.com/.well-known/openid-configuration" rel="nofollow">http://auth.example.com/.well-known/openid-configuration</a>
|
||||
La métadonnée se trouve dans l'<abbr title="Uniform Resource Locator">URL</abbr> standard “Well Known” : <a href="http://auth.example.com/.well-known/openid-configuration" class="urlextern" title="http://auth.example.com/.well-known/openid-configuration" rel="nofollow">http://auth.example.com/.well-known/openid-configuration</a>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
||||
An example of its content:
|
||||
|
||||
Un exemple de son contenu :
|
||||
</p>
|
||||
<pre class="code file javascript"><span class="br0">{</span>
|
||||
<span class="st0">"end_session_endpoint"</span> <span class="sy0">:</span> <span class="st0">"http://auth.example.com/oauth2/logout"</span><span class="sy0">,</span>
|
||||
|
|
@ -205,19 +193,15 @@ An example of its content:
|
|||
|
||||
</div><!-- EDIT6 SECTION "Configuration of LL::NG in Relying Party" [1546-3524] -->
|
||||
|
||||
<h3 class="sectionedit7" id="configuration_of_relying_party_in_llng">Configuration of Relying Party in LL::NG</h3>
|
||||
<h3 class="sectionedit7" id="configuration_of_relying_party_in_llng">Configuration du client (Relying Party) dans LL::NG</h3>
|
||||
<div class="level3">
|
||||
|
||||
<p>
|
||||
|
||||
Go in Manager and click on <code>OpenID Connect Relying Parties</code>, then click on <code>Add OpenID Relying Party</code>. Give a technical name (no spaces, no special characters), like “sample-rp”;
|
||||
|
||||
Aller dans le Manager et choisir <code>Clients OpenID-Connect</code>, cliquer ensuite sur <code>Ajouter un client OpenID</code>. Donner un nom technique (sans espaces ni caratères speciaux), tel “sample-rp” ;
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
||||
You can then access to the configuration of this RP.
|
||||
|
||||
On peut ensuite accéder à la configuration de ce RP.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
|
|
@ -226,9 +210,7 @@ You can then access to the configuration of this RP.
|
|||
<div class="level4">
|
||||
|
||||
<p>
|
||||
|
||||
You can map here the attribute names from the <abbr title="LemonLDAP::NG">LL::NG</abbr> session to an <a href="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims" class="urlextern" title="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims" rel="nofollow">OpenID Connect claim</a>.
|
||||
|
||||
On peut faire correspondre les noms d'attributs de session <abbr title="LemonLDAP::NG">LL::NG</abbr> à des <a href="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims" class="urlextern" title="http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims" rel="nofollow">"claim" OpenID-Connect</a>.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
|
|
@ -334,15 +316,12 @@ Ainsi on peut définir par exemple:
|
|||
</ul>
|
||||
|
||||
<p>
|
||||
</p><p></p><div class="noteimportant">The specific <code>sub</code> attribute is not defined here, but in User attribute parameter (see below).
|
||||
|
||||
</p><p></p><div class="noteimportant">L'attribut spécifique <code>sub</code> n'est pas défini ici, mais dans le paramètre d'attribut "User" (voir ci-dessous).
|
||||
</div></p>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
||||
You can also define extra claims and link them to attributes (see below). Then you just have to define the mapping of this new attributes, for example:
|
||||
|
||||
On peut également définir des "claims" supplémentaires et les lier aux attributs (voir ci-dessous). Il faut ensuite définir la correspondance de ces nouveaux attributs, par exemple:
|
||||
</p>
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> birthplace ⇒ l</div>
|
||||
|
|
@ -356,33 +335,33 @@ You can also define extra claims and link them to attributes (see below). Then y
|
|||
<h4 id="options">Options</h4>
|
||||
<div class="level4">
|
||||
<ul>
|
||||
<li class="level1"><div class="li"> <strong>Authentication</strong>:</div>
|
||||
<li class="level1"><div class="li"> <strong>Authentification</strong>:</div>
|
||||
<ul>
|
||||
<li class="level2"><div class="li"> <strong>Client ID</strong>: Client ID for this RP</div>
|
||||
<li class="level2"><div class="li"> <strong>Identifiant</strong> : identifiant client de ce RP</div>
|
||||
</li>
|
||||
<li class="level2"><div class="li"> <strong>Client secret</strong>: Client secret for this RP (can be use for symmetric signature)</div>
|
||||
<li class="level2"><div class="li"> <strong>Mot-de-passe</strong> : secret partagé avec ce RP (peut être utilisé pour la signature symétrique)</div>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Affichage</strong> :</div>
|
||||
<ul>
|
||||
<li class="level2"><div class="li"> <strong>Display name</strong>: Name of the RP application</div>
|
||||
<li class="level2"><div class="li"> <strong>Affichage</strong> : Nom de l'application RP</div>
|
||||
</li>
|
||||
<li class="level2"><div class="li"> <strong>Logo</strong>: Logo of the RP application</div>
|
||||
<li class="level2"><div class="li"> <strong>Logo</strong>: Logo l'application RP</div>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>User attribute</strong>: session field that with be used as main identifier (<code>sub</code>)</div>
|
||||
<li class="level1"><div class="li"> <strong>Attribut utilisateur</strong> : attribut de session à utiliser comme identifiant principal (<code>sub</code>)</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>ID Token signature algorithm</strong>: Select one of <code>none</code>, <code>HS256</code>, <code>HS384</code>, <code>HS512</code>, <code>RS256</code>, <code>RS384</code>, <code>RS512</code></div>
|
||||
<li class="level1"><div class="li"> <strong>Algorithme de signature des jetons d'identité</strong> : Choisir entre <code>none</code>, <code>HS256</code>, <code>HS384</code>, <code>HS512</code>, <code>RS256</code>, <code>RS384</code>, <code>RS512</code></div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>ID Token expiration</strong>: Expiration time of ID Tokens</div>
|
||||
<li class="level1"><div class="li"> <strong>Expiration des jetons d'identité</strong>: Délai d'expiration des jetons d'identité</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Access token expiration</strong>: Expiration time of Access Tokens</div>
|
||||
<li class="level1"><div class="li"> <strong>Expiration des jetons d'accès</strong>: Délai d'expiration des jetons d'accès</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Redirection addresses</strong>: Space separated list of redirect addresses allowed for this RP</div>
|
||||
<li class="level1"><div class="li"> <strong>Adresses de redirection</strong> : liste d'adresses de redirection autorisées pour ce RP, séparées par des espaces</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Extra claims</strong>: Associate attributes to extra claims if the RP request them, for example <code>birth</code> ⇒ <code>birthplace birthcountry</code></div>
|
||||
<li class="level1"><div class="li"> <strong>Déclaration (scopes/claims)</strong> : attributs associés à des "claims" supplémentaires si le RP les demande, par exemple <code>birth</code> ⇒ <code>birthplace birthcountry</code></div>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
|
|
|||
|
|
@ -194,7 +194,7 @@ The script is <code>/usr/share/lemonldap-ng/bin/rotateOidcKeys</code>. It can be
|
|||
|
||||
</div><!-- EDIT11 SECTION "Key rotation script" [2517-2990] -->
|
||||
|
||||
<h2 class="sectionedit12" id="session_management">Session management</h2>
|
||||
<h2 class="sectionedit12" id="session_management">Gestion de session</h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user