Documentation for #2753
This commit is contained in:
Maxime Besson
parent
e90f16ade6
commit
a09072c7ed
|
|
@ -63,24 +63,49 @@ Then, go in ``CAS parameters``:
|
|||
|
||||
- **Authentication level**: authentication level for this module.
|
||||
|
||||
Then create the list of CAS servers in the manager. For each, set:
|
||||
Then create the list of CAS servers in the manager.
|
||||
|
||||
Options
|
||||
~~~~~~~
|
||||
|
||||
- **Server URL** *(required)*: CAS server URL (must use https://)
|
||||
- **Renew authentication** *(default: disabled)*: force authentication
|
||||
renewal on CAS server
|
||||
- **Gateways authentication** *(default: disabled)*: force transparent
|
||||
authentication on CAS server
|
||||
- **Display Name**: Name to display. Required if you have more than 1
|
||||
CAS server declared
|
||||
- **Icon**: Path to CAS Server icon. Used only if you have more than 1
|
||||
CAS server declared
|
||||
- **Order**: Number to sort CAS Servers display
|
||||
- **Proxied services**: list of services for which a proxy ticket is
|
||||
|
||||
Proxied services
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
In this section, set the list of services for which a proxy ticket is
|
||||
requested:
|
||||
|
||||
- **Key**: Service ID
|
||||
- **Value** Service URL (CAS service identifier)
|
||||
|
||||
Display
|
||||
~~~~~~~
|
||||
- **Display Name**: Name to display. Required if you have more than 1
|
||||
CAS server declared
|
||||
- **Icon**: Path to CAS Server icon. Used only if you have more than 1
|
||||
CAS server declared
|
||||
- **Resolution Rule**: rule that will be applied to preselect a CAS server for
|
||||
a user. You have access to all environment variable *(like user IP address)*
|
||||
and all session keys.
|
||||
|
||||
For example, to preselect this server for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this server when the ``MY_SRV`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_SRV"
|
||||
|
||||
- **Order**: Number to sort CAS Servers display
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
|
|
|
|||
|
|
@ -210,7 +210,8 @@ So you can define by example:
|
|||
Options
|
||||
^^^^^^^
|
||||
|
||||
- **Configuration**:
|
||||
Configuration
|
||||
"""""""""""""
|
||||
|
||||
- **Configuration endpoint**: URL of OP configuration endpoint
|
||||
- **JWKS data timeout**: After this time, LL::NG will do a request
|
||||
|
|
@ -222,8 +223,8 @@ Options
|
|||
on an application, or if you need the id_token_hint parameter when
|
||||
using logout.
|
||||
|
||||
- **Protocol**:
|
||||
|
||||
Protocol
|
||||
""""""""
|
||||
- **Scope**: Value of scope parameter (example: openid profile). The
|
||||
``openid`` scope is mandatory.
|
||||
- **Display**: Value of display parameter (example: page)
|
||||
|
|
@ -241,10 +242,26 @@ Options
|
|||
- **Use Nonce**: If enabled, a nonce will be sent, and verified from
|
||||
the ID Token
|
||||
|
||||
- **Display**:
|
||||
Display
|
||||
"""""""
|
||||
|
||||
- **Display name**: Name of the application
|
||||
- **Logo**: Logo of the application
|
||||
- **Resolution Rule**: rule that will be applied to preselect an OP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
For example, to preselect this OP for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this OP when the ``MY_OP`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_OP"
|
||||
|
||||
- **Order**: Number to sort buttons
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -111,20 +111,6 @@ For each attribute, you can set:
|
|||
Options
|
||||
^^^^^^^
|
||||
|
||||
General options
|
||||
'''''''''''''''
|
||||
|
||||
- **Resolution Rule**: rule that will be applied to preselect an IDP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
For example, to preselect this IDP for users coming from 129.168.0.0/16
|
||||
network and member of "admin" group:
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/ and $groups =~ /\badmin\b/
|
||||
|
||||
Authentication request
|
||||
''''''''''''''''''''''
|
||||
|
||||
|
|
@ -212,8 +198,6 @@ Used only if at least 2 SAML Identity Providers are declared
|
|||
|
||||
- **Display name**: Name of the IDP
|
||||
- **Logo**: Logo of the IDP
|
||||
- **Order**: Number used for sorting IDP display
|
||||
|
||||
|
||||
.. tip::
|
||||
|
||||
|
|
@ -222,6 +206,23 @@ Used only if at least 2 SAML Identity Providers are declared
|
|||
icon file name directly in the field and copy the logo file in portal
|
||||
icons directory
|
||||
|
||||
- **Resolution Rule**: rule that will be applied to preselect an IDP
|
||||
for a user. You have access to all environment variable *(like user
|
||||
IP address)* and all session keys.
|
||||
|
||||
For example, to preselect this IDP for users coming from 129.168.0.0/16
|
||||
network
|
||||
|
||||
::
|
||||
|
||||
$ENV{REMOTE_ADDR} =~ /^192\.168/
|
||||
|
||||
To preselect this IDP when the ``MY_IDP`` :doc:`choice <authchoice>` is selected ::
|
||||
|
||||
$_choice eq "MY_IDP"
|
||||
|
||||
- **Order**: Number used for sorting IDP display
|
||||
|
||||
.. |image0| image:: /documentation/manager-saml-metadata.png
|
||||
:class: align-center
|
||||
.. |image1| image:: /documentation/manager-saml-attributes.png
|
||||
|
|
|
|||
Loading…
Reference in New Issue