parent
af243509db
commit
ad83c48a9d
|
@ -49,9 +49,11 @@ Then, go in ``Choice Parameters``:
|
|||
|
||||
- **URL parameter**: parameter name used to set choice value (default:
|
||||
``lmAuth``)
|
||||
- **AuthBasic handler parameter**: authentication module used by
|
||||
AuthBasic handler
|
||||
- **Allowed modules**: click on ``New chain`` to add a choice.
|
||||
- **AuthBasic handler parameter**: authentication module called by
|
||||
AuthBasic handler (:doc:`AuthBasic handler<handlerauthbasic>`)
|
||||
- **FindUser plugin parameter**: authentication module called by
|
||||
Find user plugin (:doc:`Find user plugin<finduser>`)
|
||||
|
||||
|image0|
|
||||
|
||||
|
|
|
@ -22,19 +22,21 @@ Just enable it in the manager (section “plugins”).
|
|||
- **Attributes used for searching sessions**: User's attributes used
|
||||
for searching sessions in backend if ``whatToTrace`` fails. Useful
|
||||
to look for sessions by mail or givenName. Let it blank to search
|
||||
by ``whatToTrace`` only.
|
||||
by ``whatToTrace`` only
|
||||
- **Display computed sessions**: Rule to define which users can display a
|
||||
computed session if no SSO session is found
|
||||
- **Display empty headers**: Rule to define which users can display ALL headers
|
||||
appended by LemonLDAP::NG including empty ones
|
||||
- **Display normalized headers**: Rule to define which users see headers name sent by
|
||||
the web server (see RFC3875)
|
||||
- **Display empty values**: Rule to define which users can display ALL attributes
|
||||
even empty ones
|
||||
- **Display persistent session data**: Rule to define which users can display
|
||||
persistent session data
|
||||
- **Hidden headers**: Sent headers whose value is masked except for unrestricted users.
|
||||
Key is a Virtualhost name and value represents a headers list.
|
||||
Key is a Virtualhost name and value represents a headers list
|
||||
A blank value obfuscates ALL relative Virtualhost sent headers.
|
||||
Note that just valued hearders are masked.
|
||||
Note that just valued hearders are masked
|
||||
|
||||
|
||||
.. note::
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
|image0|
|
||||
|
||||
FindUser plugin
|
||||
===============
|
||||
Find user plugin
|
||||
================
|
||||
|
||||
This plugin allows unauthenticated users to search for an user account to impersonate. This may be useful to randomly provide an
|
||||
identifier depending on allowed searching attributes.
|
||||
|
@ -17,10 +17,10 @@ Just enable it in the Manager (section “plugins”). Then, set searching attri
|
|||
|
||||
- **Parameters**:
|
||||
|
||||
- **Activation**: Enable/disable this plugin.
|
||||
- **Activation**: Enable / Disable this plugin
|
||||
- **Character used as wildcard**: Character that can be used by users as wildcard. An empty value disable wildcarded search requests.
|
||||
- **Parameters control**: Regular expression used for checking searching values syntax.
|
||||
- **Searching attributes**: For each attribute, you have to set a key (attribute as defined in UserBD) and a value that will be display in login form (placeholder).
|
||||
- **Parameters control**: Regular expression used for checking searching values syntax
|
||||
- **Searching attributes**: For each attribute, you have to set a key (attribute as defined in UserBD) and a value that will be display in login form (placeholder)
|
||||
- **Excluding attributes**: You can defined here attributes used for excluding accounts. Set keys corresponding to UserBD attributes and values to exclude. A value can be a multivalued list separated by multiValueSeparator parameter (General Parameters > Advanced parameters > Separator)
|
||||
|
||||
.. attention::
|
||||
|
@ -31,7 +31,12 @@ Just enable it in the Manager (section “plugins”). Then, set searching attri
|
|||
|
||||
.. danger::
|
||||
|
||||
Of course, searching and excluding attributes must exist in user backend.
|
||||
This plusgin works only with a users backend and the searching or excluding attributes must exist.
|
||||
|
||||
.. danger::
|
||||
|
||||
With AuthChoice, you must set which module will be called by this plugin (:doc:`Backend choice by users<authchoice>`).
|
||||
|
||||
|
||||
|
||||
.. |image0| image:: /documentation/beta.png
|
||||
|
|
|
@ -282,12 +282,13 @@ Name Description
|
|||
:doc:`Global Logout<globallogout>` [8]_ Suggest to close all opened sessions at logout
|
||||
:doc:`Grant Sessions<grantsession>` Rules to apply before allowing a user to open a session
|
||||
:doc:`Impersonation<impersonation>` [9]_\ |new| Allow users to use another identity
|
||||
:doc:`Find user<finduser>` [10]_\ |new| Search for user account
|
||||
:doc:`Notifications system<notifications>`
|
||||
:doc:`Portal Status<status>` Experimental portal status page
|
||||
:doc:`Public pages<public_pages>` Enable public pages system
|
||||
:doc:`Refresh session API<refreshsessionapi>` [10]_ Plugin that provides an API to refresh a user session
|
||||
:doc:`Refresh session API<refreshsessionapi>` [11]_ Plugin that provides an API to refresh a user session
|
||||
:doc:`Reset password by mail<resetpassword>`
|
||||
:doc:`Reset certificate by mail<resetcertificate>` [11]_\ |image37| Allow users to reset their certificate
|
||||
:doc:`Reset certificate by mail<resetcertificate>` [12]_\ |image37| Allow users to reset their certificate
|
||||
:doc:`REST services<restservices>` |new| REST server for :doc:`Proxy<authproxy>`
|
||||
:doc:`SOAP services<soapservices>` |deprecated| SOAP server for :doc:`Proxy<authproxy>`
|
||||
:doc:`Stay connected<stayconnected>` |new| Enable persistent connection on same browser
|
||||
|
@ -305,12 +306,12 @@ Handlers are software control agents to be installed on your web servers
|
|||
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
|
||||
Handler type Apache LLNG FastCGI/uWSGI server (Nginx, or :doc:`SSOaaS<ssoaas>`) `Plack servers <https://plackperl.org>`__ Node.js ( `express apps <http://expressjs.com/>`__\ or :doc:`SSOaaS<ssoaas>`) :doc:`Self protected apps<selfmadeapplication>` Comment
|
||||
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
|
||||
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [12]_ ** ✔
|
||||
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [13]_ ** ✔
|
||||
:doc:`AuthBasic<handlerauthbasic>` ✔ ✔ ✔ ✔ Designed for some server-to-server applications
|
||||
:doc:`CDA<cda>` ✔ ✔ ✔ ✔ For Cross Domain Authentication
|
||||
:doc:`DevOps<devopshandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Allows application developers to define their own rules and headers inside their applications
|
||||
:doc:`DevOpsST<devopssthandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
|
||||
:doc:`OAuth2<oauth2handler>` [13]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
|
||||
:doc:`OAuth2<oauth2handler>` [14]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
|
||||
:doc:`Secure Token<securetoken>` ✔ ✔ ✔ Designed to secure exchanges between a LLNG reverse-proxy and a remote app
|
||||
:doc:`Service Token<servertoserver>` |new| *(Server-to-Server)* ✔ ✔ ✔ ✔ ✔ Designed to permit underlying requests *(API-Based Infrastructure)*
|
||||
:doc:`Zimbra PreAuth<applications/zimbra>` ✔ ✔ ✔
|
||||
|
@ -584,18 +585,22 @@ by your language code):
|
|||
2.0.3
|
||||
|
||||
.. [10]
|
||||
:doc:`Find user plugin<finduser>` is available with LLNG ≥
|
||||
2.0.11
|
||||
|
||||
.. [11]
|
||||
:doc:`Refresh session API plugin<refreshsessionapi>` is available
|
||||
with LLNG ≥ 2.0.7
|
||||
|
||||
.. [11]
|
||||
.. [12]
|
||||
:doc:`Reset certificate by mail plugin<resetcertificate>` is
|
||||
available with LLNG ≥ 2.0.7
|
||||
|
||||
.. [12]
|
||||
.. [13]
|
||||
:doc:`Node.js handler<nodehandler>` has not yet reached the same
|
||||
level of functionalities
|
||||
|
||||
.. [13]
|
||||
.. [14]
|
||||
:doc:`OAuth2 Handler<oauth2handler>` is available with LLNG ≥ 2.0.4
|
||||
|
||||
.. |image0| image:: /icons/kthememgr.png
|
||||
|
|
Loading…
Reference in New Issue
Block a user